image_builder checkpoint

active/software_osbuild/fedora43-base.toml

@@ -9,16 +9,11 @@ groups = []
 hostname = "f43-base"
 
 [[customizations.disk.partitions]]
-type = "btrfs"
+type = "plain"
-minsize = "32 GiB"
+label = "root"
-
-[[customizations.disk.partitions.subvolumes]]
-name = "root"
 mountpoint = "/"
-
+fs_type = "ext4"
-[[customizations.disk.partitions.subvolumes]]
+minsize = "128 GiB"
-name = "home"
-mountpoint = "/home"
 
 [customizations.timezone]
 timezone = "America/New_York"
@@ -70,8 +65,8 @@ data = """
 [[customizations.files]]
 path = "/home/ducoterra/.inputrc"
 mode = "0644"
-user = "root"
+user = "ducoterra"
-group = "root"
+group = "ducoterra"
 data = """
 "\\C-h": backward-kill-word
 """

active/software_osbuild/image_builder.md

@@ -33,18 +33,21 @@ sudo usermod -aG weldr $USER
 
 # Optional: cockpit dependency
 dnf install -y cockpit-composer
+
+# Optional: allow security profiles
+dnf install openscap-scanner scap-security-guide
 ```
 
 ## Building Images
 
 1. Create a toml file describing your image
 
-    See `fedora-42-base.toml` for an example.
+    See `fedora42-base.toml` for an example.
 
 2. Push the toml to composer
 
     ```bash
-    composer-cli blueprints push active/software_osbuild/fedora-42-base.toml
+    composer-cli blueprints push active/software_osbuild/fedora42-base.toml
     
     # List blueprints
     composer-cli blueprints list
@@ -57,13 +60,13 @@ dnf install -y cockpit-composer
     composer-cli compose types
 
     # Build the image
-    composer-cli compose start fedora-42-base qcow2
+    composer-cli compose start fedora42-base qcow2
 
     # Check status
     watch composer-cli compose status
 
     # Download logs if error
-    cd /tmp && composer-cli compose logs f91a12b6-01fd-4f94-91cc-9d5fb68b8129
+    cd /tmp && composer-cli compose logs 52963ac9-b680-4def-baaf-252845f0e3fe
 
     # Delete failed images
     composer-cli compose list failed -j | jq '.[].body.failed.[]?.id' | xargs -I '%' composer-cli compose delete '%'
@@ -79,16 +82,25 @@ dnf install -y cockpit-composer
     composer-cli compose list finished
 
     # Download the image
-    composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-base.qcow2 image-uuid
+    composer-cli compose image --filename active/software_osbuild/secrets/fedora43-base.qcow2 image-uuid
 
     # Test with qemu
-    qemu-kvm --name test-fedora-42-base -m 4096 -hda ~/Downloads/fedora-42-base.qcow2
+    virt-install \
+    --name "fedora43-base" \
+    --boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
+    --cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
+    --ram=8192 \
+    --os-variant=fedora41 \
+    --network bridge:virbr0 \
+    --graphics none \
+    --console pty,target.type=virtio \
+    --import --disk "path=active/software_osbuild/secrets/fedora43-base.qcow2,bus=virtio"
     ```
 
 ### Image Build and Watch One Liner
 
 ```bash
-composer-cli blueprints push active/software_osbuild/fedora-43-base.toml && \
+composer-cli blueprints push active/software_osbuild/fedora43-base.toml && \
-composer-cli compose start fedora-43-base qcow2 && \
+composer-cli compose start fedora43-base qcow2 && \
 watch composer-cli compose status
 ```