Use /usr/sbin instead of /usr/local/bin to accommodate RHEL

assets/scripts/k3s.service

@@ -24,4 +24,4 @@ RestartSec=5s
 ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server --write-kubeconfig-mode=700 --disable traefik
+ExecStart=/usr/sbin/k3s server --write-kubeconfig-mode=700 --disable traefik

assets/scripts/zarf-clean-k3s.sh

@@ -78,8 +78,8 @@ fi
 rm -f /etc/systemd/system/k3s.service
 
 for cmd in kubectl crictl ctr; do
-	if [ -L /usr/local/bin/$cmd ]; then
-		rm -f /usr/local/bin/$cmd
+	if [ -L /usr/sbin/$cmd ]; then
+		rm -f /usr/sbin/$cmd
 	fi
 done
 
@@ -88,12 +88,12 @@ rm -rf /run/k3s
 rm -rf /run/flannel
 rm -rf /var/lib/rancher/k3s
 rm -rf /var/lib/kubelet
-rm -f /usr/local/bin/k3s
-rm -f /usr/local/bin/ctr
-rm -f /usr/local/bin/crictl
-rm -f /usr/local/bin/kubectl
-rm -f /usr/local/bin/k9s
-rm -f /usr/local/bin/k3s-remove.sh
+rm -f /usr/sbin/k3s
+rm -f /usr/sbin/ctr
+rm -f /usr/sbin/crictl
+rm -f /usr/sbin/kubectl
+rm -f /usr/sbin/k9s
+rm -f /usr/sbin/k3s-remove.sh
 rm -fr zarf-pki
 
 echo -e '\033[0m'

cli/cmd/destroy.go

@@ -1,10 +1,11 @@
 package cmd
 
 import (
-	"github.com/defenseunicorns/zarf/cli/internal/helm"
 	"os"
 	"regexp"
 
+	"github.com/defenseunicorns/zarf/cli/internal/helm"
+
 	"github.com/defenseunicorns/zarf/cli/internal/k8s"
 	"github.com/defenseunicorns/zarf/cli/internal/utils"
 
@@ -25,7 +26,7 @@ var destroyCmd = &cobra.Command{
 		if state.ZarfAppliance {
 			// If Zarf deployed the cluster, burn it all down
 			pattern := regexp.MustCompile(`(?mi)zarf-clean-.+\.sh$`)
-			scripts := utils.RecursiveFileList("/usr/local/bin", pattern)
+			scripts := utils.RecursiveFileList("/usr/sbin", pattern)
 			// Iterate over al matching zarf-clean scripts and exec them
 			for _, script := range scripts {
 				// Run the matched script

examples/big-bang/README.md

@@ -97,7 +97,7 @@ make vm-destroy
 This example adds the `kubescape` binary, which can scan clusters for compliance with the NSA/CISA Kubernetes Hardening Guide
 
 ```shell
-kubescape scan framework nsa --use-from=/usr/local/bin/kubescape-framework-nsa.json --exceptions=/usr/local/bin/kubescape-exceptions.json
+kubescape scan framework nsa --use-from=/usr/sbin/kubescape-framework-nsa.json --exceptions=/usr/sbin/kubescape-exceptions.json
 ```
 
 ## Services

examples/big-bang/zarf.yaml

@@ -26,13 +26,13 @@ components:
     files:
       - source: https://github.com/armosec/kubescape/releases/download/v1.0.123/kubescape-ubuntu-latest
         shasum: 6645659d0737367a9465f626883e7266eeefe5668e3aca788cbab9d7ce7e10e1
-        target: "/usr/local/bin/kubescape"
+        target: "/usr/sbin/kubescape"
         executable: true
       - source: https://github.com/armosec/regolibrary/releases/download/v1.0.62/nsa
         shasum: bf66e316904b2adb3bc69529ea3fb6bd81229e3e951b6a02157cd31e42efbe58
-        target: "/usr/local/bin/kubescape-framework-nsa.json"
+        target: "/usr/sbin/kubescape-framework-nsa.json"
       - source: "files/kubescape-exceptions.json"
-        target: "/usr/local/bin/kubescape-exceptions.json"
+        target: "/usr/sbin/kubescape-exceptions.json"
 
   - name: bb-core
     required: true

test/e2e/e2e_data_injection_test.go

@@ -32,11 +32,11 @@ func TestDataInjection(t *testing.T) {
 		require.NoError(e2e.testing, err, output)
 
 		// Test to confirm the root file was placed
-		output, err = e2e.runSSHCommand(`sudo bash -c '/usr/local/bin/kubectl -n demo exec data-injection -- ls /test | grep this-is-an-example'`)
+		output, err = e2e.runSSHCommand(`sudo bash -c '/usr/sbin/kubectl -n demo exec data-injection -- ls /test | grep this-is-an-example'`)
 		require.NoError(e2e.testing, err, output)
 
 		// Test to confirm the subdirectory file was placed
-		output, err = e2e.runSSHCommand(`sudo bash -c '/usr/local/bin/kubectl -n demo exec data-injection -- ls /test/subdirectory-test | grep this-is-an-example'`)
+		output, err = e2e.runSSHCommand(`sudo bash -c '/usr/sbin/kubectl -n demo exec data-injection -- ls /test/subdirectory-test | grep this-is-an-example'`)
 		require.NoError(e2e.testing, err, output)
 	})
 

zarf.yaml

@@ -25,27 +25,27 @@ components:
         - "systemctl daemon-reload"
         - "systemctl enable --now k3s"
         # Wait for the K3s node to come up
-        - "/usr/local/bin/kubectl get nodes"
-        # Make sure things are really ready in k8s 
-        - "/usr/local/bin/kubectl wait --for=condition=available deployment/coredns -n kube-system"
+        - "/usr/sbin/kubectl get nodes"
+        # Make sure things are really ready in k8s
+        - "/usr/sbin/kubectl wait --for=condition=available deployment/coredns -n kube-system"
     files:
       # Include the actual K3s binary
       - source: https://github.com/k3s-io/k3s/releases/download/v1.21.6+k3s1/k3s
         shasum: 89eb5f3d12524d0a9d5b56ba3e2707b106e1731dd0e6d2e7b898ac585f4959df
-        target: /usr/local/bin/k3s
+        target: /usr/sbin/k3s
         executable: true
         # K3s magic provides these tools when symlinking
         symlinks:
-          - /usr/local/bin/kubectl
-          - /usr/local/bin/ctr
-          - /usr/local/bin/crictl
+          - /usr/sbin/kubectl
+          - /usr/sbin/ctr
+          - /usr/sbin/crictl
       # Transfer the K3s images for containerd to pick them up
       - source: https://github.com/k3s-io/k3s/releases/download/v1.21.6+k3s1/k3s-airgap-images-amd64.tar.zst
         shasum: 772ae839f8c7718e2022d103076df53452d4f09d2a22afdf4b5796cf0cbce62c
         target: /var/lib/rancher/k3s/agent/images/k3s.tar.zst
       # K3s removal script
       - source: assets/scripts/zarf-clean-k3s.sh
-        target: /usr/local/bin/zarf-clean-k3s.sh
+        target: /usr/sbin/zarf-clean-k3s.sh
         executable: true
       # The K3s systemd service definition
       - source: assets/scripts/k3s.service