From 1b84ba5e3944efa810ff29e17a31620ec214afce Mon Sep 17 00:00:00 2001 From: Stephen Kitt Date: Mon, 2 Dec 2024 18:18:45 +0100 Subject: [PATCH] Set up a base distribution in the images This adds the minimum subset of packages required for Fedora, allowing scanners to understand the image and process it correctly (in exchange for a small size increase). Signed-off-by: Stephen Kitt --- package/Dockerfile.submariner-operator | 13 ++++++ package/dnf_install | 62 ++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100755 package/dnf_install diff --git a/package/Dockerfile.submariner-operator b/package/Dockerfile.submariner-operator index fb11aed60..2d0081890 100644 --- a/package/Dockerfile.submariner-operator +++ b/package/Dockerfile.submariner-operator @@ -1,4 +1,5 @@ ARG BASE_BRANCH +ARG FEDORA_VERSION=40 ARG SOURCE=/go/src/github.com/submariner-io/submariner-operator FROM --platform=${BUILDPLATFORM} quay.io/submariner/shipyard-dapper-base:${BASE_BRANCH} AS builder @@ -9,12 +10,24 @@ COPY . ${SOURCE} RUN make -C ${SOURCE} LOCAL_BUILD=1 bin/${TARGETPLATFORM}/submariner-operator +FROM --platform=${BUILDPLATFORM} fedora:${FEDORA_VERSION} AS base +ARG FEDORA_VERSION +ARG SOURCE +ARG TARGETPLATFORM + +COPY package/dnf_install / + +RUN /dnf_install -a ${TARGETPLATFORM} -v ${FEDORA_VERSION} -r /output/submariner-operator \ + setup + FROM --platform=${TARGETPLATFORM} scratch ARG SOURCE ARG TARGETPLATFORM ENV USER_UID=1001 PATH=/ +COPY --from=base /output/submariner-operator / + # install operator binary COPY --from=builder ${SOURCE}/bin/${TARGETPLATFORM}/submariner-operator /submariner-operator diff --git a/package/dnf_install b/package/dnf_install new file mode 100755 index 000000000..fc5a7b8be --- /dev/null +++ b/package/dnf_install @@ -0,0 +1,62 @@ +#!/bin/bash + +# Installs packages using dnf to a named root: +# -a arch - use arch instead of the native arch +# -k - keep the package cache +# -r root - install to the named root instead of /output/base +# -v ver - use the given Fedora version (required) +# +# %arch in the package references will be replaced with the chosen arch + +INSTALL_ROOT=/output/base + +# Limit the number of files so that dnf doesn't spend ages processing fds +ulimit -n 1048576 + +while getopts a:kr:v: o +do + case "$o" in + a) + ARCH="$OPTARG" + ;; + k) + KEEP_CACHE=true + ;; + r) + INSTALL_ROOT="$OPTARG" + ;; + v) + FEDORA_VERSION="$OPTARG" + ;; + *) + echo "$0 doesn't support $o" >&2 + exit 1 + ;; + esac +done +shift $((OPTIND - 1)) + +if [[ -n "${ARCH}" ]]; then + # Convert container arch to Fedora arch + ARCH="${ARCH##*/}" + case "${ARCH}" in + amd64) ARCH=x86_64;; + arm64) ARCH=aarch64;; + esac + arch_args="--forcearch ${ARCH}" +else + # This will be used later, but we won't force + ARCH="$(rpm -q --qf "%{arch}" rpm)" +fi + +[[ -z "${FEDORA_VERSION}" ]] && echo I need to know which version of Fedora to install, specify it with -v >&2 && exit 1 + +if [[ "${INSTALL_ROOT}" != /output/base ]] && [[ ! -d "${INSTALL_ROOT}" ]] && [[ -d /output/base ]]; then + cp -a /output/base "${INSTALL_ROOT}" +fi + +dnf -y --setopt=install_weak_deps=0 --nodocs ${arch_args} \ + --installroot "${INSTALL_ROOT}" --releasever "${FEDORA_VERSION}" \ + install "${@//\%arch/${ARCH}}" + +[[ "${KEEP_CACHE}" == true ]] || dnf -y ${arch_args} --installroot "${INSTALL_ROOT}" --releasever "${FEDORA_VERSION}" clean all