Certificate creation through dockerd-entrypoint.sh may create incorrect DNS SAN if /etc/hostname does not end with a new-line character

[dagraff-cisco]

https://github.com/docker-library/docker/blob/34afec84bf397392007934ffe12a27b92bd1e729/dockerd-entrypoint.sh#L12

I have encountered an issue working under podman where the /etc/hostname file does not contain a new-line after the configured container hostname.

Could _tls_san() in dockerd-entrypoint.sh be modified to account for this?

For example

_tls_san() {
    {
        ip -oneline address | awk '{ gsub(/\/.+$/, "", $4); print "IP:" $4 }'
        {
            echo $(cat /etc/hostname | tr -d '\n' -)
            echo 'docker'
            echo 'localhost'
            hostname -f
            hostname -s
        } | sed 's/^/DNS:/'
        [ -z "${DOCKER_TLS_SAN:-}" ] || echo "$DOCKER_TLS_SAN"
    } | sort -u | xargs printf '%s,' | sed "s/,\$//"
}

[yosifkit]

The file should contain a single newline-terminated hostname string.

- https://manpages.debian.org/bookworm/systemd/hostname.5.en.html

I would say that podman has a bug. So, no, I don't think we should change to support an incorrectly formatted /etc/hostname.

[dagraff-cisco]

Fair enough - I'll file with them.

[tianon]

Specifically, if I'm reading their code correctly, it probably needs to add \n in https://github.com/containers/podman/blob/f7a30461e06f6786b02fc44b5c48525d2ebbc482/libpod/container_internal_linux.go#L667

[dagraff-cisco]

@tianon thank you for that - I'll file with the containers/podman project on that issue - seems trivial to fix