Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

disable red hat subsciption logic when build is in hermetic mode #1755

Merged
merged 1 commit into from
Dec 13, 2024
Merged

disable red hat subsciption logic when build is in hermetic mode #1755

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"

# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -441,7 +442,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.

if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -465,8 +466,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi

# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >>null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
6 changes: 3 additions & 3 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"

# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -475,7 +476,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.

if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -499,8 +500,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi

# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >>null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
8 changes: 3 additions & 5 deletions task/buildah-remote/0.2/buildah-remote.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"


# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -453,7 +453,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.

if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -463,7 +463,6 @@ spec:
-v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)
echo "Adding activation key to the build"


if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
Expand All @@ -478,8 +477,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi

# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >> null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
8 changes: 3 additions & 5 deletions task/buildah/0.2/buildah.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"


# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -374,7 +374,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.

if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -384,7 +384,6 @@ spec:
-v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)
echo "Adding activation key to the build"


if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
Expand All @@ -399,8 +398,7 @@ spec:
VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)
fi

# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >> null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
Loading