From f477dde1f37b067a3c019aec1b859c2454697bb6 Mon Sep 17 00:00:00 2001
From: Santhosh <santhosh@spectrocloud.com>
Date: Tue, 26 Dec 2023 23:21:10 +0530
Subject: [PATCH] update to v2.4.3 framework images and add slem build script
 (#120)

---
 README.md                         |  4 +-
 rhel-core-images/Dockerfile.rhel8 |  9 +----
 rhel-fips/Dockerfile              |  7 +---
 slem/Dockerfile                   | 64 +++++++++++++++++++++++++++----
 slem/README.md                    |  6 +++
 slem/build.sh                     | 30 +++++++++++++++
 ubuntu-fips/Dockerfile            |  8 +---
 7 files changed, 98 insertions(+), 30 deletions(-)
 create mode 100644 slem/README.md
 create mode 100644 slem/build.sh

diff --git a/README.md b/README.md
index f1af6a5..1370451 100644
--- a/README.md
+++ b/README.md
@@ -107,7 +107,7 @@ cp .arg.template .arg
 6. To build RHEL core, RHEL FIPS or Ubuntu fips, sles base images switch to respective directories and build the base image.
 The base image built can be passed as argument to build the installer and provider images.
 Follow the instructions in the respective sub-folders (rhel-fips, ubuntu-fips) to create base images.
-For ubuntu-fips, this image can be used as base image - `gcr.io/spectro-images-public/ubuntu-focal-fips:v4.0_20230817`
+For ubuntu-fips, this image can be used as base image - `gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226`
 Skip this step if your base image is ubuntu or opensuse-leap. If you are building ubuntu or opensuse-leap installer images, do not pass the BASE_IMAGE attribute as an arg to build command.
 
 7. Modify the `.arg` file as needed. Primarily, you must define the tag you want to use for your images. For example, if the operating system is `ubuntu` and the tag is `demo`, the image artefact will name as `ttl.sh/ubuntu:k3s-1.25.2-v3.4.3-demo`. The **.arg** file defines the following variables:
@@ -153,7 +153,7 @@ To build the provider images
 
 To build the fips enabled ubuntu installer image
 ```shell
-./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-images-public/ubuntu-focal-fips:v4.0_20230817 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.1
+./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.1
 ```
 
 Output
diff --git a/rhel-core-images/Dockerfile.rhel8 b/rhel-core-images/Dockerfile.rhel8
index 2ebfe4e..4b44e90 100644
--- a/rhel-core-images/Dockerfile.rhel8
+++ b/rhel-core-images/Dockerfile.rhel8
@@ -56,7 +56,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \
     kernel kernel-modules kernel-modules-extra \
     rsync jq && dnf clean all
 
-COPY --from=quay.io/kairos/framework:v2.3.2_fedora / /
+COPY --from=quay.io/kairos/framework:v2.4.3_generic / /
 RUN mkdir -p /run/lock
 RUN touch /usr/libexec/.keep
 
@@ -72,13 +72,6 @@ RUN systemctl enable sshd
 RUN systemctl disable selinux-autorelabel-mark.service 
 #RUN systemctl enable tmp.mount
 
-
-RUN systemctl enable cos-setup-reconcile.timer && \
-    	    systemctl enable cos-setup-fs.service && \
-	    systemctl enable cos-setup-boot.service && \
-	    systemctl enable cos-setup-network.service
-
-
 COPY overlay/rhel8/ /
 
 RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \
diff --git a/rhel-fips/Dockerfile b/rhel-fips/Dockerfile
index 0061bfa..edf8301 100644
--- a/rhel-fips/Dockerfile
+++ b/rhel-fips/Dockerfile
@@ -83,7 +83,7 @@ RUN mkdir -p /run/lock && \
 # Copy the os-release file to identify the OS
 COPY --from=osbuilder /workspace/os-release /etc/os-release
 
-COPY --from=quay.io/kairos/framework:v2.3.2_fips-systemd / /
+COPY --from=quay.io/kairos/framework:v2.4.3_fips / /
 
 COPY overlay/rhel8 /
 
@@ -98,11 +98,6 @@ RUN systemctl enable sshd
 RUN systemctl disable selinux-autorelabel-mark.service 
 #RUN systemctl enable tmp.mount
 
-RUN systemctl enable cos-setup-reconcile.timer && \
-    	    systemctl enable cos-setup-fs.service && \
-	    systemctl enable cos-setup-boot.service && \
-	    systemctl enable cos-setup-network.service
-
 # Copy the custom dracut config file
 COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf
 
diff --git a/slem/Dockerfile b/slem/Dockerfile
index 7ce6ad0..eed39be 100644
--- a/slem/Dockerfile
+++ b/slem/Dockerfile
@@ -25,13 +25,63 @@ RUN mkdir -p /run/lock
 RUN mkdir -p /usr/libexec
 RUN touch /usr/libexec/.keep
 COPY --from=quay.io/kairos/framework:v2.4.3_opensuse-leap / /
-# Activate Kairos services
-RUN systemctl enable cos-setup-reconcile.timer && \
-          systemctl enable cos-setup-fs.service && \
-          systemctl enable cos-setup-boot.service && \
-          systemctl enable cos-setup-network.service
-# Remove /etc/dracut.conf.d/90-kairos-network-legacy.conf to allow dracut to build initrd without dhcp-client
-RUN rm -f /etc/dracut.conf.d/90-kairos-network-legacy.conf
+
+RUN mkdir -p /etc/dnf
+RUN echo "install_weak_deps=False" > /etc/dnf/dnf.conf
+
+RUN zypper in --force-resolution -y \
+    bash-completion \
+    conntrack-tools \
+    coreutils \
+    curl \
+    device-mapper \
+    dhcp-client \
+    dosfstools \
+    dracut \
+    e2fsprogs \
+    fail2ban \
+    findutils \
+    gawk \
+    growpart \
+    gptfdisk \
+    haveged \
+    htop \
+    iproute2 \
+    iptables \
+    iputils \
+    issue-generator \
+    jq \
+    less \
+    logrotate \
+    lsscsi \
+    lvm2 \
+    mdadm \
+    multipath-tools \
+    nano \
+#    nohang \
+    open-iscsi \
+    openssh \
+    open-vm-tools \
+    parted \
+    pigz \
+    policycoreutils \
+    polkit \
+    procps \
+    rng-tools \
+    rsync \
+    squashfs \
+    strace \
+    sudo \
+    systemd \
+    systemd-network \
+    tar \
+    timezone \
+    tmux \
+    vim \
+    which \
+    tpm2* \
+    && zypper cc \
+
 ## Generate initrd
 RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \
             ln -sf "${kernel#/boot/}" /boot/vmlinuz
diff --git a/slem/README.md b/slem/README.md
new file mode 100644
index 0000000..db10e57
--- /dev/null
+++ b/slem/README.md
@@ -0,0 +1,6 @@
+# slem
+
+slem base image needs to built on the slem server.
+A registration code is need to build the slem base image.
+
+./build.sh <REGISTRATION_CODE>
diff --git a/slem/build.sh b/slem/build.sh
new file mode 100644
index 0000000..0832ceb
--- /dev/null
+++ b/slem/build.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+
+REGISTRATION_CODE=$1
+mkdir /var/slem
+cd /var/slem
+mkdir repos
+mkdir services
+cd repos/
+mkdir SUSE
+mkdir opensuse
+cd SUSE
+cp /etc/zypp/repos.d/SUSE*.repo .
+cd ../../services/
+cp /etc/zypp/services.d/*.service .
+cd ../repos/opensuse/
+cat > opensuse-oss.repo <<EOF
+[opensuse-oss]
+enabled=1
+autorefresh=0
+baseurl=http://download.opensuse.org/distribution/leap/15.5/repo/oss/
+EOF
+cd ../..
+SUSEConnect -r $REGISTRATION_CODE
+systemctl restart docker
+transactional-update -n pkg install docker
+transactional-update -n register -p PackageHub/15.4/x86_64
+docker build -t slem-base-image:v243 .
+
diff --git a/ubuntu-fips/Dockerfile b/ubuntu-fips/Dockerfile
index 7d4a879..e3d02d7 100644
--- a/ubuntu-fips/Dockerfile
+++ b/ubuntu-fips/Dockerfile
@@ -1,6 +1,6 @@
 
 # Kairos framework packages for ubuntu fips
-FROM quay.io/kairos/framework:v2.3.2_fips-systemd as kairos-fips
+FROM quay.io/kairos/framework:v2.4.3_fips as kairos-fips
 
 # Base ubuntu image (focal)
 FROM ubuntu:focal as base
@@ -122,12 +122,6 @@ COPY --from=kairos-fips / /
 # Copy the os-release file to identify the OS
 COPY --from=osbuilder /workspace/os-release /etc/os-release
 
-# Activate Kairos services
-RUN systemctl enable cos-setup-reconcile.timer && \
-          systemctl enable cos-setup-fs.service && \
-          systemctl enable cos-setup-boot.service && \
-          systemctl enable cos-setup-network.service
-
 ## Configuration
 ## Took from: https://github.com/kairos-io/kairos/blob/master/images/Dockerfile.ubuntu-20-lts
 # workaround https://github.com/kairos-io/kairos/issues/949