76 lines
2.5 KiB
Markdown
76 lines
2.5 KiB
Markdown
# Building veilor-os
|
|
|
|
## Requirements
|
|
|
|
- **Host:** Fedora 43+ or RHEL/CentOS 9+ (anything with podman + KVM bits)
|
|
- **podman** with rootless or rootful — privileged mode required
|
|
- **Disk:** ~15GB free for build cache + ISO
|
|
- **Network:** internet (pulls Fedora repos, base container)
|
|
|
|
## One-shot build
|
|
|
|
From repo root:
|
|
|
|
```bash
|
|
./build/build-iso.sh
|
|
```
|
|
|
|
Output: `build/out/veilor-os-43-YYYYMMDD.iso` and `.sha256`.
|
|
|
|
## What the build does
|
|
|
|
1. `ksvalidator` checks `kickstart/veilor-os.ks` syntax.
|
|
2. Builds `veilor-build:latest` container from `build/Containerfile`
|
|
(Fedora 43 base + lorax + livemedia-creator + pykickstart).
|
|
3. Runs `livemedia-creator --make-iso --no-virt` inside the container
|
|
with `--privileged` (loop devices and chroot mounts required).
|
|
4. Anaconda runs the kickstart in a tmpfs root, packages are pulled,
|
|
`%post` executes (hardening + theme + branding), root is squashed
|
|
into a Live ISO.
|
|
5. ISO + sha256 + build log dropped in `build/out/`.
|
|
|
|
## Custom builds
|
|
|
|
Environment variables:
|
|
|
|
```bash
|
|
RELEASEVER=43 ./build/build-iso.sh # default
|
|
RELEASEVER=44 ./build/build-iso.sh # rebase to Fedora 44 when released
|
|
```
|
|
|
|
Edit `kickstart/veilor-os.ks` to:
|
|
|
|
- Change locale / timezone (`lang`, `keyboard`, `timezone` lines)
|
|
- Add/remove packages (`%packages` section)
|
|
- Adjust LUKS parameters (`part pv.veilor` line)
|
|
|
|
## Writing to USB
|
|
|
|
```bash
|
|
sudo dd if=build/out/veilor-os-43-YYYYMMDD.iso of=/dev/sdX bs=4M status=progress conv=fsync
|
|
sync
|
|
```
|
|
|
|
Replace `/dev/sdX` with your USB device. **Triple-check** with `lsblk`
|
|
before running — `dd` will overwrite without warning.
|
|
|
|
Ventoy is **not** supported for hardened-install ISOs because Anaconda
|
|
expects to find the kickstart at the ISO root. Use `dd` directly.
|
|
|
|
## Troubleshooting
|
|
|
|
- **`livemedia-creator` fails inside container:** ensure `--privileged`
|
|
is set (the script already passes it). On hosts with strict SELinux,
|
|
set `setsebool -P container_manage_cgroup on` once.
|
|
- **Packages not found:** the Fedora mirror may have moved. Update
|
|
`url --mirrorlist=` in the kickstart.
|
|
- **Kickstart syntax errors:** run `ksvalidator kickstart/veilor-os.ks`
|
|
directly. Errors point to a line number in the .ks file.
|
|
- **Build hangs at "Setting up Install Process":** Fedora mirror
|
|
timeouts. Pin a specific mirror with `url --url=https://...`.
|
|
|
|
## Reproducibility
|
|
|
|
The same kickstart + same Fedora release version + same overlay tree
|
|
should produce ISOs with identical package sets. Bit-for-bit identical
|
|
ISOs require pinning Fedora compose IDs (planned for v1).
|