From 72647788de13663f6f9e8836d131e7166020c874 Mon Sep 17 00:00:00 2001
From: Ken Dreyer <kdreyer@redhat.com>
Date: Tue, 5 May 2026 10:11:55 -0400
Subject: [PATCH] fix uv install to fail properly on download errors

Podman and Buildah default to the OCI image format, which does
not support the SHELL instruction. Podman effectively ignores SHELL, so
"pipefail" was never active. A failed "curl" piped into "sh" could exit
zero and produce a broken image.

Download to a temporary file first, then execute. Each step in
the "&&" chain fails the build independently.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 containers/paude/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/containers/paude/Dockerfile b/containers/paude/Dockerfile
index 0ca7de6..40af0da 100644
--- a/containers/paude/Dockerfile
+++ b/containers/paude/Dockerfile
@@ -45,10 +45,10 @@ ENV LANG=en_US.UTF-8
 ENV LC_ALL=en_US.UTF-8
 
 # Install uv package manager system-wide (available to root for pip_install builds)
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh \
+RUN curl -LsSf https://astral.sh/uv/install.sh -o /tmp/uv-install.sh \
+    && UV_INSTALL_DIR=/usr/local/bin sh /tmp/uv-install.sh \
+    && rm /tmp/uv-install.sh \
     && uv --version
-SHELL ["/bin/sh", "-c"]
 
 # Install tini init process for zombie reaping (not available in EPEL 10)
 ARG TINI_VERSION=v0.19.0