fix: patch foreground script to avoid chown in rootless containers

The foreground script uses 'install --owner --group' to create the
restartcounter file, which requires CAP_CHOWN. Replace with touch + chmod
which works without elevated capabilities.

Author: slauger

openvoxserver/Containerfile.alpine

@@ -229,6 +229,10 @@ RUN sed -i '/Puppetserver::Ca::Utils::Config\.symlink_to_old_cadir/ s/^/# /' \
 # lacks CAP_CHOWN. The ownership is already handled by the g=u / SGID pattern above.
 RUN sed -i 's/FileUtils\.chown/# FileUtils.chown/' \
   /usr/lib/ruby/gems/3.4.0/gems/openvoxserver-ca-3.0.0/lib/puppetserver/ca/utils/file_system.rb
+# `install --owner/--group` in the foreground script requires CAP_CHOWN which
+# is not available in rootless containers. Replace with a simple touch + chmod.
+RUN sed -i 's|printf.*install -D --owner.*restartfile.*|touch "$restartfile" \&\& chmod 0644 "$restartfile"|' \
+  /opt/puppetlabs/server/apps/puppetserver/cli/apps/foreground
 
 USER puppet:0