veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
veilor-os/docs/BUILD.md

2.5 KiB
Raw Permalink Blame History

Building veilor-os

Requirements

  • Host: Fedora 43+ or RHEL/CentOS 9+ (anything with podman + KVM bits)
  • podman with rootless or rootful — privileged mode required
  • Disk: ~15GB free for build cache + ISO
  • Network: internet (pulls Fedora repos, base container)

One-shot build

From repo root:

./build/build-iso.sh

Output: build/out/veilor-os-43-YYYYMMDD.iso and .sha256.

What the build does

  1. ksvalidator checks kickstart/veilor-os.ks syntax.
  2. Builds veilor-build:latest container from build/Containerfile (Fedora 43 base + lorax + livemedia-creator + pykickstart).
  3. Runs livemedia-creator --make-iso --no-virt inside the container with --privileged (loop devices and chroot mounts required).
  4. Anaconda runs the kickstart in a tmpfs root, packages are pulled, %post executes (hardening + theme + branding), root is squashed into a Live ISO.
  5. ISO + sha256 + build log dropped in build/out/.

Custom builds

Environment variables:

RELEASEVER=43 ./build/build-iso.sh   # default
RELEASEVER=44 ./build/build-iso.sh   # rebase to Fedora 44 when released

Edit kickstart/veilor-os.ks to:

  • Change locale / timezone (lang, keyboard, timezone lines)
  • Add/remove packages (%packages section)
  • Adjust LUKS parameters (part pv.veilor line)

Writing to USB

sudo dd if=build/out/veilor-os-43-YYYYMMDD.iso of=/dev/sdX bs=4M status=progress conv=fsync
sync

Replace /dev/sdX with your USB device. Triple-check with lsblk before running — dd will overwrite without warning.

Ventoy is not supported for hardened-install ISOs because Anaconda expects to find the kickstart at the ISO root. Use dd directly.

Troubleshooting

  • livemedia-creator fails inside container: ensure --privileged is set (the script already passes it). On hosts with strict SELinux, set setsebool -P container_manage_cgroup on once.
  • Packages not found: the Fedora mirror may have moved. Update url --mirrorlist= in the kickstart.
  • Kickstart syntax errors: run ksvalidator kickstart/veilor-os.ks directly. Errors point to a line number in the .ks file.
  • Build hangs at "Setting up Install Process": Fedora mirror timeouts. Pin a specific mirror with url --url=https://....

Reproducibility

The same kickstart + same Fedora release version + same overlay tree should produce ISOs with identical package sets. Bit-for-bit identical ISOs require pinning Fedora compose IDs (planned for v1).