Certificate creation through dockerd-entrypoint.sh may create incorrect DNS SAN if /etc/hostname does not end with a new-line character

[dagraff-cisco]

docker/dockerd-entrypoint.sh

Line 12 in 34afec8

cat /etc/hostname

I have encountered an issue working under podman where the /etc/hostname file does not contain a new-line after the configured container hostname.

Could _tls_san() in dockerd-entrypoint.sh be modified to account for this?

For example

_tls_san() {
	{
		ip -oneline address | awk '{ gsub(/\/.+$/, "", $4); print "IP:" $4 }'
		{
			echo $(cat /etc/hostname | tr -d '\n' -)
			echo 'docker'
			echo 'localhost'
			hostname -f
			hostname -s
		} | sed 's/^/DNS:/'
		[ -z "${DOCKER_TLS_SAN:-}" ] || echo "$DOCKER_TLS_SAN"
	} | sort -u | xargs printf '%s,' | sed "s/,\$//"
}

[yosifkit]

The file should contain a single newline-terminated hostname string.

- https://manpages.debian.org/bookworm/systemd/hostname.5.en.html

I would say that podman has a bug. So, no, I don't think we should change to support an incorrectly formatted /etc/hostname.

[dagraff-cisco]

Fair enough - I'll file with them.

[tianon]

Specifically, if I'm reading their code correctly, it probably needs to add \n in https://github.com/containers/podman/blob/f7a30461e06f6786b02fc44b5c48525d2ebbc482/libpod/container_internal_linux.go#L667

[dagraff-cisco]

@tianon thank you for that - I'll file with the containers/podman project on that issue - seems trivial to fix