Merge pull request #1220 from SUSE/sle15_bci_container

Generate the bci-base container via dockerfile generator as well

Author: dcermak

src/bci_build/package/__init__.py

@@ -500,6 +500,10 @@ class BaseContainerImage(abc.ABC):
     #: If not set, then the build type will default to docker from SP4 onwards.
     build_recipe_type: BuildType | None = None
 
+    #: Define packages that should be ignored by kiwi in the creation of the
+    #: final container image even if dependencies would otherwise pull them in.
+    kiwi_ignore_packages: list[str] | None = None
+
     #: A license string to be placed in a comment at the top of the Dockerfile
     #: or kiwi build description file.
     license: str = "MIT"
@@ -924,6 +928,9 @@ def pkg_filter_func(p: str | Package) -> bool:
 
             return pkg_filter_func
 
+        def pkg_listing_func(pkg: Package) -> str:
+            return f'<package name="{pkg}"/>'
+
         PKG_TYPES = (
             PackageType.DELETE,
             PackageType.BOOTSTRAP,
@@ -944,8 +951,7 @@ def pkg_filter_func(p: str | Package) -> bool:
                 res += (
                     f"""  <packages type="{pkg_type}">
     """
-                    + """
-    """.join(f'<package name="{pkg}"/>' for pkg in pkg_list)
+                    + "\n    ".join(pkg_listing_func(pkg) for pkg in pkg_list)
                     + """
   </packages>
 """
@@ -1178,10 +1184,12 @@ def kiwi_additional_tags(self) -> str | None:
         the image itself.
 
         """
-        extra_tags = []
-        for buildtag in self.build_tags[1:]:
+        extra_tags: list[str] = []
+        all_tags = self.build_tags
+        first_path = all_tags[0].partition(":")[0]
+        for buildtag in all_tags[1:]:
             path, tag = buildtag.split(":")
-            if path.endswith(self.name):
+            if path.endswith(first_path):
                 extra_tags.append(tag)
 
         return ",".join(extra_tags) if extra_tags else None
@@ -1475,7 +1483,8 @@ def image_type(self) -> ImageType:
 
     @property
     def build_tags(self) -> list[str]:
-        tags = []
+        tags: list[str] = []
+
         for name in [self.name] + self.additional_names:
             tags += [
                 f"{self._registry_prefix}/bci-{name}:%OS_VERSION_ID_SP%",
@@ -1522,7 +1531,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 from .appcontainers import REGISTRY_CONTAINERS  # noqa: E402
 from .appcontainers import THREE_EIGHT_NINE_DS_CONTAINERS  # noqa: E402
 from .appcontainers import TRIVY_CONTAINERS  # noqa: E402
-from .basalt_base import BASALT_BASE  # noqa: E402
+from .base import BASE_CONTAINERS  # noqa: E402
 from .basecontainers import BUSYBOX_CONTAINERS  # noqa: E402
 from .basecontainers import FIPS_BASE_CONTAINERS  # noqa: E402
 from .basecontainers import GITEA_RUNNER_CONTAINER  # noqa: E402
@@ -1550,7 +1559,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 ALL_CONTAINER_IMAGE_NAMES: dict[str, BaseContainerImage] = {
     f"{bci.uid}-{bci.os_version.pretty_print.lower()}": bci
     for bci in (
-        BASALT_BASE,
+        *BASE_CONTAINERS,
         PYTHON_3_12_CONTAINERS,
         *PYTHON_3_6_CONTAINERS,
         *PYTHON_3_11_CONTAINERS,

src/bci_build/package/basalt_base.py

@@ -0,0 +1,185 @@
+"""The base container image is the base image with zypper included."""
+
+from dataclasses import dataclass
+from pathlib import Path
+
+from jinja2 import Template
+
+from bci_build.package import Arch
+from bci_build.package import BuildType
+from bci_build.package import OsContainer
+from bci_build.package import OsVersion
+from bci_build.package import Package
+from bci_build.package import PackageType
+from bci_build.package import SupportLevel
+
+
+def _get_base_config_sh_script(os_version: OsVersion) -> str:
+    return Template(
+        r"""
+echo "Configure image: [$kiwi_iname]..."
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+# don't have duplicate licenses of the same type
+jdupes -1 -L -r /usr/share/licenses
+
+{% if os_version.is_tumbleweed -%}
+#======================================
+# Add repos from control.xml
+#--------------------------------------
+add-yast-repos
+zypper --non-interactive rm -u live-add-yast-repos jdupes
+{% else -%}
+zypper --non-interactive rm -u jdupes
+{% endif %}
+
+# Not needed, but neither rpm nor libzypp handle rpmlib(X-CheckUnifiedSystemdir) yet
+# which would avoid it being installed by filesystem package
+rpm -q compat-usrmerge-tools && rpm -e compat-usrmerge-tools
+
+#======================================
+# Disable recommends
+#--------------------------------------
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+
+#======================================
+# Exclude docs installation
+#--------------------------------------
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+
+{% if os_version.is_sle15 and not os_version.is_ltss -%}
+#======================================
+# Configure SLE BCI repositories
+#--------------------------------------
+zypper -n ar --refresh --gpgcheck --priority 100 --enable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product/' SLE_BCI
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_debug/' SLE_BCI_debug
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_source/' SLE_BCI_source
+{%- endif %}
+
+#======================================
+# Remove zypp uuid (bsc#1098535)
+#--------------------------------------
+rm -f /var/lib/zypp/AnonymousUniqueId
+
+# Remove the entire zypper cache content (not the dir itself, owned by libzypp)
+rm -rf /var/cache/zypp/*
+
+{% if os_version.is_tumbleweed -%}
+# Assign a fixed architecture in zypp.conf, to use the container's arch even if
+# the host arch differs (e.g. docker with --platform doesn't affect uname)
+arch=$(rpm -q --qf %{arch} glibc)
+if [ "$arch" = "i586" ] || [ "$arch" = "i686" ]; then
+    sed -i "s/^# arch =.*\$/arch = i686/" /etc/zypp/zypp.conf
+    # Verify that it's applied
+    grep -q '^arch =' /etc/zypp/zypp.conf
+fi
+{%- endif -%}
+
+#==========================================
+# Hack! The go container management tools can't handle sparse files:
+# https://github.com/golang/go/issues/13548
+# If lastlog doesn't exist, useradd doesn't attempt to reserve space,
+# also in derived containers.
+#------------------------------------------
+rm -f /var/log/lastlog
+
+#======================================
+# Remove locale files
+#--------------------------------------
+(shopt -s globstar; rm -f /usr/share/locale/**/*.mo)
+"""
+    ).render(os_version=os_version)
+
+
+@dataclass
+class Sles15Image(OsContainer):
+    @property
+    def build_tags(self) -> list[str]:
+        tags: list[str] = []
+        if self.os_version.is_sle15:
+            tags.extend(
+                ("suse/sle15:%OS_VERSION_ID_SP%", f"suse/sle15:{self.version_label}")
+            )
+        tags += super().build_tags
+        return tags
+
+
+def _get_base_kwargs(os_version: OsVersion) -> dict:
+    package_name: str = "base-image"
+    if os_version.is_ltss:
+        package_name = "sles15-ltss-image"
+    elif os_version.is_sle15:
+        package_name = "sles15-image"
+
+    return {
+        "name": "base",
+        "pretty_name": "%OS_VERSION_NO_DASH% Base",
+        "package_name": package_name,
+        "custom_description": "Image for containers based on %OS_PRETTY_NAME%.",
+        "logo_url": "https://opensource.suse.com/bci/SLE_BCI_logomark_green.svg",
+        "build_recipe_type": BuildType.KIWI,
+        "from_image": None,
+        "os_version": os_version,
+        "support_level": SupportLevel.L3,
+        # we need to exclude i586 and other ports arches from building base images
+        "exclusive_arch": [Arch.AARCH64, Arch.X86_64, Arch.PPC64LE, Arch.S390X],
+        "kiwi_ignore_packages": ["rpm"] if os_version.is_sle15 else [],
+        # latest tag is injected in a special way for base images in prjconf
+        # "is_latest": os_version in CAN_BE_LATEST_OS_VERSION,
+        "extra_files": {
+            "LICENSE": (Path(__file__).parent / "base" / "LICENSE").read_text(),
+        },
+        "package_list": [
+            Package(name=pkg_name, pkg_type=PackageType.IMAGE)
+            for pkg_name in (
+                "bash",
+                "ca-certificates-mozilla",
+                "container-suseconnect",
+                "coreutils",
+                "curl",
+                "gzip",
+                "netcfg",
+                "skelcd-EULA-bci",
+                "sle-module-basesystem-release",
+                "sle-module-server-applications-release",
+                "sle-module-python3-release",
+                "suse-build-key",
+                "tar",
+                "timezone",
+            )
+        ]
+        + [
+            Package(name=pkg_name, pkg_type=PackageType.BOOTSTRAP)
+            for pkg_name in sorted(
+                [
+                    "aaa_base",
+                    "cracklib-dict-small",
+                    "filesystem",
+                    "jdupes",
+                    "kubic-locale-archive",
+                    "patterns-base-fips",
+                    "rpm-ndb",
+                    "shadow",
+                    "sles-release",
+                    "zypper",
+                ]
+                + (
+                    ["patterns-base-minimal_base"]
+                    if os_version not in (OsVersion.SP5,)
+                    else []
+                )
+            )
+        ],
+        "config_sh_script": _get_base_config_sh_script(os_version),
+        "_min_release_counter": 40,
+    }
+
+
+# TODO merge in tumbleweed changes and switch to ALL_BASE_OS_VERSIONS
+BASE_CONTAINERS = [
+    Sles15Image(**_get_base_kwargs(os_ver)) for os_ver in (OsVersion.SP6,)
+]

src/bci_build/package/base.py

@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.