# Building veilor-os

## Requirements

- **Host:** Fedora 43+ or RHEL/CentOS 9+ (anything with podman + KVM bits)
- **podman** with rootless or rootful — privileged mode required
- **Disk:** ~15GB free for build cache + ISO
- **Network:** internet (pulls Fedora repos, base container)

## One-shot build

From repo root:

```bash
./build/build-iso.sh
```

Output: `build/out/veilor-os-43-YYYYMMDD.iso` and `.sha256`.

## What the build does

1. `ksvalidator` checks `kickstart/veilor-os.ks` syntax.
2. Builds `veilor-build:latest` container from `build/Containerfile`
   (Fedora 43 base + lorax + livemedia-creator + pykickstart).
3. Runs `livemedia-creator --make-iso --no-virt` inside the container
   with `--privileged` (loop devices and chroot mounts required).
4. Anaconda runs the kickstart in a tmpfs root, packages are pulled,
   `%post` executes (hardening + theme + branding), root is squashed
   into a Live ISO.
5. ISO + sha256 + build log dropped in `build/out/`.

## Custom builds

Environment variables:

```bash
RELEASEVER=43 ./build/build-iso.sh   # default
RELEASEVER=44 ./build/build-iso.sh   # rebase to Fedora 44 when released
```

Edit `kickstart/veilor-os.ks` to:

- Change locale / timezone (`lang`, `keyboard`, `timezone` lines)
- Add/remove packages (`%packages` section)
- Adjust LUKS parameters (`part pv.veilor` line)

## Writing to USB

```bash
sudo dd if=build/out/veilor-os-43-YYYYMMDD.iso of=/dev/sdX bs=4M status=progress conv=fsync
sync
```

Replace `/dev/sdX` with your USB device. **Triple-check** with `lsblk`
before running — `dd` will overwrite without warning.

Ventoy is **not** supported for hardened-install ISOs because Anaconda
expects to find the kickstart at the ISO root. Use `dd` directly.

## Troubleshooting

- **`livemedia-creator` fails inside container:** ensure `--privileged`
  is set (the script already passes it). On hosts with strict SELinux,
  set `setsebool -P container_manage_cgroup on` once.
- **Packages not found:** the Fedora mirror may have moved. Update
  `url --mirrorlist=` in the kickstart.
- **Kickstart syntax errors:** run `ksvalidator kickstart/veilor-os.ks`
  directly. Errors point to a line number in the .ks file.
- **Build hangs at "Setting up Install Process":** Fedora mirror
  timeouts. Pin a specific mirror with `url --url=https://...`.

## Reproducibility

The same kickstart + same Fedora release version + same overlay tree
should produce ISOs with identical package sets. Bit-for-bit identical
ISOs require pinning Fedora compose IDs (planned for v1).