fix: use find instead of hardcoded gem paths for rootless patches

slauger · slauger · commit f5a834a5ca5a · 2026-04-07T10:14:23.000+02:00
diff --git a/openvoxserver/Containerfile.alpine b/openvoxserver/Containerfile.alpine
@@ -223,12 +223,14 @@ RUN for d in \
 RUN sed -i 's/^ *USER="puppet"/USER=""/' /etc/default/puppetserver
 # `puppetserver setup` forces symlinking the "old" cadir to the "new" one for puppet 6 compatibility 
 # reasons. this won't work because after creating a link ruby tries to call chown
-RUN sed -i '/Puppetserver::Ca::Utils::Config\.symlink_to_old_cadir/ s/^/# /' \
-  /usr/lib/ruby/gems/3.4.0/gems/openvoxserver-ca-3.0.0/lib/puppetserver/ca/action/setup.rb
+RUN find /usr/lib/ruby/gems -name setup.rb \
+    -path '*/openvoxserver-ca-*/lib/puppetserver/ca/action/*' \
+    -exec sed -i '/Puppetserver::Ca::Utils::Config\.symlink_to_old_cadir/ s/^/# /' {} +
 # `FileUtils.chown` calls fail in rootless containers because the process
 # lacks CAP_CHOWN. The ownership is already handled by the g=u / SGID pattern above.
-RUN sed -i 's/FileUtils\.chown/# FileUtils.chown/' \
-  /usr/lib/ruby/gems/3.4.0/gems/openvoxserver-ca-3.0.0/lib/puppetserver/ca/utils/file_system.rb
+RUN find /usr/lib/ruby/gems -name file_system.rb \
+    -path '*/openvoxserver-ca-*/lib/puppetserver/ca/utils/*' \
+    -exec sed -i 's/FileUtils\.chown/# FileUtils.chown/' {} +
 # `install --owner/--group` in the foreground script requires CAP_CHOWN which
 # is not available in rootless containers. Replace with a simple touch + chmod.
 RUN sed -i 's|printf.*install -D --owner.*restartfile.*|touch "$restartfile" \&\& chmod 0644 "$restartfile"|' \
