From 31c40a064ae3ba06eb51bc34e5a80e3067db1060 Mon Sep 17 00:00:00 2001
From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Date: Mon, 4 Mar 2024 17:00:23 +0000
Subject: [PATCH 1/4] dockerfiles: update bullseye docker file

Add the python-is-python3 package to be able to run sourced python3 scripts
that are written with the expectation that `python` command is symlink to
python3.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 Dockerfiles/openxt-bullseye-oe64 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfiles/openxt-bullseye-oe64 b/Dockerfiles/openxt-bullseye-oe64
index 01e096d..f1849d1 100644
--- a/Dockerfiles/openxt-bullseye-oe64
+++ b/Dockerfiles/openxt-bullseye-oe64
@@ -12,7 +12,7 @@ RUN apt-get update && apt-get install -yq \
         sed wget cvs subversion git-core coreutils \
         unzip texi2html texinfo docbook-utils gawk diffstat \
         help2man make gcc build-essential g++ desktop-file-utils chrpath cpio \
-        screen bash-completion python3 iputils-ping \
+        screen bash-completion python3 python-is-python3 iputils-ping \
         guilt iasl quilt bin86 \
         bcc libsdl1.2-dev liburi-perl genisoimage policycoreutils unzip vim \
         rpm curl libncurses5-dev libncursesw5 libc6-dev-i386 libelf-dev \

From d7dfb84a437d9a1f9c1cabd8342bf6770e2d80f3 Mon Sep 17 00:00:00 2001
From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Date: Mon, 1 Apr 2024 16:51:32 +0000
Subject: [PATCH 2/4] dockerfiles: rework quilt enablement

There was no need to have the quilt files in the directory structure that they
were in. This moves them into a generic files directory. A second issue is that
the files were hardcoded to install into the home dir for user "build". This
gets corrected to use the `$UNAME` build variable.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 Dockerfiles/{root/home/build => files}/oxt-patch.header | 0
 Dockerfiles/{root/home/build/.quiltrc => files/quiltrc} | 0
 Dockerfiles/openxt-bullseye-oe64                        | 4 ++--
 Dockerfiles/openxt-buster-oe64                          | 4 ++--
 Dockerfiles/openxt-oe64                                 | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)
 rename Dockerfiles/{root/home/build => files}/oxt-patch.header (100%)
 rename Dockerfiles/{root/home/build/.quiltrc => files/quiltrc} (100%)

diff --git a/Dockerfiles/root/home/build/oxt-patch.header b/Dockerfiles/files/oxt-patch.header
similarity index 100%
rename from Dockerfiles/root/home/build/oxt-patch.header
rename to Dockerfiles/files/oxt-patch.header
diff --git a/Dockerfiles/root/home/build/.quiltrc b/Dockerfiles/files/quiltrc
similarity index 100%
rename from Dockerfiles/root/home/build/.quiltrc
rename to Dockerfiles/files/quiltrc
diff --git a/Dockerfiles/openxt-bullseye-oe64 b/Dockerfiles/openxt-bullseye-oe64
index f1849d1..1b71b31 100644
--- a/Dockerfiles/openxt-bullseye-oe64
+++ b/Dockerfiles/openxt-bullseye-oe64
@@ -43,8 +43,8 @@ RUN ln -s /lib64/ld-linux-x86-64.so.2 /lib/
 RUN useradd -Ums /bin/bash -l -p '""' -u $UID $UNAME
 
 # Add quilt config files
-ADD root/home/build/.quiltrc /home/build/.quiltrc
-ADD root/home/build/oxt-patch.header /home/build/oxt-patch.header
+ADD files/quiltrc /home/$UNAME/.quiltrc
+ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
diff --git a/Dockerfiles/openxt-buster-oe64 b/Dockerfiles/openxt-buster-oe64
index 2fc5c79..b59ca66 100644
--- a/Dockerfiles/openxt-buster-oe64
+++ b/Dockerfiles/openxt-buster-oe64
@@ -51,8 +51,8 @@ RUN ln -s /lib64/ld-linux-x86-64.so.2 /lib/
 RUN useradd -Ums /bin/bash -l -p '""' -u $UID $UNAME
 
 # Add quilt config files
-ADD root/home/build/.quiltrc /home/build/.quiltrc
-ADD root/home/build/oxt-patch.header /home/build/oxt-patch.header
+ADD files/quiltrc /home/$UNAME/.quiltrc
+ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
diff --git a/Dockerfiles/openxt-oe64 b/Dockerfiles/openxt-oe64
index 82109d4..0c5399d 100644
--- a/Dockerfiles/openxt-oe64
+++ b/Dockerfiles/openxt-oe64
@@ -48,8 +48,8 @@ RUN ln -s /lib64/ld-linux-x86-64.so.2 /lib/
 RUN useradd -Ums /bin/bash -l -p '""' -G sudo -u $UID $UNAME
 
 # Add quilt config files
-ADD root/home/build/.quiltrc /home/build/.quiltrc
-ADD root/home/build/oxt-patch.header /home/build/oxt-patch.header
+ADD files/quiltrc /home/$UNAME/.quiltrc
+ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen

From 8348e0fb737b051a7df17474995be577395e765c Mon Sep 17 00:00:00 2001
From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Date: Mon, 1 Apr 2024 16:56:54 +0000
Subject: [PATCH 3/4] dockerfiles: correct repo tool url

The repo tool was being downloaded from a http url and not an https url.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 Dockerfiles/generic-oe64         | 2 +-
 Dockerfiles/openxt-bullseye-oe64 | 2 +-
 Dockerfiles/openxt-buster-oe64   | 2 +-
 Dockerfiles/openxt-oe32          | 2 +-
 Dockerfiles/openxt-oe64          | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Dockerfiles/generic-oe64 b/Dockerfiles/generic-oe64
index fce5c50..5cba380 100644
--- a/Dockerfiles/generic-oe64
+++ b/Dockerfiles/generic-oe64
@@ -12,7 +12,7 @@ RUN apt-get update && \
         DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash
 
 # Add "repo" tool (used by many Yocto-based projects)
-RUN curl http://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
+RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
 RUN useradd -Ums /bin/bash -l -p build -u [UID] build && \
diff --git a/Dockerfiles/openxt-bullseye-oe64 b/Dockerfiles/openxt-bullseye-oe64
index 1b71b31..e111e0e 100644
--- a/Dockerfiles/openxt-bullseye-oe64
+++ b/Dockerfiles/openxt-bullseye-oe64
@@ -34,7 +34,7 @@ RUN cd /tmp && \
         cd /tmp && rm -rf ghc-${GHC_VERSION}
 
 # Add "repo" tool (used by many Yocto-based projects)
-RUN curl http://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
+RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
 # Symlink for troublesome packages
diff --git a/Dockerfiles/openxt-buster-oe64 b/Dockerfiles/openxt-buster-oe64
index b59ca66..41b4b06 100644
--- a/Dockerfiles/openxt-buster-oe64
+++ b/Dockerfiles/openxt-buster-oe64
@@ -42,7 +42,7 @@ RUN cd /tmp && \
         cd /tmp && rm -rf ghc-6.12.3
 
 # Add "repo" tool (used by many Yocto-based projects)
-RUN curl http://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
+RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
 # Symlink for troublesome packages
diff --git a/Dockerfiles/openxt-oe32 b/Dockerfiles/openxt-oe32
index 071a678..c4c580b 100644
--- a/Dockerfiles/openxt-oe32
+++ b/Dockerfiles/openxt-oe32
@@ -39,7 +39,7 @@ RUN cd /tmp && \
         cd /tmp && rm -rf ghc-6.12.3
 
 # Add "repo" tool (used by many Yocto-based projects)
-RUN curl http://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
+RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
 RUN useradd -Ums /bin/bash -l -p $UNAME -u $UID $UNAME && \
diff --git a/Dockerfiles/openxt-oe64 b/Dockerfiles/openxt-oe64
index 0c5399d..c210059 100644
--- a/Dockerfiles/openxt-oe64
+++ b/Dockerfiles/openxt-oe64
@@ -39,7 +39,7 @@ RUN cd /tmp && \
         cd /tmp && rm -rf ghc-6.12.3
 
 # Add "repo" tool (used by many Yocto-based projects)
-RUN curl http://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
+RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
 # Symlink for troublesome packages

From ff781077dc2b3bffc819dcd1bae941cc64c82b74 Mon Sep 17 00:00:00 2001
From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Date: Mon, 4 Mar 2024 17:36:00 +0000
Subject: [PATCH 4/4] dockerfiles: add ability to include private ca chains

This adds a two steps that will allow having private CA chains to be copied
into the container and installed in the system CA store.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 Dockerfiles/ca-certs/README.md   | 5 +++++
 Dockerfiles/generic-oe64         | 4 ++++
 Dockerfiles/openxt-bullseye-oe64 | 4 ++++
 Dockerfiles/openxt-buster-oe64   | 5 +++++
 Dockerfiles/openxt-oe64          | 4 ++++
 5 files changed, 22 insertions(+)
 create mode 100644 Dockerfiles/ca-certs/README.md

diff --git a/Dockerfiles/ca-certs/README.md b/Dockerfiles/ca-certs/README.md
new file mode 100644
index 0000000..edd38be
--- /dev/null
+++ b/Dockerfiles/ca-certs/README.md
@@ -0,0 +1,5 @@
+# CA Certificate Chains
+
+Add any PEM formated CA certification chain to this directory with an extension
+of '.cert'. If the docker file supports importing CA chains, it will add them
+to the container's system CA store.
diff --git a/Dockerfiles/generic-oe64 b/Dockerfiles/generic-oe64
index 5cba380..3c5f59a 100644
--- a/Dockerfiles/generic-oe64
+++ b/Dockerfiles/generic-oe64
@@ -15,6 +15,10 @@ RUN apt-get update && \
 RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN useradd -Ums /bin/bash -l -p build -u [UID] build && \
         usermod -aG sudo build
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
diff --git a/Dockerfiles/openxt-bullseye-oe64 b/Dockerfiles/openxt-bullseye-oe64
index e111e0e..6f1af32 100644
--- a/Dockerfiles/openxt-bullseye-oe64
+++ b/Dockerfiles/openxt-bullseye-oe64
@@ -46,6 +46,10 @@ RUN useradd -Ums /bin/bash -l -p '""' -u $UID $UNAME
 ADD files/quiltrc /home/$UNAME/.quiltrc
 ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
 ENV LANG en_US.utf8
diff --git a/Dockerfiles/openxt-buster-oe64 b/Dockerfiles/openxt-buster-oe64
index 41b4b06..8ad1d22 100644
--- a/Dockerfiles/openxt-buster-oe64
+++ b/Dockerfiles/openxt-buster-oe64
@@ -57,6 +57,11 @@ ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
 ENV LANG en_US.utf8
+
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 USER $UNAME
 WORKDIR /home/$UNAME
 ENTRYPOINT ["/bin/bash"]
diff --git a/Dockerfiles/openxt-oe64 b/Dockerfiles/openxt-oe64
index c210059..9b26072 100644
--- a/Dockerfiles/openxt-oe64
+++ b/Dockerfiles/openxt-oe64
@@ -51,6 +51,10 @@ RUN useradd -Ums /bin/bash -l -p '""' -G sudo -u $UID $UNAME
 ADD files/quiltrc /home/$UNAME/.quiltrc
 ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
 ENV LANG en_US.utf8