Pack fails to download image from private repo with self-signed certificate during Analyze phase #609
Description
Summary
When using a private registry with a self-signed certificate, pack fails when executing a build with the "publish" flag during the Analyze phase. Because this problem occurs during the Analyze phase, this appears to be a pack specific issue.
Self-signed certificates are already trusted by the OS (MacOS).
Reproduction
Steps
- Execute a pack build using a private repository with a self-signed certificate with the publish flag:
pack build registry.mycompany.com/myusername/cncf-buildpack-test:yarn --volume "${PWD}/bindings:/platform/bindings" --publish
Current behavior
Pack fails with the following message:
base: Pulling from paketobuildpacks/builder
Digest: sha256:2a2920c78710d2b8ce10906c6e0e6cc9f670fdeb85071a37c6ca0481cb79bf8c
Status: Image is up to date for paketobuildpacks/builder:base
===> DETECTING
6 of 10 buildpacks participating
paketo-buildpacks/ca-certificates 2.4.1
paketo-buildpacks/node-engine 0.8.0
paketo-buildpacks/yarn 0.4.1
paketo-buildpacks/yarn-install 0.4.0
paketo-buildpacks/node-module-bom 0.1.2
paketo-buildpacks/yarn-start 0.3.0
===> ANALYZING
ERROR: failed to get previous image: connect to repo store "registry.mycompany.com/myusername/cncf-buildpack-test:yarn": Get "https://registry.mycompany.com/v2/": x509: certificate signed by unknown authority
Expected behavior
Expected pack to reach out to private repository with a self-signed certificate successfully
Environment
MacOS
pack info
pack report
Pack:
Version: 0.21.1+git-e09e397.build-2823
OS/Arch: darwin/amd64
Default Lifecycle Version: 0.11.3
Supported Platform APIs: 0.3, 0.4, 0.5, 0.6
Config:
default-builder-image = "[REDACTED]"
docker info
docker info
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
compose: Docker Compose (Docker Inc., v2.0.0-rc.1)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 25
Running: 0
Paused: 0
Stopped: 25
Images: 107
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.10.47-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 5.805GiB
Name: docker-desktop
ID: SKKA:IL5Q:IKWP:IJME:UJQL:BNLT:JVZE:PL4F:FDBD:GLQP:GPP5:6OAG
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false