diff --git a/bootc/Containerfile b/bootc/Containerfile new file mode 100644 index 0000000..3b59219 --- /dev/null +++ b/bootc/Containerfile @@ -0,0 +1,64 @@ +# Base bootc image +FROM ghcr.io/ublue-os/base-main:latest + +# Install required packages +RUN \ +--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-beardy-os-latest,sharing=locked \ +--mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-beardy-os-latest,sharing=locked \ +dnf5 -y install glibc-locale-source glibc-langpack-en osbuild-selinux && \ +dnf5 -y copr enable gmaglione/podman-bootc && \ +dnf5 -y install podman-bootc && \ +ostree container commit + +RUN localedef -i en_US -f UTF-8 en_US.UTF-8 +RUN echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf +RUN ln -s -f /usr/share/zoneinfo/America/New_York /etc/localtime + +# Install additional packages +RUN \ +--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-beardy-os-latest,sharing=locked \ +--mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-beardy-os-latest,sharing=locked \ +dnf5 -y install \ +cockpit-bridge \ +cockpit-machines \ +cockpit-navigator \ +cockpit-networkmanager \ +cockpit-ostree \ +cockpit-podman \ +cockpit-selinux \ +cockpit-storaged \ +cockpit-system \ +podman-compose \ +libvirt-client \ +virt-install \ +btrfs-assistant \ +btrfsmaintenance \ +dbus-daemon \ +dbus-tools \ +fastfetch \ +ptyxis \ +setroubleshoot-plugins \ +setroubleshoot-server \ +usermode \ +virt-install \ +virt-manager \ +virt-what \ +xdg-user-dirs \ +xdg-user-dirs-gtk \ +tig \ +libguestfs \ +&& ostree container commit + +RUN bootc container lint + +# bluebuild: Labels are added last since they cause cache misses with buildah +LABEL org.blue-build.build-id="c74bf003-e98a-4ac0-8db2-8869239c6c13" +LABEL org.opencontainers.image.title="beardy-os" +LABEL org.opencontainers.image.description="The preferred u-blue based OS for bearded developers." +LABEL org.opencontainers.image.base.digest="sha256:4ff605c93dca3a99b434f7363f400925685432cc22c5affbef9567e97d49603d" +LABEL org.opencontainers.image.base.name="ghcr.io/ublue-os/silverblue-main:latest" +LABEL org.opencontainers.image.created="2024-12-10T01:22:13.918756743+00:00" +LABEL io.artifacthub.package.readme-url=https://raw.githubusercontent.com/detiber/beardy-os/main/README.md +LABEL org.opencontainers.image.source=https://github.com/detiber/beardy-os +LABEL org.opencontainers.image.url=https://github.com/detiber/beardy-os +LABEL org.opencontainers.image.vendor=detiber diff --git a/docs/notes.md b/docs/notes.md new file mode 100644 index 0000000..2bc7bdc --- /dev/null +++ b/docs/notes.md @@ -0,0 +1,13 @@ +# Notes + +## Kickstart + +- kickstart config option for installing a disk img vs packages: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#liveimg +- option for ostree installations: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#ostreecontainer + +## bootc + +- kernel arguments: https://containers.github.io/bootc/building/kernel-arguments.html + - injected at install time: https://containers.github.io/bootc/building/kernel-arguments.html#kernel-arguments-injected-at-installation-time +- users and groups: https://containers.github.io/bootc/building/users-and-groups.html +- \ No newline at end of file diff --git a/hack/beardy-autorebase.butane b/hack/beardy-autorebase.butane index 3ba4912..c732137 100644 --- a/hack/beardy-autorebase.butane +++ b/hack/beardy-autorebase.butane @@ -25,7 +25,7 @@ systemd: [Service] Type=oneshot StandardOutput=journal+console - ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os:latest + ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os-base:latest ExecStart=/usr/bin/touch /etc/ucore-autorebase/unverified ExecStart=/usr/bin/systemctl disable ucore-unsigned-autorebase.service ExecStart=/usr/bin/systemctl reboot @@ -43,7 +43,7 @@ systemd: [Service] Type=oneshot StandardOutput=journal+console - ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os:latest + ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os-base:latest ExecStart=/usr/bin/touch /etc/ucore-autorebase/signed ExecStart=/usr/bin/systemctl disable ucore-signed-autorebase.service ExecStart=/usr/bin/systemctl reboot diff --git a/hack/beardy-autorebase.ign b/hack/beardy-autorebase.ign index 528fc45..aabbc72 100644 --- a/hack/beardy-autorebase.ign +++ b/hack/beardy-autorebase.ign @@ -25,12 +25,12 @@ "systemd": { "units": [ { - "contents": "[Unit]\nDescription=uCore autorebase to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n", + "contents": "[Unit]\nDescription=uCore autorebase to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n", "enabled": true, "name": "ucore-unsigned-autorebase.service" }, { - "contents": "[Unit]\nDescription=uCore autorebase to signed OCI and reboot\nConditionPathExists=/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target", + "contents": "[Unit]\nDescription=uCore autorebase to signed OCI and reboot\nConditionPathExists=/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target", "enabled": true, "name": "ucore-signed-autorebase.service" } diff --git a/hack/beardy-bootc-switch.butane b/hack/beardy-bootc-switch.butane index 7b61eae..5398a0e 100644 --- a/hack/beardy-bootc-switch.butane +++ b/hack/beardy-bootc-switch.butane @@ -26,7 +26,7 @@ systemd: [Service] Type=oneshot StandardOutput=journal+console - ExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os:latest + ExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os-base:latest ExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/unverified ExecStart=/usr/bin/systemctl disable ucore-unsigned-autobootcswitch.service ExecStart=/usr/bin/systemctl reboot @@ -44,7 +44,7 @@ systemd: [Service] Type=oneshot StandardOutput=journal+console - ExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os:latest + ExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os-base:latest ExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/signed ExecStart=/usr/bin/systemctl disable ucore-signed-autobootcswitch.service ExecStart=/usr/bin/systemctl reboot diff --git a/hack/beardy-bootc-switch.ign b/hack/beardy-bootc-switch.ign index 4b4195d..20b1b71 100644 --- a/hack/beardy-bootc-switch.ign +++ b/hack/beardy-bootc-switch.ign @@ -25,12 +25,12 @@ "systemd": { "units": [ { - "contents": "[Unit]\nDescription=uCore autobootcswitch to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n", + "contents": "[Unit]\nDescription=uCore autobootcswitch to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n", "enabled": true, "name": "ucore-unsigned-autobootcswitch.service" }, { - "contents": "[Unit]\nDescription=uCore autobootcswitch to signed OCI and reboot\nConditionPathExists=/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target", + "contents": "[Unit]\nDescription=uCore autobootcswitch to signed OCI and reboot\nConditionPathExists=/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target", "enabled": true, "name": "ucore-signed-autobootcswitch.service" } diff --git a/hack/bib-img-config.toml b/hack/bib-img-config.toml index 1604d97..af8efdb 100644 --- a/hack/bib-img-config.toml +++ b/hack/bib-img-config.toml @@ -3,4 +3,4 @@ name = "detiber" password = "changeme" key = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDFeiGuhMVEvVcRI8/yb1U6SkdNnv4OaBlfbcEWkKhafAAAABHNzaDo=" -groups = ["wheel"] +groups = ["wheel", "admins"] diff --git a/hack/bib-iso-config.toml b/hack/bib-iso-config.toml index 18c2080..31ad069 100644 --- a/hack/bib-iso-config.toml +++ b/hack/bib-iso-config.toml @@ -1,7 +1,13 @@ # TODO: sort out a proper config +# possibly use firstboot --reconfigure +# possibly look into auto encrypting disk: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#autopart +# additional bootloader options: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader +# additional btrfs options: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#btrfs +# use kecec option for reboot? https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#reboot +# is eula --agreed needed? https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#eula [customizations.installer.kickstart] contents = """ -graphical --noninteractive +graphical --non-interactive zerombr clearpart --all --initlabel --disklabel=gpt autopart --noswap --type btrfs @@ -11,8 +17,8 @@ firstboot --enable reboot """ -# [customizations.installer.modules] -# enable = [ -# "org.fedoraproject.Anaconda.Modules.Localization", -# "org.fedoraproject.Anaconda.Modules.Users" -# ] +[customizations.installer.modules] +enable = [ + "org.fedoraproject.Anaconda.Modules.Localization", + "org.fedoraproject.Anaconda.Modules.Timezone" +] diff --git a/justfile b/justfile index 6a11971..64bf408 100644 --- a/justfile +++ b/justfile @@ -6,7 +6,8 @@ beardy-version := "latest" beardy-repo := "ghcr.io/detiber" #beardy-image := beardy-repo + "/beardy-os:" + beardy-version -bluebuild-version := "latest" +# Using main to bring in --tmpdir arg, can change back to latest once that feature is released +bluebuild-version := "main" bluebuild-image := "ghcr.io/blue-build/cli:" + bluebuild-version butane-version := "release" @@ -51,7 +52,9 @@ _generate-ignition-for butane_config: podman run -i --rm \ --pull=newer \ {{butane-image}} \ - --pretty --strict < {{butane_config}} > {{without_extension(butane_config)}}.ign + --pretty --strict \ + < {{butane_config}} \ + > {{without_extension(butane_config)}}.ign common-build-dir := absolute_path("./build") _ensure-directory dir_path: @@ -61,8 +64,10 @@ common-bib-output-dir := join(common-build-dir, "bib", "output") common-bib-cache-dir := join(common-build-dir, "bib", "cache") common-bib-store-cache-dir := join(common-bib-cache-dir, "store") common-bib-rpmmd-cache-dir := join(common-bib-cache-dir, "rpmmd") -_bib image output_dir config args: (_ensure-directory common-bib-store-cache-dir) (_ensure-directory common-bib-rpmmd-cache-dir) - podman run --it --rm \ +_bib image output_dir config args: \ + (_ensure-directory common-bib-store-cache-dir) \ + (_ensure-directory common-bib-rpmmd-cache-dir) + sudo podman run -it --rm \ --privileged \ --pull=newer \ --security-opt label=type:unconfined_t \ @@ -78,35 +83,47 @@ _bib image output_dir config args: (_ensure-directory common-bib-store-cache-dir common-bib-image-config := absolute_path("./hack/bib-img-config.toml") common-bib-image-args := "--type qcow2 --rootfs btrfs" -_bib-image image output_dir: && (_bib image output_dir common-bib-image-config common-bib-image-args) +_bib-image image output_dir: \ + && (_bib image output_dir common-bib-image-config + common-bib-image-args) common-bib-iso-config := absolute_path("./hack/bib-iso-config.toml") -common-bib-iso-args := "--type iso" -_bib-iso image output_dir: && (_bib image output_dir common-bib-iso-config common-bib-iso-args) +common-bib-iso-args := "--type anaconda-iso" +_bib-iso image output_dir: \ + && (_bib image output_dir common-bib-iso-config common-bib-iso-args) bib-base-image-name := "beardy-os-base" -bib-base-image := beardy-repo + "/" + bib-base-image-name + ":" + beardy-version +bib-base-image := beardy-repo + "/" \ + + bib-base-image-name + ":" + beardy-version bib-base-image-output-dir := join(common-bib-output-dir, "base") [group('disk images')] [group('bib')] -bib-image-base: (_ensure-directory bib-base-image-output-dir) && (_bib-image bib-base-image bib-base-image-output-dir) +bib-image-base: (_ensure-directory bib-base-image-output-dir) \ + && (_bib-image bib-base-image bib-base-image-output-dir) [group('iso')] [group('bib')] -bib-iso-base: (_ensure-directory bib-base-image-output-dir) && (_bib-iso bib-base-image bib-base-image-output-dir) +bib-iso-base: (_ensure-directory bib-base-image-output-dir) \ + && (_bib-iso bib-base-image bib-base-image-output-dir) bib-beardy-image-name := "beardy-os" -bib-beardy-image := beardy-repo + "/" + bib-beardy-image-name + ":" + beardy-version +bib-beardy-image := beardy-repo + "/" \ + + bib-beardy-image-name + ":" + beardy-version bib-beardy-image-output-dir := join(common-bib-output-dir, "beardy") [group('disk images')] [group('bib')] -bib-image-beardy: (_ensure-directory bib-beardy-image-output-dir) && (_bib-image bib-beardy-image bib-beardy-image-output-dir) +bib-image-beardy: (_ensure-directory bib-beardy-image-output-dir) \ + && (_bib-image bib-beardy-image bib-beardy-image-output-dir) [group('iso')] [group('bib')] -bib-iso-beardy: (_ensure-directory bib-beardy-image-output-dir) && (_bib-iso bib-beardy-image bib-beardy-image-output-dir) +bib-iso-beardy: (_ensure-directory bib-beardy-image-output-dir) && \ + (_bib-iso bib-beardy-image bib-beardy-image-output-dir) -common-bluebuild-output-dir := join(common-build-dir, "bluebuild", "output") +common-bluebuild-output-dir := join(common-build-dir, + "bluebuild", "output") +common-bluebuild-tmp-dir := join(common-build-dir, + "bluebuild", "tmp") _bluebuild-containerfile recipe output_dir: podman run -it --rm \ --pull=newer \ @@ -116,39 +133,70 @@ _bluebuild-containerfile recipe output_dir: {{bluebuild-image}} \ bluebuild generate -o /output/Containerfile {{recipe}} -_bluebuild-iso recipe output_dir image_name image variant: +_bluebuild-iso recipe output_dir image_name image variant: \ + (_ensure-directory common-bluebuild-tmp-dir) sudo podman run -it --rm \ --privileged \ --pull=newer \ --security-opt label=type:unconfined_t \ -v '{{absolute_path(".")}}':/bluebuild \ -v '{{output_dir}}':/output \ + -v '{{common-bluebuild-tmp-dir}}':/build_tmp \ {{bluebuild-image}} \ bluebuild generate-iso \ -R podman \ + --tmpdir /build_tmp \ + -o /output \ --variant {{variant}} \ - --iso-name "/output/{{image_name}}-{{variant}}.iso" \ + --iso-name "{{image_name}}-{{variant}}.iso" \ image {{image}} -bluebuild-beardy-output-dir := join(common-bluebuild-output-dir, "beardy") +bluebuild-beardy-output-dir := join(common-bluebuild-output-dir, + "beardy") bluebuild-beardy-recipe-file := "recipes/beardy.yml" bluebuild-beardy-image-name := "beardy-os" -bluebuild-beardy-image := beardy-repo + "/" + bluebuild-beardy-image-name + ":" + beardy-version +bluebuild-beardy-image := beardy-repo + "/" \ + + bluebuild-beardy-image-name + ":" + beardy-version [group('containerfile')] [group('bluebuild')] -bluebuild-containerfile-beardy: (_ensure-directory bluebuild-beardy-output-dir) && (_bluebuild-containerfile bluebuild-beardy-recipe-file bluebuild-beardy-output-dir) +bluebuild-containerfile-beardy: \ + (_ensure-directory bluebuild-beardy-output-dir) \ + && (_bluebuild-containerfile + bluebuild-beardy-recipe-file + bluebuild-beardy-output-dir) [group('iso')] [group('bluebuild')] -bluebuild-iso-beardy-server: (_ensure-directory bluebuild-beardy-output-dir) && (_bluebuild-iso bluebuild-beardy-recipe-file bluebuild-beardy-output-dir bluebuild-beardy-image-name bluebuild-beardy-image "server") +bluebuild-iso-beardy-server: \ + (_ensure-directory bluebuild-beardy-output-dir) \ + && (_bluebuild-iso + bluebuild-beardy-recipe-file + bluebuild-beardy-output-dir + bluebuild-beardy-image-name + bluebuild-beardy-image + "server") [group('iso')] [group('bluebuild')] -bluebuild-iso-beardy-kinoite: (_ensure-directory bluebuild-beardy-output-dir) && (_bluebuild-iso bluebuild-beardy-recipe-file bluebuild-beardy-output-dir bluebuild-beardy-image-name bluebuild-beardy-image "kinoite") +bluebuild-iso-beardy-kinoite: \ + (_ensure-directory bluebuild-beardy-output-dir) \ + && (_bluebuild-iso + bluebuild-beardy-recipe-file + bluebuild-beardy-output-dir + bluebuild-beardy-image-name + bluebuild-beardy-image + "kinoite") [group('iso')] [group('bluebuild')] -bluebuild-iso-beardy-silverblue: (_ensure-directory bluebuild-beardy-output-dir) && (_bluebuild-iso bluebuild-beardy-recipe-file bluebuild-beardy-output-dir bluebuild-beardy-image-name bluebuild-beardy-image "silverblue") +bluebuild-iso-beardy-silverblue: \ + (_ensure-directory bluebuild-beardy-output-dir) \ + && (_bluebuild-iso + bluebuild-beardy-recipe-file + bluebuild-beardy-output-dir + bluebuild-beardy-image-name + bluebuild-beardy-image + "silverblue") [group('clean')] clean-all: clean-bib-cache clean-bib-output clean-bluebuild-output @@ -169,7 +217,8 @@ clean-bluebuild-output: rm -rf build/bluebuild/output coreos-installer-version := "release" -coreos-installer-image := "quay.io/coreos/coreos-installer:" + coreos-installer-version +coreos-installer-image := "quay.io/coreos/coreos-installer:" \ + + coreos-installer-version coreos-pxe-output-dir := join(common-build-dir, "coreos", "pxe") coreos-pxe: (_ensure-directory coreos-pxe-output-dir) podman run --rm \ @@ -245,3 +294,137 @@ coreos-iso-switch: (_ensure-directory coreos-iso-output-dir) --dest-ignition /config/config.ign \ -o /data/coreos-switch-beardy.iso \ fedora-coreos-41.20241109.3.0-live.x86_64.iso + +common-bootc-output-dir := join(common-build-dir, "bootc", "output") +_bootc image args: (_ensure-directory common-bootc-output-dir) + sudo podman run -it --rm \ + --privileged \ + --pull=newer \ + --pid=host \ + --security-opt label=type:unconfined_t \ + -e BOOTC_DIRECT_IO=on \ + -e LANG="en_US.UTF-8" \ + -v '{{common-bootc-output-dir}}':/output \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ + -v /dev:/dev \ + {{image}} \ + bootc {{args}} + +_bootc-create-file name: (_ensure-directory common-bootc-output-dir) + dd of='{{common-bootc-output-dir}}/{{name}}' bs=20G seek=1 count=0 + +# TODO: set BOOTC_DIRECT_IO=on +bootc-install-disk image filename additional_args="": \ + (_bootc-create-file filename) \ + && (_bootc + image + "install to-disk --wipe --filesystem=btrfs " \ + + "--generic-image --via-loopback /output/" + filename \ + + " " + additional_args) + +# bootc-base-image-name := "beardy-os-base" +# bootc-base-image := beardy-repo + "/" + bib-base-image-name + ":" + beardy-version +# bootc-base-image := "ghcr.io/ublue-os/base-main:latest" +# bootc-base-image-filename := "beardy-base.raw" +# bootc-base-install-args := "install to-disk " \ +# + " --wipe --filesystem=btrfs" \ +# + " --generic-image --via-loopback /output/" \ +# + bootc-base-image-filename +# bootc-install-disk: \ +# (_bootc-create-file bootc-base-image-filename) \ +# && (_bootc bootc-base-image bootc-base-install-args) + +local-build tag containerfile additional_args="": + sudo podman build \ + {{additional_args}} \ + -t {{tag}} \ + -f {{containerfile}} \ + . + +local-build-ublue-base-name := "beardy-base" +local-build-ublue-base-image := "localhost/" \ + + local-build-ublue-base-name + ":latest" +local-build-ublue-base-containerfile := "ublue-image-template/Containerfile" +local-build-ublue-base: \ + && (local-build + local-build-ublue-base-image + local-build-ublue-base-containerfile) + +local-build-bootc-base-name := "beardy-bootc" +local-build-bootc-base-image := "localhost/" \ + + local-build-bootc-base-name + ":latest" +local-build-bootc-base-containerfile := "bootc/Containerfile" +local-build-bootc-base: \ + && (local-build + local-build-bootc-base-image + local-build-bootc-base-containerfile) + +local-bib-image-args := common-bib-image-args + " --local" +_local-bib-image image output_dir: \ + && (_bib + image + output_dir + common-bib-image-config + local-bib-image-args) + +local-bib-iso-args := common-bib-image-args + " --local" +_local-bib-iso image output_dir: \ + && (_bib + image + output_dir + common-bib-iso-config + local-bib-iso-args) + +local-bib-ublue-base-image-output-dir := join(common-bib-output-dir, + "local", "base") +[group('disk images')] +[group('bib')] +local-bib-image-ublue-base: \ + (_ensure-directory local-bib-ublue-base-image-output-dir) \ + (local-build-ublue-base) \ + && (_local-bib-image + local-build-ublue-base-image + local-bib-ublue-base-image-output-dir) + +[group('iso')] +[group('bib')] +local-bib-iso-ublue-base: \ + (_ensure-directory local-bib-ublue-base-image-output-dir) \ + (local-build-ublue-base) \ + && (_local-bib-iso + local-build-ublue-base-image + local-bib-ublue-base-image-output-dir) + +local-bib-bootc-base-image-output-dir := join(common-bib-output-dir, + "local", "bootc") +[group('disk images')] +[group('bib')] +local-bib-image-bootc-base: \ + (_ensure-directory local-bib-bootc-base-image-output-dir) \ + (local-build-bootc-base) \ + && (_local-bib-image + local-build-bootc-base-image + local-bib-bootc-base-image-output-dir) + +[group('iso')] +[group('bib')] +local-bib-iso-bootc-base: \ + (_ensure-directory local-bib-bootc-base-image-output-dir) \ + (local-build-bootc-base) \ + && (_local-bib-iso + local-build-bootc-base-image + local-bib-bootc-base-image-output-dir) + +local-bootc-install-ublue-base: \ + (local-build-bootc-base) \ + && (bootc-install-disk + local-build-ublue-base-image + "beardy-ublue.raw" + " --skip-fetch-check") + +local-bootc-install-bootc-base: \ + (local-build-bootc-base) \ + && (bootc-install-disk + local-build-bootc-base-image + "beardy-bootc.raw" + " --skip-fetch-check") diff --git a/recipes/beardy.yml b/recipes/beardy.yml index 85bf7ff..9cc46e9 100644 --- a/recipes/beardy.yml +++ b/recipes/beardy.yml @@ -66,6 +66,9 @@ modules: - virt-what - xdg-user-dirs - xdg-user-dirs-gtk + - glibc-locale-source + - glibc-langpack-en + - libguestfs # - chromium # - micro # - starship @@ -161,5 +164,10 @@ modules: - type: script scripts: - unwrap-cli.sh + snippets: + - "localedef -i en_US -f UTF-8 en_US.UTF-8" + - "echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf" + - "ln -s -f /usr/share/zoneinfo/America/New_York /etc/localtime" + - "bootc container lint" - type: signing # this sets up the proper policy & signing files for signed images to work fully diff --git a/ublue-image-template/Containerfile b/ublue-image-template/Containerfile index faaebfb..a2677e5 100644 --- a/ublue-image-template/Containerfile +++ b/ublue-image-template/Containerfile @@ -56,11 +56,14 @@ RUN \ RUN \ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-beardy-os-latest,sharing=locked \ --mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-beardy-os-latest,sharing=locked \ -dnf5 -y install osbuild-selinux && \ +dnf5 -y install glibc-locale-source glibc-langpack-en osbuild-selinux && \ dnf5 -y copr enable gmaglione/podman-bootc && \ dnf5 -y install podman-bootc && \ ostree container commit +RUN localedef -i en_US -f UTF-8 en_US.UTF-8 +RUN echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf +RUN ln -s -f /usr/share/zoneinfo/America/New_York /etc/localtime # bluebuild: Key RUN RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys \ @@ -122,6 +125,7 @@ virt-what \ xdg-user-dirs \ xdg-user-dirs-gtk \ tig \ +libguestfs \ && ostree container commit # TODO: ublue-update @@ -156,6 +160,8 @@ RUN \ /tmp/scripts/run_module.sh 'systemd' '{"type":"systemd","system":{"enabled":["podman.socket","sshd.service"]}}' \ && ostree container commit +RUN bootc container lint + # # bluebuild: post_build.sh clears out /tmp/* and /var/* and does a commit # RUN --mount=type=bind,from=ghcr.io/blue-build/cli/build-scripts:a8cac2adc90fa842e4565bc1825e588df4f5bcbd,src=/scripts/,dst=/scripts/ \ # /scripts/post_build.sh