Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read
Q&A

How to set update-crypto-policies to LEGACY in Dockerfile

+1
−0

So im trying to do RUN update-crypto-policies --set LEGACY in my Dockerfile as I was getting an error

"Failed to load certificate from file 'client-rsa.pem':''ee key too small".

But when I build my Dockerfile I get an error "#5 0.540 /bin/sh: update-crypto-policies: command not found"

Could anyone please explain me why is this happening and how to set crypto-policies to LEGACY in dockerfile?

Here is my entire Dockerfile-


FROM arm64v8/oraclelinux:8

# Setup basic environment stuff
ENV container docker
ENV LANG en_US.UTF-8
ENV TZ EST
ENV DEBIAN_FRONTEND=noninteractive
RUN yum -y install crypto-policies-scripts

# Adding User and Group 

RUN useradd -u 42065 testuser



# CCSMP dependent
RUN yum install -y wget
RUN yum install -y openssl-libs-1.1.1g-15.el8_3.aarch64
RUN yum install -y krb5-workstation krb5-libs krb5-devel
RUN yum install -y glibc-devel glibc-common
RUN yum install -y make gcc java-1.8.0-openjdk-devel tar perl maven svn openssl-devel gcc
RUN yum install -y gdb
RUN yum install -y openldap* openldap-clients nss-pam-ldapd
RUN yum install -y zlib-devel bzip2 bzip2-devel vim yum-utils sssd sssd-tools

# Minor changes to image to get ccsmp to build
RUN ln -s /usr/lib/jvm/java-1.8.0-openjdk /usr/lib/jvm/default-jvm
RUN cp /usr/include/linux/stddef.h /usr/include/stddef.h

# Install ant 1.10.12
RUN wget https://mirror.its.dal.ca/apache//ant/binaries/apache-ant-1.10.12-bin.zip
RUN unzip apache-ant-1.10.12-bin.zip && mv apache-ant-1.10.12/ /opt/ant


ENV JAVA_HOME /usr
ENV ANT_HOME="/usr/bin/ant"
ENV PATH="/usr/bin/ant:$PATH"


USER testuser
WORKDIR /home/testuser


CMD /bin/bash
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

2 comment threads

Hi, I just posted my entire dockefile. So I have a dockerfile that is using linux8 arm64v8, I'm runni... (1 comment)
Missing Docker image (1 comment)

2 answers

+1
−0

Hi, so I solved this issue,

I first ran my container in -it mode, went to this path- etc/crypto-policies/back-ends and made following changes to these files-

openssl.config-

replaced "DEFAULT" with "LEGACY"

opensslcng.config

replaced "@SECLEVEL=2" with "@SECLEVEL=0"

Then I went to this path-

etc/crypto-policies

and made following changes to this file-

config

I replaced "@SECLEVEL=2" with "@SECLEVEL=0"

By doing this you are lowering your security policies for tests to run with less restrictions, it is not recommended and better solution will be to just upgrade your stack and use latest keys. But in my case this worked like a charm :) I hope this helps someone

Why does this post require moderator attention?
You might want to add some details to your flag.

0 comment threads

+0
−0

Also to do this automatically do this in your dockerfile-

RUN sed -i 's/SECLEVEL=2/SECLEVEL=0/g' /etc/crypto-policies/back-ends/opensslcnf.config

just replace the file name for the rest of the files

Why does this post require moderator attention?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »

This community is part of the Codidact network. We have other communities too — take a look!

You can also join us in chat!

Want to advertise this community? Use our templates!

Like what we're doing? Support us! Donate