fix: use openssl from Builder container to avoid run container dnf call #152
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Doug Edgar <[email protected]>
rhdedgar
force-pushed
the
run_container_package
branch
from
7e2a0a5 to
cf4ab82
Compare
rhdedgar
requested review from
VaishnaviHire,
cdoern,
derekhiggins,
leseb,
mfleader,
nathan-weinberg and
rhuss
as code owners
|
Seems like rebasing PRs also has the effect of requesting reviews from everyone - I'll look into if this is intended behavior or not. |
|
@rhdedgar i think that's just the |
|
/lgtm |
leseb
requested changes
Sep 10, 2025
Comment on lines
+39
to
+41
| COPY --from=builder /usr/bin/openssl /usr/bin/openssl | ||
| COPY --from=builder /lib64/libssl.so.3 /lib64/libssl.so.3 | ||
| COPY --from=builder /lib64/libcrypto.so.3 /lib64/libcrypto.so.3 |
There was a problem hiding this comment.
Hum this feels "dangerous", are the builder and final image the same? Same distro? Same glibc version?
There was a problem hiding this comment.
Btw how can we repro? I have no subscription and could install the package 🤔
$ podman run -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi-minimal:latest
Trying to pull registry.access.redhat.com/ubi9/ubi-minimal:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob sha256:73ac460760dbc07b4e932677ed1d86c86c51259cd8ea7c5f1d5b13c9dd3d9d59
Copying config sha256:f36340c5d8884dc930bfe0a7a5d3602b665e10569317ce1931b78e15444938b9
Writing manifest to image destination
Storing signatures
[root@09c1c81257d6 /]# microdnf install -y openssl && microdnf clean all
(microdnf:8): librhsm-WARNING **: 08:52:00.526: Found 0 entitlement certificates
(microdnf:8): librhsm-WARNING **: 08:52:00.529: Found 0 entitlement certificates
Downloading metadata...
Downloading metadata...
Downloading metadata...
Package Repository Size
Installing:
openssl-1:3.2.2-6.el9_5.1.aarch64 ubi-9-baseos-rpms 1.4 MB
Transaction Summary:
Installing: 1 packages
Reinstalling: 0 packages
Upgrading: 0 packages
Obsoleting: 0 packages
Removing: 0 packages
Downgrading: 0 packages
Downloading packages...
Running transaction test...
Installing: openssl;1:3.2.2-6.el9_5.1;aarch64;ubi-9-baseos-rpms
Complete.
(microdnf:65): librhsm-WARNING **: 08:52:02.258: Found 0 entitlement certificates
(microdnf:65): librhsm-WARNING **: 08:52:02.259: Found 0 entitlement certificates
Complete.
[root@09c1c81257d6 /]#
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Avoids the issue where users without active RH subscriptions get a 403 when trying to install openssl via microdnf using the default repos.
Passes the
check-payloadtool.Closes
RHAIENG-844.