From fc6e0e71fe2425c2176307e8020f5b596f492cd2 Mon Sep 17 00:00:00 2001
From: egazzarr <gazzarrini.elena@gmail.com>
Date: Wed, 16 Aug 2023 13:38:20 +0200
Subject: [PATCH] docker: new rucio version and new CA cert bundle

Updates Rucio client version.

Introduced new automated way to get CA certifications for CERN bundle.

Removes outdated EGI trunstanchors.
---
 Dockerfile                 | 10 +++++-----
 files/rucio.cfg.j2         |  2 +-
 linuxsupport7s-stable.repo |  9 +++++++++
 3 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 linuxsupport7s-stable.repo

diff --git a/Dockerfile b/Dockerfile
index 0cb185f..2cc6e4f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,17 @@
-ARG BASETAG=release-1.29.1
+ARG BASETAG=release-1.30.0
 FROM rucio/rucio-clients:$BASETAG
 
 USER root
 
-# CERN certificate
-COPY --chown=user:user files/CERN-bundle.pem /etc/pki/tls/certs/CERN-bundle.pem
+COPY ./linuxsupport7s-stable.repo /etc/yum.repos.d/
 
 # Add the rucio configuration template
 COPY --chown=user:user files/rucio.cfg.j2 /opt/user/rucio.cfg.j2
 
 # EGI trust anchors
-RUN curl -Lo /etc/yum.repos.d/EGI-trustanchors.repo https://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo && \
-    yum -y install ca-certificates ca-policy-egi-core && \
+
+RUN yum -y install ca-certificates ca-policy-egi-core && \
+    yum install -y CERN-CA-certs && \
     yum clean all && \
     rm -rf /var/cache/yum
 
diff --git a/files/rucio.cfg.j2 b/files/rucio.cfg.j2
index 9fd17df..80b9452 100644
--- a/files/rucio.cfg.j2
+++ b/files/rucio.cfg.j2
@@ -1,7 +1,7 @@
 [client]
 rucio_host = {{ RUCIO_CFG_RUCIO_HOST | default('') }}
 auth_host = {{ RUCIO_CFG_AUTH_HOST | default('') }}
-ca_cert = {{ RUCIO_CFG_CA_CERT | default('/rucio_cache/CERN-bundle.pem') }}
+ca_cert = {{ RUCIO_CFG_CA_CERT | default('/etc/pki/tls/certs/CERN-bundle.pem') }}
 auth_type = {{ RUCIO_CFG_AUTH_TYPE | default('x509_proxy') }}
 username = {{ RUCIO_CFG_USERNAME | default('') }}
 password = {{ RUCIO_CFG_PASSWORD | default('') }}
diff --git a/linuxsupport7s-stable.repo b/linuxsupport7s-stable.repo
new file mode 100644
index 0000000..9ac9a2b
--- /dev/null
+++ b/linuxsupport7s-stable.repo
@@ -0,0 +1,9 @@
+# Example modified for cc7 taken from https://gitlab.cern.ch/linuxsupport/rpmci/-/blob/master/kojicli/linuxsupport8s-stable.repo 
+[linuxsupport7s-stable]
+name=linuxsupport [stable]
+baseurl=https://linuxsoft.cern.ch/cern/centos/7/cern/$basearch
+enabled=1
+gpgcheck=False
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-koji file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kojiv2
+priority=1
+protect=1