From fd91b3575366a4d2b192b6d76bf274b323f38d2e Mon Sep 17 00:00:00 2001 From: OpenShift Cherrypick Robot Date: Fri, 13 Jun 2025 19:07:22 +0200 Subject: [PATCH] [redhat-3.15] init: dynamically looking up python user base (PROJQUAY-9011) (#4057) Dynamically lookup python user base if being built on ubi 8. --------- Co-authored-by: bcaton --- conf/init/certs_install.sh | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/conf/init/certs_install.sh b/conf/init/certs_install.sh index a4f5f6d36..67e968f47 100755 --- a/conf/init/certs_install.sh +++ b/conf/init/certs_install.sh @@ -5,7 +5,11 @@ QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"} QUAYCONFIG=${QUAYCONFIG:-"$QUAYCONF/stack"} CERTDIR=${CERTDIR:-"$QUAYCONFIG/extra_ca_certs"} SYSTEM_CERTDIR=${SYSTEM_CERTDIR:-"/etc/pki/ca-trust/source/anchors"} -PYTHONUSERBASE_SITE_PACKAGE=/opt/app-root/lib/python3.12/site-packages +if grep -q 'VERSION_ID="8' /etc/os-release; then + PYTHONUSERBASE_SITE_PACKAGE=${PYTHONUSERBASE_SITE_PACKAGE:-"$(python -m site --user-site)"} +else + PYTHONUSERBASE_SITE_PACKAGE=/opt/app-root/lib/python3.12/site-packages +fi cd ${QUAYDIR:-"/quay-registry"} @@ -65,10 +69,14 @@ done # Update all CA certificates. # hack for UBI9, extract it a temp location and move -# to /etc/pki after because of permission issues - -mkdir -p /tmp/extracted -rm -rf /etc/pki/ca-trust/extracted -update-ca-trust extract -o /tmp/extracted -chmod ug+w -R /tmp/extracted -mv /tmp/extracted /etc/pki/ca-trust +# to /etc/pki after because of permission issues. +# All ubi8 specific code should be removed after UBI9 is fully supported, see PROJQUAY-9013 +if grep -q 'VERSION_ID="8' /etc/os-release; then + update-ca-trust extract +else + mkdir -p /tmp/extracted + rm -rf /etc/pki/ca-trust/extracted + update-ca-trust extract -o /tmp/extracted + chmod ug+w -R /tmp/extracted + mv /tmp/extracted /etc/pki/ca-trust +fi