Skip to content

arturasb/my-silverblue

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

202 Commits
.github
.github
 
 
files
files
 
 
modules
modules
 
 
recipes
recipes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cosign.pub
cosign.pub
 
 

Repository files navigation

my-silverblue   bluebuild build badge

NOTE - the project is put on hold until systemd-homed issues are resolved upstream.

The purpose of this custom OS image is to provide relevant settings and apps for personalized OS setup. Customizations are necessary to make libvirt, virt-manager and systemd-homed functional OOTB. Current goals are:

  1. Add systemd-homed managed user home for better portability and security.
    1. Install needed Flatpak apps to --user space in oder to contain apps with settings in user's home.
    2. Setting proper SELinux contexts to systemd-homed is required as a workaround. Also setting authselect with systemd-homed. There is a good instruction to this situation.
  2. Fix membership of the libvirt group, swtpm(for Windows 11 VMs), libvirt, so virt-manager works in the Fedora Atomic Destop-based setup.
    1. Setting proper SELinux contexts to swtpm, creating swtpm-localca in /var/lib and setting proper ownership of the /var/lib/swtpm-localca are required as a workaround.
    2. Adding members of wheel to libvirt group.

    Easier way to get VMs is the GNOME Boxes, but the problem is that flatpak version of Boxes does not suport USB forwarding, e.g., for headset forward to VM.

Some of fixes&workarounds were inspired by/copied from the bluefin project.

Installation

Warning
This is an experimental feature, try at your own discretion.

To rebase an existing atomic Fedora installation to the latest build:

  • First rebase to the unsigned image, to get the proper signing keys and policies installed: 
    rpm-ostree rebase ostree-unverified-registry:ghcr.io/arturasb/my-silverblue:latest
  • Reboot to complete the rebase: 
    systemctl reboot
  • Then rebase to the signed image, like so: 
    rpm-ostree rebase ostree-image-signed:docker://ghcr.io/arturasb/my-silverblue:latest
  • Reboot again to complete the installation 
    systemctl reboot

The latest tag will automatically point to the latest build. That build will still always use the Fedora version specified in recipe.yml, so you won't get accidentally updated to the next major version.

ISO

If build on Fedora Atomic, you can generate an offline ISO with the instructions available here. These ISOs cannot unfortunately be distributed on GitHub for free due to large sizes, so for public projects something else has to be used for hosting.

Verification

These images are signed with Sigstore's cosign. You can verify the signature by downloading the cosign.pub file from this repo and running the following command:

cosign verify --key cosign.pub ghcr.io/arturasb/mysilverblue

About

No description or website provided.

Topics

linux immutable atomic operating-system oci oci-image image-based custom-image bluebuild linux-custom-image bluebuild-image

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages