diff --git a/Containerfile b/Containerfile index e4a9aae..bf2c108 100644 --- a/Containerfile +++ b/Containerfile @@ -47,6 +47,11 @@ RUN if [ -f /cachi2/cachi2.env ]; then \ # --------------------------------------------------------------------------- FROM registry.redhat.io/openshift4/ose-cli-rhel9:v4.21 AS origincli +# --------------------------------------------------------------------------- +# podman stage: provides catatonit init binary +# --------------------------------------------------------------------------- +FROM registry.redhat.io/ubi9/podman:9.8 AS podman + # --------------------------------------------------------------------------- # Runtime stage: minimal image with only what the agent needs # --------------------------------------------------------------------------- @@ -58,14 +63,9 @@ WORKDIR /app # System packages (resolved from rpms.in.yaml via rpm prefetch). # Split into functional groups for readability. -# EPEL repo + GPG key (tini lives in EPEL; cachi2 overrides this in hermetic builds) -COPY epel.repo /etc/yum.repos.d/epel.repo -COPY RPM-GPG-KEY-EPEL-9 /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 -RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 - -# Claude Code SDK requirements + container init +# Claude Code SDK requirements RUN dnf install -y --nodocs \ - bash git wget jq tini \ + bash git wget jq \ && dnf clean all # SRE debugging toolkit @@ -95,6 +95,9 @@ RUN ln -s /app/node_modules/@anthropic-ai/claude-code/bin/claude.exe /usr/local/ COPY --from=origincli /usr/bin/oc /usr/bin/oc RUN ln -s /usr/bin/oc /usr/bin/kubectl +# catatonit init binary from the podman stage +COPY --from=podman /usr/libexec/podman/catatonit /usr/bin/catatonit + # Install generic-fetched binaries (ripgrep). # In hermetic builds these are at /cachi2/output/deps/generic/. # In non-hermetic builds fall back to fetching from the network. @@ -132,7 +135,7 @@ USER 1001:1001 EXPOSE 8080 -ENTRYPOINT ["/usr/bin/tini", "--"] +ENTRYPOINT ["/usr/bin/catatonit", "--"] CMD ["python3.12", "-m", "uvicorn", "lightspeed_agentic.app:app", "--host", "0.0.0.0", "--port", "8080"] LABEL name="lightspeed-agentic-sandbox" \ diff --git a/RPM-GPG-KEY-EPEL-9 b/RPM-GPG-KEY-EPEL-9 deleted file mode 100644 index 234c12f..0000000 --- a/RPM-GPG-KEY-EPEL-9 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp -CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 -2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW -DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu -n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z -39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy -XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK -44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS -9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH -DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq -uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB -tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI -ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE -FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF -3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC -nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n -R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG -4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe -CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL -9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 -w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT -/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd -fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE -r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux -VL469Kj5m13T6w== -=Mjs/ ------END PGP PUBLIC KEY BLOCK----- diff --git a/epel.repo b/epel.repo deleted file mode 100644 index 6c5c161..0000000 --- a/epel.repo +++ /dev/null @@ -1,14 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux 9 - $basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=$basearch -enabled=1 -gpgcheck=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 - -[epel-source] -name=Extra Packages for Enterprise Linux 9 - Source -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-9&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 diff --git a/rpms.in.yaml b/rpms.in.yaml index f52039b..1ddacce 100644 --- a/rpms.in.yaml +++ b/rpms.in.yaml @@ -22,7 +22,6 @@ packages: - gzip - python3.12 - python3.12-pip - - tini contentOrigin: - repofiles: ["./ubi.repo", "./epel.repo"] + repofiles: ["./ubi.repo"] arches: [x86_64, aarch64] diff --git a/rpms.lock.yaml b/rpms.lock.yaml index 0324b51..0b4831c 100644 --- a/rpms.lock.yaml +++ b/rpms.lock.yaml @@ -4,13 +4,6 @@ lockfileVendor: redhat arches: - arch: aarch64 packages: - - url: http://ftp.iij.ad.jp/pub/linux/Fedora/epel/9/Everything/aarch64/Packages/t/tini-0.19.0-5.el9.aarch64.rpm - repoid: epel - size: 22568 - checksum: sha256:486454b6e2e84c96850a12038b5e70348bb85da0266332e203acd967fd91db90 - name: tini - evr: 0.19.0-5.el9 - sourcerpm: tini-0.19.0-5.el9.src.rpm - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/aarch64/appstream/os/Packages/b/bind-libs-9.16.23-34.el9_7.2.aarch64.rpm repoid: ubi-9-for-aarch64-appstream-rpms size: 1258934 @@ -1135,13 +1128,6 @@ arches: module_metadata: [] - arch: x86_64 packages: - - url: http://ftp.iij.ad.jp/pub/linux/Fedora/epel/9/Everything/x86_64/Packages/t/tini-0.19.0-5.el9.x86_64.rpm - repoid: epel - size: 22793 - checksum: sha256:1cedbdf9afa27bf03ee70681ff9b8bd68d681a48050d6d35d69014964f90ce2b - name: tini - evr: 0.19.0-5.el9 - sourcerpm: tini-0.19.0-5.el9.src.rpm - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/x86_64/appstream/os/Packages/b/bind-libs-9.16.23-34.el9_7.2.x86_64.rpm repoid: ubi-9-for-x86_64-appstream-rpms size: 1308196