buildpacks
buildpacks copied to clipboard
GoogleCloudPlatform
buildpack failed to download the golang behind the corporate proxy
The corporate proxy will intercept the "upstream" ssl and replace it with a cert issued by proxy.
Log 1 below shows the CA chain, prisma2.abc is the proxy CA.
When run the pack, see following error due to that ca prisma2.abc is not in the trusted CA chain in the builder container.
2023/08/26 07:59:49 [ERR] GET https://go.dev/dl/?mode=json request failed: Get "https://go.dev/dl/?mode=json": x509: certificate signed by unknown authority
Before diving into details ( e.g reverse engineering the builder image and enable it to use customer CA), I'm looking for if there is a known way to deal with this issue.
Thanks for attention!
Log 1
➜ ✗ openssl s_client -showcerts -connect storage.googleapis.com:443 </dev/null
(certs and CA name was redacted)
---
Certificate chain
0 s:CN = storage.googleapis.com
i:CN = prisma2.abc
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 31 08:25:19 2023 GMT; NotAfter: Oct 23 08:25:18 2023 GMT
-----BEGIN CERTIFICATE-----
MIICbTCCAVWgAwIBAgIQa6qN3x3pJBsQi65wVcI/bzANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAtwcmlzbWEyLmNiYTAeFw0yMzA3MzEwODI1MTlaFw0yMzEwMjMw
Xw==
-----END CERTIFICATE-----
1 s:CN = prisma2.abc
i:CN = prisma2.abc
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 23 06:05:08 2023 GMT; NotAfter: Mar 22 06:05:08 2025 GMT
-----BEGIN CERTIFICATE-----
MIIC1zCCAb+gAwIBAgIUdnmxrJHAeR3u/pOAKDo+1SgYqlAwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLcHJpc21hMi5jYmEwHhcNMjMwMzIzMDYwNTA4WhcNMjUw
MzIyMDYwNTA4WjAWMRQwEgYDVQQDDAtwcmlzbWEyLmNiYTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMY0VtI3jjfJghCSI+F3udj/p9SC33lTA2RnkyUK
dBPCxoeJCIZo/0VdJNvu2t3fqAJaG1XXQIDH5LYEjS41idoVbvKKdVisg+J+Yi3y
U8z1yFTwXZU2y3A=
-----END CERTIFICATE-----
Log 2
➜ no-imports git:(main) ✗ pack build go-sample
v1: Pulling from buildpacks/builder
Digest: sha256:c0535f5b3426f0e26e778610a1ebb2ae4388a70b3c7a70754d32fae40a3c3bd2
Status: Image is up to date for gcr.io/buildpacks/builder:v1
v1: Pulling from buildpacks/gcp/run
Digest: sha256:59a3deee563a315eb8c8818718160c209b1ccb2049581f9bc4f12a28dae72e85
Status: Image is up to date for gcr.io/buildpacks/gcp/run:v1
===> ANALYZING
Timer: Analyzer started at 2023-08-26T07:59:37Z
Image with name "go-sample" not found
Timer: Analyzer ran for 1.891642ms and ended at 2023-08-26T07:59:37Z
===> DETECTING
Timer: Detector started at 2023-08-26T07:59:37Z
4 of 6 buildpacks participating
google.go.runtime 0.9.1
google.go.gopath 0.9.0
google.go.build 0.9.0
google.utils.label-image 0.0.2
Timer: Detector ran for 1.258274094s and ended at 2023-08-26T07:59:38Z
===> RESTORING
Timer: Restorer started at 2023-08-26T07:59:38Z
Timer: Restorer ran for 2.993277ms and ended at 2023-08-26T07:59:38Z
===> BUILDING
Timer: Builder started at 2023-08-26T07:59:38Z
=== Go - Runtime ([email protected]) ===
Using latest stable Go version
2023/08/26 07:59:38 [DEBUG] GET https://go.dev/dl/?mode=json
2023/08/26 07:59:49 [ERR] GET https://go.dev/dl/?mode=json request failed: Get "https://go.dev/dl/?mode=json": x509: certificate signed by unknown authority
Failure: (ID: b926085a) fetching Go releases: requesting https://go.dev/dl/?mode=json: Get "https://go.dev/dl/?mode=json": GET https://go.dev/dl/?mode=json giving up after 1 attempt(s): Get "https://go.dev/dl/?mode=json": x509: certificate signed by unknown authority [id:135c6302]
--------------------------------------------------------------------------------
Sorry your project couldn't be built.
Our documentation explains ways to configure Buildpacks to better recognise your project:
-> https://cloud.google.com/docs/buildpacks/overview
If you think you've found an issue, please report it:
-> https://github.com/GoogleCloudPlatform/buildpacks/issues/new
--------------------------------------------------------------------------------
Timer: Builder ran for 10.79130174s and ended at 2023-08-26T07:59:49Z
ERROR: failed to build: exit status 1
ERROR: failed to build: executing lifecycle: failed with status code: 51
