chore(build): Update ubi Docker builds to UBI9 (#5465)

* Update to UBI9

* Update ubi-build-files-amd64.txt

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update ubi-build-files-arm64.txt

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Add TLS certificate files to ubi build list

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Add TLS certificate files to ubi build list

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Remove unused

* Add missing required files

---------

Signed-off-by: Idan Adar <iadar@il.ibm.com>

Dockerfile.ubi

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi8/ubi@sha256:2f698e145dd30ac9f611b8984b910640bc210fae476dc36aa9ba200fad2a30ed AS minimal-ubi
+FROM registry.access.redhat.com/ubi9/ubi@sha256:dec374e05cc13ebbc0975c9f521f3db6942d27f8ccdf06b180160490eef8bdbc AS minimal-ubi
 
 # Add metadata
 LABEL maintainer="cncf-externalsecretsop-maintainers@lists.cncf.io" \
@@ -20,7 +20,7 @@ COPY ubi-build-files-${TARGETARCH}.txt /tmp
 # Copy all the required files from the base UBI image into the image directory
 # As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files
 RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/ \
-  && strip --strip-unneeded /image/usr/lib64/*[0-9].so && rpm --root /image --initdb \
+  && rpm --root /image --initdb \
   && PACKAGES=$(rpm -qf $(cat /tmp/ubi-build-files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \
   && echo dnf install -y 'dnf-command(download)' \
   && dnf download --destdir / ${PACKAGES} \

ubi-build-files-amd64.txt

@@ -1,14 +1,13 @@
-etc/pki
-etc/ssl/certs
+
 etc/redhat-release
 usr/share/zoneinfo
-usr/lib64/ld-2.28.so
 usr/lib64/ld-linux-x86-64.so.2
-usr/lib64/libc-2.28.so
 usr/lib64/libc.so.6
-usr/lib64/libdl-2.28.so
 usr/lib64/libdl.so.2
-usr/lib64/libpthread-2.28.so
 usr/lib64/libpthread.so.0
-usr/lib64/libm-2.28.so
 usr/lib64/libm.so.6
+/etc/pki/tls/cert.pem
+/etc/pki/tls/certs/ca-bundle.crt
+/etc/pki/tls/certs/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

ubi-build-files-arm64.txt

@@ -1,14 +1,13 @@
-etc/pki
-etc/ssl/certs
+
 etc/redhat-release
 usr/share/zoneinfo
-usr/lib64/ld-2.28.so
-usr/lib64/ld-linux-aarch64.so.1
-usr/lib64/libc-2.28.so
+usr/lib/ld-linux-aarch64.so.1
 usr/lib64/libc.so.6
-usr/lib64/libdl-2.28.so
 usr/lib64/libdl.so.2
-usr/lib64/libpthread-2.28.so
 usr/lib64/libpthread.so.0
-usr/lib64/libm-2.28.so
 usr/lib64/libm.so.6
+/etc/pki/tls/cert.pem
+/etc/pki/tls/certs/ca-bundle.crt
+/etc/pki/tls/certs/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

ubi-build-files-ppc64le.txt

@@ -1,13 +1,13 @@
-etc/pki
-etc/ssl/certs
+
 etc/redhat-release
 usr/share/zoneinfo
-usr/lib64/ld-2.28.so
-usr/lib64/libc-2.28.so
+usr/lib64/ld64.so.2
 usr/lib64/libc.so.6
-usr/lib64/libdl-2.28.so
 usr/lib64/libdl.so.2
-usr/lib64/libpthread-2.28.so
 usr/lib64/libpthread.so.0
-usr/lib64/libm-2.28.so
 usr/lib64/libm.so.6
+/etc/pki/tls/cert.pem
+/etc/pki/tls/certs/ca-bundle.crt
+/etc/pki/tls/certs/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

ubi-build-files-s390x.txt

@@ -1,13 +1,13 @@
-etc/pki
-etc/ssl/certs
+
 etc/redhat-release
 usr/share/zoneinfo
-usr/lib64/ld-2.28.so
-usr/lib64/libc-2.28.so
+usr/lib/ld64.so.1
 usr/lib64/libc.so.6
-usr/lib64/libdl-2.28.so
 usr/lib64/libdl.so.2
-usr/lib64/libpthread-2.28.so
 usr/lib64/libpthread.so.0
-usr/lib64/libm-2.28.so
 usr/lib64/libm.so.6
+/etc/pki/tls/cert.pem
+/etc/pki/tls/certs/ca-bundle.crt
+/etc/pki/tls/certs/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
+/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem