Skip to content

Latest commit

 

History

History
262 lines (169 loc) · 10.2 KB

rules.md

File metadata and controls

262 lines (169 loc) · 10.2 KB

Public API re-exports

cacerts

load("@rules_distroless//distroless:defs.bzl", "cacerts")

cacerts(name, mode, package, time)

Create a ca-certificates.crt bundle from Common CA certificates.

When provided with the ca-certificates Debian package it will create a bundle of all common CA certificates at /usr/share/ca-certificates and bundle them into a ca-certificates.crt file at /etc/ssl/certs/ca-certificates.crt

An example of this would be

# MODULE.bazel
http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "ca-certificates",
    type = ".deb",
    sha256 = "b2d488ad4d8d8adb3ba319fc9cb2cf9909fc42cb82ad239a26c570a2e749c389",
    urls = ["https://snapshot.debian.org/archive/debian/20231106T210201Z/pool/main/c/ca-certificates/ca-certificates_20210119_all.deb"],
    build_file_content = "exports_files(["data.tar.xz"])"
)

# BUILD.bazel
load("@rules_distroless//distroless:defs.bzl", "cacerts")

cacerts(
    name = "example",
    package = "@ca-certificates//:data.tar.xz",
)

To use the generated certificate bundle for SSL, you must set SSL_CERT_FILE in the environment. You can set it on the oci image like so:

oci_image(
    name = "my-image",
    env = {
        "SSL_CERT_FILE": "/etc/ssl/certs/ca-certificates.crt",
    }
)

ATTRIBUTES

Name Description Type Mandatory Default
name A unique name for this target. Name required
mode mode for the entries String optional "0555"
package - Label required
time time for the entries String optional "0.0"

flatten

load("@rules_distroless//distroless:defs.bzl", "flatten")

flatten(name, compress, deduplicate, tars)

Flatten multiple archives into single archive.

ATTRIBUTES

Name Description Type Mandatory Default
name A unique name for this target. Name required
compress Compress the archive file with a supported algorithm. String optional ""
deduplicate EXPERIMENTAL: We may change or remove it without a notice.

Remove duplicate entries from the archives after flattening. Deduplication is performed only for directories.

This requires awk to be available in the PATH.
Boolean optional False
tars List of tars to flatten List of labels required

java_keystore

load("@rules_distroless//distroless:defs.bzl", "java_keystore")

java_keystore(name, certificates, mode, time)

Create a java keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates.

Currently only public X.509 are supported as part of the PUBLIC API contract.

ATTRIBUTES

Name Description Type Mandatory Default
name A unique name for this target. Name required
certificates - List of labels required
mode mode for the entries String optional "0755"
time time for the entries String optional "0.0"

locale

load("@rules_distroless//distroless:defs.bzl", "locale")

locale(name, charset, package, time)

Create a locale archive from a Debian package.

An example of this would be

# MODULE.bazel
http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "libc-bin",
    build_file_content = 'exports_files(["data.tar.xz"])',
    sha256 = "8b048ab5c7e9f5b7444655541230e689631fd9855c384e8c4a802586d9bbc65a",
    urls = ["https://snapshot.debian.org/archive/debian-security/20231106T230332Z/pool/updates/main/g/glibc/libc-bin_2.31-13+deb11u7_amd64.deb"],
)

# BUILD.bazel
load("@rules_distroless//distroless:defs.bzl", "locale")

locale(
    name = "example",
    package = "@libc-bin//:data.tar.xz"
)

ATTRIBUTES

Name Description Type Mandatory Default
name A unique name for this target. Name required
charset - String optional "C.utf8"
package - Label required
time time for the entries String optional "0.0"

group

load("@rules_distroless//distroless:defs.bzl", "group")

group(name, entries, time, mode, kwargs)

Create a group file from array of dicts.

https://www.ibm.com/docs/en/aix/7.2?topic=files-etcgroup-file#group_security__a21597b8__title__1

PARAMETERS

Name Description Default Value
name name of the target none
entries an array of dicts which will be serialized into single group file. none
time time for the entry "0.0"
mode mode for the entry "0644"
kwargs other named arguments to expanded targets. see common rule attributes. none

home

load("@rules_distroless//distroless:defs.bzl", "home")

home(name, dirs, kwargs)

Create home directories with specific uid and gids.

PARAMETERS

Name Description Default Value
name name of the target none
dirs array of home directory dicts. none
kwargs other named arguments to that is passed to tar. see common rule attributes. none

os_release

load("@rules_distroless//distroless:defs.bzl", "os_release")

os_release(name, content, path, mode, time, kwargs)

Create an Operating System Identification file from a key, value dictionary.

https://www.freedesktop.org/software/systemd/man/latest/os-release.html

PARAMETERS

Name Description Default Value
name name of the target none
content a key, value dictionary that will be serialized into = seperated lines.

See https://www.freedesktop.org/software/systemd/man/latest/os-release.html#Options for well known keys.
none
path where to put the file in the result archive. default: /usr/lib/os-release "/usr/lib/os-release"
mode mode for the entry "0555"
time time for the entry "0"
kwargs other named arguments to expanded targets. see common rule attributes. none

passwd

load("@rules_distroless//distroless:defs.bzl", "passwd")

passwd(name, entries, mode, time, kwargs)

Create a passwd file from array of dicts.

https://www.ibm.com/docs/en/aix/7.3?topic=passwords-using-etcpasswd-file

PARAMETERS

Name Description Default Value
name name of the target none
entries an array of dicts which will be serialized into single passwd file.

An example;

dict(gid = 0, uid = 0, home = "/root", shell = "/bin/bash", username = "root")
none
mode mode for the entry "0644"
time time for the entry "0.0"
kwargs other named arguments to expanded targets. see common rule attributes. none