ks: add upstream live plumbing + explicit base repo
Agent A: missing livesys-scripts + anaconda-live = lorax can't build EFI/BOOT. Agent B: livecd-creator ignores url=, only reads repo.repoList — added explicit repo --name=fedora to feed it the base. Both Fedora's own pipeline + livecd-creator now have what they need. Live image plumbing in %post: enable livesys.service livesys-late.service tmp.mount, reset machine-id.
This commit is contained in:
veilor-org
parent
3e6cd79f81
commit
084582e0e5
1 changed files with 23 additions and 5 deletions
|
|
@ -9,12 +9,13 @@
|
|||
# file_contexts.bin, which fails chroot %triggerin against host's
|
||||
# libselinux (built against pcre2 10.46). 43.7 in updates is rebuilt.
|
||||
url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
|
||||
# Explicit `repo --name=fedora` lets livecd-creator see base repo (it only
|
||||
# reads repo.repoList, ignores url= directive). livemedia-creator + Anaconda
|
||||
# honor both. No behavior change for either tool.
|
||||
repo --name=fedora --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64" --install
|
||||
repo --name=updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --install
|
||||
# Local fix-repo: ships selinux-policy 43.7 + pcre2 10.47 paired (matched
|
||||
# regex versions) — bypasses Anaconda's repo-merger ignoring cost/priority
|
||||
# from updates. cost=1 = highest priority. Build via:
|
||||
# dnf download pcre2-10.47 selinux-policy-43.7 ... -d /tmp/veilor-fix-repo
|
||||
# createrepo_c /tmp/veilor-fix-repo
|
||||
# Local fix-repo: build-time-only workaround for host pcre2/libselinux skew.
|
||||
# Stripped from CI ks via sed in build-iso.yml. NOT shipped state.
|
||||
repo --name=veilor-fix --baseurl=file:///tmp/veilor-fix-repo --install --cost=1
|
||||
|
||||
# ── Locale / keyboard / time (template — adjust per build) ──
|
||||
|
|
@ -62,6 +63,15 @@ part / --fstype=ext4 --size=8192
|
|||
@standard
|
||||
|
||||
# live install plumbing (required by livemedia-creator --make-iso)
|
||||
# CRITICAL: livesys-scripts + anaconda-live ship the systemd units lorax expects
|
||||
# at squashfs creation. Without them, EFI/BOOT not built and ISO wrap fails.
|
||||
# (Upstream Fedora's fedora-live-kde.ks includes these via fedora-live-base.ks.)
|
||||
livesys-scripts
|
||||
anaconda-live
|
||||
@anaconda-tools
|
||||
kernel-modules
|
||||
kernel-modules-extra
|
||||
glibc-all-langpacks
|
||||
dracut-live
|
||||
dracut-config-generic
|
||||
kernel
|
||||
|
|
@ -167,6 +177,14 @@ echo "════════════════════════
|
|||
REPO=/usr/share/veilor-os
|
||||
chmod +x $REPO/scripts/*.sh $REPO/scripts/selinux/*.sh /usr/local/bin/veilor-power /usr/local/sbin/veilor-firstboot
|
||||
|
||||
# Live image plumbing (matches upstream Fedora live ks). Without these the
|
||||
# squashfs/EFI build fails — livesys-scripts ships systemd units lorax expects.
|
||||
systemctl enable livesys.service livesys-late.service 2>/dev/null || true
|
||||
systemctl enable tmp.mount 2>/dev/null || true
|
||||
|
||||
# /etc/machine-id reset on first boot (live image baseline)
|
||||
> /etc/machine-id
|
||||
|
||||
# Apply hardening
|
||||
bash $REPO/scripts/10-harden-base.sh
|
||||
bash $REPO/scripts/20-harden-kernel.sh
|
||||
|
|
|
|||
Loading…
Reference in a new issue