Backport: fix: Allow non-root user to run the bundle-certificates script 17.3
What does this MR do?
Merge branch 'certificates-without-root' into 'master'
fix: Allow non-root user to run the bundle-certificates script
Closes gitlab-com/gl-infra/gitlab-dedicated/team#6336
See merge request !2043 (merged)
Merged-by: Jason Plum jplum@gitlab.com Approved-by: Jason Plum jplum@gitlab.com Co-authored-by: John Edge 13796758-jedge1@users.noreply.gitlab.com
(cherry picked from commit ff65154b)
f3342f04 fix: Allow non-root user to run update-ca-trust 73b1823b Add write permissions to /etc/pki/tls/certs ba0bc1ad Set extraction path to prevent modifying permissions
Co-authored-by: Jason Plum jplum@gitlab.com
Related issues
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated -
New dependencies are managed with dependencies.io
Merge request reports
Activity
changed milestone to %17.5
requested review from @Alexand
assigned to @jedge1
1 Message Please add the workflowready for review label once you think the MR is ready to for an initial review, and assign
a reviewer based on the Reviewer Roulette suggestion below.If from a community member, ask that the Community contribution label be added as well.
Merge requests are handled according to the workflow documented in our handbook and should receive a response within the limit documented in our First-response SLO.
If you don't receive a response, please mention
@gitlab-org/distribution
, or one of our Project MaintainersReviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, mention them as you normally would! Danger does not automatically notify them for you.
Reviewer Maintainer @lucus.li
(UTC+9, 13 hours ahead of author)
@rmarshall
(UTC-4, same timezone as author)
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger- Resolved by John Edge
Exact commit cherry-picked from master.
But it doesn't hurt to trigger the UBI pipeline for the stable branch also. So I've triggered it.
@rmarshall, could you review this backport?
requested review from @rmarshall and removed review request for @Alexand
- Resolved by Balasankar 'Balu' C
I think this milestone should be %17.3, since it's a backport?
@rmarshall @Alexand does this MR need anything else? The release of this fix is currently holding up deployments for UBI based systems.
requested review from @balasankarc and removed review request for @rmarshall
enabled an automatic merge when all merge checks for 1ae25c9b pass
mentioned in commit 8cbff766