From 74ec38cf021690295c7f7f6bc565c62e50b5c34b Mon Sep 17 00:00:00 2001
From: Dallas Delaney <dadelan@microsoft.com>
Date: Thu, 26 Jan 2023 14:58:55 -0800
Subject: [PATCH] osbuilder: Add support for CBL-Mariner

Add osbuilder support to build a rootfs and image
based on the CBL-Mariner Linux distro

Fixes: #6462

Signed-off-by: Dallas Delaney <dadelan@microsoft.com>
---
 tools/osbuilder/README.md                     | 14 +++++-----
 .../rootfs-builder/cbl-mariner/Dockerfile.in  | 15 +++++++++++
 .../rootfs-builder/cbl-mariner/config.sh      | 10 +++++++
 .../rootfs-builder/cbl-mariner/rootfs_lib.sh  | 26 +++++++++++++++++++
 4 files changed, 58 insertions(+), 7 deletions(-)
 create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in
 create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/config.sh
 create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh

diff --git a/tools/osbuilder/README.md b/tools/osbuilder/README.md
index 343d2bf60a..9415de74e1 100644
--- a/tools/osbuilder/README.md
+++ b/tools/osbuilder/README.md
@@ -80,7 +80,7 @@ filesystem components to generate an initrd.
 3. When generating an image, the initrd is extracted to obtain the base rootfs for
 the image.
 
-Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu`.
+Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu|cbl-mariner`.
 For example `make USE_DOCKER=true DISTRO=alpine rootfs` will make an Alpine rootfs using Docker.
 
 ### Rootfs creation
@@ -209,9 +209,9 @@ of the the osbuilder distributions.
 > Note: this table is not relevant for the dracut build method, since it supports
 any Linux distribution and architecture where dracut is available.
 
-|           |Alpine            |CentOS Stream     |Clear Linux       |Debian/Ubuntu     |
-|--         |--                |--                |--                |--                |
-|**ARM64**  |:heavy_check_mark:|:heavy_check_mark:|                  |                  |
-|**PPC64le**|                  |:heavy_check_mark:|                  |:heavy_check_mark:|
-|**s390x**  |                  |:heavy_check_mark:|                  |:heavy_check_mark:|
-|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
+|           |Alpine            |CentOS Stream     |Clear Linux       |Debian/Ubuntu     |CBL-Mariner       |
+|--         |--                |--                |--                |--                |--                |
+|**ARM64**  |:heavy_check_mark:|:heavy_check_mark:|                  |                  |                  |
+|**PPC64le**|                  |:heavy_check_mark:|                  |:heavy_check_mark:|                  |
+|**s390x**  |                  |:heavy_check_mark:|                  |:heavy_check_mark:|                  |
+|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in b/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in
new file mode 100644
index 0000000000..6fa29807d9
--- /dev/null
+++ b/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+ARG IMAGE_REGISTRY=mcr.microsoft.com
+FROM ${IMAGE_REGISTRY}/cbl-mariner/base/core:@OS_VERSION@
+
+RUN tdnf -y install \
+    ca-certificates \
+    build-essential \
+    dnf \
+    git \
+    tar
+
+@INSTALL_RUST@
diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh b/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh
new file mode 100644
index 0000000000..694124acd6
--- /dev/null
+++ b/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh
@@ -0,0 +1,10 @@
+# Copyright (c) 2023 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+OS_NAME=cbl-mariner
+OS_VERSION=${OS_VERSION:-2.0}
+LIBC="gnu"
+PACKAGES="core-packages-base-image ca-certificates"
+[ "$AGENT_INIT" = no ] && PACKAGES+=" systemd"
+[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp"
diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh
new file mode 100644
index 0000000000..0288d4d77e
--- /dev/null
+++ b/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh
@@ -0,0 +1,26 @@
+# Copyright (c) 2023 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+build_rootfs()
+{
+	# Mandatory
+	local ROOTFS_DIR="$1"
+
+	[ -z "$ROOTFS_DIR" ] && die "need rootfs"
+
+	# In case of support EXTRA packages, use it to allow
+	# users add more packages to the base rootfs
+	local EXTRA_PKGS=${EXTRA_PKGS:-""}
+
+	check_root
+	mkdir -p "${ROOTFS_DIR}"
+	PKG_MANAGER="tdnf"
+
+	DNF="${PKG_MANAGER} -y --installroot=${ROOTFS_DIR} --noplugins --releasever=${OS_VERSION}"
+
+	info "install packages for rootfs"
+	$DNF install ${EXTRA_PKGS} ${PACKAGES}
+
+	rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh}
+}