Initial Commit

2024-12-15 05:41:23 +07:00 · 2024-12-15 05:41:23 +07:00 · 413ab7f1c9
commit 413ab7f1c9
4 changed files with 236 additions and 0 deletions
--- a/.gitea/workflows/almalinux9.yaml
+++ b/.gitea/workflows/almalinux9.yaml
@ -0,0 +1,68 @@
+name: Build and push Almalinux 9 to docker.io
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build almalinux base container images
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Login to docker.io
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to git.winteraccess.id
+        with:
+          registry: git.winteraccess.id
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push almalinux9
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          context: .
+          file: ./9/Dockerfile.default
+          build-args: |
+            ALMALINUX_VERSION=9.5
+          tags: |
+            ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5
+            ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9
+            ${{ vars.DOCKERHUB_USERNAME }}/almalinux:latest
+            git.winteraccess.id/almalinux:9.5
+            git.winteraccess.id/almalinux:9
+            git.winteraccess.id/almalinux:latest
+      - name: Build and push almalinux9-micro
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          context: .
+          file: ./9/Dockerfile.micro
+          build-args: |
+            ALMALINUX_VERSION=9.5
+          tags: |
+            ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5-micro
+            ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9-micro
+            git.winteraccess.id/almalinux:9.5-micro
+            git.winteraccess.id/almalinux:9-micro
+      - name: Scan almalinux9 image with Trivy
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: '${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+      - name: Scan almalinux9-micro image with Trivy
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: '${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5-micro'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
--- a/9/Dockerfile.default
+++ b/9/Dockerfile.default
@ -0,0 +1,108 @@
+ARG ALMALINUX_VERSION=9.5
+
+FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+
+# Prepare temporary rootfs
+RUN mkdir -p /mnt/rootfs
+
+# Install almalinux-release and import GPG Key
+RUN \
+    dnf -y install --installroot /mnt/rootfs \
+        almalinux-release \
+        bash \
+        epel-release \
+        coreutils-single \
+        crypto-policies-scripts \
+        curl-minimal \
+        findutils \
+        glibc-minimal-langpack \
+        gzip \
+        libcurl-minimal \
+        rootfiles \
+        systemd \
+        tar \
+        usermode \
+        vim-minimal \
+        virt-what \
+        yum \
+        xz \
+        --releasever 9 --setopt install_weak_deps=false --nodocs; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+        --installroot /mnt/rootfs \
+        --releasever 9 \
+        --setopt install_weak_deps=false \
+        --nodocs \
+        krb5-libs ; \
+    dnf --installroot /mnt/rootfs clean all;
+
+# Additional hacks for kickstart file and backward compatable support   /mnt/rootfs/var/lib/dnf/history*
+RUN rm -rf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* /mnt/rootfs/usr/share/i18n/charmaps /mnt/rootfs/usr/share/i18n/locales ; \
+    rm -rf /mnt/rootfs/var/cache/dnf/* /mnt/rootfs/var/lib/dnf/repos /mnt/rootfs/boot /mnt/rootfs/dev/null ; \
+    rm -rf /mnt/rootfs/var/log/hawkey.log /mnt/rootfs/var/log/*  ; \
+    mkdir -p /mnt/rootfs/run/lock; \
+    /bin/date +%Y%m%d_%H%M > /mnt/rootfs/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/rootfs/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/rootfs/etc/locale.conf; \
+    echo 'container' > /mnt/rootfs/etc/dnf/vars/infra; \
+    touch /mnt/rootfs/etc/.pwd.lock; \
+    chmod 600 /mnt/rootfs/etc/.pwd.lock; \
+    touch /mnt/rootfs/run/utmp ;\
+    chmod 664 /mnt/rootfs/run/utmp ;\
+    echo '0.000000 1728971976 0.000000' > /mnt/rootfs/etc/adjtime; \
+    echo '1728971976' >> /mnt/rootfs/etc/adjtime; \
+    echo 'LOCAL' >> /mnt/rootfs/etc/adjtime; \
+    # echo '# This file has been generated by the Anaconda Installer.' > /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \
+    rm -rf /mnt/rootfs/usr/share/locale/en_US@piglati* /mnt/rootfs/run/blkid /mnt/rootfs/var/cache/dnf/.gpgkeyschecked.yum ; \
+    rm -f /mnt/rootfs/etc/machine-id; \
+    touch /mnt/rootfs/etc/machine-id; \
+    touch /mnt/rootfs/etc/resolv.conf; \
+    touch /mnt/rootfs/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/rootfs/var/cache/private /mnt/rootfs/var/lib/private /mnt/rootfs/var/lib/systemd/coredump /mnt/rootfs/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/rootfs/run/cryptsetup /mnt/rootfs/run/lock/subsys /mnt/rootfs/run/log /mnt/rootfs/run/user /mnt/rootfs/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/rootfs/run/systemd/ask-password /mnt/rootfs/run/systemd/machines /mnt/rootfs/run/systemd/seats /mnt/rootfs/run/systemd/sessions /mnt/rootfs/run/systemd/shutdown /mnt/rootfs/run/systemd/users ;\
+    chmod 700 /mnt/rootfs/var/cache/private ; \
+    chmod 700 /mnt/rootfs/var/lib/private ; \
+    chmod 700 /mnt/rootfs/run/cryptsetup ; \
+    groupadd -R '/mnt/rootfs/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/rootfs/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/rootfs/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/rootfs/etc/group- ; \
+    sed -i "/sgx/d" /mnt/rootfs/etc/gshadow- ; \
+    cd /mnt/rootfs/etc ; \
+    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime;
+
+FROM scratch AS stage2
+
+COPY --from=builder /mnt/rootfs /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+
+LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
+LABEL name="almalinux"
+LABEL version="${ALMALINUX_VERSION}"
+LABEL distribution-scope="public"
+
+#labels for container catalog
+LABEL summary="Almalinux 9 container image"
+LABEL description="Provide latest release of Almalinux 9 container image"
+LABEL io.k8s.description="Almalinux 9"
+LABEL io.k8s.display-name="Almalinux 9"
+
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
--- a/9/Dockerfile.micro
+++ b/9/Dockerfile.micro
@ -0,0 +1,52 @@
+ARG ALMALINUX_VERSION=9.5
+
+FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+
+RUN mkdir -p /mnt/rootfs; \
+    dnf install --installroot /mnt/rootfs \
+        coreutils-single \
+        glibc-minimal-langpack \
+        --releasever 9 --setopt install_weak_deps=false --nodocs -y; \
+    dnf --installroot /mnt/rootfs clean all;
+
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/rootfs/var/cache/dnf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/lib/dnf /mnt/rootfs/var/log/yum.* /mnt/rootfs/var/lib/rpm/* ; \
+    /bin/date +%Y%m%d_%H%M > /mnt/rootfs/etc/BUILDTIME ;  \
+    echo '%_install_langs C.utf8' > /mnt/rootfs/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/rootfs/etc/locale.conf; \
+    echo 'container' > /mnt/rootfs/etc/dnf/vars/infra; \
+    rm -f /mnt/rootfs/etc/machine-id; \
+    touch /mnt/rootfs/etc/machine-id; \
+    touch /mnt/rootfs/etc/resolv.conf; \
+    touch /mnt/rootfs/etc/hostname; \
+    touch /mnt/rootfs/etc/.pwd.lock; \
+    chmod 600 /mnt/rootfs/etc/.pwd.lock; \
+    rm -rf /mnt/rootfs/usr/share/locale/en* /mnt/rootfs/boot /mnt/rootfs/dev/null /mnt/rootfs/var/log/hawkey.log ; \
+    echo '0.000000 1728971976 0.000000' > /mnt/rootfs/etc/adjtime; \
+    echo '1728971976' >> /mnt/rootfs/etc/adjtime; \
+    echo 'LOCAL' >> /mnt/rootfs/etc/adjtime; \
+    # echo '# This file has been generated by the Anaconda Installer.' > /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \
+    mkdir -p /mnt/rootfs/run/lock; \
+    cd /mnt/rootfs/etc ; \
+    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime
+
+FROM scratch
+
+LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
+LABEL name="almalinux-micro"
+LABEL version="${ALMALINUX_VERSION}"
+LABEL distribution-scope="public"
+
+#labels for container catalog
+LABEL summary="Almalinux 9 micro container image"
+LABEL description="Provide latest release of micro Almalinux 9 container base image"
+LABEL io.k8s.description="Very small almalinux 9 based image which doesn't install package manager"
+LABEL io.k8s.display-name="Almalinux 9 Micro"
+
+COPY --from=builder /mnt/rootfs/ /
+
+CMD ["/bin/sh"]
--- a/README.md
+++ b/README.md
@ -0,0 +1,8 @@
+# Almalinux Container Images
+
+Built with buildah, contains preinstalled epel-release and timezone changed to Asia/Jakarta
+
+Build:
+
+Base
+Micro