Skip to content

Commit

Permalink
disable red hat subsciption logic when build is in hermetic mode
Browse files Browse the repository at this point in the history
Closes issue-1754

Signed-off-by: Brian Cook <[email protected]>
  • Loading branch information
brianwcook committed Dec 13, 2024
1 parent 55381c4 commit 60665bd
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 16 deletions.
6 changes: 3 additions & 3 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -441,7 +442,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -465,8 +466,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >>null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
6 changes: 3 additions & 3 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -475,7 +476,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -499,8 +500,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >>null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
8 changes: 3 additions & 5 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -453,7 +453,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -463,7 +463,6 @@ spec:
-v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)
echo "Adding activation key to the build"
if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
Expand All @@ -478,8 +477,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >> null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
8 changes: 3 additions & 5 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -374,7 +374,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -384,7 +384,6 @@ spec:
-v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)
echo "Adding activation key to the build"
if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
Expand All @@ -399,8 +398,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >> null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down

0 comments on commit 60665bd

Please sign in to comment.