Merge pull request #107 from paketo-buildpacks/readonly-bug

Bug fix for read-only containers

README.md

@@ -24,6 +24,15 @@ The buildpack configures trusted certs at both build and runtime by:
 
 To learn about the conventional meaning of `SSL_CERT_DIR` and `SSL_CERT_FILE` environment variables see the OpenSSL documentation for [SSL_CTX_load_verify_locations][s]. This buildpack may not work with tools that do not respect these environment variables.
 
+### Runtime Environment Support
+
+| Feature              | Supported       | Detail                                                                  |
+| -------------------- | --------------- | ---------------------------------------------------------------------------- |
+| read-only runtime container | No       | Symlinks and/or new files are written for certificates provided via binding at runtime. A read-only container will run if no cert bindings are present at runtime.  |
+| run as custom user          | Yes      | The custom user must be a member of the `CNB` group
+
+
+
 ## Bindings
 
 The buildpack optionally accepts the following bindings:

cacerts/execd.go

@@ -53,15 +53,15 @@ func NewExecD(bindings libcnb.Bindings) *ExecD {
 func (e *ExecD) Execute() (map[string]string, error) {
 	env := map[string]string{}
 	var splitPaths []string
+
+	paths := getsCertsFromBindings(e.Bindings)
+	if len(paths) == 0 {
+		return env, nil
+	}
 	certDir, err := ioutil.TempDir("", "ca-certificates")
 	if err != nil {
 		return nil, fmt.Errorf("failed to create temp dir\n%w", err)
 	}
-
-	paths := getsCertsFromBindings(e.Bindings)
-	if len(paths) == 0 || err != nil {
-		return env, err
-	}
 	for _, p := range paths {
 		if extraPaths, err := SplitCerts(p, certDir); err != nil {
 			return nil, fmt.Errorf("failed to split certificates at path %s \n%w", p, err)