[CIVIS-11019] ubuntu 22.04 fips enabled base image for linuxserver

.env.example

@@ -0,0 +1,5 @@
+# ECR Configuration for FIPS Base Image
+ECR_ACCOUNT_ID=0123456789012
+ECR_REGION=us-east-999
+BASE_IMAGE_NAME=ubuntu-fips
+BASE_IMAGE_TAG=22.04

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,43 +1,50 @@
-<!--- Provide a general summary of your changes in the Title above -->
+ver_medium.png)][linuxserverurl]
 
-[linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+ut. We do not need a PR -->
+ange for corner case functionality or plugins please look at making a Docker Mod or local script https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ -->
+message -->
+-->
+repository, please add your changes there if appropriate -->
 
+TRIBUTING.md) guideline and understand that I have made the correct modifications
 
-<!--- Before submitting a pull request please check the following -->
+>
 
-<!---  If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR  -->
-<!---  Ask yourself if this modification is something the whole userbase will benefit from, if this is a specific change for corner case functionality or plugins please look at making a Docker Mod or local script  https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ -->
-<!---  That if the PR is addressing an existing issue include, closes #<issue number> , in the body of the PR commit message   -->
-<!---  You have included links to any files / patches etc your PR may be using in the body of the PR commit message -->
-<!--- We maintain a changelog of major revisions to the container at the end of readme-vars.yml in the root of this repository, please add your changes there if appropriate -->
+## Description
 
+Required: Please provide a brief description of what this pull request is trying to accomplish.
 
-<!--- Coding guidelines: -->
-<!--- 1. Installed packages in the Dockerfiles should be in alphabetical order -->
-<!--- 2. Changes to Dockerfile should be replicated in Dockerfile.armhf and Dockerfile.aarch64 if applicable -->
-<!--- 3. Indentation style (tabs vs 4 spaces vs 1 space) should match the rest of the document -->
-<!--- 4. Readme is auto generated from readme-vars.yml, make your changes there -->
+>
 
-------------------------------
+## Context, Consequences, & Considerations
 
- - [ ] I have read the [contributing](https://github.com/linuxserver/docker-baseimage-ubuntu/blob/jammy/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
+Required: Please step through the following list, pausing at each item to consider your change in relation to the item's context.
+Check the box to mark that it applies, and enter your relevant notes under the item.
 
-------------------------------
+- [ ] Security: This has security implications. This includes (but not limited to) adding users, modifying user/app permissions, network rules/policies, changing a system interconnection, or changing an authorization strategy.
+  - [ ] This PR does not require security review. These changes are part of a project plan that has already undergone security review. The link is provided below.
+  - [ ] This PR requires security review. Add the `security` label to this PR then request a review from the [Security Code Reviewers Team](https://github.com/orgs/civisanalytics/teams/security-code-reviewers).
 
-<!--- We welcome all PR’s though this doesn’t guarantee it will be accepted. -->
+>
 
-## Description:
-<!--- Describe your changes in detail -->
+- [ ] Execution: This change requires commands to be run outside of the normal merge.
 
-## Benefits of this PR and context:
-<!--- Please explain why we should accept this PR. If this fixes an outstanding bug, please reference the issue # -->
+>
 
-## How Has This Been Tested?
-<!--- Please describe in detail how you tested your changes. -->
-<!--- Include details of your testing environment, and the tests you ran to -->
-<!--- see how your change affects other areas of the code, etc. -->
+- [ ] Impact: This change may cause service interruptions.
 
+>
 
-## Source / References:
-<!--- Please include any forum posts/github links relevant to the PR -->
+- [ ] Testing: How did you test this change (unit tests, acceptance tests, etc.)? Did you do any manual testing?
+
+>
+
+- [ ] Testing: How will you confirm this change once it's merged?
+
+>
+
+- [ ] Documentation: Documentation to reflect this change has been added to Confluence or Zendesk.
+
+>
+
+- [ ] **All items of the checklist have been considered and this PR description is complete.**

.gitignore

@@ -42,3 +42,4 @@ Network Trash Folder
 Temporary Items
 .apdisk
 .jenkins-external
+.env

Dockerfile

@@ -1,65 +1,71 @@
 # syntax=docker/dockerfile:1
 
-FROM alpine:3 as rootfs-stage
+# ECR and base image configuration
+ARG ECR_ACCOUNT_ID=1234567890123
+ARG ECR_REGION=us-east-999
+ARG BASE_IMAGE_NAME=ubuntu-fips
+ARG BASE_IMAGE_TAG=22.04
+ARG ECR_URI=${ECR_ACCOUNT_ID}.dkr.ecr-fips.${ECR_REGION}.amazonaws.com/${BASE_IMAGE_NAME}:${BASE_IMAGE_TAG} 
 
-# environment
-ENV REL=jammy
-ENV ARCH=amd64
+FROM ${ECR_URI} as ubuntu-fips-python-s6
+# set version labels
+ARG BUILD_DATE
+ARG VERSION
+ARG MODS_VERSION="v3"
+ARG PKG_INST_VERSION="v1"
+ARG LSIOWN_VERSION="v1"
+ARG S6_OVERLAY_VERSION="3.1.6.2"
+ARG S6_OVERLAY_ARCH="x86_64"
 
-# install packages
-RUN \
-  apk add --no-cache \
-    bash \
-    curl \
-    tzdata \
-    xz
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="civisanalytics"
 
-# grab base tarball
-RUN \
-  mkdir /root-out && \
-  curl -o \
-    /rootfs.tar.gz -L \
-    https://partner-images.canonical.com/core/${REL}/current/ubuntu-${REL}-core-cloudimg-${ARCH}-root.tar.gz && \
-  tar xf \
-    /rootfs.tar.gz -C \
-    /root-out && \
-  rm -rf \
-    /root-out/var/log/*
+ENV REL=jammy
+ENV ARCH=amd64
 
-# set version for s6 overlay
-ARG S6_OVERLAY_VERSION="3.1.6.2"
-ARG S6_OVERLAY_ARCH="x86_64"
+# Install Python 3.10 and development tools
+RUN apt-get update && apt-get install -y \
+  curl \
+  tzdata \
+  python3.10 \
+  python3.10-dev \
+  python3.10-venv \
+  python3-pip \
+  build-essential \
+  libpq-dev \
+  git \
+  ca-certificates \
+  openssl \
+  xz-utils \
+  libssl-dev && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Update CA certificates to ensure SSL/TLS works properly
+  update-ca-certificates && \
+  ln -sf /usr/bin/python3.10 /usr/bin/python && \
+  ln -sf /usr/bin/python3.10 /usr/bin/python3
 
 # add s6 overlay
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
-RUN tar -C /root-out -Jxpf /tmp/s6-overlay-noarch.tar.xz
+RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz /tmp
-RUN tar -C /root-out -Jxpf /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz
+RUN tar -C / -Jxpf /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz
 
 # add s6 optional symlinks
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz /tmp
-RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
+RUN tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
-RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
-
-# Runtime stage
-FROM scratch
-COPY --from=rootfs-stage /root-out/ /
-ARG BUILD_DATE
-ARG VERSION
-ARG MODS_VERSION="v3"
-ARG PKG_INST_VERSION="v1"
-ARG LSIOWN_VERSION="v1"
-LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
-LABEL maintainer="TheLamer"
+RUN tar -C / -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
 
+# add mods
 ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods"
 ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run"
 ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown"
 
+FROM ubuntu-fips-python-s6 as linuxserver-python-base
+
 # set environment variables
 ARG DEBIAN_FRONTEND="noninteractive"
-ENV HOME="/root" \
+ENV HOME="/workspace" \
   LANGUAGE="en_US.UTF-8" \
   LANG="en_US.UTF-8" \
   TERM="xterm" \
@@ -69,9 +75,6 @@ ENV HOME="/root" \
   VIRTUAL_ENV=/lsiopy \
   PATH="/lsiopy/bin:$PATH"
 
-# copy sources
-COPY sources.list /etc/apt/
-
 RUN \
   echo "**** Ripped from Ubuntu Docker Logic ****" && \
   set -xe && \
@@ -123,12 +126,13 @@ RUN \
   echo "**** generate locale ****" && \
   locale-gen en_US.UTF-8 && \
   echo "**** create abc user and make our folders ****" && \
-  useradd -u 911 -U -d /config -s /bin/false abc && \
+  useradd -u 911 -U -d /workspace -s /bin/false abc && \
   usermod -G users abc && \
   mkdir -p \
     /app \
     /config \
     /defaults \
+    /workspace \
     /lsiopy && \
   echo "**** cleanup ****" && \
   apt-get autoremove && \
@@ -139,7 +143,6 @@ RUN \
     /var/tmp/* \
     /var/log/*
 
-# add local files
 COPY root/ /
 
 ENTRYPOINT ["/init"]