ykohut/container-images
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: ykohut:main
Branches Tags
ykohut:main
ykohut:10
ykohut:10-beta
ykohut:10-kitten
ykohut:9
ykohut:8
...
pull from: ykohut:9
Branches Tags
ykohut:main
ykohut:10
ykohut:10-beta
ykohut:10-kitten
ykohut:9
ykohut:8

No commits in common. "main" and "9" have entirely different histories.
main ... 9

40 changed files with 48 additions and 2947 deletions
Show Stats Expand all files Collapse all files

455
.github/workflows/build-test-push.yml vendored
View File

@ -1,455 +0,0 @@
name: Build, test and push to the Client Library
on:
workflow_dispatch:
inputs:
production:
description: |
'Push to production registries'
'not checked - to testing'
required: true
type: boolean
default: false
version_major:
description: 'AlmaLinux major version'
required: true
default: '10'
type: choice
options:
- 10-kitten
- 10
- 9
- 8
type_default:
description: 'default'
required: true
type: boolean
default: true
type_minimal:
description: 'minimal'
required: true
type: boolean
default: true
type_micro:
description: 'micro'
required: true
type: boolean
default: true
type_base:
description: 'base'
required: true
type: boolean
default: true
type_init:
description: 'init'
required: true
type: boolean
default: true
env:
# Latest version
version_latest: 9
# Platforms list: linux/amd64, linux/ppc64le, linux/s390x, linux/arm64
platforms: ${{ contains(inputs.version_major, '10') && 'linux/amd64/v2, linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' || 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' }}
# Registries list:
# for production: docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux
# for testing: quay.io/almalinuxautobot
registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }}
jobs:
build-test-push:
name: Deploy ${{ inputs.version_major }} ${{ matrix.image_types }} images
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
# Set image types matrix based on boolean inputs.type_* with true value
image_types: ${{ fromJSON(format('["{0}", "{1}", "{2}", "{3}", "{4}"]', ( inputs.type_default && 'default' ), ( inputs.type_minimal && 'minimal' ), ( inputs.type_micro && 'micro' ), ( inputs.type_base && 'base' ), ( inputs.type_init && 'init' ) )) }}
exclude:
- image_types: 'false'
steps:
-
name: Prepare AlmaLinux Minor version number
run: |
case ${{ inputs.version_major }} in
8)
version_minor=".10" ;;
9)
version_minor=".5" ;;
10)
version_minor=".0" ;;
10-kitten)
version_minor= ;;
*)
echo "Almalinux ${{ inputs.version_major }} is not supported!" && false
esac
echo "version_minor=${version_minor}" >> $GITHUB_ENV
# [Debug]
echo "version_minor=${version_minor}"
-
name: Prepare date stamp
id: date_stamp
run: |
# date stamp
date_stamp=$(date -u '+%Y%m%d')
echo "date_stamp=${date_stamp}" >> $GITHUB_ENV
echo "date_stamp=${date_stamp}" >> "$GITHUB_OUTPUT"
[ -z "$date_stamp-x" ] && false
# [Debug]
echo "date_stamp=${date_stamp}"
-
name: Generate list of images to use as base name for tags
run: |
# list of registries to push to
REGISTRIES="${{ env.registries }}"
IMAGE_NAMES=
# generate image names in format $REGISTRY/almalinux or $REGISTRY/${{ inputs.version_major }}-${{ matrix.image_types }}
# image names are used by docker/metadata-action to set 'images'
for REGISTRY in ${REGISTRIES//,/ }; do
# 'default' images should not go to docker.io
[ "${{ matrix.image_types }}" = "default" ] && [[ $REGISTRY = *'docker.io'* ]] && continue
# 'default' images goes to $REGISTRY/almalinux
[ "${{ matrix.image_types }}" = "default" ] \
&& IMAGE_NAME="$REGISTRY/almalinux" \
|| IMAGE_NAME="$REGISTRY/${{ inputs.version_major }}-${{ matrix.image_types }}"
IMAGE_NAMES="${IMAGE_NAMES} ${IMAGE_NAME}"
unset IMAGE_NAME
done
# remove space at the beginning of string
IMAGE_NAMES=${IMAGE_NAMES# }
# separate with comma instead of space and export to the action
echo "IMAGE_NAMES=${IMAGE_NAMES// /,}" >> $GITHUB_ENV
# [Debug]
echo $IMAGE_NAMES
-
name: Enable containerd image store on Docker Engine
run: |
# JQ file to switch into containerd image store
cat << EOF > containerd-snapshotter.jq
.features |= . + { "containerd-snapshotter": true }
EOF
sudo sh -c 'jq -n -f containerd-snapshotter.jq > /etc/docker/daemon.json'
sudo systemctl restart docker
docker info -f '{{ .DriverStatus }}'
-
name: Checkout ${{ github.repository }}, branch 'main'
uses: actions/checkout@v4
-
name: Checkout ${{ github.repository }}, branch '${{ inputs.version_major }}', path '${{ inputs.version_major }}'
uses: actions/checkout@v4
with:
ref: ${{ inputs.version_major }}
path: ${{ inputs.version_major }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker.io
if: contains(env.registries, 'docker.io')
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ inputs.production && secrets.DOCKERHUB_USERNAME || secrets.TEST_DOCKERHUB_USERNAME }}
password: ${{ inputs.production && secrets.DOCKERHUB_TOKEN || secrets.TEST_DOCKERHUB_TOKEN }}
-
name: Login to Quay.io
if: contains(env.registries, 'quay.io')
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ inputs.production && secrets.QUAY_IO_USERNAME || secrets.TEST_QUAY_IO_USERNAME }}
password: ${{ inputs.production && secrets.QUAY_IO_CLI_PASSWORD || secrets.TEST_QUAY_IO_CLI_PASSWORD }}
-
name: Login to Ghcr.io
if: contains(env.registries, 'ghcr.io')
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ inputs.production && secrets.GIT_HUB_USERNAME || secrets.TEST_GITHUB_USERNAME }}
password: ${{ inputs.production && secrets.GIT_HUB_TOKEN || secrets.TEST_GITHUB_TOKEN }}
-
name: Generate tags and prepare metadata to build and push
id: meta
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base names for tags
images: ${{ env.IMAGE_NAMES }}
# list of tags
tags: |
type=raw,value=latest,enable=${{ matrix.image_types != 'default' || ( matrix.image_types == 'default' && inputs.version_major == env.version_latest ) }}
type=raw,value=${{ inputs.version_major }},enable=true
type=raw,value=${{ inputs.version_major }}${{ env.version_minor }},enable=true
type=raw,value=${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }},enable=true
-
name: Build images
id: build-images
uses: docker/build-push-action@v5
with:
provenance: false
context: "{{defaultContext}}:Containerfiles/${{ inputs.version_major }}"
file: ./Containerfile.${{ matrix.image_types }}
platforms: ${{ env.platforms }}
push: false
load: true
tags: ${{ steps.meta.outputs.tags }}
-
name: Test images
id: test-images
run: |
# [Test]
platforms="${{ env.platforms }}"
for platform in ${platforms//,/ }; do
echo "Testing AlmaLinux ${{ inputs.version_major }} ${{ matrix.image_types }} for ${platform} image:"
docker run --platform=${platform} ${{ steps.build-images.outputs.digest }} /bin/bash -c " \
uname -m \
&& cat /etc/almalinux-release \
&& ( test "${{ matrix.image_types }}" != "micro" && rpm -q gpg-pubkey) || true "
done
-
name: Push images to Client Library
id: push-images
uses: docker/build-push-action@v5
with:
provenance: false
context: "{{defaultContext}}:Containerfiles/${{ inputs.version_major }}"
file: ./Containerfile.${{ matrix.image_types }}
platforms: ${{ env.platforms }}
push: true
tags: ${{ steps.meta.outputs.tags }}
-
name: Extract RootFS (default and minimal only)
id: extract-rootfs
# 'default' or 'minimal' images only go to Docker Official Library
if: matrix.image_types == 'default' || matrix.image_types == 'minimal'
run: |
# [RootFS]
# File name for RootFS file (packed with tag + Xz)
name=almalinux-${{ inputs.version_major }}-${{ matrix.image_types }}
pwd=$( pwd )
path=${pwd}/${name}
almalinux_release='almalinux-release'
[ "${{ inputs.version_major }}" = "10-kitten" ] && almalinux_release='almalinux-kitten-release'
# The "tar file" for 'docker save' to write to
tar_name=${pwd}/${name}.tar
mkdir ${path}
cd ${path}
# Produce a tarred repository and save it to the "tar file".
docker save ${{ steps.build-images.outputs.digest }} -o ${tar_name}
# Extract the "tar file"
tar xf ${tar_name}
cd blobs/sha256
# The "temporary Dockerfile" to build image based on RootFS
cat <<EOF > Dockerfile
FROM scratch
ADD rootfs.tar.gz /
CMD ["/bin/bash"]
EOF
# Loop blobs to find all zipped files that are RootFS for a particular architecture
for file in `find . -type f`; do
if file --brief ${file} | grep -i gzip >/dev/null; then
# Make a copy of "taken RootFS"
cp -av ${file} rootfs.tar.gz
# Build an image from the "temporary Dockerfile"
docker build -t rootfs .
# Run the image and query almalinux-release package's architecture
arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} ${almalinux_release}" )
# Map found architecture to the corresponding platform
platform=
docker rmi rootfs
case ${arch} in
x86_64)
platform=amd64;;
x86_64_v2)
platform=amd64_v2;;
ppc64le)
platform=ppc64le;;
s390x)
platform=s390x;;
aarch64)
platform=arm64;;
*)
echo "The '$arch' is incorrect or failed to determine architecture." && false;;
esac
# Delete copy of the "taken RootFS"
rm -f rootfs.tar.gz
# Copy the "taken RootFS" into corresponded .tar.xz
cp -av ${file} ${name}-${platform}.tar.gz
zcat ${name}-${platform}.tar.gz | xz -9 -e -T0 > ${pwd}/${{ inputs.version_major }}/${{ matrix.image_types }}/${platform}/${name}-${platform}.tar.xz
fi
done
# Clean up
rm -rf ${path}
echo "[Debug]"
ls -1 ${pwd}/${{ inputs.version_major }}/${{ matrix.image_types }}/*/*.tar.xz
# Change date stamp in '${version_major}/${image_types}/${arch}/Dockerfile'
-
name: Change date stamp in Dockerfile (default and minimal only)
# 'default' or 'minimal' images only go to Docker Official Library
if: matrix.image_types == 'default' || matrix.image_types == 'minimal'
run: |
# [Dockerfile]
platforms="${{ env.platforms }}"
for platform in ${platforms//,/ }; do
arch=${platform#linux/}
arch=${arch/\//_}
dockerfile=${{ inputs.version_major }}/${{ matrix.image_types }}/${arch}/Dockerfile
case ${{ matrix.image_types }} in
default)
tags="${{ inputs.version_major }}${{ env.version_minor }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }}"
[ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}, ${tags}"
[ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="latest, ${tags}" ;;
minimal)
tags="${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}"
[ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${tags}"
[ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="minimal, ${tags}" ;;
*)
esac
# Tags: 8, 8.9, 8.9-20231124
sed -i "/^\([[:space:]]*#[[:space:]]*Tags: \).*/s//\1${tags}/" ${dockerfile}
echo "[Debug] ${dockerfile}"
cat ${dockerfile}
done
-
name: "Prepare time stamp"
id: time_stamp
run: |
# time stamp
time_stamp=$(date -u '+%H:%M:%S')
echo "time_stamp=${time_stamp}" >> $GITHUB_ENV
echo "time_stamp=${time_stamp}" >> "$GITHUB_OUTPUT"
[ -z "$time_stamp-x" ] && false
# [Debug]
echo "time_stamp=${time_stamp}"
# Commit '${version_major}/${image_types}/${arch}/*'
-
name: "Commit and push ${{ matrix.image_types }}/*/* Dockerfile and RootFS (branch ${{ inputs.version_major }})"
# 'default' or 'minimal' images only and 'Push to production' is checked
if: ( matrix.image_types == 'default' || matrix.image_types == 'minimal' ) && inputs.production
uses: EndBug/add-and-commit@v9
with:
default_author: user_info
new_branch: ${{ inputs.version_major }}
cwd: ${{ inputs.version_major }}
pull: '--rebase --autostash'
message: "AlmaLinux ${{ inputs.version_major }} ${{ matrix.image_types }} - ${{ env.date_stamp }} ${{ env.time_stamp }} (generated on ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
push: true
outputs:
date_stamp: ${{ steps.date_stamp.outputs.date_stamp }}
time_stamp: ${{ steps.time_stamp.outputs.time_stamp }}
optimize-repo-size:
# 'default' or 'minimal' images only and 'Push to production' is checked
if: ( inputs.type_default || inputs.type_minimal ) && inputs.production
name: Optimize size of repository
runs-on: ubuntu-24.04
needs:
- build-test-push
steps:
-
name: Checkout ${{ github.repository }}, branch '${{ inputs.version_major }}', path '${{ inputs.version_major }}'
uses: actions/checkout@v4
with:
ref: ${{ inputs.version_major }}
path: ${{ inputs.version_major }}
-
name: Optimize size of branch the '${{ inputs.version_major }}'
run: |
date_stamp=${{ needs.build-test-push.outputs.date_stamp }}
cd ${{ inputs.version_major }}
echo "Prepare new branch 'tmp' based on ${{ inputs.version_major }}"
git checkout -b tmp
echo "Delete local branch '${{ inputs.version_major }}'"
git branch -D ${{ inputs.version_major }}
echo "Preserve resent data"
mkdir ../tmp-${date_stamp}
mv ./default ../tmp-${date_stamp}/
mv ./minimal ../tmp-${date_stamp}/
echo "Crete orphan branch '${{ inputs.version_major }}'"
git checkout --orphan ${{ inputs.version_major }}
echo "Clean up"
git rm --cached -r .
rm -rf ./default
rm -rf ./minimal
echo "Restore resent data"
mv ../tmp-${date_stamp}/default ./
mv ../tmp-${date_stamp}/minimal ./
echo "[Debug]"
git status
-
name: Commit and push ${{ github.repository }}, branch '${{ inputs.version_major }}'
uses: EndBug/add-and-commit@v9
with:
default_author: user_info
message: "Update AlmaLinux ${{ inputs.version_major }} - ${{ needs.build-test-push.outputs.date_stamp }} ${{ needs.build-test-push.outputs.time_stamp }} (generated on ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
push: '--force --set-upstream origin ${{ inputs.version_major }}'
cwd: ${{ inputs.version_major }}

217
.github/workflows/publish-docker-library.yml vendored
View File

@ -1,217 +0,0 @@
name: Publish images to the Docker Library
on:
workflow_dispatch:
inputs:
pr:
description: 'Publish to the Docker Official Library'
required: true
type: boolean
default: true
draft:
description: 'Draft Pull Request'
required: true
type: boolean
env:
# Docker Library Git repository name (upstream): docker-library/official-images
docker_library: docker-library/official-images
# Docker Library Git repository name (local fork): ${{ github.actor }}/official-images or almalinux/docker-library-official-images
local_library: almalinux/docker-library-official-images
# Docker Library Git repository owner (local fork): ${{ github.actor }} or almalinux
library_owner: almalinux
jobs:
prepare-definitions:
name: "${{ matrix.version_major }} ${{ matrix.image_types }} definition preparing"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image_types:
- default
- minimal
version_major:
- 8
- 9
- 10-kitten
steps:
-
name: Checkout ${{ github.repository }}, branch '${{ matrix.version_major }}'
uses: actions/checkout@v4
with:
ref: ${{ matrix.version_major }}
fetch-depth: 0 # Checkout all commits
-
name: Checkout ${{ env.local_library }}, branch 'master'
uses: actions/checkout@v4
with:
repository: ${{ env.local_library }}
path: official-images
-
name: "Get need data for the definition"
run: |
# Dockerfile for specific version and image type (let's take platform amd64)
platform=amd64
dockerfile=${{ matrix.image_types }}/${platform}/Dockerfile
test -f ${dockerfile}
# The recent commit of the Dockerfile
last_commit=$( git log -1 --format='%H' -- ${dockerfile} )
echo "commit_hash=${last_commit}" >> $GITHUB_ENV
# Get tags from the Dockerfile
tags=$( grep 'Tags:' ${dockerfile} | sed "s/^[[:space:]]*#[[:space:]]*Tags: \(.*\)$/\1/" )
echo "tags=${tags}" >> $GITHUB_ENV
[ -z "$last_commit-x" -o -z "$tags-x" ] && false
echo "[Debug]"
echo "tags=${tags}"
echo "commit_hash=${last_commit}"
-
name: "Render the definition"
uses: chuhlomin/render-template@v1
with:
template: docker-library-definition.tmpl
result_path: official-images/library/almalinux.${{ matrix.version_major }}.${{ matrix.image_types }}
vars: |
tags: ${{ env.tags }}
commit_hash: ${{ env.commit_hash}}
version_major: ${{ matrix.version_major }}
image_type: ${{ matrix.image_types }}
-
name: "[Debug] Check definitions"
run: |
cat official-images/library/almalinux.${{ matrix.version_major }}.${{ matrix.image_types }}
# Upload 'official-images/library/almalinux.*'
- uses: actions/upload-artifact@v4
name: Upload definitions for ${{ matrix.version_major }} ${{ matrix.image_types }}
with:
name: definition-${{ matrix.version_major }}.${{ matrix.image_types }}
path: official-images/library/almalinux.${{ matrix.version_major }}.${{ matrix.image_types }}
push-pr:
if: inputs.pr
name: "Create Pull Request with the new definition file"
runs-on: ubuntu-latest
needs:
- prepare-definitions
steps:
-
name: "Sync ${{ env.local_library }} with ${{ env.docker_library }}, branch 'master'"
run: |
# Sync ${{ env.local_library }} with ${{ env.docker_library }}, branch 'master'
gh auth login --with-token < <(echo ${{ secrets.GIT_HUB_TOKEN }})
gh repo sync ${{ env.local_library }} --force --source ${{ env.docker_library }} --branch master
-
name: Checkout ${{ env.local_library }}, branch 'master'
uses: actions/checkout@v4
with:
repository: ${{ env.local_library }}
path: official-images
token: ${{ secrets.GIT_HUB_TOKEN }}
fetch-depth: 0 # Checkout all commits
# Download uploaded above 'official-images/library/almalinux.*'
- uses: actions/download-artifact@v4
name: Download all definitions
with:
pattern: definition-*
merge-multiple: true
path: official-images/library/
-
name: "Create head of official-images/library/almalinux"
run: |
echo "# This file was generated on ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
Maintainers: The AlmaLinux OS Foundation <cloud-infra@almalinux.org> (@AlmaLinux)
GitRepo: ${{ github.server_url }}/${{ github.repository }}.git" > official-images/library/almalinux
-
name: "Merge definitions into official-images/library/almalinux"
run: |
# create official-images/library/almalinux
for file in $( ls -1 official-images/library/almalinux.*.* ); do
echo "" >> official-images/library/almalinux
cat $file >> official-images/library/almalinux
done
rm -f official-images/library/almalinux.*.*
echo "[Debug]"
cat official-images/library/almalinux
-
name: "Prepare date stamp"
run: |
# date stamp
date_stamp=$(date -u '+%Y%m%d')
echo "date_stamp=${date_stamp}" >> $GITHUB_ENV
[ -z "$date_stamp-x" ] && false
# [Debug]
echo "date_stamp=${date_stamp}"
-
name: "Prepare time stamp"
run: |
# time stamp
time_stamp=$(date -u '+%H:%M:%S')
echo "time_stamp=${time_stamp}" >> $GITHUB_ENV
[ -z "$time_stamp-x" ] && false
# [Debug]
echo "time_stamp=${time_stamp}"
-
name: "Commit and push official-images/library/almalinux"
uses: EndBug/add-and-commit@v9
with:
cwd: official-images
default_author: user_info
pull: '--rebase --autostash'
message: "AlmaLinux auto-update - ${{ env.date_stamp }} ${{ env.time_stamp }}"
push: true
-
name: Create Pull Request for official-images/library/almalinux
run: |
# create pull request with 'gh pr create'
gh_opts=''
[ "${{ inputs.draft }}" = "true" ] && gh_opts='--draft'
title="Almalinux auto-update - ${{ env.date_stamp }} ${{ env.time_stamp }}"
body="This is an auto-generated commit. Any concern or issues, please contact or email AlmaLinux OS Foundation cloud-infra@almalinux.org (@AlmaLinux)"
cd official-images
gh auth login --with-token < <(echo ${{ secrets.GIT_HUB_TOKEN }})
prs=$(gh pr list \
--repo ${{ env.docker_library }} \
--base master \
--author ${{ env.library_owner}} \
--json title \
--jq 'length')
echo "${prs} pull request(s) found for the ${{ env.docker_library }} branch master."
if [ $prs -lt 1 ]; then
echo "Create pull request with 'gh pr create'"
gh pr create \
--title "${title}" \
--body "${body}" \
--repo ${{ env.docker_library }} \
--base master \
${gh_opts}
fi

91
Containerfiles/10-kitten/Containerfile.base
View File

@ -1,91 +0,0 @@
ARG SYSBASE=quay.io/almalinuxorg/almalinux:10-kitten
FROM ${SYSBASE} AS system-build
RUN mkdir -p /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
libcurl-minimal \
libusbx \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
yum \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL9 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
FROM scratch AS stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

95
Containerfiles/10-kitten/Containerfile.default
View File

@ -1,95 +0,0 @@
ARG SYSBASE=quay.io/almalinuxorg/almalinux:10-kitten
FROM ${SYSBASE} AS system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
binutils \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
hostname \
iputils \
glibc-minimal-langpack \
krb5-libs \
less \
libcurl-minimal \
rootfiles \
systemd \
tar \
vim-minimal \
yum \
xz \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support /mnt/sys-root/var/lib/dnf/history*
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \
rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/* ; \
mkdir -p /mnt/sys-root/run/lock; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL9 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
# Almalinux default build
FROM scratch AS stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

103
Containerfiles/10-kitten/Containerfile.init
View File

@ -1,103 +0,0 @@
ARG SYSBASE=quay.io/almalinuxorg/almalinux:10-kitten
FROM ${SYSBASE} AS system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
# --nogpgcheck --repoid=AppStream --repoid=BaseOS \
# --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/10/BaseOS/$basearch/os/' \
# --repofrompath='AppStream,https://repo.almalinux.org/almalinux/10/AppStream/$basearch/os/' \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
libcurl-minimal \
libusbx \
procps-ng \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
yum \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL9 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
FROM scratch AS stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service \
systemd-udev-trigger.service \
systemd-udevd.service \
systemd-random-seed.service \
systemd-machine-id-commit.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]

37
Containerfiles/10-kitten/Containerfile.micro
View File

@ -1,37 +0,0 @@
ARG SYSBASE=quay.io/almalinuxorg/almalinux:10-kitten
FROM ${SYSBASE} AS system-build
RUN mkdir -p /mnt/sys-root; \
dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \
--releasever 10 --setopt install_weak_deps=false --nodocs -y; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
mkdir -p /mnt/sys-root/run/lock; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD /bin/sh

69
Containerfiles/10-kitten/Containerfile.minimal
View File

@ -1,69 +0,0 @@
ARG SYSBASE=quay.io/almalinuxorg/almalinux:10-kitten
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
coreutils-single \
curl-minimal \
glibc-minimal-langpack \
libcurl-minimal \
libusbx \
microdnf \
rootfiles \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
# /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@*
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ; \
cd /mnt/sys-root/etc/systemd/system ; \
ln -s /usr/lib/systemd/system/multi-user.target default.target
# Almalinux minimal build
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD ["/bin/bash"]

91
Containerfiles/10/Containerfile.base
View File

@ -1,91 +0,0 @@
ARG SYSBASE=quay.io/ykohut/almalinux:10-bootstrap
FROM ${SYSBASE} AS system-build
RUN mkdir -p /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
libcurl-minimal \
libusbx \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
yum \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatible support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL10 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
FROM scratch AS stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

95
Containerfiles/10/Containerfile.default
View File

@ -1,95 +0,0 @@
ARG SYSBASE=quay.io/ykohut/almalinux:10-bootstrap
FROM ${SYSBASE} AS system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
binutils \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
hostname \
iputils \
glibc-minimal-langpack \
krb5-libs \
less \
libcurl-minimal \
rootfiles \
systemd \
tar \
vim-minimal \
yum \
xz \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatible support /mnt/sys-root/var/lib/dnf/history*
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \
rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/* ; \
mkdir -p /mnt/sys-root/run/lock; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL10 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
# Almalinux default build
FROM scratch AS stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

100
Containerfiles/10/Containerfile.init
View File

@ -1,100 +0,0 @@
ARG SYSBASE=quay.io/ykohut/almalinux:10-bootstrap
FROM ${SYSBASE} AS system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
libcurl-minimal \
libusbx \
procps-ng \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
yum \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatible support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL10 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
FROM scratch AS stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service \
systemd-udev-trigger.service \
systemd-udevd.service \
systemd-random-seed.service \
systemd-machine-id-commit.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]

37
Containerfiles/10/Containerfile.micro
View File

@ -1,37 +0,0 @@
ARG SYSBASE=quay.io/ykohut/almalinux:10-bootstrap
FROM ${SYSBASE} AS system-build
RUN mkdir -p /mnt/sys-root; \
dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \
--releasever 10 --setopt install_weak_deps=false --nodocs -y; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatible support
RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
mkdir -p /mnt/sys-root/run/lock; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD /bin/sh

69
Containerfiles/10/Containerfile.minimal
View File

@ -1,69 +0,0 @@
ARG SYSBASE=quay.io/ykohut/almalinux:10-bootstrap
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
coreutils-single \
curl-minimal \
glibc-minimal-langpack \
libcurl-minimal \
libusbx \
microdnf \
rootfiles \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 10 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatible support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
# /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@*
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ; \
cd /mnt/sys-root/etc/systemd/system ; \
ln -s /usr/lib/systemd/system/multi-user.target default.target
# Almalinux minimal build
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD ["/bin/bash"]

71
Containerfiles/8/Containerfile.base
View File

@ -1,71 +0,0 @@
ARG SYSBASE=almalinux:8
FROM ${SYSBASE} as system-build
RUN mkdir -p /mnt/sys-root; \
dnf install --installroot /mnt/sys-root --releasever 8 --setopt install_weak_deps=false --nodocs -y \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
langpacks-en \
libuser \
passwd \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
which \
yum \
;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
FROM scratch as stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

70
Containerfiles/8/Containerfile.default
View File

@ -1,70 +0,0 @@
ARG SYSBASE=almalinux:8
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 8 \
--setopt install_weak_deps=false \
--nodocs \
binutils \
coreutils-single \
dnf \
findutils \
glibc-minimal-langpack \
hostname \
iputils \
langpacks-en \
less \
libcurl-minimal \
rootfiles \
tar \
vim-minimal \
yum \
xz \
; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* ; \
rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/* ; \
mkdir -p /mnt/sys-root/run/lock; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid ; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
FROM scratch as stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service ;
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

80
Containerfiles/8/Containerfile.init
View File

@ -1,80 +0,0 @@
ARG SYSBASE=almalinux:8
FROM ${SYSBASE} as system-build
RUN mkdir -p /mnt/sys-root; \
dnf install --installroot /mnt/sys-root --releasever 8 --setopt install_weak_deps=false --nodocs -y \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
langpacks-en \
libuser \
passwd \
procps-ng \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
which \
yum \
;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
FROM scratch as stage2
COPY --from=system-build /mnt/sys-root/ /
ENV LANG=C.utf8
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service \
systemd-udev-trigger.service \
systemd-udevd.service \
systemd-random-seed.service \
systemd-machine-id-commit.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/sbin/init"]
STOPSIGNAL SIGRTMIN+3

36
Containerfiles/8/Containerfile.micro
View File

@ -1,36 +0,0 @@
ARG SYSBASE=almalinux:8
FROM ${SYSBASE} as system-build
RUN mkdir -p /mnt/sys-root; \
dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \
--releasever 8 --setopt install_weak_deps=false --nodocs -y; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD /bin/sh

48
Containerfiles/8/Containerfile.minimal
View File

@ -1,48 +0,0 @@
ARG SYSBASE=almalinux:8
FROM ${SYSBASE} as builder
RUN mkdir /mnt/sys-root; \
dnf install \
--installroot /mnt/sys-root \
--releasever 8 \
--setopt install_weak_deps=false \
--nodocs -y \
coreutils-single \
glibc-minimal-langpack \
microdnf \
libusbx \
langpacks-en \
rootfiles; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime
# Almalinux minimal build
FROM scratch
COPY --from=builder /mnt/sys-root/ /
CMD ["/bin/bash"]

91
Containerfiles/9/Containerfile.base
View File

@ -1,91 +0,0 @@
ARG SYSBASE=almalinux:9
FROM ${SYSBASE} as system-build
RUN mkdir -p /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root --releasever 9 --setopt install_weak_deps=false --nodocs \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
libcurl-minimal \
libusbx \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
yum \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL9 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
FROM scratch as stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

95
Containerfiles/9/Containerfile.default
View File

@ -1,95 +0,0 @@
ARG SYSBASE=almalinux:9
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
binutils \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
hostname \
iputils \
glibc-minimal-langpack \
krb5-libs \
less \
libcurl-minimal \
rootfiles \
systemd \
tar \
vim-minimal \
yum \
xz \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support /mnt/sys-root/var/lib/dnf/history*
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \
rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/* ; \
mkdir -p /mnt/sys-root/run/lock; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL9 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
# Almalinux default build
FROM scratch as stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
CMD ["/bin/bash"]

103
Containerfiles/9/Containerfile.init
View File

@ -1,103 +0,0 @@
ARG SYSBASE=almalinux:9
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
# --nogpgcheck --repoid=AppStream --repoid=BaseOS \
# --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/9/BaseOS/$basearch/os/' \
# --repofrompath='AppStream,https://repo.almalinux.org/almalinux/9/AppStream/$basearch/os/' \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
coreutils-single \
crypto-policies-scripts \
curl-minimal \
findutils \
gdb-gdbserver \
glibc-minimal-langpack \
gzip \
libcurl-minimal \
libusbx \
procps-ng \
rootfiles \
systemd \
tar \
usermode \
vim-minimal \
virt-what \
yum \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/* /mnt/sys-root/run/blkid ; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
touch /mnt/sys-root/run/utmp ;\
chmod 664 /mnt/sys-root/run/utmp ;\
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname
# AL9 specific hacks
RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
chmod 700 /mnt/sys-root/run/cryptsetup ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ;
FROM scratch as stage2
COPY --from=system-build /mnt/sys-root/ /
RUN systemctl set-default multi-user.target; \
systemctl mask systemd-remount-fs.service \
dev-hugepages.mount \
sys-fs-fuse-connections.mount \
systemd-logind.service \
getty.target \
console-getty.service \
systemd-udev-trigger.service \
systemd-udevd.service \
systemd-random-seed.service \
systemd-machine-id-commit.service
FROM scratch
COPY --from=stage2 / /
ENV LANG=C.utf8
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]

37
Containerfiles/9/Containerfile.micro
View File

@ -1,37 +0,0 @@
ARG SYSBASE=almalinux:9
FROM ${SYSBASE} as system-build
RUN mkdir -p /mnt/sys-root; \
dnf install --installroot /mnt/sys-root coreutils-single glibc-minimal-langpack \
--releasever 9 --setopt install_weak_deps=false --nodocs -y; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/lib/dnf /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/lib/rpm/* ; \
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME ; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
rm -rf /mnt/sys-root/usr/share/locale/en* /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/hawkey.log ; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
mkdir -p /mnt/sys-root/run/lock; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD /bin/sh

69
Containerfiles/9/Containerfile.minimal
View File

@ -1,69 +0,0 @@
ARG SYSBASE=almalinux:9
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
coreutils-single \
curl-minimal \
glibc-minimal-langpack \
libcurl-minimal \
libusbx \
microdnf \
rootfiles \
; \
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
dnf reinstall -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
krb5-libs ; \
dnf --installroot /mnt/sys-root clean all;
# Additional hacks for kickstart file and backward compatable support
RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf /mnt/sys-root/var/lib/dnf/repos; \
rm -rf /mnt/sys-root/var/lib/dnf/history* /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/run/*; \
mkdir -p /mnt/sys-root/run/lock; \
# generate build time file for compatibility with CentOS
/bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
echo 'LANG="C.utf8"' > /mnt/sys-root/etc/locale.conf; \
echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
touch /mnt/sys-root/etc/.pwd.lock; \
chmod 600 /mnt/sys-root/etc/.pwd.lock; \
echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
echo '0' >> /mnt/sys-root/etc/adjtime; \
echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
# /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en /mnt/sys-root/usr/share/locale/en*@*
rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
rm -f /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/machine-id; \
touch /mnt/sys-root/etc/resolv.conf; \
touch /mnt/sys-root/etc/hostname; \
mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump ;\
chmod 700 /mnt/sys-root/var/cache/private ; \
chmod 700 /mnt/sys-root/var/lib/private ; \
groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
cd /mnt/sys-root/etc ; \
ln -s ../usr/share/zoneinfo/UTC localtime ; \
cd /mnt/sys-root/etc/systemd/system ; \
ln -s /usr/lib/systemd/system/multi-user.target default.target
# Almalinux minimal build
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD ["/bin/bash"]

788
README.md
View File

@ -1,788 +0,0 @@
# Overview
The repository provides scripts and workflows to:
- Build AlmaLinux Container Images (Docker Images)
- Test these images
- Push them into different registries, the *Client Library*:
- [Docker.io](https://hub.docker.com)
- [Quay.io](https://quay.io)
- [GitHub Packages](https://github.com/features/packages)
- Extract root filesystem (RootFS) from default and minimal images
- Publish the images to the [Docker *Official Library*](https://hub.docker.com/u/library).
These Container Images can be used with all [OCI complaint](https://opencontainers.org/) container runtime environments such as Docker, Podman and Kubernetes as well as serve as drop-in replacements for CentOS images as they reach [End of Life](https://centos.org/centos-linux-eol/).
## Requirements/Prerequisites
Personal, Organization or Enterprise account on GitHub is the only requirement. Please read more about [accounts on GitHub](https://docs.github.com/en/enterprise-server@3.10/get-started/learning-about-github/types-of-github-accounts).
## The idea
The project utilizes [GitHub Actions](https://github.com/features/actions) to provide public, transparent and fast workflows that are easy to understand, use and modify.
There are two workflows on GitHub Actions designed to achieve the idea:
- Build, test, push all types of container images into the *Client Library*, and extract RootFS from `default` and `minimal` images.
- Use these RootFS to request Docker to create images for the *Official Library*.
You can read more about how the workflows work in the [section](#workflows-jobs-and-steps) below.
The AlmaLinux ***Client Library*** includes the following registries/organizations:
- [Docker.io/almalinux](https://hub.docker.com/u/almalinux) (Sponsored by OSS)
- [Quay.io/almalinuxorg](https://quay.io/organization/almalinuxorg)
- [Ghcr.io/AlmaLinux](https://github.com/orgs/AlmaLinux/packages)
The AlmaLinux [***Official Library***](https://hub.docker.com/_/almalinux) is maintained by Docker.
## Containerfiles
Each image pushed to the *Client Library* is built from a corresponding [Containerfile](https://github.com/AlmaLinux/container-images/tree/main/Containerfiles) that is a unique file for each AlmaLinux release and configuration type: `base`, `default`, `init`, `micro`, `minimal`.
These files match [Dockerfile](https://docs.docker.com/reference/dockerfile/) standard and contain commands and instructions on how to install AlmaLinux's whole root filesystem in them.
Images for the *Docker Official* Library are built using other Dockerfiles that are also designed for each AlmaLinux release but only `default` and `minimal` types:
- 8 [default](https://github.com/yuravk/container-images/tree/8/default) and [minimal](https://github.com/yuravk/container-images/tree/8/minimal) per platform;
- 9 [default](https://github.com/yuravk/container-images/tree/9/default) and [minimal](https://github.com/yuravk/container-images/tree/9/minimal) per platform.
These Dockerfiles are to build images from scratch using platform's corresponding RootFS.
## What Container Images are built
### AlmaLinux releases
Container images are built for AlmaLinux OS 8 and 9. The Major version of the release must be set for the **Build, Test and Push** workflow. The Minor version is automatically set by the workflow as *the latest*.
**Publish Images** workflow pushes build requests to the Docker also for both AlmaLinux releases, 8 and 9.
### Image configuration types
AlmaLinux container images types match [Red Hat Universal Base Image](https://catalog.redhat.com/software/base-images):
- `base`
- `default` (the image is also available via the Docker *Official Library*)
- `init`
- `micro`
- `minimal` (the image is also available via the Docker *Official Library*)
### Supported platforms/architectures
**Build, Test and Push** workflow builds container images of the following platforms simultaneously with `docker buildx`. They result in the following machine hardware names (`uname -m`):
| docker platform | hardware name |
| --------------- | ------------- |
| linux/amd64 | x86_64 |
| linux/ppc64le | ppc64le |
| linux/s390x | s390x |
| linux/arm64 | aarch64 |
The [**containerd image store store**](https://docs.docker.com/storage/containerd/) for Docker Engine together with `buildx` are used to build and push multiple platforms at once.
### Repositories
The following *repositories* are created on all registries ([Docker.io/almalinux](https://hub.docker.com/u/almalinux), [Quay.io/almalinuxorg](https://quay.io/organization/almalinuxorg), [Ghcr.io/AlmaLinux](https://github.com/orgs/AlmaLinux/packages)) for all supported images types:
- `/almalinux` - [Quay.io/almalinuxorg](https://quay.io/repository/almalinuxorg/almalinux) only. Is built from the `default` image.
- `/8-base`
- `/9-base`
- `/8-init`
- `/9-init`
- `/8-micro`
- `/9-micro`
- `/8-minimal`
- `/9-minimal`
They are the *Client Library*.
### Tags
The following tags are created under each *repository* (AlmaLinux 9.3 example as of 24 Nov 2023):
| tag | example |
| ---------------------- | ------------- |
| latest | latest |
| MAJOR | 9 |
| MAJOR.MINOR | 9.3 |
| MAJOR.MINOR-DATE_STAMP | 9.3-20231124 |
The `/almalinux` *repository* includes the `latest` tag for AlmaLinux release 9.x only.
## *container-images* repository structure
### Directories structure
1. Branch 'main'
```sh
.
├── .github
│   └── workflows
│   ├── build-test-push.yml
│   └── publish-docker-library.yml
├── Containerfiles
│   ├── 8
│   │   ├── Containerfile.base
│   │   ├── Containerfile.default
│   │   ├── Containerfile.init
│   │   ├── Containerfile.micro
│   │   └── Containerfile.minimal
│   └── 9
│   ├── Containerfile.base
│   ├── Containerfile.default
│   ├── Containerfile.init
│   ├── Containerfile.micro
│   └── Containerfile.minimal
├── LICENSE
└── README.md
```
2. Branch for AlmaLinux release '8'
```sh
.
├── docker-library-definition.tmpl
├── default
│ ├── amd64
│ │ ├── Dockerfile
│ │ └── almalinux-8-default-amd64.tar.gz
│ ├── arm64
│ │ ├── Dockerfile
│ │ └── almalinux-8-default-arm64.tar.gz
│ ├── ppc64le
│ │ ├── Dockerfile
│ │ └── almalinux-8-default-ppc64le.tar.gz
│ └── s390x
│ ├── Dockerfile
│ └── almalinux-8-default-s390x.tar.gz
└── minimal
├── amd64
│ ├── Dockerfile
│ └── almalinux-8-minimal-amd64.tar.gz
├── arm64
│ ├── Dockerfile
│ └── almalinux-8-minimal-arm64.tar.gz
├── ppc64le
│ ├── Dockerfile
│ └── almalinux-8-minimal-ppc64le.tar.gz
└── s390x
├── Dockerfile
└── almalinux-8-minimal-s390x.tar.gz
```
3. Branch for AlmaLinux release '9'
```sh
.
├── docker-library-definition.tmpl
├── default
│ ├── amd64
│ │ ├── Dockerfile
│ │ └── almalinux-9-default-amd64.tar.gz
│ ├── arm64
│ │ ├── Dockerfile
│ │ └── almalinux-9-default-arm64.tar.gz
│ ├── ppc64le
│ │ ├── Dockerfile
│ │ └── almalinux-9-default-ppc64le.tar.gz
│ └── s390x
│ ├── Dockerfile
│ └── almalinux-9-default-s390x.tar.gz
└── minimal
├── amd64
│ ├── Dockerfile
│ └── almalinux-9-minimal-amd64.tar.gz
├── arm64
│ ├── Dockerfile
│ └── almalinux-9-minimal-arm64.tar.gz
├── ppc64le
│ ├── Dockerfile
│ └── almalinux-9-minimal-ppc64le.tar.gz
└── s390x
├── Dockerfile
└── almalinux-9-minimal-s390x.tar.gz
```
### Workflow **.yml* files
The [`.github/workflows/build-test-push.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/build-test-push.yml) workflow is used to **Build, Test and Push** images to the *Client Library*, and extract RootFS:
```yaml
name: Build, test and push to the Client Library
on:
workflow_dispatch:
inputs:
production:
description: |
'Push to production registries'
'not checked - to testing'
required: true
type: boolean
default: true
...
```
The
[`.github/workflows/publish-docker-library.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/publish-docker-library.yml) workflow is used to **Publish Images** to the Docker *Official Library*:
```yaml
name: Publish images to the Docker Library
on:
workflow_dispatch:
inputs:
pr:
description: 'Publish to Docker Official Library'
required: true
type: boolean
default: true
...
```
Both workflows are triggered manually by the [**workflow_dispatch**](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch) event of GitHub Actions.
### Sourced *Containerfiles*
This [`Containerfiles/9/Containerfile.minimal`](https://github.com/AlmaLinux/container-images/blob/main/Containerfiles/9/Containerfile.minimal) file is a Containerfile example for AlmaLinux release 9 and `minimal` type used to build container image for the *Client Library*:
```Dockerfile
ARG SYSBASE=almalinux:9
FROM ${SYSBASE} as system-build
RUN mkdir /mnt/sys-root; \
dnf install -y \
--installroot /mnt/sys-root \
--releasever 9 \
--setopt install_weak_deps=false \
--nodocs \
almalinux-release \
bash \
...
FROM scratch
COPY --from=system-build /mnt/sys-root/ /
CMD ["/bin/bash"]
```
This [`minimal/amd64/Dockerfile`](https://github.com/yuravk/container-images/blob/9/minimal/amd64/Dockerfile) file is a Dockerfile example for AlmaLinux release 9 `minimal` type and `amd64` (`x86_64`) platform used to build container image for the Docker *Official Library*:
```Dockerfile
# Tags: minimal, 9-minimal, 9.3-minimal, 9.3-minimal-20231124
FROM scratch
ADD almalinux-9-minimal-amd64.tar.xz /
CMD ["/bin/bash"]
```
### Template file for Docker *Library Definition*
The Docker *Official Library* uses [Definition File](https://github.com/docker-library/official-images/blob/master/library/almalinux) to request building of official images. Changing the file triggers a new image(s) building on the Docker side. The [`docker-library-definition.tmpl`](https://github.com/yuravk/container-images/blob/docker-library/docker-library-definition.tmpl) template is used to generate the Definition file:
```yaml
Tags: {{ .tags }}
GitFetch: refs/heads/{{ .version_major }}
GitCommit: {{ .commit_hash }}
amd64-Directory: {{ .image_type }}/amd64/
arm64v8-Directory: {{ .image_type }}/arm64/
ppc64le-Directory: {{ .image_type }}/ppc64le/
s390x-Directory: {{ .image_type }}/s390x/
Architectures: amd64, arm64v8, ppc64le, s390x
```
# How to contribute/help and customize workflow(s)
## Fork GitHub repositories
Fork the following repositories:
- [**container-images**](https://github.com/AlmaLinux/container-images), you will need the `main`, the `8` and the `9` branches.
- [**docker-library**](https://github.com/docker-library/official-images)
Read more about GitHub [forks here](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo).
❗ Please, note, that you won't be able to create a Pull Request to this repository as only AlmaLinux organization members have access to do it.
## Set Action's secrets
To set secrets needed for this repository, go to your GitHub account **Settings** -> expand **Secrets and variables** (located under the **Security** section) -> select **Actions**. Read more about [Github Secrets in Actions](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
The following *Repository secrets* are required. Set them with your personal data and ***only for registries you are using***.
For production *Client Library* please define secrets:
| Secret name | Description |
| ---------------------- | -------------------- |
| `DOCKERHUB_USERNAME` | docker.io user |
| `DOCKERHUB_TOKEN` | docker.io token |
| `QUAY_IO_USERNAME` | quay.io user |
| `QUAY_IO_CLI_PASSWORD` | quay.io CLI password |
| `GIT_HUB_USERNAME` | GitHub user |
| `GIT_HUB_TOKEN` | GitHub token |
The same secrets with `TEST_` prefix in secret names (like `TEST_DOCKERHUB_USERNAME`) should be set for corresponded registries if testing *Client Library* (testing mode).
On how to create tokens/CLI passwords please read:
- Manage **Quay.io** [Access Tokens](https://docs.quay.io/glossary/access-token.html)
- [Create and manage access tokens](https://docs.docker.com/security/for-developers/access-tokens/) on **Docker**
- [Managing your personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) on **GitHub**.
When creating a new personal access token on **GitHub**, please, select:
- *write:packages* scope, to allow packages uploading to GitHub Package Registry;
- *admin:org* scope, to allow Pull Request creation to [docker-library](https://github.com/docker-library/official-images).
## Change registries list
On needed registries create your own accounts in case you don't have any as you won't be able to use AlmaLinux accounts.
According to your list of needed registries and knowing your user names edit the [`.github/workflows/build-test-push.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/build-test-push.yml) workflow file (branch `master`):
```yaml
registries: 'docker.io/<user_name>, quay.io/<user_name>, ghcr.io/<user_name>'
```
Separate the registries with commas.
`<user_name>` - is your user name on the specific registry.
## Change platforms list
If you don't need to build images for all platforms, you can edit the list of platforms to meet your needs in the [`.github/workflows/build-test-push.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/build-test-push.yml) workflow file (branch `master`):
```yaml
platforms: 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64'
```
Separate the platforms with commas.
## Change image types list
Edit the [`.github/workflows/build-test-push.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/build-test-push.yml) workflow file (branch `master`) to change type of images which are built:
- Add/modify/delete input for specific type name of image:
```yaml
type_<type_name>:
description: '<type_name>'
required: true
type: boolean
```
- Add/modify/delete the image type in the matrix for the `build` job:
```yaml
image_types: ${{ fromJSON(format('["{0}"]', ( inputs.type_<type_name> && '<type_name>' ) )) }}
```
Where `<type_name>` is the name of your image type.
Default are: *base*, *default*, *init*, *micro*, *minimal*
## To bump AlmaLinux release (*Major* number)
If a new AlmaLinux major release is available, edit the [`.github/workflows/build-test-push.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/build-test-push.yml) workflow file (branch `master`), to set this major version:
- `inputs.version_major` like:
```yaml
version_major:
description: 'AlmaLinux major version'
required: true
default: '<version_latest>'
type: choice
options:
- <version_latest>
- 9
- 8
```
- `env.version_latest` like:
```yaml
version_latest: <version_latest>
```
Where `<version_latest>` is an AlmaLinux version major version, for example `10`.
## To bump AlmaLinux release (*Minor* number)
If a new AlmaLinux minor release is available, edit the [`.github/workflows/build-test-push.yml`](https://github.com/AlmaLinux/container-images/blob/main/.github/workflows/build-test-push.yml) workflow file (branch `master`) to set it. To do so, you need the "DeployPrepare AlmaLinux Minor version number" step:
```sh
case ${{ inputs.version_major }} in
8)
version_minor="<8_minor>" ;;
9)
version_minor="<9_minor>" ;;
10)
version_minor="<10_minor>" ;;
```
Where `<8_minor>`, `<9_minor>`, `<10_minor>` are AlmaLinux's corresponding minor versions.
For example Minors are `10`, `4` or `1` for new **8.10**, **9.4** or **10.1** versions respectively.
## Restrictions
❗ Only AlmaLinux organization members have access to create Pull Requests and publish container images into the Docker *Official Library*.
**Build, test and push to the Client Library** workflow will work only for your *Client Library*, but not for AlmaLinux-owned ones.
# Workflows jobs and steps
## Build, test and push to the Client Library
Tree illustration of the workflow Jobs and Steps for AlmaLinux 9 minimal image:
```
Build, test and push to the Client Library
├── Deploy 9 minimal images
│   ├── Set up job
│   ├── DeployPrepare AlmaLinux Minor version number
│   ├── Prepare date stamp
│   ├── Generate list of Docker images to use as base name for tags
  ├── Enable containerd image store on Docker Engine
  ├── Checkout _container-images, branch 'main'
│   ├── Checkout _container-images, branch '9', path '9'
│   ├── Set up QEMU
  ├── Set up Docker Buildx
  ├── Login to Docker.io
│   ├── Login to Quay.io
│   ├── Login to Ghcr.io
  ├── Generate tags and prepare metadata to build and push
  ├── Build images
│   ├── Test images
│   ├── Push images to Client Library
  ├── Extract RootFS (default and minimal only)
  ├── Change date stamp in Dockerfile (default and minimal only)
│   ├── Commit and push minimal/*/* Dockerfile and RootFS (branch 9)"
│   ├── Post Push images to Client Library
  ├── Post Build images
  ├── Post Login to Ghcr.io
│   ├── Post Set up Docker Buildx
│   ├── Post Checkout _container-images, branch '9', path '9'
  ├── Post Checkout _container-images, branch 'main'
  └── Complete job
└── Optimize size of repository
├── Checkout almalinux/container-images, branch '9', path '9'
├── Optimize size of branch the '9'
└── Commit and push almalinux/container-images, branch '9'
```
### Inputs
The workflow inputs are:
- `production` - boolean '*Push to production registries*' with the default value `true` (checked). Container images are pushed into the production *Client Library*: [Docker.io/almalinux](https://hub.docker.com/u/almalinux), [Quay.io/almalinuxorg](https://quay.io/organization/almalinuxorg) and [Ghcr.io/AlmaLinux](https://github.com/orgs/AlmaLinux/packages). Otherwise, images are pushed into the testing *Client Library*: [Quay.io/almalinuxautobot](https://quay.io/organization/almalinuxautobot)
- `version_major` - dropdown 'AlmaLinux major version' with the default value `9`. This is a major number of AlmaLinux version to build images for.
- Checklist of image types: *base*, *default*, *init*, *micro*, *minimal*. At least one should be checked.
### Job: Deploy *version_major* *image_types* images
Job proceeds to input `version_major` and iterates with selected `image_types` using matrix. Multiple jobs run simultaneously for each image type.
#### Step: DeployPrepare AlmaLinux Minor version number
The step sets AlmaLinux `version_minor` according to set on inputs `version_major`.
#### Step: Prepare date stamp
Generates `date_stamp` in format *YYYYMMDD*. It is used in image tags.
#### Step: Generate list of Docker images to use as base name for tags
Generates `env.IMAGE_NAMES` for each registry including image type like: `docker.io/***/8-minimal quay.io/***/8-minimal`
#### Step: Enable containerd image store on Docker Engine
Modifies the /etc/docker/daemon.json as:
```json
"features":
{
"containerd-snapshotter": true
}
```
Restarts the `docker` service to get a new image store working.
The successful switch is printed in the docker info:
```json
[[driver-type io.containerd.snapshotter.v1]]
```
#### Step: Checkout *container-images*, branch 'main'
Checkouts *container-images* into branch 'main'. The repository directory is located at `/home/runner/work/container-images/container-images`. Please note, the only last commit is checked out.
The [actions/checkout@v4](https://github.com/actions/checkout/) is used.
#### Step: Checkout *container-images*, branch '${version_major}', path '${version_major}'
Checkouts *container-images* into branch '${version_major}'. The repository directory is located at `/home/runner/work/container-images/${version_major}`.
The [actions/checkout@v4](https://github.com/actions/checkout/) is used.
#### Step: Set up QEMU
Installs [QEMU](https://github.com/qemu/qemu) static binaries. The [docker/setup-qemu-action@v3](https://github.com/docker/setup-qemu-action) is used. The QEMU static binaries are required to build different platforms within one machine.
#### Step: Set up Docker Buildx
Sets up Docker [Buildx](https://github.com/docker/buildx). It uses [docker/setup-buildx-action@v3](https://github.com/docker/setup-buildx-action)
#### Step: Login to Docker.io
The [docker/login-action@v3](https://github.com/docker/login-action) is used. The following secrets are used:
*production* mode:
- DOCKERHUB_USERNAME
- DOCKERHUB_TOKEN
*testing* mode:
- TEST_DOCKERHUB_USERNAME
- TEST_DOCKERHUB_TOKEN
#### Step: Login to Quay.io
The [docker/login-action@v3](https://github.com/docker/login-action) is used. The following secrets are used:
*production* mode:
- QUAY_IO_USERNAME
- QUAY_IO_CLI_PASSWORD
*testing* mode:
- TEST_QUAY_IO_USERNAME
- TEST_QUAY_IO_CLI_PASSWORD
#### Step: Login to Ghcr.io
The [docker/login-action@v3](https://github.com/docker/login-action) is used. The following secrets are used:
*production* mode:
- GIT_HUB_USERNAME
- GIT_HUB_TOKEN
*testing* mode:
- TEST_GIT_HUB_USERNAME
- TEST_GIT_HUB_TOKEN
#### Step: Generate tags and prepare metadata to build and push
The [docker/metadata-action@v5](https://github.com/docker/metadata-action) is used to generate tags, labels and annotations for images. Here is an example of AlmaLinux 8 minimal image's tags:
```json
"tags": [
"docker.io/***/8-minimal:latest",
"docker.io/***/8-minimal:8",
"docker.io/***/8-minimal:8.9",
"docker.io/***/8-minimal:8.9-20240319",
"quay.io/***/8-minimal:latest",
"quay.io/***/8-minimal:8",
"quay.io/***/8-minimal:8.9",
"quay.io/***/8-minimal:8.9-20240319",
],
```
#### Step: Build images
The [docker/build-push-action@v5](https://github.com/docker/build-push-action) is used to build images. This step builds the images from corresponding [`Containerfile`](https://github.com/AlmaLinux/container-images/tree/main/Containerfiles), for specified `env.platforms` and uses tags from the previous step. After the successful building, the images are loaded into docker, but not pushed yet as they need to be tested first. AlmaLinux 8 minimal images `buildx` looks like this:
```sh
/usr/bin/docker buildx build --file ./Containerfile.minimal ... \
--platform linux/amd64,linux/ppc64le,linux/s390x,linux/arm64 \
--provenance false ... \
--tag docker.io/***/8-minimal:latest --tag docker.io/***/8-minimal:8 --tag docker.io/***/8-minimal:8.9 --tag docker.io/***/8-minimal:8.9-20240319 --tag quay.io/***/8-minimal:latest --tag quay.io/***/8-minimal:8 --tag quay.io/***/8-minimal:8.9 --tag quay.io/***/8-minimal:8.9-20240319 \
--load \
--metadata-file /home/runner/work/_temp/docker-actions-toolkit-*/metadata-file \
https://github.com/***/container-images.git#270a6d3fd433cfa6c3e1fff5896a92d1ae2896be:Containerfiles/8
```
`provenance: false` is to disable the [Provenance attestations](https://docs.docker.com/build/attestations/slsa-provenance/) as Quay.io registry doesn't support such kind of images data.
#### Step: Test images
Every image can be tested separately for each type and platform as each image is loaded into docker. Docker run images "by digest":
```sh
docker run --platform=${platform} ${{ steps.build-images.outputs.digest }}
```
#### Step: Push images to Client Library
The [docker/build-push-action@v5](https://github.com/docker/build-push-action) is used. This step pushes built images into *Client Library*. The options are the same as for **Build images** step.
#### Step: Extract RootFS (default and minimal only)
❗ Skip this step if the image type is not 'default' or 'minimal'.
The step is to extract RootFS from existing image's blobs:
- uses`docker save` to produce a tarred repository and save it to the "tar file". Unpack the "tar file" to get blobs.
- Prepares the "temporary Dockerfile" to build image based on RootFS.
```Dockerfile
FROM scratch
ADD rootfs.tar.gz /
CMD ["/bin/bash"]
```
- Loops blobs to find all zipped files that are RootFS for a particular architecture.
- with `docker build`, builds an image from the "temporary Dockerfile".
- with `docker run`, runs the image and query `almalinux-release` package's *architecture*.
- Maps found *architecture* to the corresponding *platform*.
- Copes the "taken RootFS" into corresponded .tar.xz (like `almalinux-9-default-amd64.tar.xz`)
#### Step: Change date stamp in Dockerfile (default and minimal only)
❗ Skip this step if the image type is not 'default' or 'minimal'.
The step changes (*# Tags* with date stamp) in corresponded `${images_type}/${platform}/Docker file` for AlmaLinux [release 8](https://github.com/yuravk/container-images/tree/8) an [release 9](https://github.com/yuravk/container-images/tree/9), which Docker will use to build images for the *Official Library*. An example is for AlmaLinux 9 minimal amd64 [`minimal/amd64/dockerfile`](https://github.com/yuravk/container-images/blob/9/minimal/amd64/Dockerfile) file:
```docker
# Tags: 8-minimal, 8.9-minimal, 8.9-minimal-20240319
FROM scratch
ADD almalinux-9-minimal-amd64.tar.xz /
CMD ["/bin/bash"]
```
The change indicates that a new `default` and/or `minimal` container image was pushed to the *Client Library* and should be requested to be built by Docker. The change will later be committed to the `8` or `9` branch.
> It will try to pull recent changes (before push) with `--rebase --autostash`
#### Step: Commit and push ${image_types }/*/* Dockerfile and RootFS (branch ${version_major })"
❗ Skip this step if the image type is not 'default' or 'minimal'.
❗ The step is skipped if '*Push to production registries*' is not checked (`inputs.production` set to `false`.)
Uses [EndBug/add-and-commit@v9](https://github.com/marketplace/actions/add-commit) to commit and push Dockerfile and RootFS, which were changed and extracted on the previous steps.
The commit message is:
```yaml
AlmaLinux ${version_major}-${images_type} image build as of ${date_stamp} (with ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
```
It includes the AlmaLinux version major, image type, build date, and reference to this GitHub Action.
### Job: Optimize size of repository
❗ Skip the job if the image type is not 'default' or 'minimal', or '*Push to production registries*' is not checked (`inputs.production` set to `false`.)
#### Step: Checkout almalinux/container-images, branch '${version_major}', path '${version_major}'
The [actions/checkout@v4](https://github.com/actions/checkout/) checkouts *container-images* into branch '${version_major}'. The repository directory is located at `/home/runner/work/container-images/container-images` and its subdirectory is named '${version_major}'. All commits for the branch are checkout with `fetch-depth: 0`.
#### Step: Optimize size of branch the '${version_major}'
This step is written in bash and is designed to:
- preserves 'default' and 'minimal' folders with Dockerfiles and RootFSs into `../tmp-${date_stamp}` folder
- checkouts into new local 'tmp' branch
- removes local ${version_major} branch
- checkouts into orphan ${version_major} branch
- restores 'default' and 'minimal' folders into the orphan branch placeholder
#### Step: Commit and push almalinux/container-images, branch '${version_major}'
Uses [EndBug/add-and-commit@v9](https://github.com/marketplace/actions/add-commit) to commit and push Dockerfiles and RootFSs which were prepared on previous step.
The following options are used to push:
- `--force` - to rewrite history
- `--set-upstream origin ${version_major}` - to set upstream branch (as new one is orphan)
## Publish images to the Docker Library
Tree illustration of the workflow Jobs and Steps for AlmaLinux 9 minimal image:
```
Publish images to the Docker Library
├── 8 default definition preparing
.
.
.
├── 8 minimal definition preparing
.
.
.
├── 9 default definition preparing
.
.
.
├── 9 minimal definition preparing
│   ├── Set up job
│   ├── Checkout container-images, branch '9'
│   ├── Checkout official-images, branch 'master'
│   ├── Get need data for the definition
│   ├── Render the definition
│   ├── Upload the definition for 9 minimal
│   ├── Post Checkout official-images, branch 'master'
│   ├── Post Checkout container-images, branch '9'
│   └── Complete job
└── Create Pull Request with the new definition file
├── Set up job
├── Checkout official-images, branch 'master'
├── Sync official-images with docker-library/official-images, branch 'master'
├── Download all definitions
├── Create head of official-images/library/almalinux
├── Merge definitions into official-images/library/almalinux
├── Prepare date stamp
├── Prepare time stamp
├── Commit and push official-images/library/almalinux
├── Create Pull Request for official-images/library/almalinux
├── Post Checkout official-images, branch 'master'
└── Complete job
```
### Inputs
The workflow inputs are:
- `pr` - boolean '*Publish to the Docker Official Library*' with the default value `true` (checked). The input indicates whether to create a Pull Request to Docker with AlmaLinux *Definition File*.
- `draft` - boolean '*Draft Pull Request*' with the default value `false` (not checked). The input indicates whether the [Pull Request is draft](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests#draft-pull-requests) or it is ready to review.
### Job: *version_major* *image_types* definition preparing
Job iterates (using matrix) with AlmaLinux all `version_major`, and `image_types` (`default` and `minimal`). Multiple jobs run simultaneously for each of the versions and each of the image types.
#### Step: Checkout *container-images*, branch '${version_major}'
The [actions/checkout@v4](https://github.com/actions/checkout/) checkouts *container-images* into branch '${version_major}'. The repository directory is located at `/home/runner/work/container-images/container-images`. All commits for the branch are checkout with `fetch-depth: 0`.
#### Step: Checkout *official-images*, branch 'master'
The [actions/checkout@v4](https://github.com/actions/checkout/) checkouts *container-images* into branch 'master'. The repository directory is located at `/home/runner/work/container-images/official-images`.
That's your fork of [docker-library/official-images](https://github.com/docker-library/official-images) repository.
#### Step: Get need data for the definition
The step is written in bash. It reads the *# Tags:* string and the commit hash of `Containerfiles/${{ matrix.version_major }}/Containerfile.image_types` file changed by the **Build, test and push** workflow. `env.tags` and `env.last_commit` are exported. These data will be used to generate part of *Definition File*.
#### Step: Render the definition
The [chuhlomin/render-template@v1](https://github.com/marketplace/actions/render-template) generates from the `docker-library-definition.tmpl` using data (`env.tags`, `env.last_commit`, `matrix.version_major` and `matrix.image_types`) file `official-images/library/almalinux.version_major.image_types`. The file is a part of Docker Library *Definition File*.
#### Step: Upload the definition for *version_major* *image_types*
The step uses [actions/upload-artifact@v4](https://github.com/actions/upload-artifact) to store an artifact generated in the previous step `official-images/library/almalinux.version_major.image_types`. The artifact is named against `version_major` and `image_type`, following the pattern: `definition-${version_major}.${image_types}`.
Artifacts are used to transfer files between different jobs of the same workflow. The artifact is a zip archive of the file without file-path included.
It is also possible to download artifacts via GitHub Action's web interface.
### Job: Create Pull Request with the new definition file
> The job is skipped if the *'Publish to Docker Official Library'* isn't checked (`inputs.pr` set into `false`)
#### Step: Checkout *official-images*, branch 'master'
The [actions/checkout@v4](https://github.com/actions/checkout/) checkouts *container-images* into branch 'master'. The repository directory is located at `/home/runner/work/container-images/official-images`.
That's your fork of [docker-library/official-images](https://github.com/docker-library/official-images) repository.
#### Step: Sync *official-images* with upstream
The step is written in bash. It uses GitHub CLI to sync the [docker-library-official-images](https://github.com/AlmaLinux/docker-library-official-images) with the [official-images upstream](https://github.com/docker-library/official-images) repository.
#### Step: Download all definitions
Uses [actions/download-artifact@v4](https://github.com/actions/download-artifact) to download multiple (`merge-multiple: true`) artifacts with generated definitions. The files are saved into the `official-images/library/` directory.
#### Step: Create head of *official-images/library/almalinux*
Creates heading for the Docker *Definition File*.
#### Step: Merge definitions into *official-images/library/almalinux*
The step is written in bash. It appends the `official-images/library/almalinux` *Definition File* with downloaded on the previous step definitions `official-images/library/almalinux.version_major.image_types`.
#### Step: Prepare date stamp
Generates `date_stamp` in the *YYYYMMDD* format. It is used in the commit message and pull request title.
#### Step: Prepare time stamp
Generates `time_stamp` in the *HH:MM:SS* format. It is used in the commit message and pull request title.
#### Step: Commit and push *official-images/library/almalinux*
Uses [EndBug/add-and-commit@v9](https://github.com/marketplace/actions/add-commit) to commit and push the generated *Definition File*.
The commit message is:
```yaml
AlmaLinux auto-update - ${{ env.date_stamp }} ${{ env.time_stamp }}.
```
> It will try to pull recent changes (before push) with `--rebase --autostash`
#### Step: Create Pull Request for *official-images/library/almalinux*
The step is written in bash. It uses Github CLI to create a Pull Request for the `official-images/library/almalinux` *Definition File* from your fork and to [docker-library/official-images](https://github.com/docker-library/official-images) repository.
The Pull Request will be drafted if the `draft` input is checked. When ready, [mark the request as ready for review](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review).

5
default/amd64/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: latest, 9, 9.5, 9.5-20241118
FROM scratch
ADD almalinux-9-default-amd64.tar.xz /
CMD ["/bin/bash"]

BIN
default/amd64/almalinux-9-default-amd64.tar.xz Normal file
View File

Binary file not shown.

5
default/arm64/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: latest, 9, 9.5, 9.5-20241118
FROM scratch
ADD almalinux-9-default-arm64.tar.xz /
CMD ["/bin/bash"]

BIN
default/arm64/almalinux-9-default-arm64.tar.xz Normal file
View File

Binary file not shown.

5
default/ppc64le/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: latest, 9, 9.5, 9.5-20241118
FROM scratch
ADD almalinux-9-default-ppc64le.tar.xz /
CMD ["/bin/bash"]

BIN
default/ppc64le/almalinux-9-default-ppc64le.tar.xz Normal file
View File

Binary file not shown.

5
default/s390x/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: latest, 9, 9.5, 9.5-20241118
FROM scratch
ADD almalinux-9-default-s390x.tar.xz /
CMD ["/bin/bash"]

BIN
default/s390x/almalinux-9-default-s390x.tar.xz Normal file
View File

Binary file not shown.

8
docker-library-definition.tmpl Normal file
View File

@ -0,0 +1,8 @@
Tags: {{ .tags }}
GitFetch: refs/heads/{{ .version_major }}
GitCommit: {{ .commit_hash }}
amd64-Directory: {{ .image_type }}/amd64/
arm64v8-Directory: {{ .image_type }}/arm64/
ppc64le-Directory: {{ .image_type }}/ppc64le/
s390x-Directory: {{ .image_type }}/s390x/
Architectures: amd64, arm64v8, ppc64le, s390x

5
minimal/amd64/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: minimal, 9-minimal, 9.5-minimal, 9.5-minimal-20241118
FROM scratch
ADD almalinux-9-minimal-amd64.tar.xz /
CMD ["/bin/bash"]

BIN
minimal/amd64/almalinux-9-minimal-amd64.tar.xz Normal file
View File

Binary file not shown.

5
minimal/arm64/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: minimal, 9-minimal, 9.5-minimal, 9.5-minimal-20241118
FROM scratch
ADD almalinux-9-minimal-arm64.tar.xz /
CMD ["/bin/bash"]

BIN
minimal/arm64/almalinux-9-minimal-arm64.tar.xz Normal file
View File

Binary file not shown.

5
minimal/ppc64le/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: minimal, 9-minimal, 9.5-minimal, 9.5-minimal-20241118
FROM scratch
ADD almalinux-9-minimal-ppc64le.tar.xz /
CMD ["/bin/bash"]

BIN
minimal/ppc64le/almalinux-9-minimal-ppc64le.tar.xz Normal file
View File

Binary file not shown.

5
minimal/s390x/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
# Tags: minimal, 9-minimal, 9.5-minimal, 9.5-minimal-20241118
FROM scratch
ADD almalinux-9-minimal-s390x.tar.xz /
CMD ["/bin/bash"]

BIN
minimal/s390x/almalinux-9-minimal-s390x.tar.xz Normal file
View File

Binary file not shown.