veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

build: switch ISO run to rootful podman — rootless can't losetup (host CAP_SYS_ADMIN rejection)

Browse source
This commit is contained in:
veilor 2026-04-30 04:16:07 +01:00
parent d5c8638de5
commit 4e1ccdbb1a
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
build/build-iso.sh
View file

@ -19,12 +19,23 @@ if command -v ksvalidator &>/dev/null; then
ksvalidator "$KS" ksvalidator "$KS"
fi fi
# ── Build container ── # ── Build container (rootless OK) ──
podman build -t veilor-build:latest "$REPO_ROOT/build" podman build -t veilor-build:latest "$REPO_ROOT/build"
# ── Build ISO ── # ── Build ISO (rootful — losetup + mount need real CAP_SYS_ADMIN) ──
# --make-iso requires --privileged (loop devices, mount). # rootless podman can't create loop devices even with --privileged because the
podman run --rm --privileged \ # host kernel rejects CAP_SYS_ADMIN from a user namespace.
SUDO=""
if [[ $EUID -ne 0 ]]; then
SUDO="sudo"
echo "[INFO] Running ISO build under sudo (loop devices require root)"
fi
# Make rootful podman see the rootless-built image
$SUDO podman load -i <(podman save veilor-build:latest) 2>/dev/null || \
$SUDO podman build -t veilor-build:latest "$REPO_ROOT/build"
$SUDO podman run --rm --privileged \
--security-opt label=disable \ --security-opt label=disable \
-v /dev:/dev \ -v /dev:/dev \
-v "$REPO_ROOT:/work" \ -v "$REPO_ROOT:/work" \