osbuilder: Add support for CBL-Mariner

Add osbuilder support to build a rootfs and image
based on the CBL-Mariner Linux distro

Fixes: #6462

Signed-off-by: Dallas Delaney <dadelan@microsoft.com>

tools/osbuilder/README.md

@@ -80,7 +80,7 @@ filesystem components to generate an initrd.
 3. When generating an image, the initrd is extracted to obtain the base rootfs for
 the image.
 
-Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu`.
+Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu|cbl-mariner`.
 For example `make USE_DOCKER=true DISTRO=alpine rootfs` will make an Alpine rootfs using Docker.
 
 ### Rootfs creation
@@ -209,9 +209,9 @@ of the the osbuilder distributions.
 > Note: this table is not relevant for the dracut build method, since it supports
 any Linux distribution and architecture where dracut is available.
 
-|           |Alpine            |CentOS Stream     |Clear Linux       |Debian/Ubuntu     |
+|           |Alpine            |CentOS Stream     |Clear Linux       |Debian/Ubuntu     |CBL-Mariner       |
-|--         |--                |--                |--                |--                |
+|--         |--                |--                |--                |--                |--                |
-|**ARM64**  |:heavy_check_mark:|:heavy_check_mark:|                  |                  |
+|**ARM64**  |:heavy_check_mark:|:heavy_check_mark:|                  |                  |                  |
-|**PPC64le**|                  |:heavy_check_mark:|                  |:heavy_check_mark:|
+|**PPC64le**|                  |:heavy_check_mark:|                  |:heavy_check_mark:|                  |
-|**s390x**  |                  |:heavy_check_mark:|                  |:heavy_check_mark:|
+|**s390x**  |                  |:heavy_check_mark:|                  |:heavy_check_mark:|                  |
-|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
+|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|

tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in

@@ -0,0 +1,15 @@
+# Copyright (c) 2023 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+ARG IMAGE_REGISTRY=mcr.microsoft.com
+FROM ${IMAGE_REGISTRY}/cbl-mariner/base/core:@OS_VERSION@
+
+RUN tdnf -y install \
+    ca-certificates \
+    build-essential \
+    dnf \
+    git \
+    tar
+
+@INSTALL_RUST@

tools/osbuilder/rootfs-builder/cbl-mariner/config.sh

@@ -0,0 +1,10 @@
+# Copyright (c) 2023 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+OS_NAME=cbl-mariner
+OS_VERSION=${OS_VERSION:-2.0}
+LIBC="gnu"
+PACKAGES="core-packages-base-image ca-certificates"
+[ "$AGENT_INIT" = no ] && PACKAGES+=" systemd"
+[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp"

tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh

@@ -0,0 +1,26 @@
+# Copyright (c) 2023 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+build_rootfs()
+{
+	# Mandatory
+	local ROOTFS_DIR="$1"
+
+	[ -z "$ROOTFS_DIR" ] && die "need rootfs"
+
+	# In case of support EXTRA packages, use it to allow
+	# users add more packages to the base rootfs
+	local EXTRA_PKGS=${EXTRA_PKGS:-""}
+
+	check_root
+	mkdir -p "${ROOTFS_DIR}"
+	PKG_MANAGER="tdnf"
+
+	DNF="${PKG_MANAGER} -y --installroot=${ROOTFS_DIR} --noplugins --releasever=${OS_VERSION}"
+
+	info "install packages for rootfs"
+	$DNF install ${EXTRA_PKGS} ${PACKAGES}
+
+	rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh}
+}