How to add self-signed CA certificates to the Firefox container?

gertjandemulder commented 1 year ago

The README mentions the location to store custom certificates. I tried to bind a directory with the self-signed certificates to /config/certs/. According to the README, any changes to this /config directory would make Firefox up-to-date with the newly added certificates. However, nothing is happening.

I'm definitely overlooking something. But what? 🫠

jlesage commented 1 year ago

Note that by default it could take up to a minute before doing the update.

Did you check the container's log (docker logs <container name>) to make sure no error occurred ?
If you restart the container, does it use the new certs ?

gertjandemulder commented 1 year ago

@jlesage , I waited 15mins to after starting the container, followed by:

docker logs firefox

```plain [init ] container is starting... [cont-env ] loading container environment variables... [cont-env ] APP_NAME: loading... [cont-env ] APP_VERSION: loading... [cont-env ] DISPLAY: executing... [cont-env ] DISPLAY: terminated successfully. [cont-env ] DISPLAY: loading... [cont-env ] DOCKER_IMAGE_PLATFORM: loading... [cont-env ] DOCKER_IMAGE_VERSION: loading... [cont-env ] GTK2_RC_FILES: executing... [cont-env ] GTK2_RC_FILES: terminated successfully. [cont-env ] GTK2_RC_FILES: loading... [cont-env ] GTK_THEME: executing... [cont-env ] GTK_THEME: terminated successfully. [cont-env ] GTK_THEME: loading... [cont-env ] HOME: loading... [cont-env ] QT_STYLE_OVERRIDE: executing... [cont-env ] QT_STYLE_OVERRIDE: terminated successfully. [cont-env ] QT_STYLE_OVERRIDE: loading... [cont-env ] TAKE_CONFIG_OWNERSHIP: loading... [cont-env ] XDG_CACHE_HOME: loading... [cont-env ] XDG_CONFIG_HOME: loading... [cont-env ] XDG_DATA_HOME: loading... [cont-env ] XDG_RUNTIME_DIR: loading... [cont-env ] XDG_STATE_HOME: loading... [cont-env ] container environment variables initialized. [cont-secrets] loading container secrets... [cont-secrets] container secrets loaded. [cont-init ] executing container initialization scripts... [cont-init ] 10-certs.sh: executing... [cont-init ] 10-certs.sh: terminated successfully. [cont-init ] 10-check-app-niceness.sh: executing... [cont-init ] 10-check-app-niceness.sh: terminated successfully. [cont-init ] 10-cjk-font.sh: executing... [cont-init ] 10-cjk-font.sh: terminated successfully. [cont-init ] 10-clean-logmonitor-states.sh: executing... [cont-init ] 10-clean-logmonitor-states.sh: terminated successfully. [cont-init ] 10-clean-tmp-dir.sh: executing... [cont-init ] 10-clean-tmp-dir.sh: terminated successfully. [cont-init ] 10-fontconfig-cache-dir.sh: executing... [cont-init ] 10-fontconfig-cache-dir.sh: terminated successfully. [cont-init ] 10-init-users.sh: executing... [cont-init ] 10-init-users.sh: terminated successfully. [cont-init ] 10-nginx.sh: executing... [cont-init ] 10-nginx.sh: terminated successfully. [cont-init ] 10-openbox.sh: executing... [cont-init ] 10-openbox.sh: terminated successfully. [cont-init ] 10-set-tmp-dir-perms.sh: executing... [cont-init ] 10-set-tmp-dir-perms.sh: terminated successfully. [cont-init ] 10-vnc-password.sh: executing... [cont-init ] 10-vnc-password.sh: terminated successfully. [cont-init ] 10-web-data.sh: executing... [cont-init ] 10-web-data.sh: terminated successfully. [cont-init ] 10-x11-unix.sh: executing... [cont-init ] 10-x11-unix.sh: terminated successfully. [cont-init ] 10-xdg-runtime-dir.sh: executing... [cont-init ] 10-xdg-runtime-dir.sh: terminated successfully. [cont-init ] 15-install-pkgs.sh: executing... [cont-init ] 15-install-pkgs.sh: terminated successfully. [cont-init ] 55-check-snd.sh: executing... [cont-init ] 55-check-snd.sh: sound not supported: device /dev/snd not exposed to the container. [cont-init ] 55-check-snd.sh: terminated successfully. [cont-init ] 55-firefox.sh: executing... [cont-init ] 55-firefox.sh: generating machine-id... [cont-init ] 55-firefox.sh: terminated successfully. [cont-init ] 56-firefox-set-prefs-from-env.sh: executing... [cont-init ] 56-firefox-set-prefs-from-env.sh: terminated successfully. [cont-init ] 85-take-config-ownership.sh: executing... [cont-init ] 85-take-config-ownership.sh: terminated successfully. [cont-init ] 89-info.sh: executing... ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮ │ │ │ Application: Firefox │ │ Application Version: 109.0.1-r0 │ │ Docker Image Version: 23.03.1 │ │ Docker Image Platform: linux/arm64 │ │ │ ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯ [cont-init ] 89-info.sh: terminated successfully. [cont-init ] all container initialization scripts executed. [init ] giving control to process supervisor. [supervisor ] loading services... [supervisor ] loading service 'default'... [supervisor ] loading service 'logmonitor'... [supervisor ] service 'logmonitor' is disabled. [supervisor ] loading service 'app'... [supervisor ] loading service 'gui'... [supervisor ] loading service 'openbox'... [supervisor ] loading service 'xvnc'... [supervisor ] loading service 'nginx'... [supervisor ] loading service 'certsmonitor'... [supervisor ] service 'certsmonitor' is disabled. [supervisor ] loading service 'logrotate'... [supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.0 - built Mar 4 2023 01:14:02 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12013000 [xvnc ] Fri Mar 17 22:37:17 2023 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [app ] Mozilla Firefox 109.0.1 [supervisor ] all services started. [xvnc ] Fri Mar 17 22:37:36 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:nan ratio) [supervisor ] SIGTERM received, shutting down... [init ] container is starting... [cont-env ] loading container environment variables... [cont-env ] APP_NAME: loading... [cont-env ] APP_VERSION: loading... [cont-env ] DISPLAY: executing... [cont-env ] DISPLAY: terminated successfully. [cont-env ] DISPLAY: loading... [cont-env ] DOCKER_IMAGE_PLATFORM: loading... [cont-env ] DOCKER_IMAGE_VERSION: loading... [cont-env ] GTK2_RC_FILES: executing... [cont-env ] GTK2_RC_FILES: terminated successfully. [cont-env ] GTK2_RC_FILES: loading... [cont-env ] GTK_THEME: executing... [cont-env ] GTK_THEME: terminated successfully. [cont-env ] GTK_THEME: loading... [cont-env ] HOME: loading... [cont-env ] QT_STYLE_OVERRIDE: executing... [cont-env ] QT_STYLE_OVERRIDE: terminated successfully. [cont-env ] QT_STYLE_OVERRIDE: loading... [cont-env ] TAKE_CONFIG_OWNERSHIP: loading... [cont-env ] XDG_CACHE_HOME: loading... [cont-env ] XDG_CONFIG_HOME: loading... [cont-env ] XDG_DATA_HOME: loading... [cont-env ] XDG_RUNTIME_DIR: loading... [cont-env ] XDG_STATE_HOME: loading... [cont-env ] container environment variables initialized. [cont-secrets] loading container secrets... [cont-secrets] container secrets loaded. [cont-init ] executing container initialization scripts... [cont-init ] 10-certs.sh: executing... [cont-init ] 10-certs.sh: terminated successfully. [cont-init ] 10-check-app-niceness.sh: executing... [cont-init ] 10-check-app-niceness.sh: terminated successfully. [cont-init ] 10-cjk-font.sh: executing... [cont-init ] 10-cjk-font.sh: terminated successfully. [cont-init ] 10-clean-logmonitor-states.sh: executing... [cont-init ] 10-clean-logmonitor-states.sh: terminated successfully. [cont-init ] 10-clean-tmp-dir.sh: executing... [cont-init ] 10-clean-tmp-dir.sh: terminated successfully. [cont-init ] 10-fontconfig-cache-dir.sh: executing... [cont-init ] 10-fontconfig-cache-dir.sh: terminated successfully. [cont-init ] 10-init-users.sh: executing... [cont-init ] 10-init-users.sh: terminated successfully. [cont-init ] 10-nginx.sh: executing... [cont-init ] 10-nginx.sh: terminated successfully. [cont-init ] 10-openbox.sh: executing... [cont-init ] 10-openbox.sh: terminated successfully. [cont-init ] 10-set-tmp-dir-perms.sh: executing... [cont-init ] 10-set-tmp-dir-perms.sh: terminated successfully. [cont-init ] 10-vnc-password.sh: executing... [cont-init ] 10-vnc-password.sh: terminated successfully. [cont-init ] 10-web-data.sh: executing... [cont-init ] 10-web-data.sh: terminated successfully. [cont-init ] 10-x11-unix.sh: executing... [cont-init ] 10-x11-unix.sh: terminated successfully. [cont-init ] 10-xdg-runtime-dir.sh: executing... [cont-init ] 10-xdg-runtime-dir.sh: terminated successfully. [cont-init ] 15-install-pkgs.sh: executing... [cont-init ] 15-install-pkgs.sh: terminated successfully. [cont-init ] 55-check-snd.sh: executing... [cont-init ] 55-check-snd.sh: sound not supported: device /dev/snd not exposed to the container. [cont-init ] 55-check-snd.sh: terminated successfully. [cont-init ] 55-firefox.sh: executing... [cont-init ] 55-firefox.sh: generating machine-id... [cont-init ] 55-firefox.sh: terminated successfully. [cont-init ] 56-firefox-set-prefs-from-env.sh: executing... [cont-init ] 56-firefox-set-prefs-from-env.sh: terminated successfully. [cont-init ] 85-take-config-ownership.sh: executing... [cont-init ] 85-take-config-ownership.sh: terminated successfully. [cont-init ] 89-info.sh: executing... ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮ │ │ │ Application: Firefox │ │ Application Version: 109.0.1-r0 │ │ Docker Image Version: 23.03.1 │ │ Docker Image Platform: linux/arm64 │ │ │ ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯ [cont-init ] 89-info.sh: terminated successfully. [cont-init ] all container initialization scripts executed. [init ] giving control to process supervisor. [supervisor ] loading services... [supervisor ] loading service 'default'... [supervisor ] loading service 'logmonitor'... [supervisor ] service 'logmonitor' is disabled. [supervisor ] loading service 'app'... [supervisor ] loading service 'gui'... [supervisor ] loading service 'openbox'... [supervisor ] loading service 'xvnc'... [supervisor ] loading service 'nginx'... [supervisor ] loading service 'certsmonitor'... [supervisor ] service 'certsmonitor' is disabled. [supervisor ] loading service 'logrotate'... [supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.0 - built Mar 4 2023 01:14:02 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12013000 [xvnc ] Fri Mar 17 22:38:15 2023 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [app ] Mozilla Firefox 109.0.1 [supervisor ] all services started. [xvnc ] Fri Mar 17 22:38:19 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:nan ratio) [xvnc ] Fri Mar 17 23:10:53 2023 [xvnc ] VNCSConnST: closing /tmp/vnc.sock: Clean disconnection [xvnc ] EncodeManager: Framebuffer updates: 73 [xvnc ] EncodeManager: Tight: [xvnc ] EncodeManager: Solid: 369 rects, 2.26335 Mpixels [xvnc ] EncodeManager: 5.76562 KiB (1:1534.18 ratio) [xvnc ] EncodeManager: Bitmap RLE: 17 rects, 6 kpixels [xvnc ] EncodeManager: 533 B (1:45.4109 ratio) [xvnc ] EncodeManager: Indexed RLE: 501 rects, 305.094 kpixels [xvnc ] EncodeManager: 58.2842 KiB (1:20.5484 ratio) [xvnc ] EncodeManager: Tight (JPEG): [xvnc ] EncodeManager: Full Colour: 259 rects, 1.6965 Mpixels [xvnc ] EncodeManager: 2.05094 MiB (1:3.15691 ratio) [xvnc ] EncodeManager: Total: 1.146 krects, 4.27094 Mpixels [xvnc ] EncodeManager: 2.11399 MiB (1:7.71312 ratio) [xvnc ] Connections: closed: /tmp/vnc.sock [xvnc ] ComparingUpdateTracker: 28.9905 Mpixels in / 2.96377 Mpixels out [xvnc ] ComparingUpdateTracker: (1:9.78161 ratio) [xvnc ] Fri Mar 17 23:20:15 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 ```

docker restart firefox

docker logs firefox

```plain [init ] container is starting... [cont-env ] loading container environment variables... [cont-env ] APP_NAME: loading... [cont-env ] APP_VERSION: loading... [cont-env ] DISPLAY: executing... [cont-env ] DISPLAY: terminated successfully. [cont-env ] DISPLAY: loading... [cont-env ] DOCKER_IMAGE_PLATFORM: loading... [cont-env ] DOCKER_IMAGE_VERSION: loading... [cont-env ] GTK2_RC_FILES: executing... [cont-env ] GTK2_RC_FILES: terminated successfully. [cont-env ] GTK2_RC_FILES: loading... [cont-env ] GTK_THEME: executing... [cont-env ] GTK_THEME: terminated successfully. [cont-env ] GTK_THEME: loading... [cont-env ] HOME: loading... [cont-env ] QT_STYLE_OVERRIDE: executing... [cont-env ] QT_STYLE_OVERRIDE: terminated successfully. [cont-env ] QT_STYLE_OVERRIDE: loading... [cont-env ] TAKE_CONFIG_OWNERSHIP: loading... [cont-env ] XDG_CACHE_HOME: loading... [cont-env ] XDG_CONFIG_HOME: loading... [cont-env ] XDG_DATA_HOME: loading... [cont-env ] XDG_RUNTIME_DIR: loading... [cont-env ] XDG_STATE_HOME: loading... [cont-env ] container environment variables initialized. [cont-secrets] loading container secrets... [cont-secrets] container secrets loaded. [cont-init ] executing container initialization scripts... [cont-init ] 10-certs.sh: executing... [cont-init ] 10-certs.sh: terminated successfully. [cont-init ] 10-check-app-niceness.sh: executing... [cont-init ] 10-check-app-niceness.sh: terminated successfully. [cont-init ] 10-cjk-font.sh: executing... [cont-init ] 10-cjk-font.sh: terminated successfully. [cont-init ] 10-clean-logmonitor-states.sh: executing... [cont-init ] 10-clean-logmonitor-states.sh: terminated successfully. [cont-init ] 10-clean-tmp-dir.sh: executing... [cont-init ] 10-clean-tmp-dir.sh: terminated successfully. [cont-init ] 10-fontconfig-cache-dir.sh: executing... [cont-init ] 10-fontconfig-cache-dir.sh: terminated successfully. [cont-init ] 10-init-users.sh: executing... [cont-init ] 10-init-users.sh: terminated successfully. [cont-init ] 10-nginx.sh: executing... [cont-init ] 10-nginx.sh: terminated successfully. [cont-init ] 10-openbox.sh: executing... [cont-init ] 10-openbox.sh: terminated successfully. [cont-init ] 10-set-tmp-dir-perms.sh: executing... [cont-init ] 10-set-tmp-dir-perms.sh: terminated successfully. [cont-init ] 10-vnc-password.sh: executing... [cont-init ] 10-vnc-password.sh: terminated successfully. [cont-init ] 10-web-data.sh: executing... [cont-init ] 10-web-data.sh: terminated successfully. [cont-init ] 10-x11-unix.sh: executing... [cont-init ] 10-x11-unix.sh: terminated successfully. [cont-init ] 10-xdg-runtime-dir.sh: executing... [cont-init ] 10-xdg-runtime-dir.sh: terminated successfully. [cont-init ] 15-install-pkgs.sh: executing... [cont-init ] 15-install-pkgs.sh: terminated successfully. [cont-init ] 55-check-snd.sh: executing... [cont-init ] 55-check-snd.sh: sound not supported: device /dev/snd not exposed to the container. [cont-init ] 55-check-snd.sh: terminated successfully. [cont-init ] 55-firefox.sh: executing... [cont-init ] 55-firefox.sh: generating machine-id... [cont-init ] 55-firefox.sh: terminated successfully. [cont-init ] 56-firefox-set-prefs-from-env.sh: executing... [cont-init ] 56-firefox-set-prefs-from-env.sh: terminated successfully. [cont-init ] 85-take-config-ownership.sh: executing... [cont-init ] 85-take-config-ownership.sh: terminated successfully. [cont-init ] 89-info.sh: executing... ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮ │ │ │ Application: Firefox │ │ Application Version: 109.0.1-r0 │ │ Docker Image Version: 23.03.1 │ │ Docker Image Platform: linux/arm64 │ │ │ ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯ [cont-init ] 89-info.sh: terminated successfully. [cont-init ] all container initialization scripts executed. [init ] giving control to process supervisor. [supervisor ] loading services... [supervisor ] loading service 'default'... [supervisor ] loading service 'logmonitor'... [supervisor ] service 'logmonitor' is disabled. [supervisor ] loading service 'app'... [supervisor ] loading service 'gui'... [supervisor ] loading service 'openbox'... [supervisor ] loading service 'xvnc'... [supervisor ] loading service 'nginx'... [supervisor ] loading service 'certsmonitor'... [supervisor ] service 'certsmonitor' is disabled. [supervisor ] loading service 'logrotate'... [supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.0 - built Mar 4 2023 01:14:02 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12013000 [xvnc ] Fri Mar 17 22:37:17 2023 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [app ] Mozilla Firefox 109.0.1 [supervisor ] all services started. [xvnc ] Fri Mar 17 22:37:36 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:nan ratio) [supervisor ] SIGTERM received, shutting down... [init ] container is starting... [cont-env ] loading container environment variables... [cont-env ] APP_NAME: loading... [cont-env ] APP_VERSION: loading... [cont-env ] DISPLAY: executing... [cont-env ] DISPLAY: terminated successfully. [cont-env ] DISPLAY: loading... [cont-env ] DOCKER_IMAGE_PLATFORM: loading... [cont-env ] DOCKER_IMAGE_VERSION: loading... [cont-env ] GTK2_RC_FILES: executing... [cont-env ] GTK2_RC_FILES: terminated successfully. [cont-env ] GTK2_RC_FILES: loading... [cont-env ] GTK_THEME: executing... [cont-env ] GTK_THEME: terminated successfully. [cont-env ] GTK_THEME: loading... [cont-env ] HOME: loading... [cont-env ] QT_STYLE_OVERRIDE: executing... [cont-env ] QT_STYLE_OVERRIDE: terminated successfully. [cont-env ] QT_STYLE_OVERRIDE: loading... [cont-env ] TAKE_CONFIG_OWNERSHIP: loading... [cont-env ] XDG_CACHE_HOME: loading... [cont-env ] XDG_CONFIG_HOME: loading... [cont-env ] XDG_DATA_HOME: loading... [cont-env ] XDG_RUNTIME_DIR: loading... [cont-env ] XDG_STATE_HOME: loading... [cont-env ] container environment variables initialized. [cont-secrets] loading container secrets... [cont-secrets] container secrets loaded. [cont-init ] executing container initialization scripts... [cont-init ] 10-certs.sh: executing... [cont-init ] 10-certs.sh: terminated successfully. [cont-init ] 10-check-app-niceness.sh: executing... [cont-init ] 10-check-app-niceness.sh: terminated successfully. [cont-init ] 10-cjk-font.sh: executing... [cont-init ] 10-cjk-font.sh: terminated successfully. [cont-init ] 10-clean-logmonitor-states.sh: executing... [cont-init ] 10-clean-logmonitor-states.sh: terminated successfully. [cont-init ] 10-clean-tmp-dir.sh: executing... [cont-init ] 10-clean-tmp-dir.sh: terminated successfully. [cont-init ] 10-fontconfig-cache-dir.sh: executing... [cont-init ] 10-fontconfig-cache-dir.sh: terminated successfully. [cont-init ] 10-init-users.sh: executing... [cont-init ] 10-init-users.sh: terminated successfully. [cont-init ] 10-nginx.sh: executing... [cont-init ] 10-nginx.sh: terminated successfully. [cont-init ] 10-openbox.sh: executing... [cont-init ] 10-openbox.sh: terminated successfully. [cont-init ] 10-set-tmp-dir-perms.sh: executing... [cont-init ] 10-set-tmp-dir-perms.sh: terminated successfully. [cont-init ] 10-vnc-password.sh: executing... [cont-init ] 10-vnc-password.sh: terminated successfully. [cont-init ] 10-web-data.sh: executing... [cont-init ] 10-web-data.sh: terminated successfully. [cont-init ] 10-x11-unix.sh: executing... [cont-init ] 10-x11-unix.sh: terminated successfully. [cont-init ] 10-xdg-runtime-dir.sh: executing... [cont-init ] 10-xdg-runtime-dir.sh: terminated successfully. [cont-init ] 15-install-pkgs.sh: executing... [cont-init ] 15-install-pkgs.sh: terminated successfully. [cont-init ] 55-check-snd.sh: executing... [cont-init ] 55-check-snd.sh: sound not supported: device /dev/snd not exposed to the container. [cont-init ] 55-check-snd.sh: terminated successfully. [cont-init ] 55-firefox.sh: executing... [cont-init ] 55-firefox.sh: generating machine-id... [cont-init ] 55-firefox.sh: terminated successfully. [cont-init ] 56-firefox-set-prefs-from-env.sh: executing... [cont-init ] 56-firefox-set-prefs-from-env.sh: terminated successfully. [cont-init ] 85-take-config-ownership.sh: executing... [cont-init ] 85-take-config-ownership.sh: terminated successfully. [cont-init ] 89-info.sh: executing... ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮ │ │ │ Application: Firefox │ │ Application Version: 109.0.1-r0 │ │ Docker Image Version: 23.03.1 │ │ Docker Image Platform: linux/arm64 │ │ │ ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯ [cont-init ] 89-info.sh: terminated successfully. [cont-init ] all container initialization scripts executed. [init ] giving control to process supervisor. [supervisor ] loading services... [supervisor ] loading service 'default'... [supervisor ] loading service 'logmonitor'... [supervisor ] service 'logmonitor' is disabled. [supervisor ] loading service 'app'... [supervisor ] loading service 'gui'... [supervisor ] loading service 'openbox'... [supervisor ] loading service 'xvnc'... [supervisor ] loading service 'nginx'... [supervisor ] loading service 'certsmonitor'... [supervisor ] service 'certsmonitor' is disabled. [supervisor ] loading service 'logrotate'... [supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.0 - built Mar 4 2023 01:14:02 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12013000 [xvnc ] Fri Mar 17 22:38:15 2023 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [app ] Mozilla Firefox 109.0.1 [supervisor ] all services started. [xvnc ] Fri Mar 17 22:38:19 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:nan ratio) [xvnc ] Fri Mar 17 23:10:53 2023 [xvnc ] VNCSConnST: closing /tmp/vnc.sock: Clean disconnection [xvnc ] EncodeManager: Framebuffer updates: 73 [xvnc ] EncodeManager: Tight: [xvnc ] EncodeManager: Solid: 369 rects, 2.26335 Mpixels [xvnc ] EncodeManager: 5.76562 KiB (1:1534.18 ratio) [xvnc ] EncodeManager: Bitmap RLE: 17 rects, 6 kpixels [xvnc ] EncodeManager: 533 B (1:45.4109 ratio) [xvnc ] EncodeManager: Indexed RLE: 501 rects, 305.094 kpixels [xvnc ] EncodeManager: 58.2842 KiB (1:20.5484 ratio) [xvnc ] EncodeManager: Tight (JPEG): [xvnc ] EncodeManager: Full Colour: 259 rects, 1.6965 Mpixels [xvnc ] EncodeManager: 2.05094 MiB (1:3.15691 ratio) [xvnc ] EncodeManager: Total: 1.146 krects, 4.27094 Mpixels [xvnc ] EncodeManager: 2.11399 MiB (1:7.71312 ratio) [xvnc ] Connections: closed: /tmp/vnc.sock [xvnc ] ComparingUpdateTracker: 28.9905 Mpixels in / 2.96377 Mpixels out [xvnc ] ComparingUpdateTracker: (1:9.78161 ratio) [xvnc ] Fri Mar 17 23:20:15 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [supervisor ] SIGTERM received, shutting down... [supervisor ] stopping service 'app'... [supervisor ] service 'app' exited (got signal SIGTERM). [supervisor ] stopping service 'nginx'... [xvnc ] Fri Mar 17 23:21:55 2023 [xvnc ] VNCSConnST: closing /tmp/vnc.sock: Clean disconnection [xvnc ] EncodeManager: Framebuffer updates: 94 [xvnc ] EncodeManager: Tight: [xvnc ] EncodeManager: Solid: 316 rects, 2.1928 Mpixels [xvnc ] EncodeManager: 4.9375 KiB (1:1735.56 ratio) [xvnc ] EncodeManager: Indexed RLE: 242 rects, 218.411 kpixels [xvnc ] EncodeManager: 35.7471 KiB (1:23.9461 ratio) [xvnc ] EncodeManager: Tight (JPEG): [xvnc ] EncodeManager: Full Colour: 226 rects, 1.39678 Mpixels [xvnc ] EncodeManager: 1.94456 MiB (1:2.74143 ratio) [xvnc ] EncodeManager: Total: 784 rects, 3.80799 Mpixels [xvnc ] EncodeManager: 1.98429 MiB (1:7.32518 ratio) [xvnc ] Connections: closed: /tmp/vnc.sock [xvnc ] ComparingUpdateTracker: 28.7682 Mpixels in / 2.4052 Mpixels out [xvnc ] ComparingUpdateTracker: (1:11.9608 ratio) [supervisor ] service 'nginx' exited (with status 0). [supervisor ] stopping service 'openbox'... [supervisor ] service 'openbox' exited (with status 0). [supervisor ] stopping service 'xvnc'... [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:nan ratio) [supervisor ] service 'xvnc' exited (with status 0). [finish ] executing container finish scripts... [finish ] all container finish scripts executed. [init ] container is starting... [cont-env ] loading container environment variables... [cont-env ] APP_NAME: loading... [cont-env ] APP_VERSION: loading... [cont-env ] DISPLAY: executing... [cont-env ] DISPLAY: terminated successfully. [cont-env ] DISPLAY: loading... [cont-env ] DOCKER_IMAGE_PLATFORM: loading... [cont-env ] DOCKER_IMAGE_VERSION: loading... [cont-env ] GTK2_RC_FILES: executing... [cont-env ] GTK2_RC_FILES: terminated successfully. [cont-env ] GTK2_RC_FILES: loading... [cont-env ] GTK_THEME: executing... [cont-env ] GTK_THEME: terminated successfully. [cont-env ] GTK_THEME: loading... [cont-env ] HOME: loading... [cont-env ] QT_STYLE_OVERRIDE: executing... [cont-env ] QT_STYLE_OVERRIDE: terminated successfully. [cont-env ] QT_STYLE_OVERRIDE: loading... [cont-env ] TAKE_CONFIG_OWNERSHIP: loading... [cont-env ] XDG_CACHE_HOME: loading... [cont-env ] XDG_CONFIG_HOME: loading... [cont-env ] XDG_DATA_HOME: loading... [cont-env ] XDG_RUNTIME_DIR: loading... [cont-env ] XDG_STATE_HOME: loading... [cont-env ] container environment variables initialized. [cont-secrets] loading container secrets... [cont-secrets] container secrets loaded. [cont-init ] executing container initialization scripts... [cont-init ] 10-certs.sh: executing... [cont-init ] 10-certs.sh: terminated successfully. [cont-init ] 10-check-app-niceness.sh: executing... [cont-init ] 10-check-app-niceness.sh: terminated successfully. [cont-init ] 10-cjk-font.sh: executing... [cont-init ] 10-cjk-font.sh: terminated successfully. [cont-init ] 10-clean-logmonitor-states.sh: executing... [cont-init ] 10-clean-logmonitor-states.sh: terminated successfully. [cont-init ] 10-clean-tmp-dir.sh: executing... [cont-init ] 10-clean-tmp-dir.sh: terminated successfully. [cont-init ] 10-fontconfig-cache-dir.sh: executing... [cont-init ] 10-fontconfig-cache-dir.sh: terminated successfully. [cont-init ] 10-init-users.sh: executing... [cont-init ] 10-init-users.sh: terminated successfully. [cont-init ] 10-nginx.sh: executing... [cont-init ] 10-nginx.sh: terminated successfully. [cont-init ] 10-openbox.sh: executing... [cont-init ] 10-openbox.sh: terminated successfully. [cont-init ] 10-set-tmp-dir-perms.sh: executing... [cont-init ] 10-set-tmp-dir-perms.sh: terminated successfully. [cont-init ] 10-vnc-password.sh: executing... [cont-init ] 10-vnc-password.sh: terminated successfully. [cont-init ] 10-web-data.sh: executing... [cont-init ] 10-web-data.sh: terminated successfully. [cont-init ] 10-x11-unix.sh: executing... [cont-init ] 10-x11-unix.sh: terminated successfully. [cont-init ] 10-xdg-runtime-dir.sh: executing... [cont-init ] 10-xdg-runtime-dir.sh: terminated successfully. [cont-init ] 15-install-pkgs.sh: executing... [cont-init ] 15-install-pkgs.sh: terminated successfully. [cont-init ] 55-check-snd.sh: executing... [cont-init ] 55-check-snd.sh: sound not supported: device /dev/snd not exposed to the container. [cont-init ] 55-check-snd.sh: terminated successfully. [cont-init ] 55-firefox.sh: executing... [cont-init ] 55-firefox.sh: fixed display size in /config/profile/sessionstore-backups/recovery.jsonlz4. [cont-init ] 55-firefox.sh: terminated successfully. [cont-init ] 56-firefox-set-prefs-from-env.sh: executing... [cont-init ] 56-firefox-set-prefs-from-env.sh: terminated successfully. [cont-init ] 85-take-config-ownership.sh: executing... [cont-init ] 85-take-config-ownership.sh: terminated successfully. [cont-init ] 89-info.sh: executing... ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮ │ │ │ Application: Firefox │ │ Application Version: 109.0.1-r0 │ │ Docker Image Version: 23.03.1 │ │ Docker Image Platform: linux/arm64 │ │ │ ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯ [cont-init ] 89-info.sh: terminated successfully. [cont-init ] all container initialization scripts executed. [init ] giving control to process supervisor. [supervisor ] loading services... [supervisor ] loading service 'default'... [supervisor ] loading service 'logmonitor'... [supervisor ] service 'logmonitor' is disabled. [supervisor ] loading service 'app'... [supervisor ] loading service 'gui'... [supervisor ] loading service 'openbox'... [supervisor ] loading service 'xvnc'... [supervisor ] loading service 'nginx'... [supervisor ] loading service 'certsmonitor'... [supervisor ] service 'certsmonitor' is disabled. [supervisor ] loading service 'logrotate'... [supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.0 - built Mar 4 2023 01:14:02 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12013000 [xvnc ] Fri Mar 17 23:21:57 2023 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [app ] Mozilla Firefox 109.0.1 [supervisor ] all services started. [xvnc ] Fri Mar 17 23:22:03 2023 [xvnc ] Connections: accepted: /tmp/vnc.sock [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:nan ratio) ```

docker exec -it firefox ls -l /config/certs

```plain total 16 -rw-r--r-- 1 app app 1854 Mar 17 22:31 ca-private.key -rw-r--r-- 1 app app 1322 Mar 17 22:31 ca.crt -rw-r--r-- 1 app app 10 Mar 17 22:31 ca.pass -rw-r--r-- 1 app app 41 Mar 17 22:31 ca.srl ```

When checking the logs, I do notice that the certsmonitor service is disabled.

[supervisor  ] loading service 'certsmonitor'...
[supervisor  ] service 'certsmonitor' is disabled.

jlesage commented 1 year ago

Did you set the SECURE_CONNECTION environment variable to 1 ?

gertjandemulder commented 1 year ago

Ah yes, that's clearly going in the right direction! The system detected the certificates, but now permission errors are popping up, like

85-take-config-ownership.sh: chown: /config/certs/vnc-privkey.pem: Permission denied

jlesage commented 1 year ago

Can you share how you created the container (your docker run command, compose file, etc)?

gertjandemulder commented 1 year ago

@jlesage , sure!

This is the Docker Compose file.

You can reproduce the problem as follows

git clone -b bug/firefox git@github.com:KNowledgeOnWebScale/open-circularity-platform.git
cd open-circularity-platform/scripts/cert
./main.sh # generate certificates
cd ../../
docker compose --profile frontend up

jlesage commented 1 year ago

During the startup, the container takes ownership of /config. This fails because the volume you mounted is read-only:

- ./scripts/cert/outputs/certificate-authority:/config/certs:ro

gertjandemulder commented 1 year ago

Changing to :rw results in permission denied errors:

architecture-browser-1    | [cont-init   ] 85-take-config-ownership.sh: executing...
architecture-browser-1    | [cont-init   ] 85-take-config-ownership.sh: chown: /config/certs/vnc-privkey.pem: Permission denied
architecture-browser-1    | [cont-init   ] 85-take-config-ownership.sh: chown: /config/certs/web-privkey.pem: Permission denied
architecture-browser-1    | [cont-init   ] 85-take-config-ownership.sh: terminated with error 123.

Details: https://github.com/KNowledgeOnWebScale/open-circularity-platform/commit/47d3cbaaca7bd940fefe78ee510018ca50a03b7c

jlesage commented 1 year ago

On what file system ./scripts/cert/outputs/certificate-authority resides on the host ? Is it a network share ?

gertjandemulder commented 1 year ago

On what file system ./scripts/cert/outputs/certificate-authority resides on the host ? Is it a network share ?

I'm running it locally (Macbook Pro (M1, Silicon; macOS-13.2.1-arm64-arm-64bit)), and the filesystem is APFS.

jlesage commented 1 year ago

For some reason your system doesn't allow the container to execute chown to set the ownership of the file. This is done under the root user.

jlesage / docker-firefox

How to add self-signed CA certificates to the Firefox container? #169