Building using an image from a private repository results in "x509: certificate signed by unknown authority".
chriseaton opened this issue · 2 comments
chriseaton commented
When our docker file specifies an image in a private repo, it causes the oci-build-task to fail. As far I could tell there's no way to specify a custom CA.
ERROR: failed to do request: Head "https://our-private-repo/v2/shared/centos/manifests/latest": x509: certificate signed by unknown authority
CJLove commented
Here's a possible workaround, with the downside that you're basically forking the official oci-build-task
image and using it in the interim:
- Build your own
oci-build-task
image with a Dockerfile like this to add yourca.crt
file to the image, and push to your private registry
FROM docker.io/concourse/oci-build-task:latest
COPY ca.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
- In your pipeline specify your
oci-build-task
image in place of the official one
...
- task: build-task-image
privileged: true
config:
platform: linux
image_resource:
type: registry-image
source:
repository: fir.love.io:3005/amd64/oci-build-task
# repository: concourse/oci-build-task
tag: latest
...
lrstanley commented
Related, that has a bit cleaner temporary solution that doesn't require making a custom image: #70 (comment)
Looking at the code, however, I believe adding an input for custom certs/ca should be pretty easy.