build: pivot to host-native lorax — container fight btrfs+netavark, host clean path
This commit is contained in:
veilor
parent
4e1ccdbb1a
commit
8176f117cd
1 changed files with 43 additions and 41 deletions
|
|
@ -1,6 +1,12 @@
|
|||
#!/usr/bin/env bash
|
||||
# veilor-os — ISO builder
|
||||
# Wraps livemedia-creator inside a podman container for reproducibility.
|
||||
# veilor-os — ISO builder (host-native via livemedia-creator)
|
||||
#
|
||||
# Why host-native: rootful podman fights btrfs (overlay unsupported) and
|
||||
# rootless can't losetup. Container build env added too much friction;
|
||||
# host-native is the clean path. Required RPMs:
|
||||
# sudo dnf install lorax livecd-tools pykickstart anaconda-tui \
|
||||
# squashfs-tools xorriso
|
||||
#
|
||||
# Run from repo root.
|
||||
|
||||
set -euo pipefail
|
||||
|
|
@ -9,53 +15,49 @@ REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
|||
OUT_DIR="$REPO_ROOT/build/out"
|
||||
KS="$REPO_ROOT/kickstart/veilor-os.ks"
|
||||
RELEASEVER="${RELEASEVER:-43}"
|
||||
DATE="$(date +%Y%m%d)"
|
||||
DATE="$(date +%Y%m%d-%H%M%S)"
|
||||
ISO_NAME="veilor-os-${RELEASEVER}-${DATE}.iso"
|
||||
|
||||
mkdir -p "$OUT_DIR"
|
||||
|
||||
# ── Validate kickstart ──
|
||||
if command -v ksvalidator &>/dev/null; then
|
||||
ksvalidator "$KS"
|
||||
fi
|
||||
ksvalidator "$KS"
|
||||
|
||||
# ── Build container (rootless OK) ──
|
||||
podman build -t veilor-build:latest "$REPO_ROOT/build"
|
||||
|
||||
# ── Build ISO (rootful — losetup + mount need real CAP_SYS_ADMIN) ──
|
||||
# rootless podman can't create loop devices even with --privileged because the
|
||||
# host kernel rejects CAP_SYS_ADMIN from a user namespace.
|
||||
SUDO=""
|
||||
# ── Require root (loop devices, mount, dnf install into chroot) ──
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
SUDO="sudo"
|
||||
echo "[INFO] Running ISO build under sudo (loop devices require root)"
|
||||
echo "[INFO] Re-executing under sudo (loop devices + chroot mounts need root)"
|
||||
exec sudo -E SUDO_ASKPASS="${SUDO_ASKPASS:-/usr/bin/ksshaskpass}" -A "$0" "$@"
|
||||
fi
|
||||
|
||||
# Make rootful podman see the rootless-built image
|
||||
$SUDO podman load -i <(podman save veilor-build:latest) 2>/dev/null || \
|
||||
$SUDO podman build -t veilor-build:latest "$REPO_ROOT/build"
|
||||
# ── Required tooling check ──
|
||||
for cmd in livemedia-creator ksvalidator mksquashfs xorriso; do
|
||||
command -v "$cmd" >/dev/null || {
|
||||
echo "[ERR] $cmd not found. Install: dnf install lorax livecd-tools pykickstart anaconda-tui squashfs-tools xorriso"
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
|
||||
$SUDO podman run --rm --privileged \
|
||||
--security-opt label=disable \
|
||||
-v /dev:/dev \
|
||||
-v "$REPO_ROOT:/work" \
|
||||
-v "$OUT_DIR:/out" \
|
||||
veilor-build:latest -c "
|
||||
set -e
|
||||
rm -rf /out/build-${DATE} /tmp/lmc
|
||||
livemedia-creator \
|
||||
--make-iso \
|
||||
--no-virt \
|
||||
--ks /work/kickstart/veilor-os.ks \
|
||||
--resultdir /out/build-${DATE} \
|
||||
--project veilor-os \
|
||||
--releasever ${RELEASEVER} \
|
||||
--volid VEILOR_OS \
|
||||
--tmp /tmp/lmc \
|
||||
--logfile /out/build-${DATE}.log
|
||||
cp /out/build-${DATE}/*.iso /out/${ISO_NAME}
|
||||
sha256sum /out/${ISO_NAME} > /out/${ISO_NAME}.sha256
|
||||
"
|
||||
# ── Clean stale build dirs ──
|
||||
rm -rf "$OUT_DIR/build-${DATE}" /tmp/veilor-lmc
|
||||
|
||||
# ── Build ISO ──
|
||||
livemedia-creator \
|
||||
--make-iso \
|
||||
--no-virt \
|
||||
--ks "$KS" \
|
||||
--resultdir "$OUT_DIR/build-${DATE}" \
|
||||
--project veilor-os \
|
||||
--releasever "$RELEASEVER" \
|
||||
--volid VEILOR_OS \
|
||||
--tmp /tmp/veilor-lmc \
|
||||
--logfile "$OUT_DIR/build-${DATE}.log"
|
||||
|
||||
# ── Move + checksum ──
|
||||
ISO_SRC="$(find "$OUT_DIR/build-${DATE}" -name '*.iso' -type f | head -1)"
|
||||
[[ -n $ISO_SRC ]] || { echo "[ERR] No ISO produced"; exit 1; }
|
||||
|
||||
mv "$ISO_SRC" "$OUT_DIR/$ISO_NAME"
|
||||
sha256sum "$OUT_DIR/$ISO_NAME" > "$OUT_DIR/$ISO_NAME.sha256"
|
||||
|
||||
echo
|
||||
echo "════════════════════════════════════════════════════════"
|
||||
|
|
@ -64,5 +66,5 @@ echo " Checksum: $OUT_DIR/$ISO_NAME.sha256"
|
|||
echo " Build log: $OUT_DIR/build-${DATE}.log"
|
||||
echo "════════════════════════════════════════════════════════"
|
||||
echo
|
||||
echo " Write to USB: sudo dd if=$OUT_DIR/$ISO_NAME of=/dev/sdX bs=4M status=progress conv=fsync"
|
||||
echo " (replace /dev/sdX with your USB device — use lsblk to identify)"
|
||||
echo " Test in VM: ./test/run-vm.sh"
|
||||
echo " Write to USB: dd if=$OUT_DIR/$ISO_NAME of=/dev/sdX bs=4M status=progress conv=fsync"
|
||||
|
|
|
|||
Loading…
Reference in a new issue