veilor-os/kickstart/install-ostreecontainer-installer.ks

# veilor-os installer kickstart — v0.7 CI build variant
#
# Derived from kickstart/install-ostreecontainer.ks by stripping all
# __PLACEHOLDER__ tokens that the runtime gum TUI substitutes at install
# time. Anaconda's interactive TUI handles disk selection, LUKS passphrase,
# and user account creation in their place.
#
# Consumed by livemedia-creator --make-iso to produce
# veilor-os-installer-43-*.iso. Do NOT add __PLACEHOLDER__ tokens here —
# they cannot be filled at build time. See install-ostreecontainer.ks
# for the runtime template the gum TUI fills in.

# ── Locale / keyboard / time ──
keyboard --xlayouts='us'
lang en_US.UTF-8
timezone Europe/London --utc

# ── Install mode ──
text
firstboot --disable
eula --agreed
selinux --enforcing

# ── Network ──
network --bootproto=dhcp --device=link --activate --hostname=veilor-install
firewall --enabled --service=ssh

# ── Identity ──
# rootpw --lock only. No user directive — Anaconda's user spoke handles
# admin account creation interactively. Runtime ks substitutes
# --password=__ADMIN_PW__ for unattended installs.
rootpw --lock

# ── Disk / partitioning ──
# Intentionally absent. Anaconda's disk spoke presents interactive
# disk + LUKS + btrfs selection. Runtime ks (gum TUI) provides the
# full partition spec at real-install time.

# ── Packages for the LIVE BOOT ENVIRONMENT ──
# These are NOT installed on the target system. They populate the
# squashfs that boots Anaconda. The target is populated by
# `ostreecontainer` below from the OCI image.
%packages
@^minimal-environment
@core
@anaconda-tools
anaconda-live
anaconda-tui
livesys-scripts
dracut-live
dracut-config-generic
kernel
kernel-modules
kernel-modules-extra
glibc-all-langpacks
ostree
rpm-ostree
bootupd
grub2-efi-x64
grub2-efi-x64-modules
grub2-pc
grub2-pc-modules
grub2-tools
grub2-tools-extra
shim-x64
efibootmgr
syslinux
isomd5sum
xorriso
%end

# ── ostreecontainer: populate / from veilor-os OCI ──
ostreecontainer --url=ghcr.io/veilor-org/veilor-os:43 --transport=registry

# ── %post (chroot) ──
%post
set -uo pipefail
echo veilor-install > /etc/hostname
chage -d 0 admin 2>/dev/null || true
%end

# ── %post --nochroot — persist install logs to USB (toggle: veilor.install_logs=on|off) ──
#
# Runs OUTSIDE the target chroot so /tmp/anaconda.log etc. on the live
# ramdisk are accessible alongside /mnt/sysroot. Calls the helper that
# ships in the veilor-os OCI image overlay; if the helper is missing
# (corrupt overlay, stripped image, etc.) we fall back to a minimal
# inline copy. NEVER fail the install over log persistence.
#
# Default: ON until v1.0 final. Disable per-boot:
#   edit GRUB / press 'e', append:  veilor.install_logs=off
%post --nochroot --erroronfail=no
set -uo pipefail

VEILOR_HELPER="/mnt/sysroot/usr/share/veilor-os/scripts/persist-install-logs.sh"
[ -x "$VEILOR_HELPER" ] || VEILOR_HELPER="/mnt/sysimage/usr/share/veilor-os/scripts/persist-install-logs.sh"

if [ -x "$VEILOR_HELPER" ]; then
    "$VEILOR_HELPER" || true
else
    # Inline fallback — toggle-aware, backup-only (no USB write attempt).
    TS="$(date -u +%Y-%m-%dT%H-%M-%SZ)"
    SR=/mnt/sysroot; [ -d "$SR" ] || SR=/mnt/sysimage
    DST="${SR}/var/log/veilor-install-logs/${TS}"
    TOGGLE=on
    for tok in $(cat /proc/cmdline 2>/dev/null); do
        case "$tok" in veilor.install_logs=off|veilor.install_logs=0|veilor.install_logs=false|veilor.install_logs=no) TOGGLE=off ;; esac
    done
    if [ "$TOGGLE" = "on" ]; then
        mkdir -p "$DST" 2>/dev/null || true
        for f in /tmp/anaconda.log /tmp/program.log /tmp/storage.log \
                 /tmp/packaging.log /tmp/syslog /tmp/dnf.log \
                 /tmp/ks.cfg /run/veilor-installer.log; do
            [ -e "$f" ] && cp -a "$f" "$DST/" 2>/dev/null || true
        done
        dmesg > "$DST/dmesg.txt" 2>/dev/null || true
        journalctl --no-pager -b > "$DST/journalctl-b.txt" 2>/dev/null || true
        echo "[veilor] inline fallback used — helper missing at $VEILOR_HELPER" \
             > "$DST/manifest.txt"
    fi
fi
exit 0
%end
feat(ci): installer ISO workflow (v0.7 ostreecontainer path) Add livemedia-creator --make-iso pipeline that produces a small Anaconda installer ISO consuming a CI-buildable variant of the runtime ostreecontainer kickstart. Disk/LUKS/user blocks dropped from the CI ks (Anaconda interactive handles them); ostreecontainer URL pinned to ghcr.io/veilor-org/veilor-os:43. Output split into 1900M chunks; published to Forgejo installer-latest rolling tag. 2026-05-06 18:09:38 +01:00			`# veilor-os installer kickstart — v0.7 CI build variant`
			`#`
			`# Derived from kickstart/install-ostreecontainer.ks by stripping all`
			`# __PLACEHOLDER__ tokens that the runtime gum TUI substitutes at install`
			`# time. Anaconda's interactive TUI handles disk selection, LUKS passphrase,`
			`# and user account creation in their place.`
			`#`
			`# Consumed by livemedia-creator --make-iso to produce`
			`# veilor-os-installer-43-*.iso. Do NOT add __PLACEHOLDER__ tokens here —`
			`# they cannot be filled at build time. See install-ostreecontainer.ks`
			`# for the runtime template the gum TUI fills in.`

			`# ── Locale / keyboard / time ──`
			`keyboard --xlayouts='us'`
			`lang en_US.UTF-8`
			`timezone Europe/London --utc`

			`# ── Install mode ──`
			`text`
			`firstboot --disable`
			`eula --agreed`
			`selinux --enforcing`

			`# ── Network ──`
			`network --bootproto=dhcp --device=link --activate --hostname=veilor-install`
			`firewall --enabled --service=ssh`

			`# ── Identity ──`
			`# rootpw --lock only. No user directive — Anaconda's user spoke handles`
			`# admin account creation interactively. Runtime ks substitutes`
			`# --password=__ADMIN_PW__ for unattended installs.`
			`rootpw --lock`

			`# ── Disk / partitioning ──`
			`# Intentionally absent. Anaconda's disk spoke presents interactive`
			`# disk + LUKS + btrfs selection. Runtime ks (gum TUI) provides the`
			`# full partition spec at real-install time.`

ks(installer): add %packages for live boot env (dracut-live, anaconda) livemedia-creator needs the kickstart to specify packages for the LIVE BOOT environment (the squashfs that runs Anaconda); ostreecontainer populates the target system. The two are independent. Add minimal package set: anaconda-tui + dracut-live + ostree/rpm-ostree/bootupd + grub2 + shim + xorriso. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-07 08:16:01 +01:00			`# ── Packages for the LIVE BOOT ENVIRONMENT ──`
			`# These are NOT installed on the target system. They populate the`
			`# squashfs that boots Anaconda. The target is populated by`
			# `ostreecontainer` below from the OCI image.
			`%packages`
			`@^minimal-environment`
			`@core`
			`@anaconda-tools`
			`anaconda-live`
			`anaconda-tui`
			`livesys-scripts`
			`dracut-live`
			`dracut-config-generic`
			`kernel`
			`kernel-modules`
			`kernel-modules-extra`
			`glibc-all-langpacks`
			`ostree`
			`rpm-ostree`
			`bootupd`
			`grub2-efi-x64`
			`grub2-efi-x64-modules`
			`grub2-pc`
			`grub2-pc-modules`
			`grub2-tools`
			`grub2-tools-extra`
			`shim-x64`
			`efibootmgr`
			`syslinux`
			`isomd5sum`
			`xorriso`
			`%end`

feat(ci): installer ISO workflow (v0.7 ostreecontainer path) Add livemedia-creator --make-iso pipeline that produces a small Anaconda installer ISO consuming a CI-buildable variant of the runtime ostreecontainer kickstart. Disk/LUKS/user blocks dropped from the CI ks (Anaconda interactive handles them); ostreecontainer URL pinned to ghcr.io/veilor-org/veilor-os:43. Output split into 1900M chunks; published to Forgejo installer-latest rolling tag. 2026-05-06 18:09:38 +01:00			`# ── ostreecontainer: populate / from veilor-os OCI ──`
			`ostreecontainer --url=ghcr.io/veilor-org/veilor-os:43 --transport=registry`

			`# ── %post (chroot) ──`
			`%post`
			`set -uo pipefail`
			`echo veilor-install > /etc/hostname`
			`chage -d 0 admin 2>/dev/null \|\| true`
			`%end`
feat(installer): persist install logs to USB by default - new helper overlay/usr/share/veilor-os/scripts/persist-install-logs.sh detects boot USB (BOOT=/findfs, /run/install/repo, /sys/block removable), copies /tmp/anaconda.log + program/storage/packaging/dnf/syslog/X + journalctl -b + dmesg + lsblk/blkid/mount + /proc/cmdline into /veilor-install-logs/<UTC-ts>/ on the stick; mirrors backup into /mnt/sysroot/var/log/veilor-install-logs/ so logs survive even on RO USB or detect failure - toggle: kernel cmdline veilor.install_logs=on\|off (default ON until v1.0 final); never fails install on log persistence error - kickstart/install-ostreecontainer-installer.ks: add %post --nochroot block calling helper with toggle-aware inline fallback if helper missing - .github/workflows/build-installer-iso.yml: switch bib config from [customizations.user] to [customizations.installer.kickstart] so our new %post --nochroot actually lands in the produced ISO; admin user now created by ks user directive (locked + chage 0); ostreecontainer line stripped (bib auto-appends it); kernel-cmdline-default limitation documented (osbuild/bootc-image-builder#899) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-08 00:51:16 +01:00
			`# ── %post --nochroot — persist install logs to USB (toggle: veilor.install_logs=on\|off) ──`
			`#`
			`# Runs OUTSIDE the target chroot so /tmp/anaconda.log etc. on the live`
			`# ramdisk are accessible alongside /mnt/sysroot. Calls the helper that`
			`# ships in the veilor-os OCI image overlay; if the helper is missing`
			`# (corrupt overlay, stripped image, etc.) we fall back to a minimal`
			`# inline copy. NEVER fail the install over log persistence.`
			`#`
			`# Default: ON until v1.0 final. Disable per-boot:`
			`# edit GRUB / press 'e', append: veilor.install_logs=off`
			`%post --nochroot --erroronfail=no`
			`set -uo pipefail`

			`VEILOR_HELPER="/mnt/sysroot/usr/share/veilor-os/scripts/persist-install-logs.sh"`
			`[ -x "$VEILOR_HELPER" ] \|\| VEILOR_HELPER="/mnt/sysimage/usr/share/veilor-os/scripts/persist-install-logs.sh"`

			`if [ -x "$VEILOR_HELPER" ]; then`
			`"$VEILOR_HELPER" \|\| true`
			`else`
			`# Inline fallback — toggle-aware, backup-only (no USB write attempt).`
			`TS="$(date -u +%Y-%m-%dT%H-%M-%SZ)"`
			`SR=/mnt/sysroot; [ -d "$SR" ] \|\| SR=/mnt/sysimage`
			`DST="${SR}/var/log/veilor-install-logs/${TS}"`
			`TOGGLE=on`
			`for tok in $(cat /proc/cmdline 2>/dev/null); do`
			`case "$tok" in veilor.install_logs=off\|veilor.install_logs=0\|veilor.install_logs=false\|veilor.install_logs=no) TOGGLE=off ;; esac`
			`done`
			`if [ "$TOGGLE" = "on" ]; then`
			`mkdir -p "$DST" 2>/dev/null \|\| true`
			`for f in /tmp/anaconda.log /tmp/program.log /tmp/storage.log \`
			`/tmp/packaging.log /tmp/syslog /tmp/dnf.log \`
			`/tmp/ks.cfg /run/veilor-installer.log; do`
			`[ -e "$f" ] && cp -a "$f" "$DST/" 2>/dev/null \|\| true`
			`done`
			`dmesg > "$DST/dmesg.txt" 2>/dev/null \|\| true`
			`journalctl --no-pager -b > "$DST/journalctl-b.txt" 2>/dev/null \|\| true`
			`echo "[veilor] inline fallback used — helper missing at $VEILOR_HELPER" \`
			`> "$DST/manifest.txt"`
			`fi`
			`fi`
			`exit 0`
			`%end`