Generate the bci-base container via dockerfile generator as well

Author: dirkmueller

src/bci_build/package/__init__.py

@@ -199,6 +199,10 @@ def is_sle15(self) -> bool:
             OsVersion.SP7.value,
         )
 
+    @property
+    def is_ltss(self) -> bool:
+        return self in ALL_OS_LTSS_VERSIONS
+
     @property
     def is_tumbleweed(self) -> bool:
         return self.value == OsVersion.TUMBLEWEED.value
@@ -1005,6 +1009,9 @@ def pkg_filter_func(p: str | Package) -> bool:
 
             return pkg_filter_func
 
+        def pkg_listing_func(pkg: Package) -> str:
+            return f'<package name="{pkg}"/>'
+
         PKG_TYPES = (
             PackageType.DELETE,
             PackageType.BOOTSTRAP,
@@ -1025,8 +1032,7 @@ def pkg_filter_func(p: str | Package) -> bool:
                 res += (
                     f"""  <packages type="{pkg_type}">
     """
-                    + """
-    """.join(f'<package name="{pkg}"/>' for pkg in pkg_list)
+                    + "\n    ".join(pkg_listing_func(pkg) for pkg in pkg_list)
                     + """
   </packages>
 """
@@ -1539,8 +1545,20 @@ def image_type(self) -> ImageType:
 
     @property
     def build_tags(self) -> list[str]:
-        tags = []
-        for name in [self.name] + self.additional_names:
+        tags: list[str] = []
+        tagnames: list[str] = [self.name] + self.additional_names
+        # super ugly special case hack for SLE15 base image
+        # the SLE15 base container is published as suse/sle15 and as bci/bci-base at the
+        # same time. We have no logic to publish anything outside the bci/ namespace so
+        # we need to special case this here and set the main tag to suse/sle15 and
+        # add bci/bci-base as additional one.
+        if self.os_version.is_sle15 and self.name == "base":
+            tags.extend(
+                ("suse/sle15:%OS_VERSION_ID_SP%", f"suse/sle15:{self.version_label}")
+            )
+            tagnames = self.additional_names
+
+        for name in tagnames:
             tags += [
                 f"{self._registry_prefix}/bci-{name}:%OS_VERSION_ID_SP%",
                 f"{self._registry_prefix}/bci-{name}:{self.version_label}",
@@ -1586,7 +1604,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 from .appcontainers import THREE_EIGHT_NINE_DS_CONTAINERS  # noqa: E402
 from .appcontainers import TOMCAT_CONTAINERS  # noqa: E402
 from .appcontainers import TRIVY_CONTAINERS  # noqa: E402
-from .basalt_base import BASALT_BASE  # noqa: E402
+from .base import BASE_CONTAINERS  # noqa: E402
 from .basecontainers import BUSYBOX_CONTAINERS  # noqa: E402
 from .basecontainers import FIPS_BASE_CONTAINERS  # noqa: E402
 from .basecontainers import GITEA_RUNNER_CONTAINER  # noqa: E402
@@ -1613,7 +1631,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 ALL_CONTAINER_IMAGE_NAMES: dict[str, BaseContainerImage] = {
     f"{bci.uid}-{bci.os_version.pretty_print.lower()}": bci
     for bci in (
-        BASALT_BASE,
+        *BASE_CONTAINERS,
         PYTHON_3_12_CONTAINERS,
         *PYTHON_3_6_CONTAINERS,
         *PYTHON_3_11_CONTAINERS,

src/bci_build/package/basalt_base.py

@@ -0,0 +1,169 @@
+"""The base container image is the base image with zypper included."""
+
+import textwrap
+from pathlib import Path
+
+from bci_build.package import ALL_BASE_OS_VERSIONS
+from bci_build.package import CAN_BE_LATEST_OS_VERSION
+from bci_build.package import BuildType
+from bci_build.package import OsContainer
+from bci_build.package import OsVersion
+from bci_build.package import Package
+from bci_build.package import PackageType
+from bci_build.package import SupportLevel
+
+
+def _get_base_config_sh_script(os_version: OsVersion) -> str:
+    return textwrap.dedent(
+        r"""
+echo "Configure image: [$kiwi_iname]..."
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+#======================================
+# Import repositories' keys
+#--------------------------------------
+suseImportBuildKey
+
+
+# don't have duplicate licenses of the same type
+jdupes -1 -L -r /usr/share/licenses
+
+zypper --non-interactive rm -u jdupes
+
+# Not needed, but neither rpm nor libzypp handle rpmlib(X-CheckUnifiedSystemdir) yet
+# which would avoid it being installed by filesystem package
+rpm -q compat-usrmerge-tools && rpm -e compat-usrmerge-tools
+
+#======================================
+# Disable recommends
+#--------------------------------------
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+
+#======================================
+# Exclude docs installation
+#--------------------------------------
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+
+#======================================
+# Configure SLE BCI repositories
+#--------------------------------------
+zypper -n ar --refresh --gpgcheck --priority 100 --enable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product/' SLE_BCI
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_debug/' SLE_BCI_debug
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_source/' SLE_BCI_source
+
+#======================================
+# Remove locale files
+#--------------------------------------
+shopt -s globstar
+rm -f /usr/share/locale/**/*.mo
+
+#======================================
+# Remove zypp uuid (bsc#1098535)
+#--------------------------------------
+rm -f /var/lib/zypp/AnonymousUniqueId
+
+#==========================================
+# Clean up log files
+#------------------------------------------
+# Remove various log files. Although possible to just rm -rf /var/log/*, that
+# would also remove some package owned directories (not %ghost) and some files
+# are actually wanted, like lastlog in the !docker case.
+# For those wondering about YaST2 here: Kiwi writes /etc/hosts, so the version
+# from the netcfg package ends up as /etc/hosts.rpmnew, which zypper writes a
+# letter about to /var/log/YaST2/config_diff_2022_03_06.log. Kiwi fixes this,
+# but the log file remains.
+rm -rf /var/log/{zypper.log,zypp/history,YaST2}
+
+# Remove the entire zypper cache content (not the dir itself, owned by libzypp)
+rm -rf /var/cache/zypp/*
+
+#==========================================
+# Hack! The go container management tools can't handle sparse files:
+# https://github.com/golang/go/issues/13548
+# If lastlog doesn't exist, useradd doesn't attempt to reserve space,
+# also in derived containers.
+#------------------------------------------
+rm -f /var/log/lastlog
+
+#======================================
+# Remove locale files
+#--------------------------------------
+find /usr/share/locale -name '*.mo' -delete
+"""
+    )
+
+
+def _get_base_kwargs(os_version: OsVersion) -> dict:
+    package_name: str = "base-image"
+    if os_version.is_ltss:
+        package_name = "sles15-ltss-image"
+    elif os_version.is_sle15:
+        package_name = "sles15-image"
+
+    additional_names: list[str] = []
+
+    if os_version.is_sle15 and not os_version.is_ltss:
+        additional_names.append("base")
+
+    return {
+        "name": "base",
+        "pretty_name": "%OS_VERSION_NO_DASH% Base",
+        "package_name": package_name,
+        "additional_names": additional_names,
+        "custom_description": "Image for containers based on %OS_PRETTY_NAME%.",
+        "logo_url": "https://opensource.suse.com/bci/SLE_BCI_logomark_green.svg",
+        "build_recipe_type": BuildType.KIWI,
+        "from_image": None,
+        "os_version": os_version,
+        "support_level": SupportLevel.L3,
+        # latest tag is injected in a special way for base images in prjconf
+        # "is_latest": os_version in CAN_BE_LATEST_OS_VERSION,
+        "extra_files": {
+            "LICENSE": (Path(__file__).parent / "base" / "LICENSE").read_text(),
+        },
+        "package_list": [
+            Package(name=pkg_name, pkg_type=PackageType.IMAGE)
+            for pkg_name in (
+                "bash",
+                "ca-certificates-mozilla",
+                "container-suseconnect",
+                "coreutils",
+                "curl",
+                "gzip",
+                "netcfg",
+                "skelcd-EULA-bci",
+                "sle-module-basesystem-release",
+                "sle-module-server-applications-release",
+                "sle-module-python3-release",
+                "suse-build-key",
+                "tar",
+                "timezone",
+            )
+        ]
+        + [
+            Package(name=pkg_name, pkg_type=PackageType.BOOTSTRAP)
+            for pkg_name in (
+                "aaa_base",
+                "cracklib-dict-small",
+                "filesystem",
+                "jdupes",
+                "kubic-locale-archive",
+                "patterns-base-fips",
+                "patterns-base-minimal_base",
+                "rpm-ndb",
+                "shadow",
+                "sles-release",
+                "zypper",
+            )
+        ],
+        "config_sh_script": _get_base_config_sh_script(os_version),
+    }
+
+
+BASE_CONTAINERS = [
+    OsContainer(**_get_base_kwargs(os_ver)) for os_ver in ALL_BASE_OS_VERSIONS
+]

src/bci_build/package/base.py

@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/bci_build/package/base/LICENSE

@@ -0,0 +1,30 @@
+# {{ image.title }}
+{% include 'badges.j2' %}
+
+## Description
+
+SUSE Linux Enterprise Base Container Images (SLE BCI) provide truly open,
+flexible, and secure container images and application development tools. The
+images consist of container environments based on SUSE Linux Enterprise and
+designed to be a secure base for any containerized workload.
+
+SLE BCI is freely available, re-distributable, and supported across many
+different environments. These templates and tools address modern, containerized
+application development and CI/CD application containerization.  They can be
+used immediately by developers and integrators without the “lock-in” imposed by
+other offerings.
+
+SLE BCI inherits industry-leading security and compliance from SUSE Linux
+within your container build process. The container images are designed to be a
+secure base for any application workload. SUSE ensures that compliance
+standards are applied consistently and continuously improves security-related
+capabilities.
+
+SLE BCI is lightweight and easy to adopt, with the ability to run with any
+Linux OS. Avoid lock-in imposed by other vendors and get exactly what you need,
+fast. SLE BCI delivers a flexible developer experience that accounts for,
+integrates with, and supports language-native tools and workflows.
+
+## Usage
+
+{% include 'licensing_and_eula.j2' %}

src/bci_build/package/base/README.md.j2

@@ -22,7 +22,6 @@
 
 _DISABLE_GETTY_AT_TTY1_SERVICE = "systemctl disable getty@tty1.service"
 
-
 MICRO_CONTAINERS = [
     OsContainer(
         name="micro",