Update Dockerfile to build and install expat 2.7.2 from source (#3972)

pmaddev · web-flow · commit fb8ed75575e5 · 2025-10-16T22:54:46.000+05:30
* libexpat installation on docker image build

* carrying over the binary in final stage

* removed the dead code

* ordered correct

* undoed the bin sh

* undoed the bin sh

* debugs

* finds

* ls

* found

* apps

* env

* bigipconfigdriver

* found driver

* refactor

* refactor again

* python ln

* main drafted

* main drafted fix

* Cleanedup

* libexpat removed

* rpm based

* env

* repopath

* ls

* debugs

* full debug

* full debug

* added spec

* expat remove

* cis binary path

* Refactored with removing unnecessary binary copies
diff --git a/build-tools/Dockerfile.ubi b/build-tools/Dockerfile.ubi
@@ -1,3 +1,4 @@
+# Stage 1: Build Go binary
 FROM golang:1.23 as builder
 
 ARG REPOPATH=$GOPATH/src/github.com/F5Networks/k8s-bigip-ctlr
@@ -8,15 +9,27 @@ ARG BUILD_INFO
 
 WORKDIR $REPOPATH
 ENV GO111MODULE on
+
 COPY . .
 
 RUN $REPOPATH/build-tools/rel-build.sh
 
+# Stage 2: Build expat RPM (not from source!)
+FROM registry.redhat.io/ubi9/ubi-minimal AS build-expat-rpm
+
+RUN microdnf install -y rpm-build gcc gcc-c++ make tar bzip2 python3 shadow-utils autoconf libtool && microdnf clean all
+WORKDIR /root
+RUN mkdir -p /root/rpmbuild/{SOURCES,SPECS,BUILD,BUILDROOT,RPMS,SRPMS}
+COPY build-tools/expat.spec /root/rpmbuild/SPECS/expat.spec
+RUN curl -L -o /root/rpmbuild/SOURCES/expat-2.7.2.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_7_2/expat-2.7.2.tar.gz
+WORKDIR /root/rpmbuild
+RUN rpmbuild -ba SPECS/expat.spec
+
+# Stage 3: Final runtime image
 FROM registry.redhat.io/ubi9/ubi-minimal
 
 LABEL name="f5networks/k8s-bigip-ctlr" \
       vendor="F5 Networks" \
-      # version - should be passed in via docker build
       url="https://clouddocs.f5.com/containers/latest/" \
       summary="F5 BIG-IP Controller for Kubernetes" \
       description="Manages F5 BIG-IP from Kubernetes" \
@@ -27,17 +40,22 @@ LABEL name="f5networks/k8s-bigip-ctlr" \
       io.openshift.tags="f5,f5networks,bigip,openshift,router"
 
 ENV APPPATH /app
-
 ARG BUILD_VERSION
 ARG BUILD_INFO
-
 WORKDIR $APPPATH
 
+# Install expat 2.7.2 RPM first!
+COPY --from=build-expat-rpm /root/rpmbuild/RPMS/x86_64/expat-2.7.2-*.rpm /tmp/
+RUN microdnf remove expat -y || true && \
+    rpm -Uvh /tmp/expat-2.7.2-*.rpm && \
+    microdnf clean all
+
 COPY requirements.txt /tmp/requirements.txt
 
 RUN mkdir -p "$APPPATH/bin" "$APPPATH/vendor/src/f5/schemas/" \
  && touch $APPPATH/vendor/src/f5/VERSION_BUILD.json
 
+# Install runtime dependencies
 RUN microdnf update -y && \
     microdnf --enablerepo=ubi-9-baseos-rpms install --nodocs python39 python3-pip git shadow-utils -y && \
     microdnf --enablerepo=ubi-9-baseos-rpms --enablerepo=ubi-9-appstream-rpms update nss-tools nss-softokn nss-util scl-utils -y && \
@@ -49,10 +67,12 @@ RUN microdnf update -y && \
     microdnf remove perl-Error perl-File-Find perl-lib libedit openssh openssh-clients  perl-TermReadKey git-core git-core-doc less shadow-utils pip git-core-doc cracklib cracklib-dicts emacs-filesystem git-core-doc git-core groff-base gzip less libcbor libdb libeconf libedit libfdisk util-linux util-linux-core libfido2 libpwquality libsemanage libutempter ncurses openssh openssh-clients openssh-8.7p1 pam perl-Digest perl-Digest-MD5 perl-FileHandle perl-B perl-Data-Dumper perl-libnet perl-base perl-AutoLoader perl-URI perl-Mozilla-CA perl-if perl-IO-Socket-IP perl-Time-Local perl-File-Path perl-Pod-Escapes perl-Text-Tabs+Wrap perl-Net-SSLeay perl-IO-Socket-SSL perl-Class-Struct perl-POSIX perl-Term-ANSIColor perl-IPC-Open3 perl-subs perl-File-Temp perl-Term-Cap perl-HTTP-Tiny perl-Pod-Simple perl-Socket perl-SelectSaver perl-Symbol perl-File-stat perl-podlators perl-Pod-Perldoc perl-Fcntl perl-Text-ParseWords perl-mro perl-IO perl-overloading perl-Pod-Usage perl-Errno perl-File-Basename perl-Getopt-Std perl-MIME-Base64 perl-Scalar-List-Utils perl-constant perl-Storable perl-overload perl-parent perl-vars perl-Getopt-Long perl-Carp perl-Exporter perl-NDBM_File perl-PathTools perl-Encode perl-libs perl-interpreter perl-DynaLoader  -y && \
     microdnf clean all && echo "{\"version\": \"${BUILD_VERSION}\", \"build\": \"${BUILD_INFO}\"}" > $APPPATH/vendor/src/f5/VERSION_BUILD.json && chown -R ctlr "$APPPATH" && chmod -R 755 "$APPPATH"
 
-# Remove shell access
+# Remove shell access for security
 RUN rm -f /bin/sh /bin/bash
 
+# Switch to non-root user
 USER ctlr
+
 COPY schemas/*.json $APPPATH/vendor/src/f5/schemas/
 COPY LICENSE /licenses/
 
diff --git a/build-tools/expat.spec b/build-tools/expat.spec
@@ -0,0 +1,79 @@
+%global unversion 2_7_2
+
+Summary: An XML parser library
+Name: expat
+Version: %(echo %{unversion} | sed 's/_/./g')
+Release: 1%{?dist}
+Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.gz
+
+URL: https://libexpat.github.io/
+License: MIT
+BuildRequires: autoconf, libtool, gcc-c++
+BuildRequires: make
+
+%description
+This is expat, the C library for parsing XML, written by James Clark. Expat
+is a stream oriented XML parser. This means that you register handlers with
+the parser prior to starting the parse. These handlers are called when the
+parser discovers the associated structures in the document being parsed. A
+start tag is an example of the kind of structures for which you may
+register handlers.
+
+%package devel
+Summary: Libraries and header files to develop applications using expat
+Requires: expat%{?_isa} = %{version}-%{release}
+
+%description devel
+The expat-devel package contains the libraries, include files and documentation
+to develop XML applications with expat.
+
+%package static
+Summary: expat XML parser static library
+Requires: expat-devel%{?_isa} = %{version}-%{release}
+
+%description static
+The expat-static package contains the static version of the expat library.
+Install it if you need to link statically with expat.
+
+%prep
+%autosetup
+sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
+./buildconf.sh
+
+%build
+export CFLAGS="$RPM_OPT_FLAGS -fPIC"
+export DOCBOOK_TO_MAN="xmlto man --skip-validation"
+%configure
+%make_build
+
+%install
+%make_install
+
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+
+%check
+make check
+
+%ldconfig_scriptlets
+
+%files
+%doc AUTHORS Changes
+%license COPYING
+%{_bindir}/*
+%{_libdir}/libexpat.so.1
+%{_libdir}/libexpat.so.1.*
+%{_mandir}/*/*
+
+%files devel
+%doc doc/reference.html doc/*.css examples/*.c
+%{_libdir}/libexpat.so
+%{_libdir}/pkgconfig/*.pc
+%{_includedir}/*.h
+%{_libdir}/cmake/expat-%{version}
+
+%files static
+%{_libdir}/libexpat.a
+
+%changelog
+* Mon Oct 06 2025 Your Name <your.email@domain.com> - 2.7.2-1
+- Initial build for UBI9/RHEL9/CentOS9
