openstack
/
tripleo-common
Code Issues Proposed changes

Pin nettle-3.8-3 on ubi9 only 

This patch fixes the workaround proposed in [1] to install
nettle-3.8-3 only on ubi9 containers.
Since we are backporting this fix to stable/wallaby, we need
to guarantee that doesn't break ubi8 containers.

[1] https://review.opendev.org/c/openstack/tripleo-common/+/869104

Change-Id: I039ca97773699f6f744e83172dd6664ace0d8d60
This commit is contained in:
Douglas Viroel 2023-03-08 18:31:27 -03:00
parent 255a6c00da
commit 9fca209d49
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
container-images/tcib/base/base.yaml
View File

@ -51,6 +51,15 @@ tcib_actions:
if [ '{{ tcib_distro }}' == 'centos' ];then
if [ -n "$(rpm -qa redhat-release)" ];then rpm -e --nodeps redhat-release; fi ;
dnf -y install centos-stream-release; fi
# TODO: Temporary pinning nettle to 3.8-3.el9, so it can be reinstalled from centos-9 repos.
# nettle-3.8-3 is already installed in ubi9 image, but it conflicts with newer versions on gnutls
# installed from centos-9 repos. This workaround can be reverted once ubi9.2 is released, which
# should contain a newer version of gnutls with fixes to run under FIPS mode.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=2154924 and
# https://bugs.launchpad.net/tripleo/+bug/1984237
- run: >-
if [ '{{ tcib_release }}' == '9' ];then
dnf -y install nettle-3.8-3.el9; fi
- run: dnf update --excludepkgs redhat-release -y && dnf clean all && rm -rf /var/cache/dnf
tcib_cmd: kolla_start
tcib_entrypoint: dumb-init --single-child --
@ -60,17 +69,12 @@ tcib_envs:
tcib_labels:
maintainer: OpenStack TripleO team
tcib_managed: True
# TODO: Temporary pinning nettle to 3.8-3.el9, so it can be reinstalled from centos-9 repos.
# nettle-3.8-3 is already installed in ubi9 image, but it conflicts with newer versions on gnutls
# installed from centos-9 repos. This workaround can be reverted once ubi9.2 is released, which
# should contain a newer version of gnutls with fixes to run under FIPS mode.
tcib_packages:
common:
- ca-certificates
- dumb-init
- glibc-langpack-en
- iscsi-initiator-utils
- nettle-3.8-3.el9
- openstack-tripleo-common-containers
- openstack-tripleo-common-container-base
- procps-ng