unixPB: Add UBI10 static dockerfile (#4044)

sxa · web-flow · commit 4305d967338c · 2025-09-01T13:55:49.000+01:00
* unixPB: Add UBI10 static dockerfile

Signed-off-by: Stewart X Addison &lt;sxa@redhat.com&gt;

---------

Signed-off-by: Stewart X Addison &lt;sxa@redhat.com&gt;
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.ubi10 b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.ubi10
@@ -0,0 +1,68 @@
+FROM redhat/ubi10
+
+ARG ant_version="1.10.15"
+ARG ant_512checksum="1de7facbc9874fa4e5a2f045d5c659f64e0b89318c1dbc8acc6aae4595c4ffaf90a7b1ffb57f958dd08d6e086d3fff07aa90e50c77342a0aa5c9b4c36bff03a9"
+
+# Install Base Requirements
+RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
+RUN dnf -y update && dnf install -y unzip zip epel-release openssl gpg
+# Install Additional Repos
+RUN curl -o /tmp/gpgkey.rpm 'https://mirror.stream.centos.org/10-stream/BaseOS/x86_64/os/Packages/centos-gpg-keys-10.0-8.el10.noarch.rpm'
+ARG EXPECTED_CHECKSUM=8ccfb83b742adad37de4e5e7f323510a760586263d4ebb0a8ed5fca393c7a9d4
+RUN ACTUAL_CHECKSUM=$(sha256sum /tmp/gpgkey.rpm | awk '{print $1}') \
+    && if [ "$ACTUAL_CHECKSUM" != "$EXPECTED_CHECKSUM" ]; then \
+           echo "Checksum mismatch! Aborting installation."; \
+           exit 1; \
+       fi
+RUN rpm -i '/tmp/gpgkey.rpm'
+RUN curl -o /tmp/centosrepos.rpm 'https://mirror.stream.centos.org/10-stream/BaseOS/x86_64/os/Packages/centos-stream-repos-10.0-8.el10.noarch.rpm' 
+ARG REPO_CHECKSUM=388bf4085af2b250c9f93ee049b3d031442cf36ee67adbf65edcbcec0caf881a
+RUN ACTUAL_CHECKSUM=$(sha256sum /tmp/centosrepos.rpm | awk '{print $1}') \
+    && if [ "$ACTUAL_CHECKSUM" != "$REPO_CHECKSUM" ]; then \
+           echo "Checksum mismatch! Aborting installation."; \
+           exit 1; \
+       fi
+RUN rpm -i '/tmp/centosrepos.rpm'
+# Get latest jdk21 ga JRE
+RUN curl -sL -o /tmp/jdk21.sig `curl -s 'https://api.adoptium.net/v3/assets/feature_releases/21/ga?architecture=x64&heap_size=normal&image_type=jre&jvm_impl=hotspot&os=linux&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}'`
+RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B
+# Without this, building an EL10 container on podman will fail when it gets to the verify stage
+RUN rm -vf ~/.gnupg/public-keys.d/pubring.db.lock
+RUN mkdir -p /usr/lib/jvm/jdk21
+RUN curl -sL 'https://api.adoptium.net/v3/binary/latest/21/ga/linux/x64/jre/hotspot/normal/eclipse?project=jdk' | tee >(tar xpfz - -C /usr/lib/jvm/jdk21 --strip-components=1) | gpg --verify /tmp/jdk21.sig -
+# Install ant
+RUN curl -o /tmp/ant.zip 'https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.15-bin.zip' && \
+    curl -Lo /tmp/ant-contrib.tgz  https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz && \
+    echo "$ant_512checksum  /tmp/ant.zip" > /tmp/ant.sha512 && \
+    echo "0fd2771dca2b8b014a4cb3246715b32e20ad5d26754186d82eee781507a183d5e63064890b95eb27c091c93c1209528a0b18a6d7e6901899319492a7610e74ad  /tmp/ant-contrib.tgz" >> /tmp/ant.sha512 && \
+    sha512sum --check --strict /tmp/ant.sha512 && \
+    unzip -q -d /usr/local /tmp/ant.zip && \
+    tar xpfz /tmp/ant-contrib.tgz -C /usr/local/apache-ant-$ant_version/lib --strip-components=2 ant-contrib/lib/ant-contrib.jar && \
+    ln -s /usr/local/apache-ant-$ant_version/bin/ant /usr/bin/ant
+# Housekeep Downloaded Archives
+RUN rm /tmp/ant.zip /tmp/ant-contrib.tgz /tmp/gpgkey.rpm
+
+# Set up jenkins user
+RUN useradd -m -d /home/jenkins jenkins && \
+    mkdir /home/jenkins/.ssh && \
+    mkdir /home/jenkins/.xdg-runtime && \
+    echo "Jenkins_User_SSHKey" > /home/jenkins/.ssh/authorized_keys && \
+    chown -R jenkins /home/jenkins/.ssh /home/jenkins/.xdg-runtime && \
+    chmod -R og-rwx  /home/jenkins/.ssh /home/jenkins/.xdg-runtime
+# Required for weston
+RUN su jenkins -c "mkdir -m 0755 /tmp/.X11-unix"
+
+RUN dnf install -y perl
+# turbojpeg needed as prereq for weston but it's not the UBI CRB repo so pull from CS10 one
+RUN dnf install -y --enablerepo=crb turbojpeg
+RUN dnf install -y git make gcc weston xwayland-run libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
+RUN dnf install -y coreutils --allowerasing curl
+# Install SSL Test packages
+RUN dnf install -y gnutls gnutls-utils nss nss-tools
+RUN dnf install -y openssh-server
+RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -P ""
+# RUN service ssh start
+CMD ["/usr/sbin/sshd","-D"]
+# ENTRYPOINT /bin/bash
+EXPOSE 22
+# Start with docker run -p 2222:22 UUID
