Here is an example of doing it on Fedora.
- Go to https://access.redhat.com/management/systems/
- Click on your system which has subscription attached.
- Download the subscription certificate to your non-RHEL host(laptop).
- Extract all files and then only place the *.pem file to e.g. ${ENT_DIR}/${ID}.pem
- more info here https://www.openshift.com/blog/how-to-use-entitled-image-builds-to-build-drivercontainers-with-ubi-on-openshift
laptop# cat /etc/redhat-release
Fedora release 31 (Thirty One)
laptop# podman version
Version: 1.8.2
RemoteAPI Version: 1
Go Version: go1.13.6
OS/Arch: linux/amd64
laptop# ENT_DIR=/root/entitlement/
laptop# mkdir -p $ENT_DIR
laptop# chmod -R 777 $ENT_DIR
laptop#
laptop# ls -l $ENT_DIR
-rwxrwxrwx. 1 root root 40428 Apr 13 16:20 7551405416834909762.pem
laptop#
laptop# ID=7551405416834909762
on F31 with entitlement:
laptop# podman run -u 0 -ti --mount \
type=bind,source=${ENT_DIR}/${ID}.pem,target=/etc/pki/entitlement/entitlement.pem,Z \
--mount type=bind,source=${ENT_DIR}/${ID}.pem,target=/etc/pki/entitlement/entitlement-key.pem,Z \
registry.access.redhat.com/ubi8:latest bash -c "dnf search kernel-devel --showduplicates | tail -n2"
Red Hat Enterprise Linux 8 for x86_64 - BaseOS 9.8 MB/s | 15 MB 00:01
Red Hat Enterprise Linux 8 for x86_64 - AppStre 14 MB/s | 15 MB 00:01
Red Hat Universal Base Image 8 (RPMs) - BaseOS 1.4 MB/s | 761 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 2.6 MB/s | 3.5 MB 00:01
Red Hat Universal Base Image 8 (RPMs) - CodeRea 13 kB/s | 9.1 kB 00:00
kernel-devel-4.18.0-147.8.1.el8_1.x86_64 : Development package for building
: kernel modules to match the kernel
on macos without entitlement:
laptop# docker run -u 0 -ti registry.access.redhat.com/ubi8:latest bash -c "dnf search kernel-devel --showduplicates | tail -n2"
Red Hat Universal Base Image 8 (RPMs) - BaseOS 2.2 MB/s | 761 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 5.5 MB/s | 3.5 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 50 kB/s | 9.1 kB 00:00
No matches found.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
on macos with entitlement:
laptop# docker run -u 0 -ti --mount \
type=bind,source=${ENT_DIR}/${ID}.pem,target=/etc/pki/entitlement/entitlement.pem \
--mount type=bind,source=${ENT_DIR}/${ID}.pem,target=/etc/pki/entitlement/entitlement-key.pem \
registry.access.redhat.com/ubi8:latest bash -c "dnf search kernel-devel --showduplicates | tail -n2"
Red Hat Enterprise Linux 8 for x86_64 - BaseOS 5.6 MB/s | 15 MB 00:02
Red Hat Enterprise Linux 8 for x86_64 - AppStre 7.3 MB/s | 15 MB 00:02
Red Hat Universal Base Image 8 (RPMs) - BaseOS 1.3 MB/s | 761 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 5.6 MB/s | 3.5 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 51 kB/s | 9.1 kB 00:00
Last metadata expiration check: 0:00:01 ago on Tue Apr 21 03:52:27 2020.
kernel-devel-4.18.0-147.8.1.el8_1.x86_64 : Development package for building
: kernel modules to match the kernel
laptop# podman build --rm -ti -v ${ENT_DIR}/${ID}.pem:/etc/pki/entitlement/entitlement.pem:Z \
-v ${ENT_DIR}/${ID}.pem:/etc/pki/entitlement/entitlement-key.pem:Z \
submod/ubi7 -f Dockerfile.ubi7 .
oc create secret generic entitlement --from-file=entitlement.pem=${ENT_DIR}/${ID}.pem --from-file=entitlement-key.pem=${ENT_DIR}/${ID}.pem
apiVersion: v1
kind: Pod
metadata:
name: entitled-build-pod
spec:
containers:
- name: entitled-build
image: registry.access.redhat.com/ubi8:latest
command: [ "/bin/sh", "-c", "dnf search kernel-devel --showduplicates" ]
volumeMounts:
- name: secret-entitlement
mountPath: /etc/pki/entitlement
readOnly: true
volumes:
- name: secret-entitlement
secret:
secretName: entitlement
restartPolicy: Never