From d27e4c3f6c3e13bcefe9d1d904386794140d8a91 Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa@fedoraproject.org>
Date: Sun, 7 Jan 2024 22:16:11 -0500
Subject: [PATCH] Add base container definitions

This adds the definitions for building the container tarballs for
the base container, the minimal base container, and the toolbox
container.
---
 README.md                                     |   2 +
 config.sh                                     | 100 ++++++++++--
 config.xml                                    |   1 +
 platforms/container.xml                       | 149 ++++++++++++++++++
 .../container/base/build-generic-minimal.fmf  |   8 +
 tmt/plans/container/base/build-generic.fmf    |   8 +
 tmt/plans/container/toolbox/build-toolbox.fmf |   8 +
 7 files changed, 263 insertions(+), 13 deletions(-)
 create mode 100644 platforms/container.xml
 create mode 100644 tmt/plans/container/base/build-generic-minimal.fmf
 create mode 100644 tmt/plans/container/base/build-generic.fmf
 create mode 100644 tmt/plans/container/toolbox/build-toolbox.fmf

diff --git a/README.md b/README.md
index 61bd69a..6e93070 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,8 @@ All changes should be made via the PR workflow.
 
 * Base Cloud Edition for clouds (image type: `oem`, image profiles: `Cloud-Base-Generic`/`Cloud-Base-AmazonEC2`/`Cloud-Base-Azure`/`Cloud-Base-GCE`)
 * Base Cloud Edition for Vagrant (image type: `oem`, image profiles: `Cloud-Base-Vagrant-libvirt`/`Cloud-Base-Vagrant-VirtualBox`)
+* Base Container (image type: `tbz`, image profiles `Container-Base-Generic-Minimal`/`Container-Base-Generic`)
+* Toolbox Container (image type: `tbz`, image profiles `Container-Toolbox`)
 * KDE Spin (image type: `iso`, image profiles: `KDE-Live`)
 * Workstation Edition (image type: `iso`, image profiles: `Workstation-Live`)
 
diff --git a/config.sh b/config.sh
index 67c2cad..7abd097 100755
--- a/config.sh
+++ b/config.sh
@@ -16,8 +16,10 @@ echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
 #======================================
 # Set SELinux booleans
 #--------------------------------------
-## Fixes KDE Plasma, see rhbz#2058657
-setsebool -P selinuxuser_execmod 1
+if [[ "$kiwi_profiles" != *"Container"* ]]; then
+	## Fixes KDE Plasma, see rhbz#2058657
+	setsebool -P selinuxuser_execmod 1
+fi
 
 #======================================
 # Clear machine specific configuration
@@ -31,13 +33,15 @@ rm -f /var/lib/systemd/random-seed
 #======================================
 # Configure grub correctly
 #--------------------------------------
-## Works around issues with grub-bls
-## See: https://github.com/OSInside/kiwi/issues/2198
-echo "GRUB_DEFAULT=saved" >> /etc/default/grub
-## Disable submenus to match Fedora
-echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
-## Disable recovery entries to match Fedora
-echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
+if [[ "$kiwi_profiles" != *"Container"* ]]; then
+	## Works around issues with grub-bls
+	## See: https://github.com/OSInside/kiwi/issues/2198
+	echo "GRUB_DEFAULT=saved" >> /etc/default/grub
+	## Disable submenus to match Fedora
+	echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
+	## Disable recovery entries to match Fedora
+	echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
+fi
 
 #======================================
 # Delete & lock the root user password
@@ -64,10 +68,12 @@ fi
 #======================================
 # Setup default target
 #--------------------------------------
-if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then
-	systemctl set-default graphical.target
-else
-	systemctl set-default multi-user.target
+if [[ "$kiwi_profiles" != *"Container"* ]]; then
+	if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then
+		systemctl set-default graphical.target
+	else
+		systemctl set-default multi-user.target
+	fi
 fi
 
 #======================================
@@ -118,4 +124,72 @@ chmod 600 /root/.ssh/authorized_keys
 chown -R root:root /root/.ssh
 fi
 
+if [[ "$kiwi_profiles" == *"Container"* ]]; then
+	# Set install langs macro so that new rpms that get installed will
+	# only install langs that we limit it to.
+	LANG="en_US"
+	echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
+
+	# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
+	echo 'LANG="C.UTF-8"' >  /etc/locale.conf
+
+	# https://bugzilla.redhat.com/show_bug.cgi?id=1400682
+	echo "Import RPM GPG key"
+	releasever=$(rpm --eval '%{?fedora}')
+
+	# When building ELN containers, we don't have the %{fedora} macro
+	if [ -z $releasever ]; then
+		releasever=eln
+	fi
+
+	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
+
+	echo "# fstab intentionally empty for containers" > /etc/fstab
+
+	# Remove machine-id on pre generated images
+	rm -f /etc/machine-id
+	touch /etc/machine-id
+
+	echo "# resolv placeholder" > /etc/resolv.conf
+	chmod 644 /etc/resolv.conf
+
+	# Remove extraneous files
+	rm -rf /tmp/*
+
+	# https://pagure.io/atomic-wg/issue/308
+	printf "tsflags=nodocs\n" >>/etc/dnf/dnf.conf
+
+	if [[ "$kiwi_profiles" == *"Base-Generic-Minimal"* ]]; then
+		# remove some random help txt files
+		rm -fv /usr/share/gnupg/help*.txt
+
+		# Pruning random things
+		rm /usr/lib/rpm/rpm.daily
+		rm -rfv /usr/lib64/nss/unsupported-tools/  # unsupported
+
+		# Statically linked crap
+		rm -fv /usr/sbin/{glibc_post_upgrade.x86_64,sln}
+		ln /usr/bin/ln usr/sbin/sln
+
+		# Remove some dnf info
+		rm -rfv /var/lib/dnf
+
+		# don't need icons
+		rm -rfv /usr/share/icons/*
+
+		#some random not-that-useful binaries
+		rm -fv /usr/bin/pinky
+
+		# we lose presets by removing /usr/lib/systemd but we do not care
+		rm -rfv /usr/lib/systemd
+	fi
+	if [[ "$kiwi_profiles" == *"Toolbox"* ]]; then
+		# Remove macros.image-language-conf file
+		rm -f /etc/rpm/macros.image-language-conf
+
+		# Remove 'tsflags=nodocs' line from dnf.conf
+		sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
+	fi
+fi
+
 exit 0
diff --git a/config.xml b/config.xml
index d2d6b61..aa616b6 100644
--- a/config.xml
+++ b/config.xml
@@ -20,6 +20,7 @@
 	<include from="this://./components/liveinstall.xml"/>
 	<include from="this://./components/users.xml"/>
 	<include from="this://./platforms/cloud.xml"/>
+	<include from="this://./platforms/container.xml"/>
 	<include from="this://./platforms/vagrant.xml"/>
 	<include from="this://./platforms/workstation.xml"/>
 	<packages type="bootstrap">
diff --git a/platforms/container.xml b/platforms/container.xml
new file mode 100644
index 0000000..2291a51
--- /dev/null
+++ b/platforms/container.xml
@@ -0,0 +1,149 @@
+<image>
+	<profiles>
+		<profile name="ContainerCore" description="Container core packages">
+		</profile>
+		<profile name="Container-Base-Generic-Minimal" description="Generic Minimal Base Container Image">
+			<requires profile="ContainerCore"/>
+		</profile>
+		<profile name="Container-Base-Generic" description="Generic Base Container Image">
+			<requires profile="ContainerCore"/>
+		</profile>
+		<profile name="Container-Toolbox" description="Toolbox Container Image">
+			<requires profile="ContainerCore"/>
+		</profile>
+	</profiles>
+	<preferences profiles="Container-Base-Generic-Minimal,Container-Base-Generic">
+		<type image="tbz"/>
+		<timezone>Etc/UTC</timezone>
+		<locale>en_US</locale>
+		<rpm-locale-filtering>true</rpm-locale-filtering>
+		<rpm-excludedocs>true</rpm-excludedocs>
+	</preferences>
+	<preferences profiles="Container-Toolbox">
+		<type image="tbz"/>
+		<timezone>Etc/UTC</timezone>
+		<locale>en_US</locale>
+		<rpm-locale-filtering>false</rpm-locale-filtering>
+		<rpm-excludedocs>false</rpm-excludedocs>
+	</preferences>
+	<packages type="bootstrap" profiles="ContainerCore">
+		<ignore name="dosfstools"/>
+		<ignore name="e2fsprogs"/>
+		<ignore name="fuse-libs"/>
+		<ignore name="gnupg2-smime"/>
+		<ignore name="libss"/> <!-- used by e2fsprogs -->
+		<ignore name="kernel"/>
+		<ignore name="*-firmware"/>
+		<ignore name="geolite2-city"/>
+		<ignore name="geolite2-country"/>
+		<ignore name="pinentry"/>
+		<ignore name="shared-mime-info"/>
+		<ignore name="pinentry"/>
+		<ignore name="trousers"/>
+		<ignore name="xkeyboard-config"/>
+		<ignore name="grubby"/>
+		<ignore name="langpacks-en_GB"/>
+		<!-- https://bugzilla.redhat.com/show_bug.cgi?id=1951111 -->
+		<ignore name="util-linux"/>
+		<ignore name="sssd-client"/>
+		<package name="fedora-release-container"/>
+		<package name="bash"/>
+		<package name="coreutils"/>
+		<package name="rpm"/>
+	</packages>
+	<packages type="bootstrap" profiles="Container-Base-Generic-Minimal">
+		<ignore name="glibc-langpack-en"/>
+		<ignore name="langpacks-en"/>
+		<ignore name="tzdata"/>
+		<package name="microdnf"/>
+		<package name="glibc-minimal-langpack"/>
+	</packages>
+	<packages type="bootstrap" profiles="Container-Base-Generic">
+		<ignore name="glibc-langpack-en"/>
+		<ignore name="langpacks-en"/>
+		<package name="rootfiles"/>
+		<package name="tar"/> <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1409920 -->
+		<package name="vim-minimal"/>
+		<package name="dnf"/>
+		<package name="dnf-yum"/> <!-- https://pagure.io/fesco/issue/1312#comment-30991 -->
+		<package name="glibc-minimal-langpack"/>
+		<package name="tzdata"/>
+	</packages>
+	<packages type="image" patternType="plusRecommended" profiles="Container-Toolbox">
+		<!-- This is a weak dep of systemd, we do not want this in the container;
+		     see: https://github.com/containers/toolbox/issues/1410  -->
+		<ignore name="systemd-resolved"/>
+		<package name="acl"/>
+		<package name="bash"/>
+		<package name="bash-completion"/>
+		<package name="bc"/>
+		<package name="bzip2"/>
+		<package name="coreutils-common"/>
+		<package name="curl"/>
+		<package name="default-editor"/>
+		<package name="diffutils"/>
+		<package name="dnf"/>
+		<package name="dnf-yum"/> <!-- https://pagure.io/fesco/issue/1312#comment-30991 -->
+		<package name="dnf-plugins-core"/>
+		<package name="findutils"/>
+		<package name="flatpak-spawn"/>
+		<package name="fpaste"/>
+		<package name="gawk"/>
+		<package name="git"/>
+		<package name="glibc-all-langpacks"/>
+		<package name="gnupg2"/>
+		<package name="gnupg2-smime"/>
+		<package name="grep"/>
+		<package name="gvfs-client"/>
+		<package name="gzip"/>
+		<package name="hostname"/>
+		<package name="iproute"/>
+		<package name="iputils"/>
+		<package name="keyutils"/>
+		<package name="krb5-libs"/>
+		<package name="less"/>
+		<package name="libcap"/>
+		<package name="lsof"/>
+		<package name="man-db"/>
+		<package name="man-pages"/>
+		<package name="mesa-dri-drivers"/>
+		<package name="mesa-va-drivers"/>
+		<package name="mesa-vulkan-drivers"/>
+		<package name="mtr"/>
+		<package name="nss-mdns"/>
+		<package name="openssh-clients"/>
+		<package name="openssl"/>
+		<package name="p11-kit"/>
+		<package name="pam"/>
+		<package name="passwd"/>
+		<package name="pigz"/>
+		<package name="procps-ng"/>
+		<package name="psmisc"/>
+		<package name="python3"/>
+		<package name="rootfiles"/>
+		<package name="rsync"/>
+		<package name="sed"/>
+		<package name="shadow-utils"/>
+		<package name="sudo"/>
+		<package name="tar"/> <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1409920 -->
+		<package name="tcpdump"/>
+		<package name="time"/>
+		<package name="traceroute"/>
+		<package name="tree"/>
+		<package name="tzdata"/>
+		<package name="unzip"/>
+		<package name="util-linux"/>
+		<package name="util-linux-core"/>
+		<package name="vim-enhanced"/>
+		<package name="vte-profile"/>
+		<package name="vulkan-loader"/>
+		<package name="wget"/>
+		<package name="which"/>
+		<package name="whois"/>
+		<package name="words"/>
+		<package name="xorg-x11-xauth"/>
+		<package name="xz"/>
+		<package name="zip"/>
+		<package name="zstd"/>
+	</packages>
+</image>
diff --git a/tmt/plans/container/base/build-generic-minimal.fmf b/tmt/plans/container/base/build-generic-minimal.fmf
new file mode 100644
index 0000000..803cd01
--- /dev/null
+++ b/tmt/plans/container/base/build-generic-minimal.fmf
@@ -0,0 +1,8 @@
+summary: Build Minimal Generic base container image
+discover:
+    how: fmf
+environment:
+    image_type: tbz
+    image_profile: Container-Base-Generic-Minimal
+execute:
+    how: tmt
diff --git a/tmt/plans/container/base/build-generic.fmf b/tmt/plans/container/base/build-generic.fmf
new file mode 100644
index 0000000..83e6100
--- /dev/null
+++ b/tmt/plans/container/base/build-generic.fmf
@@ -0,0 +1,8 @@
+summary: Build Generic base container image
+discover:
+    how: fmf
+environment:
+    image_type: tbz
+    image_profile: Container-Base-Generic
+execute:
+    how: tmt
diff --git a/tmt/plans/container/toolbox/build-toolbox.fmf b/tmt/plans/container/toolbox/build-toolbox.fmf
new file mode 100644
index 0000000..40692c3
--- /dev/null
+++ b/tmt/plans/container/toolbox/build-toolbox.fmf
@@ -0,0 +1,8 @@
+summary: Build Toolbox container image
+discover:
+    how: fmf
+environment:
+    image_type: tbz
+    image_profile: Container-Toolbox
+execute:
+    how: tmt