Generate the bci-base container via dockerfile generator as well

Author: dirkmueller

src/bci_build/package/__init__.py

@@ -264,6 +264,9 @@ class Package:
     #: The name of the package
     name: str
 
+    #: Optional: The name of the package this is replacing
+    replaces: str | None = None
+
     #: The package type. This parameter is only applicable for kiwi builds and
     #: defines into which ``<packages>`` element this package is inserted.
     pkg_type: PackageType = PackageType.IMAGE
@@ -930,6 +933,11 @@ def pkg_filter_func(p: str | Package) -> bool:
 
             return pkg_filter_func
 
+        def pkg_listing_func(pkg: Package) -> str:
+            if pkg.replaces:
+                return f'<package name="{pkg}" replaces="rpm"/>'
+            return f'<package name="{pkg}"/>'
+
         PKG_TYPES = (
             PackageType.DELETE,
             PackageType.BOOTSTRAP,
@@ -950,8 +958,7 @@ def pkg_filter_func(p: str | Package) -> bool:
                 res += (
                     f"""  <packages type="{pkg_type}">
     """
-                    + """
-    """.join(f'<package name="{pkg}"/>' for pkg in pkg_list)
+                    + "\n    ".join(pkg_listing_func(pkg) for pkg in pkg_list)
                     + """
   </packages>
 """
@@ -1513,7 +1520,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 from .appcontainers import THREE_EIGHT_NINE_DS_CONTAINERS  # noqa: E402
 from .appcontainers import TOMCAT_CONTAINERS  # noqa: E402
 from .appcontainers import TRIVY_CONTAINERS  # noqa: E402
-from .basalt_base import BASALT_BASE  # noqa: E402
+from .basecontainers import BASE_CONTAINERS  # noqa: E402
 from .basecontainers import BUSYBOX_CONTAINERS  # noqa: E402
 from .basecontainers import FIPS_BASE_CONTAINERS  # noqa: E402
 from .basecontainers import GITEA_RUNNER_CONTAINER  # noqa: E402
@@ -1538,7 +1545,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 ALL_CONTAINER_IMAGE_NAMES: dict[str, BaseContainerImage] = {
     f"{bci.uid}-{bci.os_version.pretty_print.lower()}": bci
     for bci in (
-        BASALT_BASE,
+        *BASE_CONTAINERS,
         PYTHON_3_12_CONTAINERS,
         *PYTHON_3_6_CONTAINERS,
         *PYTHON_3_11_CONTAINERS,

src/bci_build/package/basalt_base.py

@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/bci_build/package/base/LICENSE

@@ -0,0 +1,30 @@
+# {{ image.title }}
+{% include 'badges.j2' %}
+
+## Description
+
+SUSE Linux Enterprise Base Container Images (SLE BCI) provide truly open,
+flexible, and secure container images and application development tools. The
+images consist of container environments based on SUSE Linux Enterprise and
+designed to be a secure base for any containerized workload.
+
+SLE BCI is freely available, re-distributable, and supported across many
+different environments. These templates and tools address modern, containerized
+application development and CI/CD application containerization.  They can be
+used immediately by developers and integrators without the “lock-in” imposed by
+other offerings.
+
+SLE BCI inherits industry-leading security and compliance from SUSE Linux
+within your container build process. The container images are designed to be a
+secure base for any application workload. SUSE ensures that compliance
+standards are applied consistently and continuously improves security-related
+capabilities.
+
+SLE BCI is lightweight and easy to adopt, with the ability to run with any
+Linux OS. Avoid lock-in imposed by other vendors and get exactly what you need,
+fast. SLE BCI delivers a flexible developer experience that accounts for,
+integrates with, and supports language-native tools and workflows.
+
+## Usage
+
+{% include 'licensing_and_eula.j2' %}

src/bci_build/package/base/README.md.j2

@@ -35,6 +35,145 @@ def _get_eula_package_names(os_version: OsVersion) -> tuple[str, ...]:
     return ("skelcd-EULA-bci",)
 
 
+def _get_base_config_sh_script(os_version: OsVersion) -> str:
+    return textwrap.dedent(
+        r"""
+echo "Configure image: [$kiwi_iname]..."
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+#======================================
+# Import repositories' keys
+#--------------------------------------
+suseImportBuildKey
+
+
+# don't have duplicate licenses of the same type
+jdupes -1 -L -r /usr/share/licenses
+
+zypper --non-interactive rm -u jdupes
+
+# Not needed, but neither rpm nor libzypp handle rpmlib(X-CheckUnifiedSystemdir) yet
+# which would avoid it being installed by filesystem package
+rpm -e compat-usrmerge-tools
+
+#======================================
+# Disable recommends
+#--------------------------------------
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+
+#======================================
+# Exclude docs installation
+#--------------------------------------
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+
+#======================================
+# Configure SLE BCI repositories
+#--------------------------------------
+zypper -n ar --refresh --gpgcheck --priority 100 --enable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product/' SLE_BCI
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_debug/' SLE_BCI_debug
+zypper -n ar --refresh --gpgcheck --priority 100 --disable 'https://updates.suse.com/SUSE/Products/SLE-BCI/$releasever_major-SP$releasever_minor/$basearch/product_source/' SLE_BCI_source
+
+#======================================
+# Remove locale files
+#--------------------------------------
+shopt -s globstar
+rm -f /usr/share/locale/**/*.mo
+
+#======================================
+# Remove zypp uuid (bsc#1098535)
+#--------------------------------------
+rm -f /var/lib/zypp/AnonymousUniqueId
+
+# Remove various log files. Although possible to just rm -rf /var/log/*, that
+# would also remove some package owned directories (not %ghost) and some files
+# are actually wanted, like lastlog in the !docker case.
+# For those wondering about YaST2 here: Kiwi writes /etc/hosts, so the version
+# from the netcfg package ends up as /etc/hosts.rpmnew, which zypper writes a
+# letter about to /var/log/YaST2/config_diff_2022_03_06.log. Kiwi fixes this,
+# but the log file remains.
+rm -rf /var/log/{zypper.log,zypp/history,YaST2}
+
+# Remove the entire zypper cache content (not the dir itself, owned by libzypp)
+rm -rf /var/cache/zypp/*
+
+#==========================================
+# Hack! The go container management tools can't handle sparse files:
+# https://github.com/golang/go/issues/13548
+# If lastlog doesn't exist, useradd doesn't attempt to reserve space,
+# also in derived containers.
+#------------------------------------------
+rm -f /var/log/lastlog
+
+#======================================
+# Remove locale files
+#--------------------------------------
+find /usr/share/locale -name '*.mo' -delete
+
+exit 0
+"""
+    )
+
+
+BASE_CONTAINERS = [
+    OsContainer(
+        name="base",
+        pretty_name="Base Container Image",
+        package_name="sles15-image" if os_ver.is_sle15 else "base-image",
+        logo_url="https://opensource.suse.com/bci/SLE_BCI_logomark_green.svg",
+        build_recipe_type=BuildType.KIWI,
+        from_image=None,
+        os_version=os_ver,
+        is_latest=True,
+        package_list=[
+            Package(name=pkg_name, pkg_type=PackageType.IMAGE)
+            for pkg_name in (
+                "bash",
+                "ca-certificates-mozilla",
+                "ca-certificates",
+                "container-suseconnect",
+                "coreutils",
+                "curl",
+                "findutils",
+                "glibc-locale-base",
+                "gzip",
+                "lsb-release",
+                "netcfg",
+                "openssl",
+                "skelcd-EULA-bci",
+                "sle-module-basesystem-release",
+                "sle-module-server-applications-release",
+                "sle-module-python3-release",
+                "suse-build-key",
+                "tar",
+                "timezone",
+            )
+        ]
+        + [
+            Package(name=pkg_name, pkg_type=PackageType.BOOTSTRAP)
+            for pkg_name in (
+                "aaa_base",
+                "cracklib-dict-small",
+                "filesystem",
+                "jdupes",
+                "kubic-locale-archive",
+                "patterns-base-fips",
+                "patterns-base-minimal_base",
+                "shadow",
+                "sles-release",
+                "zypper",
+            )
+        ]
+        + [Package(name="rpm-ndb", pkg_type=PackageType.BOOTSTRAP, replaces="rpm")],
+        config_sh_script=_get_base_config_sh_script(os_ver),
+    )
+    for os_ver in ALL_BASE_OS_VERSIONS
+]
+
+
 MICRO_CONTAINERS = [
     OsContainer(
         name="micro",