Test build for #1220

Author: dirkmueller

.obs/workflows.yml

@@ -9,6 +9,10 @@ staging_build:
         source_project: home:defolos:BCI:CR:Tumbleweed
         source_package: alertmanager-image
         target_project: home:defolos:BCI:CR:Tumbleweed:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:Tumbleweed
+        source_package: base-image
+        target_project: home:defolos:BCI:CR:Tumbleweed:Staging
     - branch_package:
         source_project: home:defolos:BCI:CR:Tumbleweed
         source_package: blackbox_exporter-image
@@ -228,6 +232,9 @@ refresh_devel_BCI:
     - trigger_services:
         project: devel:BCI:Tumbleweed
         package: alertmanager-image
+    - trigger_services:
+        project: devel:BCI:Tumbleweed
+        package: base-image
     - trigger_services:
         project: devel:BCI:Tumbleweed
         package: blackbox_exporter-image

base-image/README.md

@@ -0,0 +1,38 @@
+# openSUSE Tumbleweed BCI Base Container Image
+![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green)
+
+## Description
+
+SUSE Linux Enterprise Base Container Images (SLE BCI) provide truly open,
+flexible, and secure container images and application development tools. The
+images consist of container environments based on SUSE Linux Enterprise and
+designed to be a secure base for any containerized workload.
+
+SLE BCI is freely available, re-distributable, and supported across many
+different environments. These templates and tools address modern, containerized
+application development and CI/CD application containerization.  They can be
+used immediately by developers and integrators without the “lock-in” imposed by
+other offerings.
+
+SLE BCI inherits industry-leading security and compliance from SUSE Linux
+within your container build process. The container images are designed to be a
+secure base for any application workload. SUSE ensures that compliance
+standards are applied consistently and continuously improves security-related
+capabilities.
+
+SLE BCI is lightweight and easy to adopt, with the ability to run with any
+Linux OS. Avoid lock-in imposed by other vendors and get exactly what you need,
+fast. SLE BCI delivers a flexible developer experience that accounts for,
+integrates with, and supports language-native tools and workflows.
+
+## Usage
+
+## Licensing
+
+`SPDX-License-Identifier: MIT`
+
+This documentation and the build recipe are licensed as MIT.
+The container itself contains various software components under various open source licenses listed in the associated
+Software Bill of Materials (SBOM).
+
+This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).

base-image/_service

@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="kiwi_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>

base-image/base-image.changes

@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Jun 21 15:47:09 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Base Container Image BCI

base-image/base-image.kiwi

@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- SPDX-License-Identifier: MIT -->
+<!-- 
+    Copyright (c) 2024 SUSE LLC
+
+All modifications and additions to the file contributed by third parties
+remain the property of their copyright owners, unless otherwise agreed
+upon.
+
+The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+It is maintained by the BCI team and generated by
+https://github.com/SUSE/BCI-dockerfile-generator
+
+Please submit bugfixes or comments via https://bugs.opensuse.org/
+You can contact the BCI team via https://github.com/SUSE/bci/discussions
+-->
+<!-- OBS-AddTag: opensuse/bci/bci-base:%OS_VERSION_ID_SP% opensuse/bci/bci-base:%OS_VERSION_ID_SP%.%RELEASE% opensuse/bci/bci-base:latest -->
+<!-- OBS-Imagerepo: obsrepositories:/ -->
+
+<image schemaversion="7.4" name="base-image" xmlns:suse_label_helper="com.suse.label_helper">
+  <description type="system">
+    <author>openSUSE Project</author>
+    <contact>https://www.suse.com/</contact>
+    <specification>openSUSE Tumbleweed BCI Base Container Image Container Image</specification>
+  </description>
+  <preferences>
+    <type image="docker">
+      <containerconfig
+          name="opensuse/bci/bci-base"
+          tag="%OS_VERSION_ID_SP%"
+          maintainer="openSUSE (https://www.opensuse.org/)"
+          additionaltags="%OS_VERSION_ID_SP%.%RELEASE%,latest">
+        <labels>
+          <suse_label_helper:add_prefix prefix="org.opensuse.bci.base">
+            <label name="org.opencontainers.image.title" value="openSUSE Tumbleweed BCI Base Container Image"/>
+            <label name="org.opencontainers.image.description" value="Base Container Image container based on the openSUSE Tumbleweed Base Container Image."/>
+            <label name="org.opencontainers.image.version" value="%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.opencontainers.image.created" value="%BUILDTIME%"/>
+            <label name="org.opencontainers.image.vendor" value="openSUSE Project"/>
+            <label name="org.opencontainers.image.source" value="%SOURCEURL%"/>
+            <label name="org.opencontainers.image.url" value="https://www.opensuse.org"/>
+            <label name="org.opensuse.reference" value="registry.opensuse.org/opensuse/bci/bci-base:%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.openbuildservice.disturl" value="%DISTURL%"/>
+            <label name="org.opensuse.release-stage" value="released"/>
+            <label name="org.opensuse.lifecycle-url" value="https://en.opensuse.org/Lifetime"/>
+          </suse_label_helper:add_prefix>
+          <label name="io.artifacthub.package.readme-url" value="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/base-image/README.md"/>
+          <label name="io.artifacthub.package.logo-url" value="https://opensource.suse.com/bci/SLE_BCI_logomark_green.svg"/>
+        </labels>
+      </containerconfig>
+    </type>
+    <version>2024</version>
+    <packagemanager>zypper</packagemanager>
+    <rpm-check-signatures>false</rpm-check-signatures>
+    <rpm-excludedocs>true</rpm-excludedocs>
+  </preferences>
+  <repository type="rpm-md">
+    <source path="obsrepositories:/"/>
+  </repository>
+  <packages type="bootstrap">
+    <package name="aaa_base"/>
+    <package name="cracklib-dict-small"/>
+    <package name="filesystem"/>
+    <package name="jdupes"/>
+    <package name="kubic-locale-archive"/>
+    <package name="patterns-base-fips"/>
+    <package name="patterns-base-minimal_base"/>
+    <package name="rpm-ndb"/>
+    <package name="shadow"/>
+    <package name="sles-release"/>
+    <package name="zypper"/>
+  </packages>
+  <packages type="image">
+    <package name="bash"/>
+    <package name="ca-certificates-mozilla"/>
+    <package name="ca-certificates"/>
+    <package name="container-suseconnect"/>
+    <package name="coreutils"/>
+    <package name="curl"/>
+    <package name="findutils"/>
+    <package name="glibc-locale-base"/>
+    <package name="gzip"/>
+    <package name="lsb-release"/>
+    <package name="netcfg"/>
+    <package name="openssl"/>
+    <package name="skelcd-EULA-bci"/>
+    <package name="sle-module-basesystem-release"/>
+    <package name="sle-module-server-applications-release"/>
+    <package name="sle-module-python3-release"/>
+    <package name="suse-build-key"/>
+    <package name="tar"/>
+    <package name="timezone"/>
+  </packages>
+
+</image>

base-image/config.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2024 SUSE LLC
+
+set -euo pipefail
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+echo "Configure image: [$kiwi_iname]..."
+
+#============================================
+# Import repositories' keys if rpm is present
+#--------------------------------------------
+if command -v rpm > /dev/null; then
+    suseImportBuildKey
+fi
+
+
+echo "Configure image: [$kiwi_iname]..."
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+#======================================
+# Import repositories' keys
+#--------------------------------------
+suseImportBuildKey
+
+
+# don't have duplicate licenses of the same type
+jdupes -1 -L -r /usr/share/licenses
+
+zypper --non-interactive rm -u jdupes
+
+# Not needed, but neither rpm nor libzypp handle rpmlib(X-CheckUnifiedSystemdir) yet
+# which would avoid it being installed by filesystem package
+rpm -e compat-usrmerge-tools
+
+#======================================
+# Disable recommends
+#--------------------------------------
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+
+#======================================
+# Exclude docs installation
+#--------------------------------------
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+
+#======================================
+# Configure SLE BCI repositories
+#--------------------------------------
+zypper -n ar --refresh --gpgcheck --priority 100 --enable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product/' SLE_BCI
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_debug/' SLE_BCI_debug
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_source/' SLE_BCI_source
+
+#======================================
+# Remove locale files
+#--------------------------------------
+shopt -s globstar
+rm -f /usr/share/locale/**/*.mo
+
+#======================================
+# Remove zypp uuid (bsc#1098535)
+#--------------------------------------
+rm -f /var/lib/zypp/AnonymousUniqueId
+
+# Remove various log files. Although possible to just rm -rf /var/log/*, that
+# would also remove some package owned directories (not %ghost) and some files
+# are actually wanted, like lastlog in the !docker case.
+# For those wondering about YaST2 here: Kiwi writes /etc/hosts, so the version
+# from the netcfg package ends up as /etc/hosts.rpmnew, which zypper writes a
+# letter about to /var/log/YaST2/config_diff_2022_03_06.log. Kiwi fixes this,
+# but the log file remains.
+rm -rf /var/log/{zypper.log,zypp/history,YaST2}
+
+# Remove the entire zypper cache content (not the dir itself, owned by libzypp)
+rm -rf /var/cache/zypp/*
+
+#==========================================
+# Hack! The go container management tools can't handle sparse files:
+# https://github.com/golang/go/issues/13548
+# If lastlog doesn't exist, useradd doesn't attempt to reserve space,
+# also in derived containers.
+#------------------------------------------
+rm -f /var/log/lastlog
+
+#======================================
+# Remove locale files
+#--------------------------------------
+find /usr/share/locale -name '*.mo' -delete
+
+exit 0
+
+
+#=======================================
+# Clean up after zypper if it is present
+#---------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean
+fi
+
+rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2}
+
+exit 0