From 36d5c2ca88670b71547e41a086979a1479b4a971 Mon Sep 17 00:00:00 2001 From: claude-veilor-bot <279801990+s8n-ru@users.noreply.github.com> Date: Wed, 6 May 2026 15:55:08 +0100 Subject: [PATCH] =?UTF-8?q?docs(ROADMAP):=20pivot=20=E2=80=94=20v0.6=20can?= =?UTF-8?q?celled,=20v0.7=20BlueBuild=20OCI=20is=20mainline?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Strategy pivot 2026-05-06: v0.5.32 produced a green ISO on Forgejo runner. That's the kickstart-path proof point. Continuing v0.6 kickstart polish is sunk-cost work on tooling retired at v1.0. Pivot: - v0.5.0 is the FINAL kickstart-path release. Tag, freeze, ship. - v0.6 cancelled as a milestone. Original plan kept inline as HISTORICAL reference. - v0.7 promoted to primary active milestone. Absorbs the v0.6 ergonomic CLI tools (veilor-postinstall / veilor-doctor / veilor-update) with bootc upgrade replacing dnf upgrade. - Active branch: v0.7-bluebuild-spike. All future feature work lands there, not on main. Co-Authored-By: Claude Opus 4.7 --- docs/ROADMAP.md | 65 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 2 deletions(-) diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index 8e09f94..457f654 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -9,6 +9,31 @@ For the historical record of what landed in each release, see --- +## ⚡ STRATEGY PIVOT — 2026-05-06 + +**Decision: skip v0.6 kickstart polish. Pivot directly to v0.7 +BlueBuild OCI path.** + +Reasons: +- v0.5.32 produced a green ISO (2.7 GB) on the Forgejo runner. Proof + point achieved. +- Continuing to debug `livecd-creator` + `anaconda` quirks for v0.6 + polish is sunk-cost work on tooling we retire at v1.0 anyway. +- v0.7 spike already has a working BlueBuild recipe + `ostreecontainer` + kickstart directive. Layering veilor branding + installer + power CLI + on top of secureblue beats re-deriving the same hardening from + scratch. +- Ergonomic CLI tools (`veilor-postinstall`, `veilor-doctor`, + `veilor-update`) translate cleanly to v0.7: `bootc upgrade` replaces + `dnf upgrade`. Move them into v0.7 scope. + +**v0.5.0 is the final kickstart-path release.** Tag, freeze, ship as +proof-of-work / portfolio anchor. **v0.6 cancelled as a milestone.** + +Active focus: `v0.7-bluebuild-spike` branch. + +--- + ## Lessons learned through v0.5.x install grind Five things v0.5.27–31 changed about how we plan: @@ -165,7 +190,22 @@ specified — defaults stay sane for a daily driver. --- -## v0.6 — ergonomics (PROMOTED — install grind proved we need this) +## v0.6 — CANCELLED 2026-05-06 (folded into v0.7) + +Per the strategy pivot at the top of this file: v0.6 kickstart polish +will not ship. Continuing on the kickstart path means more +livecd-creator + anaconda debugging on tooling that's retired at v1.0. +The flagship v0.6 deliverables (`veilor-postinstall`, `veilor-doctor`, +`veilor-update`, opt-in installer ISO, first-boot Plymouth dialog, +Bluetooth helper) move into **v0.7 scope** with `bootc upgrade` +replacing `dnf upgrade` in the update path. + +The original v0.6 plan is preserved below for reference but is **not +the active roadmap**. + +--- + +## v0.6 — ergonomics (HISTORICAL — superseded by v0.7) Smooth the operator experience so day-to-day work doesn't fight the hardening. `veilor-postinstall` and `veilor-doctor` were v0.6 background @@ -204,7 +244,28 @@ distro from a kickstart. --- -## v0.7 — public flex + bootc spike +## v0.7 — BlueBuild OCI mainline (ACTIVE — primary focus 2026-05-06+) + +This was originally planned as "public flex + bootc spike". Post-pivot, +v0.7 is now the **primary active milestone** — it absorbs all v0.6 +ergonomic work and becomes the next ship target. + +Scope: +- BlueBuild recipe (`bluebuild/recipe.yml`) layering on + `ghcr.io/secureblue/securecore-kinoite-hardened-userns` +- `kickstart/install-ostreecontainer.ks` — 10-line kickstart that calls + `ostreecontainer --url=ghcr.io/veilor-org/veilor-os:43 --transport=registry` + and lets Anaconda's LUKS UX drive the install +- veilor brand layer: KDE black theme, gum installer assets, custom + Konsole profile, branded `os-release` +- `veilor-power` 3-mode CLI (lifted as-is from v0.5.x overlay) +- `veilor-postinstall` (formerly v0.6 flagship) — first-login TUI +- `veilor-doctor` (formerly v0.6) — boot-time + weekly drift check +- `veilor-update` rewritten on `bootc upgrade` (was `dnf upgrade`) +- Forgejo registry as primary OCI publish target; GHCR mirror optional +- cosign key-pair signing of OCI image (replaces broken keyless flow) + +Public-flex items kept from original v0.7 entry: Take veilor-os out of "private repo, contained audience" mode. Order matters: people demand threat model FIRST when a security distro goes