Add support for CentOS Stream 9

Documentation/index.rst

@@ -315,9 +315,9 @@ in :file:`config.yaml.template`.
    Defines Linux distribution to be used to build Gramine in. This distro should
    match the distro of the supplied Docker image; otherwise the results may be
    unpredictable. Currently supported distros are Ubuntu 20.04, Ubuntu 21.04,
-   Ubuntu 22.04, Ubuntu 23.04, Debian 10, Debian 11, Debian 12, CentOS 8,
-   Red Hat Universal Base Image (UBI) 8, Red Hat Universal Base Image (UBI) 9,
-   Red Hat Universal Base Image (UBI) 8 minimal and Red Hat Universal Base Image
+   Ubuntu 22.04, Ubuntu 23.04, Debian 10, Debian 11, Debian 12, CentOS 8, CentOS
+   Stream 9, Red Hat Universal Base Image (UBI) 8, Red Hat Universal Base Image
+   (UBI) 9, Red Hat Universal Base Image (UBI) 8 minimal and Red Hat Universal Base Image
    9 minimal.
 
    Default value is ``auto`` which means GSC automatically detects the distro

config.yaml.template

@@ -7,6 +7,7 @@
 # - ubuntu:20.04, ubuntu:21.04, ubuntu:22.04, ubuntu:23.04
 # - debian:10, debian:11, debian:12
 # - centos:8
+# - quay.io/centos/centos:stream9
 # - redhat/ubi8:8.8, redhat/ubi9:9.4
 # - redhat/ubi8-minimal:8.8, redhat/ubi9-minimal:9.4
 

gsc.py

@@ -245,10 +245,14 @@ def handle_redhat_repo_configs(distro, tmp_build_path):
         shutil.copytree(sslclientkey_dir, tmp_build_path / 'pki/entitlement')
 
 def template_path(distro):
+    if distro == 'quay.io/centos/centos':
+        return 'centos/stream'
+
     if distro.startswith('redhat/ubi'):
         if 'minimal' in distro:
             return 'redhat/ubi-minimal'
         return 'redhat/ubi'
+
     return distro
 
 def assert_not_none(value, error_message):
@@ -284,6 +288,8 @@ def get_image_distro(docker_socket, image_name):
         # and to support these OS distros, we need to truncate at the 2nd dot.
         distro = os_release['ID'] + ':' + '.'.join(version[:2])
 
+    if os_release['NAME'] == 'CentOS Stream':
+        distro = f'quay.io/centos/centos:stream{version[0]}'
     return distro
 
 def fetch_and_validate_distro_support(docker_socket, image_name, env):

templates/centos/stream/Dockerfile.build.template

@@ -0,0 +1,41 @@
+{% extends "Dockerfile.common.build.template" %}
+
+{% block install %}
+
+# Combine all installation and removal steps in a single RUN command to reduce the final image size.
+# This is because each Dockerfile command creates a new layer which necessarily adds size to the
+# final image. This trick allows to decrease the image size by hundreds of MBs.
+
+RUN dnf distro-sync -y \
+    && dnf install 'dnf-command(config-manager)' -y \
+    && dnf config-manager --set-enabled -y crb \
+    && dnf install -y \
+        binutils \
+        epel-release \
+        openssl \
+        protobuf-c-compiler \
+        python3 \
+        python3-cryptography \
+        python3-pip \
+        python3-protobuf \
+        which \
+    && /usr/bin/python3 -B -m pip install click jinja2 protobuf \
+                                          'tomli>=1.1.0' 'tomli-w>=0.4.0' \
+    && dnf repolist \
+# Install pyelftools and voluptuous after the installation of epel-release as it is provided by the
+# EPEL repo
+    && dnf install -y \
+        python3-pyelftools \
+        python3-voluptuous \
+    && dnf -y clean all
+
+{% if buildtype != "release" %}
+RUN dnf install -y \
+        gdb \
+        less \
+        libunwind \
+        python3-pytest \
+        strace \
+        vim
+{% endif %}
+{% endblock %}

templates/centos/stream/Dockerfile.compile.template

@@ -0,0 +1,42 @@
+{% extends "Dockerfile.common.compile.template" %}
+
+{% block install %}
+
+# NOTE: meson v1.2.* has a bug that leads to Gramine build failure because of not found `libcurl.a`
+
+RUN dnf distro-sync -y \
+    && dnf install 'dnf-command(config-manager)' -y \
+    && dnf config-manager --set-enabled -y crb \
+    && dnf install -y \
+        autoconf  \
+        binutils \
+        bison \
+        epel-release \
+        flex \
+        gawk \
+        gcc-c++ \
+        git \
+        httpd \
+        libcurl-devel \
+        make \
+        nasm \
+        ncurses-devel \
+        ninja-build \
+        openssl-devel \
+        patch \
+        pkg-config \
+        protobuf-c-compiler \
+        protobuf-c-devel \
+        protobuf-compiler \
+        protobuf-devel \
+        python3 \
+        python3-cryptography \
+        python3-devel \
+        python3-pip \
+        python3-protobuf \
+        rpm-build \
+        wget \
+        yum-utils \
+    && /usr/bin/python3 -B -m pip install 'tomli>=1.1.0' 'tomli-w>=0.4.0' 'meson>=0.56,!=1.2.*'
+
+{% endblock %}

templates/centos/stream/Dockerfile.sign.template

@@ -0,0 +1 @@
+{% extends "centos/Dockerfile.sign.template" %}

templates/centos/stream/apploader.template

@@ -0,0 +1 @@
+{% extends "centos/apploader.template" %}

templates/centos/stream/entrypoint.manifest.template

@@ -0,0 +1 @@
+{% extends "centos/entrypoint.manifest.template" %}