pkg/utils: Add a function to check if p11-kit-client.so is present

A subsequent commit will use this to give Toolbx containers access to the certificates from certificate authorities on the host. The ideal goal is to ensure that all supported Toolbx containers and images have p11-kit-client.so in them. In practice, some of them never will. Either because it's an existing container or an older version of an image that was already present in the local containers/storage image store, or because the operating system is too old. Therefore, there needs to be a way to check at runtime if a Toolbx container has p11-kit-client.so or not. https://github.com/containers/toolbox/issues/626
2025-05-07 01:31:03 +02:00 · 2025-05-07 01:31:03 +02:00 · 9e776b6c94
parent 456f37794d
commit 9e776b6c94
5 changed files with 63 additions and 0 deletions
--- a/src/pkg/utils/arch.go
+++ b/src/pkg/utils/arch.go
@ -25,6 +25,11 @@ func getFullyQualifiedImageArch(image, release string) string {
 	return imageFull
 }

+func getP11KitClientPathsArch() []string {
+	paths := []string{"/usr/lib/pkcs11/p11-kit-client.so"}
+	return paths
+}
+
 func parseReleaseArch(release string) (string, error) {
 	if release != "latest" && release != "rolling" && release != "" {
 		return "", &ParseReleaseError{"The release must be 'latest'."}
--- a/src/pkg/utils/fedora.go
+++ b/src/pkg/utils/fedora.go
@ -37,6 +37,11 @@ func getFullyQualifiedImageFedora(image, release string) string {
 	return imageFull
 }

+func getP11KitClientPathsFedora() []string {
+	paths := []string{"/usr/lib64/pkcs11/p11-kit-client.so"}
+	return paths
+}
+
 func parseReleaseFedora(release string) (string, error) {
 	if strings.HasPrefix(release, "F") || strings.HasPrefix(release, "f") {
 		release = release[1:]
--- a/src/pkg/utils/rhel.go
+++ b/src/pkg/utils/rhel.go
@ -45,6 +45,11 @@ func getFullyQualifiedImageRHEL(image, release string) string {
 	return imageFull
 }

+func getP11KitClientPathsRHEL() []string {
+	paths := []string{"/usr/lib64/pkcs11/p11-kit-client.so"}
+	return paths
+}
+
 func parseReleaseRHEL(release string) (string, error) {
 	if i := strings.IndexRune(release, '.'); i == -1 {
 		return "", &ParseReleaseError{"The release must be in the '<major>.<minor>' format."}
--- a/src/pkg/utils/ubuntu.go
+++ b/src/pkg/utils/ubuntu.go
@ -38,6 +38,15 @@ func getFullyQualifiedImageUbuntu(image, release string) string {
 	return imageFull
 }

+func getP11KitClientPathsUbuntu() []string {
+	paths := []string{
+		"/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so",
+		"/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so",
+	}
+
+	return paths
+}
+
 func parseReleaseUbuntu(release string) (string, error) {
 	releaseParts := strings.Split(release, ".")
 	if len(releaseParts) != 2 {
--- a/src/pkg/utils/utils.go
+++ b/src/pkg/utils/utils.go
@ -40,6 +40,7 @@ import (

 type GetDefaultReleaseFunc func() (string, error)
 type GetFullyQualifiedImageFunc func(string, string) string
+type GetP11KitClientPathsFunc func() []string
 type ParseReleaseFunc func(string) (string, error)

 type Distro struct {
@ -48,6 +49,7 @@ type Distro struct {
 	ReleaseRequired        bool
 	GetDefaultRelease      GetDefaultReleaseFunc
 	GetFullyQualifiedImage GetFullyQualifiedImageFunc
+	GetP11KitClientPaths   GetP11KitClientPathsFunc
 	ParseRelease           ParseReleaseFunc
 }

@ -124,6 +126,7 @@ var (
 			false,
 			getDefaultReleaseArch,
 			getFullyQualifiedImageArch,
+			getP11KitClientPathsArch,
 			parseReleaseArch,
 		},
 		"fedora": {
@ -132,6 +135,7 @@ var (
 			true,
 			getDefaultReleaseFedora,
 			getFullyQualifiedImageFedora,
+			getP11KitClientPathsFedora,
 			parseReleaseFedora,
 		},
 		"rhel": {
@ -140,6 +144,7 @@ var (
 			true,
 			getDefaultReleaseRHEL,
 			getFullyQualifiedImageRHEL,
+			getP11KitClientPathsRHEL,
 			parseReleaseRHEL,
 		},
 		"ubuntu": {
@ -148,6 +153,7 @@ var (
 			true,
 			getDefaultReleaseUbuntu,
 			getFullyQualifiedImageUbuntu,
+			getP11KitClientPathsUbuntu,
 			parseReleaseUbuntu,
 		},
 	}
@ -630,6 +636,39 @@ func ImageReferenceHasDomain(image string) bool {
 	return true
 }

+func IsP11KitClientPresent() (bool, error) {
+	var p11KitClientPaths []string
+	var supportedDistro bool
+
+	hostID, err := getHostID()
+	if err == nil {
+		distroObj, ok := supportedDistros[hostID]
+		supportedDistro = ok
+		if supportedDistro {
+			p11KitClientPaths = distroObj.GetP11KitClientPaths()
+		}
+	}
+
+	if !supportedDistro {
+		if err == nil {
+			err = fmt.Errorf("failed to find %s in the list of supported distributions", hostID)
+		}
+
+		for _, distroObj := range supportedDistros {
+			paths := distroObj.GetP11KitClientPaths()
+			p11KitClientPaths = append(p11KitClientPaths, paths...)
+		}
+	}
+
+	for _, path := range p11KitClientPaths {
+		if PathExists(path) {
+			return true, err
+		}
+	}
+
+	return false, err
+}
+
 func SetUpConfiguration() error {
 	logrus.Debug("Setting up configuration")