diff --git a/Makefile b/Makefile
index 4668c6c83..98206ef45 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,7 @@ CONTAINER_TOOL ?= docker
 BUILDKIT_PROGRESS ?= plain
 TESTS ?=
 BOOK_VERSION ?= master
+GIT_COMMIT := $(shell git rev-parse HEAD)
 
 .DEFAULT: help
 .PHONY: help
@@ -32,6 +33,8 @@ buildx/kanidmd:
 		--progress $(BUILDKIT_PROGRESS) \
 		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
 		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .
 
 .PHONY: buildx/kanidm_tools
@@ -45,6 +48,8 @@ buildx/kanidm_tools:
 		--progress $(BUILDKIT_PROGRESS) \
 		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
 		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .
 
 .PHONY: buildx/radiusd
@@ -54,6 +59,8 @@ buildx/radiusd:
 		--pull --push --platform $(IMAGE_ARCH) \
 		-f rlm_python/Dockerfile \
 		--progress $(BUILDKIT_PROGRESS) \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		-t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) \
 		-t $(IMAGE_BASE)/radius:$(IMAGE_EXT_VERSION) .
 
@@ -65,17 +72,19 @@ build/kanidmd:	## Build the kanidmd docker image locally
 build/kanidmd:
 	@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) -f server/Dockerfile \
 		-t $(IMAGE_BASE)/server:$(IMAGE_VERSION) \
-		--platform $(IMAGE_ARCH) \
 		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
 		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .
 
 .PHONY: build/radiusd
 build/radiusd:	## Build the radiusd docker image locally
 build/radiusd:
 	@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) \
-		--platform $(IMAGE_ARCH) \
 		-f rlm_python/Dockerfile \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		-t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) .
 
 .PHONY: build
@@ -88,6 +97,8 @@ test/kanidmd:
 		$(CONTAINER_TOOL_ARGS) -f server/Dockerfile \
 		--target builder \
 		-t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .
 	@$(CONTAINER_TOOL) run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test
 
diff --git a/examples/apache_oauth/Dockerfile b/examples/apache_oauth/Dockerfile
index b8e931e3b..db734cd29 100644
--- a/examples/apache_oauth/Dockerfile
+++ b/examples/apache_oauth/Dockerfile
@@ -10,3 +10,4 @@ RUN a2enmod ssl
 RUN rm /etc/apache2/sites-enabled/000-default.conf
 COPY index.html /var/www/html/index.html
 COPY oauth2.conf /etc/apache2/sites-enabled/oauth2.conf
+
diff --git a/rlm_python/Dockerfile b/rlm_python/Dockerfile
index 121759ae4..0aad95f8e 100644
--- a/rlm_python/Dockerfile
+++ b/rlm_python/Dockerfile
@@ -1,12 +1,7 @@
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
 FROM ${BASE_IMAGE} AS repos
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper mr -k repo-oss; \
-    zypper mr -k repo-non-oss; \
-    zypper mr -k repo-update; \
-    zypper ref --force; \
-    zypper -v dup -y
+ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
 
 # ======================
 FROM repos
@@ -16,25 +11,25 @@ ARG RADIUS_USER=radiusd
 RUN \
     --mount=type=cache,id=zypp,target=/var/cache/zypp \
     zypper install -y \
-    freeradius-client \
-    freeradius-server \
-    freeradius-server-python3 \
-    freeradius-server-utils \
-    hostname \
-    python3 \
-    python3-devel \
-    python3-pip \
-    timezone \
-    iproute2 \
-    iputils \
-    openssl \
-    curl
+        freeradius-client \
+        freeradius-server \
+        freeradius-server-python3 \
+        freeradius-server-utils \
+        hostname \
+        python3 \
+        python3-devel \
+        python3-pip \
+        timezone \
+        iproute2 \
+        iputils \
+        openssl \
+        curl
 
 # Don't put in the TZ at build time - it needs to be bind mounted at runtime
 # else we are forcing things on people.
 # RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
-ADD  rlm_python/mods-available/ /etc/raddb/mods-available/
+ADD rlm_python/mods-available/ /etc/raddb/mods-available/
 COPY rlm_python/sites-available/ /etc/raddb/sites-available/
 
 # Set a working directory of /etc/raddb
diff --git a/scripts/zypper_fixing.sh b/scripts/zypper_fixing.sh
new file mode 100755
index 000000000..973437cd0
--- /dev/null
+++ b/scripts/zypper_fixing.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# makes sure the repos are configured because the containers are derpy sometimes
+
+#disable the openh264 repo
+if [ "$(zypper lr | grep -ci 'repo-openh264')" -eq 1 ]; then
+    zypper mr -d -f -n 'repo-openh264'
+fi
+
+# add the non-oss repo if it doesn't exist
+if [ "$(zypper lr | grep -c 'repo-non-oss')" -eq 0 ]; then
+    zypper ar -f -n 'Non-OSS' http://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss
+fi
+
+# update the repos and make sure the ones we want are enabled
+zypper mr -k repo-oss
+zypper mr -k repo-non-oss
+zypper mr -k repo-update
+# force the refresh because zypper is too silly to work out it needs to do it itself
+zypper ref --force
+# show which mirror is failing if an error occurs (otherwise zypper shows the wrong mirror url)
+zypper -v dup -y
diff --git a/server/Dockerfile b/server/Dockerfile
index 605742f64..ceb8a48b6 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -1,13 +1,9 @@
 # Build the main Kanidmd server
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
+
 FROM ${BASE_IMAGE} AS repos
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper mr -k repo-oss; \
-    zypper mr -k repo-non-oss; \
-    zypper mr -k repo-update; \
-    zypper ref --force ; \
-    zypper -v dup -y
+ADD scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
 
 # ======================
 FROM repos AS builder
@@ -25,8 +21,11 @@ RUN \
         sccache \
         cargo \
         clang \
-        make automake autoconf \
-        libopenssl-3-devel pam-devel \
+        make \
+        automake \
+        autoconf \
+        libopenssl-3-devel \
+        pam-devel \
         sqlite3-devel \
         rsync \
         findutils \
@@ -47,13 +46,12 @@ COPY . /usr/src/kanidm
 WORKDIR /usr/src/kanidm/kanidmd/daemon
 
 # Exports don't persist through RUN statements.
-RUN \
---mount=type=cache,id=cargo,target=/cargo \
---mount=type=cache,id=sccache,target=/sccache \
-export CARGO_HOME=/cargo; \
-export SCCACHE_DIR=/sccache; \
-export RUSTC_WRAPPER=/usr/bin/sccache; \
-export CC="/usr/bin/clang"; \
+RUN --mount=type=cache,id=cargo,target=/cargo \
+    --mount=type=cache,id=sccache,target=/sccache \
+    export CARGO_HOME=/cargo && \
+    export SCCACHE_DIR=/sccache && \
+    export RUSTC_WRAPPER=/usr/bin/sccache && \
+    export CC="/usr/bin/clang" && \
     cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
         --target-dir="/usr/src/kanidm/target/" \
         --features="${KANIDM_FEATURES}" \
@@ -63,7 +61,6 @@ export CC="/usr/bin/clang"; \
 # ======================
 
 FROM repos
-
 RUN \
     --mount=type=cache,id=zypp,target=/var/cache/zypp \
     zypper install -y \
@@ -80,4 +77,5 @@ EXPOSE 8443 3636
 VOLUME /data
 
 ENV RUST_BACKTRACE 1
+
 CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]
diff --git a/tools/Dockerfile b/tools/Dockerfile
index 19481b862..454714581 100644
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@@ -1,13 +1,8 @@
 # This builds the kanidm CLI tools
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
 FROM ${BASE_IMAGE} AS repos
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper mr -k repo-oss; \
-    zypper mr -k repo-non-oss; \
-    zypper mr -k repo-update; \
-    zypper ref --force; \
-    zypper -v dup -y
+ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
 
 FROM repos AS builder
 ARG KANIDM_FEATURES
@@ -24,7 +19,9 @@ RUN \
         sccache \
         cargo \
         clang \
-        make automake autoconf \
+        make \
+        automake \
+        autoconf \
         libopenssl-3-devel \
         pam-devel \
         libudev-devel \
@@ -38,20 +35,20 @@ WORKDIR /usr/src/kanidm/
 
 # build the CLI
 RUN \
---mount=type=cache,id=cargo,target=/cargo \
---mount=type=cache,id=sccache,target=/sccache \
-export CARGO_HOME=/cargo; \
-export SCCACHE_DIR=/sccache; \
-export RUSTC_WRAPPER=/usr/bin/sccache; \
-export CC="/usr/bin/clang"; \
+    --mount=type=cache,id=cargo,target=/cargo \
+    --mount=type=cache,id=sccache,target=/sccache \
+    export CARGO_HOME=/cargo; \
+    export SCCACHE_DIR=/sccache; \
+    export RUSTC_WRAPPER=/usr/bin/sccache; \
+    export CC="/usr/bin/clang"; \
     cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
         --target-dir="/usr/src/kanidm/target/" \
         --features="${KANIDM_FEATURES}" \
-        --release; \
+        --release && \
     cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
         --target-dir="/usr/src/kanidm/target/" \
         --features="${KANIDM_FEATURES}" \
-        --release; \
+        --release  && \
     sccache -s
 
 # == Construct the tools container
@@ -61,7 +58,10 @@ ENV RUST_BACKTRACE 1
 
 RUN \
     --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper install -y timezone busybox-adduser openssl-3
+    zypper install -y \
+        timezone \
+        busybox-adduser \
+        openssl-3
 
 COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
 COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/
@@ -74,5 +74,4 @@ RUN adduser -D -H kanidm && \
 
 USER kanidm
 
-CMD [ "/sbin/kanidm", "-h" ]
-
+CMD [ "/sbin/kanidm", "-h" ]
\ No newline at end of file