🤖: Update build recipes for SP6

.obs/workflows.yml

@@ -13,6 +13,10 @@ staging_build:
         source_project: home:defolos:BCI:CR:SLE-15-SP6
         source_package: base-fips-image
         target_project: home:defolos:BCI:CR:SLE-15-SP6:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLE-15-SP6
+        source_package: bind-image
+        target_project: home:defolos:BCI:CR:SLE-15-SP6:Staging
     - branch_package:
         source_project: home:defolos:BCI:CR:SLE-15-SP6
         source_package: blackbox_exporter-image
@@ -263,6 +267,9 @@ refresh_devel_BCI:
     - trigger_services:
         project: devel:BCI:SLE-15-SP6
         package: base-fips-image
+    - trigger_services:
+        project: devel:BCI:SLE-15-SP6
+        package: bind-image
     - trigger_services:
         project: devel:BCI:SLE-15-SP6
         package: blackbox_exporter-image

bind-image/Dockerfile

@@ -0,0 +1,86 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2025 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+#!UseOBSRepositories
+
+#!BuildTag: suse/bind:9-%RELEASE%
+#!BuildTag: suse/bind:9
+#!BuildTag: suse/bind:%%bind_major_minor%%
+#!BuildTag: suse/bind:%%bind_major_minor_patch%%
+#!BuildTag: suse/bind:latest
+#!BuildName: suse-bind-9
+#!BuildVersion: 15.6.9
+#!BuildRelease: 35
+FROM registry.suse.com/bci/bci-base:15.6
+
+RUN set -euo pipefail; \
+    zypper -n install --no-recommends bind; \
+    zypper -n clean; \
+    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.bind
+LABEL org.opencontainers.image.authors="https://github.com/SUSE/bci/discussions"
+LABEL org.opencontainers.image.title="SLE ISC BIND 9"
+LABEL org.opencontainers.image.description="ISC BIND 9 container based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="9"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/base-container-images/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL org.opencontainers.image.ref.name="9-%RELEASE%"
+LABEL org.opensuse.reference="registry.suse.com/suse/bind:9-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.eula="sle-eula"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle#suse-linux-enterprise-server-15"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+LABEL org.opencontainers.image.base.name="%BASE_REFNAME%"
+LABEL org.opencontainers.image.base.digest="%BASE_DIGEST%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+ENV RNDC_KEYSIZE="512"
+ENV NAMED_ARGS=""
+ENV NAMED_INITIALIZE_SCRIPTS=""
+ENV NAMED_CONF="/etc/named.conf"
+
+EXPOSE 53/tcp 53/udp 953/tcp 853/tcp 443/tcp
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY healthcheck.sh /usr/local/bin/healthcheck.sh
+RUN set -euo pipefail; \
+    chmod +x /usr/local/bin/entrypoint.sh; \
+    chmod +x /usr/local/bin/healthcheck.sh;
+
+# patch named.prep to not call logger (provided by systemd)
+# and just log to stdout
+RUN set -euo pipefail; \
+    mkdir -p /usr/local/lib/bind; \
+    cp /usr/lib/bind/named.prep /usr/local/lib/bind/named.prep; \
+    sed -i -e 's|logger "Warning: \$1"|echo "Warning: \$1" >\&2|' -e '/\. \$SYSCONFIG_FILE/d' /usr/local/lib/bind/named.prep
+
+# create directories that tmpfiles.d would create for us
+RUN set -euo pipefail; \
+    mkdir -p /run/named; chown root:named /run/named; chmod 1775 /run/named; \ 
+    mkdir -p /var/lib/named; chown root:named /var/lib/named; chmod 1775 /var/lib/named; \ 
+    mkdir -p /var/lib/named/dyn; chown named:named /var/lib/named/dyn; chmod 755 /var/lib/named/dyn; \ 
+    mkdir -p /var/lib/named/master; chown named:named /var/lib/named/master; chmod 755 /var/lib/named/master; \ 
+    mkdir -p /var/lib/named/slave; chown named:named /var/lib/named/slave; chmod 755 /var/lib/named/slave; \ 
+    mkdir -p /var/log/named; chown named:named /var/log/named; chmod 750 /var/log/named;
+# create files that tmpfiles.d would create for us
+RUN set -euo pipefail; touch /var/lib/named/127.0.0.zone /var/lib/named/localhost.zone /var/lib/named/named.root.key /var/lib/named/root.hint
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+HEALTHCHECK --interval=10s --timeout=5s --retries=10 CMD ["/usr/local/bin/healthcheck.sh"]
+

bind-image/README.md

@@ -0,0 +1,88 @@
+# SLE ISC BIND 9: BIND9 Application Container
+![Support Level](https://img.shields.io/badge/Support_Level-techpreview-blue)[![SLSA](https://img.shields.io/badge/SLSA_(v1.0)-Build_L3-Green)](https://documentation.suse.com/sbp/server-linux/html/SBP-SLSA4/)
+[![Provenance: Available](https://img.shields.io/badge/Provenance-Available-Green)](https://documentation.suse.com/container/all/html/Container-guide/index.html#container-verify)
+
+## Description
+
+BIND (Berkeley Internet Name Domain) is a suite of software for interacting
+with the Domain Name System (DNS). Its core component, `named`, serves as both
+an authoritative name server for DNS zones and a recursive resolver for network
+queries.
+
+## Usage
+
+This container image provides the `named` daemon from
+SLE 15 SP6, including the default configuration that comes
+with the RPM package.
+
+When no additional parameters are specified, the container entrypoint launches `named` in the foreground mode by default:
+
+```ShellSession
+$ podman run --rm -d -p 53/udp registry.suse.com/suse/bind:9
+```
+
+### Health Check
+
+The container includes a health check script that performs a simple A-record
+lookup and verifies that a valid IPv4 address is returned.
+
+### Environment Variables
+
+The container entrypoint accepts the following environment variables:
+
+- **`NAMED_CONF`** (default: `/etc/named.conf`): Path to the configuration file
+    for `named`. See the [upstream
+    documentation](https://bind9.readthedocs.io/en/latest/chapter3.html) for
+    syntax details.
+
+- **`NAMED_CHECKCONF_BIN`** (default: `/usr/bin/named-checkconf`): Path to the
+    configuration checker binary executed before launching `named`.
+
+- **`NAMED_CHECKCONF_ARGS`** (default: empty): Arguments passed to
+    `NAMED_CHECKCONF_BIN` in the entrypoint.
+
+- **`ETC_RNDC_KEY`** (default: `/etc/rndc.key`): Location of the `rndc`
+    configuration file. If not a symlink, it is moved to `NEW_RNDC_KEY`.
+
+- **`NEW_RNDC_KEY`** (default: `/var/lib/named/rndc.key`): Target location where
+    `ETC_RNDC_KEY` is moved if it is not a symlink. If `NEW_RNDC_KEY` does not
+    exist, it is generated using `RNDC_BIN`.
+
+- **`RNDC_BIN`** (default: `/usr/sbin/rndc`): Binary used to generate the `rndc`
+    configuration file if it does not exist.
+
+- **`RNDC_KEYSIZE`** (default: `512`): Key size passed to `RNDC_BIN` for
+    generating the `rndc` configuration file.
+
+
+### Differences compared to the RPM Package
+
+The container does not use `systemd` to manage
+`named`. Instead, `named` is launched directly by the container entrypoint in
+foreground mode, with logs output to `stdout`.
+
+Moreover, environment variables from `/etc/sysconfig/named` are not sourced
+or used. You must set them explicitly using the container runtime,
+for example:
+
+```ShellSession
+$ podman run --rm -d -e RNDC_KEYSIZE=1024 registry.suse.com/suse/bind:9
+```
+
+## Additional Information
+
+For more details on BIND and `named`, refer to the [official
+documentation](https://bind9.readthedocs.io/).
+
+
+## Licensing
+
+`SPDX-License-Identifier: MIT`
+
+This documentation and the build recipe are licensed as MIT.
+The container itself contains various software components under various open source licenses listed in the associated
+Software Bill of Materials (SBOM).
+
+This image is a tech preview. Do not use it for production.
+Your feedback is welcome.
+Please report any issues to the [SUSE Bugzilla](https://bugzilla.suse.com/enter_bug.cgi?product=SUSE%20Linux%20Enterprise%20Base%20Container%20Images).

bind-image/_service

@@ -0,0 +1,16 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service mode="buildtime" name="replace_using_package_version">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%bind_major_minor%%</param>
+    <param name="package">bind</param>
+    <param name="parse-version">minor</param>
+  </service>
+  <service mode="buildtime" name="replace_using_package_version">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%bind_major_minor_patch%%</param>
+    <param name="package">bind</param>
+    <param name="parse-version">patch</param>
+  </service>
+</services>

bind-image/bind-image.changes

@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 28 13:45:43 UTC 2025 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the ISC BIND 9 BCI

bind-image/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -euo pipefail
+
+if [ $# -gt 0 ]; then
+    # launched via entrypoint.sh foo bar => execute the args
+    exec "$@"
+else
+    # mimic what named.service does
+    /usr/local/lib/bind/named.prep
+
+    exec /usr/sbin/named -u named -fg -c "${NAMED_CONF}" ${NAMED_ARGS:+ "$NAMED_ARGS"}
+fi

bind-image/healthcheck.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -euo pipefail
+
+dig @127.0.0.1 +short suse.com A|grep -E '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b'