red-hat-data-services
diff --git a/‎.tekton/odh-base-image-cpu-py312-c9s-pull-request.yaml‎
Lines changed: 1 addition & 2 deletions b/‎.tekton/odh-base-image-cpu-py312-c9s-pull-request.yaml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.tekton/odh-base-image-cpu-py312-c9s-push.yaml‎
Lines changed: 1 addition & 2 deletions b/‎.tekton/odh-base-image-cpu-py312-c9s-push.yaml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎base-images/cpu/c9s-python-3.12/Dockerfile.cpu‎
Lines changed: 60 additions & 4 deletions b/‎base-images/cpu/c9s-python-3.12/Dockerfile.cpu‎
Lines changed: 60 additions & 4 deletions
diff --git a/‎base-images/cpu/c9s-python-3.12/README.md‎
Lines changed: 37 additions & 0 deletions b/‎base-images/cpu/c9s-python-3.12/README.md‎
Lines changed: 37 additions & 0 deletions
@@ -39,8 +39,7 @@ spec:
     - linux/x86_64
     - linux/arm64
     - linux/ppc64le
-    # TODO(jdanek): Enable s390x once it is supported in the base image.
-    #- linux/s390x
+    - linux/s390x
   pipelineRef:
     name: multiarch-pull-request-pipeline
   taskRunTemplate:
 
@@ -37,8 +37,7 @@ spec:
     - linux/x86_64
     - linux/arm64
     - linux/ppc64le
-    # TODO(jdanek): Enable s390x once it is supported in the base image.
-    #- linux/s390x
+    - linux/s390x
   pipelineRef:
     name: multiarch-push-pipeline
   taskRunTemplate:
 
@@ -1,22 +1,78 @@
 ARG TARGETARCH
 
-FROM quay.io/sclorg/python-312-c9s:c9s AS buildscripts
+FROM quay.io/centos/centos:stream9 AS buildscripts
 COPY base-images/utils/aipcc.sh /mnt/aipcc.sh
+COPY base-images/utils/fix-permissions base-images/utils/rpm-file-permissions /mnt/usr/bin/
 
 ####################
 # base             #
 ####################
-FROM quay.io/sclorg/python-312-c9s:c9s AS base
+FROM quay.io/centos/centos:stream9 AS base
+
+ARG PYTHON_VERSION=3.12
+ENV PYTHON=python${PYTHON_VERSION}
+
+ARG VARIANT=cpu
+ARG NAME=odh-base-image-cpu-py312-c9s
+ARG SUMMARY="Open Data Hub Notebooks Base Image for ${VARIANT} with Python ${PYTHON_VERSION}"
+# https://github.com/projectatomic/ContainerApplicationGenericLabels
+ARG DESCRIPTION="${SUMMARY} with Python ${PYTHON_VERSION}"
+
+LABEL summary="${SUMMARY}" \
+      description="${DESCRIPTION}" \
+      io.k8s.display-name="${SUMMARY}" \
+      io.k8s.description="${DESCRIPTION}"
 
 USER 0
+ARG TARGETARCH
+ENV TARGETARCH=${TARGETARCH}
+
+# MPI implementation (default: OpenMPI)
+ENV MPI_HOME=/usr/lib64/openmpi
+
+ENV APP_ROOT=/opt/app-root
+ENV HOME=${APP_ROOT}/src
+ENV PATH=${HOME}/bin:${HOME}/.local/bin:${APP_ROOT}/bin:/usr/local/sbin:/usr/local/bin:${MPI_HOME}/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# Python and virtual env settings
+ENV VIRTUAL_ENV=${APP_ROOT} \
+    PIP_NO_CACHE_DIR=off \
+    UV_NO_CACHE=true \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=utf-8 \
+    LANG=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    PS1="(app-root) \w\$ "
+
+# OpenShift s2i / Cloud Native Buildpack user
+ENV CNB_USER_ID=1001 \
+    CNB_GROUP_ID=0
+
+# Create home directory and XDG cache directory group-writable. $HOME
+# is owned by 1001:0. All directories are writable by gid 0.
+# hadolint ignore=DL3046
+RUN useradd -u ${CNB_USER_ID} -g ${CNB_GROUP_ID} -d ${HOME} -K HOME_MODE=0770 -K UMASK=0007 -m -s /bin/bash -c "Default Application User" default \
+    && mkdir -m 770 "${HOME}/.cache"
+
+# permission fixer from github.com/sclorg
+COPY --from=buildscripts /mnt/usr/bin/ /usr/bin/
 
 RUN \
 --mount=from=buildscripts,source=/mnt,target=/mnt \
 --mount=type=cache,sharing=locked,id=dnf-c9s,target=/var/cache/dnf \
 /bin/bash <<'EOF'
+set -Eeuxo pipefail
 /mnt/aipcc.sh
+fix-permissions ${APP_ROOT} -P
 EOF
 
+RUN rpm-file-permissions
+
 # Restore user workspace
-USER 1001
-WORKDIR /opt/app-root/src
+WORKDIR ${APP_ROOT}
+USER ${CNB_USER_ID}:${CNB_GROUP_ID}
+
+# RHELAI-2417, RHELAI-1720: workaround for PyArrow
+# libjemalloc.so.2: cannot allocate memory in static TLS block
+ENV LD_PRELOAD=/usr/lib64/libjemalloc.so.2
@@ -0,0 +1,37 @@
+# AIPCC-like Python 3.12 base image
+
+## Generating the list of additional packages
+
+```commandline
+podman run --rm --pull=always quay.io/sclorg/python-312-c9s:c9s rpm -qa '*' | sort > /tmp/scl_packages.txt
+podman run --rm --pull=always quay.io/aipcc/base-images/cpu:3.1 rpm -qa '*' | sort > /tmp/aipcc_packages.txt
+```
+
+```python
+def get_packages_from_file(filename: str) -> set[str]:
+    """Reads a file and returns a set of package names."""
+    with open(filename, 'r') as f:
+        # We strip the version info from the package names (e.g., 'bash-5.1.8-6.el9_1.x86_64')
+        # to get just the package name ('bash').
+        return {line.strip().rsplit('-', 2)[0] for line in f if line.strip()}
+
+def main():
+    """
+    Compares package lists from two files and prints the difference,
+    formatted for inclusion in a bash script.
+    """
+    scl_packages = get_packages_from_file('/tmp/scl_packages.txt')
+    aipcc_packages = get_packages_from_file('/tmp/aipcc_packages.txt')
+
+    # Find packages in scl but not in aipcc
+    difference = sorted(list(scl_packages - aipcc_packages))
+
+    # Format for bash array
+    print("SCL_PACKAGES=(")
+    for pkg in difference:
+        print(f'    "{pkg}"')
+    print(")")
+
+if __name__ == "__main__":
+    main()
+```