image_builder checkpoint

2026-01-05 10:00:35 -05:00
parent b65ef9cbb7
commit 1c245a593a
3 changed files with 26 additions and 19 deletions
--- a/active/software_osbuild/image_builder.md
+++ b/active/software_osbuild/image_builder.md
@@ -33,18 +33,21 @@ sudo usermod -aG weldr $USER

 # Optional: cockpit dependency
 dnf install -y cockpit-composer
+
+# Optional: allow security profiles
+dnf install openscap-scanner scap-security-guide
 ```

 ## Building Images

 1. Create a toml file describing your image

-    See `fedora-42-base.toml` for an example.
+    See `fedora42-base.toml` for an example.

 2. Push the toml to composer

    ```bash
-    composer-cli blueprints push active/software_osbuild/fedora-42-base.toml
+    composer-cli blueprints push active/software_osbuild/fedora42-base.toml
    
    # List blueprints
    composer-cli blueprints list
@@ -57,13 +60,13 @@ dnf install -y cockpit-composer
    composer-cli compose types

    # Build the image
-    composer-cli compose start fedora-42-base qcow2
+    composer-cli compose start fedora42-base qcow2

    # Check status
    watch composer-cli compose status

    # Download logs if error
-    cd /tmp && composer-cli compose logs f91a12b6-01fd-4f94-91cc-9d5fb68b8129
+    cd /tmp && composer-cli compose logs 52963ac9-b680-4def-baaf-252845f0e3fe

    # Delete failed images
    composer-cli compose list failed -j | jq '.[].body.failed.[]?.id' | xargs -I '%' composer-cli compose delete '%'
@@ -79,16 +82,25 @@ dnf install -y cockpit-composer
    composer-cli compose list finished

    # Download the image
-    composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-base.qcow2 image-uuid
+    composer-cli compose image --filename active/software_osbuild/secrets/fedora43-base.qcow2 image-uuid

    # Test with qemu
-    qemu-kvm --name test-fedora-42-base -m 4096 -hda ~/Downloads/fedora-42-base.qcow2
+    virt-install \
+    --name "fedora43-base" \
+    --boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
+    --cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
+    --ram=8192 \
+    --os-variant=fedora41 \
+    --network bridge:virbr0 \
+    --graphics none \
+    --console pty,target.type=virtio \
+    --import --disk "path=active/software_osbuild/secrets/fedora43-base.qcow2,bus=virtio"
    ```

 ### Image Build and Watch One Liner

 ```bash
-composer-cli blueprints push active/software_osbuild/fedora-43-base.toml && \
-composer-cli compose start fedora-43-base qcow2 && \
+composer-cli blueprints push active/software_osbuild/fedora43-base.toml && \
+composer-cli compose start fedora43-base qcow2 && \
 watch composer-cli compose status
 ```