Merge branch 'feature/add-build-type-behavior' into 'main'

fix: add missing build type behavior

See merge request qontainers/pipglr!50

Containerfile

@@ -20,6 +20,10 @@ ADD /root/ /root/
 ADD /etc/ /etc/
 ADD /home/ /home/
 
+# The build type: either `dev` or `prod`
+# In `dev` mode: the package manager will not be deleted.
+ARG BUILD_TYPE=prod
+
 # Allow image-builders to choose another version besides "latest" should
 # an incompatible change be introduced.
 ARG RUNNER_VERSION=latest
@@ -35,8 +39,10 @@ ARG TARGETARCH=amd64
 ARG PRUNE_INTERVAL=daily  # see systemd.timer for allowable values
 
 # All-in-one packaging/image-setup script to keep things simple.
-RUN PRUNE_INTERVAL=${PRUNE_INTERVAL} \
+RUN \
+ PRUNE_INTERVAL=${PRUNE_INTERVAL} \
  RUNNER_VERSION=${RUNNER_VERSION} \
+ BUILD_TYPE=${BUILD_TYPE} \
  bash /root/setup.sh
 
 VOLUME /cache /home/podman/.local/share/containers

root/setup.sh

@@ -33,6 +33,10 @@ function check_vars() {
       die "Env. variable '$varname' must be non-empty."
     fi
   done
+
+  if [[ ! "$BUILD_TYPE" =~ dev|prod ]]; then
+    die "Build type must be 'dev' or 'prod': '$BUILD_TYPE'."
+  fi
 }
 
 function main() {
@@ -51,6 +55,10 @@ function main() {
   finalize_ownership
 }
 
+function is_release() {
+  [ "$BUILD_TYPE" = "prod" ] || return 1
+}
+
 function install_packages() {
   readarray xpackages < <(grep -vE '^(# )+' </root/xpackages.txt)
   local exclude_args=()
@@ -76,11 +84,9 @@ function install_packages() {
     --setopt=tsflags=noscripts install \
     "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}"
 
-
+  # Also don't start unnecessary or broken
-# Allow removing dnf, sudo, etc. packages.  Also don't start unnecessary or broken
   # systemd services, like anything kernel related or login gettys.
   rm -rf \
-  /etc/dnf/protected.d/* \
     /etc/systemd/system/getty.target.wants/* \
     /etc/systemd/system/multi-user.target.wants/* \
     /etc/systemd/system/sysinit.target.wants/* \
@@ -96,13 +102,16 @@ rm -rf \
   # This makes the image smaller and reduces the attack-surface.
   dnf remove -y "${xpackages[@]}"
 
+  if is_release; then
     # Wipe out the DNF cache, then remove it entirely, again to make the image smaller.
     "${dnf[@]}" clean all
     rm -rf /var/cache/dnf /var/log/dnf* /var/log/yum.*
     rpm -e dnf
+  fi
 
-  # Workaround base-image failing to confer capabilties properly on
+  # Workaround https://bugzilla.redhat.com/show_bug.cgi?id=1995337
-  # /usr/bin/new{u,g}idmap to `cap_set{u,g}id=ep` in new image layers.
+  # Base-image failing to confer capabilities properly on
+  # /usr/bin/new{u,g}idmap to `cap_set{u,g}id=ep` in new image layers
   rpm --setcaps shadow-utils
 }