git.stella-ops.org/devops/docker/repro-builders/rhel/Dockerfile

# RHEL-compatible Reproducible Build Container
# Sprint: SPRINT_1227_0002_0001 (Reproducible Builders)
# Task: T3 - RHEL builder with mock-based package building
#
# Uses AlmaLinux 9 as RHEL-compatible base for open source builds.
# Production RHEL builds require valid subscription.

ARG BASE_IMAGE=almalinux:9
FROM ${BASE_IMAGE} AS builder

LABEL org.opencontainers.image.title="StellaOps RHEL Reproducible Builder"
LABEL org.opencontainers.image.description="RHEL-compatible reproducible build environment for security patching"
LABEL org.opencontainers.image.vendor="StellaOps"
LABEL org.opencontainers.image.source="https://github.com/stellaops/stellaops"

# Install build dependencies
RUN dnf -y update && \
    dnf -y install \
        # Core build tools
        rpm-build \
        rpmdevtools \
        rpmlint \
        mock \
        # Compiler toolchain
        gcc \
        gcc-c++ \
        make \
        cmake \
        autoconf \
        automake \
        libtool \
        # Package management
        dnf-plugins-core \
        yum-utils \
        createrepo_c \
        # Binary analysis
        binutils \
        elfutils \
        gdb \
        # Reproducibility
        diffoscope \
        # Source control
        git \
        patch \
        # Utilities
        wget \
        curl \
        jq \
        python3 \
        python3-pip && \
    dnf clean all

# Create mock user (mock requires non-root)
RUN useradd -m mockbuild && \
    usermod -a -G mock mockbuild

# Set up rpmbuild directories
RUN mkdir -p /build/{BUILD,RPMS,SOURCES,SPECS,SRPMS} && \
    chown -R mockbuild:mockbuild /build

# Copy build scripts
COPY scripts/build.sh /usr/local/bin/build.sh
COPY scripts/extract-functions.sh /usr/local/bin/extract-functions.sh
COPY scripts/normalize.sh /usr/local/bin/normalize.sh
COPY scripts/mock-build.sh /usr/local/bin/mock-build.sh

RUN chmod +x /usr/local/bin/*.sh

# Set reproducibility environment
ENV TZ=UTC
ENV LC_ALL=C.UTF-8
ENV LANG=C.UTF-8

# Deterministic compiler flags
ENV CFLAGS="-fno-record-gcc-switches -fdebug-prefix-map=/build=/buildroot -O2 -g"
ENV CXXFLAGS="${CFLAGS}"

# Mock configuration for reproducible builds
COPY mock/stellaops-repro.cfg /etc/mock/stellaops-repro.cfg

WORKDIR /build
USER mockbuild

ENTRYPOINT ["/usr/local/bin/build.sh"]
CMD ["--help"]