# RHEL-compatible Reproducible Build Container # Sprint: SPRINT_1227_0002_0001 (Reproducible Builders) # Task: T3 - RHEL builder with mock-based package building # # Uses AlmaLinux 9 as RHEL-compatible base for open source builds. # Production RHEL builds require valid subscription. ARG BASE_IMAGE=almalinux:9 FROM ${BASE_IMAGE} AS builder LABEL org.opencontainers.image.title="StellaOps RHEL Reproducible Builder" LABEL org.opencontainers.image.description="RHEL-compatible reproducible build environment for security patching" LABEL org.opencontainers.image.vendor="StellaOps" LABEL org.opencontainers.image.source="https://github.com/stellaops/stellaops" # Install build dependencies RUN dnf -y update && \ dnf -y install \ # Core build tools rpm-build \ rpmdevtools \ rpmlint \ mock \ # Compiler toolchain gcc \ gcc-c++ \ make \ cmake \ autoconf \ automake \ libtool \ # Package management dnf-plugins-core \ yum-utils \ createrepo_c \ # Binary analysis binutils \ elfutils \ gdb \ # Reproducibility diffoscope \ # Source control git \ patch \ # Utilities wget \ curl \ jq \ python3 \ python3-pip && \ dnf clean all # Create mock user (mock requires non-root) RUN useradd -m mockbuild && \ usermod -a -G mock mockbuild # Set up rpmbuild directories RUN mkdir -p /build/{BUILD,RPMS,SOURCES,SPECS,SRPMS} && \ chown -R mockbuild:mockbuild /build # Copy build scripts COPY scripts/build.sh /usr/local/bin/build.sh COPY scripts/extract-functions.sh /usr/local/bin/extract-functions.sh COPY scripts/normalize.sh /usr/local/bin/normalize.sh COPY scripts/mock-build.sh /usr/local/bin/mock-build.sh RUN chmod +x /usr/local/bin/*.sh # Set reproducibility environment ENV TZ=UTC ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 # Deterministic compiler flags ENV CFLAGS="-fno-record-gcc-switches -fdebug-prefix-map=/build=/buildroot -O2 -g" ENV CXXFLAGS="${CFLAGS}" # Mock configuration for reproducible builds COPY mock/stellaops-repro.cfg /etc/mock/stellaops-repro.cfg WORKDIR /build USER mockbuild ENTRYPOINT ["/usr/local/bin/build.sh"] CMD ["--help"]