From 084582e0e59a5cbe11b1c5d2a1952a9ecaa9e45a Mon Sep 17 00:00:00 2001 From: veilor-org Date: Thu, 30 Apr 2026 17:07:24 +0100 Subject: [PATCH] ks: add upstream live plumbing + explicit base repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Agent A: missing livesys-scripts + anaconda-live = lorax can't build EFI/BOOT. Agent B: livecd-creator ignores url=, only reads repo.repoList — added explicit repo --name=fedora to feed it the base. Both Fedora's own pipeline + livecd-creator now have what they need. Live image plumbing in %post: enable livesys.service livesys-late.service tmp.mount, reset machine-id. --- kickstart/veilor-os.ks | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/kickstart/veilor-os.ks b/kickstart/veilor-os.ks index 719ba27..30d89f3 100644 --- a/kickstart/veilor-os.ks +++ b/kickstart/veilor-os.ks @@ -9,12 +9,13 @@ # file_contexts.bin, which fails chroot %triggerin against host's # libselinux (built against pcre2 10.46). 43.7 in updates is rebuilt. url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64" +# Explicit `repo --name=fedora` lets livecd-creator see base repo (it only +# reads repo.repoList, ignores url= directive). livemedia-creator + Anaconda +# honor both. No behavior change for either tool. +repo --name=fedora --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64" --install repo --name=updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --install -# Local fix-repo: ships selinux-policy 43.7 + pcre2 10.47 paired (matched -# regex versions) — bypasses Anaconda's repo-merger ignoring cost/priority -# from updates. cost=1 = highest priority. Build via: -# dnf download pcre2-10.47 selinux-policy-43.7 ... -d /tmp/veilor-fix-repo -# createrepo_c /tmp/veilor-fix-repo +# Local fix-repo: build-time-only workaround for host pcre2/libselinux skew. +# Stripped from CI ks via sed in build-iso.yml. NOT shipped state. repo --name=veilor-fix --baseurl=file:///tmp/veilor-fix-repo --install --cost=1 # ── Locale / keyboard / time (template — adjust per build) ── @@ -62,6 +63,15 @@ part / --fstype=ext4 --size=8192 @standard # live install plumbing (required by livemedia-creator --make-iso) +# CRITICAL: livesys-scripts + anaconda-live ship the systemd units lorax expects +# at squashfs creation. Without them, EFI/BOOT not built and ISO wrap fails. +# (Upstream Fedora's fedora-live-kde.ks includes these via fedora-live-base.ks.) +livesys-scripts +anaconda-live +@anaconda-tools +kernel-modules +kernel-modules-extra +glibc-all-langpacks dracut-live dracut-config-generic kernel @@ -167,6 +177,14 @@ echo "════════════════════════ REPO=/usr/share/veilor-os chmod +x $REPO/scripts/*.sh $REPO/scripts/selinux/*.sh /usr/local/bin/veilor-power /usr/local/sbin/veilor-firstboot +# Live image plumbing (matches upstream Fedora live ks). Without these the +# squashfs/EFI build fails — livesys-scripts ships systemd units lorax expects. +systemctl enable livesys.service livesys-late.service 2>/dev/null || true +systemctl enable tmp.mount 2>/dev/null || true + +# /etc/machine-id reset on first boot (live image baseline) +> /etc/machine-id + # Apply hardening bash $REPO/scripts/10-harden-base.sh bash $REPO/scripts/20-harden-kernel.sh