From dabf837e32c47351f7f0ffb63b37b591e81ed146 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 25 Jan 2024 09:55:00 -0500
Subject: [PATCH 1/2] docs/install: Doc direct bootc raw and systemd creds

First, we're still in a situation where bib doesn't work with c9s.
Let's link to the existing docs for using `bootc install to-disk`
which *does* work (and fixes multiple other bugs at the same time too).

Second: Let's document using systemd credentials to inject a root
SSH key, because this works across every image we ship where
one can inject SMBIOS bits.  (But notably this doesn't work in
most production IaaS virt systems like KubeVirt, AWS etc. which
gets into cloud agents).
---
 docs/install.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/install.md b/docs/install.md
index 5262fd6a..dd885b5d 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -26,6 +26,27 @@ supports generating disk images, including injecting user accounts.
 
 NOTE: this tool [does not yet work with centos stream 9](https://github.com/osbuild/bootc-image-builder/issues/20).
 
+## Generating a raw disk image that can be launched via virt tooling
+
+The above bootc-image-builder tool can generate disk images; however, a key part
+of the idea of `bootc` is that operating system images that use it are their
+own self-sufficient "baseline" installer.  So you can use this example:
+
+<https://github.com/containers/bootc/blob/main/docs/install.md#using-bootc-install-to-disk---via-loopback>
+
+to generate a raw disk image from the default container base image, or your own
+without any external tooling.
+
+If you choose not to include SSH keys or other credentials directly in your image,
+a useful pattern can often be to use [systemd credentials](https://systemd.io/CREDENTIALS/)
+to inject a SSH key for root.  The above page has this example for qemu:
+
+```bash
+-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 600 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
+```
+
+Unlike current bootc-image-builder, this flow works with current CentOS Stream 9.
+
 ## Installation using Anaconda
 
 Tools like

From 95ca7361e956a4bd65b1106659744295ff8959f5 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 25 Jan 2024 15:28:11 -0500
Subject: [PATCH 2/2] docs: Update now that bib supports c9s now

Hooray!
---
 docs/install.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index dd885b5d..0b7aa9e3 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -24,8 +24,6 @@ helps automate this.
 The [bootc-image-builder tool](https://github.com/osbuild/bootc-image-builder)
 supports generating disk images, including injecting user accounts.
 
-NOTE: this tool [does not yet work with centos stream 9](https://github.com/osbuild/bootc-image-builder/issues/20).
-
 ## Generating a raw disk image that can be launched via virt tooling
 
 The above bootc-image-builder tool can generate disk images; however, a key part
@@ -45,8 +43,6 @@ to inject a SSH key for root.  The above page has this example for qemu:
 -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 600 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
 ```
 
-Unlike current bootc-image-builder, this flow works with current CentOS Stream 9.
-
 ## Installation using Anaconda
 
 Tools like