veilor-org/veilor-os

Author SHA1 Message Date

Author	SHA1	Message	Date
veilor-org	46dc615c8e	v0.5.1: gum installer + full veilor-os ks generation Two changes, one commit (matches v0.5.1 milestone): 1. Swap whiptail → gum (charm.sh) - Source /usr/share/veilor-os/assets/installer/colors.gum at top so all prompts pick up branded GUM_* env vars. - Render banner.txt via `gum style --border rounded`. - Wrap every prompt behind prompt_choose / prompt_input / prompt_password / prompt_confirm / prompt_message / prompt_error helpers that dispatch gum→whiptail based on `command -v gum`. Defensive: minimal images without /usr/local/bin/gum still get a working TUI. - Main menu items now use literal labels (case-matched), not 1..5 tags. 2. Generated kickstart now installs full veilor-os Previously emitted a vanilla F43 KDE + ~12 hardening packages with no overlay/scripts/branding. Now mirrors live ks (kickstart/veilor-os.ks 63-141) for %packages, plus: - %post --nochroot copies overlay/, scripts/, assets/ from /run/install/repo/veilor (single source — boot ISO mount path). - %post (chroot) runs scripts/10-harden-base.sh, 20-harden-kernel.sh, selinux/build-policy.sh, kde-theme-apply.sh. - `chage -d 0 admin` so first login forces password change. (Account itself is created by anaconda from the `user` directive — admin pw collected via gum is passed through --plaintext.) - `systemctl set-default graphical.target` (real install boots SDDM, not the TTY1 installer like live). - Drops live-only entries (livesys-scripts, anaconda-live, dracut-live, isomd5sum, xorriso, livesys.service enables). Tested: bash -n clean; ksvalidator on a substituted-placeholder copy exits 0. gum binary itself (/usr/local/bin/gum) is vendored by a separate build-side change — not in this PR.	2026-05-02 04:03:58 +01:00
veilor-org	fc7c3f858b	v0.5.0-beta: fix 4 installer blockers found during lint Bugs found by agent linter on v0.5.0-alpha: 1. logvol missing --size: ksvalidator rejected. Added --size=8192 --grow. 2. bootloader --location=mbr on UEFI: conflicts with /boot/efi part. Switched to --location=none (anaconda auto-detects EFI vs BIOS). 3. lsblk awk truncated multi-word disk models ("WD PC SN740" → "WD"). Now collapses model spaces to underscores, preserves full string. Also added mmcblk to disk regex (eMMC support). 4. Heredoc with $VAR expansion + passwords containing $/`/" corrupted generated ks. Now: single-quoted heredoc + sed placeholder substitution. Plus input validator rejects "$\` chars in passwords. ksvalidator clean on sample generated ks. bash -n clean. CI build still in flight (`3328ffb`). This pushes a new commit; CI will run again with these fixes. Net delay: zero (3328ffb's installer was broken anyway, so its ISO unusable for install path).	2026-05-02 03:42:15 +01:00
veilor-org	3328ffb460	v0.5.0-alpha: TTY1 installer (omarchy/archinstall-style) Adds: - overlay/usr/local/sbin/veilor-installer — bash+whiptail TUI - overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf → replaces tty1 login with installer - ks: newt + parted + cryptsetup + lvm2 + btrfs-progs packages - ks: systemctl set-default multi-user.target (TTY1 lands first; user picks "Try live — desktop" from menu to isolate graphical.target) - ks: chmod +x veilor-installer in chroot %post Flow: 1. Boot ISO → TTY1 → ASCII banner + menu: 1) Install to disk 2) Try live — desktop 3) Try live — shell 4) Reboot 5) Power off 2. Install path: collects disk/hostname/LUKS/admin pw/locale via whiptail, generates /run/install/veilor-generated.ks, execs anaconda --kickstart= 3. Reboots into hardened install with full init_on_alloc/free cmdline Known limitations (v0.5.0-alpha): - Generated ks doesn't yet copy overlay/scripts into target (anaconda installs base Fedora, missing veilor branding/hardening). Fix in v0.5.1. - whiptail = ugly. v0.5.1 swaps to gum (Go TUI) for omarchy-tier UX. - No mid-install progress bar; anaconda runs unattended in same tty.	2026-05-02 03:20:42 +01:00

veilor-org

46dc615c8e

v0.5.1: gum installer + full veilor-os ks generation

Two changes, one commit (matches v0.5.1 milestone):

1. Swap whiptail → gum (charm.sh)
   - Source /usr/share/veilor-os/assets/installer/colors.gum at top so all
     prompts pick up branded GUM_* env vars.
   - Render banner.txt via `gum style --border rounded`.
   - Wrap every prompt behind prompt_choose / prompt_input / prompt_password
     / prompt_confirm / prompt_message / prompt_error helpers that dispatch
     gum→whiptail based on `command -v gum`. Defensive: minimal images
     without /usr/local/bin/gum still get a working TUI.
   - Main menu items now use literal labels (case-matched), not 1..5 tags.

2. Generated kickstart now installs full veilor-os
   Previously emitted a vanilla F43 KDE + ~12 hardening packages with no
   overlay/scripts/branding. Now mirrors live ks (kickstart/veilor-os.ks
   63-141) for %packages, plus:
   - %post --nochroot copies overlay/, scripts/, assets/ from
     /run/install/repo/veilor (single source — boot ISO mount path).
   - %post (chroot) runs scripts/10-harden-base.sh, 20-harden-kernel.sh,
     selinux/build-policy.sh, kde-theme-apply.sh.
   - `chage -d 0 admin` so first login forces password change. (Account
     itself is created by anaconda from the `user` directive — admin pw
     collected via gum is passed through --plaintext.)
   - `systemctl set-default graphical.target` (real install boots SDDM,
     not the TTY1 installer like live).
   - Drops live-only entries (livesys-scripts, anaconda-live, dracut-live,
     isomd5sum, xorriso, livesys.service enables).

Tested: bash -n clean; ksvalidator on a substituted-placeholder copy
exits 0.

gum binary itself (/usr/local/bin/gum) is vendored by a separate
build-side change — not in this PR.

2026-05-02 04:03:58 +01:00

veilor-org

fc7c3f858b

v0.5.0-beta: fix 4 installer blockers found during lint

Bugs found by agent linter on v0.5.0-alpha:

1. logvol missing --size: ksvalidator rejected. Added --size=8192 --grow.
2. bootloader --location=mbr on UEFI: conflicts with /boot/efi part.
   Switched to --location=none (anaconda auto-detects EFI vs BIOS).
3. lsblk awk truncated multi-word disk models ("WD PC SN740" → "WD").
   Now collapses model spaces to underscores, preserves full string.
   Also added mmcblk to disk regex (eMMC support).
4. Heredoc with $VAR expansion + passwords containing $/`/" corrupted
   generated ks. Now: single-quoted heredoc + sed placeholder
   substitution. Plus input validator rejects "$\` chars in passwords.

ksvalidator clean on sample generated ks.
bash -n clean.

CI build still in flight (3328ffb). This pushes a new commit; CI will
run again with these fixes. Net delay: zero (3328ffb's installer was
broken anyway, so its ISO unusable for install path).

2026-05-02 03:42:15 +01:00

veilor-org

3328ffb460

v0.5.0-alpha: TTY1 installer (omarchy/archinstall-style)

Adds:
- overlay/usr/local/sbin/veilor-installer — bash+whiptail TUI
- overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf
  → replaces tty1 login with installer
- ks: newt + parted + cryptsetup + lvm2 + btrfs-progs packages
- ks: systemctl set-default multi-user.target (TTY1 lands first; user
  picks "Try live — desktop" from menu to isolate graphical.target)
- ks: chmod +x veilor-installer in chroot %post

Flow:
1. Boot ISO → TTY1 → ASCII banner + menu:
   1) Install to disk    2) Try live — desktop   3) Try live — shell
   4) Reboot             5) Power off
2. Install path: collects disk/hostname/LUKS/admin pw/locale via whiptail,
   generates /run/install/veilor-generated.ks, execs anaconda --kickstart=
3. Reboots into hardened install with full init_on_alloc/free cmdline

Known limitations (v0.5.0-alpha):
- Generated ks doesn't yet copy overlay/scripts into target (anaconda
  installs base Fedora, missing veilor branding/hardening). Fix in v0.5.1.
- whiptail = ugly. v0.5.1 swaps to gum (Go TUI) for omarchy-tier UX.
- No mid-install progress bar; anaconda runs unattended in same tty.

2026-05-02 03:20:42 +01:00

3 commits