Welcome to Software Development on Codidact!
Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.
How to set update-crypto-policies to LEGACY in Dockerfile
So im trying to do RUN update-crypto-policies --set LEGACY
in my Dockerfile as I was getting an error
"Failed to load certificate from file 'client-rsa.pem':''ee key too small".
But when I build my Dockerfile I get an error "#5 0.540 /bin/sh: update-crypto-policies: command not found"
Could anyone please explain me why is this happening and how to set crypto-policies to LEGACY in dockerfile?
Here is my entire Dockerfile-
FROM arm64v8/oraclelinux:8
# Setup basic environment stuff
ENV container docker
ENV LANG en_US.UTF-8
ENV TZ EST
ENV DEBIAN_FRONTEND=noninteractive
RUN yum -y install crypto-policies-scripts
# Adding User and Group
RUN useradd -u 42065 testuser
# CCSMP dependent
RUN yum install -y wget
RUN yum install -y openssl-libs-1.1.1g-15.el8_3.aarch64
RUN yum install -y krb5-workstation krb5-libs krb5-devel
RUN yum install -y glibc-devel glibc-common
RUN yum install -y make gcc java-1.8.0-openjdk-devel tar perl maven svn openssl-devel gcc
RUN yum install -y gdb
RUN yum install -y openldap* openldap-clients nss-pam-ldapd
RUN yum install -y zlib-devel bzip2 bzip2-devel vim yum-utils sssd sssd-tools
# Minor changes to image to get ccsmp to build
RUN ln -s /usr/lib/jvm/java-1.8.0-openjdk /usr/lib/jvm/default-jvm
RUN cp /usr/include/linux/stddef.h /usr/include/stddef.h
# Install ant 1.10.12
RUN wget https://mirror.its.dal.ca/apache//ant/binaries/apache-ant-1.10.12-bin.zip
RUN unzip apache-ant-1.10.12-bin.zip && mv apache-ant-1.10.12/ /opt/ant
ENV JAVA_HOME /usr
ENV ANT_HOME="/usr/bin/ant"
ENV PATH="/usr/bin/ant:$PATH"
USER testuser
WORKDIR /home/testuser
CMD /bin/bash
2 answers
Also to do this automatically do this in your dockerfile-
RUN sed -i 's/SECLEVEL=2/SECLEVEL=0/g' /etc/crypto-policies/back-ends/opensslcnf.config
just replace the file name for the rest of the files
0 comment threads
Hi, so I solved this issue,
I first ran my container in -it
mode, went to this path- etc/crypto-policies/back-ends
and made following changes to these files-
openssl.config-
replaced "DEFAULT
" with "LEGACY
"
opensslcng.config
replaced "@SECLEVEL=2
" with "@SECLEVEL=0
"
Then I went to this path-
etc/crypto-policies
and made following changes to this file-
config
I replaced "@SECLEVEL=2
" with "@SECLEVEL=0
"
By doing this you are lowering your security policies for tests to run with less restrictions, it is not recommended and better solution will be to just upgrade your stack and use latest keys. But in my case this worked like a charm :) I hope this helps someone
2 comment threads