commit 413ab7f1c9b0bdc0b16a386f005d06f4e1565c10 Author: Muhamad Aditya Prima Date: Sun Dec 15 05:41:23 2024 +0700 Initial Commit diff --git a/.gitea/workflows/almalinux9.yaml b/.gitea/workflows/almalinux9.yaml new file mode 100644 index 0000000..6929860 --- /dev/null +++ b/.gitea/workflows/almalinux9.yaml @@ -0,0 +1,68 @@ +name: Build and push Almalinux 9 to docker.io + +on: + push: + branches: + - master + +jobs: + build: + name: Build almalinux base container images + runs-on: ubuntu-latest + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Login to docker.io + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to git.winteraccess.id + with: + registry: git.winteraccess.id + username: ${{ vars.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_TOKEN }} + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push almalinux9 + with: + platforms: linux/amd64,linux/arm64 + push: true + context: . + file: ./9/Dockerfile.default + build-args: | + ALMALINUX_VERSION=9.5 + tags: | + ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5 + ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9 + ${{ vars.DOCKERHUB_USERNAME }}/almalinux:latest + git.winteraccess.id/almalinux:9.5 + git.winteraccess.id/almalinux:9 + git.winteraccess.id/almalinux:latest + - name: Build and push almalinux9-micro + with: + platforms: linux/amd64,linux/arm64 + push: true + context: . + file: ./9/Dockerfile.micro + build-args: | + ALMALINUX_VERSION=9.5 + tags: | + ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5-micro + ${{ vars.DOCKERHUB_USERNAME }}/almalinux:9-micro + git.winteraccess.id/almalinux:9.5-micro + git.winteraccess.id/almalinux:9-micro + - name: Scan almalinux9 image with Trivy + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: '${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5' + format: 'sarif' + output: 'trivy-results.sarif' + - name: Scan almalinux9-micro image with Trivy + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: '${{ vars.DOCKERHUB_USERNAME }}/almalinux:9.5-micro' + format: 'sarif' + output: 'trivy-results.sarif' diff --git a/9/Dockerfile.default b/9/Dockerfile.default new file mode 100644 index 0000000..f7c79af --- /dev/null +++ b/9/Dockerfile.default @@ -0,0 +1,108 @@ +ARG ALMALINUX_VERSION=9.5 + +FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder + +# Prepare temporary rootfs +RUN mkdir -p /mnt/rootfs + +# Install almalinux-release and import GPG Key +RUN \ + dnf -y install --installroot /mnt/rootfs \ + almalinux-release \ + bash \ + epel-release \ + coreutils-single \ + crypto-policies-scripts \ + curl-minimal \ + findutils \ + glibc-minimal-langpack \ + gzip \ + libcurl-minimal \ + rootfiles \ + systemd \ + tar \ + usermode \ + vim-minimal \ + virt-what \ + yum \ + xz \ + --releasever 9 --setopt install_weak_deps=false --nodocs; \ + echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\ + dnf reinstall -y \ + --installroot /mnt/rootfs \ + --releasever 9 \ + --setopt install_weak_deps=false \ + --nodocs \ + krb5-libs ; \ + dnf --installroot /mnt/rootfs clean all; + +# Additional hacks for kickstart file and backward compatable support /mnt/rootfs/var/lib/dnf/history* +RUN rm -rf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* /mnt/rootfs/usr/share/i18n/charmaps /mnt/rootfs/usr/share/i18n/locales ; \ + rm -rf /mnt/rootfs/var/cache/dnf/* /mnt/rootfs/var/lib/dnf/repos /mnt/rootfs/boot /mnt/rootfs/dev/null ; \ + rm -rf /mnt/rootfs/var/log/hawkey.log /mnt/rootfs/var/log/* ; \ + mkdir -p /mnt/rootfs/run/lock; \ + /bin/date +%Y%m%d_%H%M > /mnt/rootfs/etc/BUILDTIME; \ + echo '%_install_langs C.utf8' > /mnt/rootfs/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/rootfs/etc/locale.conf; \ + echo 'container' > /mnt/rootfs/etc/dnf/vars/infra; \ + touch /mnt/rootfs/etc/.pwd.lock; \ + chmod 600 /mnt/rootfs/etc/.pwd.lock; \ + touch /mnt/rootfs/run/utmp ;\ + chmod 664 /mnt/rootfs/run/utmp ;\ + echo '0.000000 1728971976 0.000000' > /mnt/rootfs/etc/adjtime; \ + echo '1728971976' >> /mnt/rootfs/etc/adjtime; \ + echo 'LOCAL' >> /mnt/rootfs/etc/adjtime; \ + # echo '# This file has been generated by the Anaconda Installer.' > /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\ + # echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\ + # echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \ + rm -rf /mnt/rootfs/usr/share/locale/en_US@piglati* /mnt/rootfs/run/blkid /mnt/rootfs/var/cache/dnf/.gpgkeyschecked.yum ; \ + rm -f /mnt/rootfs/etc/machine-id; \ + touch /mnt/rootfs/etc/machine-id; \ + touch /mnt/rootfs/etc/resolv.conf; \ + touch /mnt/rootfs/etc/hostname +# AL9 specific hacks +RUN mkdir -p /mnt/rootfs/var/cache/private /mnt/rootfs/var/lib/private /mnt/rootfs/var/lib/systemd/coredump /mnt/rootfs/var/lib/tpm2-tss/system/keystore ;\ + mkdir -p /mnt/rootfs/run/cryptsetup /mnt/rootfs/run/lock/subsys /mnt/rootfs/run/log /mnt/rootfs/run/user /mnt/rootfs/run/tpm2-tss/eventlog ;\ + mkdir -p /mnt/rootfs/run/systemd/ask-password /mnt/rootfs/run/systemd/machines /mnt/rootfs/run/systemd/seats /mnt/rootfs/run/systemd/sessions /mnt/rootfs/run/systemd/shutdown /mnt/rootfs/run/systemd/users ;\ + chmod 700 /mnt/rootfs/var/cache/private ; \ + chmod 700 /mnt/rootfs/var/lib/private ; \ + chmod 700 /mnt/rootfs/run/cryptsetup ; \ + groupadd -R '/mnt/rootfs/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/rootfs/' -r -p '!*' -g 995 systemd-oom ; \ + useradd -R '/mnt/rootfs/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \ + sed -i "/sgx/d" /mnt/rootfs/etc/group- ; \ + sed -i "/sgx/d" /mnt/rootfs/etc/gshadow- ; \ + cd /mnt/rootfs/etc ; \ + ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime; + +FROM scratch AS stage2 + +COPY --from=builder /mnt/rootfs / + +RUN systemctl set-default multi-user.target; \ + systemctl mask systemd-remount-fs.service \ + dev-hugepages.mount \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + getty.target \ + console-getty.service + +FROM scratch + +LABEL maintainer="Muhamad Aditya Prima " +LABEL name="almalinux" +LABEL version="${ALMALINUX_VERSION}" +LABEL distribution-scope="public" + +#labels for container catalog +LABEL summary="Almalinux 9 container image" +LABEL description="Provide latest release of Almalinux 9 container image" +LABEL io.k8s.description="Almalinux 9" +LABEL io.k8s.display-name="Almalinux 9" + +COPY --from=stage2 / / + +ENV LANG=C.utf8 + +CMD ["/bin/bash"] \ No newline at end of file diff --git a/9/Dockerfile.micro b/9/Dockerfile.micro new file mode 100644 index 0000000..9c50efa --- /dev/null +++ b/9/Dockerfile.micro @@ -0,0 +1,52 @@ +ARG ALMALINUX_VERSION=9.5 + +FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder + +RUN mkdir -p /mnt/rootfs; \ + dnf install --installroot /mnt/rootfs \ + coreutils-single \ + glibc-minimal-langpack \ + --releasever 9 --setopt install_weak_deps=false --nodocs -y; \ + dnf --installroot /mnt/rootfs clean all; + +# Additional hacks for kickstart file and backward compatable support +RUN rm -rf /mnt/rootfs/var/cache/dnf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/lib/dnf /mnt/rootfs/var/log/yum.* /mnt/rootfs/var/lib/rpm/* ; \ + /bin/date +%Y%m%d_%H%M > /mnt/rootfs/etc/BUILDTIME ; \ + echo '%_install_langs C.utf8' > /mnt/rootfs/etc/rpm/macros.image-language-conf; \ + echo 'LANG="C.utf8"' > /mnt/rootfs/etc/locale.conf; \ + echo 'container' > /mnt/rootfs/etc/dnf/vars/infra; \ + rm -f /mnt/rootfs/etc/machine-id; \ + touch /mnt/rootfs/etc/machine-id; \ + touch /mnt/rootfs/etc/resolv.conf; \ + touch /mnt/rootfs/etc/hostname; \ + touch /mnt/rootfs/etc/.pwd.lock; \ + chmod 600 /mnt/rootfs/etc/.pwd.lock; \ + rm -rf /mnt/rootfs/usr/share/locale/en* /mnt/rootfs/boot /mnt/rootfs/dev/null /mnt/rootfs/var/log/hawkey.log ; \ + echo '0.000000 1728971976 0.000000' > /mnt/rootfs/etc/adjtime; \ + echo '1728971976' >> /mnt/rootfs/etc/adjtime; \ + echo 'LOCAL' >> /mnt/rootfs/etc/adjtime; \ + # echo '# This file has been generated by the Anaconda Installer.' > /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\ + # echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\ + # echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\ + echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \ + echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \ + mkdir -p /mnt/rootfs/run/lock; \ + cd /mnt/rootfs/etc ; \ + ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime + +FROM scratch + +LABEL maintainer="Muhamad Aditya Prima " +LABEL name="almalinux-micro" +LABEL version="${ALMALINUX_VERSION}" +LABEL distribution-scope="public" + +#labels for container catalog +LABEL summary="Almalinux 9 micro container image" +LABEL description="Provide latest release of micro Almalinux 9 container base image" +LABEL io.k8s.description="Very small almalinux 9 based image which doesn't install package manager" +LABEL io.k8s.display-name="Almalinux 9 Micro" + +COPY --from=builder /mnt/rootfs/ / + +CMD ["/bin/sh"] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..aa11207 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# Almalinux Container Images + +Built with buildah, contains preinstalled epel-release and timezone changed to Asia/Jakarta + +Build: + +Base +Micro \ No newline at end of file