Add "AlmaLinux Kitten release 10" and "AlmaLinux release 10.0" suppor…

…t with x86_64_v2 (amd64/v2) (AlmaLinux#19) * Add "AlmaLinux Kitten release 10" and "AlmaLinux release 10.0" support * Add "AlmaLinux release 10" support AlmaLinux#1
charles8191 · Sep 19, 2024 · 7e3ac35 · 7e3ac35
1 parent db6d9be
commit 7e3ac35
Show file tree

Hide file tree

Showing 11 changed files with 813 additions and 12 deletions.
diff --git a/.github/workflows/build-test-push.yml b/.github/workflows/build-test-push.yml
@@ -17,6 +17,7 @@ on:
           default: '9'
           type: choice
           options:
+            - "10-kitten"
             - 9
             - 8
 
@@ -55,12 +56,13 @@ env:
   version_latest: 9
 
   # Platforms list: linux/amd64, linux/ppc64le, linux/s390x, linux/arm64
-  platforms: 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64'
+  platforms: ${{ contains(inputs.version_major, '10') && 'linux/amd64/v2, linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' || 'linux/amd64, linux/ppc64le, linux/s390x, linux/arm64' }}
 
   # Registries list:
   # for production: docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux
   # for testing: quay.io/almalinuxautobot
-  registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }}
+  # registries: ${{ inputs.production && 'docker.io/almalinux, quay.io/almalinuxorg, ghcr.io/almalinux' || 'quay.io/almalinuxautobot' }}
+  registries: ${{ inputs.production && 'docker.io/ykohut, quay.io/ykohut, ghcr.io/yuravk' || 'quay.io/ykohut' }}
 
 jobs:
   build-test-push:
@@ -81,11 +83,13 @@ jobs:
         run: |
           case ${{ inputs.version_major }} in
             8)
-              version_minor="10" ;;
+              version_minor=".10" ;;
             9)
-              version_minor="4"  ;;
+              version_minor=".4"  ;;
             10)
-              version_minor="0" ;;
+              version_minor=".0" ;;
+            10-kitten)
+              version_minor= ;;
             *)
               echo "Almalinux ${{ inputs.version_major }} is not supported!" && false
           esac
@@ -202,8 +206,8 @@ jobs:
           tags: |
             type=raw,value=latest,enable=${{ matrix.image_types != 'default' || ( matrix.image_types == 'default' && inputs.version_major == env.version_latest ) }}
             type=raw,value=${{ inputs.version_major }},enable=true
-            type=raw,value=${{ inputs.version_major }}.${{ env.version_minor }},enable=true
-            type=raw,value=${{ inputs.version_major }}.${{ env.version_minor }}-${{ env.date_stamp }},enable=true
+            type=raw,value=${{ inputs.version_major }}${{ env.version_minor }},enable=true
+            type=raw,value=${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }},enable=true
 
       -
         name: Build images
@@ -257,6 +261,8 @@ jobs:
           name=almalinux-${{ inputs.version_major }}-${{ matrix.image_types }}
           pwd=$( pwd )
           path=${pwd}/${name}
+          almalinux_release='almalinux-release'
+          [ "${{ inputs.version_major }}" = "10-kitten" ] && almalinux_release='almalinux-kitten-release'
 
           # The "tar file" for 'docker save' to write to
           tar_name=${pwd}/${name}.tar
@@ -288,14 +294,16 @@ jobs:
               docker build -t rootfs .
 
               # Run the image and query almalinux-release package's architecture
-              arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} almalinux-release" )
+              arch=$( docker run --rm rootfs /bin/bash -c "rpm -q --qf=%{ARCH} ${almalinux_release}" )
 
               # Map found architecture to the corresponding platform
               platform=
               docker rmi rootfs
               case ${arch} in
                 x86_64)
                   platform=amd64;;
+                x86_64_v2)
+                  platform=amd64_v2;;
                 ppc64le)
                   platform=ppc64le;;
                 s390x)
@@ -333,15 +341,18 @@ jobs:
           platforms="${{ env.platforms }}"
           for platform in ${platforms//,/ }; do
             arch=${platform#linux/}
+            arch=${arch/\//_}
             dockerfile=${{ inputs.version_major }}/${{ matrix.image_types }}/${arch}/Dockerfile
 
             case ${{ matrix.image_types }} in
               default)
-                tags="${{ inputs.version_major }}, ${{ inputs.version_major }}.${{ env.version_minor }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ env.date_stamp }}"
-                [ "${{ inputs.version_major }}" = "9" ] && tags="latest, ${tags}" ;;
+                tags="${{ inputs.version_major }}${{ env.version_minor }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ env.date_stamp }}"
+                [ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}, ${tags}"
+                [ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="latest, ${tags}" ;;
               minimal)
-                tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}.${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}"
-                [ "${{ inputs.version_major }}" = "9" ] && tags="minimal, ${tags}" ;;
+                tags="${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}, ${{ inputs.version_major }}${{ env.version_minor }}-${{ matrix.image_types }}-${{ env.date_stamp }}"
+                [ "${{ inputs.version_major }}" != "10-kitten" ] && tags="${{ inputs.version_major }}-${{ matrix.image_types }}, ${tags}"
+                [ "${{ inputs.version_major }}" = "${{ env.version_latest }}" ] && tags="minimal, ${tags}" ;;
               *)
             esac
 

diff --git a/Containerfiles/10-kitten/Containerfile.base b/Containerfiles/10-kitten/Containerfile.base
@@ -0,0 +1,91 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir -p /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root --releasever 10 --setopt install_weak_deps=false --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    gdb-gdbserver \
+    glibc-minimal-langpack \
+    gzip \
+    libcurl-minimal \
+    libusbx \
+    rootfiles \
+    systemd \
+    tar \
+    usermode \
+    vim-minimal \
+    virt-what \
+    yum \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/*  /mnt/sys-root/run/blkid ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS  /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+FROM scratch AS stage2
+
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
diff --git a/Containerfiles/10-kitten/Containerfile.default b/Containerfiles/10-kitten/Containerfile.default
@@ -0,0 +1,95 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    binutils \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    hostname \
+    iputils \
+    glibc-minimal-langpack \
+    krb5-libs \
+    less \
+    libcurl-minimal \
+    rootfiles \
+    systemd \
+    tar \
+    vim-minimal \
+    yum \
+    xz \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support   /mnt/sys-root/var/lib/dnf/history*
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ; \
+    rm -rf /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos /mnt/sys-root/boot /mnt/sys-root/dev/null ; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/var/log/*  ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_US@piglati* /mnt/sys-root/run/blkid /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    rm -f /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+# Almalinux default build
+FROM scratch AS stage2
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+CMD ["/bin/bash"]
diff --git a/Containerfiles/10-kitten/Containerfile.init b/Containerfiles/10-kitten/Containerfile.init
@@ -0,0 +1,103 @@
+ARG SYSBASE=quay.io/ykohut/almalinux:10-kitten
+FROM ${SYSBASE} AS system-build
+
+RUN mkdir /mnt/sys-root; \
+    dnf install -y \
+#    --nogpgcheck --repoid=AppStream --repoid=BaseOS \
+#    --repofrompath='BaseOS,https://repo.almalinux.org/almalinux/10/BaseOS/$basearch/os/' \
+#    --repofrompath='AppStream,https://repo.almalinux.org/almalinux/10/AppStream/$basearch/os/' \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    almalinux-release \
+    bash \
+    coreutils-single \
+    crypto-policies-scripts \
+    curl-minimal \
+    findutils \
+    gdb-gdbserver \
+    glibc-minimal-langpack \
+    gzip \
+    libcurl-minimal \
+    libusbx \
+    procps-ng \
+    rootfiles \
+    systemd \
+    tar \
+    usermode \
+    vim-minimal \
+    virt-what \
+    yum \
+    ; \
+    echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf ;\
+    dnf reinstall -y \
+    --installroot /mnt/sys-root \
+    --releasever 10 \
+    --setopt install_weak_deps=false \
+    --nodocs \
+    krb5-libs ; \
+    dnf --installroot /mnt/sys-root clean all;
+# Additional hacks for kickstart file and backward compatable support
+RUN rm -rf /mnt/sys-root/var/log/dnf* /mnt/sys-root/var/log/yum.* /mnt/sys-root/var/cache/dnf/* /mnt/sys-root/var/lib/dnf/repos; \
+    rm -rf /mnt/sys-root/var/log/hawkey.log /mnt/sys-root/boot /mnt/sys-root/dev/null /mnt/sys-root/var/log/*  /mnt/sys-root/run/blkid ; \
+    mkdir -p /mnt/sys-root/run/lock; \
+    # generate build time file for compatibility with CentOS  /mnt/sys-root/run/* /mnt/sys-root/var/lib/dnf/history*
+    /bin/date +%Y%m%d_%H%M > /mnt/sys-root/etc/BUILDTIME; \
+    echo '%_install_langs C.utf8' > /mnt/sys-root/etc/rpm/macros.image-language-conf; \
+    echo 'LANG="C.utf8"' >  /mnt/sys-root/etc/locale.conf; \
+    echo 'container' > /mnt/sys-root/etc/dnf/vars/infra; \
+    touch /mnt/sys-root/etc/.pwd.lock; \
+    chmod 600 /mnt/sys-root/etc/.pwd.lock; \
+    touch /mnt/sys-root/run/utmp ;\
+    chmod 664 /mnt/sys-root/run/utmp ;\
+    echo '0.0 0 0.0' > /mnt/sys-root/etc/adjtime; \
+    echo '0' >> /mnt/sys-root/etc/adjtime; \
+    echo 'UTC' >> /mnt/sys-root/etc/adjtime; \
+    echo '# This file has been generated by the Anaconda Installer.' > /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/sys-root/etc/sysconfig/sshd-permitrootlogin ;\
+    echo 'KEYMAP="us"' > /mnt/sys-root/etc/vconsole.conf; \
+    echo 'FONT="eurlatgr"' >> /mnt/sys-root/etc/vconsole.conf; \
+    rm -rf /mnt/sys-root/usr/share/locale/en_CA/ /mnt/sys-root/usr/share/locale/en_GB/ /mnt/sys-root/usr/share/locale/en@* /mnt/sys-root/usr/share/locale/en  /mnt/sys-root/usr/share/locale/en*@* /mnt/sys-root/usr/share/i18n/charmaps /mnt/sys-root/usr/share/i18n/locales ;\
+    rm -f /mnt/sys-root/etc/machine-id /mnt/sys-root/var/cache/dnf/.gpgkeyschecked.yum ; \
+    touch /mnt/sys-root/etc/machine-id; \
+    touch /mnt/sys-root/etc/resolv.conf; \
+    touch /mnt/sys-root/etc/hostname
+# AL9 specific hacks
+RUN mkdir -p /mnt/sys-root/var/cache/private /mnt/sys-root/var/lib/private /mnt/sys-root/var/lib/systemd/coredump /mnt/sys-root/var/lib/tpm2-tss/system/keystore ;\
+    mkdir -p /mnt/sys-root/run/cryptsetup /mnt/sys-root/run/lock/subsys /mnt/sys-root/run/log /mnt/sys-root/run/user /mnt/sys-root/run/tpm2-tss/eventlog ;\
+    mkdir -p /mnt/sys-root/run/systemd/ask-password /mnt/sys-root/run/systemd/machines /mnt/sys-root/run/systemd/seats /mnt/sys-root/run/systemd/sessions /mnt/sys-root/run/systemd/shutdown /mnt/sys-root/run/systemd/users ;\
+    chmod 700 /mnt/sys-root/var/cache/private ; \
+    chmod 700 /mnt/sys-root/var/lib/private ; \
+    chmod 700 /mnt/sys-root/run/cryptsetup ; \
+    groupadd -R '/mnt/sys-root/' -r -p '!*' -g 996 sgx && groupadd -R '/mnt/sys-root/' -r -p '!*' -g 995 systemd-oom ; \
+    useradd -R '/mnt/sys-root/' -r -c 'systemd Userspace OOM Killer' -g 995 -u 995 -s '/usr/sbin/nologin' -M -d '/' systemd-oom ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/group- ; \
+    sed -i "/sgx/d" /mnt/sys-root/etc/gshadow- ; \
+    cd /mnt/sys-root/etc ; \
+    ln -s ../usr/share/zoneinfo/UTC localtime ;
+
+FROM scratch AS stage2
+
+COPY --from=system-build /mnt/sys-root/ /
+
+RUN systemctl set-default multi-user.target; \
+    systemctl mask systemd-remount-fs.service \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount \
+    systemd-logind.service \
+    getty.target \
+    console-getty.service \
+    systemd-udev-trigger.service \
+    systemd-udevd.service \
+    systemd-random-seed.service \
+    systemd-machine-id-commit.service
+
+FROM scratch
+COPY --from=stage2 / /
+
+ENV LANG=C.utf8
+
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]