From 224473157adb27a67109a26ea21edc9a7d321049 Mon Sep 17 00:00:00 2001
From: Anatolii Bazko <abazko@redhat.com>
Date: Thu, 17 Sep 2020 12:23:25 +0300
Subject: [PATCH 1/4] Disable selfregistration users by default (#448)

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
---
 templates/keycloak_provision | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/keycloak_provision b/templates/keycloak_provision
index 4e32498dd..71eded74a 100644
--- a/templates/keycloak_provision
+++ b/templates/keycloak_provision
@@ -10,7 +10,7 @@ if [ $? -eq 0 ]; then echo "Realm exists"; exit 0; fi \
                                         -s displayName='$realmDisplayName' \
                                         -s enabled=true \
                                         -s sslRequired=none \
-                                        -s registrationAllowed=true \
+                                        -s registrationAllowed=false \
                                         -s resetPasswordAllowed=true \
                                         -s loginTheme=$keycloakTheme \
                                         -s accountTheme=$keycloakTheme \

From f55a9185ecaf85959675c3ee54ab858f188058c6 Mon Sep 17 00:00:00 2001
From: Nick Boldt <nboldt@redhat.com>
Date: Fri, 18 Sep 2020 01:57:00 -0400
Subject: [PATCH 2/4] CVE fix: librepo (#450)

Change-Id: I56d18fbd6686a917df9bd5aef0cab8e0adf1db1a
Signed-off-by: nickboldt <nboldt@redhat.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 263eaa270..30e531e02 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,7 @@ COPY --from=builder /tmp/che-operator/che-operator /usr/local/bin/che-operator
 COPY --from=builder /che-operator/templates/keycloak_provision /tmp/keycloak_provision
 COPY --from=builder /che-operator/templates/oauth_provision /tmp/oauth_provision
 # apply CVE fixes, if required
-RUN microdnf update -y libnghttp2 && microdnf clean all && rm -rf /var/cache/yum && echo "Installed Packages" && rpm -qa | sort -V && echo "End Of Installed Packages"
+RUN microdnf update -y librepo libnghttp2 && microdnf clean all && rm -rf /var/cache/yum && echo "Installed Packages" && rpm -qa | sort -V && echo "End Of Installed Packages"
 CMD ["che-operator"]
 
 # append Brew metadata here (it will be appended via https://github.com/redhat-developer/codeready-workspaces-operator/blob/master/operator.Jenkinsfile)

From f0545195f8781f9bc3c88b0e0f335f41106f42e8 Mon Sep 17 00:00:00 2001
From: Nick Boldt <nboldt@redhat.com>
Date: Mon, 21 Sep 2020 10:08:31 -0400
Subject: [PATCH 3/4] CRW-1229 use ArchitectureDependentEnv values instead of
 amd64-specific ones to match values set in defaults.go (#454)

Change-Id: I88022bd2b4faa09c1cbf489d75b198ddc98f19c1
Signed-off-by: nickboldt <nboldt@redhat.com>
---
 pkg/deploy/defaults_test.go | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/pkg/deploy/defaults_test.go b/pkg/deploy/defaults_test.go
index 1a4ba7eaa..2db6df3ab 100644
--- a/pkg/deploy/defaults_test.go
+++ b/pkg/deploy/defaults_test.go
@@ -18,6 +18,7 @@ import (
 	"testing"
 
 	orgv1 "github.com/eclipse/che-operator/pkg/apis/org/v1"
+	util "github.com/eclipse/che-operator/pkg/util"
 	"gopkg.in/yaml.v2"
 	appsv1 "k8s.io/api/apps/v1"
 )
@@ -46,25 +47,25 @@ func init() {
 			switch env.Name {
 			case "CHE_VERSION":
 				cheVersionTest = env.Value
-			case "RELATED_IMAGE_che_server":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_che_server"):
 				cheServerImageTest = env.Value
-			case "RELATED_IMAGE_plugin_registry":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_plugin_registry"):
 				pluginRegistryImageTest = env.Value
-			case "RELATED_IMAGE_devfile_registry":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_devfile_registry"):
 				devfileRegistryImageTest = env.Value
-			case "RELATED_IMAGE_che_tls_secrets_creation_job":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_che_tls_secrets_creation_job"):
 				tlsJobImageTest = env.Value
-			case "RELATED_IMAGE_pvc_jobs":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_pvc_jobs"):
 				pvcJobsImageTest = env.Value
-			case "RELATED_IMAGE_postgres":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_postgres"):
 				postgresImageTest = env.Value
-			case "RELATED_IMAGE_keycloak":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_keycloak"):
 				keycloakImageTest = env.Value
-			case "RELATED_IMAGE_che_workspace_plugin_broker_metadata":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_che_workspace_plugin_broker_metadata"):
 				brokerMetadataTest = env.Value
-			case "RELATED_IMAGE_che_workspace_plugin_broker_artifacts":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_che_workspace_plugin_broker_artifacts"):
 				brokerArtifactsTest = env.Value
-			case "RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image":
+			case util.GetArchitectureDependentEnv("RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image"):
 				jwtProxyTest = env.Value
 			}
 		}

From cf8c32694bec3e5194817a2502f5145fce98a1fa Mon Sep 17 00:00:00 2001
From: Oleksandr Andriienko <oandriie@redhat.com>
Date: Tue, 22 Sep 2020 04:18:49 -0400
Subject: [PATCH 4/4] Fix tag argument for update-nightly-bundle. (#455)

* Fix tag argument for update-nightly-bundle.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
---
 olm/update-nightly-bundle.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/olm/update-nightly-bundle.sh b/olm/update-nightly-bundle.sh
index 69dc42fc8..b6aa3fb8d 100755
--- a/olm/update-nightly-bundle.sh
+++ b/olm/update-nightly-bundle.sh
@@ -131,7 +131,7 @@ do
 
   if [[ -n "$TAG" ]]; then
     echo "[INFO] Set tags in nightly OLM files"
-    sed -i 's/'$RELEASE'/'$TAG'/g' ${NEW_CSV}
+    sed -ri "s/(.*:\s?)${RELEASE}([^-])?$/\1${TAG}\2/" "${NEW_CSV}"
   fi
 
   if [[ $platform == "openshift" ]]; then