From a4389f00122d23b76bbbaac0274c1c1ef8780c2a Mon Sep 17 00:00:00 2001
From: Honza Horak <hhorak@redhat.com>
Date: Apr 25 2018 06:18:30 +0000
Subject: Add s2i-core sources as well, temporarily, since depended layered images are problem in fedora


---

diff --git a/Dockerfile b/Dockerfile
index 52ff87e..46024a7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-# This image is the base image for all OpenShift v3 language container images.
-FROM registry.fedoraproject.org/f28/s2i-core
+# This image is the base image for all s2i configurable container images.
+FROM registry.fedoraproject.org/fedora:28
 
 ENV SUMMARY="Base image with essential libraries and tools used as a base for \
 builder images like perl, python, ruby, etc." \
@@ -23,6 +23,40 @@ LABEL summary="$SUMMARY" \
       architecture="$ARCH" \
       maintainer="SoftwareCollections.org <sclorg@redhat.com>"
 
+ENV \
+    # DEPRECATED: Use above LABEL instead, because this will be removed in future versions.
+    STI_SCRIPTS_URL=image:///usr/libexec/s2i \
+    # Path to be used in other layers to place s2i scripts into
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    APP_ROOT=/opt/app-root \
+    # The $HOME is not set by default, but some applications needs this variable
+    HOME=/opt/app-root/src \
+    PATH=/opt/app-root/src/bin:/opt/app-root/bin:$PATH
+
+# When bash is started non-interactively, to run a shell script, for example it
+# looks for this variable and source the content of this file. This will enable
+# the SCL for all scripts without need to do 'scl enable'.
+ENV BASH_ENV=${APP_ROOT}/etc/scl_enable \
+    ENV=${APP_ROOT}/etc/scl_enable \
+    PROMPT_COMMAND=". ${APP_ROOT}/etc/scl_enable"
+
+# This is the list of basic dependencies that all language container image can
+# consume.
+# Also setup the 'openshift' user that is used for the build execution and for the
+# application runtime execution.
+# TODO: Use better UID and GID values
+RUN INSTALL_PKGS="bsdtar \
+  findutils \
+  gettext \
+  groff \
+  tar \
+  unzip" && \
+  mkdir -p ${HOME}/.pki/nssdb && \
+  chown -R 1001:0 ${HOME}/.pki && \
+  dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+  rpm -V $INSTALL_PKGS && \
+  dnf clean all -y
+
 # This is the list of basic dependencies that all language container image can
 # consume.
 RUN INSTALL_PKGS="autoconf \
@@ -37,8 +71,7 @@ RUN INSTALL_PKGS="autoconf \
   libxslt-devel \
   lsof \
   make \
-  mariadb-devel \
-  mariadb-libs \
+  mariadb-connector-c-devel \
   npm \
   openssl-devel \
   patch \
@@ -52,3 +85,19 @@ RUN INSTALL_PKGS="autoconf \
   dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
   rpm -V $INSTALL_PKGS && \
   dnf clean all -y
+
+# Copy extra files to the image.
+COPY ./root/ /
+
+# Directory with the sources is set as the working directory so all STI scripts
+# can execute relative to this path.
+WORKDIR ${HOME}
+
+ENTRYPOINT ["container-entrypoint"]
+CMD ["base-usage"]
+
+# Reset permissions of modified directories and add default user
+RUN rpm-file-permissions && \
+  useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \
+      -c "Default Application User" default && \
+  chown -R 1001:0 ${APP_ROOT}
diff --git a/root/help.1 b/root/help.1
new file mode 100644
index 0000000..2f46315
--- /dev/null
+++ b/root/help.1
@@ -0,0 +1,124 @@
+.TH OpenShift base images (core variant)
+.PP
+This repository contains Dockerfiles for images which can be used as base images
+to add support for source\-to\-image
+\[la]https://github.com/openshift/source-to-image\[ra]
+without installing several development libraries.
+
+.SH Description
+.PP
+OpenShift S2I images use Software Collections
+\[la]https://www.softwarecollections.org/en/\[ra]
+packages to provide the latest versions of various software.
+The SCL packages are released more frequently than the RHEL or CentOS systems,
+which are unlikely to change for several years.
+We rely on RHEL and CentOS for base images, on the other hand,
+because those are stable, supported, and secure platforms.
+
+.PP
+Normally, SCL requires manual operation to enable the collection you want to use.
+This is burdensome and can be prone to error.
+The OpenShift S2I approach is to set Bash environment variables that
+serve to automatically enable the desired collection:
+.IP \(bu 2
+\fB\fCBASH\_ENV\fR: enables the collection for all non\-interactive Bash sessions
+.IP \(bu 2
+\fB\fCENV\fR: enables the collection for all invocations of \fB\fC/bin/sh\fR
+.IP \(bu 2
+\fB\fCPROMPT\_COMMAND\fR: enables the collection in interactive shell
+
+.PP
+Two examples:
+* If you specify \fB\fCBASH\_ENV\fR, then all your \fB\fC#!/bin/bash\fR scripts
+do not need to call \fB\fCscl enable\fR\&.
+* If you specify \fB\fCPROMPT\_COMMAND\fR, then on execution of the
+\fB\fCdocker exec ... /bin/bash\fR command, the collection will be automatically enabled.
+
+.PP
+\fINote\fP:
+Executables in Software Collections packages (e.g., \fB\fCruby\fR)
+are not directly in a directory named in the \fB\fCPATH\fR environment variable.
+This means that you cannot do:
+
+.PP
+.RS
+
+.nf
+$ docker exec <cid> ... ruby
+
+.fi
+.RE
+
+.PP
+but must instead do:
+
+.PP
+.RS
+
+.nf
+$ docker exec <cid> ... /bin/bash \-c ruby
+
+.fi
+.RE
+
+.PP
+The \fB\fC/bin/bash \-c\fR, along with the setting the appropriate environment variable,
+ensures the correct \fB\fCruby\fR executable is found and invoked.
+
+.SH Usage
+.PP
+Choose either the CentOS7 or RHEL7 base image:
+*  \fBRHEL7 base image\fP
+
+.PP
+To build a RHEL7 based image, you need to build it on properly subscribed RHEL machine.
+
+.PP
+.RS
+
+.nf
+$ git clone \-\-recursive https://github.com/sclorg/s2i\-base\-container.git
+$ cd s2i\-base\-container
+$ make build VERSIONS=core TARGET=rhel7
+
+.fi
+.RE
+.IP \(bu 2
+\fBCentOS7 base image\fP
+
+.PP
+This image is available on DockerHub. To download it run:
+
+.PP
+.RS
+
+.nf
+docker pull sclorg/s2i\-core\-centos7
+
+.fi
+.RE
+
+.PP
+To build a Base image from scratch run:
+
+.PP
+.RS
+
+.nf
+$ git clone \-\-recursive https://github.com/sclorg/s2i\-base\-container.git
+$ cd s2i\-base\-container
+$ make build VERSIONS=core
+
+.fi
+.RE
+
+.PP
+\fBNotice: By omitting the \fB\fCVERSION\fR parameter, the build/test action will be performed
+on all provided versions of s2i image.\fP
+
+.SH See also
+.PP
+Dockerfile and other sources are available on 
+\[la]https://github.com/sclorg/s2i-base-container\[ra]\&.
+In that repository you also can find another variants of S2I Base Dockerfiles.
+Dockerfile for CentOS is called Dockerfile, Dockerfile for RHEL is called Dockerfile.rhel7.
diff --git a/root/opt/app-root/etc/scl_enable b/root/opt/app-root/etc/scl_enable
new file mode 100644
index 0000000..8fca598
--- /dev/null
+++ b/root/opt/app-root/etc/scl_enable
@@ -0,0 +1,2 @@
+# This file contains automatic SCL enablement.
+unset BASH_ENV PROMPT_COMMAND ENV
diff --git a/root/usr/bin/base-usage b/root/usr/bin/base-usage
new file mode 100755
index 0000000..154ccc4
--- /dev/null
+++ b/root/usr/bin/base-usage
@@ -0,0 +1,24 @@
+#!/bin/sh -e
+
+cat <<EOF
+This image serves as the base image for all OpenShift v3 S2I builder images.
+It provides all essential libraries and development tools needed to
+successfully build and run an application.
+
+To use this image as a base image, you need to have 's2i/bin' directory in the
+same directory as your S2I image Dockerfile. This directory should contain S2I
+scripts.
+
+This base image also provides the default user you should use to run your
+application. Your Dockerfile should include this instruction after you finish
+installing software:
+
+USER default
+
+The default directory for installing your application sources is
+'/opt/app-root/src' and the WORKDIR and HOME for the 'default' user is set
+to this directory as well. In your S2I scripts, you don't have to use absolute
+path, but rather rely on the relative path.
+
+To learn more about S2I visit: https://github.com/openshift/source-to-image
+EOF
diff --git a/root/usr/bin/cgroup-limits b/root/usr/bin/cgroup-limits
new file mode 100755
index 0000000..b9d4edc
--- /dev/null
+++ b/root/usr/bin/cgroup-limits
@@ -0,0 +1,92 @@
+#!/usr/bin/python
+
+"""
+Script for parsing cgroup information
+
+This script will read some limits from the cgroup system and parse
+them, printing out "VARIABLE=VALUE" on each line for every limit that is
+successfully read. Output of this script can be directly fed into
+bash's export command. Recommended usage from a bash script:
+
+    set -o errexit
+    export_vars=$(cgroup-limits) ; export $export_vars
+
+Variables currently supported:
+    MAX_MEMORY_LIMIT_IN_BYTES
+        Maximum possible limit MEMORY_LIMIT_IN_BYTES can have. This is
+        currently constant value of 9223372036854775807.
+    MEMORY_LIMIT_IN_BYTES
+        Maximum amount of user memory in bytes. If this value is set
+        to the same value as MAX_MEMORY_LIMIT_IN_BYTES, it means that
+        there is no limit set. The value is taken from
+        /sys/fs/cgroup/memory/memory.limit_in_bytes
+    NUMBER_OF_CORES
+        Number of detected CPU cores that can be used. This value is
+        calculated from /sys/fs/cgroup/cpuset/cpuset.cpus
+    NO_MEMORY_LIMIT
+        Set to "true" if MEMORY_LIMIT_IN_BYTES is so high that the caller
+        can act as if no memory limit was set. Undefined otherwise.
+"""
+
+from __future__ import print_function
+import sys
+
+
+def _read_file(path):
+    try:
+        with open(path, 'r') as f:
+            return f.read().strip()
+    except IOError:
+        return None
+
+
+def get_memory_limit():
+    """
+    Read memory limit, in bytes.
+    """
+
+    limit = _read_file('/sys/fs/cgroup/memory/memory.limit_in_bytes')
+    if limit is None or not limit.isdigit():
+        print("Warning: Can't detect memory limit from cgroups",
+              file=sys.stderr)
+        return None
+    return int(limit)
+
+
+def get_number_of_cores():
+    """
+    Read number of CPU cores.
+    """
+
+    core_count = 0
+
+    line = _read_file('/sys/fs/cgroup/cpuset/cpuset.cpus')
+    if line is None:
+        print("Warning: Can't detect number of CPU cores from cgroups",
+              file=sys.stderr)
+        return None
+
+    for group in line.split(','):
+        core_ids = list(map(int, group.split('-')))
+        if len(core_ids) == 2:
+            core_count += core_ids[1] - core_ids[0] + 1
+        else:
+            core_count += 1
+
+    return core_count
+
+
+if __name__ == "__main__":
+    env_vars = {
+        "MAX_MEMORY_LIMIT_IN_BYTES": 9223372036854775807,
+        "MEMORY_LIMIT_IN_BYTES": get_memory_limit(),
+        "NUMBER_OF_CORES": get_number_of_cores()
+    }
+
+    env_vars = {k: v for k, v in env_vars.items() if v is not None}
+
+    if env_vars.get("MEMORY_LIMIT_IN_BYTES", 0) >= 92233720368547:
+        env_vars["NO_MEMORY_LIMIT"] = "true"
+
+    for key, value in env_vars.items():
+        print("{0}={1}".format(key, value))
diff --git a/root/usr/bin/container-entrypoint b/root/usr/bin/container-entrypoint
new file mode 100755
index 0000000..9d8ad4d
--- /dev/null
+++ b/root/usr/bin/container-entrypoint
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec "$@"
diff --git a/root/usr/bin/fix-permissions b/root/usr/bin/fix-permissions
new file mode 100755
index 0000000..ddd33ac
--- /dev/null
+++ b/root/usr/bin/fix-permissions
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Allow this script to fail without failing a build
+set +e
+
+SYMLINK_OPT=${2:--L}
+
+# Fix permissions on the given directory or file to allow group read/write of
+# regular files and execute of directories.
+
+[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)"
+
+# If argument does not exist, script will still exit with 0,
+# but at least we'll see something went wrong in the log
+if ! [ -e "$1" ] ; then
+  echo "ERROR: File or directory $1 does not exist." >&2
+  # We still want to end successfully
+  exit 0
+fi
+
+find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} +
+find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} +
+find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} +
+find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} +
+
+# Always end successfully
+exit 0
diff --git a/root/usr/bin/prepare-yum-repositories b/root/usr/bin/prepare-yum-repositories
new file mode 100755
index 0000000..850701b
--- /dev/null
+++ b/root/usr/bin/prepare-yum-repositories
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# This script is used to prepare yum repositories, that are given as arguments.
+
+set -ex
+
+# DEFAULT_REPOS and SKIP_REPOS_{ENABLE,DISABLE} are intentionally undocumented,
+# but might be used if we need to change this behaviour.
+# Once we realize there are real use cases for using those variables, we should
+# document them properly.
+DEFAULT_REPOS=${DEFAULT_REPOS:-"rhel-7-server-rpms rhel-7-server-optional-rpms"}
+SKIP_REPOS_ENABLE=${SKIP_REPOS_ENABLE:-false}
+SKIP_REPOS_DISABLE=${SKIP_REPOS_DISABLE:-false}
+
+function is_subscribed() {
+  for f in /run/secrets/etc-pki-entitlement/*.pem ; do
+    [ -e "$f" ] && return 0
+    break
+  done
+  return 1
+}
+
+# if redhat.repo does not exist we have a mounted-in dir, do not enable repositories
+[ -f /etc/yum.repos.d/redhat.repo ] || SKIP_REPOS_ENABLE=true
+
+# install yum-utils for yum-config-manager
+yum install -y yum-utils
+
+if [ "$SKIP_REPOS_DISABLE" = false ] && is_subscribed; then
+  # Disable only repos that might come from subscribed host, because there
+  # might be other repos provided by user or build system
+
+  disable_repos=
+  # Lines look like: "Repo-id  :  dist-tag-override/x86_64"
+  while IFS=' /' read -r _ _ repo_id _; do
+      case $repo_id in rhel-*)
+        disable_repos+=" $repo_id" ;;
+      esac
+  done <<<"$(yum repolist -v 2>/dev/null | grep Repo-id)"
+
+  if test -n "$disable_repos"; then
+    yum-config-manager --disable $disable_repos &> /dev/null
+  fi
+fi
+
+if [ ${SKIP_REPOS_ENABLE} = false ] && [ -n "${DEFAULT_REPOS}" -o $# -gt 0 ] ; then
+  yum-config-manager --enable ${DEFAULT_REPOS} "$@"
+fi
diff --git a/root/usr/bin/rpm-file-permissions b/root/usr/bin/rpm-file-permissions
new file mode 100755
index 0000000..8be1fb0
--- /dev/null
+++ b/root/usr/bin/rpm-file-permissions
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+CHECK_DIRS="/ /opt /etc /usr /usr/bin /usr/lib /usr/lib64 /usr/share /usr/libexec"
+
+rpm_format="[%{FILESTATES:fstate}  %7{FILEMODES:octal} %{FILENAMES:shescape}\n]"
+
+rpm -q --qf "$rpm_format" filesystem | while read line
+do
+    eval "set -- $line"
+
+    case $1 in
+        normal) ;;
+        *) continue ;;
+    esac
+
+    case " $CHECK_DIRS " in
+        *" $3 "*)
+            chmod "${2: -4}" "$3"
+            ;;
+    esac
+done