fix: patch out FileUtils.chown for rootless Alpine containers

slauger · slauger · commit 6d88b3a4f718 · 2026-04-02T23:32:09.000+02:00
The FileUtils.chown calls in openvoxserver-ca fail in rootless containers because the process lacks CAP_CHOWN. The directory ownership is already handled correctly by the g=u / SGID permission pattern. This is the same approach used in the openvox-operator project. Ref: #121
diff --git a/openvoxserver/Containerfile.alpine b/openvoxserver/Containerfile.alpine
@@ -225,6 +225,10 @@ RUN sed -i 's/^ *USER="puppet"/USER=""/' /etc/default/puppetserver
 # reasons. this won't work because after creating a link ruby tries to call chown
 RUN sed -i '/Puppetserver::Ca::Utils::Config\.symlink_to_old_cadir/ s/^/# /' \
   /usr/lib/ruby/gems/3.4.0/gems/openvoxserver-ca-3.0.0/lib/puppetserver/ca/action/setup.rb
+# `FileUtils.chown` calls fail in rootless containers because the process
+# lacks CAP_CHOWN. The ownership is already handled by the g=u / SGID pattern above.
+RUN sed -i 's/FileUtils\.chown/# FileUtils.chown/' \
+  /usr/lib/ruby/gems/3.4.0/gems/openvoxserver-ca-3.0.0/lib/puppetserver/ca/utils/file_system.rb
 
 USER puppet:0
 
