Add "AlmaLinux Kitten release 10" and "AlmaLinux release 10.0" support with x86_64_v2 (amd64/v2) (#19)

* Add "AlmaLinux Kitten release 10" and "AlmaLinux release 10.0" support * Add "AlmaLinux release 10" support #1
2024-09-19 11:31:34 +03:00 · 2024-09-19 11:31:34 +03:00 · 7e3ac354eb
commit 7e3ac354eb
parent db6d9be613
11 changed files with 813 additions and 12 deletions
--- a/.github/workflows/build-test-push.yml
+++ b/.github/workflows/build-test-push.yml
@ -17,6 +17,7 @@ on:
          default: '9'
          type: choice
          options:
+            - "10-kitten"
            - 9
            - 8

@ -55,12 +56,13 @@ env:
  version_latest: 9

  # Platforms list: linux/amd64, linux/ppc64le, linux/s390x, linux/arm64
-  platforms: 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64'
+  platforms: ${{ contains(inputs.version_major, '10') && 'linux/amd64/v2, linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' || 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' }}

  # Registries list:
  # for production: docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux
  # for testing: quay.io/almalinuxautobot
-  registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }}
+  # registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }}
+  registries: ${{ inputs.production && 'docker.io/ykohut, quay.io/ykohut, ghcr.io/yuravk' || 'quay.io/ykohut' }}

 jobs:
  build-test-push:
@ -81,11 +83,13 @@ jobs:
        run: |
          case ${{ inputs.version_major }} in
            8)
-              version_minor="10" ;;
+              version_minor=".10" ;;
            9)
-              version_minor="4"  ;;
+              version_minor=".4"  ;;
            10)
-              version_minor="0" ;;
+              version_minor=".0" ;;
+            10-kitten)
+              version_minor= ;;
            *)
              echo "Almalinux ${{ inputs.version_major }} is not supported!" && false
          esac
@ -202,8 +206,8 @@ jobs:
          tags: |
            type=raw,value=latest,enable=${{ matrix.image_types != 'default' || ( matrix.image_types == 'default' && inputs.version_major == env.version_latest ) }}
            type=raw,value=${{ inputs.version_major }},enable=true
-            type=raw,value=${{ inputs.version_major }}.${{ env.version_minor }},enable=true
-            type=raw,value=${{ inputs.version_major }}.${{ env.version_minor }}-${{ env.date_stamp }},enable=true
+            type=raw,value=${{ inputs.version_major }}${{ env.version_minor }},enable=true
+            type=raw,value=${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }},enable=true

      -
        name: Build images
@ -257,6 +261,8 @@ jobs:
          name=almalinux-${{ inputs.version_major }}-${{ matrix.image_types }}
          pwd=$( pwd )
          path=${pwd}/${name}
+          almalinux_release='almalinux-release'
+          [ "${{ inputs.version_major }}" = "10-kitten" ] && almalinux_release='almalinux-kitten-release'

          # The "tar file" for 'docker save' to write to
          tar_name=${pwd}/${name}.tar
@ -288,7 +294,7 @@ jobs:
              docker build -t rootfs .

              # Run the image and query almalinux-release package's architecture
-              arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} almalinux-release" )
+              arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} ${almalinux_release}" )

              # Map found architecture to the corresponding platform
              platform=
@ -296,6 +302,8 @@ jobs:
              case ${arch} in
                x86_64)
                  platform=amd64;;
+                x86_64_v2)
+                  platform=amd64_v2;;
                ppc64le)
                  platform=ppc64le;;
                s390x)
@ -333,15 +341,18 @@ jobs:
          platforms="${{ env.platforms }}"
          for platform in ${platforms//,/ }; do
            arch=${platform#linux/}
+            arch=${arch/\//_}
            dockerfile=${{ inputs.version_major }}/${{ matrix.image_types }}/${arch}/Dockerfile

            case ${{ matrix.image_types }} in
              default)
-                tags="${{ inputs.version_major }}, ${{ inputs.version_major }}.${{ env.version_minor }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ env.date_stamp }}"
-                [ "${{ inputs.version_major }}" = "9" ] && tags="latest, ${tags}" ;;
+                tags="${{ inputs.version_major }}${{ env.version_minor }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }}"
+                [ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}, ${tags}"
+                [ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="latest, ${tags}" ;;
              minimal)
-                tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}"
-                [ "${{ inputs.version_major }}" = "9" ] && tags="minimal, ${tags}" ;;
+                tags="${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}"
+                [ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${tags}"
+                [ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="minimal, ${tags}" ;;
              *)
            esac

--- a/Containerfiles/10-kitten/Containerfile.base
+++ b/Containerfiles/10-kitten/Containerfile.base
@ -0,0 +1,91 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir -p /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    gdb-gdbserver \
+    glibc-minimal-langpack \
+    gzip \
+    libcurl-minimal \
+    libusbx \
+    rootfiles \
+    systemd \
+    tar \
+    usermode \
+    vim-minimal \
+    virt-what \
+    yum \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/*  /mnt/sys-root/run/blkid ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS  /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+FROM scratch AS stage2
+
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
--- a/Containerfiles/10-kitten/Containerfile.default
+++ b/Containerfiles/10-kitten/Containerfile.default
@ -0,0 +1,95 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    binutils \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    hostname \
+    iputils \
+    glibc-minimal-langpack \
+    krb5-libs \
+    less \
+    libcurl-minimal \
+    rootfiles \
+    systemd \
+    tar \
+    vim-minimal \
+    yum \
+    xz \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support   /mnt/sys-root/var/lib/dnf/history*
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \
+    rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/*  ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+# Almalinux default build
+FROM scratch AS stage2
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
--- a/Containerfiles/10-kitten/Containerfile.init
+++ b/Containerfiles/10-kitten/Containerfile.init
@ -0,0 +1,103 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+#    --nogpgcheck --repoid=AppStream --repoid=BaseOS \
+#    --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/10/BaseOS/$basearch/os/' \
+#    --repofrompath='AppStream,https://repo.almalinux.org/almalinux/10/AppStream/$basearch/os/' \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    gdb-gdbserver \
+    glibc-minimal-langpack \
+    gzip \
+    libcurl-minimal \
+    libusbx \
+    procps-ng \
+    rootfiles \
+    systemd \
+    tar \
+    usermode \
+    vim-minimal \
+    virt-what \
+    yum \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/*  /mnt/sys-root/run/blkid ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS  /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+FROM scratch AS stage2
+
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service \
+    systemd-udev-trigger.service \
+    systemd-udevd.service \
+    systemd-random-seed.service \
+    systemd-machine-id-commit.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]
--- a/Containerfiles/10-kitten/Containerfile.micro
+++ b/Containerfiles/10-kitten/Containerfile.micro
@ -0,0 +1,37 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir -p /mnt/sys-root; \
+    dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \
+    --releasever 10 --setopt install_weak_deps=false --nodocs -y; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ;  \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime
+
+FROM scratch
+
+COPY --from=system-build /mnt/sys-root/ /
+
+CMD /bin/sh
--- a/Containerfiles/10-kitten/Containerfile.minimal
+++ b/Containerfiles/10-kitten/Containerfile.minimal
@ -0,0 +1,69 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} as system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    curl-minimal \
+    glibc-minimal-langpack \
+    libcurl-minimal \
+    libusbx \
+    microdnf \
+    rootfiles \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    # /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@*
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname; \
+    mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ; \
+    cd /mnt/sys-root/etc/systemd/system ; \
+    ln -s /usr/lib/systemd/system/multi-user.target default.target
+
+# Almalinux minimal build
+FROM scratch
+COPY --from=system-build /mnt/sys-root/ /
+
+CMD ["/bin/bash"]
--- a/Containerfiles/10/Containerfile.base
+++ b/Containerfiles/10/Containerfile.base
@ -0,0 +1,91 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir -p /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    gdb-gdbserver \
+    glibc-minimal-langpack \
+    gzip \
+    libcurl-minimal \
+    libusbx \
+    rootfiles \
+    systemd \
+    tar \
+    usermode \
+    vim-minimal \
+    virt-what \
+    yum \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/*  /mnt/sys-root/run/blkid ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS  /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+FROM scratch AS stage2
+
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
--- a/Containerfiles/10/Containerfile.default
+++ b/Containerfiles/10/Containerfile.default
@ -0,0 +1,95 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    binutils \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    hostname \
+    iputils \
+    glibc-minimal-langpack \
+    krb5-libs \
+    less \
+    libcurl-minimal \
+    rootfiles \
+    systemd \
+    tar \
+    vim-minimal \
+    yum \
+    xz \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support   /mnt/sys-root/var/lib/dnf/history*
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \
+    rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/*  ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+# Almalinux default build
+FROM scratch AS stage2
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
--- a/Containerfiles/10/Containerfile.init
+++ b/Containerfiles/10/Containerfile.init
@ -0,0 +1,103 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+#    --nogpgcheck --repoid=AppStream --repoid=BaseOS \
+#    --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/10/BaseOS/$basearch/os/' \
+#    --repofrompath='AppStream,https://repo.almalinux.org/almalinux/10/AppStream/$basearch/os/' \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    gdb-gdbserver \
+    glibc-minimal-langpack \
+    gzip \
+    libcurl-minimal \
+    libusbx \
+    procps-ng \
+    rootfiles \
+    systemd \
+    tar \
+    usermode \
+    vim-minimal \
+    virt-what \
+    yum \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/*  /mnt/sys-root/run/blkid ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS  /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+FROM scratch AS stage2
+
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service \
+    systemd-udev-trigger.service \
+    systemd-udevd.service \
+    systemd-random-seed.service \
+    systemd-machine-id-commit.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]
--- a/Containerfiles/10/Containerfile.micro
+++ b/Containerfiles/10/Containerfile.micro
@ -0,0 +1,37 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir -p /mnt/sys-root; \
+    dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \
+    --releasever 10 --setopt install_weak_deps=false --nodocs -y; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ;  \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime
+
+FROM scratch
+
+COPY --from=system-build /mnt/sys-root/ /
+
+CMD /bin/sh
--- a/Containerfiles/10/Containerfile.minimal
+++ b/Containerfiles/10/Containerfile.minimal
@ -0,0 +1,69 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10
+FROM ${SYSBASE} as system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    curl-minimal \
+    glibc-minimal-langpack \
+    libcurl-minimal \
+    libusbx \
+    microdnf \
+    rootfiles \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    # /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@*
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname; \
+    mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ; \
+    cd /mnt/sys-root/etc/systemd/system ; \
+    ln -s /usr/lib/systemd/system/multi-user.target default.target
+
+# Almalinux minimal build
+FROM scratch
+COPY --from=system-build /mnt/sys-root/ /
+
+CMD ["/bin/bash"]