Use Universal Base Image

install-mq.sh

@@ -18,90 +18,19 @@
 # Fail on any non-zero return code
 set -ex
 
-mqm_uid=${1:-999}
+mqm_uid=${1:-888}
 
-test -f /usr/bin/yum && RHEL=true || RHEL=false
+test -f /usr/bin/yum && YUM=true || YUM=false
+test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false
+test -f /usr/bin/rpm && RPM=true || RPM=false
 test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false
 
-# If MQ_PACKAGES isn't specifically set, then choose a valid set of defaults
-if [ -z "$MQ_PACKAGES" ]; then
-  $UBUNTU && MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-ams"
-  $RHEL && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm"
-fi
-
-if ($UBUNTU); then
-  export DEBIAN_FRONTEND=noninteractive
-  # Use a reduced set of apt repositories.
-  # This ensures no unsupported code gets installed, and makes the build faster
-  source /etc/os-release
-  # Figure out the correct apt URL based on the CPU architecture
-  CPU_ARCH=$(uname -p)
-  if [ ${CPU_ARCH} == "x86_64" ]; then
-     APT_URL="http://archive.ubuntu.com/ubuntu/"
-  else
-     APT_URL="http://ports.ubuntu.com/ubuntu-ports/"
-  fi
-  # Use a reduced set of apt repositories.
-  # This ensures no unsupported code gets installed, and makes the build faster
-  echo "deb ${APT_URL} ${UBUNTU_CODENAME} main restricted" > /etc/apt/sources.list
-  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-updates main restricted" >> /etc/apt/sources.list
-  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-security main restricted" >> /etc/apt/sources.list
-  # Install additional packages required by MQ, this install process and the runtime scripts
-  apt-get update
-  apt-get install -y --no-install-recommends \
-    bash \
-    bc \
-    ca-certificates \
-    coreutils \
-    curl \
-    debianutils \
-    file \
-    findutils \
-    gawk \
-    grep \
-    libc-bin \
-    mount \
-    passwd \
-    procps \
-    sed \
-    tar \
-    util-linux
-fi
-
-# Install additional packages required by MQ, this install process and the runtime scripts
-$RHEL && yum -y install \
-  bash \
-  bc \
-  ca-certificates \
-  coreutils \
-  curl \
-  file \
-  findutils \
-  gawk \
-  glibc-common \
-  grep \
-  passwd \
-  procps-ng \
-  sed \
-  tar \
-  util-linux
-
 # Download and extract the MQ installation files
 DIR_EXTRACT=/tmp/mq
 mkdir -p ${DIR_EXTRACT}
 cd ${DIR_EXTRACT}
 curl -LO $MQ_URL
-tar -zxvf ./*.tar.gz
-
-# Remove packages only needed by this script
-$UBUNTU && apt-get purge -y \
-  ca-certificates \
-  curl
-
-# Note: ca-certificates and curl are installed by default in RHEL
-
-# Remove any orphaned packages
-$UBUNTU && apt-get autoremove -y
+tar -zxf ./*.tar.gz
 
 # Recommended: Create the mqm user ID with a fixed UID and group, so that the file permissions work between different images
 groupadd --system --gid ${mqm_uid} mqm
@@ -109,7 +38,7 @@ useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm
 
 # Find directory containing .deb files
 $UBUNTU && DIR_DEB=$(find ${DIR_EXTRACT} -name "*.deb" -printf "%h\n" | sort -u | head -1)
-$RHEL && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
+$RPM && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
 # Find location of mqlicense.sh
 MQLICENSE=$(find ${DIR_EXTRACT} -name "mqlicense.sh")
 
@@ -121,10 +50,11 @@ $UBUNTU && echo "deb [trusted=yes] file:${DIR_DEB} ./" > /etc/apt/sources.list.d
 $UBUNTU && apt-get update
 $UBUNTU && apt-get install -y $MQ_PACKAGES
 
-$RHEL && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES
+$RPM && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES
 
 # Remove 32-bit libraries from 64-bit container
-find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
+# The "file" utility isn't installed by default in UBI, so only try this if it's installed
+which file && find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 
 # Remove tar.gz files unpacked by RPM postinst scripts
 find /opt/mqm -name '*.tar.gz' -delete
@@ -136,16 +66,6 @@ find /opt/mqm -name '*.tar.gz' -delete
 $UBUNTU && rm -f /etc/apt/sources.list.d/IBM_MQ.list
 rm -rf ${DIR_EXTRACT}
 
-# Apply any bug fixes not included in base Ubuntu or MQ image.
-# Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run
-$UBUNTU && apt-get install -y libapparmor1 libsystemd0 systemd systemd-sysv libudev1 perl-base --only-upgrade
-# End of bug fixes
-
-# Clean up cached files
-$UBUNTU && rm -rf /var/lib/apt/lists/*
-$RHEL && yum -y clean all
-$RHEL && rm -rf /var/cache/yum/*
-
 # Optional: Update the command prompt with the MQ version
 $UBUNTU && echo "mq:$(dspmqver -b -f 2)" > /etc/debian_chroot
 
@@ -172,5 +92,20 @@ sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
 sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs
 
 $UBUNTU && PAM_FILE=/etc/pam.d/common-password
-$RHEL && PAM_FILE=/etc/pam.d/password-auth
+$RPM && PAM_FILE=/etc/pam.d/password-auth
 sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $PAM_FILE
+
+if ($RPM); then
+  install --directory --mode 0444 --owner mqm --group root /licenses
+  NOTICES="/licenses/installed_package_notices"
+  touch ${NOTICES}
+  chmod 0444 ${NOTICES}
+  set +x
+  for p in $(rpm -qa | sort)
+  do 
+    rpm -qi $p >> ${NOTICES}
+    printf "\n" >> ${NOTICES}
+    printf "$p\n"
+  done
+  set -x
+fi