[Touch-packages] [Bug 2076308] [NEW] Allow requesting not running update-ca-certificates during install

[Will Rouesnel]

Public bug reported:

When building container images which require TLS certificates,
particularly under podman it is desirable to mount the hosts
/etc/ssl/certs directory into the container either during runtime or
during build.

This mount should normally be done read-only to prevent conflicting with
the host.

However, if the container then has an apt package install requested
which depends on ca-certificates, the installation will fail because the
post-install script fails due to update-ca-certificates being unable to
write to /etc/ssl/certs/ca-certificates.crt on the read-only mount. This
then blocks dependent package installs.

It should be possible to request skipping this process so ca-
certificates can be satisfied without needing to execute the ca-
certificates update immediately after installation.

** Affects: ca-certificates (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/2076308

Title:
  Allow requesting not running update-ca-certificates during install

Status in ca-certificates package in Ubuntu:
  New

Bug description:
  When building container images which require TLS certificates,
  particularly under podman it is desirable to mount the hosts
  /etc/ssl/certs directory into the container either during runtime or
  during build.

  This mount should normally be done read-only to prevent conflicting
  with the host.

  However, if the container then has an apt package install requested
  which depends on ca-certificates, the installation will fail because
  the post-install script fails due to update-ca-certificates being
  unable to write to /etc/ssl/certs/ca-certificates.crt on the read-only
  mount. This then blocks dependent package installs.

  It should be possible to request skipping this process so ca-
  certificates can be satisfied without needing to execute the ca-
  certificates update immediately after installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/2076308/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp