diff --git a/.github/workflows/build-test-push.yml b/.github/workflows/build-test-push.yml index 8301516..040ac1d 100644 --- a/.github/workflows/build-test-push.yml +++ b/.github/workflows/build-test-push.yml @@ -17,6 +17,7 @@ on: default: '9' type: choice options: + - "10-kitten" - 9 - 8 @@ -55,12 +56,13 @@ env: version_latest: 9 # Platforms list: linux/amd64, linux/ppc64le, linux/s390x, linux/arm64 - platforms: 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' + platforms: ${{ contains(inputs.version_major, '10') && 'linux/amd64/v2, linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' || 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' }} # Registries list: # for production: docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux # for testing: quay.io/almalinuxautobot - registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }} + # registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }} + registries: ${{ inputs.production && 'docker.io/ykohut, quay.io/ykohut, ghcr.io/yuravk' || 'quay.io/ykohut' }} jobs: build-test-push: @@ -81,11 +83,13 @@ jobs: run: | case ${{ inputs.version_major }} in 8) - version_minor="10" ;; + version_minor=".10" ;; 9) - version_minor="4" ;; + version_minor=".4" ;; 10) - version_minor="0" ;; + version_minor=".0" ;; + 10-kitten) + version_minor= ;; *) echo "Almalinux ${{ inputs.version_major }} is not supported!" && false esac @@ -202,8 +206,8 @@ jobs: tags: | type=raw,value=latest,enable=${{ matrix.image_types != 'default' || ( matrix.image_types == 'default' && inputs.version_major == env.version_latest ) }} type=raw,value=${{ inputs.version_major }},enable=true - type=raw,value=${{ inputs.version_major }}.${{ env.version_minor }},enable=true - type=raw,value=${{ inputs.version_major }}.${{ env.version_minor }}-${{ env.date_stamp }},enable=true + type=raw,value=${{ inputs.version_major }}${{ env.version_minor }},enable=true + type=raw,value=${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }},enable=true - name: Build images @@ -257,6 +261,8 @@ jobs: name=almalinux-${{ inputs.version_major }}-${{ matrix.image_types }} pwd=$( pwd ) path=${pwd}/${name} + almalinux_release='almalinux-release' + [ "${{ inputs.version_major }}" = "10-kitten" ] && almalinux_release='almalinux-kitten-release' # The "tar file" for 'docker save' to write to tar_name=${pwd}/${name}.tar @@ -288,7 +294,7 @@ jobs: docker build -t rootfs . # Run the image and query almalinux-release package's architecture - arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} almalinux-release" ) + arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} ${almalinux_release}" ) # Map found architecture to the corresponding platform platform= @@ -296,6 +302,8 @@ jobs: case ${arch} in x86_64) platform=amd64;; + x86_64_v2) + platform=amd64_v2;; ppc64le) platform=ppc64le;; s390x) @@ -333,15 +341,18 @@ jobs: platforms="${{ env.platforms }}" for platform in ${platforms//,/ }; do arch=${platform#linux/} + arch=${arch/\//_} dockerfile=${{ inputs.version_major }}/${{ matrix.image_types }}/${arch}/Dockerfile case ${{ matrix.image_types }} in default) - tags="${{ inputs.version_major }}, ${{ inputs.version_major }}.${{ env.version_minor }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ env.date_stamp }}" - [ "${{ inputs.version_major }}" = "9" ] && tags="latest, ${tags}" ;; + tags="${{ inputs.version_major }}${{ env.version_minor }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }}" + [ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}, ${tags}" + [ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="latest, ${tags}" ;; minimal) - tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}" - [ "${{ inputs.version_major }}" = "9" ] && tags="minimal, ${tags}" ;; + tags="${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}" + [ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${tags}" + [ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="minimal, ${tags}" ;; *) esac diff --git a/Containerfiles/10-kitten/Containerfile.base b/Containerfiles/10-kitten/Containerfile.base new file mode 100644 index 0000000..c33b5c0 --- /dev/null +++ b/Containerfiles/10-kitten/Containerfile.base @@ -0,0 +1,91 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten +FROM ${SYSBASE} AS system-build + +RUN mkdir -p /mnt/sys-root; \ + dnf install -y \ + --installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \ + almalinux-release \ + bash \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + gdb-gdbserver \ + glibc-minimal-langpack \ + gzip \ + libcurl-minimal \ + libusbx \ + rootfiles \ + systemd \ + tar \ + usermode \ + vim-minimal \ + virt-what \ + yum \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \ + rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \ + mkdir -p /mnt/sys-root/run/lock; \ + # generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history* + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + touch /mnt/sys-root/run/utmp ;\ + chmod 664 /mnt/sys-root/run/utmp ;\ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\ + rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + chmod 700 /mnt/sys-root/run/cryptsetup ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; + +FROM scratch AS stage2 + +COPY --from=system-build /mnt/sys-root/ / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service + +FROM scratch +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +CMD ["/bin/bash"] diff --git a/Containerfiles/10-kitten/Containerfile.default b/Containerfiles/10-kitten/Containerfile.default new file mode 100644 index 0000000..5a1f73d --- /dev/null +++ b/Containerfiles/10-kitten/Containerfile.default @@ -0,0 +1,95 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten +FROM ${SYSBASE} AS system-build + +RUN mkdir /mnt/sys-root; \ + dnf install -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + almalinux-release \ + bash \ + binutils \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + hostname \ + iputils \ + glibc-minimal-langpack \ + krb5-libs \ + less \ + libcurl-minimal \ + rootfiles \ + systemd \ + tar \ + vim-minimal \ + yum \ + xz \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support /mnt/sys-root/var/lib/dnf/history* +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \ + rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \ + rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/* ; \ + mkdir -p /mnt/sys-root/run/lock; \ + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + touch /mnt/sys-root/run/utmp ;\ + chmod 664 /mnt/sys-root/run/utmp ;\ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \ + rm -f /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + chmod 700 /mnt/sys-root/run/cryptsetup ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; + +# Almalinux default build +FROM scratch AS stage2 +COPY --from=system-build /mnt/sys-root/ / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service + +FROM scratch +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +CMD ["/bin/bash"] diff --git a/Containerfiles/10-kitten/Containerfile.init b/Containerfiles/10-kitten/Containerfile.init new file mode 100644 index 0000000..aca2ee2 --- /dev/null +++ b/Containerfiles/10-kitten/Containerfile.init @@ -0,0 +1,103 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten +FROM ${SYSBASE} AS system-build + +RUN mkdir /mnt/sys-root; \ + dnf install -y \ +# --nogpgcheck --repoid=AppStream --repoid=BaseOS \ +# --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/10/BaseOS/$basearch/os/' \ +# --repofrompath='AppStream,https://repo.almalinux.org/almalinux/10/AppStream/$basearch/os/' \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + almalinux-release \ + bash \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + gdb-gdbserver \ + glibc-minimal-langpack \ + gzip \ + libcurl-minimal \ + libusbx \ + procps-ng \ + rootfiles \ + systemd \ + tar \ + usermode \ + vim-minimal \ + virt-what \ + yum \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \ + rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \ + mkdir -p /mnt/sys-root/run/lock; \ + # generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history* + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + touch /mnt/sys-root/run/utmp ;\ + chmod 664 /mnt/sys-root/run/utmp ;\ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\ + rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + chmod 700 /mnt/sys-root/run/cryptsetup ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; + +FROM scratch AS stage2 + +COPY --from=system-build /mnt/sys-root/ / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service \ + systemd-udev-trigger.service \ + systemd-udevd.service \ + systemd-random-seed.service \ + systemd-machine-id-commit.service + +FROM scratch +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +STOPSIGNAL SIGRTMIN+3 +CMD ["/sbin/init"] diff --git a/Containerfiles/10-kitten/Containerfile.micro b/Containerfiles/10-kitten/Containerfile.micro new file mode 100644 index 0000000..987477a --- /dev/null +++ b/Containerfiles/10-kitten/Containerfile.micro @@ -0,0 +1,37 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten +FROM ${SYSBASE} AS system-build + +RUN mkdir -p /mnt/sys-root; \ + dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \ + --releasever 10 --setopt install_weak_deps=false --nodocs -y; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \ + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + rm -f /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + mkdir -p /mnt/sys-root/run/lock; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime + +FROM scratch + +COPY --from=system-build /mnt/sys-root/ / + +CMD /bin/sh diff --git a/Containerfiles/10-kitten/Containerfile.minimal b/Containerfiles/10-kitten/Containerfile.minimal new file mode 100644 index 0000000..01b6cda --- /dev/null +++ b/Containerfiles/10-kitten/Containerfile.minimal @@ -0,0 +1,69 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten +FROM ${SYSBASE} as system-build + +RUN mkdir /mnt/sys-root; \ + dnf install -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + almalinux-release \ + bash \ + coreutils-single \ + curl-minimal \ + glibc-minimal-langpack \ + libcurl-minimal \ + libusbx \ + microdnf \ + rootfiles \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \ + rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \ + mkdir -p /mnt/sys-root/run/lock; \ + # generate build time file for compatibility with CentOS + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + # /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* + rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\ + rm -f /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname; \ + mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; \ + cd /mnt/sys-root/etc/systemd/system ; \ + ln -s /usr/lib/systemd/system/multi-user.target default.target + +# Almalinux minimal build +FROM scratch +COPY --from=system-build /mnt/sys-root/ / + +CMD ["/bin/bash"] diff --git a/Containerfiles/10/Containerfile.base b/Containerfiles/10/Containerfile.base new file mode 100644 index 0000000..c2d1eb8 --- /dev/null +++ b/Containerfiles/10/Containerfile.base @@ -0,0 +1,91 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10 +FROM ${SYSBASE} AS system-build + +RUN mkdir -p /mnt/sys-root; \ + dnf install -y \ + --installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \ + almalinux-release \ + bash \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + gdb-gdbserver \ + glibc-minimal-langpack \ + gzip \ + libcurl-minimal \ + libusbx \ + rootfiles \ + systemd \ + tar \ + usermode \ + vim-minimal \ + virt-what \ + yum \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \ + rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \ + mkdir -p /mnt/sys-root/run/lock; \ + # generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history* + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + touch /mnt/sys-root/run/utmp ;\ + chmod 664 /mnt/sys-root/run/utmp ;\ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\ + rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + chmod 700 /mnt/sys-root/run/cryptsetup ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; + +FROM scratch AS stage2 + +COPY --from=system-build /mnt/sys-root/ / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service + +FROM scratch +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +CMD ["/bin/bash"] diff --git a/Containerfiles/10/Containerfile.default b/Containerfiles/10/Containerfile.default new file mode 100644 index 0000000..5180585 --- /dev/null +++ b/Containerfiles/10/Containerfile.default @@ -0,0 +1,95 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10 +FROM ${SYSBASE} AS system-build + +RUN mkdir /mnt/sys-root; \ + dnf install -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + almalinux-release \ + bash \ + binutils \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + hostname \ + iputils \ + glibc-minimal-langpack \ + krb5-libs \ + less \ + libcurl-minimal \ + rootfiles \ + systemd \ + tar \ + vim-minimal \ + yum \ + xz \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support /mnt/sys-root/var/lib/dnf/history* +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \ + rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \ + rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/* ; \ + mkdir -p /mnt/sys-root/run/lock; \ + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + touch /mnt/sys-root/run/utmp ;\ + chmod 664 /mnt/sys-root/run/utmp ;\ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \ + rm -f /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + chmod 700 /mnt/sys-root/run/cryptsetup ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; + +# Almalinux default build +FROM scratch AS stage2 +COPY --from=system-build /mnt/sys-root/ / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service + +FROM scratch +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +CMD ["/bin/bash"] diff --git a/Containerfiles/10/Containerfile.init b/Containerfiles/10/Containerfile.init new file mode 100644 index 0000000..d26dbc8 --- /dev/null +++ b/Containerfiles/10/Containerfile.init @@ -0,0 +1,103 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10 +FROM ${SYSBASE} AS system-build + +RUN mkdir /mnt/sys-root; \ + dnf install -y \ +# --nogpgcheck --repoid=AppStream --repoid=BaseOS \ +# --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/10/BaseOS/$basearch/os/' \ +# --repofrompath='AppStream,https://repo.almalinux.org/almalinux/10/AppStream/$basearch/os/' \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + almalinux-release \ + bash \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + gdb-gdbserver \ + glibc-minimal-langpack \ + gzip \ + libcurl-minimal \ + libusbx \ + procps-ng \ + rootfiles \ + systemd \ + tar \ + usermode \ + vim-minimal \ + virt-what \ + yum \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \ + rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \ + mkdir -p /mnt/sys-root/run/lock; \ + # generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history* + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + touch /mnt/sys-root/run/utmp ;\ + chmod 664 /mnt/sys-root/run/utmp ;\ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\ + rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + chmod 700 /mnt/sys-root/run/cryptsetup ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; + +FROM scratch AS stage2 + +COPY --from=system-build /mnt/sys-root/ / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service \ + systemd-udev-trigger.service \ + systemd-udevd.service \ + systemd-random-seed.service \ + systemd-machine-id-commit.service + +FROM scratch +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +STOPSIGNAL SIGRTMIN+3 +CMD ["/sbin/init"] diff --git a/Containerfiles/10/Containerfile.micro b/Containerfiles/10/Containerfile.micro new file mode 100644 index 0000000..8f1095f --- /dev/null +++ b/Containerfiles/10/Containerfile.micro @@ -0,0 +1,37 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10 +FROM ${SYSBASE} AS system-build + +RUN mkdir -p /mnt/sys-root; \ + dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \ + --releasever 10 --setopt install_weak_deps=false --nodocs -y; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \ + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + rm -f /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + mkdir -p /mnt/sys-root/run/lock; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime + +FROM scratch + +COPY --from=system-build /mnt/sys-root/ / + +CMD /bin/sh diff --git a/Containerfiles/10/Containerfile.minimal b/Containerfiles/10/Containerfile.minimal new file mode 100644 index 0000000..ff26366 --- /dev/null +++ b/Containerfiles/10/Containerfile.minimal @@ -0,0 +1,69 @@ +ARG SYSBASE=quay.io/ykohut/almalinux:10 +FROM ${SYSBASE} as system-build + +RUN mkdir /mnt/sys-root; \ + dnf install -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + almalinux-release \ + bash \ + coreutils-single \ + curl-minimal \ + glibc-minimal-langpack \ + libcurl-minimal \ + libusbx \ + microdnf \ + rootfiles \ + ; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/sys-root \ + --releasever 10 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/sys-root clean all; +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \ + rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \ + mkdir -p /mnt/sys-root/run/lock; \ + # generate build time file for compatibility with CentOS + /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \ + echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \ + touch /mnt/sys-root/etc/.pwd.lock; \ + chmod 600 /mnt/sys-root/etc/.pwd.lock; \ + echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \ + echo '0' >> /mnt/sys-root/etc/adjtime; \ + echo 'UTC' >> /mnt/sys-root/etc/adjtime; \ + echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \ + # /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* + rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\ + rm -f /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/machine-id; \ + touch /mnt/sys-root/etc/resolv.conf; \ + touch /mnt/sys-root/etc/hostname; \ + mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\ + chmod 700 /mnt/sys-root/var/cache/private ; \ + chmod 700 /mnt/sys-root/var/lib/private ; \ + groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \ + sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \ + cd /mnt/sys-root/etc ; \ + ln -s ../usr/share/zoneinfo/UTC localtime ; \ + cd /mnt/sys-root/etc/systemd/system ; \ + ln -s /usr/lib/systemd/system/multi-user.target default.target + +# Almalinux minimal build +FROM scratch +COPY --from=system-build /mnt/sys-root/ / + +CMD ["/bin/bash"]