From acd0460fe095532c7d6e0e86067f12007839ab7d Mon Sep 17 00:00:00 2001
From: Travis Cotton <trcotton@lanl.gov>
Date: Mon, 3 Nov 2025 07:03:35 -0700
Subject: [PATCH 1/3] adding option to force builder to use installroot when
 parent is not scratch

Signed-off-by: Travis Cotton <trcotton@lanl.gov>
---
 src/arguments.py | 1 +
 src/image-build  | 1 +
 src/layer.py     | 7 ++++---
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/arguments.py b/src/arguments.py
index 82e23ae..414e79e 100644
--- a/src/arguments.py
+++ b/src/arguments.py
@@ -43,6 +43,7 @@ def process_args(terminal_args, config_options):
                        4 (-vvvv):   Enables connection debugging, providing a deep dive into network communication."""
             )
     processed_args['parent'] = terminal_args.parent or config_options.get('parent', 'scratch')
+    processed_args['force_installroot'] = terminal_args.force_installroot or config_options.get('force_installroot', False)
     processed_args['proxy'] = terminal_args.proxy or config_options.get('proxy', '')
 
     processed_args['name'] = terminal_args.name or config_options.get('name', 'base')
diff --git a/src/image-build b/src/image-build
index da50852..8a82209 100755
--- a/src/image-build
+++ b/src/image-build
@@ -22,6 +22,7 @@ def main():
     parser.add_argument('--log-level', dest="log_level", default=DEFAULT_LOGGING, required=False)
     parser.add_argument('--name', type=str)
     parser.add_argument('--parent', type=str)
+    parser.add_argument('--force-installroot', dest="force_installroot", type=bool, required=False)
     parser.add_argument('--proxy', dest="proxy", type=str, required=False)
     parser.add_argument('--publish-s3', dest="publish_s3", type=str, required=False)
     parser.add_argument('--publish-registry', dest="publish_registry", type=str, required=False)
diff --git a/src/layer.py b/src/layer.py
index df02c14..b237031 100644
--- a/src/layer.py
+++ b/src/layer.py
@@ -21,6 +21,7 @@ def _build_base(self, repos, modules, packages, package_groups, remove_packages,
         # Set local variables
         dt_string = datetime.now().strftime("%Y%m%d%H%M%S")
         parent = self.args['parent']
+        force_installroot = self.args['force_installroot']
         container = self.args['name']
         registry_opts_pull = self.args['registry_opts_pull']
         package_manager = self.args['pkg_man']
@@ -43,7 +44,7 @@ def buildah_handler(line):
         cname = out[0]
 
         # Only mount when doing a scratch install
-        if parent == "scratch":
+        if parent == "scratch" or force_installroot == True:
             out = []
             cmd(["buildah", "mount"] + [cname], stdout_handler = buildah_handler)
             mname = out[0]
@@ -103,7 +104,7 @@ def buildah_handler(line):
 
         # Install Repos
         try:
-            if parent == "scratch":
+            if parent == "scratch" or force_installroot == True:
                 inst.install_scratch_repos(repos, repo_dest, proxy)
             else:
                 inst.install_repos(repos, proxy)
@@ -118,7 +119,7 @@ def buildah_handler(line):
 
         # Install Packages
         try:
-            if parent == "scratch":
+            if parent == "scratch" or force_installroot == True:
                 # Enable modules
                 inst.install_scratch_modules(modules, repo_dest, self.args['proxy'])
                 # Base Package Groups

From 02591dab1124f2d44f9c1d50748bdb0411987d5b Mon Sep 17 00:00:00 2001
From: Travis Cotton <trcotton@lanl.gov>
Date: Mon, 3 Nov 2025 07:47:08 -0700
Subject: [PATCH 2/3] Update default dnf dockerfile to EL9

Signed-off-by: Travis Cotton <trcotton@lanl.gov>
---
 dockerfiles/dnf/Dockerfile      | 41 +--------------------------------
 dockerfiles/dnf/Dockerfile.el10 | 40 ++++++++++++++++++++++++++++++++
 dockerfiles/dnf/Dockerfile.el8  | 40 ++++++++++++++++++++++++++++++++
 3 files changed, 81 insertions(+), 40 deletions(-)
 mode change 100644 => 120000 dockerfiles/dnf/Dockerfile
 create mode 100644 dockerfiles/dnf/Dockerfile.el10
 create mode 100644 dockerfiles/dnf/Dockerfile.el8

diff --git a/dockerfiles/dnf/Dockerfile b/dockerfiles/dnf/Dockerfile
deleted file mode 100644
index fddf134..0000000
--- a/dockerfiles/dnf/Dockerfile
+++ /dev/null
@@ -1,40 +0,0 @@
-FROM docker.io/library/almalinux:8.8
-
-RUN dnf clean all && \
-    dnf update --nogpgcheck -y && \
-    dnf install -y epel-release && \
-    dnf config-manager -y --set-enabled powertools
-
-RUN dnf install -y \
-        bash \
-        buildah \
-        python3.11 \
-        python3.11-pip \
-        fuse-overlayfs \
-        tar \
-        squashfs-tools \
-	fuse-overlayfs
-
-COPY requirements.txt /
-RUN pip3.11 install -r /requirements.txt
-
-COPY src/ /usr/local/bin/
-RUN chmod -R 0755 /usr/local/bin/
-
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod 0755 /entrypoint.sh
-
-# Allow non-root to run buildah commands
-RUN setcap cap_setuid=ep "$(command -v newuidmap)" && \
-    setcap cap_setgid=ep "$(command -v newgidmap)" &&\
-    chmod 0755 "$(command -v newuidmap)" && \
-    chmod 0755 "$(command -v newgidmap)" && \
-    rpm --restore shadow-utils
-
-# Create local user for rootless image builds
-RUN useradd --uid 1000 builder && \
-    chown -R builder /home/builder
-
-ENV BUILDAH_ISOLATION=chroot
-
-ENTRYPOINT ["/entrypoint.sh"]
diff --git a/dockerfiles/dnf/Dockerfile b/dockerfiles/dnf/Dockerfile
new file mode 120000
index 0000000..72814fc
--- /dev/null
+++ b/dockerfiles/dnf/Dockerfile
@@ -0,0 +1 @@
+Dockerfile.el9
\ No newline at end of file
diff --git a/dockerfiles/dnf/Dockerfile.el10 b/dockerfiles/dnf/Dockerfile.el10
new file mode 100644
index 0000000..7420db2
--- /dev/null
+++ b/dockerfiles/dnf/Dockerfile.el10
@@ -0,0 +1,40 @@
+FROM docker.io/library/almalinux:10
+
+RUN dnf clean all && \
+    dnf update --nogpgcheck -y && \
+    dnf install -y epel-release
+
+RUN dnf install -y \
+        bash \
+        buildah \
+        python3.12 \
+        python3.12-pip \
+        fuse-overlayfs \
+        tar \
+        squashfs-tools \
+	fuse-overlayfs \
+        util-linux
+
+COPY requirements.txt /
+RUN pip3.12 install -r /requirements.txt
+
+COPY src/ /usr/local/bin/
+RUN chmod -R 0755 /usr/local/bin/
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 0755 /entrypoint.sh
+
+# Allow non-root to run buildah commands
+RUN setcap cap_setuid=ep "$(command -v newuidmap)" && \
+    setcap cap_setgid=ep "$(command -v newgidmap)" &&\
+    chmod 0755 "$(command -v newuidmap)" && \
+    chmod 0755 "$(command -v newgidmap)" && \
+    rpm --restore shadow-utils
+
+# Create local user for rootless image builds
+RUN useradd --uid 1000 builder && \
+    chown -R builder /home/builder
+
+ENV BUILDAH_ISOLATION=chroot
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/dockerfiles/dnf/Dockerfile.el8 b/dockerfiles/dnf/Dockerfile.el8
new file mode 100644
index 0000000..fddf134
--- /dev/null
+++ b/dockerfiles/dnf/Dockerfile.el8
@@ -0,0 +1,40 @@
+FROM docker.io/library/almalinux:8.8
+
+RUN dnf clean all && \
+    dnf update --nogpgcheck -y && \
+    dnf install -y epel-release && \
+    dnf config-manager -y --set-enabled powertools
+
+RUN dnf install -y \
+        bash \
+        buildah \
+        python3.11 \
+        python3.11-pip \
+        fuse-overlayfs \
+        tar \
+        squashfs-tools \
+	fuse-overlayfs
+
+COPY requirements.txt /
+RUN pip3.11 install -r /requirements.txt
+
+COPY src/ /usr/local/bin/
+RUN chmod -R 0755 /usr/local/bin/
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 0755 /entrypoint.sh
+
+# Allow non-root to run buildah commands
+RUN setcap cap_setuid=ep "$(command -v newuidmap)" && \
+    setcap cap_setgid=ep "$(command -v newgidmap)" &&\
+    chmod 0755 "$(command -v newuidmap)" && \
+    chmod 0755 "$(command -v newgidmap)" && \
+    rpm --restore shadow-utils
+
+# Create local user for rootless image builds
+RUN useradd --uid 1000 builder && \
+    chown -R builder /home/builder
+
+ENV BUILDAH_ISOLATION=chroot
+
+ENTRYPOINT ["/entrypoint.sh"]

From 163c7dcfbeb27f6641b9da1d6b2006e3d7033adf Mon Sep 17 00:00:00 2001
From: Travis Cotton <trcotton@lanl.gov>
Date: Mon, 3 Nov 2025 08:06:29 -0700
Subject: [PATCH 3/3] adding test file for the force_installroot option

Signed-off-by: Travis Cotton <trcotton@lanl.gov>
---
 tests/dnf/rocky9_force_installroot.yaml | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 tests/dnf/rocky9_force_installroot.yaml

diff --git a/tests/dnf/rocky9_force_installroot.yaml b/tests/dnf/rocky9_force_installroot.yaml
new file mode 100644
index 0000000..bd33bfc
--- /dev/null
+++ b/tests/dnf/rocky9_force_installroot.yaml
@@ -0,0 +1,27 @@
+options:
+  layer_type: 'base'
+  name: 'rocky-base'
+  publish_tags: '9.5'
+  pkg_manager: 'dnf'
+  parent: 'docker.io/rockylinux:9'
+  publish_local: true
+  force_installroot: true
+
+repos:
+  - alias: 'kubernetes'
+    url: "https://pkgs.k8s.io/core:/stable:/v1.31/rpm/"
+    gpg: "https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key"
+  - alias: 'containerd'
+    url: "https://download.docker.com/linux/centos/docker-ce.repo"
+  - alias: 'Rocky_9_BaseOS'
+    url: 'https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/'
+    gpg: 'https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9'
+  - alias: 'Rocky_9_AppStream'
+    url: 'https://dl.rockylinux.org/pub/rocky/9/AppStream/x86_64/os/'
+    gpg: 'https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9'      
+
+packages:
+  - kubelet
+  - kubeadm
+  - kubectl
+  - containerd