chore(signing): Switch fully from /usr/etc/ to /etc/
#375
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes: #319 I only tested this in non-Universal Blue image. With & without rechunk. Before: ``` [11:39:42 g.i/h/rechunk:v1.0.1] => WARNING: FOUND /usr/etc. MERGING TO ETC FOR COMPATIBILITY [11:39:42 g.i/h/rechunk:v1.0.1] => EXPECT PERMISSIONS ISSUES ON THE MERGED PATHS [11:39:42 g.i/h/rechunk:v1.0.1] => The following files from /usr/etc will be merged to /etc: [11:39:42 g.i/h/rechunk:v1.0.1] => ./usr/etc [11:39:42 g.i/h/rechunk:v1.0.1] => |-- containers [11:39:42 g.i/h/rechunk:v1.0.1] => | |-- policy.json [11:39:42 g.i/h/rechunk:v1.0.1] => | `-- registries.d [11:39:42 g.i/h/rechunk:v1.0.1] => | `-- gidro-os.yaml [11:39:42 g.i/h/rechunk:v1.0.1] => `-- pki [11:39:42 g.i/h/rechunk:v1.0.1] => `-- containers [11:39:42 g.i/h/rechunk:v1.0.1] => `-- gidro-os.pub [11:39:42 g.i/h/rechunk:v1.0.1] => [11:39:42 g.i/h/rechunk:v1.0.1] => 5 directories, 3 files ``` After: ``` [18:26:31 g.i/h/rechunk:v1.0.1] => WARNING: FOUND /usr/etc. MERGING TO ETC FOR COMPATIBILITY [18:26:31 g.i/h/rechunk:v1.0.1] => EXPECT PERMISSIONS ISSUES ON THE MERGED PATHS [18:26:31 g.i/h/rechunk:v1.0.1] => The following files from /usr/etc will be merged to /etc: [18:26:31 g.i/h/rechunk:v1.0.1] => ./usr/etc [18:26:31 g.i/h/rechunk:v1.0.1] => `-- pki [18:26:31 g.i/h/rechunk:v1.0.1] => `-- containers [18:26:31 g.i/h/rechunk:v1.0.1] => `-- gidro-os.pub [18:26:31 g.i/h/rechunk:v1.0.1] => [18:26:31 g.i/h/rechunk:v1.0.1] => 3 directories, 1 file ``` Only thing remaining is to see if copying .pub keys to `/etc/` only will work, as it caused issues before. That would get rid of all files in `/usr/etc/`. https://github.com/blue-build/cli/blob/a8cac2adc90fa842e4565bc1825e588df4f5bcbd/template/templates/Containerfile.j2#L26
xynydev
previously approved these changes
Dec 8, 2024
gmpinder
previously approved these changes
Dec 8, 2024
gmpinder
pushed a commit
to blue-build/cli
that referenced
this pull request
Dec 8, 2024
Supplements main PR: blue-build/modules#375 Tests & it works, can be merged.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #319
Related PR in CLI:
blue-build/cli#288
I tested this in vanilla Fedora & Universal Blue based image. With & without rechunk.
Logs
Before:
After:
/usr/etc/After (Universal Blue):
What needs to be fixed
/etc/containers/policy.json(Universal Blue only)For Universal Blue,
policy.jsonstill remains in/usr/etc/sadly.Need to wait on Universal Blue to fix this properly.
Meanwhile, we'll copy
policy.jsonto/usr/etc/containers/policy.jsonin Universal Blue based images only.While otherwise, we'll normally copy to
/etc/containers/policy.json