diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index 65f9cdd091..1d5c42b613 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -433,6 +433,7 @@ spec: ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" + # 0. if hermetic=true, skip all subscription related stuff # 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key. # 2. Activation-keys will be used when the key 'org' exists in the activation key secret. # 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles. @@ -441,7 +442,7 @@ spec: # shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced # container. - if [ -e /activation-key/org ]; then + if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key mkdir -p /shared/rhsm/etc/pki/entitlement mkdir -p /shared/rhsm/etc/pki/consumer @@ -451,7 +452,7 @@ spec: -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z) echo "Adding activation key to the build" - if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then + if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then # user is not running registration in the Containerfile: pre-register. echo "Pre-registering with subscription manager." subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)" @@ -466,7 +467,7 @@ spec: fi # was: if [ -d "$ACTIVATION_KEY_PATH" ]; then - elif find /entitlement -name "*.pem" >>null; then + elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement) echo "Adding the entitlement to the build" diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index c9650451b3..170ce43824 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -467,6 +467,7 @@ spec: ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" + # 0. if hermetic=true, skip all subscription related stuff # 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key. # 2. Activation-keys will be used when the key 'org' exists in the activation key secret. # 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles. @@ -475,7 +476,7 @@ spec: # shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced # container. - if [ -e /activation-key/org ]; then + if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key mkdir -p /shared/rhsm/etc/pki/entitlement mkdir -p /shared/rhsm/etc/pki/consumer @@ -485,7 +486,7 @@ spec: -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z) echo "Adding activation key to the build" - if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then + if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then # user is not running registration in the Containerfile: pre-register. echo "Pre-registering with subscription manager." subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)" @@ -500,7 +501,7 @@ spec: fi # was: if [ -d "$ACTIVATION_KEY_PATH" ]; then - elif find /entitlement -name "*.pem" >>null; then + elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >>null; then cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement) echo "Adding the entitlement to the build" diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index e4362df69a..cc6c5682d7 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -444,7 +444,7 @@ spec: ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" - + # 0. if hermetic=true, skip all subscription related stuff # 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key. # 2. Activation-keys will be used when the key 'org' exists in the activation key secret. # 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles. @@ -453,7 +453,7 @@ spec: # shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced # container. - if [ -e /activation-key/org ]; then + if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key mkdir -p /shared/rhsm/etc/pki/entitlement mkdir -p /shared/rhsm/etc/pki/consumer @@ -464,7 +464,7 @@ spec: echo "Adding activation key to the build" - if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then + if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then # user is not running registration in the Containerfile: pre-register. echo "Pre-registering with subscription manager." subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)" @@ -479,7 +479,7 @@ spec: fi # was: if [ -d "$ACTIVATION_KEY_PATH" ]; then - elif find /entitlement -name "*.pem" >> null; then + elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement) echo "Adding the entitlement to the build" diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index 53c0896edf..340e5d85be 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -365,7 +365,7 @@ spec: ACTIVATION_KEY_PATH="/activation-key" ENTITLEMENT_PATH="/entitlement" - + # 0. if hermetic=true, skip all subscription related stuff # 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key. # 2. Activation-keys will be used when the key 'org' exists in the activation key secret. # 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles. @@ -374,7 +374,7 @@ spec: # shared emptydir volume to "/etc/pki/entitlement" to prevent certificates from being included in the produced # container. - if [ -e /activation-key/org ]; then + if [ "${HERMETIC}" != "true" ] && [ -e /activation-key/org ]; then cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key mkdir -p /shared/rhsm/etc/pki/entitlement mkdir -p /shared/rhsm/etc/pki/consumer @@ -385,7 +385,7 @@ spec: echo "Adding activation key to the build" - if ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then + if [ "${HERMETIC}" != "true" ] && ! grep -E "^[^#]*subscription-manager.[^#]*register" "$dockerfile_path"; then # user is not running registration in the Containerfile: pre-register. echo "Pre-registering with subscription manager." subscription-manager register --org "$(cat /tmp/activation-key/org)" --activationkey "$(cat /tmp/activation-key/activationkey)" @@ -400,7 +400,7 @@ spec: fi # was: if [ -d "$ACTIVATION_KEY_PATH" ]; then - elif find /entitlement -name "*.pem" >> null; then + elif [ "${HERMETIC}" != "true" ] && find /entitlement -name "*.pem" >> null; then cp -r --preserve=mode "$ENTITLEMENT_PATH" /tmp/entitlement VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement) echo "Adding the entitlement to the build"