morgan
/
isogenerator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: morgan:main
Branches Tags
morgan:main
morgan:1.0.9
morgan:1.0.8
morgan:1.0.7
morgan:1.0.6
morgan:1.0.5
morgan:1.0.4
morgan:1.0.3
morgan:1.0.2
morgan:1.0.1
morgan:1.0.0
..
compare: morgan:1.0.7
Branches Tags
morgan:main
morgan:1.0.9
morgan:1.0.8
morgan:1.0.7
morgan:1.0.6
morgan:1.0.5
morgan:1.0.4
morgan:1.0.3
morgan:1.0.2
morgan:1.0.1
morgan:1.0.0

No commits in common. "main" and "1.0.7" have entirely different histories.
main ... 1.0.7

12 changed files with 81 additions and 312 deletions
Show Stats Expand all files Collapse all files

5
.dockerignore
View File

@ -1,5 +0,0 @@
.devcontainer
.git*
*.md
action.yml
LICENSE

2
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1,2 @@
# Default owner of code within this repo
* @JasonN3

153
.github/workflows/build-container-image.yml vendored
View File

@ -1,21 +1,13 @@
--- ---
name: Build Container Image name: Build Container Image
on: on:
merge_group:
pull_request: pull_request:
branches: branches:
- main - main
paths-ignore:
- '*.md'
- 'LICENSE'
- 'CODEOWNERS'
push: push:
branches: branches:
- main - main
workflow_dispatch: workflow_dispatch:
env:
IMAGE_NAME: "isogenerator"
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
jobs: jobs:
push-image: push-image:
@ -33,144 +25,17 @@ jobs:
- 40 - 40
include: include:
- version: 39 - version: 39
is_latest_version: true support: latest
is_stable_version: true
steps: steps:
# Checkout push-to-registry action GitHub repository - name: Build image
- name: Checkout Push to Registry action uses: ublue-os/build-action@1.0.1
uses: actions/checkout@v4
- name: Generate tags
id: generate-tags
shell: bash
run: |
# Generate a timestamp for creating an image version history
TIMESTAMP="$(date +%Y%m%d)"
VARIANT="${{ matrix.version }}"
COMMIT_TAGS=()
BUILD_TAGS=()
# Have tags for tracking builds during pull request
SHA_SHORT="${GITHUB_SHA::7}"
COMMIT_TAGS+=("pr-${{ github.event.number }}-${VARIANT}")
COMMIT_TAGS+=("${SHA_SHORT}-${VARIANT}")
if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \
[[ "${{ matrix.is_stable_version }}" == "true" ]]; then
COMMIT_TAGS+=("pr-${{ github.event.number }}")
COMMIT_TAGS+=("${SHA_SHORT}")
fi
BUILD_TAGS=("${VARIANT}")
# Append matching timestamp tags to keep a version history
for TAG in "${BUILD_TAGS[@]}"; do
BUILD_TAGS+=("${TAG}-${TIMESTAMP}")
done
if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \
[[ "${{ matrix.is_stable_version }}" == "true" ]]; then
BUILD_TAGS+=("${TIMESTAMP}")
BUILD_TAGS+=("latest")
fi
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "Generated the following commit tags: "
for TAG in "${COMMIT_TAGS[@]}"; do
echo "${TAG}"
done
alias_tags=("${COMMIT_TAGS[@]}")
else
alias_tags=("${BUILD_TAGS[@]}")
fi
echo "Generated the following build tags: "
for TAG in "${BUILD_TAGS[@]}"; do
echo "${TAG}"
done
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
- name: Get current version
id: labels
run: |
ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.version }} | jq -r '.Labels["org.opencontainers.image.version"]')
echo "VERSION=$ver" >> $GITHUB_OUTPUT
# Build metadata
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta
with: with:
images: | image_name: isogenerator
${{ env.IMAGE_NAME }} image_variant: main
version: ${{ matrix.version }}
labels: | support: ${{ matrix.support }}
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md signing_key: ${{ secrets.SIGNING_SECRET }}
org.opencontainers.image.description=Used to generate ISO installers for OCI containers continue-on-error: false
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }}
# Build image using Buildah action
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
# Postfix image name with -custom to make it a little more descriptive
# Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
image: ${{ env.IMAGE_NAME }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
build-args: |
VERSION=${{ matrix.version }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REGISTRY }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Push the image to GHCR (Image Registry)
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
# Sign container
- uses: sigstore/cosign-installer@v3.4.0
if: github.event_name != 'pull_request'
- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
check: check:
name: Check build successful name: Check build successful

37
.github/workflows/test-iso.yml vendored
View File

@ -10,41 +10,28 @@ on:
- '*.md' - '*.md'
- 'LICENSE' - 'LICENSE'
- 'CODEOWNERS' - 'CODEOWNERS'
workflow_dispatch:
jobs: jobs:
build-and-push-iso: build-and-push-iso:
name: Build ISO name: Build ISO
runs-on: self-hosted runs-on: ubuntu-latest
container: container:
image: fedora:39 image: fedora:39
options: "--privileged" options: "--privileged"
volumes:
- "/:/host"
permissions: permissions:
contents: read contents: read
packages: write packages: write
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
version: [38, 39] version:
boot: [secureboot, insecure] - 38
include: - 39
- boot: secureboot
SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
ENROLLMENT_PASSWORD: 'ublue-os'
SECURE_BOOT_STRING: '-secure'
- boot: insecure
SECURE_BOOT_KEY_URL: ''
ENROLLMENT_PASSWORD: ''
SECURE_BOOT_STRING: ''
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Build ISO - name: Build ISO
id: build-iso
uses: ./ uses: ./
with: with:
ARCH: 'x86_64' ARCH: 'x86_64'
@ -52,20 +39,8 @@ jobs:
IMAGE_REPO: 'ghcr.io/ublue-os' IMAGE_REPO: 'ghcr.io/ublue-os'
VARIANT: 'Kinoite' VARIANT: 'Kinoite'
VERSION: ${{ matrix.version }} VERSION: ${{ matrix.version }}
SECURE_BOOT_KEY_URL: ${{ matrix.SECURE_BOOT_KEY_URL }} ACTION_REPO: ${{ github.repository }}
ENROLLMENT_PASSWORD: ${{ matrix.ENROLLMENT_PASSWORD }} ACTION_REF: ${{ github.ref }}
- name: Upload ISO as artifact
uses: actions/upload-artifact@v4
with:
name: base-main-${{ matrix.version }}${{ matrix.SECURE_BOOT_STRING }}.iso
path: |
${{ steps.build-iso.outputs.iso-path }}
${{ steps.build-iso.outputs.checksum-path }}
if-no-files-found: error
retention-days: 0
compression-level: 0
overwrite: true
check: check:
name: Check build successful name: Check build successful

12
Containerfile
View File

@ -4,7 +4,7 @@ ARG VERSION=39
FROM fedora:${VERSION} FROM fedora:${VERSION}
# Set version for the environment variables in the container. # Set version for the environment variables in the container.
ARG VERSION=${VERSION} ARG VERSION=39
ENV ARCH="x86_64" ENV ARCH="x86_64"
ENV IMAGE_NAME="base-main" ENV IMAGE_NAME="base-main"
@ -13,16 +13,12 @@ ENV IMAGE_TAG="${VERSION}"
ENV VARIANT="Kinoite" ENV VARIANT="Kinoite"
ENV VERSION="${VERSION}" ENV VERSION="${VERSION}"
ENV WEB_UI="false" ENV WEB_UI="false"
ENV SECURE_BOOT_KEY_URL=""
ENV ENROLLMENT_PASSWORD="ublue-os"
COPY ./ /isogenerator COPY / /isogenerator
WORKDIR /isogenerator WORKDIR /isogenerator
RUN dnf install -y make && \ RUN dnf install -y make && make install-deps
make install-deps && \
dnf clean all
VOLUME /isogenerator/output VOLUME /isogenerator/output
ENTRYPOINT /isogenerator/entrypoint.sh ENTRYPOINT ["sh", "-c", "make output/${IMAGE_NAME}-${IMAGE_TAG}.iso ARCH=${ARCH} VERSION=${VERSION} IMAGE_REPO=${IMAGE_REPO} IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} VARIANT=${VARIANT} WEB_UI=${WEB_UI}"]

22
Makefile
View File

@ -8,8 +8,6 @@ IMAGE_TAG = $(VERSION)
EXTRA_BOOT_PARAMS = EXTRA_BOOT_PARAMS =
VARIANT = Kinoite VARIANT = Kinoite
WEB_UI = false WEB_UI = false
ENROLLMENT_PASSWORD = ublue-os
SECURE_BOOT_KEY_URL =
# Generated vars # Generated vars
## Formatting = _UPPERCASE ## Formatting = _UPPERCASE
@ -37,7 +35,6 @@ $(IMAGE_NAME)-$(IMAGE_TAG).iso: output/$(IMAGE_NAME)-$(IMAGE_TAG).iso
output/$(IMAGE_NAME)-$(IMAGE_TAG).iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt output/$(IMAGE_NAME)-$(IMAGE_TAG).iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt
mkdir $(_BASE_DIR)/output || true mkdir $(_BASE_DIR)/output || true
xorriso -dialog on < $(_BASE_DIR)/xorriso/input.txt xorriso -dialog on < $(_BASE_DIR)/xorriso/input.txt
implantisomd5 $(_BASE_DIR)/output/$(IMAGE_NAME)-$(IMAGE_TAG).iso
# Step 1: Generate Lorax Templates # Step 1: Generate Lorax Templates
lorax_templates/%.tmpl: lorax_templates/%.tmpl.in lorax_templates/%.tmpl: lorax_templates/%.tmpl.in
@ -51,16 +48,11 @@ lorax_templates/%.tmpl: lorax_templates/%.tmpl.in
# Step 2: Build boot.iso using Lorax # Step 2: Build boot.iso using Lorax
boot.iso: lorax_templates/set_installer.tmpl lorax_templates/configure_upgrades.tmpl boot.iso: lorax_templates/set_installer.tmpl lorax_templates/configure_upgrades.tmpl
rm -Rf $(_BASE_DIR)/results || true rm -Rf $(_BASE_DIR)/results
rm /etc/rpm/macros.image-language-conf || true
# Set the enrollment password # Remove the "Test this media & install" menu entry
sed 's/@ENROLLMENT_PASSWORD@/$(ENROLLMENT_PASSWORD)/' $(_BASE_DIR)/scripts/enroll-secureboot-key.sh.in > $(_BASE_DIR)/scripts/enroll-secureboot-key.sh sed -i '/menuentry '\''Test this media & install @PRODUCT@ @VERSION@'\'' --class fedora --class gnu-linux --class gnu --class os {/,/}/d' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg
sed -i '/menuentry '\''Test this media & install @PRODUCT@ @VERSION@'\'' --class fedora --class gnu-linux --class gnu --class os {/,/}/d' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg
# Download the secure boot key
if [ -n "$(SECURE_BOOT_KEY_URL)" ]; then\
curl --fail -L -o $(_BASE_DIR)/sb_pubkey.der $(SECURE_BOOT_KEY_URL);\
fi
# Set the default menu entry to the first one # Set the default menu entry to the first one
sed -i 's/set default="1"/set default="0"/' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg sed -i 's/set default="1"/set default="0"/' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg
@ -70,16 +62,12 @@ boot.iso: lorax_templates/set_installer.tmpl lorax_templates/configure_upgrades.
sed -i 's/linux @KERNELPATH@ @ROOT@ quiet/linux @KERNELPATH@ @ROOT@ quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg sed -i 's/linux @KERNELPATH@ @ROOT@ quiet/linux @KERNELPATH@ @ROOT@ quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg
sed -i 's/linuxefi @KERNELPATH@ @ROOT@ quiet/linuxefi @KERNELPATH@ @ROOT@ quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg sed -i 's/linuxefi @KERNELPATH@ @ROOT@ quiet/linuxefi @KERNELPATH@ @ROOT@ quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg
sed -i 's/linux @KERNELPATH@ @ROOT@ rd.live.check quiet/linux @KERNELPATH@ @ROOT@ rd.live.check quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg
sed -i 's/linuxefi @KERNELPATH@ @ROOT@ rd.live.check quiet/linuxefi @KERNELPATH@ @ROOT@ rd.live.check quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg
sed -i 's/linux @KERNELPATH@ @ROOT@ nomodeset quiet/linux @KERNELPATH@ @ROOT@ nomodeset quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg sed -i 's/linux @KERNELPATH@ @ROOT@ nomodeset quiet/linux @KERNELPATH@ @ROOT@ nomodeset quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg
sed -i 's/linuxefi @KERNELPATH@ @ROOT@ nomodeset quiet/linuxefi @KERNELPATH@ @ROOT@ nomodeset quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg sed -i 's/linuxefi @KERNELPATH@ @ROOT@ nomodeset quiet/linuxefi @KERNELPATH@ @ROOT@ nomodeset quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg
sed -i 's/linux @KERNELPATH@ @ROOT@ inst.rescue quiet/linux @KERNELPATH@ @ROOT@ inst.rescue quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg sed -i 's/linux @KERNELPATH@ @ROOT@ inst.rescue quiet/linux @KERNELPATH@ @ROOT@ inst.rescue quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-bios.cfg
sed -i 's/linuxefi @KERNELPATH@ @ROOT@ inst.rescue quiet/linuxefi @KERNELPATH@ @ROOT@ inst.rescue quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg sed -i 's/linuxefi @KERNELPATH@ @ROOT@ inst.rescue quiet/linuxefi @KERNELPATH@ @ROOT@ inst.rescue quiet $(EXTRA_BOOT_PARAMS)/g' /usr/share/lorax/templates.d/99-generic/config_files/x86/grub2-efi.cfg
# Build boot.iso
lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \
--isfinal --buildarch=$(ARCH) --volid=$(_VOLID) \ --isfinal --buildarch=$(ARCH) --volid=$(_VOLID) \
$(_LORAX_ARGS) \ $(_LORAX_ARGS) \
@ -99,7 +87,7 @@ container/$(IMAGE_NAME)-$(IMAGE_TAG):
podman rmi $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) podman rmi $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)
install-deps: install-deps:
dnf install -y lorax xorriso podman git dnf install -y lorax xorriso podman git rpm-ostree
# Step 4: Generate xorriso script # Step 4: Generate xorriso script
xorriso/%.sh: xorriso/%.sh.in xorriso/%.sh: xorriso/%.sh.in

58
README.md
View File

@ -16,58 +16,32 @@ This will create an ISO with the baked in defaults of the container image.
See [Customizing](#customizing) for information about customizing the image that gets created. The variable can either be defined as environment variables or as command arguments. See [Customizing](#customizing) for information about customizing the image that gets created. The variable can either be defined as environment variables or as command arguments.
Examples: Examples:
Creating Universal Blue Silverblue ISO Creating Bluefin GTS ISO
```bash ```bash
docker run --rm --privileged --volume .:/isogenerator/output -e VERSION=39 -e IMAGE_NAME=silverblue-main -e IMAGE_TAG=latest -e VARIANT=Silverblue ghcr.io/ublue-os/isogenerator:39 docker run --rm --privileged --volume .:/isogenerator/output -e VERSION=38 -e IMAGE_NAME=bluefin -e IMAGE_TAG=gts -e VARIANT=Silverblue ghcr.io/ublue-os/isogenerator:38
```
```bash
# Requires sudo to run
sudo podman run --rm --privileged --volume .:/isogenerator/output -e VERSION=39 -e IMAGE_NAME=silverblue-main -e IMAGE_TAG=latest -e VARIANT=Silverblue ghcr.io/ublue-os/isogenerator:39
``` ```
Creating Universal Blue Kinoite ISO Creating Bazzite Latest ISO
```bash ```bash
docker run --rm --privileged --volume .:/isogenerator/output -e VERSION=39 -e IMAGE_NAME=kinoite-main -e IMAGE_TAG=latest -e VARIANT=Kinoite ghcr.io/ublue-os/isogenerator:39 docker run --rm --privileged --volume .:/isogenerator/output -e VERSION=39 -e IMAGE_NAME=bazzite -e IMAGE_TAG=latest -e VARIANT=Kinoite ghcr.io/ublue-os/isogenerator:39
```
```bash
# Requires sudo to run
sudo podman run --rm --privileged --volume .:/isogenerator/output -e VERSION=39 -e IMAGE_NAME=kinoite-main -e IMAGE_TAG=latest -e VARIANT=Kinoite ghcr.io/ublue-os/isogenerator:39
``` ```
## Customizing ## Customizing
### Inputs
The following variables can be used to customize the create image. The following variables can be used to customize the create image.
| Variable | Description | Default Value | | Variable | Description | Default Value |
| ----------------- | ------------------------------------------------------------ | ---------------------- | | ----------------- | -------------------------------------------------------- | ---------------------- |
| ARCH | Architecture for image to build | x86_64 | | ARCH | Architecture for image to build | x86_64 |
| VERSION | Fedora version of installer to build | 39 | | VERSION | Fedora version of installer to build | 39 |
| IMAGE_REPO | Repository containing the source container image | ghcr.io/ublue-os | | IMAGE_REPO | Repository containing the source container image | ghcr.io/ublue-os |
| IMAGE_NAME | Name of the source container image | base-main | | IMAGE_NAME | Name of the source container image | base-main |
| IMAGE_TAG | Tag of the source container image | *VERSION* | | IMAGE_TAG | Tag of the source container image | *VERSION* |
| EXTRA_BOOT_PARAMS | Extra params used by grub to boot the anaconda installer | \[empty\] | | EXTRA_BOOT_PARAMS | Extra params used by grub to boot the anaconda installer | \[empty\] |
| VARIANT | Source container variant\* | Kinoite | | VARIANT | Source container variant\* | Kinoite |
| WEB_UI | Enable Anaconda WebUI (experimental) | false | | WEB_UI | Enable Anaconda WebUI (experimental) | false |
| ENROLLMENT_PASSWORD | Password used to enroll secure boot key into BIOS\*\* | isogenerator |
| SECURE_BOOT_KEY_URL | URL used to download your secure boot key for enrollment\*\* | \[empty\] |
\*Available options for VARIANT can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite Available options for VARIANT can be found by running `dnf provides system-release`.
Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite
\*\*NOTE: ENROLLMENT_PASSWORD and SECURE_BOOT_KEY_URL are not required. They are only required if you are creating specific kernel modules or if you are using Universal Blue Kernel Modules.
Our public key for our kmods is located here: https://github.com/ublue-os/akmods/raw/main/certs/public_key.der
### Outputs
This action outputs some useful values for you to use further on in your workflow.
| Output | Description |
| ------ | ----------- |
| output-directory | The directory containing ISO and checksum files |
| iso-path | The full path to the ISO file |
| checksum-path | The full path to the checksum file |
## VSCode Dev Container ## VSCode Dev Container
There is a dev container configuration provided for development. By default it will use the existing container image available at `ghcr.io/ublue-os/isogenerator`, however, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode. There is a dev container configuration provided for development. By default it will use the existing container image available at `ghcr.io/ublue-os/isogenerator`, however, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode.

53
action.yml
View File

@ -32,27 +32,14 @@ inputs:
description: Enable Anaconda WebUI description: Enable Anaconda WebUI
required: true required: true
default: "false" default: "false"
ENROLLMENT_PASSWORD:
description: Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined)
required: false
default: "ublue-os"
SECURE_BOOT_KEY_URL:
description: Secure boot key that is installed from URL location
required: false
ACTION_REPO: ACTION_REPO:
deprecationMessage: This variable is no longer used and will be removed in a future version description: Repository with the build action
required: false required: false
default: ${{ github.repository }}
ACTION_REF: ACTION_REF:
deprecationMessage: This variable is no longer used and will be removed in a future version description: Repository ref for the build action
required: false required: false
default: ${{ github.ref }}
outputs:
output-directory:
value: ${{ steps.final.outputs.OUTPUT_DIR }}
iso-path:
value: ${{ steps.final.outputs.ISO_PATH }}
checksum-path:
value: ${{ steps.final.outputs.CHECKSUM_PATH }}
runs: runs:
using: composite using: composite
@ -76,13 +63,19 @@ runs:
echo "Host must be mounted as /host in order to make more space" echo "Host must be mounted as /host in order to make more space"
fi fi
- name: Install Make - name: Install make and git
shell: bash shell: bash
run: dnf install -y make run: dnf install -y make git
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.ACTION_REPO }}
ref: ${{ inputs.ACTION_REF }}
submodules: recursive
- name: Install dependencies - name: Install dependencies
shell: bash shell: bash
working-directory: ${{ github.action_path }}
run: make install-deps run: make install-deps
- name: Lowercase Registry - name: Lowercase Registry
@ -93,7 +86,6 @@ runs:
- name: Download image - name: Download image
shell: bash shell: bash
working-directory: ${{ github.action_path }}
run: | run: |
make container/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }} \ make container/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }} \
ARCH=${{ inputs.ARCH }} \ ARCH=${{ inputs.ARCH }} \
@ -106,7 +98,6 @@ runs:
- name: Create boot.iso - name: Create boot.iso
shell: bash shell: bash
working-directory: ${{ github.action_path }}
run: | run: |
make boot.iso \ make boot.iso \
ARCH=${{ inputs.ARCH }} \ ARCH=${{ inputs.ARCH }} \
@ -116,14 +107,10 @@ runs:
VARIANT=${{ inputs.VARIANT }} \ VARIANT=${{ inputs.VARIANT }} \
VERSION=${{ inputs.VERSION }} \ VERSION=${{ inputs.VERSION }} \
WEB_UI=${{ inputs.WEB_UI }} \ WEB_UI=${{ inputs.WEB_UI }} \
EXTRA_BOOT_PARAMS=${{ inputs.EXTRA_BOOT_PARAMS }} \ EXTRA_BOOT_PARAMS=${{ inputs.EXTRA_BOOT_PARAMS }}
SECURE_BOOT_KEY_URL=${{ inputs.SECURE_BOOT_KEY_URL }} \
ENROLLMENT_PASSWORD=${{ inputs.ENROLLMENT_PASSWORD }}
- name: Create deploy.iso and generate sha256 checksum - name: Create deploy.iso and generate sha256 checksum
shell: bash shell: bash
id: final
working-directory: ${{ github.action_path }}
run: | run: |
make ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso \ make ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso \
ARCH=${{ inputs.ARCH }} \ ARCH=${{ inputs.ARCH }} \
@ -137,6 +124,12 @@ runs:
sha256sum ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso > ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM sha256sum ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso > ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM
mv ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso end_iso/ mv ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso end_iso/
echo "OUTPUT_DIR=$(realpath ./end_iso)" >> $GITHUB_OUTPUT - name: Upload ISO as artifact
echo "ISO_PATH=$(realpath ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso)" >> $GITHUB_OUTPUT uses: actions/upload-artifact@v4
echo "CHECKSUM_PATH=$(realpath ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM)" >> $GITHUB_OUTPUT with:
name: ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso
path: end_iso/*
if-no-files-found: error
retention-days: 0
compression-level: 0
overwrite: true

17
entrypoint.sh
View File

@ -1,17 +0,0 @@
#!/bin/bash
set -eu
# pre-create loop devices manually. In containers we can't use losetup for that.
mknod -m 0660 /dev/loop0 b 7 0 2>/dev/null || true
make output/${IMAGE_NAME}-${IMAGE_TAG}.iso \
ARCH=${ARCH} \
VERSION=${VERSION} \
IMAGE_REPO=${IMAGE_REPO} \
IMAGE_NAME=${IMAGE_NAME} \
IMAGE_TAG=${IMAGE_TAG} \
VARIANT=${VARIANT} \
WEB_UI=${WEB_UI} \
SECURE_BOOT_KEY_URL=${SECURE_BOOT_KEY_URL} \
ENROLLMENT_PASSWORD=${ENROLLMENT_PASSWORD}

24
scripts/enroll-secureboot-key.sh.in → scripts/enroll-secureboot-key.sh
View File

@ -2,18 +2,8 @@
set -oue pipefail set -oue pipefail
readonly ENROLLMENT_PASSWORD=@ENROLLMENT_PASSWORD@ readonly SECUREBOOT_KEY="/run/install/repo/ublue-os-akmods-public-key.der"
readonly SECUREBOOT_KEY="/run/install/repo/sb_pubkey.der" readonly ENROLLMENT_PASSWORD="ublue-os"
if [[ ! -d "/sys/firmware/efi" ]]; then
echo "EFI mode not detected. Skipping key enrollment."
exit 0
fi
if [[ ! -f "${SECUREBOOT_KEY}" ]]; then
echo "Secure boot key not provided: ${SECUREBOOT_KEY}"
exit 0
fi
SYS_ID="$(cat /sys/devices/virtual/dmi/id/product_name)" SYS_ID="$(cat /sys/devices/virtual/dmi/id/product_name)"
if [[ ":Jupiter:Galileo:" =~ ":$SYS_ID:" ]]; then if [[ ":Jupiter:Galileo:" =~ ":$SYS_ID:" ]]; then
@ -21,5 +11,15 @@ if [[ ":Jupiter:Galileo:" =~ ":$SYS_ID:" ]]; then
exit 0 exit 0
fi fi
if [[ ! -d "/sys/firmware/efi" ]]; then
echo "EFI mode not detected. Skipping key enrollment."
exit 0
fi
if [[ ! -f "${SECUREBOOT_KEY}" ]]; then
echo "Secure boot key not found: ${SECUREBOOT_KEY}"
exit 1
fi
mokutil --timeout -1 || : mokutil --timeout -1 || :
echo -e "${ENROLLMENT_PASSWORD}\n${ENROLLMENT_PASSWORD}" | mokutil --import "${SECUREBOOT_KEY}" || : echo -e "${ENROLLMENT_PASSWORD}\n${ENROLLMENT_PASSWORD}" | mokutil --import "${SECUREBOOT_KEY}" || :

BIN
scripts/ublue-os-akmods-public-key.der Normal file
View File

Binary file not shown.

6
xorriso/gen_input.sh.in
View File

@ -5,10 +5,8 @@ echo "-outdev $(pwd)/output/@IMAGE_NAME@-@IMAGE_TAG@.iso"
echo "-boot_image any replay" echo "-boot_image any replay"
echo "-joliet on" echo "-joliet on"
echo "-compliance joliet_long_names" echo "-compliance joliet_long_names"
if [ -f $(pwd)/sb_pubkey.der ]; then echo "-map $(pwd)/scripts/ublue-os-akmods-public-key.der ublue-os-akmods-public-key.der"
echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der" echo "-chmod 0444 /ublue-os-akmods-public-key.der"
echo "-chmod 0444 /sb_pubkey.der"
fi
echo "-map $(pwd)/scripts/enroll-secureboot-key.sh enroll-secureboot-key.sh" echo "-map $(pwd)/scripts/enroll-secureboot-key.sh enroll-secureboot-key.sh"
echo "-chmod 0777 enroll-secureboot-key.sh" echo "-chmod 0777 enroll-secureboot-key.sh"
cd container cd container