From 14f7babb486ac27d210b8f3992b1f36666edd60f Mon Sep 17 00:00:00 2001 From: "d.kovalenko" Date: Tue, 14 Jul 2026 22:31:43 +0300 Subject: [PATCH 1/3] CI: RockyLinux 8/9/10 is added to test --- .github/workflows/ci.yml | 12 +++ Dockerfile--rockylinux_10.tmpl | 154 +++++++++++++++++++++++++++++++++ Dockerfile--rockylinux_8.tmpl | 150 ++++++++++++++++++++++++++++++++ Dockerfile--rockylinux_9.tmpl | 154 +++++++++++++++++++++++++++++++++ 4 files changed, 470 insertions(+) create mode 100644 Dockerfile--rockylinux_10.tmpl create mode 100644 Dockerfile--rockylinux_8.tmpl create mode 100644 Dockerfile--rockylinux_9.tmpl diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d11e1fc4..055f69b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -158,6 +158,18 @@ jobs: python: "3" postgres: "17" case_suffix: "py3_xx_xx-pg17_xx" + - platform: "rockylinux_8" + python: "3" + postgres: "17" + case_suffix: "py3_xx_xx-pg17_xx" + - platform: "rockylinux_9" + python: "3" + postgres: "17" + case_suffix: "py3_xx_xx-pg17_xx" + - platform: "rockylinux_10" + python: "3" + postgres: "17" + case_suffix: "py3_xx_xx-pg17_xx" name: "test: ${{ matrix.platform }} | ${{ matrix.case_suffix }}" diff --git a/Dockerfile--rockylinux_10.tmpl b/Dockerfile--rockylinux_10.tmpl new file mode 100644 index 00000000..41ec4755 --- /dev/null +++ b/Dockerfile--rockylinux_10.tmpl @@ -0,0 +1,154 @@ +# +# NOTE: RockyLinux-10 creates zomby processes! +# +ARG PG_VERSION=17 +ARG PYTHON_VERSION=3 + +# --------------------------------------------- base1 +FROM rockylinux/rockylinux:10 AS base1 + +# In RHEL 9/10, the repository for dev packages is called CRB (instead of powertools) +RUN dnf install -y 'dnf-command(config-manager)' && \ + dnf config-manager --set-enabled crb + +# Consolidating system utilities, including iproute (to prevent tests from failing) +# Added the --allowerasing flag so dnf can seamlessly replace curl-minimal with full-fledged curl +RUN dnf install -y --allowerasing \ + sudo \ + curl \ + ca-certificates \ + openssh-server \ + openssh-clients \ + sshpass \ + time \ + util-linux \ + procps-ng \ + git \ + iproute \ + bzip2 \ + && dnf clean all + +# In RHEL 9/10, to generate host keys inside Docker, you need to call this binary +RUN /usr/libexec/openssh/sshd-keygen rsa && \ + /usr/libexec/openssh/sshd-keygen ed25519 + +RUN sed -i 's/#MaxStartups 10:30:100/MaxStartups 2000:30:2000/' /etc/ssh/sshd_config && \ + sed -i 's/#MaxSessions 10/MaxSessions 500/' /etc/ssh/sshd_config && \ + sed -i 's/#MaxAuthTries 6/MaxAuthTries 20/' /etc/ssh/sshd_config + +# --------------------------------------------- postgres dev tools +FROM base1 AS base1_with_dev_tools + +RUN dnf install -y \ + gcc \ + make \ + meson \ + flex \ + bison \ + pkg-config \ + openssl-devel \ + libicu-devel \ + libzstd-devel \ + zlib-devel \ + lz4-devel \ + libxml2-devel \ + perl-interpreter \ + perl-FindBin \ + perl-File-Compare \ + && dnf clean all + +# --------------------------------------------- postgres build +FROM base1_with_dev_tools AS base1_with_pg-17 + +RUN curl -fsSL https://ftp.postgresql.org/pub/source/v17.7/postgresql-17.7.tar.bz2 -o postgresql.tar.bz2 \ + && mkdir -p /pg/postgres/source \ + && tar -xjf postgresql.tar.bz2 -C /pg/postgres/source --strip-components=1 \ + && rm postgresql.tar.bz2 + +WORKDIR /pg/postgres/source + +RUN ./configure --prefix=/pg/postgres/install --with-zlib --with-openssl --without-readline --with-lz4 --with-zstd --with-libxml +RUN make -j 4 install +RUN make -j 4 -C contrib install + +# SETUP PG_CONFIG +RUN ln -s /pg/postgres/install/bin/pg_config -t /usr/local/bin + +# SETUP PG CLIENT LIBRARY +# ИСПРАВЛЕНО: ссылаемся на базовое имя libpq.so.5, чтобы Dockerfile не ломался при обновлении минорных версий PG +RUN ln -s /pg/postgres/install/lib/libpq.so.5 /usr/lib64/libpq.so.5 && \ + echo "/pg/postgres/install/lib" > /etc/ld.so.conf.d/postgres.conf && ldconfig + +# --------------------------------------------- base2_with_python-3 +FROM base1_with_pg-${PG_VERSION} AS base2_with_python-3 + +# Rocky 9/10 installs python3.9 or higher (depending on the repository) +RUN dnf install -y \ + python3 \ + python3-devel \ + && dnf clean all + +ENV PYTHON_BINARY=/usr/bin/python3 + +# --------------------------------------------- final +FROM base2_with_python-${PYTHON_VERSION} AS final + +EXPOSE 22 + +RUN useradd -m test && usermod -aG wheel test + +# Enable sudo without a password +RUN echo "test ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers + +# HACK FOR RHEL 9/10: Allow legacy key types and disable UsePAM. +# Additionally, allow passwordless root/test authentication for testing. +RUN echo "test:*" | chpasswd -e && \ + sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config && \ + echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> /etc/ssh/sshd_config && \ + echo "PermitEmptyPasswords yes" >> /etc/ssh/sshd_config + +COPY --chown=test:test . /home/test/testgres +WORKDIR /home/test/testgres + +ENV LANG=C.UTF-8 + +RUN chmod 700 /home/test/ && \ + mkdir -p /home/test/.ssh && \ + chown -R test:test /home/test/.ssh + +# Our ENTRYPOINT with a stub +ENTRYPOINT ["sh", "-c", " \ + set -eux; \ + echo 'SYSTEM START: PREPARING SSH'; \ + /usr/sbin/sshd; \ + ls -la /home/test/.ssh/; \ + \"$@\" \ +", "DUMMY-DUMMY-DUMMY"] + +# In CMD, we change the key generation from the deprecated -t rsa to the modern -t ed25519! +# This ensures that Rocky 9/10 will accept this key without any cryptographic policy issues. +CMD ["bash", "-c", " \ +set -eux; \ +echo \"HOME DIR IS [`realpath ~/`]\"; \ +echo \"WORK DIR IS [$(pwd)]\"; \ +if [ ! -f /home/test/.ssh/id_ed25519 ]; then \ + su test -c \"ssh-keygen -t ed25519 -f /home/test/.ssh/id_ed25519 -q -N ''\"; \ + su test -c \"cat /home/test/.ssh/id_ed25519.pub >> /home/test/.ssh/authorized_keys\"; \ + chmod 600 /home/test/.ssh/authorized_keys; \ +fi; \ +ls -la /home/test/.ssh/; \ +su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ +su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ +if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ + su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ +fi; \ +if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ + cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ + export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ + chown test:test \"${TEST_CFG__REMOTE_SSH_KEY}\"; \ + chmod 600 \"${TEST_CFG__REMOTE_SSH_KEY}\"; \ + ls -la /home/test/.ssh/; \ +fi; \ +ls -la ./; \ +su test -c \"TEST_FILTER='' bash ./run_tests.sh\"; \ +"] diff --git a/Dockerfile--rockylinux_8.tmpl b/Dockerfile--rockylinux_8.tmpl new file mode 100644 index 00000000..1e818154 --- /dev/null +++ b/Dockerfile--rockylinux_8.tmpl @@ -0,0 +1,150 @@ +ARG PG_VERSION=17 +ARG PYTHON_VERSION=3 + +# --------------------------------------------- base1 +FROM rockylinux:8 AS base1 + +# Enable the PowerTools repository (called crb or powertools in Rocky/Alma), +# since without it, dnf won't find the python3-devel packages for building extensions. +RUN dnf install -y 'dnf-command(config-manager)' && \ + dnf config-manager --set-enabled powertools + +# Combine the installation of system utilities, SSH into one layer +RUN dnf install -y \ + sudo \ + curl \ + ca-certificates \ + openssh-server \ + openssh-clients \ + sshpass \ + time \ + util-linux \ + procps-ng \ + git \ + iproute \ + bzip2 \ + && dnf clean all + +RUN sed -i 's/#MaxStartups 10:30:100/MaxStartups 2000:30:2000/' /etc/ssh/sshd_config && \ + sed -i 's/#MaxSessions 10/MaxSessions 500/' /etc/ssh/sshd_config && \ + sed -i 's/#MaxAuthTries 6/MaxAuthTries 20/' /etc/ssh/sshd_config + +# --------------------------------------------- postgres dev tools +FROM base1 AS base1_with_dev_tools + +RUN dnf install -y \ + gcc \ + make \ + meson \ + flex \ + bison \ + pkg-config \ + openssl-devel \ + libicu-devel \ + libzstd-devel \ + zlib-devel \ + lz4-devel \ + libxml2-devel \ + && dnf clean all + +# --------------------------------------------- postgres build +FROM base1_with_dev_tools AS base1_with_pg-17 + +RUN curl -fsSL https://ftp.postgresql.org/pub/source/v17.7/postgresql-17.7.tar.bz2 -o postgresql.tar.bz2 \ + && mkdir -p /pg/postgres/source \ + && tar -xjf postgresql.tar.bz2 -C /pg/postgres/source --strip-components=1 \ + && rm postgresql.tar.bz2 + +WORKDIR /pg/postgres/source + +RUN ./configure --prefix=/pg/postgres/install --with-zlib --with-openssl --without-readline --with-lz4 --with-zstd --with-libxml +RUN make -j 4 install +RUN make -j 4 -C contrib install + +# SETUP PG_CONFIG +# When pg_config symlink in /usr/local/bin it returns a real (right) result of --bindir +RUN ln -s /pg/postgres/install/bin/pg_config -t /usr/local/bin + +# SETUP PG CLIENT LIBRARY +# libpq.so.5 is enough +RUN ln -s /pg/postgres/install/lib/libpq.so.5 /usr/lib/libpq.so.5 + +# --------------------------------------------- base2_with_python-3 +FROM base1_with_pg-${PG_VERSION} AS base2_with_python-3 + +RUN dnf install -y \ + python39 \ + python39-devel \ + && dnf clean all + +ENV PYTHON_BINARY=/usr/bin/python3.9 + +# --------------------------------------------- final +FROM base2_with_python-${PYTHON_VERSION} AS final + +EXPOSE 22 +# In RHEL/CentOS, SSH host keys are generated via sshd-keygen +RUN ssh-keygen -A + +# In the RedHat family, the equivalent of the wheel/sudo group is the wheel group +RUN useradd -m test && usermod -aG wheel test + +# Enable sudo without a password +RUN echo "test ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers + +# Setting a blank password and disabling UsePAM (like in Astra), +# since SELinux/PAM in RHEL blocks blank passwords over SSH. +# +# On local tests it produces: +# WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems. +# +# But without "sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config" remote tests +# does not work! +# +RUN echo "test:*" | chpasswd -e && \ + sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config + +COPY --chown=test:test . /home/test/testgres +WORKDIR /home/test/testgres + +ENV LANG=C.UTF-8 + +RUN chmod 700 /home/test/ && \ + mkdir -p /home/test/.ssh && \ + chown -R test:test /home/test/.ssh + +# Our proven ENTRYPOINT with a DUMMY plug +ENTRYPOINT ["sh", "-c", " \ + set -eux; \ + echo 'SYSTEM START: PREPARING SSH'; \ + /usr/sbin/sshd; \ + ls -la /home/test/.ssh/; \ + \"$@\" \ +", "DUMMY-DUMMY-DUMMY"] + +# Standard CMD for tests +CMD ["bash", "-c", " \ +set -eux; \ +echo \"HOME DIR IS [`realpath ~/`]\"; \ +echo \"WORK DIR IS [$(pwd)]\"; \ +if [ ! -f /home/test/.ssh/id_rsa ]; then \ + su test -c \"ssh-keygen -t rsa -f /home/test/.ssh/id_rsa -q -N ''\"; \ + su test -c \"cat /home/test/.ssh/id_rsa.pub >> /home/test/.ssh/authorized_keys\"; \ + chmod 600 /home/test/.ssh/authorized_keys; \ +fi; \ +ls -la /home/test/.ssh/; \ +su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ +su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ +if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ + su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ +fi; \ +if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ + cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ + export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ + chown test:test \"${TEST_CFG__REMOTE_SSH_KEY}\"; \ + chmod 600 \"${TEST_CFG__REMOTE_SSH_KEY}\"; \ + ls -la /home/test/.ssh/; \ +fi; \ +ls -la ./; \ +su test -c \"TEST_FILTER='' bash ./run_tests.sh\"; \ +"] diff --git a/Dockerfile--rockylinux_9.tmpl b/Dockerfile--rockylinux_9.tmpl new file mode 100644 index 00000000..94897e63 --- /dev/null +++ b/Dockerfile--rockylinux_9.tmpl @@ -0,0 +1,154 @@ +# +# NOTE: RockyLinux-9 creates zomby processes! +# +ARG PG_VERSION=17 +ARG PYTHON_VERSION=3 + +# --------------------------------------------- base1 +FROM rockylinux/rockylinux:9 AS base1 + +# In RHEL 9/10, the repository for dev packages is called CRB (instead of powertools) +RUN dnf install -y 'dnf-command(config-manager)' && \ + dnf config-manager --set-enabled crb + +# Consolidating system utilities, including iproute (to prevent tests from failing) +# Added the --allowerasing flag so dnf can seamlessly replace curl-minimal with full-fledged curl +RUN dnf install -y --allowerasing \ + sudo \ + curl \ + ca-certificates \ + openssh-server \ + openssh-clients \ + sshpass \ + time \ + util-linux \ + procps-ng \ + git \ + iproute \ + bzip2 \ + && dnf clean all + +# In RHEL 9/10, to generate host keys inside Docker, you need to call this binary +RUN /usr/libexec/openssh/sshd-keygen rsa && \ + /usr/libexec/openssh/sshd-keygen ed25519 + +RUN sed -i 's/#MaxStartups 10:30:100/MaxStartups 2000:30:2000/' /etc/ssh/sshd_config && \ + sed -i 's/#MaxSessions 10/MaxSessions 500/' /etc/ssh/sshd_config && \ + sed -i 's/#MaxAuthTries 6/MaxAuthTries 20/' /etc/ssh/sshd_config + +# --------------------------------------------- postgres dev tools +FROM base1 AS base1_with_dev_tools + +RUN dnf install -y \ + gcc \ + make \ + meson \ + flex \ + bison \ + pkg-config \ + openssl-devel \ + libicu-devel \ + libzstd-devel \ + zlib-devel \ + lz4-devel \ + libxml2-devel \ + perl-interpreter \ + perl-FindBin \ + perl-File-Compare \ + && dnf clean all + +# --------------------------------------------- postgres build +FROM base1_with_dev_tools AS base1_with_pg-17 + +RUN curl -fsSL https://ftp.postgresql.org/pub/source/v17.7/postgresql-17.7.tar.bz2 -o postgresql.tar.bz2 \ + && mkdir -p /pg/postgres/source \ + && tar -xjf postgresql.tar.bz2 -C /pg/postgres/source --strip-components=1 \ + && rm postgresql.tar.bz2 + +WORKDIR /pg/postgres/source + +RUN ./configure --prefix=/pg/postgres/install --with-zlib --with-openssl --without-readline --with-lz4 --with-zstd --with-libxml +RUN make -j 4 install +RUN make -j 4 -C contrib install + +# SETUP PG_CONFIG +RUN ln -s /pg/postgres/install/bin/pg_config -t /usr/local/bin + +# SETUP PG CLIENT LIBRARY +# ИСПРАВЛЕНО: ссылаемся на базовое имя libpq.so.5, чтобы Dockerfile не ломался при обновлении минорных версий PG +RUN ln -s /pg/postgres/install/lib/libpq.so.5 /usr/lib64/libpq.so.5 && \ + echo "/pg/postgres/install/lib" > /etc/ld.so.conf.d/postgres.conf && ldconfig + +# --------------------------------------------- base2_with_python-3 +FROM base1_with_pg-${PG_VERSION} AS base2_with_python-3 + +# Rocky 9/10 installs python3.9 or higher (depending on the repository) +RUN dnf install -y \ + python3 \ + python3-devel \ + && dnf clean all + +ENV PYTHON_BINARY=/usr/bin/python3 + +# --------------------------------------------- final +FROM base2_with_python-${PYTHON_VERSION} AS final + +EXPOSE 22 + +RUN useradd -m test && usermod -aG wheel test + +# Enable sudo without a password +RUN echo "test ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers + +# HACK FOR RHEL 9/10: Allow legacy key types and disable UsePAM. +# Additionally, allow passwordless root/test authentication for testing. +RUN echo "test:*" | chpasswd -e && \ + sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config && \ + echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> /etc/ssh/sshd_config && \ + echo "PermitEmptyPasswords yes" >> /etc/ssh/sshd_config + +COPY --chown=test:test . /home/test/testgres +WORKDIR /home/test/testgres + +ENV LANG=C.UTF-8 + +RUN chmod 700 /home/test/ && \ + mkdir -p /home/test/.ssh && \ + chown -R test:test /home/test/.ssh + +# Our ENTRYPOINT with a stub +ENTRYPOINT ["sh", "-c", " \ + set -eux; \ + echo 'SYSTEM START: PREPARING SSH'; \ + /usr/sbin/sshd; \ + ls -la /home/test/.ssh/; \ + \"$@\" \ +", "DUMMY-DUMMY-DUMMY"] + +# In CMD, we change the key generation from the deprecated -t rsa to the modern -t ed25519! +# This ensures that Rocky 9/10 will accept this key without any cryptographic policy issues. +CMD ["bash", "-c", " \ +set -eux; \ +echo \"HOME DIR IS [`realpath ~/`]\"; \ +echo \"WORK DIR IS [$(pwd)]\"; \ +if [ ! -f /home/test/.ssh/id_ed25519 ]; then \ + su test -c \"ssh-keygen -t ed25519 -f /home/test/.ssh/id_ed25519 -q -N ''\"; \ + su test -c \"cat /home/test/.ssh/id_ed25519.pub >> /home/test/.ssh/authorized_keys\"; \ + chmod 600 /home/test/.ssh/authorized_keys; \ +fi; \ +ls -la /home/test/.ssh/; \ +su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ +su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ +if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ + su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ +fi; \ +if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ + cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ + export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ + chown test:test \"${TEST_CFG__REMOTE_SSH_KEY}\"; \ + chmod 600 \"${TEST_CFG__REMOTE_SSH_KEY}\"; \ + ls -la /home/test/.ssh/; \ +fi; \ +ls -la ./; \ +su test -c \"TEST_FILTER='' bash ./run_tests.sh\"; \ +"] From 431d5066344b5a722239f21fe6098ad96c1f93c6 Mon Sep 17 00:00:00 2001 From: "d.kovalenko" Date: Wed, 15 Jul 2026 01:15:21 +0300 Subject: [PATCH 2/3] CI: SSH in RockyLinux dockerfiles is optimized --- Dockerfile--rockylinux_10.tmpl | 16 ++++++++++------ Dockerfile--rockylinux_8.tmpl | 16 ++++++++++------ Dockerfile--rockylinux_9.tmpl | 16 ++++++++++------ 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/Dockerfile--rockylinux_10.tmpl b/Dockerfile--rockylinux_10.tmpl index 41ec4755..718e8021 100644 --- a/Dockerfile--rockylinux_10.tmpl +++ b/Dockerfile--rockylinux_10.tmpl @@ -114,7 +114,16 @@ ENV LANG=C.UTF-8 RUN chmod 700 /home/test/ && \ mkdir -p /home/test/.ssh && \ - chown -R test:test /home/test/.ssh + echo 'Host *' > /home/test/.ssh/config && \ + echo ' ControlMaster auto' >> /home/test/.ssh/config && \ + echo ' ControlPath /home/test/.ssh/master-%r@%h:%p' >> /home/test/.ssh/config && \ + echo ' ControlPersist 30m' >> /home/test/.ssh/config && \ + echo ' StrictHostKeyChecking no' >> /home/test/.ssh/config && \ + echo ' UserKnownHostsFile /dev/null' >> /home/test/.ssh/config && \ + echo ' GSSAPIAuthentication no' >> /home/test/.ssh/config && \ + chown -R test:test /home/test/.ssh && \ + chmod 700 /home/test/.ssh && \ + chmod 600 /home/test/.ssh/config # Our ENTRYPOINT with a stub ENTRYPOINT ["sh", "-c", " \ @@ -137,11 +146,6 @@ if [ ! -f /home/test/.ssh/id_ed25519 ]; then \ chmod 600 /home/test/.ssh/authorized_keys; \ fi; \ ls -la /home/test/.ssh/; \ -su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ -su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ -if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ - su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ -fi; \ if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ diff --git a/Dockerfile--rockylinux_8.tmpl b/Dockerfile--rockylinux_8.tmpl index 1e818154..b157f8f3 100644 --- a/Dockerfile--rockylinux_8.tmpl +++ b/Dockerfile--rockylinux_8.tmpl @@ -111,7 +111,16 @@ ENV LANG=C.UTF-8 RUN chmod 700 /home/test/ && \ mkdir -p /home/test/.ssh && \ - chown -R test:test /home/test/.ssh + echo 'Host *' > /home/test/.ssh/config && \ + echo ' ControlMaster auto' >> /home/test/.ssh/config && \ + echo ' ControlPath /home/test/.ssh/master-%r@%h:%p' >> /home/test/.ssh/config && \ + echo ' ControlPersist 30m' >> /home/test/.ssh/config && \ + echo ' StrictHostKeyChecking no' >> /home/test/.ssh/config && \ + echo ' UserKnownHostsFile /dev/null' >> /home/test/.ssh/config && \ + echo ' GSSAPIAuthentication no' >> /home/test/.ssh/config && \ + chown -R test:test /home/test/.ssh && \ + chmod 700 /home/test/.ssh && \ + chmod 600 /home/test/.ssh/config # Our proven ENTRYPOINT with a DUMMY plug ENTRYPOINT ["sh", "-c", " \ @@ -133,11 +142,6 @@ if [ ! -f /home/test/.ssh/id_rsa ]; then \ chmod 600 /home/test/.ssh/authorized_keys; \ fi; \ ls -la /home/test/.ssh/; \ -su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ -su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ -if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ - su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ -fi; \ if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ diff --git a/Dockerfile--rockylinux_9.tmpl b/Dockerfile--rockylinux_9.tmpl index 94897e63..26c9b781 100644 --- a/Dockerfile--rockylinux_9.tmpl +++ b/Dockerfile--rockylinux_9.tmpl @@ -114,7 +114,16 @@ ENV LANG=C.UTF-8 RUN chmod 700 /home/test/ && \ mkdir -p /home/test/.ssh && \ - chown -R test:test /home/test/.ssh + echo 'Host *' > /home/test/.ssh/config && \ + echo ' ControlMaster auto' >> /home/test/.ssh/config && \ + echo ' ControlPath /home/test/.ssh/master-%r@%h:%p' >> /home/test/.ssh/config && \ + echo ' ControlPersist 30m' >> /home/test/.ssh/config && \ + echo ' StrictHostKeyChecking no' >> /home/test/.ssh/config && \ + echo ' UserKnownHostsFile /dev/null' >> /home/test/.ssh/config && \ + echo ' GSSAPIAuthentication no' >> /home/test/.ssh/config && \ + chown -R test:test /home/test/.ssh && \ + chmod 700 /home/test/.ssh && \ + chmod 600 /home/test/.ssh/config # Our ENTRYPOINT with a stub ENTRYPOINT ["sh", "-c", " \ @@ -137,11 +146,6 @@ if [ ! -f /home/test/.ssh/id_ed25519 ]; then \ chmod 600 /home/test/.ssh/authorized_keys; \ fi; \ ls -la /home/test/.ssh/; \ -su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ -su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ -if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ - su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ -fi; \ if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ From 6be9bfc1c46c45d591859690ad99cbe271986526 Mon Sep 17 00:00:00 2001 From: "d.kovalenko" Date: Wed, 15 Jul 2026 01:33:25 +0300 Subject: [PATCH 3/3] CI: Dockerfile--rockylinux_8.tmpl is restored --- Dockerfile--rockylinux_8.tmpl | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/Dockerfile--rockylinux_8.tmpl b/Dockerfile--rockylinux_8.tmpl index b157f8f3..1e818154 100644 --- a/Dockerfile--rockylinux_8.tmpl +++ b/Dockerfile--rockylinux_8.tmpl @@ -111,16 +111,7 @@ ENV LANG=C.UTF-8 RUN chmod 700 /home/test/ && \ mkdir -p /home/test/.ssh && \ - echo 'Host *' > /home/test/.ssh/config && \ - echo ' ControlMaster auto' >> /home/test/.ssh/config && \ - echo ' ControlPath /home/test/.ssh/master-%r@%h:%p' >> /home/test/.ssh/config && \ - echo ' ControlPersist 30m' >> /home/test/.ssh/config && \ - echo ' StrictHostKeyChecking no' >> /home/test/.ssh/config && \ - echo ' UserKnownHostsFile /dev/null' >> /home/test/.ssh/config && \ - echo ' GSSAPIAuthentication no' >> /home/test/.ssh/config && \ - chown -R test:test /home/test/.ssh && \ - chmod 700 /home/test/.ssh && \ - chmod 600 /home/test/.ssh/config + chown -R test:test /home/test/.ssh # Our proven ENTRYPOINT with a DUMMY plug ENTRYPOINT ["sh", "-c", " \ @@ -142,6 +133,11 @@ if [ ! -f /home/test/.ssh/id_rsa ]; then \ chmod 600 /home/test/.ssh/authorized_keys; \ fi; \ ls -la /home/test/.ssh/; \ +su test -c \"ssh-keyscan -H localhost >> /home/test/.ssh/known_hosts\"; \ +su test -c \"ssh-keyscan -H 127.0.0.1 >> /home/test/.ssh/known_hosts\"; \ +if [ -n \"${TEST_CFG__REMOTE_HOST:-}\" ]; then \ + su test -c \"ssh-keyscan -H ${TEST_CFG__REMOTE_HOST} >> /home/test/.ssh/known_hosts\"; \ +fi; \ if [ -n \"${TEST_CFG__REMOTE_SSH_KEY:-}\" ]; then \ cp \"${TEST_CFG__REMOTE_SSH_KEY}\" \"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \ export TEST_CFG__REMOTE_SSH_KEY=\"${TEST_CFG__REMOTE_SSH_KEY}_ci\"; \