feat(node)!: do not set NODE_OPTIONS (#164)

BREAKING CHANGE: node no longer uses openssl certs by default
containerbase · Oct 28, 2021 · 95725c1 · 95725c1
1 parent 387e861
commit 95725c1
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/docs/custom-root-ca.md b/docs/custom-root-ca.md
@@ -13,18 +13,21 @@ FROM containerbase/buildpack
 
 COPY my-root-ca.crt /usr/local/share/ca-certificates/my-root-ca.crt
 RUN update-ca-certificates
+
+# configure node
+ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/my-root-ca.crt
 ```
 
 **TODO**: For java based tools we need another option
 
 ## Runtime install
 
 Most OpenSSL base tools (and maybe BoringSSL) support `SSL_CERT_FILE` environment for additional custom root ca files.
-We use `NODE_OPTIONS="--use-openssl-ca"`, so NodeJS is using the same certificate options as OpenSSL.
 
 ```bash
 docker run --rm -it \
   -v my-root-ca.crt:/my-root-ca.crt \
   -e SSL_CERT_FILE=/my-root-ca.crt \
+  -e NODE_EXTRA_CA_CERTS=/my-root-ca.crt \
   containerbase/buildpack bash
 ```
diff --git a/src/usr/local/buildpack/tools/node.sh b/src/usr/local/buildpack/tools/node.sh
@@ -47,9 +47,6 @@ chmod -R g+w $NPM_CONFIG_PREFIX
 export_env NPM_CONFIG_PREFIX $NPM_CONFIG_PREFIX
 export_path "\$NPM_CONFIG_PREFIX/bin"
 
-# use openssl certificates
-export_env NODE_OPTIONS "--use-openssl-ca"
-
 shell_wrapper node
 shell_wrapper npm
 

diff --git a/test/latest/Dockerfile b/test/latest/Dockerfile
@@ -77,7 +77,7 @@ ARG APT_HTTP_PROXY
 RUN install-tool node v14.18.1
 
 RUN set -ex; \
-  nginx && su -c 'SSL_CERT_FILE=/test/ca.pem node request.mjs' ${USER_NAME}
+  nginx && su -c 'NODE_EXTRA_CA_CERTS=/test/ca.pem node request.mjs' ${USER_NAME}
 
 #--------------------------------------
 # test: php