Larvitz  Jun 14, 2024

My current #linux system in 06/2024:

Hardware: ThinkPad T480 with Intel i7 from 2018, dual internal batteries, 512 GB SSD, 32GB RAM and a #Nitrokey 3 as a hardware security token.

OS: #Fedora 40  #KDE Edition  
Terminal: #Konsole
Terminal-prompt: Starship
Editor: Neovim  
dotfile Management: #chezmoi
Shell: #fish shell 🐠
Synchronized shell history: #atuin
Container-Engine: #Podman  
Dev-Containers: #Distrobox (With #RHEL and #Arch Linux (btw))
Modern "ls" replacement: #eza
GPG/SSH-Keys: openpgp-card-ssh-agent and oct (https://codeberg.org/openpgp-card/)
Mail/PIM: #KMail/#KOrganizer
Notes: #KleverNotes
Mastodon Client: #Tokodon
File-Synchronization: #Nextcloud
Gaming: Steam  , Bottles and ProtonUP-QT

openpgp-card

A set of Rust client libraries for OpenPGP card devices (https://en.wikipedia.org/wiki/OpenPGP_card), and tools based on these libraries.

Codeberg.org
Show threadAdam   Jun 14, 2024
@Larvitz how'd you get RHEL in distrobox? 🤔 ... does subscription-manager work?
Show threadLarvitz  Jun 14, 2024
@maxamillion Thats an UBI Container Image, which doesn't need subscription-manager
Show threadAdam   Jun 14, 2024
@Larvitz ohhh okay, UBI isn't *really* RHEL ... it's kinda RHEL ... if you squint and ignore ~70% of the package repo 😉
Show threadCarl George  Jun 15, 2024
@maxamillion @Larvitz Fun fact, if you subscribe the host machine (yes even Fedora) then UBI containers automatically upgrade to full RHEL containers.
Show threadAdam   Jun 15, 2024
@carlwgeorge @Larvitz wait, I didn't know that worked on Fedora???? 🤔🤔🤔
Show threadKomishJun 15, 2024

@maxamillion @carlwgeorge @Larvitz

I also didn’t not know it worked on Fedora!

I’ve always wondered, in these scenarios, does host meta get transferred into the container if I use the package manager to access its repos?

Show threadLarvitz  Jun 15, 2024

@komish @maxamillion @carlwgeorge

I tried it out today and when I started my UBI9 after subscribing my Fedora host with subscription-manager, all the real RHEL9 repositories were there and I could install packages from them.

From the technical side, I saw that the entitlement certificates from the host were supposedly mounted to /etc/pki/entitlement-host and I guess dnf is then using them to access the Red Hat CDN. Also there's a repolist file generated in /etc/yum.repos.d with the Red Hat Repositories.

That's just my impression from the observations, I made when fiddling around with it.

Show threadKomish
@Larvitz @maxamillion @carlwgeorge oh, oh, oh - it’s a *subscribed* fedora host. Well that makes much more sense to me.
Jun 15, 2024 at 11:59amWeb
Show threadLarvitz  Jun 15, 2024
@komish @maxamillion @carlwgeorge Yes, I installed subscription-manager on the fedora host and subscribed it. Then UBI9 containers, run on that Fedora system could access all the RHEL packages.
Show threadLarvitz  Jun 15, 2024

@komish @maxamillion @carlwgeorge

Ah, found it.

~ ❯ cat /usr/share/containers/mounts.conf
/usr/share/rhel/secrets:/run/secrets

The /usr/share/containers/mounts.conf (on the host) defines a mount, so all the data needed for subscription-manager are mounted into Podman containers to /run/secrets