SUSE
diff --git a/‎.github/dependabot.yml‎
Lines changed: 7 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/changelog_checker.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/changelog_checker.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/find-missing-packages.yml‎
Lines changed: 57 additions & 0 deletions b/‎.github/workflows/find-missing-packages.yml‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎.obs/workflows.yml‎
Lines changed: 15 additions & 107 deletions b/‎.obs/workflows.yml‎
Lines changed: 15 additions & 107 deletions
diff --git a/‎base-fips-image/Dockerfile‎
Lines changed: 61 additions & 0 deletions b/‎base-fips-image/Dockerfile‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎base-fips-image/README.md‎
Lines changed: 3 additions & 0 deletions b/‎base-fips-image/README.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎init/_service‎ ‎base-fips-image/_service‎init/_service renamed to base-fips-image/_service
Lines changed: 1 addition & 1 deletion b/‎init/_service‎ ‎base-fips-image/_service‎init/_service renamed to base-fips-image/_service
Lines changed: 1 addition & 1 deletion
diff --git a/‎base-fips-image/base-fips-image.changes‎
Lines changed: 4 additions & 0 deletions b/‎base-fips-image/base-fips-image.changes‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎golang-1.18/_constraints‎
Lines changed: 0 additions & 7 deletions b/‎golang-1.18/_constraints‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎golang-1.18/_service‎
Lines changed: 0 additions & 9 deletions b/‎golang-1.18/_service‎
Lines changed: 0 additions & 9 deletions
@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
@@ -32,7 +32,7 @@ jobs:
 
       - name: check the changelog
         run: |
-          poetry run ./scratch-build-bot.py \
+          poetry run scratch-build-bot \
               --os-version 3 -vvvv \
               changelog_check \
                   --base-ref origin/${{ github.base_ref }} \
 
@@ -0,0 +1,57 @@
+---
+name: Check whether packages are missing on OBS
+
+on:
+  push:
+    branches:
+      - 'sle15-sp3'
+
+jobs:
+  create-issues-for-dan:
+    name: create an issue for Dan to create the packages in devel:BCI
+    runs-on: ubuntu-latest
+    container: ghcr.io/dcermak/bci-ci:latest
+
+    strategy:
+      fail-fast: false
+
+    steps:
+      # we need all branches for the build checks
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: main
+          token: ${{ secrets.CHECKOUT_TOKEN }}
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache/pypoetry/virtualenvs
+          key: poetry-${{ hashFiles('poetry.lock') }}
+
+      - name: fix the file permissions of the repository
+        run: chown -R $(id -un):$(id -gn) .
+
+      - name: install python dependencies
+        run: poetry install
+
+      - name: find the packages that are missing
+        run: |
+          pkgs=$(poetry run scratch-build-bot --os-version 3 find_missing_packages)
+          if [[ ${pkgs} = "" ]]; then
+              echo "missing_pkgs=false" >> $GITHUB_ENV
+          else
+              echo "missing_pkgs=true" >> $GITHUB_ENV
+              echo "pkgs=${pkgs}" >> $GITHUB_ENV
+          fi
+          cat test-build.env >> $GITHUB_ENV
+        env:
+          OSC_PASSWORD: ${{ secrets.OSC_PASSWORD }}
+          OSC_USER: "defolos"
+
+      - uses: JasonEtco/create-an-issue@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          update_existing: true
+          filename: ".github/create-package.md"
+        if: env.missing_pkgs == 'true'
@@ -3,122 +3,30 @@ staging_build:
   steps:
     - branch_package:
         source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: python-3.6
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: python-3.9
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: rmt-nginx
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: pcp-image
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: rmt-server
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: golang-1.18
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: ruby-2.5-image
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: nodejs-14
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: nodejs-16
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: openjdk-11-devel
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: openjdk-11
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: init
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: rmt-mariadb
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: rmt-mariadb-client
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: minimal
-        target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
-    - branch_package:
-        source_project: home:defolos:BCI:CR:SLE-15-SP3
-        source_package: micro
+        source_package: base-fips-image
         target_project: home:defolos:BCI:CR:SLE-15-SP3:Staging
   filters:
     event: pull_request
 
-refresh_devel_BCI:
+refresh_staging_project:
   steps:
     - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: python-3.6
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: python-3.9
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: rmt-nginx
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: pcp-image
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: rmt-server
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: golang-1.18
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: ruby-2.5-image
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: nodejs-14
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: nodejs-16
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: openjdk-11-devel
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: openjdk-11
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: init
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: rmt-mariadb
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: rmt-mariadb-client
-    - trigger_services:
-        project: devel:BCI:SLE-15-SP3
-        package: minimal
+        project: home:defolos:BCI:CR:SLE-15-SP3
+        package: _project
+  filters:
+    event: push
+    branches:
+      only:
+        - sle15-sp3
+
+
+refresh_devel_BCI:
+  steps:
     - trigger_services:
         project: devel:BCI:SLE-15-SP3
-        package: micro
+        package: base-fips-image
   filters:
+    event: push
     branches:
       only:
         - sle15-sp3
@@ -0,0 +1,61 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+#!ExclusiveArch: x86_64
+#!BuildTag: suse/ltss/sle15.3/bci-base-fips:%OS_VERSION_ID_SP%
+#!BuildTag: suse/ltss/sle15.3/bci-base-fips:%OS_VERSION_ID_SP%.%RELEASE%
+#!BuildName: suse-ltss-sle15.3-bci-base-fips-%OS_VERSION_ID_SP%
+#!BuildVersion: 15.3
+FROM suse/ltss/sle15.3/sle15:15.3
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.sle.base-fips
+LABEL org.opencontainers.image.title="SLE LTSS BCI 15 SP3 FIPS-140-2"
+LABEL org.opencontainers.image.description="15 SP3 FIPS-140-2 container based on the SLE LTSS Base Container Image."
+LABEL org.opencontainers.image.version="%OS_VERSION_ID_SP%.%RELEASE%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL org.opensuse.reference="registry.suse.com/suse/ltss/sle15.3/bci-base-fips:%OS_VERSION_ID_SP%.%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="l3"
+LABEL com.suse.eula="sle-eula"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle#suse-linux-enterprise-server-15"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+LABEL usage="This container should only be used on a FIPS enabled host (fips=1 on kernel cmdline)."
+
+RUN set -euo pipefail; zypper -n in --no-recommends fipscheck sles-ltss-release; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2}
+#!RemoteAssetUrl: https://api.opensuse.org/public/build/SUSE:SLE-15-SP2:Update/pool/x86_64/openssl-1_1.18804/openssl-1_1-1.1.1d-11.20.1.x86_64.rpm
+COPY openssl-1_1-1.1.1d-11.20.1.x86_64.rpm .
+#!RemoteAssetUrl: https://api.opensuse.org/public/build/SUSE:SLE-15-SP2:Update/pool/x86_64/openssl-1_1.18804/libopenssl1_1-1.1.1d-11.20.1.x86_64.rpm
+COPY libopenssl1_1-1.1.1d-11.20.1.x86_64.rpm .
+#!RemoteAssetUrl: https://api.opensuse.org/public/build/SUSE:SLE-15-SP2:Update/pool/x86_64/openssl-1_1.18804/libopenssl1_1-hmac-1.1.1d-11.20.1.x86_64.rpm
+COPY libopenssl1_1-hmac-1.1.1d-11.20.1.x86_64.rpm .
+#!RemoteAssetUrl: https://api.opensuse.org/public/build/SUSE:SLE-15-SP1:Update/pool/x86_64/libgcrypt.15117/libgcrypt20-1.8.2-8.36.1.x86_64.rpm
+COPY libgcrypt20-1.8.2-8.36.1.x86_64.rpm .
+#!RemoteAssetUrl: https://api.opensuse.org/public/build/SUSE:SLE-15-SP1:Update/pool/x86_64/libgcrypt.15117/libgcrypt20-hmac-1.8.2-8.36.1.x86_64.rpm
+COPY libgcrypt20-hmac-1.8.2-8.36.1.x86_64.rpm .
+RUN set -euo pipefail; \
+    [ $(LC_ALL=C rpm --checksig -v *rpm | \
+        grep -c -E "^ *V3.*key ID 39db7c82: OK") = 5 ] \
+    && rpm -Uvh --oldpackage *.rpm \
+    && rm -vf *.rpm \
+    && rpmqpack | grep -E '(openssl|libgcrypt)'  | xargs zypper -n addlock
+ENV OPENSSL_FORCE_FIPS_MODE=1
@@ -0,0 +1,3 @@
+# The SLE LTSS BCI 15 SP3 FIPS-140-2 Container image
+
+15 SP3 FIPS-140-2 container based on the SLE LTSS Base Container Image.
@@ -1,4 +1,4 @@
 <services>
+  <service mode="buildtime" name="docker_label_helper"/>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="kiwi_label_helper"/>
 </services>
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Tue May 07 12:40:20 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the 15 SP3 FIPS-140-2 BCI
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# The SLE LTSS BCI 15 SP3 FIPS-140-2 Container image`
	`2`	`+`
	`3`	`+15 SP3 FIPS-140-2 container based on the SLE LTSS Base Container Image.`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +-------------------------------------------------------------------
 +Tue May 07 12:40:20 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
++
 +- First version of the 15 SP3 FIPS-140-2 BCI