diff --git a/.obs/workflows.yml b/.obs/workflows.yml
index 1e5e771a9..bc2c8fdbc 100644
--- a/.obs/workflows.yml
+++ b/.obs/workflows.yml
@@ -25,6 +25,10 @@ staging_build:
source_project: home:defolos:BCI:CR:Tumbleweed
source_package: apache-tomcat-9-image
target_project: home:defolos:BCI:CR:Tumbleweed:Staging
+ - branch_package:
+ source_project: home:defolos:BCI:CR:Tumbleweed
+ source_package: apache-tomcat-9-image
+ target_project: home:defolos:BCI:CR:Tumbleweed:Staging
- branch_package:
source_project: home:defolos:BCI:CR:Tumbleweed
source_package: blackbox_exporter-image
@@ -260,6 +264,9 @@ refresh_devel_BCI:
- trigger_services:
project: devel:BCI:Tumbleweed
package: apache-tomcat-9-image
+ - trigger_services:
+ project: devel:BCI:Tumbleweed
+ package: apache-tomcat-9-image
- trigger_services:
project: devel:BCI:Tumbleweed
package: blackbox_exporter-image
diff --git a/apache-tomcat-9-image/Dockerfile.openjdk21 b/apache-tomcat-9-image/Dockerfile.openjdk21
new file mode 100644
index 000000000..6cec763f0
--- /dev/null
+++ b/apache-tomcat-9-image/Dockerfile.openjdk21
@@ -0,0 +1,67 @@
+# SPDX-License-Identifier: MIT
+
+# Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+#!UseOBSRepositories
+
+#!BuildTag: opensuse/apache-tomcat:%%tomcat_version%%-openjdk21-%RELEASE%
+#!BuildTag: opensuse/apache-tomcat:%%tomcat_version%%-openjdk21
+#!BuildTag: opensuse/apache-tomcat:9-openjdk21
+
+FROM opensuse/bci/bci-micro:latest AS target
+FROM opensuse/tumbleweed:latest AS builder
+COPY --from=target / /target
+
+RUN set -euo pipefail; \
+ zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends tomcat curl sed java-21-openjdk java-21-openjdk-headless; \
+ zypper -n --installroot /target remove util-linux; \
+ zypper -n clean; \
+ rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}
+FROM opensuse/bci/bci-micro:latest
+COPY --from=builder /target /
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=org.opensuse.application.apache-tomcat
+LABEL org.opencontainers.image.title="openSUSE Tumbleweed Apache Tomcat"
+LABEL org.opencontainers.image.description="The Apache Tomcat software is an open-source implementation of the Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Annotations, and Jakarta Authentication specifications. These specifications are part of the Jakarta EE platform. It is based on the openSUSE Tumbleweed Base Container Image."
+LABEL org.opencontainers.image.version="%%tomcat_version%%"
+LABEL org.opencontainers.image.url="https://www.opensuse.org"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="openSUSE Project"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL org.opencontainers.image.ref.name="%%tomcat_version%%-openjdk21-%RELEASE%"
+LABEL org.opensuse.reference="registry.opensuse.org/opensuse/apache-tomcat:%%tomcat_version%%-openjdk21-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
+LABEL org.opensuse.release-stage="released"
+# endlabelprefix
+LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/apache-tomcat-9-image/README.openjdk21.md"
+LABEL io.artifacthub.package.logo-url="https://tomcat.apache.org/res/images/tomcat.png"
+ENV TOMCAT_MAJOR="9"
+ENV TOMCAT_VERSION="%%tomcat_version%%"
+ENV CATALINA_HOME="/usr/share/tomcat"
+ENV CATALINA_BASE="/usr/share/tomcat"
+ENV PATH="/usr/share/tomcat/bin:$PATH"
+
+CMD ["/usr/libexec/tomcat/server", "start"]
+EXPOSE 8080/tcp
+RUN set -euo pipefail; mkdir -p /var/log/tomcat; chown --recursive tomcat:tomcat /var/log/tomcat
+RUN set -euo pipefail; ln -s /usr/share/tomcat /usr/local/tomcat
+RUN set -euo pipefail; \
+ sed -i /etc/tomcat/logging.properties \
+ -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = java.util.logging.ConsoleHandler|' \
+ -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.\[/manager\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = java.util.logging.ConsoleHandler|' \
+ -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.\[/host-manager\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = java.util.logging.ConsoleHandler|'
+
+WORKDIR $CATALINA_HOME
+USER tomcat
diff --git a/apache-tomcat-9-image/README.openjdk21.md b/apache-tomcat-9-image/README.openjdk21.md
new file mode 100644
index 000000000..d2b39b440
--- /dev/null
+++ b/apache-tomcat-9-image/README.openjdk21.md
@@ -0,0 +1,74 @@
+# Tomcat 9 container image
+
+
+## Description
+Apache Tomcat (Tomcat for short) is a free and open-source implementation of the
+Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies. It
+provides a pure Java HTTP web server environment that can run Java code. It is a
+Java web application server and not a complete JEE application server.
+
+
+## Usage
+By default, the image launches Tomcat with the same configuration as the one
+that comes with SUSE Linux Enterprise Server. The difference is that logging is
+sent to stdout, meaning that the `podman logs tomcat` command displays Tomcat
+logs.
+
+For security reasons, the image runs as the **tomcat** user and is installed
+on a micro base container without a package manager.
+
+To deploy an application, copy the `.war` file into
+`$CATALINA_BASE/webapps` (either during a container build or by bind-mounting
+the directory), and launch the container using the following command:
+```ShellSession
+$ podman run -d --rm -p 8080:8080 registry.opensuse.org/opensuse/apache-tomcat:9-openjdk21
+```
+
+The deployed webapp is then accessible via `http://localhost:8080/$webapp_name`.
+
+
+### How to use the image with rootless Podman
+
+The container image can be used in rootless mode with Podman. Keep in mind that
+Podman remaps the `tomcat` user in the container to a different user on the
+host. This user does not have write access to the mounted directory. To avoid
+permission issues change permissions of the shared directory to `0777` as
+follows:
+
+```ShellSession
+$ chmod 0777 /path/to/my/app
+$ podman run --rm -d -v /path/to/my/app:/usr/share/tomcat/webapps:z \
+ -p 8080:8080 registry.opensuse.org/opensuse/apache-tomcat:9-openjdk21
+```
+
+
+## Configuration
+
+The main Tomcat configuration files (for example
+`/etc/tomcat/logging.properties`) are stored in `/etc/tomcat/`.
+
+Tomcat's runtime options can be configured using the environment variables
+`JAVA_OPTS` and `CATALINA_OPTS`. `JAVA_OPTS` specifies general options used for
+the JVM, whereas `CATALINA_OPTS` specifies Tomcat's flags. You can pass the
+options to the container runtime using the `-e` flag:
+```ShellSession
+$ podman run -it --rm \
+ -e JAVA_OPTS="-Xmx1024m" -p 8080:8080 \
+ registry.opensuse.org/opensuse/apache-tomcat:9-openjdk21
+```
+
+The image ships with `CATALINA_HOME` set to `/usr/share/tomcat`
+and `CATALINA_BASE` set to `/usr/share/tomcat`.
+
+
+
+
+## Licensing
+
+`SPDX-License-Identifier: MIT`
+
+This documentation and the build recipe are licensed as MIT.
+The container itself contains various software components under various open source licenses listed in the associated
+Software Bill of Materials (SBOM).
+
+This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).
diff --git a/apache-tomcat-9-image/_multibuild b/apache-tomcat-9-image/_multibuild
index 099fa7f74..1775dd524 100644
--- a/apache-tomcat-9-image/_multibuild
+++ b/apache-tomcat-9-image/_multibuild
@@ -1,3 +1,4 @@
openjdk17
+ openjdk21
\ No newline at end of file
diff --git a/apache-tomcat-9-image/_service b/apache-tomcat-9-image/_service
index 69086c9ee..a88a0cfbc 100644
--- a/apache-tomcat-9-image/_service
+++ b/apache-tomcat-9-image/_service
@@ -6,4 +6,9 @@
%%tomcat_version%%
tomcat
+
+ Dockerfile.openjdk21
+ %%tomcat_version%%
+ tomcat
+
\ No newline at end of file
diff --git a/apache-tomcat-9-image/apache-tomcat-9-image.changes b/apache-tomcat-9-image/apache-tomcat-9-image.changes
index 9d38f93a6..9f7ab5c74 100644
--- a/apache-tomcat-9-image/apache-tomcat-9-image.changes
+++ b/apache-tomcat-9-image/apache-tomcat-9-image.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Nov 13 13:40:30 UTC 2024 - SUSE Update Bot
+
+- add more flavors
+
-------------------------------------------------------------------
Wed Oct 30 18:28:27 UTC 2024 - SUSE Update Bot
diff --git a/cosign-image/Dockerfile b/cosign-image/Dockerfile
index 470d10fd4..4ef8c83a1 100644
--- a/cosign-image/Dockerfile
+++ b/cosign-image/Dockerfile
@@ -25,7 +25,7 @@ FROM opensuse/tumbleweed:latest AS builder
COPY --from=target / /target
RUN set -euo pipefail; \
- zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends cosign; \
+ zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends cosign openSUSE-build-key; \
zypper -n clean; \
rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}
FROM opensuse/bci/bci-micro:latest
diff --git a/cosign-image/cosign-image.changes b/cosign-image/cosign-image.changes
index 4c3151117..d0bce609d 100644
--- a/cosign-image/cosign-image.changes
+++ b/cosign-image/cosign-image.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Nov 13 13:40:15 UTC 2024 - SUSE Update Bot
+
+- ship with openSUSE-build-keys
+
-------------------------------------------------------------------
Wed Oct 30 15:34:45 UTC 2024 - SUSE Update Bot
diff --git a/kiwi-image/Dockerfile b/kiwi-image/Dockerfile
index d737387fd..8162db402 100644
--- a/kiwi-image/Dockerfile
+++ b/kiwi-image/Dockerfile
@@ -47,3 +47,4 @@ LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/
LABEL usage="This container requires an openSUSE/SUSE host kernel for full functionality."
# sanity check that the version from the tag is equal to the version of python3-kiwi that we expect
RUN set -euo pipefail; [ "$(rpm -q --qf '%{version}' python3-kiwi | cut -d '.' -f -2)" = "10.1" ]
+RUN set -euo pipefail; printf "mapper:\n - part_mapper: kpartx\n" > /etc/kiwi.yml
diff --git a/kiwi-image/kiwi-image.changes b/kiwi-image/kiwi-image.changes
index a66df9a81..ae59cd176 100644
--- a/kiwi-image/kiwi-image.changes
+++ b/kiwi-image/kiwi-image.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Nov 13 13:39:42 UTC 2024 - SUSE Update Bot
+
+- set mapper backend to kpartx
+
-------------------------------------------------------------------
Mon Nov 11 11:50:37 UTC 2024 - SUSE Update Bot