You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm facing strange situation. It is not limiting for me on Linux, but it might hit me on Windows.
I'm using Podman containers quite heavily. All of my services for development and productivity do run in root-less containers. So far, so good. At the beginning, when I was setting my infrastructure up, I made a decision to create my own private OCI Registry in order to give the release and deployment process some sort of rules/order. The problem is that I want to keep the layout of the infrastructure private and isolated from the outside world (internet). That leads to the necessity of my own private Certificate Authority. That works as expected including CRL, AIA protocol and Certificate renewal process. All my equipment have the CA ROOT certificates installed in the system as trusted anchors.
And now the issue. When I try to set-up my registry in Podman Desktop installed from Flathub, the GUI tells me that podman is unable to verify the authenticity of the registry server.
I took a look at the issue and it seems that flatpak uses p11-kit to connect system trust to the sandboxed environment.
As one should see the certificates are present and accessible.
My question are:
How can I tell Podman Desktop to take into account the System Trust as well?
How are CA Certificates handled by Podman Desktop on Windows?
My Linux OS:
[opc@sws ~]$ cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.7"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.7"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.7"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:8:7:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.7
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.7
P.S.: As I said, it is not critical for me as I use podman natively which already respects the trust anchors. But somebody else might hit this issue and it may be blocking for them.
Thank you very much for any hints. I really appreciate your time.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello friends,
I'm facing strange situation. It is not limiting for me on Linux, but it might hit me on Windows.
I'm using Podman containers quite heavily. All of my services for development and productivity do run in root-less containers. So far, so good. At the beginning, when I was setting my infrastructure up, I made a decision to create my own private OCI Registry in order to give the release and deployment process some sort of rules/order. The problem is that I want to keep the layout of the infrastructure private and isolated from the outside world (internet). That leads to the necessity of my own private Certificate Authority. That works as expected including CRL, AIA protocol and Certificate renewal process. All my equipment have the CA ROOT certificates installed in the system as trusted anchors.
And now the issue. When I try to set-up my registry in Podman Desktop installed from Flathub, the GUI tells me that podman is unable to verify the authenticity of the registry server.
I took a look at the issue and it seems that flatpak uses
p11-kit
to connect system trust to the sandboxed environment.That works:
As one should see the certificates are present and accessible.
My question are:
My Linux OS:
P.S.: As I said, it is not critical for me as I use podman natively which already respects the trust anchors. But somebody else might hit this issue and it may be blocking for them.
Thank you very much for any hints. I really appreciate your time.
Beta Was this translation helpful? Give feedback.
All reactions