From 0452db3f15c4e7d0ee21acf545a314e18ff866d2 Mon Sep 17 00:00:00 2001
From: Damon Barry <damonbarry@users.noreply.github.com>
Date: Thu, 30 Jan 2025 09:27:29 -0800
Subject: [PATCH] Add support for Azure Linux 3.0 (#648)

Needed for the next version of EFLOW
---
 .github/workflows/packages.yaml               |  5 +-
 ci/install-build-deps.sh                      | 46 ++++++++++------
 ci/package.sh                                 | 53 +++++++++++--------
 .../mariner/aziot-identity-service.spec.in    |  2 +-
 4 files changed, 66 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/packages.yaml b/.github/workflows/packages.yaml
index 91127314..ca0fd46c 100644
--- a/.github/workflows/packages.yaml
+++ b/.github/workflows/packages.yaml
@@ -36,11 +36,14 @@ jobs:
           arch: 'arm32v7'
         - container_os: 'redhat/ubi9:latest'
           arch: 'aarch64'
-        # Include this for mariner package builds. Mariner cannot be built on its own OS so we need an Ubuntu container.
+        # Azure Linux cannot be built on its own OS so we need an Ubuntu container.
         include:
         - container_os: 'ubuntu:20.04'
           arch: 'amd64'
           os: 'mariner:2'
+        - container_os: 'ubuntu:22.04'
+          arch: 'amd64'
+          os: 'azurelinux:3'
 
     steps:
     - uses: 'actions/checkout@v3'
diff --git a/ci/install-build-deps.sh b/ci/install-build-deps.sh
index 6b337270..bc405984 100755
--- a/ci/install-build-deps.sh
+++ b/ci/install-build-deps.sh
@@ -204,33 +204,47 @@ if [ -z "${DISABLE_FOR_CODEQL:-}" ]; then
                 llvm-dev pkg-config:$arch_alias
             ;;
 
-        'mariner:2:amd64' | 'mariner:2:aarch64')
+        'mariner:2:amd64'|'mariner:2:aarch64'|'azurelinux:3:amd64'|'azurelinux:3:aarch64')
             export DEBIAN_FRONTEND=noninteractive
             export TZ=UTC
 
             apt-get update
             apt-get upgrade -y
-            apt-get install -y software-properties-common
-            add-apt-repository -y ppa:longsleep/golang-backports
-            apt-get update
+
+            if [ "$OS" = 'mariner:2' ]; then
+                apt-get install -y software-properties-common
+                add-apt-repository -y ppa:longsleep/golang-backports
+                apt-get update
+            fi
+
             apt-get install -y \
-                cmake curl gcc g++ git jq make pkg-config \
-                libclang1 libssl-dev llvm-dev \
-                cpio genisoimage golang-1.21-go qemu-utils pigz python3-pip python3-distutils rpm tar wget
+                cmake cpio curl g++ gcc genisoimage git golang-1.21-go jq libclang1 libssl-dev \
+                llvm-dev make pigz pkg-config python3-distutils python3-pip qemu-utils rpm tar \
+                wget zstd
 
             rm -f /usr/bin/go
             ln -vs /usr/lib/go-1.21/bin/go /usr/bin/go
+
             touch /.mariner-toolkit-ignore-dockerenv
 
-            BranchTag='2.0-stable'
-            MarinerToolkitDir='/tmp/CBL-Mariner'
-            if ! [ -f "$MarinerToolkitDir/toolkit.tar.gz" ]; then
-                rm -rf "$MarinerToolkitDir"
-                git clone 'https://github.com/microsoft/CBL-Mariner.git' --branch "$BranchTag" --depth 1 "$MarinerToolkitDir"
-                pushd "$MarinerToolkitDir/toolkit/" || exit
+            case "$OS" in
+                'mariner:2')
+                    BranchTag='2.0-stable'
+                    ;;
+
+                'azurelinux:3')
+                    BranchTag='3.0-stable'
+                    ;;
+            esac
+
+            AzureLinuxToolkitDir='/tmp/azurelinux'
+            if ! [ -f "$AzureLinuxToolkitDir/toolkit.tar.gz" ]; then
+                rm -rf "$AzureLinuxToolkitDir"
+                git clone 'https://github.com/microsoft/azurelinux.git' --branch "$BranchTag" --depth 1 "$AzureLinuxToolkitDir"
+                pushd "$AzureLinuxToolkitDir/toolkit/" || exit
                 make REBUILD_TOOLS=y package-toolkit
                 popd || exit
-                cp "$MarinerToolkitDir"/out/toolkit-*.tar.gz "$MarinerToolkitDir/toolkit.tar.gz"
+                cp "$AzureLinuxToolkitDir"/out/toolkit-*.tar.gz "$AzureLinuxToolkitDir/toolkit.tar.gz"
             fi
             ;;
 
@@ -309,8 +323,8 @@ case "$ARCH" in
         ;;
 esac
 
-# Mariner build installs the following as part of the specfile.
-if [ "${OS#mariner}" = "$OS" ]; then
+# Skip for Azure Linux because it installs the following as part of the specfile.
+if [[ "${OS#mariner}" == "$OS" && "${OS#azurelinux}" == "$OS" ]]; then
     cargo install bindgen-cli --version "=$BINDGEN_VERSION" --locked
 
     cargo install cbindgen --version "=$CBINDGEN_VERSION" --locked
diff --git a/ci/package.sh b/ci/package.sh
index ba4c2661..c147009e 100755
--- a/ci/package.sh
+++ b/ci/package.sh
@@ -110,47 +110,56 @@ case "$OS" in
             "packages/$TARGET_DIR/"
         ;;
 
-    'mariner:2')
+    'mariner:2'|'azurelinux:3')
         case "$ARCH" in
             'arm32v7')
                 echo "Cross-compilation on $OS is not supported" >&2
                 exit 1
                 ;;
             'aarch64')
-                MarinerArch=aarch64
+                AzureLinuxArch=aarch64
                 ;;
             'amd64')
-                MarinerArch=x86_64
+                AzureLinuxArch=x86_64
                 ;;
         esac
 
         make ARCH="$ARCH" PACKAGE_VERSION="$PACKAGE_VERSION" V=1 dist
 
-        MarinerRPMBUILDDIR="/src/Mariner-Build"
-        MarinerSpecsDir="$MarinerRPMBUILDDIR/SPECS/aziot-identity-service"
-        MarinerSourceDir="$MarinerSpecsDir/SOURCES"
+        AzureLinuxRPMBUILDDIR="/src/AzureLinux-Build"
+        AzureLinuxSpecsDir="$AzureLinuxRPMBUILDDIR/SPECS/aziot-identity-service"
+        AzureLinuxSourceDir="$AzureLinuxSpecsDir/SOURCES"
 
         # Extract built toolkit in building directory
-        mkdir -p "$MarinerRPMBUILDDIR"
-        cp "$MarinerToolkitDir/toolkit.tar.gz" "$MarinerRPMBUILDDIR/toolkit.tar.gz"
-        pushd "$MarinerRPMBUILDDIR"
+        mkdir -p "$AzureLinuxRPMBUILDDIR"
+        cp "$AzureLinuxToolkitDir/toolkit.tar.gz" "$AzureLinuxRPMBUILDDIR/toolkit.tar.gz"
+        pushd "$AzureLinuxRPMBUILDDIR"
         tar xzvf toolkit.tar.gz
         popd
 
-        UsePreview=n
-        TARGET_DIR="mariner2/$ARCH"
-        PackageExtension="cm2"
+        case "$OS" in
+            'mariner:2')
+                UsePreview=n
+                TARGET_DIR="mariner2/$ARCH"
+                PackageExtension="cm2"
+                ;;
+            'azurelinux:3')
+                UsePreview=n
+                TARGET_DIR="azurelinux3/$ARCH"
+                PackageExtension="azl3"
+                ;;
+        esac
 
         # move tarballed iot-identity-service source to building directory
-        mkdir -p "$MarinerSourceDir"
-        mv "/tmp/aziot-identity-service-$PACKAGE_VERSION.tar.gz" "$MarinerSourceDir/aziot-identity-service-$PACKAGE_VERSION.tar.gz"
+        mkdir -p "$AzureLinuxSourceDir"
+        mv "/tmp/aziot-identity-service-$PACKAGE_VERSION.tar.gz" "$AzureLinuxSourceDir/aziot-identity-service-$PACKAGE_VERSION.tar.gz"
 
         tmp_dir=$(mktemp -d)
         pushd $tmp_dir
         mkdir "rust"
         cp -r ~/.cargo "rust"
         cp -r ~/.rustup "rust"
-        tar cf "$MarinerSourceDir/rust.tar.gz" "rust"
+        tar cf "$AzureLinuxSourceDir/rust.tar.gz" "rust"
         popd
 
         curl -Lo "/tmp/cbindgen-$CBINDGEN_VERSION.tar.gz" "https://github.com/eqrion/cbindgen/archive/refs/tags/v$CBINDGEN_VERSION.tar.gz"
@@ -167,7 +176,7 @@ replace-with = "vendored-sources"
 directory = "vendor"
 EOF
         popd
-        tar cf "$MarinerSourceDir/cbindgen-$CBINDGEN_VERSION.tar.gz" "cbindgen-$CBINDGEN_VERSION/"
+        tar cf "$AzureLinuxSourceDir/cbindgen-$CBINDGEN_VERSION.tar.gz" "cbindgen-$CBINDGEN_VERSION/"
         popd
 
 
@@ -185,11 +194,11 @@ replace-with = "vendored-sources"
 directory = "vendor"
 EOF
         popd
-        tar cf "$MarinerSourceDir/rust-bindgen-$BINDGEN_VERSION.tar.gz" "rust-bindgen-$BINDGEN_VERSION/"
+        tar cf "$AzureLinuxSourceDir/rust-bindgen-$BINDGEN_VERSION.tar.gz" "rust-bindgen-$BINDGEN_VERSION/"
         popd
 
         # Copy spec file to rpmbuild specs directory
-        pushd "$MarinerSpecsDir"
+        pushd "$AzureLinuxSpecsDir"
         </src/contrib/mariner/aziot-identity-service.signatures.json sed \
             -e "s/@@VERSION@@/$PACKAGE_VERSION/g" \
             -e "s/@@BINDGEN_VERSION@@/$BINDGEN_VERSION/g" \
@@ -203,16 +212,16 @@ EOF
             >aziot-identity-service.spec
 
         # Build package
-        pushd "$MarinerRPMBUILDDIR/toolkit"
+        pushd "$AzureLinuxRPMBUILDDIR/toolkit"
         make build-packages LOG_LEVEL=debug PACKAGE_BUILD_LIST="aziot-identity-service" SRPM_FILE_SIGNATURE_HANDLING=update USE_PREVIEW_REPO=$UsePreview CONFIG_FILE= -j "$(nproc)"
         popd
 
         rm -rf "/src/packages/$TARGET_DIR"
         mkdir -p "/src/packages/$TARGET_DIR"
         cp \
-            "$MarinerRPMBUILDDIR/out/RPMS/$MarinerArch/aziot-identity-service-$PACKAGE_VERSION-$PACKAGE_RELEASE.$PackageExtension.$MarinerArch.rpm" \
-            "$MarinerRPMBUILDDIR/out/RPMS/$MarinerArch/aziot-identity-service-debuginfo-$PACKAGE_VERSION-$PACKAGE_RELEASE.$PackageExtension.$MarinerArch.rpm" \
-            "$MarinerRPMBUILDDIR/out/RPMS/$MarinerArch/aziot-identity-service-devel-$PACKAGE_VERSION-$PACKAGE_RELEASE.$PackageExtension.$MarinerArch.rpm" \
+            "$AzureLinuxRPMBUILDDIR/out/RPMS/$AzureLinuxArch/aziot-identity-service-$PACKAGE_VERSION-$PACKAGE_RELEASE.$PackageExtension.$AzureLinuxArch.rpm" \
+            "$AzureLinuxRPMBUILDDIR/out/RPMS/$AzureLinuxArch/aziot-identity-service-debuginfo-$PACKAGE_VERSION-$PACKAGE_RELEASE.$PackageExtension.$AzureLinuxArch.rpm" \
+            "$AzureLinuxRPMBUILDDIR/out/RPMS/$AzureLinuxArch/aziot-identity-service-devel-$PACKAGE_VERSION-$PACKAGE_RELEASE.$PackageExtension.$AzureLinuxArch.rpm" \
             "/src/packages/$TARGET_DIR"
         ;;
 
diff --git a/contrib/mariner/aziot-identity-service.spec.in b/contrib/mariner/aziot-identity-service.spec.in
index f1ff56e7..c9083ecf 100644
--- a/contrib/mariner/aziot-identity-service.spec.in
+++ b/contrib/mariner/aziot-identity-service.spec.in
@@ -67,7 +67,7 @@ export PATH=$PATH:$CARGO_HOME/bin
 export RUSTUP_HOME=~/.rustup
 
 # build and install required rust packages needed for during aziot-identity-service build
-# since Mariner Toolkit builds packages offline
+# since Azure Linux Toolkit builds packages offline
 pushd ~
 tar xf %{SOURCE1} --no-same-owner
 tar xf %{SOURCE2} --no-same-owner