containers
/
toolbox
mirror of https://github.com/containers/toolbox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

images/ubuntu: Create the directory for configuring PKCS#11 modules 

The p11-kit-modules package in Ubuntu provides p11-kit-client.so, but
the /etc/pkcs11/modules directory that's necessary to configure p11-kit
to use p11-kit-client.so is not created by any package.

It's better to ensure that the /etc/pkcs11/modules directory exists in
the image, instead of having the Toolbx container's entry point create
it at runtime, because it can be a confirmation that p11-kit was built
to read the module configuration from this location.

This should have been part of commit aa8507730d.

https://github.com/containers/toolbox/issues/626
This commit is contained in:
Debarshi Ray 2025-05-07 18:04:45 +02:00
parent 26b3314fa5
commit e98032352e
5 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
images/ubuntu/18.04/Containerfile
View File

@ -33,6 +33,9 @@ RUN rm /extra-packages
# Allow authentication with empty password, promptless
RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

3
images/ubuntu/20.04/Containerfile
View File

@ -35,6 +35,9 @@ RUN rm /extra-packages
# Allow authentication with empty password, promptless
RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

3
images/ubuntu/22.04/Containerfile
View File

@ -32,6 +32,9 @@ RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

3
images/ubuntu/24.04/Containerfile
View File

@ -33,6 +33,9 @@ RUN apt-get update && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

3
images/ubuntu/24.10/Containerfile
View File

@ -27,6 +27,9 @@ RUN apt-get update && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty