CMP-3635: Modernize user setup

[xiaojiey]

The previous fix in PR #806 accidently got removed. This PR is the same with PR #806

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3563 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set.

Details

In response to this:

The previous fix in PR #806 removed the user_setup script that made
/etc/passwd group-writable (664), but Docker layer caching could still
result in 664 permissions in the final image.

This change adds an explicit RUN chmod 644 /etc/passwd command to all
Dockerfiles to ensure correct permissions regardless of cached layers
or base image state.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[github-actions]

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:1036-25835ae63bc078b6dc0baa209d0db7883f9a32cc

[github-actions]

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:1036-735c43d18a7916f633f70c71abbb04c3158e16b3

[xiaojiey]

With CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:1036-735c43d18a7916f633f70c71abbb04c3158e16b3, I can see the /etc/passwd permission is correct now:

$ oc get csv
NAME                             DISPLAY               VERSION     REPLACES   PHASE
compliance-operator.v1.8.0-dev   Compliance Operator   1.8.0-dev              Succeeded
$ oc get pod
NAME                                              READY   STATUS     RESTARTS      AGE
compliance-operator-6f6fdd6485-z6qpm              1/1     Running    2 (71s ago)   75s
ocp4-openshift-compliance-pp-7966b4f478-lmfxc     1/1     Running    0             54s
rhcos4-openshift-compliance-pp-64b955dc6b-sqtb9   0/1     Init:1/2   0             54s
$ oc exec pod/compliance-operator-6f6fdd6485-z6qpm -- ls -ltr /etc/passwd
-rw-r--r--. 1 root root 591 Jan  4 07:57 /etc/passwd

[xiaojiey]

/retest

[yuumasato]

/lgtm

[yuumasato]

/retest

[yuumasato]

/retest

[yuumasato]

/test e2e-aws-serial

[yuumasato]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: xiaojiey, yuumasato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [xiaojiey,yuumasato]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3665 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set.

Details

In response to this:

The previous fix in PR #806 accidently got removed. This PR is the same with PR #806

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3635 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the vulnerability to target either version "4.22." or "openshift-4.22.", but it targets "compliance-operator-1.9.0" instead.

Details

In response to this:

The previous fix in PR #806 accidently got removed. This PR is the same with PR #806

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[xiaojiey]

/label qe-approved