From b9cfac3b2793c7576193db976ac8e1742a47e606 Mon Sep 17 00:00:00 2001
From: Lester Amoin Espiritu <lesterespiritu.a@proton.me>
Date: Tue, 31 Dec 2024 20:46:38 +0000
Subject: [PATCH 1/6] Update file Containerfile

---
 Containerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containerfile b/Containerfile
index 4aec1ba..44d7492 100644
--- a/Containerfile
+++ b/Containerfile
@@ -70,7 +70,7 @@ ARG ENABLE_FIPS=true
 # may be changed if you know what you're doing.
 LABEL register="podman run -it --rm \
  --secret=REGISTRATION_TOKEN,type=env \
- -v ./config.toml:/etc/gitlab-runner/config.toml:Z \
+ -v ./config.toml:/home/podman/.gitlab-runner/config.toml:Z \
  -e REGISTER_NON_INTERACTIVE=true \
  -e CI_SERVER_URL=${GITLAB_URL} \
  -e RUNNER_NAME=pipglr \

From 87a3bb5cb7636d19af3791aa739512e2b0e26ba7 Mon Sep 17 00:00:00 2001
From: Lester Amoin Espiritu <lesterespiritu.a@proton.me>
Date: Tue, 31 Dec 2024 20:54:44 +0000
Subject: [PATCH 2/6] Update file .gitlab-ci.yml

---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 964f72b..04cad23 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,6 +44,7 @@ build:
     - saas-linux-medium-amd64
   stage: deploy
   variables:
+    FF_GITLAB_REGISTRY_HELPER_IMAGE: 0
     BUILDAH_FORMAT: docker
     BUILDAH_ISOLATION: chroot
     STORAGE_DRIVER: vfs

From c6c510b22aa55838beae8fa6e79c8ea3eefb8d13 Mon Sep 17 00:00:00 2001
From: Lester Amoin Espiritu <lesterespiritu.a@proton.me>
Date: Wed, 1 Jan 2025 06:24:42 +0800
Subject: [PATCH 3/6] Include missing helper package for installation

---
 root/setup.sh | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/root/setup.sh b/root/setup.sh
index 3973277..ab70bee 100644
--- a/root/setup.sh
+++ b/root/setup.sh
@@ -75,14 +75,19 @@ function install_packages() {
   # Gitlab-runner package contains scriptlets which do not function properly inside a
   # container-build environment where systemd is not active/running.
   if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
-    PACKAGE_FILE="gitlab-runner_${TARGETARCH}-fips.rpm"
+    PACKAGE_FILES=(
+      "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}-fips.rpm"
+    )
   else
-    PACKAGE_FILE="gitlab-runner_${TARGETARCH}.rpm"
+    PACKAGE_FILES=(
+      "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm"
+      "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner-helper-images.rpm"
+    )
   fi
 
   "${dnf[@]}" "${exclude_args[@]}" \
     --setopt=tsflags=noscripts install \
-    "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}"
+    ${PACKAGE_FILES[@]}
 
   # Also don't start unnecessary or broken
   # systemd services, like anything kernel related or login gettys.

From d371873d07ab3849a27946c6ce32afc37e50a176 Mon Sep 17 00:00:00 2001
From: Lester Amoin Espiritu <lesterespiritu.a@proton.me>
Date: Fri, 3 Jan 2025 21:58:34 +0800
Subject: [PATCH 4/6] Update runner download URLs

---
 root/setup.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/root/setup.sh b/root/setup.sh
index ab70bee..4b5b61c 100644
--- a/root/setup.sh
+++ b/root/setup.sh
@@ -76,12 +76,12 @@ function install_packages() {
   # container-build environment where systemd is not active/running.
   if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
     PACKAGE_FILES=(
-      "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}-fips.rpm"
+      "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}-fips.rpm"
     )
   else
     PACKAGE_FILES=(
-      "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm"
-      "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/gitlab-runner-helper-images.rpm"
+      "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm"
+      "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/$RUNNER_VERSION/rpm/gitlab-runner-helper-images.rpm"
     )
   fi
 

From 5251497dc263d5ed4d255b21e3fb4dec961934da Mon Sep 17 00:00:00 2001
From: Lester Amoin Espiritu <lesterespiritu.a@proton.me>
Date: Fri, 3 Jan 2025 22:00:13 +0800
Subject: [PATCH 5/6] Explicitly indicate the root user for some runlabels

---
 Containerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containerfile b/Containerfile
index 44d7492..010d6bf 100644
--- a/Containerfile
+++ b/Containerfile
@@ -70,7 +70,8 @@ ARG ENABLE_FIPS=true
 # may be changed if you know what you're doing.
 LABEL register="podman run -it --rm \
  --secret=REGISTRATION_TOKEN,type=env \
- -v ./config.toml:/home/podman/.gitlab-runner/config.toml:Z \
+ --user=root \
+ -v ./config.toml:/etc/gitlab-runner/config.toml:Z \
  -e REGISTER_NON_INTERACTIVE=true \
  -e CI_SERVER_URL=${GITLAB_URL} \
  -e RUNNER_NAME=pipglr \
@@ -95,6 +96,7 @@ LABEL setupcache="podman volume create --opt o=uid=1000,gid=1001 pipglr-cache"
 
 # Helper to extract the current configuration secret to allow editing.
 LABEL dumpconfig="podman run -it --rm \
+ --user=root \
  --secret config.toml --entrypoint=/bin/cat \
  \$IMAGE /var/run/secrets/config.toml"
 
@@ -103,6 +105,7 @@ LABEL dumpconfig="podman run -it --rm \
 # Note: The contents of the volumes are not critical, they may be removed
 # and re-created (see above) to quickly free-up disk space.
 LABEL run="podman run -dt --name pipglr \
+ --user=root \
  --secret config.toml,uid=1001,gid=1001 \
  -v pipglr-storage:/home/podman/.local/share/containers \
  -v pipglr-cache:/cache \

From b44ceb541885dd36f3fb301a016b70b6dfa5db96 Mon Sep 17 00:00:00 2001
From: Lester Amoin Espiritu <lesterespiritu.a@proton.me>
Date: Fri, 3 Jan 2025 22:01:32 +0800
Subject: [PATCH 6/6] Add some placeholders to the volume directories to try
 and fix erratic ownership changes

---
 root/setup.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/root/setup.sh b/root/setup.sh
index 4b5b61c..d1d7aec 100644
--- a/root/setup.sh
+++ b/root/setup.sh
@@ -51,6 +51,7 @@ function main() {
   setup_service_podman
   setup_service_runner
   setup_gitlab_config
+  setup_volumes
 
   finalize_ownership
 }
@@ -153,9 +154,11 @@ function setup_user() {
 function setup_volumes() {
   # Host volume mount necessary for nested-podman to use overlayfs2 for container & volume storage.
   mkdir -p /home/podman/.local/share/containers
+  touch /home/podman/.local/share/containers/.placeholder
 
   # Nested-container's local container-cache volume mount, recommended by gitlab-runner docs.
   mkdir -p /cache
+  touch /cache/.placeholder
 
   # Both the gitlab-runner and podman need access to the cache directory / volume mount.
   chown podman:runner /cache