Force Installroot

dockerfiles/dnf/Dockerfile

@@ -0,0 +1 @@
+Dockerfile.el9

dockerfiles/dnf/Dockerfile.el10

@@ -0,0 +1,40 @@
+FROM docker.io/library/almalinux:10
+
+RUN dnf clean all && \
+    dnf update --nogpgcheck -y && \
+    dnf install -y epel-release
+
+RUN dnf install -y \
+        bash \
+        buildah \
+        python3.12 \
+        python3.12-pip \
+        fuse-overlayfs \
+        tar \
+        squashfs-tools \
+	fuse-overlayfs \
+        util-linux
+
+COPY requirements.txt /
+RUN pip3.12 install -r /requirements.txt
+
+COPY src/ /usr/local/bin/
+RUN chmod -R 0755 /usr/local/bin/
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 0755 /entrypoint.sh
+
+# Allow non-root to run buildah commands
+RUN setcap cap_setuid=ep "$(command -v newuidmap)" && \
+    setcap cap_setgid=ep "$(command -v newgidmap)" &&\
+    chmod 0755 "$(command -v newuidmap)" && \
+    chmod 0755 "$(command -v newgidmap)" && \
+    rpm --restore shadow-utils
+
+# Create local user for rootless image builds
+RUN useradd --uid 1000 builder && \
+    chown -R builder /home/builder
+
+ENV BUILDAH_ISOLATION=chroot
+
+ENTRYPOINT ["/entrypoint.sh"]

dockerfiles/dnf/Dockerfile.el8

@@ -0,0 +1,40 @@
+FROM docker.io/library/almalinux:8.8
+
+RUN dnf clean all && \
+    dnf update --nogpgcheck -y && \
+    dnf install -y epel-release && \
+    dnf config-manager -y --set-enabled powertools
+
+RUN dnf install -y \
+        bash \
+        buildah \
+        python3.11 \
+        python3.11-pip \
+        fuse-overlayfs \
+        tar \
+        squashfs-tools \
+	fuse-overlayfs
+
+COPY requirements.txt /
+RUN pip3.11 install -r /requirements.txt
+
+COPY src/ /usr/local/bin/
+RUN chmod -R 0755 /usr/local/bin/
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 0755 /entrypoint.sh
+
+# Allow non-root to run buildah commands
+RUN setcap cap_setuid=ep "$(command -v newuidmap)" && \
+    setcap cap_setgid=ep "$(command -v newgidmap)" &&\
+    chmod 0755 "$(command -v newuidmap)" && \
+    chmod 0755 "$(command -v newgidmap)" && \
+    rpm --restore shadow-utils
+
+# Create local user for rootless image builds
+RUN useradd --uid 1000 builder && \
+    chown -R builder /home/builder
+
+ENV BUILDAH_ISOLATION=chroot
+
+ENTRYPOINT ["/entrypoint.sh"]

src/arguments.py

@@ -43,6 +43,7 @@ def process_args(terminal_args, config_options):
                        4 (-vvvv):   Enables connection debugging, providing a deep dive into network communication."""
             )
     processed_args['parent'] = terminal_args.parent or config_options.get('parent', 'scratch')
+    processed_args['force_installroot'] = terminal_args.force_installroot or config_options.get('force_installroot', False)
     processed_args['proxy'] = terminal_args.proxy or config_options.get('proxy', '')
 
     processed_args['name'] = terminal_args.name or config_options.get('name', 'base')

src/image-build

@@ -22,6 +22,7 @@ def main():
     parser.add_argument('--log-level', dest="log_level", default=DEFAULT_LOGGING, required=False)
     parser.add_argument('--name', type=str)
     parser.add_argument('--parent', type=str)
+    parser.add_argument('--force-installroot', dest="force_installroot", type=bool, required=False)
     parser.add_argument('--proxy', dest="proxy", type=str, required=False)
     parser.add_argument('--publish-s3', dest="publish_s3", type=str, required=False)
     parser.add_argument('--publish-registry', dest="publish_registry", type=str, required=False)

src/layer.py

@@ -21,6 +21,7 @@ def _build_base(self, repos, modules, packages, package_groups, remove_packages,
         # Set local variables
         dt_string = datetime.now().strftime("%Y%m%d%H%M%S")
         parent = self.args['parent']
+        force_installroot = self.args['force_installroot']
         container = self.args['name']
         registry_opts_pull = self.args['registry_opts_pull']
         package_manager = self.args['pkg_man']
@@ -43,7 +44,7 @@ def buildah_handler(line):
         cname = out[0]
 
         # Only mount when doing a scratch install
-        if parent == "scratch":
+        if parent == "scratch" or force_installroot == True:
             out = []
             cmd(["buildah", "mount"] + [cname], stdout_handler = buildah_handler)
             mname = out[0]
@@ -103,7 +104,7 @@ def buildah_handler(line):
 
         # Install Repos
         try:
-            if parent == "scratch":
+            if parent == "scratch" or force_installroot == True:
                 inst.install_scratch_repos(repos, repo_dest, proxy)
             else:
                 inst.install_repos(repos, proxy)
@@ -118,7 +119,7 @@ def buildah_handler(line):
 
         # Install Packages
         try:
-            if parent == "scratch":
+            if parent == "scratch" or force_installroot == True:
                 # Enable modules
                 inst.install_scratch_modules(modules, repo_dest, self.args['proxy'])
                 # Base Package Groups

tests/dnf/rocky9_force_installroot.yaml

@@ -0,0 +1,27 @@
+options:
+  layer_type: 'base'
+  name: 'rocky-base'
+  publish_tags: '9.5'
+  pkg_manager: 'dnf'
+  parent: 'docker.io/rockylinux:9'
+  publish_local: true
+  force_installroot: true
+
+repos:
+  - alias: 'kubernetes'
+    url: "https://pkgs.k8s.io/core:/stable:/v1.31/rpm/"
+    gpg: "https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key"
+  - alias: 'containerd'
+    url: "https://download.docker.com/linux/centos/docker-ce.repo"
+  - alias: 'Rocky_9_BaseOS'
+    url: 'https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/'
+    gpg: 'https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9'
+  - alias: 'Rocky_9_AppStream'
+    url: 'https://dl.rockylinux.org/pub/rocky/9/AppStream/x86_64/os/'
+    gpg: 'https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9'      
+
+packages:
+  - kubelet
+  - kubeadm
+  - kubectl
+  - containerd