We don't have to solve all distros, just hte ones our images come on. Does the rehash require the certificate to be present?
Doesn't make it clear whether the extracted file is mutated or not. But seeing that Stef is on that man page, let's ask him :)
Stef, is it possible to create a symlink from the extracted trust directory to an arbitrary folder (that will have a ca.crt bind mounted into it when running as a container)? OpenShift will automount the cluster CA into /var/run/secrets/kubernetes.io..../ca.crt. We're trying to determine if there is an easy way for the image to be crafted so that when that directory is bind mounted in with the right file, that trusted CA is available to apps. Since CAs tend to be infrastructure wide, we were looking for an alternative to having to have image authors bake in their trusted CA (although that's not the end of the world).
On Aug 24, 2015, at 10:01 AM, Jordan Liggitt <jliggitt redhat com> wrote: