certmonger

#304 Spec file: create /var/lib/certmonger/ with systemdtmpfiles
Merged by rcritten. Opened by frenaud.
frenaud/certmonger bootc  into  master

Add the creation of /var/lib/certmonger/ directory through
systemdtmpfiles so that a bootc image can create the lock file
in /var/lib/certmonger/lock

Signed-off-by: Florence Blanc-Renaud flo@redhat.com

In order to test with bootc you can do the following, for instance on a fedora 43 machine:
Create a non-root user on the machine and add the user to the wheel group + enable linger (non-root because of podman-bootc requirement):

[root@vm ~]# useradd mylocaluser -G wheel
[root@vm ~]# loginctl enable-linger mylocaluser
[root@vm ~]# su - mylocaluser

As this local user, launch a bootc machine based on fedora 43:

[mylocaluser@vm ~]$ sudo dnf install -y podman-machine
[mylocaluser@vm ~]$ sudo dnf -y install 'dnf-command(copr)'
[mylocaluser@vm ~]$ sudo dnf -y copr enable gmaglione/podman-bootc
[mylocaluser@vm ~]$ sudo dnf install -y podman-bootc
[mylocaluser@vm ~]$ mkdir test && cd test
[mylocaluser@vm ~]$ podman machine init --rootful --now
[mylocaluser@vm ~]$ podman-bootc run --filesystem=xfs quay.io/fedora/fedora-bootc:43

Inside this created VM, switch to the container built at ghcr.io/flo-renaud/freeipa-bootc with this patch:

[root@fedora ~]# bootc switch ghcr.io/flo-renaud/freeipa-bootc
[root@fedora ~]# bootc status
 Staged image: ghcr.io/flo-renaud/freeipa-bootc
        Digest: sha256:b538bf85962e6c74203cb297028c25c846db0cda2f2fef146aafe95d09732920 (amd64)
       Version: latest (2026-03-09T12:54:57Z)
 Booted image: quay.io/fedora/fedora-bootc:43
        Digest: sha256:d5cd8d1c29d9dd3d229061221f9774336f536584bca9701b5ca4fea4804cde10 (amd64)
       Version: 43.20260309.0 (2026-03-09T10:05:35Z)
[root@fedora ~]# reboot

Then on you fedora 43 machine, as your local user, login to the bootc machine after it has rebooted:

[mylocaluser@vm ~]$ podman-bootc list
ID            REPO                            SIZE        CREATED        RUNNING     SSH PORT
e0c534289145  quay.io/fedora/fedora-bootc:43  10.7GB      7 minutes ago  true        37591
[mylocaluser@vm ~]$ podman-bootc ssh e0c534289145

Inside the bootc machine:

[root@fedora ~]# bootc status
 Booted image: ghcr.io/flo-renaud/freeipa-bootc
        Digest: sha256:b538bf85962e6c74203cb297028c25c846db0cda2f2fef146aafe95d09732920 (amd64)
       Version: latest (2026-03-09T12:54:57Z)
  Rollback image: quay.io/fedora/fedora-bootc:43
          Digest: sha256:d5cd8d1c29d9dd3d229061221f9774336f536584bca9701b5ca4fea4804cde10 (amd64)
         Version: 43.20260309.0 (2026-03-09T10:05:35Z)

you can now enroll using ipa-client

Without this patch, the command ipa-client-install --uninstall -U used to fail because it could not create /var/lib/certmonger/lock

LGTM.

Pull-Request has been merged by rcritten
Metadata
None
No Tags
Changes Summary 2
+2 -0
file changed
configure.ac
+1 -0
file changed
systemd/certmonger.conf.in
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.