diff --git a/ci/prow-build.sh b/ci/prow-build.sh
index b13f401c1..0f28dd6c4 100755
--- a/ci/prow-build.sh
+++ b/ci/prow-build.sh
@@ -48,9 +48,3 @@ cosa buildfetch --url=${prev_build_url}
 cosa fetch
 cosa build
 cosa buildextend-extensions
-
-# Give the newly-built OCI archive a predictable filename to make OCI archive extraction simpler
-arch="x86_64"
-cosa_build_id="$(cat "${COSA_DIR}/builds/builds.json" | jq -r '.builds[0].id')"
-current_build_dir="${COSA_DIR}/builds/latest/${arch}"
-mv "${current_build_dir}/rhcos-${cosa_build_id}-ostree.${arch}.ociarchive" "${current_build_dir}/rhcos.${arch}.ociarchive"
diff --git a/ci/set-openshift-user.sh b/ci/set-openshift-user.sh
new file mode 100755
index 000000000..3e0070ee6
--- /dev/null
+++ b/ci/set-openshift-user.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# This script is used to update the /etc/passwd file within the COSA container
+# at test-time. The need for this comes from the fact that OpenShift will run a
+# container with a randomized user ID by default to enhance security. Because
+# COSA runs with an unprivileged user ("builder") instead of (container) root,
+# this presents special challenges for file and disk permissions. This particular
+# pattern was inspired by:
+# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
+# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
+
+set -xeuo
+
+user_id="$(id -u)"
+group_id="$(id -g)"
+
+cat /etc/passwd | grep -v "^builder" > /tmp/passwd
+echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd
+cat /tmp/passwd > /etc/passwd
+rm /tmp/passwd
+
+# Not strictly required, but nice for debugging.
+id
+whoami
diff --git a/ci/simplify-ociarchive-path.sh b/ci/simplify-ociarchive-path.sh
new file mode 100755
index 000000000..fe0124ae8
--- /dev/null
+++ b/ci/simplify-ociarchive-path.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Give the newly-built OCI archive a predictable filename to make OCI archive
+# extraction / ingestion simpler in Prow.
+
+set -xeuo
+
+arch="x86_64"
+cosa_build_id="$(cat "${COSA_DIR}/builds/builds.json" | jq -r '.builds[0].id')"
+current_build_dir="${COSA_DIR}/builds/latest/${arch}"
+mv "${current_build_dir}/rhcos-${cosa_build_id}-ostree.${arch}.ociarchive" "${current_build_dir}/rhcos.${arch}.ociarchive"