-
Sub-task
-
Resolution: Done
-
Blocker
-
3.1.0.GA
-
None
-
False
-
None
-
False
Today the ds-code build installs libsecret and libsecret-devel from RHEL8 and/or from Fedora rpms.
This is OK for upstream where rpm signing is not required/checked by CVP.
But downstream we should follow the pattern used in ds-theia and ds-idea, where for upstream we have a {if-arch-else-arch2-...-fi}} logic, but for downstream we just `dnf -y install lilbsecret libsecret-devel`
See idea example, where we moved away from Fedora RPMs to support CVE fixes:
- https://github.com/redhat-developer/devspaces-images/blob/devspaces-3-rhel-8/devspaces-idea/Dockerfile#L44
- https://github.com/redhat-developer/devspaces-images/blob/devspaces-3-rhel-8/devspaces-idea/asset-required-rpms.txt
- https://github.com/redhat-developer/devspaces-images/blob/devspaces-3-rhel-8/devspaces-idea/build/scripts/sync.sh#L99-L102
- https://github.com/che-incubator/jetbrains-editor-images/blob/main/Dockerfile#L45
- https://github.com/che-incubator/jetbrains-editor-images/blob/main/asset-required-rpms.txt
- https://github.com/che-incubator/jetbrains-editor-images/commit/9bfbff7c542b5419fa9f3a523e22d20cbf2073be
