Open
Conversation
added 20 commits
March 16, 2026 13:19
in import-additional-cas script.
restore-all-dir-contents && import-additional-cas flow. Without this I have seen that the permission fixing didn't work reliably for restarting pods: sh-5.1$ restore-all-dir-contents sh-5.1$ restore-all-dir-contents sh-5.1$ import-additional-cas No certificates found in /usr/local/share/ca-certificates '/etc/pki/injected-ca-trust/tls-ca-bundle.pem' -> '/etc/pki/ca-trust/source/anchors/tls-ca-bundle.pem' sh-5.1$ restore-all-dir-contents cp: cannot create regular file '/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R4.pem': Permission denied cp: cannot create regular file '/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_ECC_Root_CA_-_R5.pem': Permission denied cp: cannot create regular file '/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R3.pem': Permission denied cp: cannot create regular file '/etc/pki/ca-trust/extracted/pem/directory-hash/GlobalSign_Root_CA_-_R6.pem': Permission denied cp: cannot create regular file '/etc/pki/ca-trust/extracted/pem/directory-hash/certSIGN_Root_CA_G2.pem': Permission denied sh-5.1$
Contributor
There was a problem hiding this comment.
Sorry @mclasmeier, your pull request is larger than the review limit of 150000 diff characters
Contributor
|
/konflux-retest main-on-push |
Contributor
|
Images are ready for the commit at f3548a1. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19437 +/- ##
=======================================
Coverage 49.73% 49.73%
=======================================
Files 2703 2703
Lines 204040 204040
=======================================
+ Hits 101478 101489 +11
+ Misses 94985 94977 -8
+ Partials 7577 7574 -3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
|
/konflux-retest scanner-v4-on-push |
Contributor
|
/konflux-retest main-on-push |
Contributor
|
/konflux-retest operator-bundle-on-push |
2 similar comments
Contributor
|
/konflux-retest operator-bundle-on-push |
Contributor
|
/konflux-retest operator-bundle-on-push |
Contributor
|
/konflux-retest central-db-on-push |
Contributor
Author
|
/retest operator-bundle-on-push |
|
@mclasmeier: The The following commands are available to trigger optional jobs: Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
porridge
approved these changes
Mar 16, 2026
| # configured correctly in the first place. Also, this kind of gets around the | ||
| # problem where you're trying to test something locally but forget to add a | ||
| # tmpfs mount to the appropriate mount points. | ||
| cp --recursive --no-dereference --no-clobber /.init-dirs/* / |
Contributor
There was a problem hiding this comment.
--no-clobberseems to be deprecated in favour of--update=none- Can't we fix the permissions and use
--forceinstead?
Contributor
Author
There was a problem hiding this comment.
FYI, I am currently exploring some other ways of addressing this.
Contributor
Author
There was a problem hiding this comment.
[root@1815735dd284 /]# cp --update=none /bin/ls /tmp
cp: option '--update' doesn't allow an argument
Try 'cp --help' for more information.
[root@1815735dd284 /]# cp --version
cp (GNU coreutils) 8.32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Torbjorn Granlund, David MacKenzie, and Jim Meyering.
[root@1815735dd284 /]#
This is from UBI9 minimal.
5 tasks
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR switches all base images in the stackrox repo to UBI9. A couple of smaller changes had to be done to account for technical differences between UBI8 and UBI9.
All other changes are required for green CI.
See commit history.
User-facing documentation
Testing and quality
Automated testing
How I validated my change
change me!