build: add OCI image build, add dmidecode, update pciutils

.github/workflows/build-oci.yml

@@ -0,0 +1,41 @@
+name: build-oci-image
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+jobs:
+  build:
+    runs-on: edera-large
+    strategy:
+      fail-fast: false
+      matrix:
+        component:
+          - edera-debug-report-oci
+    name: build ${{ matrix.component }} container image
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: recursive
+      - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        id: push-step
+        with:
+          platforms: linux/amd64
+          target: ${{ matrix.component }}
+          tags: ghcr.io/edera-dev/${{ matrix.component }}:latest
+          push: true
+      - name: Sign the image
+        env:
+          DIGEST: ${{ steps.push-step.outputs.digest }}
+          TAGS: ghcr.io/edera-dev/${{ matrix.component }}:latest
+          COSIGN_EXPERIMENTAL: "true"
+        run: cosign sign --yes "${TAGS}@${DIGEST}"

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "extern/pciutils"]
 	path = extern/pciutils
 	url = https://github.com/pciutils/pciutils.git
+[submodule "extern/dmidecode"]
+	path = extern/dmidecode
+	url = https://git.savannah.nongnu.org/git/dmidecode.git

Dockerfile

@@ -0,0 +1,25 @@
+# Using Rocky Linux 9 as a proxy for RHEL9, which is the likely oldest
+# supported Linux distro in use by enterprises out there.
+FROM rockylinux:9 AS builder
+
+RUN cat <<'EOF' >> /etc/dnf/dnf.conf
+install_weak_deps=False
+fastestmirror=True
+max_parallel_downloads=8
+EOF
+
+RUN dnf update -y
+RUN dnf install --enablerepo=crb -y gcc gcc-c++ make glibc-devel zlib-devel git glibc-static zlib-static
+
+COPY . /workspace
+WORKDIR /workspace
+
+RUN /workspace/package.sh
+
+#
+# Create OCI image for Edera Protect Installer
+#
+FROM scratch AS edera-debug-report-oci
+COPY --from=builder /workspace/build /var/lib/edera/protect/support
+
+# vim: set ts=4 sts=4 sw=4 et:

package.sh

@@ -8,14 +8,24 @@ cd "$SCRIPTPATH"
 rm -rf "${SCRIPTPATH}/build"
 mkdir -p "${SCRIPTPATH}/build/bin"
 
+#
+# Build statically-linked dmidecode binary
+#
+pushd extern/dmidecode
+git clean -dfx
+git reset --hard HEAD
+make -j$(nproc) dmidecode CC="gcc" CFLAGS="-Os -static -flto" LDFLAGS="-static -flto"
+install -Dm0755 dmidecode "${SCRIPTPATH}/build/bin/dmidecode"
+popd
+
 #
 # Build statically-linked pciutils 'lspci' binary and pci.ids.gz
 #
 
 pushd extern/pciutils
 git clean -dfx
 git reset --hard HEAD
-make -j$(nproc) update-pciids lspci OPT=-Os IDSDIR="./hwdata" LIBKMOD=no DNS=no HWDB=no ZLIB=yes SHARED=no CC="cc -static -flto"
+make -j$(nproc) update-pciids lspci OPT=-Os IDSDIR="./hwdata" LIBKMOD=no DNS=no HWDB=no ZLIB=yes SHARED=no RANLIB=gcc-ranlib AR=gcc-ar CC="gcc -static -flto"
 mkdir hwdata
 ./update-pciids
 install -Dm0755 update-pciids "${SCRIPTPATH}/build/bin/update-pciids"