From f62b3e3e66bc1abe44986f7906d375b9fa8ed614 Mon Sep 17 00:00:00 2001
From: Artem Zatsarynnyi <azatsary@redhat.com>
Date: Tue, 8 Oct 2024 11:31:09 +0200
Subject: [PATCH] Fix running IDE in a UBI8-based user's container

Signed-off-by: Artem Zatsarynnyi <azatsary@redhat.com>
---
 build/dockerfiles/Dockerfile               |  6 ++
 build/scripts/entrypoint-init-container.sh |  7 +-
 build/scripts/entrypoint-volume.sh         | 74 ++++++++++++++++++++--
 3 files changed, 80 insertions(+), 7 deletions(-)

diff --git a/build/dockerfiles/Dockerfile b/build/dockerfiles/Dockerfile
index 95aa112..aa45daf 100755
--- a/build/dockerfiles/Dockerfile
+++ b/build/dockerfiles/Dockerfile
@@ -8,6 +8,9 @@
 # Contributors:
 #   Red Hat, Inc. - initial API and implementation
 
+# https://registry.access.redhat.com/ubi8/nodejs-20
+FROM registry.access.redhat.com/ubi8/nodejs-20:1-58.1724661482 as ubi8
+
 # Base image tag updater line.
 # See https://github.com/eclipse-che/che-release/pull/90
 # https://registry.access.redhat.com/ubi9/nodejs-20
@@ -35,6 +38,9 @@ RUN for f in "${HOME}" "/etc/passwd" "/etc/group" "/status-app" "/idea-server";
 WORKDIR /status-app/
 RUN npm install
 
+# to provide to a UBI8-based user's container
+COPY --from=ubi8 /usr/bin/node /node-ubi8
+
 # Switch to unprivileged user.
 USER 10001
 
diff --git a/build/scripts/entrypoint-init-container.sh b/build/scripts/entrypoint-init-container.sh
index a82f2ba..f9ccf05 100755
--- a/build/scripts/entrypoint-init-container.sh
+++ b/build/scripts/entrypoint-init-container.sh
@@ -46,8 +46,11 @@ fi
 
 cp -r /status-app/ "$ide_server_path"
 cp /entrypoint-volume.sh "$ide_server_path"
-# copy Node.js to the editor volume, in case there is no one in the user's container
-cp /usr/bin/node "$ide_server_path"
+
+# Copy Node.js to the editor volume,
+# in case there is no one in the user's container.
+cp /usr/bin/node "$ide_server_path"/node-ubi9
+cp /node-ubi8 "$ide_server_path"/node-ubi8
 
 echo "Volume content:"
 ls -la "$ide_server_path"
diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh
index 82b5f73..44915b0 100755
--- a/build/scripts/entrypoint-volume.sh
+++ b/build/scripts/entrypoint-volume.sh
@@ -29,16 +29,80 @@ ide_server_path="/idea-server"
 echo "Volume content:"
 ls -la "$ide_server_path"
 
+
+libssl_version=""
+get_libssl_version() {
+  libssl=$(find / -type f \( -name "libssl.so*" \) 2>/dev/null)
+  if [ -z "$libssl" ]; then
+    for dir in /lib64 /usr/lib64 /lib /usr/lib /usr/local/lib64 /usr/local/lib; do
+      for file in "$dir"/libssl.so*; do
+        if [ -e "$file" ]; then
+          libssl="$file"
+          break 2
+        fi
+      done
+    done
+  fi
+
+  echo "[INFO] libssl: $libssl"
+
+  case "${libssl}" in
+  *libssl.so.1*)
+    echo "[INFO] libssl version is: 1"
+    libssl_version="1"
+    ;;
+  *libssl.so.3*)
+    echo "[INFO] libssl version is: 3"
+    libssl_version="3"
+    ;;
+  *)
+    libssl_version=""
+    echo "[WARNING] unknown libssl version: $libssl"
+    ;;
+  esac
+}
+
+openssl_version=""
+get_openssl_version() {
+  if command -v openssl >/dev/null 2>&1; then
+    echo "[INFO] openssl command is available, OpenSSL version is: $(openssl version -v)"
+    openssl_version=$(openssl version -v | cut -d' ' -f2 | cut -d'.' -f1)
+  elif command -v rpm >/dev/null 2>&1; then
+    echo "[INFO] rpm command is available"
+    openssl_version=$(rpm -qa | grep openssl-libs | cut -d'-' -f3 | cut -d'.' -f1)
+  else
+    echo "[INFO] openssl and rpm commands are not available, trying to detect OpenSSL version..."
+    get_libssl_version
+    openssl_version=$libssl_version
+  fi
+}
+
+
 # Start the app that checks the IDE server status.
 # This will be workspace's 'main' endpoint.
 cd "$ide_server_path"/status-app
-if command -v npm &> /dev/null
-then
-  # User's container with Node.js
+if command -v npm &> /dev/null; then
+  # Node.js installed in a user's container
   nohup npm start &
 else
-  # User's container without Node.js
-  # Use Node.js copied from the editor-injector container (UBI9).
+  # no Node.js installed,
+  # use the one that editor-injector provides
+  get_openssl_version
+  echo "[INFO] OpenSSL major version is: $openssl_version."
+
+  case "${openssl_version}" in
+  *"1"*)
+    mv "$ide_server_path"/node-ubi8 "$ide_server_path"/node
+    ;;
+  *"3"*)
+    mv "$ide_server_path"/node-ubi9 "$ide_server_path"/node
+    ;;
+  *)
+    echo "[WARNING] Unsupported OpenSSL major version. Node.js from UBI9 will be used."
+    mv "$ide_server_path"/node-ubi9 "$ide_server_path"/node
+    ;;
+  esac
+
   nohup "$ide_server_path"/node index.js &
 fi