From 26b3314fa53e96b6296dadc4143a4511b75bf6c8 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Wed, 7 May 2025 17:14:54 +0200
Subject: [PATCH] images/arch: Create the directory for configuring PKCS#11
 modules

The /etc/pkcs11 directory and /etc/pkcs11/pkcs11.conf.example file are
created by the p11-kit package in Arch Linux, and the lib11-kit package
provides p11-kit-client.so.  However, the /etc/pkcs11/modules directory
that's necessary to configure p11-kit to use p11-kit-client.so is not
created by any package.

It's better to ensure that the /etc/pkcs11/modules directory exists in
the image, instead of having the Toolbx container's entry point create
it at runtime, because it can be a confirmation that p11-kit was built
to read the module configuration from this location.

This should have been part of commit 259de86c8f103204.

https://github.com/containers/toolbox/issues/626
---
 images/arch/Containerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/images/arch/Containerfile b/images/arch/Containerfile
index 2cbc407..00163ea 100644
--- a/images/arch/Containerfile
+++ b/images/arch/Containerfile
@@ -23,3 +23,6 @@ RUN yes | pacman -Scc
 
 # Enable sudo permission for wheel users
 RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/toolbox
+
+# Enable the use of p11-kit-client.so to access CA certificates from the host
+RUN mkdir --parents /etc/pkcs11/modules