From b4697ea7096e0acff879e85d77ea5b24ac3e0174 Mon Sep 17 00:00:00 2001
From: Ryan Thomson <ryan.thomson@ubc.ca>
Date: Fri, 5 May 2023 14:29:30 -0700
Subject: [PATCH 1/3] Added rockylinux-9 container builds pinned to the 9.0 and
 9.1 releases

---
 .github/workflows/container-publish.yml      |  8 +++
 rockylinux-9/Containerfile-9.0               | 59 ++++++++++++++++++++
 rockylinux-9/Containerfile-9.1               | 55 ++++++++++++++++++
 rockylinux-9/Rocky-Static-9.1-AppStream.repo |  7 +++
 rockylinux-9/Rocky-Static-9.1-BaseOS.repo    |  7 +++
 rockylinux-9/Rocky-Static-9.1-CBR.repo       |  7 +++
 rockylinux-9/Rocky-Static-9.1-Extras.repo    |  7 +++
 rockylinux-9/Rocky-Vault-9.0-AppStream.repo  |  7 +++
 rockylinux-9/Rocky-Vault-9.0-BaseOS.repo     |  7 +++
 rockylinux-9/Rocky-Vault-9.0-CBR.repo        |  7 +++
 rockylinux-9/Rocky-Vault-9.0-Extras.repo     |  7 +++
 11 files changed, 178 insertions(+)
 create mode 100644 rockylinux-9/Containerfile-9.0
 create mode 100644 rockylinux-9/Containerfile-9.1
 create mode 100644 rockylinux-9/Rocky-Static-9.1-AppStream.repo
 create mode 100644 rockylinux-9/Rocky-Static-9.1-BaseOS.repo
 create mode 100644 rockylinux-9/Rocky-Static-9.1-CBR.repo
 create mode 100644 rockylinux-9/Rocky-Static-9.1-Extras.repo
 create mode 100644 rockylinux-9/Rocky-Vault-9.0-AppStream.repo
 create mode 100644 rockylinux-9/Rocky-Vault-9.0-BaseOS.repo
 create mode 100644 rockylinux-9/Rocky-Vault-9.0-CBR.repo
 create mode 100644 rockylinux-9/Rocky-Vault-9.0-Extras.repo

diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml
index 138b3b5..b07435b 100644
--- a/.github/workflows/container-publish.yml
+++ b/.github/workflows/container-publish.yml
@@ -46,6 +46,14 @@ jobs:
             version: 9
             context: rockylinux-9
             file: rockylinux-9/Containerfile
+          - os: rockylinux
+            version: 9.0
+            context: rockylinux-9
+            file: rockylinux-9/Containerfile-9.0
+          - os: rockylinux
+            version: 9.1
+            context: rockylinux-9
+            file: rockylinux-9/Containerfile-9.1
           - os: leap
             version: 15
             context: leap
diff --git a/rockylinux-9/Containerfile-9.0 b/rockylinux-9/Containerfile-9.0
new file mode 100644
index 0000000..55d1bf8
--- /dev/null
+++ b/rockylinux-9/Containerfile-9.0
@@ -0,0 +1,59 @@
+FROM rockylinux:9
+
+COPY Rocky-Vault-9.0-*.repo /etc/yum.repos.d
+
+RUN dnf update -y --disablerepo "*" --enablerepo *-vault-9.0 \
+    && dnf install -y --disablerepo "*" --enablerepo *-vault-9.0 --allowerasing \
+      coreutils \
+      cpio \
+      dhclient \
+      e2fsprogs \
+      ethtool \
+      findutils \
+      initscripts \
+      ipmitool \
+      iproute \
+      kernel-core \
+      kernel-modules \
+      ncurses \
+      net-tools \
+      NetworkManager \
+      nfs-utils \
+      openssh-clients \
+      openssh-server \
+      pciutils \
+      policycoreutils-python-utils \
+      psmisc \
+      rsync \
+      rsyslog \
+      strace \
+      selinux-policy-targeted \
+      wget \
+      which \
+      words \
+      rdma-core \
+    && dnf clean all
+
+RUN touch /etc/sysconfig/disable-deprecation-warnings
+
+# For SELinux enabled nodes:
+#   The wwclient service fails to start on boot if appropriate SELinux file
+#   context label is not set for /warewulf/wwclient.
+#   Permanently assign bin_t fcontent label for wwclient binary that is
+#   deployed by wwinit overlay because warewulf runs `restorecon -R /` on node
+#   boot, clobbering any existing labels set in the overlay itself.
+#
+#   WARNING: THE FOLLOWING RETURNS AN ERROR WITH libsemanage VERSIONS IN EL9
+#            PRIOR TO 3.3.3 SO WE FORCE A CLEAN EXIT CODE
+#            See: https://github.com/SELinuxProject/selinux/issues/343
+#
+RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient || true
+
+COPY excludes /etc/warewulf/
+COPY container_exit.sh /etc/warewulf/
+
+CMD [ "/bin/echo", "-e", \
+      "This image is intended to be used with the Warewulf cluster management and", \
+      "\nprovisioning system.", \
+      "\n", \
+      "\nFor more information about Warewulf, visit https://warewulf.org" ]
diff --git a/rockylinux-9/Containerfile-9.1 b/rockylinux-9/Containerfile-9.1
new file mode 100644
index 0000000..8637831
--- /dev/null
+++ b/rockylinux-9/Containerfile-9.1
@@ -0,0 +1,55 @@
+FROM rockylinux:9
+
+COPY Rocky-Static-9.1-*.repo /etc/yum.repos.d
+
+RUN dnf update -y --disablerepo "*" --enablerepo *-static-9.1 \
+    && dnf install -y --disablerepo "*" --enablerepo *-static-9.1 --allowerasing \
+      coreutils \
+      cpio \
+      dhclient \
+      e2fsprogs \
+      ethtool \
+      findutils \
+      initscripts \
+      ipmitool \
+      iproute \
+      kernel-core \
+      kernel-modules \
+      ncurses \
+      net-tools \
+      NetworkManager \
+      nfs-utils \
+      openssh-clients \
+      openssh-server \
+      pciutils \
+      policycoreutils-python-utils \
+      psmisc \
+      rsync \
+      rsyslog \
+      strace \
+      selinux-policy-targeted \
+      wget \
+      which \
+      words \
+      rdma-core \
+    && dnf clean all
+
+RUN touch /etc/sysconfig/disable-deprecation-warnings
+
+# For SELinux enabled nodes:
+#   The wwclient service fails to start on boot if appropriate SELinux file
+#   context label is not set for /warewulf/wwclient.
+#   Permanently assign bin_t fcontent label for wwclient binary that is
+#   deployed by wwinit overlay because warewulf runs `restorecon -R /` on node
+#   boot, clobbering any existing labels set in the overlay itself.
+#
+RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient
+
+COPY excludes /etc/warewulf/
+COPY container_exit.sh /etc/warewulf/
+
+CMD [ "/bin/echo", "-e", \
+      "This image is intended to be used with the Warewulf cluster management and", \
+      "\nprovisioning system.", \
+      "\n", \
+      "\nFor more information about Warewulf, visit https://warewulf.org" ]
diff --git a/rockylinux-9/Rocky-Static-9.1-AppStream.repo b/rockylinux-9/Rocky-Static-9.1-AppStream.repo
new file mode 100644
index 0000000..39150bd
--- /dev/null
+++ b/rockylinux-9/Rocky-Static-9.1-AppStream.repo
@@ -0,0 +1,7 @@
+[appstream-static-9.1]
+name=Rocky Linux 9.1 - AppStream
+baseurl=http://dl.rockylinux.org/pub/rocky/9.1/AppStream/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Static-9.1-BaseOS.repo b/rockylinux-9/Rocky-Static-9.1-BaseOS.repo
new file mode 100644
index 0000000..95b0083
--- /dev/null
+++ b/rockylinux-9/Rocky-Static-9.1-BaseOS.repo
@@ -0,0 +1,7 @@
+[baseos-static-9.1]
+name=Rocky Linux 9.1 - BaseOS
+baseurl=http://dl.rockylinux.org/pub/rocky/9.1/BaseOS/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Static-9.1-CBR.repo b/rockylinux-9/Rocky-Static-9.1-CBR.repo
new file mode 100644
index 0000000..95b0083
--- /dev/null
+++ b/rockylinux-9/Rocky-Static-9.1-CBR.repo
@@ -0,0 +1,7 @@
+[baseos-static-9.1]
+name=Rocky Linux 9.1 - BaseOS
+baseurl=http://dl.rockylinux.org/pub/rocky/9.1/BaseOS/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Static-9.1-Extras.repo b/rockylinux-9/Rocky-Static-9.1-Extras.repo
new file mode 100644
index 0000000..cc440e7
--- /dev/null
+++ b/rockylinux-9/Rocky-Static-9.1-Extras.repo
@@ -0,0 +1,7 @@
+[extras-static-9.1]
+name=Rocky Linux 9.1 - Extras
+baseurl=http://dl.rockylinux.org/pub/rocky/9.1/extras/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Vault-9.0-AppStream.repo b/rockylinux-9/Rocky-Vault-9.0-AppStream.repo
new file mode 100644
index 0000000..c522e11
--- /dev/null
+++ b/rockylinux-9/Rocky-Vault-9.0-AppStream.repo
@@ -0,0 +1,7 @@
+[appstream-vault-9.0]
+name=Rocky Linux 9.0 - AppStream
+baseurl=http://dl.rockylinux.org/vault/rocky/9.0/AppStream/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Vault-9.0-BaseOS.repo b/rockylinux-9/Rocky-Vault-9.0-BaseOS.repo
new file mode 100644
index 0000000..605c42c
--- /dev/null
+++ b/rockylinux-9/Rocky-Vault-9.0-BaseOS.repo
@@ -0,0 +1,7 @@
+[baseos-vault-9.0]
+name=Rocky Linux 9.0 - BaseOS
+baseurl=http://dl.rockylinux.org/vault/rocky/9.0/BaseOS/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Vault-9.0-CBR.repo b/rockylinux-9/Rocky-Vault-9.0-CBR.repo
new file mode 100644
index 0000000..6819067
--- /dev/null
+++ b/rockylinux-9/Rocky-Vault-9.0-CBR.repo
@@ -0,0 +1,7 @@
+[crb-vault-9.0]
+name=Rocky Linux 9.0 - CRB
+baseurl=http://dl.rockylinux.org/vault/rocky/9.0/CRB/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
diff --git a/rockylinux-9/Rocky-Vault-9.0-Extras.repo b/rockylinux-9/Rocky-Vault-9.0-Extras.repo
new file mode 100644
index 0000000..d9f1966
--- /dev/null
+++ b/rockylinux-9/Rocky-Vault-9.0-Extras.repo
@@ -0,0 +1,7 @@
+[extras-vault-9.0]
+name=Rocky Linux 9.0 - Extras
+baseurl=http://dl.rockylinux.org/vault/rocky/9.0/extras/$basearch/os/
+gpgcheck=1
+enabled=0
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

From 44727a8e673580eb3246a766eb69c1cca9b7609c Mon Sep 17 00:00:00 2001
From: Jonathon Anderson <janderson@ciq.com>
Date: Tue, 27 Jun 2023 02:25:57 -0600
Subject: [PATCH 2/3] Update rockylinux-9 sources

- Use docker.io explicitly
- Use 9.0, 9.1 as appropriate

Signed-off-by: Jonathon Anderson <janderson@ciq.com>
---
 rockylinux-9/Containerfile     | 2 +-
 rockylinux-9/Containerfile-9.0 | 2 +-
 rockylinux-9/Containerfile-9.1 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rockylinux-9/Containerfile b/rockylinux-9/Containerfile
index 70bf3c5..f4a5980 100644
--- a/rockylinux-9/Containerfile
+++ b/rockylinux-9/Containerfile
@@ -1,4 +1,4 @@
-FROM rockylinux:9
+FROM docker.io/library/rockylinux:9
 
 RUN dnf update -y \
     && dnf install -y --allowerasing \
diff --git a/rockylinux-9/Containerfile-9.0 b/rockylinux-9/Containerfile-9.0
index 55d1bf8..587ff33 100644
--- a/rockylinux-9/Containerfile-9.0
+++ b/rockylinux-9/Containerfile-9.0
@@ -1,4 +1,4 @@
-FROM rockylinux:9
+FROM docker.io/library/rockylinux:9.0
 
 COPY Rocky-Vault-9.0-*.repo /etc/yum.repos.d
 
diff --git a/rockylinux-9/Containerfile-9.1 b/rockylinux-9/Containerfile-9.1
index 8637831..f04c8e6 100644
--- a/rockylinux-9/Containerfile-9.1
+++ b/rockylinux-9/Containerfile-9.1
@@ -1,4 +1,4 @@
-FROM rockylinux:9
+FROM docker.io/library/rockylinux:9.1
 
 COPY Rocky-Static-9.1-*.repo /etc/yum.repos.d
 

From 159f8e6478d3f02e80e800b10ac0b2828d33baeb Mon Sep 17 00:00:00 2001
From: Jonathon Anderson <janderson@ciq.com>
Date: Tue, 27 Jun 2023 02:44:10 -0600
Subject: [PATCH 3/3] Update rockylinux-9 9.1 to use vault

Signed-off-by: Jonathon Anderson <janderson@ciq.com>
---
 rockylinux-9/Rocky-Static-9.1-AppStream.repo | 2 +-
 rockylinux-9/Rocky-Static-9.1-BaseOS.repo    | 2 +-
 rockylinux-9/Rocky-Static-9.1-CBR.repo       | 2 +-
 rockylinux-9/Rocky-Static-9.1-Extras.repo    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rockylinux-9/Rocky-Static-9.1-AppStream.repo b/rockylinux-9/Rocky-Static-9.1-AppStream.repo
index 39150bd..d9d7f2d 100644
--- a/rockylinux-9/Rocky-Static-9.1-AppStream.repo
+++ b/rockylinux-9/Rocky-Static-9.1-AppStream.repo
@@ -1,6 +1,6 @@
 [appstream-static-9.1]
 name=Rocky Linux 9.1 - AppStream
-baseurl=http://dl.rockylinux.org/pub/rocky/9.1/AppStream/$basearch/os/
+baseurl=http://dl.rockylinux.org/vault/rocky/9.1/AppStream/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1
diff --git a/rockylinux-9/Rocky-Static-9.1-BaseOS.repo b/rockylinux-9/Rocky-Static-9.1-BaseOS.repo
index 95b0083..2b49020 100644
--- a/rockylinux-9/Rocky-Static-9.1-BaseOS.repo
+++ b/rockylinux-9/Rocky-Static-9.1-BaseOS.repo
@@ -1,6 +1,6 @@
 [baseos-static-9.1]
 name=Rocky Linux 9.1 - BaseOS
-baseurl=http://dl.rockylinux.org/pub/rocky/9.1/BaseOS/$basearch/os/
+baseurl=http://dl.rockylinux.org/vault/rocky/9.1/BaseOS/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1
diff --git a/rockylinux-9/Rocky-Static-9.1-CBR.repo b/rockylinux-9/Rocky-Static-9.1-CBR.repo
index 95b0083..2b49020 100644
--- a/rockylinux-9/Rocky-Static-9.1-CBR.repo
+++ b/rockylinux-9/Rocky-Static-9.1-CBR.repo
@@ -1,6 +1,6 @@
 [baseos-static-9.1]
 name=Rocky Linux 9.1 - BaseOS
-baseurl=http://dl.rockylinux.org/pub/rocky/9.1/BaseOS/$basearch/os/
+baseurl=http://dl.rockylinux.org/vault/rocky/9.1/BaseOS/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1
diff --git a/rockylinux-9/Rocky-Static-9.1-Extras.repo b/rockylinux-9/Rocky-Static-9.1-Extras.repo
index cc440e7..b301186 100644
--- a/rockylinux-9/Rocky-Static-9.1-Extras.repo
+++ b/rockylinux-9/Rocky-Static-9.1-Extras.repo
@@ -1,6 +1,6 @@
 [extras-static-9.1]
 name=Rocky Linux 9.1 - Extras
-baseurl=http://dl.rockylinux.org/pub/rocky/9.1/extras/$basearch/os/
+baseurl=http://dl.rockylinux.org/vault/rocky/9.1/extras/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1