Support for Azure Linux 3.0

[eric-desrochers]

What would you like to be added:
Support for AZL3.

Why is this needed:
CVE detection.

Additional context:
/etc/os-release
ID=azurelinux

[eric-desrochers]

We would like support for both grype and syft.

[willmurphyscode]

Hi @eric-desrochers I believe syft support is already done (syft doesn't need to be explicitly told about new distros that use /etc/os-release to identify themselves):

$ syft version
$ syft -q -o json azurelinuxpreview.azurecr.io/public/azurelinux/base/core:3.0 | jq .distro
{
  "prettyName": "Microsoft Azure Linux 3.0",
  "name": "Microsoft Azure Linux",
  "id": "azurelinux",
  "version": "3.0.20240417",
  "versionID": "3.0",
  "homeURL": "https://aka.ms/azurelinux",
  "supportURL": "https://aka.ms/azurelinux",
  "bugReportURL": "https://aka.ms/azurelinux"
}

We've started work on support for grype, see #1848 and anchore/vunnel#569

I'll post manual testing steps here once those two PRs are closer to ready.

[willmurphyscode]

Hi @eric-desrochers this is ready for you all to test.

To test this, you need to pull down branches of 3 repos: grype, grype-db, and vunnel. You'll also need to make grype-db depend on the local version of grype, since nothing is released yet. You'll need Python, poetry, and Go available.

Here's a script to set up the directories, to be run from an empty directory where you want to work on this stuff:

git clone git@github.com:anchore/grype -b feat-azure-linux-3-support

git clone git@github.com:anchore/grype-db -b feat-azure-linux-3-support

pushd grype-db 2>/dev/null
  go work init || true
  go work use .
  go work use ../grype
popd

git clone git@github.com:anchore/vunnel -b feat-azure-linux-3-support

The actual testing will be done from the vunnel repo:

cd vunnel
poetry install
make dev provider=mariner

Running make dev provider=mariner starts a development shell where you can test out building a grype database that includes the Azure Linux 3 feeds and test on some images.

Then you can build the grype db and test the local build of grype against some images. anchore/test_images:azurelinux3-d028093 is a test image based on Azure Linux 3 that has an old version of the kernel RPM installed so that grype will find some vulnerabilities (you can see the dockerfile here: https://github.com/anchore/test-images/blob/main/containers/azurelinux3/Dockerfile)

# run this in the development shell from the previous step
make update-db
./bin/grype anchore/test_images:azurelinux3-d028093

You should see several vulnerabilities in the output (8 as of this writing). Feel free to run ./bin/grype against other images as well.

Please let me know if you have any issues or questions.

[eric-desrochers]

Thanks will give it a try next week.