examples: Containerfile cleanups

Move the addition of cfsctl to after the packages are installed.  This
lets us reuse the cached (and slow) package install layer even if cfsctl
changes.  Also clean up whitespace and the grouping of commands
generally to make things a bit prettier.

Signed-off-by: Allison Karlitskaya <[email protected]>

Author: allisonkarlitskaya

examples/bls/Containerfile

@@ -1,14 +1,24 @@
 FROM fedora:41
 COPY extra /
-COPY cfsctl /usr/bin
 RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
     set -eux
-    dnf --setopt keepcache=1 install --allowerasing -y systemd util-linux skopeo composefs strace dosfstools kernel openssh-server
+
+    dnf --setopt keepcache=1 install --allowerasing -y \
+        composefs \
+        dosfstools \
+        kernel \
+        openssh-server \
+        skopeo \
+        strace \
+        util-linux \
+        systemd
+
     systemctl enable systemd-networkd
     passwd -d root
     mkdir /sysroot
     mkdir /composefs-meta
     mv /boot /composefs-meta
     mkdir /boot
 EOF
+COPY cfsctl /usr/bin
 RUN true  # hack to get an extra layer

examples/bls/Containerfile.arch

@@ -1,18 +1,30 @@
 FROM archlinux AS base
 COPY extra /
-COPY cfsctl /usr/bin
 RUN <<EOF
     set -eux
+
     touch /etc/machine-id
     echo 'root=/dev/vda2' > /etc/kernel/cmdline
+
     pacman -Syu --noconfirm
-    pacman -Sy --noconfirm skopeo composefs strace dosfstools linux mkinitcpio btrfs-progs openssh
+    pacman -Sy --noconfirm \
+        btrfs-progs \
+        composefs \
+        dosfstools \
+        linux \
+        mkinitcpio \
+        openssh \
+        skopeo \
+        strace
+
+    kernel-install add "$(ls /usr/lib/modules)" /usr/lib/modules/"$(ls /usr/lib/modules)"/vmlinuz
+
     systemctl enable systemd-networkd systemd-resolved sshd
     passwd -d root
     mkdir /sysroot
-    kernel-install add "$(ls /usr/lib/modules)" /usr/lib/modules/"$(ls /usr/lib/modules)"/vmlinuz
     mkdir /composefs-meta
     mv /boot /composefs-meta
     mkdir /boot
 EOF
+COPY cfsctl /usr/bin
 RUN true

examples/bls/Containerfile.rawhide

@@ -1,14 +1,24 @@
 FROM fedora:rawhide
 COPY extra /
-COPY cfsctl /usr/bin
 RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
     set -eux
-    dnf --setopt keepcache=1 install --allowerasing -y systemd util-linux skopeo composefs strace dosfstools kernel openssh-server
+
+    dnf --setopt keepcache=1 install --allowerasing -y \
+        composefs \
+        dosfstools \
+        kernel \
+        openssh-server \
+        skopeo \
+        strace \
+        systemd \
+        util-linux
+
     systemctl enable systemd-networkd
     passwd -d root
     mkdir /sysroot
     mkdir /composefs-meta
     mv /boot /composefs-meta
     mkdir /boot
 EOF
+COPY cfsctl /usr/bin
 RUN true  # hack to get an extra layer

examples/bls/Containerfile.rhel9

@@ -1,19 +1,31 @@
 # FROM docker.io/redhat/ubi9  missing: dosfstools, kernel
 FROM quay.io/centos/centos:9
 COPY extra /
-COPY cfsctl /usr/bin
 RUN --mount=type=cache,target=/var/cache/dnf <<EOF
     set -eux
     mkdir -p /etc/kernel
     touch /etc/kernel/cmdline
+
     echo layout=bls | tee /etc/kernel/install.conf
+
     dnf --setopt keepcache=1 install --allowerasing -y \
-        systemd util-linux skopeo composefs strace dosfstools kernel openssh-server passwd NetworkManager
+        NetworkManager \
+        composefs \
+        dosfstools \
+        kernel \
+        openssh-server \
+        passwd \
+        skopeo \
+        strace \
+        systemd \
+        util-linux
+
     systemctl enable tmp.mount
     passwd -d root
     mkdir /sysroot
     mkdir /composefs-meta
     mv /boot /composefs-meta
     mkdir /boot
 EOF
+COPY cfsctl /usr/bin
 RUN true  # hack to get an extra layer

examples/bls/Containerfile.ubuntu

@@ -1,28 +1,42 @@
 FROM ubuntu:devel
 COPY extra /
-COPY cfsctl /usr/bin
-
 RUN <<EOF
     set -eux
+
     touch /etc/machine-id
     touch /etc/fstab
+
     apt update
     DEBIAN_FRONTEND=noninteractive apt install -y \
-        linux-image-generic openssh-server systemd udev dosfstools \
-        dracut btrfs-progs strace kmod linux-base \
-        libelf1t64 systemd udev podman skopeo btrfs-progs netctl
+        btrfs-progs \
+        dosfstools \
+        dracut \
+        kmod \
+        libelf1t64 \
+        linux-base \
+        linux-image-generic \
+        netctl \
+        openssh-server \
+        podman \
+        skopeo \
+        strace \
+        systemd \
+        udev
+    apt clean
+
     dracut \
      -a "systemd-initrd composefs bash" \
      -d "erofs overlay" \
      -I "/usr/lib/systemd/systemd-sysroot-fstab-check" \
      --kver $(ls /usr/lib/modules)   --force
+    kernel-install add $(cd /usr/lib/modules && echo *) /boot/vmlinuz-$(cd /usr/lib/modules && echo *)
+
     systemctl enable systemd-networkd systemd-resolved
     passwd -d root
-    kernel-install add $(cd /usr/lib/modules && echo *) /boot/vmlinuz-$(cd /usr/lib/modules && echo *)
-    apt clean
     mkdir /sysroot
     mkdir /composefs-meta
     mv /boot /composefs-meta
     mkdir /boot
 EOF
+COPY cfsctl /usr/bin
 RUN true

examples/uki/Containerfile

@@ -15,9 +15,9 @@
 
 FROM fedora:41 AS base
 COPY extra /
-COPY cfsctl /usr/bin
 RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
     set -eux
+
     # we should install kernel-modules here, but can't
     # because it'll pull in the entire kernel with it
     # it seems to work fine for now....
@@ -31,11 +31,13 @@ RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
         strace \
         systemd \
         util-linux
+
     systemctl enable systemd-networkd
     semanage permissive -a systemd_gpt_generator_t  # for volatile-root workaround
     passwd -d root
     mkdir /sysroot
 EOF
+COPY cfsctl /usr/bin
 
 FROM base AS kernel
 ARG COMPOSEFS_FSVERITY

examples/uki/Containerfile.arch

@@ -1,16 +1,25 @@
 FROM archlinux AS base
 COPY extra /
-COPY cfsctl /usr/bin
 RUN <<EOF
     set -eux
+
     touch /etc/machine-id
     mkdir -p boot/EFI/Linux
+
     pacman -Syu --noconfirm
-    pacman -Sy --noconfirm skopeo composefs strace dosfstools openssh linux
+    pacman -Sy --noconfirm \
+        composefs \
+        dosfstools \
+        linux \
+        openssh \
+        strace \
+        skopeo
+
     systemctl enable systemd-networkd systemd-resolved sshd
     passwd -d root
     mkdir /sysroot
 EOF
+COPY cfsctl /usr/bin
 
 FROM base AS kernel
 ARG COMPOSEFS_FSVERITY

examples/unified-secureboot/Containerfile

@@ -1,6 +1,5 @@
 FROM fedora:41 AS base
 COPY extra /
-COPY cfsctl /usr/bin
 RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
     set -eux
 
@@ -18,11 +17,13 @@ RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
         strace \
         systemd \
         util-linux
+
     systemctl enable systemd-networkd
     semanage permissive -a systemd_gpt_generator_t  # for volatile-root workaround
     passwd -d root
     mkdir /sysroot
 EOF
+COPY cfsctl /usr/bin
 
 FROM base AS kernel
 RUN --mount=type=bind,from=base,target=/mnt/base <<EOF

examples/unified/Containerfile

@@ -1,6 +1,5 @@
 FROM fedora:41 AS base
 COPY extra /
-COPY cfsctl /usr/bin
 RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
     set -eux
 
@@ -17,11 +16,13 @@ RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
         strace \
         systemd \
         util-linux
+
     systemctl enable systemd-networkd
     semanage permissive -a systemd_gpt_generator_t  # for volatile-root workaround
     passwd -d root
     mkdir /sysroot
 EOF
+COPY cfsctl /usr/bin
 
 FROM base AS kernel
 RUN --mount=type=bind,from=base,target=/mnt/base <<EOF