From 40eb5159a99a1d3dff049192d1d40988a9907eb4 Mon Sep 17 00:00:00 2001
From: Stewart X Addison <sxa@redhat.com>
Date: Fri, 20 Dec 2024 14:19:42 +0000
Subject: [PATCH 1/5] unixPB: add CentOS Stream 10 static docker file

Signed-off-by: Stewart X Addison <sxa@redhat.com>
---
 .github/workflows/check_dockerstatic.yml      |  2 +
 .../Dockerfiles/Dockerfile.centstream10       | 44 +++++++++++++++++++
 .../roles/DockerStatic/README.md              | 16 ++++---
 3 files changed, 55 insertions(+), 7 deletions(-)
 create mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10

diff --git a/.github/workflows/check_dockerstatic.yml b/.github/workflows/check_dockerstatic.yml
index bd4c85c458..1a608fbf7f 100644
--- a/.github/workflows/check_dockerstatic.yml
+++ b/.github/workflows/check_dockerstatic.yml
@@ -46,6 +46,8 @@ jobs:
            dockerfile: "Dockerfile.cent8"
          - os: centos-stream-9
            dockerfile: "Dockerfile.centstream9"
+         - os: centos-stream-10
+           dockerfile: "Dockerfile.centstream10"
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Test Dockerfile on ${{ matrix.os }}
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10 b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
new file mode 100644
index 0000000000..78eb052a83
--- /dev/null
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
@@ -0,0 +1,44 @@
+FROM quay.io/centos/centos:stream10
+
+ARG ant_version="1.10.15"
+ARG ant_512checksum="1de7facbc9874fa4e5a2f045d5c659f64e0b89318c1dbc8acc6aae4595c4ffaf90a7b1ffb57f958dd08d6e086d3fff07aa90e50c77342a0aa5c9b4c36bff03a9"
+
+RUN dnf -y update && dnf install -y perl openssh-server unzip zip wget epel-release
+RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -P ""
+
+# Download JDK
+RUN wget -q 'https://api.adoptium.net/v3/binary/latest/17/ga/linux/aarch64/jdk/hotspot/normal/eclipse?project=jdk' -O /tmp/jdk17.tar.gz
+RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B
+# Get sig file for latest jdk17 ga
+RUN wget -q `curl -s 'https://api.adoptium.net/v3/assets/feature_releases/17/ga?architecture=aarch64&heap_size=normal&image_type=jdk&jvm_impl=hotspot&os=linux&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}'` -O /tmp/jdk17.sig
+RUN gpg --verify /tmp/jdk17.sig /tmp/jdk17.tar.gz
+RUN mkdir -p /usr/lib/jvm/jdk17 && tar -xpzf /tmp/jdk17.tar.gz -C /usr/lib/jvm/jdk17 --strip-components=1
+
+# Install Ant
+RUN wget -q -O /tmp/ant.zip "https://archive.apache.org/dist/ant/binaries/apache-ant-$ant_version-bin.zip"
+RUN wget -q -O /tmp/ant-contrib.tgz  https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz
+RUN echo "$ant_512checksum  /tmp/ant.zip" > /tmp/ant.sha512
+RUN echo "0fd2771dca2b8b014a4cb3246715b32e20ad5d26754186d82eee781507a183d5e63064890b95eb27c091c93c1209528a0b18a6d7e6901899319492a7610e74ad  /tmp/ant-contrib.tgz" >> /tmp/ant.sha512
+RUN sha512sum --check --strict /tmp/ant.sha512
+RUN ln -s /usr/local/apache-ant-$ant_version/bin/ant /usr/bin/ant
+RUN unzip -q -d /usr/local /tmp/ant.zip
+RUN tar xpfz /tmp/ant-contrib.tgz -C /usr/local/apache-ant-$ant_version/lib --strip-components=2 ant-contrib/lib/ant-contrib.jar
+# Clear up space
+RUN rm /tmp/jdk17.tar.gz /tmp/ant.zip /tmp/ant-contrib.tgz /tmp/jdk17.sig /tmp/ant.sha512
+
+# Set up jenkins user
+RUN useradd -m -d /home/jenkins jenkins
+RUN mkdir /home/jenkins/.ssh
+RUN echo "Jenkins_User_SSHKey" > /home/jenkins/.ssh/authorized_keys
+RUN chown -R jenkins /home/jenkins/.ssh
+RUN chmod -R og-rwx /home/jenkins/.ssh
+# RUN service ssh start
+CMD ["/usr/sbin/sshd","-D"]
+
+RUN dnf install -y git make gcc xorg-x11-server-Xvfb libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
+RUN dnf install -y coreutils --allowerasing curl
+# Install SSL Test packages
+RUN dnf install -y gnutls gnutls-utils nss nss-tools
+# ENTRYPOINT /usr/lib/jvm/jdk17/bin/java
+EXPOSE 22
+# Start with docker run -p 2222:22 UUID
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/README.md b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/README.md
index 24413cc4b9..e1bdccdf52 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/README.md
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/README.md
@@ -6,13 +6,15 @@ A verbose description of our static docker container system can be found in the
 The DockerStatic ansible role provides allows us to automate the setup of our dockerhost machines using the [dockerhost.yml](https://github.com/adoptium/infrastructure/blob/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml) playbook.
 
 ## Our current Dockerhost machines
-* [docker-packet-ubuntu2004-amd-1](https://ci.adoptium.net/computer/docker-packet-ubuntu2004-amd-1/)
-* [docker-packet-ubuntu2004-intel-1](https://ci.adoptium.net/computer/docker-packet-ubuntu2004-intel-1/)
-* [docker-packet-ubuntu2004-armv8-1](https://ci.adoptium.net/computer/docker-packet-ubuntu2004-armv8-1/)
-* [dockerhost-equinix-ubuntu2004-armv8-1](https://ci.adoptium.net/computer/dockerhost-equinix-ubuntu2004-armv8-1/)
+* [dockerhost-azure-ubuntu2204-x64-1](https://ci.adoptium.net/computer/dockerhost-azure-ubuntu2204-x64-1/)
+* [dockerhost-equinix-ubuntu2204-armv8-1](https://ci.adoptium.net/computer/dockerhost-equinix-ubuntu2204-armv8-1/)
+* [dockerhost-equinix-ubuntu2404-armv8-1](https://ci.adoptium.net/computer/dockerhost-equinix-ubuntu2404-armv8-1/)
+* [dockerhost-marist-ubuntu2404-s390x-1](https://ci.adoptium.net/computer/dockerhost-marist-ubuntu2404-s390x-1/)
+* [dockerhost-osuosl-ubuntu2404-ppc64le-1](https://ci.adoptium.net/computer/dockerhost-osuosl-ubuntu2404-ppc64le-1/)
+* [dockerhost-skytap-ubuntu2004-ppc64le-1](https://ci.adoptium.net/computer/dockerhost-skytap-ubuntu2004-ppc64le-1/)
+* [dockerhost-skytap-ubuntu2204-x64-1](https://ci.adoptium.net/computer/dockerhost-skytap-ubuntu2204-x64-1/) (Generally offline)
 
-
-## Setting up a new DockerStatic container (recommended)
+## Setting up a new DockerStatic container with ansible (recommended method)
 
 The [dockerhost.yml](https://github.com/adoptium/infrastructure/blob/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockernode.yml) playbook is used to deploy docker containers onto our dockerhost machines. 
 
@@ -23,7 +25,7 @@ ansible-playbook -u root -i <host-file> AdoptOpenJDK_Unix_Playbook
 /dockernode.yml -t "deploy" -e "docker_images=u2204,alp319,deb12"
 ```
 
-The `docker_images` variable is where the user can specifiy which docker containers to deploy, using the dockerfiles avaiable [here](https://github.com/adoptium/infrastructure/tree/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles) (which do get updated regularly).
+The `docker_images` variable is where the user can specify which docker containers to deploy, using the dockerfiles avaiable [here](https://github.com/adoptium/infrastructure/tree/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles) (which do get updated regularly).
 
 The `dockerhost.yml` playbook can deploy single, multiple and duplicate containers, for example
 

From c5f5a91611c64cc590e7cb2f813e663c1c627622 Mon Sep 17 00:00:00 2001
From: Stewart X Addison <sxa@redhat.com>
Date: Fri, 20 Dec 2024 15:32:11 +0000
Subject: [PATCH 2/5] Workaround for lock file issue on gpg --verify

Signed-off-by: Stewart X Addison <sxa@redhat.com>
---
 .../roles/DockerStatic/Dockerfiles/Dockerfile.centstream10     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10 b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
index 78eb052a83..95194a523e 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
@@ -8,6 +8,9 @@ RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -P ""
 
 # Download JDK
 RUN wget -q 'https://api.adoptium.net/v3/binary/latest/17/ga/linux/aarch64/jdk/hotspot/normal/eclipse?project=jdk' -O /tmp/jdk17.tar.gz
+# This looks odd but without it CS10 hits a lock file issue in the later GPG verify step
+# Ref: https://adoptium.slack.com/archives/C53GHCXL4/p1734707508976569?thread_ts=1734705997.537229&cid=C53GHCXL4
+RUN mkdir -p /root/.gnupg/public-keys.d
 RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B
 # Get sig file for latest jdk17 ga
 RUN wget -q `curl -s 'https://api.adoptium.net/v3/assets/feature_releases/17/ga?architecture=aarch64&heap_size=normal&image_type=jdk&jvm_impl=hotspot&os=linux&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}'` -O /tmp/jdk17.sig

From aa2a22a2789fa766df39419f01d01d7f042d4215 Mon Sep 17 00:00:00 2001
From: Stewart X Addison <sxa@redhat.com>
Date: Fri, 20 Dec 2024 15:57:34 +0000
Subject: [PATCH 3/5] Replace Xvfb with weston

Signed-off-by: Stewart X Addison <sxa@redhat.com>
---
 .../roles/DockerStatic/Dockerfiles/Dockerfile.centstream10      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10 b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
index 95194a523e..512dccc2e7 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
@@ -38,7 +38,7 @@ RUN chmod -R og-rwx /home/jenkins/.ssh
 # RUN service ssh start
 CMD ["/usr/sbin/sshd","-D"]
 
-RUN dnf install -y git make gcc xorg-x11-server-Xvfb libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
+RUN dnf install -y git make gcc weston libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
 RUN dnf install -y coreutils --allowerasing curl
 # Install SSL Test packages
 RUN dnf install -y gnutls gnutls-utils nss nss-tools

From 94db5b2d0ae2069c1983a243c148a99b3bf51923 Mon Sep 17 00:00:00 2001
From: Stewart X Addison <sxa@redhat.com>
Date: Mon, 20 Jan 2025 18:07:58 +0000
Subject: [PATCH 4/5] Updates to install weston on CS10 properly

Signed-off-by: Stewart X Addison <sxa@redhat.com>
---
 .../roles/DockerStatic/Dockerfiles/Dockerfile.centstream10       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10 b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
index 512dccc2e7..0e7e756c88 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
@@ -38,6 +38,7 @@ RUN chmod -R og-rwx /home/jenkins/.ssh
 # RUN service ssh start
 CMD ["/usr/sbin/sshd","-D"]
 
+RUN dnf -y --enablerepo=crb install turbojpeg
 RUN dnf install -y git make gcc weston libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
 RUN dnf install -y coreutils --allowerasing curl
 # Install SSL Test packages

From adabf3725d17de091b4a17d5bb483aae51622686 Mon Sep 17 00:00:00 2001
From: Stewart X Addison <sxa@redhat.com>
Date: Tue, 21 Jan 2025 12:49:26 +0000
Subject: [PATCH 5/5] Add xwayland-run

Signed-off-by: Stewart X Addison <sxa@redhat.com>
---
 .../roles/DockerStatic/Dockerfiles/Dockerfile.centstream10      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10 b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
index 0e7e756c88..3050fe195c 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10
@@ -39,7 +39,7 @@ RUN chmod -R og-rwx /home/jenkins/.ssh
 CMD ["/usr/sbin/sshd","-D"]
 
 RUN dnf -y --enablerepo=crb install turbojpeg
-RUN dnf install -y git make gcc weston libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
+RUN dnf install -y git make gcc weston xwayland-run libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
 RUN dnf install -y coreutils --allowerasing curl
 # Install SSL Test packages
 RUN dnf install -y gnutls gnutls-utils nss nss-tools