updated scripts to manage rhsm-certificates on ol8 and ol9

[scoter-oracle]

Fixed ol8 and ol9 scripts to get subscription-manager-rhsm-certificates RPM binary built for OL8 and OL9 (wasn't by default).
Verify and updated script and patch to build subscription-manager packages for OL7.

[Djelibeybi]

Hey @Scoter, could you please GPG sign your commit? See https://docs.github.com/articles/about-gpg/ for details. You also need to sign off (git commit -s) your commit.

[Djelibeybi]

I haven't had a chance to test this, but here are some initial thoughts. Thanks for this contribution!

[Djelibeybi]

Oracle ships packages that obsolete subscription-manager which is why this is here: I use a different name so I can obsolete the packages that obselete subscription-manager. Unless something has changed, this is required to install these packages with the default Oracle Linux repos still enabled.

[Djelibeybi]

It's 2024, not 2023. :) Also, you'll want to add another copyright line for yourself, not modify mine.

[Djelibeybi]

Shouldn't this already be tagged upstream? I check to see what the version is by checking the UBI images for each version, so this tag should already exist. We don't want to use latest, we need to use the version used by upstream so it migrates properly.

[Djelibeybi]

Instead of building the missing RPM, why not just remove the dependency? We don't need to include the Red Hat certificates.

[Djelibeybi]

Also, the required package is built for Oracle Linux 7 using the existing script. It doesn't need to be modified.

[scoter-oracle]

Here my feedback:

• the scripts (all-of-them) fail on copying the files on output/oraclelinux directory if "SELinux" is enforced on the host (container policies on creating directory and writing files) - SELinux=permissive works
• testing the script on OL7 was failing, you can check the same on your side.
• tagging for subscription-manager-rhsm-certificates was required because it does not have the same release we use; tagging name was generated with the version/release picked up from EL ubi images
• I tested the subscription-manager package(s) installation on OL7 and it does not need the "-el7"
• if we're going to move from RHEL a system our "subscription-manager" needs also to obsolete "subscription-manager-rhsm-certificates" (if we do not build the same)

[Djelibeybi]

Actually, OL7 was passing just fine for me, which is why I mentioned it. Also, for SElinux support, add :z to the end of the -v entries in each of the build-rhsm-olX.sh scripts so that Docker maintains the SElinux context.

Removing the dependency on the certificates package means we don't have to tag it either. Obsoleting it is certainly possible too (and probably worthwhile). It's a long weekend here, so hopefully I'll get a chance to poke at this a bit more.

[Djelibeybi]

Implemented via #13 instead.