diff --git a/build/build-iso.sh b/build/build-iso.sh index a430efc..2f29a57 100755 --- a/build/build-iso.sh +++ b/build/build-iso.sh @@ -1,6 +1,12 @@ #!/usr/bin/env bash -# veilor-os — ISO builder -# Wraps livemedia-creator inside a podman container for reproducibility. +# veilor-os — ISO builder (host-native via livemedia-creator) +# +# Why host-native: rootful podman fights btrfs (overlay unsupported) and +# rootless can't losetup. Container build env added too much friction; +# host-native is the clean path. Required RPMs: +# sudo dnf install lorax livecd-tools pykickstart anaconda-tui \ +# squashfs-tools xorriso +# # Run from repo root. set -euo pipefail @@ -9,53 +15,49 @@ REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" OUT_DIR="$REPO_ROOT/build/out" KS="$REPO_ROOT/kickstart/veilor-os.ks" RELEASEVER="${RELEASEVER:-43}" -DATE="$(date +%Y%m%d)" +DATE="$(date +%Y%m%d-%H%M%S)" ISO_NAME="veilor-os-${RELEASEVER}-${DATE}.iso" mkdir -p "$OUT_DIR" # ── Validate kickstart ── -if command -v ksvalidator &>/dev/null; then - ksvalidator "$KS" -fi +ksvalidator "$KS" -# ── Build container (rootless OK) ── -podman build -t veilor-build:latest "$REPO_ROOT/build" - -# ── Build ISO (rootful — losetup + mount need real CAP_SYS_ADMIN) ── -# rootless podman can't create loop devices even with --privileged because the -# host kernel rejects CAP_SYS_ADMIN from a user namespace. -SUDO="" +# ── Require root (loop devices, mount, dnf install into chroot) ── if [[ $EUID -ne 0 ]]; then - SUDO="sudo" - echo "[INFO] Running ISO build under sudo (loop devices require root)" + echo "[INFO] Re-executing under sudo (loop devices + chroot mounts need root)" + exec sudo -E SUDO_ASKPASS="${SUDO_ASKPASS:-/usr/bin/ksshaskpass}" -A "$0" "$@" fi -# Make rootful podman see the rootless-built image -$SUDO podman load -i <(podman save veilor-build:latest) 2>/dev/null || \ - $SUDO podman build -t veilor-build:latest "$REPO_ROOT/build" +# ── Required tooling check ── +for cmd in livemedia-creator ksvalidator mksquashfs xorriso; do + command -v "$cmd" >/dev/null || { + echo "[ERR] $cmd not found. Install: dnf install lorax livecd-tools pykickstart anaconda-tui squashfs-tools xorriso" + exit 1 + } +done -$SUDO podman run --rm --privileged \ - --security-opt label=disable \ - -v /dev:/dev \ - -v "$REPO_ROOT:/work" \ - -v "$OUT_DIR:/out" \ - veilor-build:latest -c " - set -e - rm -rf /out/build-${DATE} /tmp/lmc - livemedia-creator \ - --make-iso \ - --no-virt \ - --ks /work/kickstart/veilor-os.ks \ - --resultdir /out/build-${DATE} \ - --project veilor-os \ - --releasever ${RELEASEVER} \ - --volid VEILOR_OS \ - --tmp /tmp/lmc \ - --logfile /out/build-${DATE}.log - cp /out/build-${DATE}/*.iso /out/${ISO_NAME} - sha256sum /out/${ISO_NAME} > /out/${ISO_NAME}.sha256 - " +# ── Clean stale build dirs ── +rm -rf "$OUT_DIR/build-${DATE}" /tmp/veilor-lmc + +# ── Build ISO ── +livemedia-creator \ + --make-iso \ + --no-virt \ + --ks "$KS" \ + --resultdir "$OUT_DIR/build-${DATE}" \ + --project veilor-os \ + --releasever "$RELEASEVER" \ + --volid VEILOR_OS \ + --tmp /tmp/veilor-lmc \ + --logfile "$OUT_DIR/build-${DATE}.log" + +# ── Move + checksum ── +ISO_SRC="$(find "$OUT_DIR/build-${DATE}" -name '*.iso' -type f | head -1)" +[[ -n $ISO_SRC ]] || { echo "[ERR] No ISO produced"; exit 1; } + +mv "$ISO_SRC" "$OUT_DIR/$ISO_NAME" +sha256sum "$OUT_DIR/$ISO_NAME" > "$OUT_DIR/$ISO_NAME.sha256" echo echo "════════════════════════════════════════════════════════" @@ -64,5 +66,5 @@ echo " Checksum: $OUT_DIR/$ISO_NAME.sha256" echo " Build log: $OUT_DIR/build-${DATE}.log" echo "════════════════════════════════════════════════════════" echo -echo " Write to USB: sudo dd if=$OUT_DIR/$ISO_NAME of=/dev/sdX bs=4M status=progress conv=fsync" -echo " (replace /dev/sdX with your USB device — use lsblk to identify)" +echo " Test in VM: ./test/run-vm.sh" +echo " Write to USB: dd if=$OUT_DIR/$ISO_NAME of=/dev/sdX bs=4M status=progress conv=fsync"