Installing CodeNotary Immutable Ledger in AlmaLinux

What is AlmaLinux OS

AlmaLinux OS ( is an up-and-coming enterprise Linux distribution that’s not just open source but also 1:1 binary compatible with RHEL® and CentOS (prior to Stream). It is because of this that we consider AlmaLinux OS to be a great choice for hosting CodeNotary Immutable Ledger.

If you’d like to learn more about AlmaLinux OS, make sure to visit their site

Getting your system ready for the installation

Before installing your CodeNotary Immutable Ledger, we have to do a couple of things to ensure that the system is prepared to run the service automatically which is the preferred way so we’ll list out the steps and guide you through them to make this as easy as possible:

(Assuming a fresh AlmaLinux OS Install):

  1. Ensure docker and docker-compose are installed in your system
  2. Make sure SELinux policies allow systemd to execute docker and docker-compose
  3. Download and run your installer
  4. Start enjoying your Immutable Ledger

First steps

On a fresh AlmaLinux OS Install, we’ll see that there is no docker or docker-compose binaries available, but instead, podman is available
No docker binaries

The first thing we’ll do is perform a system-wide update just for sanity’s sake

sudo dnf -y update

This will take a few minutes (more or less depending on your download speed and a few other things). In this case, there was a pending kernel update so I went ahead and rebooted the system. This might or might not be your case so pay close attention to the dnf output and be on the lookout for lines such as these ones

$ sudo dnf -y update
[sudo] password for codenotary:
Waiting for process with pid 7739 to finish.
Last metadata expiration check: 0:00:01 ago on Thu Jul 22 17:35:04 2021.
Dependencies resolved.
 Package                                                        Architecture                            Version                                                                     Repository                                  Size
 kernel                                                         x86_64                                  4.18.0-305.10.2.el8_4                                                       baseos                                     5.9 M
 kernel-core                                                    x86_64                                  4.18.0-305.10.2.el8_4                                                       baseos                                      36 M
 kernel-modules                                                 x86_64                                  4.18.0-305.10.2.el8_4                                                       baseos                                      28 M

Next, we’ll enable the docker-ce repository which all the binaries we’ll need by using this command

sudo dnf config-manager --add-repo=

And verify it was successfully enabled

$ sudo dnf repolist
repo id                  repo name
appstream                AlmaLinux 8 - AppStream
baseos                   AlmaLinux 8 - BaseOS
docker-ce-stable         Docker CE Stable - x86_64
extras                   AlmaLinux 8 - Extras

Installing docker and docker-compose

Now that the repository is enabled we can just install docker and docker-compose by running the following command:

sudo dnf install docker-ce docker-ce-cli

Note: Since AlmaLinux now comes with podman, there might be an error that resembles this:

sudo dnf install docker-ce docker-ce-cli
Last metadata expiration check: 0:02:54 ago on Thu Jul 22 17:49:05 2021.
-package podman-3.0.1-7.module_el8.4.0+2481+9da8acfb.x86_64 requires runc >= 1.0.0-57, but none of the providers can be installed
- package podman-3.0.1-6.module_el8.4.0+2332+f4da7515.x86_64 requires runc >= 1.0.0-57, but none of the providers can be installed
- package conflicts with runc provided by runc-1.0.0-73.rc93.module_el8.4.0+2481+9da8acfb.x86_64
- package obsoletes runc provided by runc-1.0.0-73.rc93.module_el8.4.0+2481+9da8acfb.x86_64
- package
conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.4.0+2332+f4da7515.x86_64
- package obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.4.0+2332+f4da7515.x86_64

If you come across this, re-try the previous command but this time add the –allowerasing flag as follows:

sudo dnf install docker-ce docker-ce-cli --allowerasing

Once that’s done, the docker binary will be installed and ready for use. Verify this by running the following commands:

$ which docker
$ docker --version
Docker version 20.10.7, build f0df350

On installing docker-compose: The docker installation does not come with a docker-compose binary, we’ll quickly install it by running the following command:

$ sudo curl -L`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   633  100   633    0     0   3028      0 --:--:-- --:--:-- --:--:--  3028
100 12.1M  100 12.1M    0     0  8974k      0  0:00:01  0:00:01 --:--:-- 17.6M
# Make docker-compose executable
$ sudo chmod +x /usr/local/bin/docker-compose

Your system is now ready to install the CodeNotary Immutable Ledger service!

Install CodeNotary Immutable Ledger

The next step is to run the installer script, so download it to your box and run it using the following command:

# Make sure you have write permissions otherwise change to your home directory
$ cd
# Ensure docker is enabled as a systemd service and running
$ sudo systemctl enable docker && sudo systemctl start docker
# Add your user to the docker group
$ sudo usermod -aG docker $USER
# Download the installer script
$ wget
# Give installer execute permissions
$ chmod +x ./
# Run the installer
$ sudo ./

Errors during install

  • If you get an error message saying docker is not running, make sure to take a step back and make sure you’re prefixing the script install with sudo, the installer currently only supports running with elevated permissions.

  • If you get an error saying docker-compose is not found, this means the root user can’t see the binary in his path, you can fix this in a handful of different ways, we suggest just adding a symlink like this:

    sudo ln -s $(which docker-compose) /usr/bin

Wrapping up

Upon a successful installation you should see something similar to this:

Created symlink /etc/systemd/system/ → /etc/systemd/system/cnlc.service

Installation completed

Once that’s done you can almost start using your CodeNotary Immutable Ledger, there’s only one thing left to do: Enable systemd execution of docker-compose

SELinux enforces policies in which the docker-compose binary is not allowed to be executed via systemd, so we just need to make sure we allow that and we’ll be done; while there’s a chance this might not be your case depending on your installation security policies, it’s worth making sure.

Verify that your CodeNotary Immutable Ledger service is running using:

$ sudo systemctl status cnlc.service
[sudo] password for codenotary:
● cnlc.service - Code Notary Ledger Compliance
   Loaded: loaded (/etc/systemd/system/cnlc.service; enabled; vendor preset: disabled)
   Active: active (exited) since Thu 2021-07-22 18:26:16 EDT; 5min ago
  Process: 104755 ExecStart=/bin/docker-compose up -d --remove-orphans (code=exited, status=0/SUCCESS)
 Main PID: 104755 (code=exited, status=0/SUCCESS)

If you see both "success" and "active", then your work is done, otherwise, make sure to enable the SELinux policies to allow systemd to execute docker-compose.

If you don’t see a success message, this more likely means that instead of creating the symbolic link to docker-compose you chose some other method of adding it to the PATH, which is fine but the default SELinux policy only allows for binaries in the following directories to be executed:

/usr/bin /usr/sbin /usr/libexec /usr/local/bin

At this point, you can either go back and create the symlink as suggested earlier or you can allow the binaries in whatever directory you added to your path to be executed from systemd

 # Pay special attention to the directory
 $ sudo chcon -R -t bin_t /usr/local/bin/

And now you can start your CodeNotary Immutable Ledger service by running:

sudo systemctl start cnlc.service

And open up the application at https://localhost or your network address using https://<dnsname-or-ip>

CNIL Running in AlmaLinux OS

To recap, we have:

  • Installed docker and docker-compose on AlmaLinux
  • Installed CodeNotary Immutable Ledger as a service
  • Allowed systemd to execute docker-compose either via the symbolic link or by putting the binary in one of the allowed directories

By following the above-outlined instructions you’ll be able to get CodeNotary Immutable Ledger running in AlmaLinux OS in no time


Codenotary Cloud


Trusted CI/CD, SBOM and artifact protection with cryptographic proof. One CLI to manage all.
Our highly scalable service already processes tens of millions of transactions every single month.

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.

Subscribe to our newsletter

Use Case - Tamper-resistant Clinical Trials


Blockchain PoCs were unsuccessful due to complexity and lack of developers.

Still the goal of data immutability as well as client verification is a crucial. Furthermore, the system needs to be easy to use and operate (allowing backup, maintenance windows aso.).


immudb is running in different datacenters across the globe. All clinical trial information is stored in immudb either as transactions or the pdf documents as a whole.

Having that single source of truth with versioned, timestamped, and cryptographically verifiable records, enables a whole new way of transparency and trust.

Use Case - Finance


Store the source data, the decision and the rule base for financial support from governments timestamped, verifiable.

A very important functionality is the ability to compare the historic decision (based on the past rulebase) with the rulebase at a different date. Fully cryptographic verifiable Time Travel queries are required to be able to achieve that comparison.


While the source data, rulebase and the documented decision are stored in verifiable Blobs in immudb, the transaction is stored using the relational layer of immudb.

That allows the use of immudb’s time travel capabilities to retrieve verified historic data and recalculate with the most recent rulebase.

Use Case - eCommerce and NFT marketplace


No matter if it’s an eCommerce platform or NFT marketplace, the goals are similar:

  • High amount of transactions (potentially millions a second)
  • Ability to read and write multiple records within one transaction
  • prevent overwrite or updates on transactions
  • comply with regulations (PCI, GDPR, …)


immudb is typically scaled out using Hyperscaler (i. e. AWS, Google Cloud, Microsoft Azure) distributed across the Globe. Auditors are also distributed to track the verification proof over time. Additionally, the shop or marketplace applications store immudb cryptographic state information. That high level of integrity and tamper-evidence while maintaining a very high transaction speed is key for companies to chose immudb.

Use Case - IoT Sensor Data


IoT sensor data received by devices collecting environment data needs to be stored locally in a cryptographically verifiable manner until the data is transferred to a central datacenter. The data integrity needs to be verifiable at any given point in time and while in transit.


immudb runs embedded on the IoT device itself and is consistently audited by external probes. The data transfer to audit is minimal and works even with minimum bandwidth and unreliable connections.

Whenever the IoT devices are connected to a high bandwidth, the data transfer happens to a data center (large immudb deployment) and the source and destination date integrity is fully verified.

Use Case - DevOps Evidence


CI/CD and application build logs need to be stored auditable and tamper-evident.
A very high Performance is required as the system should not slow down any build process.
Scalability is key as billions of artifacts are expected within the next years.
Next to a possibility of integrity validation, data needs to be retrievable by pipeline job id or digital asset checksum.


As part of the CI/CD audit functionality, data is stored within immudb using the Key/Value functionality. Key is either the CI/CD job id (i. e. Jenkins or GitLab) or the checksum of the resulting build or container image.

White Paper — Registration

We will also send you the research paper
via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on CodeNotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.