From 74ec38cf021690295c7f7f6bc565c62e50b5c34b Mon Sep 17 00:00:00 2001 From: Dallas Delaney Date: Thu, 26 Jan 2023 14:58:55 -0800 Subject: [PATCH] osbuilder: Add support for CBL-Mariner Add osbuilder support to build a rootfs and image based on the CBL-Mariner Linux distro Fixes: #6462 Signed-off-by: Dallas Delaney --- tools/osbuilder/README.md | 14 +++++----- .../rootfs-builder/cbl-mariner/Dockerfile.in | 15 +++++++++++ .../rootfs-builder/cbl-mariner/config.sh | 10 +++++++ .../rootfs-builder/cbl-mariner/rootfs_lib.sh | 26 +++++++++++++++++++ 4 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/config.sh create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh diff --git a/tools/osbuilder/README.md b/tools/osbuilder/README.md index 343d2bf60a..9415de74e1 100644 --- a/tools/osbuilder/README.md +++ b/tools/osbuilder/README.md @@ -80,7 +80,7 @@ filesystem components to generate an initrd. 3. When generating an image, the initrd is extracted to obtain the base rootfs for the image. -Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu`. +Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu|cbl-mariner`. For example `make USE_DOCKER=true DISTRO=alpine rootfs` will make an Alpine rootfs using Docker. ### Rootfs creation @@ -209,9 +209,9 @@ of the the osbuilder distributions. > Note: this table is not relevant for the dracut build method, since it supports any Linux distribution and architecture where dracut is available. -| |Alpine |CentOS Stream |Clear Linux |Debian/Ubuntu | -|-- |-- |-- |-- |-- | -|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | | -|**PPC64le**| |:heavy_check_mark:| |:heavy_check_mark:| -|**s390x** | |:heavy_check_mark:| |:heavy_check_mark:| -|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| |Alpine |CentOS Stream |Clear Linux |Debian/Ubuntu |CBL-Mariner | +|-- |-- |-- |-- |-- |-- | +|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | | | +|**PPC64le**| |:heavy_check_mark:| |:heavy_check_mark:| | +|**s390x** | |:heavy_check_mark:| |:heavy_check_mark:| | +|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in b/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in new file mode 100644 index 0000000000..6fa29807d9 --- /dev/null +++ b/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in @@ -0,0 +1,15 @@ +# Copyright (c) 2023 Microsoft Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +ARG IMAGE_REGISTRY=mcr.microsoft.com +FROM ${IMAGE_REGISTRY}/cbl-mariner/base/core:@OS_VERSION@ + +RUN tdnf -y install \ + ca-certificates \ + build-essential \ + dnf \ + git \ + tar + +@INSTALL_RUST@ diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh b/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh new file mode 100644 index 0000000000..694124acd6 --- /dev/null +++ b/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh @@ -0,0 +1,10 @@ +# Copyright (c) 2023 Microsoft Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +OS_NAME=cbl-mariner +OS_VERSION=${OS_VERSION:-2.0} +LIBC="gnu" +PACKAGES="core-packages-base-image ca-certificates" +[ "$AGENT_INIT" = no ] && PACKAGES+=" systemd" +[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp" diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh new file mode 100644 index 0000000000..0288d4d77e --- /dev/null +++ b/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh @@ -0,0 +1,26 @@ +# Copyright (c) 2023 Microsoft Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +build_rootfs() +{ + # Mandatory + local ROOTFS_DIR="$1" + + [ -z "$ROOTFS_DIR" ] && die "need rootfs" + + # In case of support EXTRA packages, use it to allow + # users add more packages to the base rootfs + local EXTRA_PKGS=${EXTRA_PKGS:-""} + + check_root + mkdir -p "${ROOTFS_DIR}" + PKG_MANAGER="tdnf" + + DNF="${PKG_MANAGER} -y --installroot=${ROOTFS_DIR} --noplugins --releasever=${OS_VERSION}" + + info "install packages for rootfs" + $DNF install ${EXTRA_PKGS} ${PACKAGES} + + rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh} +}