Skip to content

Commit

Permalink
Set up a base distribution in the images
Browse files Browse the repository at this point in the history
This adds the minimum subset of packages required for Fedora, allowing
scanners to understand the image and process it correctly (in exchange
for a small size increase).

Signed-off-by: Stephen Kitt <[email protected]>
  • Loading branch information
skitt authored and tpantelis committed Dec 9, 2024
1 parent 017544f commit 8cf12be
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 0 deletions.
13 changes: 13 additions & 0 deletions package/Dockerfile.submariner-operator
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
ARG BASE_BRANCH
ARG FEDORA_VERSION=40
ARG SOURCE=/go/src/github.com/submariner-io/submariner-operator

FROM --platform=${BUILDPLATFORM} quay.io/submariner/shipyard-dapper-base:${BASE_BRANCH} AS builder
Expand All @@ -9,12 +10,24 @@ COPY . ${SOURCE}

RUN make -C ${SOURCE} LOCAL_BUILD=1 bin/${TARGETPLATFORM}/submariner-operator

FROM --platform=${BUILDPLATFORM} fedora:${FEDORA_VERSION} AS base
ARG FEDORA_VERSION
ARG SOURCE
ARG TARGETPLATFORM

COPY package/dnf_install /

RUN /dnf_install -a ${TARGETPLATFORM} -v ${FEDORA_VERSION} -r /output/submariner-operator \
setup

FROM --platform=${TARGETPLATFORM} scratch
ARG SOURCE
ARG TARGETPLATFORM

ENV USER_UID=1001 PATH=/

COPY --from=base /output/submariner-operator /

# install operator binary
COPY --from=builder ${SOURCE}/bin/${TARGETPLATFORM}/submariner-operator /submariner-operator

Expand Down
62 changes: 62 additions & 0 deletions package/dnf_install
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#!/bin/bash

# Installs packages using dnf to a named root:
# -a arch - use arch instead of the native arch
# -k - keep the package cache
# -r root - install to the named root instead of /output/base
# -v ver - use the given Fedora version (required)
#
# %arch in the package references will be replaced with the chosen arch

INSTALL_ROOT=/output/base

# Limit the number of files so that dnf doesn't spend ages processing fds
ulimit -n 1048576

while getopts a:kr:v: o
do
case "$o" in
a)
ARCH="$OPTARG"
;;
k)
KEEP_CACHE=true
;;
r)
INSTALL_ROOT="$OPTARG"
;;
v)
FEDORA_VERSION="$OPTARG"
;;
*)
echo "$0 doesn't support $o" >&2
exit 1
;;
esac
done
shift $((OPTIND - 1))

if [[ -n "${ARCH}" ]]; then
# Convert container arch to Fedora arch
ARCH="${ARCH##*/}"
case "${ARCH}" in
amd64) ARCH=x86_64;;
arm64) ARCH=aarch64;;
esac
arch_args="--forcearch ${ARCH}"
else
# This will be used later, but we won't force
ARCH="$(rpm -q --qf "%{arch}" rpm)"
fi

[[ -z "${FEDORA_VERSION}" ]] && echo I need to know which version of Fedora to install, specify it with -v >&2 && exit 1

if [[ "${INSTALL_ROOT}" != /output/base ]] && [[ ! -d "${INSTALL_ROOT}" ]] && [[ -d /output/base ]]; then
cp -a /output/base "${INSTALL_ROOT}"
fi

dnf -y --setopt=install_weak_deps=0 --nodocs ${arch_args} \
--installroot "${INSTALL_ROOT}" --releasever "${FEDORA_VERSION}" \
install "${@//\%arch/${ARCH}}"

[[ "${KEEP_CACHE}" == true ]] || dnf -y ${arch_args} --installroot "${INSTALL_ROOT}" --releasever "${FEDORA_VERSION}" clean all

0 comments on commit 8cf12be

Please sign in to comment.