Skip to content

Commit

Permalink
disable red hat subsciption logic when build is in hermetic mode
Browse files Browse the repository at this point in the history
Closes issue-1754

Signed-off-by: Brian Cook <[email protected]>
  • Loading branch information
brianwcook committed Dec 13, 2024
1 parent 2057580 commit 174fbdf
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 14 deletions.
7 changes: 4 additions & 3 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -441,7 +442,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -451,7 +452,7 @@ spec:
-v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)
echo "Adding activation key to the build"
if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)"
Expand All @@ -466,7 +467,7 @@ spec:
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >>null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
7 changes: 4 additions & 3 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -475,7 +476,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -485,7 +486,7 @@ spec:
-v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)
echo "Adding activation key to the build"
if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)"
Expand All @@ -500,7 +501,7 @@ spec:
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >>null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
8 changes: 4 additions & 4 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -453,7 +453,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -464,7 +464,7 @@ spec:
echo "Adding activation key to the build"
if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)"
Expand All @@ -479,7 +479,7 @@ spec:
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >> null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down
8 changes: 4 additions & 4 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ spec:
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
# 0. if hermetic=true, skip all subscription related stuff
# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.
# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.
# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.
Expand All @@ -374,7 +374,7 @@ spec:
# shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced
# container.
if [ -e /activation-key/org ]; then
if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then
cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
mkdir -p /shared/rhsm/etc/pki/entitlement
mkdir -p /shared/rhsm/etc/pki/consumer
Expand All @@ -385,7 +385,7 @@ spec:
echo "Adding activation key to the build"
if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then
# user is not running registration in the Containerfile: pre-register.
echo "Pre-registering with subscription manager."
subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)"
Expand All @@ -400,7 +400,7 @@ spec:
fi
# was: if [ -d "$ACTIVATION_KEY_PATH" ]; then
elif find /entitlement -name "*.pem" >> null; then
elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then
cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement
VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)
echo "Adding the entitlement to the build"
Expand Down

0 comments on commit 174fbdf

Please sign in to comment.