Test build for #3166

Author: SUSE Update Bot

389-ds-image/Dockerfile

@@ -24,18 +24,25 @@ FROM registry.suse.com/bci/bci-base:16.0
 
 RUN set -euo pipefail; \
     zypper -n install --no-recommends 389-ds timezone openssl nss_synth
-
-# cleanup logs and temporary files
+# image cleanup
 RUN set -euo pipefail; zypper -n clean -a; \
-    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
-
-# set the day of last password change to empty
-RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
+    rm -vrf /var/log/alternatives.log; \
+    rm -vrf /var/log/lastlog; \
+    rm -vrf /var/log/tallylog; \
+    rm -vrf /var/log/zypper.log; \
+    rm -vrf /var/log/zypp/history; \
+    rm -vrf /var/log/YaST2; \
+    rm -vrf /var/lib/zypp/AnonymousUniqueId; \
+    rm -vrf /var/cache/zypp/*; \
+    rm -vrf /run/*; \
+    rm -vrf /etc/shadow-; \
+    rm -vrf /etc/group-; \
+    rm -vrf /etc/passwd-; \
+    rm -vrf /etc/.pwd.lock; \
+    rm -vrf /usr/lib/sysimage/rpm/.rpm.lock; \
+    rm -vrf /var/cache/ldconfig/aux-cache; \
+    [ -f /var/lib/zypp/AutoInstalled ] && sed -i '1d' /var/lib/zypp/AutoInstalled; \
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
 
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.389-ds

base-fips-image/Dockerfile

@@ -24,18 +24,25 @@ FROM registry.suse.com/bci/bci-base:16.0
 
 RUN set -euo pipefail; \
     zypper -n install --no-recommends SLES-release coreutils crypto-policies-scripts patterns-base-fips
-
-# cleanup logs and temporary files
+# image cleanup
 RUN set -euo pipefail; zypper -n clean -a; \
-    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
-
-# set the day of last password change to empty
-RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
+    rm -vrf /var/log/alternatives.log; \
+    rm -vrf /var/log/lastlog; \
+    rm -vrf /var/log/tallylog; \
+    rm -vrf /var/log/zypper.log; \
+    rm -vrf /var/log/zypp/history; \
+    rm -vrf /var/log/YaST2; \
+    rm -vrf /var/lib/zypp/AnonymousUniqueId; \
+    rm -vrf /var/cache/zypp/*; \
+    rm -vrf /run/*; \
+    rm -vrf /etc/shadow-; \
+    rm -vrf /etc/group-; \
+    rm -vrf /etc/passwd-; \
+    rm -vrf /etc/.pwd.lock; \
+    rm -vrf /usr/lib/sysimage/rpm/.rpm.lock; \
+    rm -vrf /var/cache/ldconfig/aux-cache; \
+    [ -f /var/lib/zypp/AutoInstalled ] && sed -i '1d' /var/lib/zypp/AutoInstalled; \
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
 
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.bci.base-fips

base-image/config.sh

@@ -50,59 +50,9 @@ zypper -n ar --refresh --gpgcheck --priority 100 --enable 'https://public-dl.sus
 zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://public-dl.suse.com/SUSE/Products/SLE-BCI/$releasever_major.$releasever_minor/$basearch/product_debug/' SLE_BCI_debug
 zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://public-dl.suse.com/SUSE/Products/SLE-BCI/$releasever_major.$releasever_minor/$basearch/product_source/' SLE_BCI_source
 
-#======================================
-# Remove zypp uuid (bsc#1098535)
-#--------------------------------------
-rm -f /var/lib/zypp/AnonymousUniqueId
-
-# Remove the entire zypper cache content (not the dir itself, owned by libzypp)
-rm -rf /var/cache/zypp/*
-
-# drop timestamp
-tail -n +2 /var/lib/zypp/AutoInstalled > /var/lib/zypp/AutoInstalled.new && mv /var/lib/zypp/AutoInstalled.new /var/lib/zypp/AutoInstalled
-
-# drop useless device/inode specific cache file (see https://github.com/docker-library/official-images/issues/16044)
-rm -vf /var/cache/ldconfig/aux-cache
-
-# remove backup of /etc/{shadow,group,passwd} and lock file
-rm -vf /etc/{shadow-,group-,passwd-,.pwd.lock}
-
-# drop pid and lock files
-rm -vrf /run/*
-rm -vf /usr/lib/sysimage/rpm/.rpm.lock
-
-# set the day of last password change to empty
-sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
-
-#==========================================
-# Hack! The go container management tools can't handle sparse files:
-# https://github.com/golang/go/issues/13548
-# If lastlog doesn't exist, useradd doesn't attempt to reserve space,
-# also in derived containers.
-#------------------------------------------
-rm -f /var/log/lastlog
-
 #======================================
 # Remove locale files
 #--------------------------------------
 (shopt -s globstar; rm -f /usr/share/locale/**/*.mo)
 
-#=======================================
-# Clean up after zypper if it is present
-#---------------------------------------
-if command -v zypper > /dev/null; then
-    zypper -n clean -a
-fi
-
-#=============================================
-# Clean up logs and temporary files if present
-#---------------------------------------------
-rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
-
-
 exit 0

base-image/images.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2025 SUSE LLC
+
+set -euo pipefail
+
+#======================================
+# Image Cleanup
+#--------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean -a
+    # drop timestamp
+    tail -n +2 /var/lib/zypp/AutoInstalled > /var/lib/zypp/AutoInstalled.new && mv /var/lib/zypp/AutoInstalled.new /var/lib/zypp/AutoInstalled
+else
+    # it does not make sense in a zypper-free image
+    rm -vrf /var/lib/zypp/AutoInstalled
+    rm -vrf /usr/lib/sysimage/rpm/Index.db
+fi
+
+# set the day of last password change to empty
+# prefer sed if available
+if command -v sed > /dev/null; then
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
+else
+    while IFS=: read -r username password last_change min_age max_age warn inactive expire reserved; do
+        echo "$username:$password::$min_age:$max_age:$warn:$inactive:$expire:$reserved" >> /etc/shadow.new
+    done < /etc/shadow
+    mv /etc/shadow.new /etc/shadow
+    chmod 640 /etc/shadow
+fi
+
+# remove logs and temporary files
+rm -vrf /var/log/alternatives.log
+rm -vrf /var/log/lastlog
+rm -vrf /var/log/tallylog
+rm -vrf /var/log/zypper.log
+rm -vrf /var/log/zypp/history
+rm -vrf /var/log/YaST2
+rm -vrf /var/lib/zypp/AnonymousUniqueId
+rm -vrf /var/cache/zypp/*
+rm -vrf /run/*
+rm -vrf /etc/shadow-
+rm -vrf /etc/group-
+rm -vrf /etc/passwd-
+rm -vrf /etc/.pwd.lock
+rm -vrf /usr/lib/sysimage/rpm/.rpm.lock
+rm -vrf /var/cache/ldconfig/aux-cache
+
+
+exit 0

bind-image/Dockerfile

@@ -36,18 +36,28 @@ RUN set -euo pipefail; \
     cp /target//usr/libexec/bind/named.prep /target/usr/local/lib/bind/named.prep; \
     sed -i -e 's|logger "Warning: \$1"|echo "Warning: \$1" >\&2|' -e '/\. \$SYSCONFIG_FILE/d' /target/usr/local/lib/bind/named.prep
 
-
-# cleanup logs and temporary files
+# image cleanup
 RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
-    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
+    rm -vrf /target/var/log/alternatives.log; \
+    rm -vrf /target/var/log/lastlog; \
+    rm -vrf /target/var/log/tallylog; \
+    rm -vrf /target/var/log/zypper.log; \
+    rm -vrf /target/var/log/zypp/history; \
+    rm -vrf /target/var/log/YaST2; \
+    rm -vrf /target/var/lib/zypp/AnonymousUniqueId; \
+    rm -vrf /target/var/cache/zypp/*; \
+    rm -vrf /target/run/*; \
+    rm -vrf /target/etc/shadow-; \
+    rm -vrf /target/etc/group-; \
+    rm -vrf /target/etc/passwd-; \
+    rm -vrf /target/etc/.pwd.lock; \
+    rm -vrf /target/usr/lib/sysimage/rpm/.rpm.lock; \
+    rm -vrf /target/var/cache/ldconfig/aux-cache; \
+    rm -vrf /target/var/lib/zypp/AutoInstalled; \
+    rm -vrf /target/usr/lib/sysimage/rpm/Index.db; \
+    [ -f /var/lib/zypp/AutoInstalled ] && sed -i '1d' /var/lib/zypp/AutoInstalled; \
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
 
-# set the day of last password change to empty
-RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
 FROM registry.suse.com/bci/bci-micro:16.0
 COPY --from=builder /target /
 # Define labels according to https://en.opensuse.org/Building_derived_containers

busybox-image/config.sh

@@ -19,35 +19,5 @@ fi
 
 sed -i 's|/bin/bash|/bin/sh|' /etc/passwd
 
-# not making sense in a zypper-free image
-rm -vf /var/lib/zypp/AutoInstalled
-
-# includes device and inode numbers that change on deploy
-rm -vf /var/cache/ldconfig/aux-cache
-
-# Will be recreated by the next rpm(1) run as root user
-rm -vf /usr/lib/sysimage/rpm/Index.db
-
-# set the day of last password change to empty
-sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
-
-
-#=======================================
-# Clean up after zypper if it is present
-#---------------------------------------
-if command -v zypper > /dev/null; then
-    zypper -n clean -a
-fi
-
-#=============================================
-# Clean up logs and temporary files if present
-#---------------------------------------------
-rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
-
 
 exit 0

busybox-image/images.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2025 SUSE LLC
+
+set -euo pipefail
+
+#======================================
+# Image Cleanup
+#--------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean -a
+    # drop timestamp
+    tail -n +2 /var/lib/zypp/AutoInstalled > /var/lib/zypp/AutoInstalled.new && mv /var/lib/zypp/AutoInstalled.new /var/lib/zypp/AutoInstalled
+else
+    # it does not make sense in a zypper-free image
+    rm -vrf /var/lib/zypp/AutoInstalled
+    rm -vrf /usr/lib/sysimage/rpm/Index.db
+fi
+
+# set the day of last password change to empty
+# prefer sed if available
+if command -v sed > /dev/null; then
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /etc/shadow
+else
+    while IFS=: read -r username password last_change min_age max_age warn inactive expire reserved; do
+        echo "$username:$password::$min_age:$max_age:$warn:$inactive:$expire:$reserved" >> /etc/shadow.new
+    done < /etc/shadow
+    mv /etc/shadow.new /etc/shadow
+    chmod 640 /etc/shadow
+fi
+
+# remove logs and temporary files
+rm -vrf /var/log/alternatives.log
+rm -vrf /var/log/lastlog
+rm -vrf /var/log/tallylog
+rm -vrf /var/log/zypper.log
+rm -vrf /var/log/zypp/history
+rm -vrf /var/log/YaST2
+rm -vrf /var/lib/zypp/AnonymousUniqueId
+rm -vrf /var/cache/zypp/*
+rm -vrf /run/*
+rm -vrf /etc/shadow-
+rm -vrf /etc/group-
+rm -vrf /etc/passwd-
+rm -vrf /etc/.pwd.lock
+rm -vrf /usr/lib/sysimage/rpm/.rpm.lock
+rm -vrf /var/cache/ldconfig/aux-cache
+
+
+exit 0

cdi-image/Dockerfile.apiserver

@@ -35,18 +35,28 @@ RUN set -euo pipefail; \
     cut -d '.' -f -3)" = "1.60.1" ]
 RUN set -euo pipefail; useradd -u 1001 --create-home -s /bin/bash cdi-apiserver
 
-
-# cleanup logs and temporary files
+# image cleanup
 RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
-    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
+    rm -vrf /target/var/log/alternatives.log; \
+    rm -vrf /target/var/log/lastlog; \
+    rm -vrf /target/var/log/tallylog; \
+    rm -vrf /target/var/log/zypper.log; \
+    rm -vrf /target/var/log/zypp/history; \
+    rm -vrf /target/var/log/YaST2; \
+    rm -vrf /target/var/lib/zypp/AnonymousUniqueId; \
+    rm -vrf /target/var/cache/zypp/*; \
+    rm -vrf /target/run/*; \
+    rm -vrf /target/etc/shadow-; \
+    rm -vrf /target/etc/group-; \
+    rm -vrf /target/etc/passwd-; \
+    rm -vrf /target/etc/.pwd.lock; \
+    rm -vrf /target/usr/lib/sysimage/rpm/.rpm.lock; \
+    rm -vrf /target/var/cache/ldconfig/aux-cache; \
+    rm -vrf /target/var/lib/zypp/AutoInstalled; \
+    rm -vrf /target/usr/lib/sysimage/rpm/Index.db; \
+    [ -f /var/lib/zypp/AutoInstalled ] && sed -i '1d' /var/lib/zypp/AutoInstalled; \
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
 
-# set the day of last password change to empty
-RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
 FROM registry.suse.com/bci/bci-micro:16.0
 COPY --from=builder /target /
 # Define labels according to https://en.opensuse.org/Building_derived_containers

cdi-image/Dockerfile.cloner

@@ -35,18 +35,28 @@ RUN set -euo pipefail; \
     cut -d '.' -f -3)" = "1.60.1" ]
 RUN set -euo pipefail; useradd -u 1001 --create-home -s /bin/bash cdi-cloner
 
-
-# cleanup logs and temporary files
+# image cleanup
 RUN set -euo pipefail; zypper -n --installroot /target clean -a; \
-    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; \
-    rm -rf {/target,}/run/*; \
-    rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
-    rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
-    rm -f {/target,}/var/cache/ldconfig/aux-cache; \
-    command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
+    rm -vrf /target/var/log/alternatives.log; \
+    rm -vrf /target/var/log/lastlog; \
+    rm -vrf /target/var/log/tallylog; \
+    rm -vrf /target/var/log/zypper.log; \
+    rm -vrf /target/var/log/zypp/history; \
+    rm -vrf /target/var/log/YaST2; \
+    rm -vrf /target/var/lib/zypp/AnonymousUniqueId; \
+    rm -vrf /target/var/cache/zypp/*; \
+    rm -vrf /target/run/*; \
+    rm -vrf /target/etc/shadow-; \
+    rm -vrf /target/etc/group-; \
+    rm -vrf /target/etc/passwd-; \
+    rm -vrf /target/etc/.pwd.lock; \
+    rm -vrf /target/usr/lib/sysimage/rpm/.rpm.lock; \
+    rm -vrf /target/var/cache/ldconfig/aux-cache; \
+    rm -vrf /target/var/lib/zypp/AutoInstalled; \
+    rm -vrf /target/usr/lib/sysimage/rpm/Index.db; \
+    [ -f /var/lib/zypp/AutoInstalled ] && sed -i '1d' /var/lib/zypp/AutoInstalled; \
+    sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
 
-# set the day of last password change to empty
-RUN set -euo pipefail; sed -i 's/^\([^:]*:[^:]*:\)[^:]*\(:.*\)$/\1\2/' /target/etc/shadow
 FROM registry.suse.com/bci/bci-micro:16.0
 COPY --from=builder /target /
 # Define labels according to https://en.opensuse.org/Building_derived_containers