Public API re-exports
load("@rules_distroless//distroless:defs.bzl", "cacerts") cacerts(name, mode, package, time)
Create a ca-certificates.crt bundle from Common CA certificates.
When provided with the ca-certificates
Debian package it will create a bundle
of all common CA certificates at /usr/share/ca-certificates
and bundle them into
a ca-certificates.crt
file at /etc/ssl/certs/ca-certificates.crt
An example of this would be
# MODULE.bazel
http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "ca-certificates",
type = ".deb",
sha256 = "b2d488ad4d8d8adb3ba319fc9cb2cf9909fc42cb82ad239a26c570a2e749c389",
urls = ["https://snapshot.debian.org/archive/debian/20231106T210201Z/pool/main/c/ca-certificates/ca-certificates_20210119_all.deb"],
build_file_content = "exports_files(["data.tar.xz"])"
)
# BUILD.bazel
load("@rules_distroless//distroless:defs.bzl", "cacerts")
cacerts(
name = "example",
package = "@ca-certificates//:data.tar.xz",
)
To use the generated certificate bundle for SSL, you must set SSL_CERT_FILE in the environment. You can set it on the oci image like so:
oci_image(
name = "my-image",
env = {
"SSL_CERT_FILE": "/etc/ssl/certs/ca-certificates.crt",
}
)
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
mode | mode for the entries | String | optional | "0555" |
package | - | Label | required | |
time | time for the entries | String | optional | "0.0" |
load("@rules_distroless//distroless:defs.bzl", "flatten") flatten(name, compress, deduplicate, tars)
Flatten multiple archives into single archive.
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
compress | Compress the archive file with a supported algorithm. | String | optional | "" |
deduplicate | EXPERIMENTAL: We may change or remove it without a notice. Remove duplicate entries from the archives after flattening. Deduplication is performed only for directories. This requires awk to be available in the PATH. |
Boolean | optional | False |
tars | List of tars to flatten | List of labels | required |
load("@rules_distroless//distroless:defs.bzl", "java_keystore") java_keystore(name, certificates, mode, time)
Create a java keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates.
Currently only public X.509 are supported as part of the PUBLIC API contract.
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
certificates | - | List of labels | required | |
mode | mode for the entries | String | optional | "0755" |
time | time for the entries | String | optional | "0.0" |
load("@rules_distroless//distroless:defs.bzl", "locale") locale(name, charset, package, time)
Create a locale archive from a Debian package.
An example of this would be
# MODULE.bazel
http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "libc-bin",
build_file_content = 'exports_files(["data.tar.xz"])',
sha256 = "8b048ab5c7e9f5b7444655541230e689631fd9855c384e8c4a802586d9bbc65a",
urls = ["https://snapshot.debian.org/archive/debian-security/20231106T230332Z/pool/updates/main/g/glibc/libc-bin_2.31-13+deb11u7_amd64.deb"],
)
# BUILD.bazel
load("@rules_distroless//distroless:defs.bzl", "locale")
locale(
name = "example",
package = "@libc-bin//:data.tar.xz"
)
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
charset | - | String | optional | "C.utf8" |
package | - | Label | required | |
time | time for the entries | String | optional | "0.0" |
load("@rules_distroless//distroless:defs.bzl", "group") group(name, entries, time, mode, kwargs)
Create a group file from array of dicts.
https://www.ibm.com/docs/en/aix/7.2?topic=files-etcgroup-file#group_security__a21597b8__title__1
PARAMETERS
Name | Description | Default Value |
---|---|---|
name | name of the target | none |
entries | an array of dicts which will be serialized into single group file. | none |
time | time for the entry | "0.0" |
mode | mode for the entry | "0644" |
kwargs | other named arguments to expanded targets. see common rule attributes. | none |
load("@rules_distroless//distroless:defs.bzl", "home") home(name, dirs, kwargs)
Create home directories with specific uid and gids.
PARAMETERS
Name | Description | Default Value |
---|---|---|
name | name of the target | none |
dirs | array of home directory dicts. | none |
kwargs | other named arguments to that is passed to tar. see common rule attributes. | none |
load("@rules_distroless//distroless:defs.bzl", "os_release") os_release(name, content, path, mode, time, kwargs)
Create an Operating System Identification file from a key, value dictionary.
https://www.freedesktop.org/software/systemd/man/latest/os-release.html
PARAMETERS
Name | Description | Default Value |
---|---|---|
name | name of the target | none |
content | a key, value dictionary that will be serialized into = seperated lines.See https://www.freedesktop.org/software/systemd/man/latest/os-release.html#Options for well known keys. |
none |
path | where to put the file in the result archive. default: /usr/lib/os-release |
"/usr/lib/os-release" |
mode | mode for the entry | "0555" |
time | time for the entry | "0" |
kwargs | other named arguments to expanded targets. see common rule attributes. | none |
load("@rules_distroless//distroless:defs.bzl", "passwd") passwd(name, entries, mode, time, kwargs)
Create a passwd file from array of dicts.
https://www.ibm.com/docs/en/aix/7.3?topic=passwords-using-etcpasswd-file
PARAMETERS
Name | Description | Default Value |
---|---|---|
name | name of the target | none |
entries | an array of dicts which will be serialized into single passwd file. An example;
|
none |
mode | mode for the entry | "0644" |
time | time for the entry | "0.0" |
kwargs | other named arguments to expanded targets. see common rule attributes. | none |