commit 7f183ebd5df2fba9cea49feba5ba48c2d541aa000d51bcd214fc5ed4dde994a8
Author: Richard Brown <rbrown@suse.com>
Date:   Thu Oct 20 08:41:42 2022 +0000

    Accepting request 1029993 from home:aplanas:branches:devel:BCI:Tumbleweed
    
    Keylime control plane (verifier, registrar, tenant) container
    
    OBS-URL: https://build.opensuse.org/request/show/1029993
    OBS-URL: https://build.opensuse.org/package/show/devel:microos:containers/keylime-control-plane-image?expand=0&rev=1

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..44c278f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,58 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: opensuse/keylime-control-plane:%%KEYLIME_VERSION%%
+#!BuildTag: opensuse/keylime-control-plane:%%KEYLIME_VERSION%%-%RELEASE%
+#!BuildTag: opensuse/keylime-control-plane:latest
+FROM opensuse/tumbleweed:latest
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=org.opensuse.application.keylime-control-plane
+LABEL org.opencontainers.image.title="openSUSE Tumbleweed Keylime Registrar and Verifier Services Container Image"
+LABEL org.opencontainers.image.description="Keylime registar and verifier services based on the openSUSE Tumbleweed Base Container Image."
+LABEL org.opencontainers.image.version="%%KEYLIME_VERSION%%"
+LABEL org.opencontainers.image.url="https://www.opensuse.org"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="openSUSE Project"
+LABEL org.opencontainers.image.authors="aplanas@suse.de"
+LABEL org.opensuse.reference="registry.opensuse.org/opensuse/keylime-control-plane:%%KEYLIME_VERSION%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+LABEL RUN="podman run --name keylime-control-plane-container --rm -p 8881:8881 -p 8890:8890 -p 8891:8891 -v keylime-control-plane-volume:/var/lib/keylime -dt IMAGE"
+LABEL INSTALL="podman volume create keylime-control-plane-volume"
+LABEL UNINSTALL="podman volume rm keylime-control-plane-volume"
+
+# The tenant can be run with
+# podman run \
+#    --rm -v keylime-control-plane-volume:/var/lib/keylime IMAGE \
+#    keylime_tenant -v 10.88.0.1 -r 10.88.0.1 --cert default -c CMD
+
+RUN set -euo pipefail; \
+    zypper -n in --no-recommends \
+      findutils \
+      keylime-registrar \
+      keylime-verifier \
+      keylime-tenant \
+      python3-packaging \
+      python3-pyasn1 \
+      python3-pyasn1-modules \
+      iproute2; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+COPY docker-entrypoint.sh /
+COPY keylime-control-plane-start.sh /
+RUN set -euo pipefail; \
+    chmod a+x /docker-entrypoint.sh; \
+    chmod a+x /keylime-control-plane-start.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["/keylime-control-plane-start.sh"]
+VOLUME ["/var/lib/keylime"]
+EXPOSE 8881 8890 8891
+
+HEALTHCHECK --start-period=5m --timeout=5s --interval=5s --retries=2 \
+    CMD /usr/bin/ss -ltn | /usr/bin/grep -q 0.0.0.0:8890
+
+STOPSIGNAL SIGQUIT
diff --git a/_service b/_service
new file mode 100644
index 0000000..021647e
--- /dev/null
+++ b/_service
@@ -0,0 +1,9 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%KEYLIME_VERSION%%</param>
+    <param name="package">python310-keylime</param>
+  </service>
+</services>
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100644
index 0000000..0b778bb
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+entrypoint_log() {
+    if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "$@"
+    fi
+}
+
+if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
+    entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
+
+    entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/"
+    find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
+        case "$f" in
+            *.envsh)
+                if [ -x "$f" ]; then
+                    entrypoint_log "$0: Sourcing $f";
+                    source "$f"
+                else
+                    # warn on shell scripts without exec bit
+                    entrypoint_log "$0: Ignoring $f, not executable";
+                fi
+                ;;
+            *.sh)
+                if [ -x "$f" ]; then
+                    entrypoint_log "$0: Launching $f";
+                    "$f"
+                else
+                    # warn on shell scripts without exec bit
+                    entrypoint_log "$0: Ignoring $f, not executable";
+                fi
+                ;;
+            *) entrypoint_log "$0: Ignoring $f";;
+        esac
+    done
+
+    entrypoint_log "$0: Configuration complete; ready for start up"
+else
+    entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration"
+fi
+
+
+exec "$@"
diff --git a/keylime-control-plane-image.changes b/keylime-control-plane-image.changes
new file mode 100644
index 0000000..2e2c74c
--- /dev/null
+++ b/keylime-control-plane-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Mon Oct 10 12:03:21 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Initial image based on Keylime 6.5.1
diff --git a/keylime-control-plane-start.sh b/keylime-control-plane-start.sh
new file mode 100644
index 0000000..dfedd30
--- /dev/null
+++ b/keylime-control-plane-start.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+# Start the verifier and the registar in the correct order
+/usr/bin/keylime_verifier &
+# TODO fix the race condition
+sleep 2
+/usr/bin/keylime_registrar