dockerfile: use ubi9 as image

Dockerfile

@@ -2,19 +2,19 @@
 # Build Stage
 # ------------------------------------------------------------------------------
 
-FROM --platform=${BUILDPLATFORM} registry.access.redhat.com/ubi8/ubi:8.7 as limitador-build
+FROM registry.access.redhat.com/ubi9/ubi:9.2 as limitador-build
 ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
 
 ARG RUSTC_VERSION=1.72.0
 
 # the powertools repo is required for protobuf-c and protobuf-devel
 RUN dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
-      http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm \
-      http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-8-6.el8.noarch.rpm \
+      https://mirror.stream.centos.org/9-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-9.0-23.el9.noarch.rpm \
+      https://mirror.stream.centos.org/9-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-9.0-23.el9.noarch.rpm \
  && dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install epel-release \
- && dnf config-manager --set-enabled powertools
+ && dnf config-manager --set-enabled crb
 
-RUN PKGS="gcc-c++ gcc-toolset-12-binutils-gold openssl-devel protobuf-c protobuf-devel git clang kernel-headers perl-IPC-Cmd" \
+RUN PKGS="protobuf-devel git clang perl" \
     && dnf install --nodocs --assumeyes $PKGS \
     && rpm --verify --nogroup --nouser $PKGS \
     && yum -y clean all
@@ -36,7 +36,7 @@ RUN source $HOME/.cargo/env \
 # Run Stage
 # ------------------------------------------------------------------------------
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2
 
 # shadow-utils is required for `useradd`
 RUN PKGS="libgcc libstdc++ shadow-utils" \

Dockerfile.aarch64

@@ -2,10 +2,12 @@
 # Build Stage cross compiling
 # ------------------------------------------------------------------------------
 
-FROM --platform=${BUILDPLATFORM} rust:1.72 as limitador-build
+# Use bullseye as build image instead of Bookworm as ubi9 does not not have GLIBCXX_3.4.30
+# https://access.redhat.com/solutions/6969351
+FROM --platform=${BUILDPLATFORM} rust:1.72-bullseye as limitador-build
 
 RUN apt update && apt upgrade -y
-RUN apt install -y protobuf-compiler clang
+RUN apt install -y protobuf-compiler clang gcc
 RUN apt install -y g++-aarch64-linux-gnu libc6-dev-arm64-cross
 
 RUN rustup target add aarch64-unknown-linux-gnu
@@ -29,12 +31,34 @@ RUN cargo build --release --target aarch64-unknown-linux-gnu
 # Run Stage
 # ------------------------------------------------------------------------------
 
-FROM gcr.io/distroless/cc-debian12
+#FROM gcr.io/distroless/cc-debian12
+#
+#WORKDIR /home/limitador/bin/
+#ENV PATH="/home/limitador/bin:${PATH}"
+#
+#COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../
+#COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server
+#
+#CMD ["limitador-server"]
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2
+
+# shadow-utils is required for `useradd`
+RUN PKGS="libgcc libstdc++ shadow-utils" \
+    && microdnf --assumeyes install --nodocs $PKGS \
+    && rpm --verify --nogroup --nouser $PKGS \
+    && microdnf -y clean all
+RUN useradd -u 1000 -s /bin/sh -m -d /home/limitador limitador
 
 WORKDIR /home/limitador/bin/
 ENV PATH="/home/limitador/bin:${PATH}"
 
 COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../
 COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server
 
+RUN chown -R limitador:root /home/limitador \
+    && chmod -R 750 /home/limitador
+
+USER limitador
+
 CMD ["limitador-server"]