From 4f3f7e27088318d985c98fdf419cbaa2ebe8d369 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 19 Jul 2023 11:41:57 +1000
Subject: [PATCH] Revert to opensuse based radius container. (#1878)

---
 rlm_python/Dockerfile | 50 +++++++++++++++++++++++++++----------------
 server/Dockerfile     |  3 ++-
 tools/Dockerfile      |  3 ++-
 3 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/rlm_python/Dockerfile b/rlm_python/Dockerfile
index ff0e8a16f..121759ae4 100644
--- a/rlm_python/Dockerfile
+++ b/rlm_python/Dockerfile
@@ -1,22 +1,38 @@
-FROM freeradius/freeradius-server:latest
-EXPOSE 1812 1813
-ARG RADIUS_USER=freerad
-ARG TZ=Etc/UTC
-ENV TZ=$TZ
-# These all need to be on one line else the cache ends up in the layers.
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+ARG BASE_IMAGE=opensuse/tumbleweed:latest
+FROM ${BASE_IMAGE} AS repos
+RUN \
+    --mount=type=cache,id=zypp,target=/var/cache/zypp \
+    zypper mr -k repo-oss; \
+    zypper mr -k repo-non-oss; \
+    zypper mr -k repo-update; \
+    zypper ref --force; \
+    zypper -v dup -y
 
-RUN apt-get update && apt-get install -y \
-    freeradius-utils \
+# ======================
+FROM repos
+EXPOSE 1812 1813
+ARG RADIUS_USER=radiusd
+
+RUN \
+    --mount=type=cache,id=zypp,target=/var/cache/zypp \
+    zypper install -y \
+    freeradius-client \
+    freeradius-server \
+    freeradius-server-python3 \
+    freeradius-server-utils \
     hostname \
     python3 \
+    python3-devel \
     python3-pip \
-    python-is-python3 \
-    tzdata \
+    timezone \
     iproute2 \
-    iputils-ping iputils-tracepath \
+    iputils \
     openssl \
-    curl && apt-get clean
+    curl
+
+# Don't put in the TZ at build time - it needs to be bind mounted at runtime
+# else we are forcing things on people.
+# RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
 ADD  rlm_python/mods-available/ /etc/raddb/mods-available/
 COPY rlm_python/sites-available/ /etc/raddb/sites-available/
@@ -29,9 +45,8 @@ RUN ln -s /etc/raddb/mods-available/python3 /etc/raddb/mods-enabled/python3 && \
     ln -s /etc/raddb/sites-available/check-eap-tls /etc/raddb/sites-enabled/check-eap-tls
 
 # disable auth via methods we don't support!
-# RUN rm /etc/raddb/mods-available/sql && \
-    # rm /etc/raddb/mods-enabled/{passwd,totp}
-
+RUN rm /etc/raddb/mods-available/sql && \
+    rm /etc/raddb/mods-enabled/{passwd,totp}
 
 # Allows the radiusd user to write to the directory
 RUN chown -R $RADIUS_USER. /etc/raddb/ && \
@@ -42,8 +57,7 @@ RUN mkdir -p /pkg/pykanidm/
 COPY pykanidm/ /pkg/pykanidm/
 
 # install the package and its dependencies
-RUN python3 -m pip install --no-cache-dir --no-warn-script-location /pkg/pykanidm && \
-    rm -rf /pkg/*
+RUN python3 -m pip install --no-cache-dir --no-warn-script-location /pkg/pykanidm
 
 COPY rlm_python/radius_entrypoint.py /radius_entrypoint.py
 
diff --git a/server/Dockerfile b/server/Dockerfile
index 0a0924a87..605742f64 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -6,7 +6,8 @@ RUN \
     zypper mr -k repo-oss; \
     zypper mr -k repo-non-oss; \
     zypper mr -k repo-update; \
-    zypper dup -y
+    zypper ref --force ; \
+    zypper -v dup -y
 
 # ======================
 FROM repos AS builder
diff --git a/tools/Dockerfile b/tools/Dockerfile
index e1db7a587..19481b862 100644
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@@ -6,7 +6,8 @@ RUN \
     zypper mr -k repo-oss; \
     zypper mr -k repo-non-oss; \
     zypper mr -k repo-update; \
-    zypper dup -y
+    zypper ref --force; \
+    zypper -v dup -y
 
 FROM repos AS builder
 ARG KANIDM_FEATURES