Building Microsoft CBL-Mariner (Linux) ISO

NOTE: I was able to build the ISO on Ubuntu 20.04 as the work platform (I got lots of errors with Ubuntu 18.04)

The only guide that worked for me is: https://www.techrepublic.com/article/microsoft-linux-is-not-what-you-think-or-hoped-it-would-be/ but I made some changes to the procedure (i.e., I built CBL-Mariner instead of CBL-MarinerDemo)

root@ub2004:/wip# add-apt-repository ppa:longsleep/golang-backports
root@ub2004:/wip# apt-get update
root@ub2004:/wip# apt -y install -y make tar wget curl rpm qemu-utils golang-1.15-go genisoimage python-minimal bison gawk
root@ub2004:/wip# apt -y install pigz
root@ub2004:/wip# ln -vsf /usr/lib/go-1.15/bin/go /usr/bin/go
root@ub2004:/wip# curl -fsSL https://get.docker.com -o get-docker.sh
root@ub2004:/wip# sh get-docker.sh
root@ub2004:/wip# usermod -aG docker $USER

root@ub2004:/wip# git clone https://github.com/microsoft/CBL-Mariner.git
root@ub2004:/wip# pushd CBL-Mariner/toolkit
root@ub2004:/wip/CBL-Mariner/toolkit# git checkout 1.0-stable
root@ub2004:/wip/CBL-Mariner/toolkit# make package-toolkit REBUILD_TOOLS=y
root@ub2004:/wip/CBL-Mariner/toolkit# cd ..
root@ub2004:/wip/CBL-Mariner# cp out/toolkit-1.0.20210722.0141-x86_64.tar.gz .
root@ub2004:/wip/CBL-Mariner# tar -xzvf toolkit-*.tar.gz
root@ub2004:/wip/CBL-Mariner# cd toolkit/
root@ub2004:/wip/CBL-Mariner/toolkit# make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

root@ub2004:/wip/CBL-Mariner/toolkit# du -sh /wip/CBL-Mariner/out/images/full/full-1.0.20210722.0200.iso

678M /wip/CBL-Mariner/out/images/full/full-1.0.20210722.0200.iso

I was able to install the ISO on VirtualBox.

You can follow the steps on this page to install the output ISO on VirtualBox: https://linuxiac.com/microsoft-cbl-mariner-linux-1/

VMWare OVFTools required to build OVA CBL-mariner images (VHDX, OVA/VMDK)

– download 64-bit Linux VMWare-tools from https://my.vmware.com/group/vmware/downloads/details?downloadGroup=OVFTOOL441&productId=646
# chmod a+x VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle
# ./VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle
(NOTE: “./VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle –uninstall-product vmware-ovftool” to uninstall)

– # make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/core-ova.json
(builds OVA, VMDK, and VMX files in CBL-Mariner/out/images/ )


– # make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/core-efi.json
(builds a 381MB VHDX file in CBL-Mariner/out/images/core-efi/ )

NOTE: in the VMDK file, the password field for the root user in the /etc/shadow file is set to <NULL>. Which meant that after creating a VM with the VMDK, I couldn’t login after I booted up the CBL-Mariner. I had to slave the VMDK to another VM, in order to manually change the <NULL> to the encrypted value of a known password. Alternatively, you can use the VMware disk tool to mount the VMDK after generating it on the Ubuntu instance, and edited the /etc/shadow file. On the other hand, the username and password for the CBLMarinerDemo is mariner_userĀ  and p@ssw0rd