locsec/notes
1
Форкнуть 0
зеркало из https://github.com/iharh/notes.git synced 2025-10-29 20:56:06 +02:00
Код Задачи Пакеты Проекты Релизы Вики Активность
notes/os/linux/immutable/atomic/bootc.txt
Ihar Hancharenka 2379647834 m
2025-08-07 17:43:22 +03:00

322 строки
15 KiB
Plaintext
Исходник Ответственный История

https://bootc-dev.github.io/bootc/
https://bootc-dev.github.io/bootc/installation.html
https://bootc-dev.github.io/bootc/bootc-install.html
https://bootc-dev.github.io/bootc/bootc-install.html#using-bootc-install-to-existing-root
!!!
https://bootc-dev.github.io/bootc//bootc-install.html
https://docs.fedoraproject.org/en-US/bootc/podman-bootc-cli/
https://systemd.io/CREDENTIALS/
https://bootc-dev.github.io/bootc/relationships.html
https://containers.github.io/bootable/
https://containers.github.io/bootable/projects.html
https://uapi-group.org/specifications/specs/configuration_files_specification/
https://quay.io/
https://quay.io/tutorial/
https://docs.fedoraproject.org/en-US/bootc/getting-started/
https://docs.fedoraproject.org/en-US/bootc/community/
https://docs.fedoraproject.org/en-US/bootc/authentication/
need
https://github.com/wayblueorg/wayblue
https://docs.fedoraproject.org/en-US/fedora-silverblue/_attachments/silverblue-cheatsheet.pdf
https://www.youtube.com/playlist?list=PLCrlcBRBAaTrFlOfmLW7XCmmAViLGOT7S
https://pretalx.com/devconf-cz-2024/talk/RNDTRV/
https://pretalx.com/devconf-cz-2024/talk/W3AVCT/
https://github.com/uapi-group/specifications/blob/main/specs/unified_kernel_image.md
https://fedoraproject.org/wiki/Changes/SystemdSysusers
https://universal-blue.org/
https://bazzite.gg/
https://getaurora.dev/en
https://projectbluefin.io/
https://github.com/ublue-os/ucore
https://github.com/ublue-os/ucore?tab=readme-ov-file#installation
https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/
!!! need to read this
https://www.heliumos.org/
https://grahamc.com/blog/nix-and-layered-docker-images/
image-mode
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index
https://www.redhat.com/en/blog/image-mode-red-hat-enterprise-linux-quick-start-guide
https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab
https://developers.redhat.com/learn/rhel/rhel-image-mode-kickstart
https://developers.redhat.com/learn/rhel/build-and-run-bootable-container-image-image-mode-rhel-and-podman-desktop
https://developers.redhat.com/articles/2025/beyond-default-bootc-images-scratch
https://developers.redhat.com/articles/2025/how-install-image-mode-system-using-system-reinstall-bootc
https://developers.redhat.com/blog/2025/07/23/shape-future-linux-contribute-bootc-open-source-project
https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux-10/image-mode
https://developers.redhat.com/products/rhel-image-mode/getting-started
https://developers.redhat.com/products/rhel-image-mode/faq
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index
https://www.redhat.com/en/blog/faster-container-image-pulls
2024
HCSCompany - Custom Atomic RHEL met Bootc 0:00 of 31:53
https://www.youtube.com/watch?v=sreYntaY2LY
https://gitlab.com/hcs-company/bootc-example/
fs
https://www.kernel.org/doc/html/next/filesystems/fsverity.html
https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt
fips-mode?
https://manpages.ubuntu.com/manpages/focal/en/man8/fips-mode-setup.8.html
https://manpages.ubuntu.com/manpages/focal/en/man8/fips-finish-install.8.html
https://issues.redhat.com/browse/RHELDOCS-19284
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/security_hardening/switching-rhel-to-fips-mode_security-hardening
misc
https://github.com/opencontainers/image-spec/blob/main/config.md#image-json
https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#ostreecontainer
https://anaconda-installer.readthedocs.io/en/latest/
https://github.com/composefs/composefs
https://podman-desktop.io/
https://podman-desktop.io/docs/intro
https://podman-desktop.io/docs/installation/linux-install
https://podman-desktop.io/docs/proxy
https://www.redhat.com/en/topics/containers/what-is-podman-desktop
https://developers.redhat.com/products/podman-desktop/overview
https://developers.redhat.com/learn/openshift/develop-containers-using-podman-desktop-and-kubernetes
https://developers.redhat.com/learn/rhel/build-your-ai-application-ai-lab-extension-podman-desktop
https://developers.redhat.com/products/podman-desktop/red-hat-extension-pack
https://catalog.redhat.com/en/search?gs=&q=bootc&searchType=containers
https://developers.redhat.com/products/rhel-image-mode/overview?intcmp=7015Y000003ss1hQAA
https://podman-desktop.io/downloads/linux
https://github.com/podman-desktop/podman-desktop/releases/
https://github.com/podman-desktop/podman-desktop/releases/download/v1.20.2/podman-desktop-1.20.2.tar.gz
flatpak install flathub io.podman_desktop.PodmanDesktop
? podmantui
? podmansh
https://github.com/podman-desktop/podman-desktop
https://github.com/podman-desktop/extension-podman-quadlet
https://github.com/podman-desktop/extension-bootc
https://github.com/crc-org/macadam
https://gitlab.com/fedora/bootc
https://github.com/coreos/fedora-coreos-docs
https://docs.fedoraproject.org/en-US/bootc/
https://docs.fedoraproject.org/en-US/bootc/getting-started/
FROM quay.io/fedora/fedora-bootc:40
...
bootc-image-builder (osbuild.org)
? anaconda-iso, raw, qcow2, ami, ...
https://github.com/osbuild/bootc-image-builder?tab=readme-ov-file#-image-types
? podman-bootc
https://docs.fedoraproject.org/en-US/bootc/bare-metal/
+anaconda
https://docs.fedoraproject.org/en-US/bootc/bare-metal/#_generating_a_custom_installer_iso_with_bootc_image_builder
https://docs.fedoraproject.org/en-US/bootc/qemu-and-libvirt/
https://docs.fedoraproject.org/en-US/bootc/authentication/
!!! read from this and further !!!
https://osbuild.org/
https://github.com/osbuild/bootc-image-builder
2025
FedoraProject - Live Coding: Templates with Image Builder 7:00 of 1:08:55
https://www.youtube.com/watch?v=UnXLAs35ov8
https://osbuild.org/docs/bootc/
https://centos.github.io/centos-bootc/
images
https://gitlab.com/fedora/bootc/base-images
https://docs.fedoraproject.org/en-US/bootc/base-images/
auto-update
https://coreos.github.io/zincati/
https://github.com/openshift/cincinnati
FedoraProject - ???
https://www.youtube.com/watch?v=T9aDEF_4vr8
https://www.youtube.com/watch?v=zF7aTCoWoLQ
https://www.youtube.com/watch?v=uNZuYBq5XfI
https://www.youtube.com/watch?v=shLgBytoaIU
rel-party
https://www.youtube.com/watch?v=yu5J2C1xqRs
https://www.youtube.com/watch?v=-5O3p8KCMiw
????
https://docs.google.com/presentation/d/1pP-Gr2kb4TJifbkSCR0WzjoMRGJVxW33z1v1KIKbEnA/edit?slide=id.g35c1d124540_1_3298#slide=id.g35c1d124540_1_3298
2025
DevConf.CZ - Bootable Containers in Action: Hands on with Deploying AI Workloads 13:00 of 34:00
https://www.youtube.com/watch?v=c6roAHAXfU8
https://pretalx.devconf.info/devconf-cz-2025/talk/WMBRWB/
https://github.com/containers/ai-lab-recipes
https://github.com/containers/ai-lab-recipes/tree/main/training
https://github.com/containers/ai-lab-recipes/tree/main/.github/workflows
https://github.com/containers/terraform-test-environment-module
! 7:00 bootable container contains "linux kernel" additionally
! 12:30 RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
! /src/build.sh
! ...
! LABEL container.bootc="1" \
! ostree.bootable="1" \
! ENV container=oci
! 17:30 podman desktop ext - 'bootable containers' - for running VMs
! 20:00 sample of Containerfile
! 27:00 bootc-image-builder
DevConf - Managing Your Laptop with Bootable Containers, Fedora Toolbox, Nix, & Home Manager 0:00 of 33:05
https://www.youtube.com/watch?v=P9XydScZZzs
https://pretalx.devconf.info/devconf-cz-2025/talk/G9JURJ/
https://pretalx.devconf.info/media/devconf-cz-2025/submissions/G9JURJ/resources/Managing_Your_Laptop_with_Bootable_Containe_L5WGS1j.pdf
https://thrix.github.io/nix-toolbox/
https://thrix.github.io/nix-toolbox/getting-started/
https://thrix.github.io/nix-toolbox/getting-started/#__tabbed_1_2
https://thrix.github.io/nix-toolbox/architecture/
https://thrix.github.io/nix-toolbox/examples/
https://github.com/thrix/nix-config
https://github.com/thrix/workstation/blob/main/recipes/recipe.yml
https://blue-build.org/how-to/setup/
https://blue-build.org/learn/getting-started/
https://blue-build.org/learn/universal-blue/#fresh-install-from-an-iso
https://workshop.blue-build.org/
https://github.com/blue-build/template
https://github.com/blue-build/template/blob/main/recipes/recipe.yml
DevConf - Simplify security compliance with bootable containers 0:00 of 36:37
https://www.youtube.com/watch?v=5PWkDvtGzYs
https://pretalx.devconf.info/devconf-cz-2025/talk/PMUPGU/
https://github.com/jan-cerny/devconf-bootc-demo
sudo mkdir output
sudo podman run --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v $(pwd)/config.toml:/config.toml:ro -v $(pwd)/output:/output \
-v /var/lib/containers/storage:/var/lib/containers/storage quay.io/centos-bootc/bootc-image-builder:latest --type qcow2 --local --rootfs xfs localhost/cis:latest
sudo virt-install --name demo_vm --cpu host --vcpus 4 --memory 4096 --import --disk ./output/qcow2/disk.qcow2,format=qcow2 --quiet --autoconsole none --os-variant fedora-eln
DevConf - UKIs and composefs support for Bootable Containers 11:00 of 37:18
https://www.youtube.com/watch?v=D7HqckeHlx8
https://pretalx.devconf.info/devconf-cz-2025/talk/739KGC/
https://pretalx.devconf.info/media/devconf-cz-2025/submissions/739KGC/resources/UKIs-and-composefs-support-for-Bootable-Con_5fcDA6u.pdf
!!!
! 1:00 composefs (/var/composefs) combines
! overlayfs, EROFS and fs-verify (opt)
! https://asciinema.org/~travier
! https://asciinema.org/a/722866
! https://asciinema.org/a/722867
! https://asciinema.org/a/722868
! The utility to manipulate machines owner keys which managed in shim
! dnf/mokutil
! https://wiki.debian.org/SecureBoot
! https://linuxcommandlibrary.com/man/mokutil
! https://commandmasters.com/commands/mokutil-linux/
! https://www.redhat.com/en/blog/secure-boot-systemtap
! ? mokutil --sb-state
! ? mokutil --db
! bootctl (grub2 entries for my case)
2024
FedoraProject - DNF and bootc in Image Mode for Fedora - Fedora 41 Release Party of 14:36
https://www.youtube.com/watch?v=6FAVsMbhfnA
! 0:00 dnf5 is included on image-based/ostree Fedora variants
! rpm-ostree features will start being ported to dnf5
! we sheep bootc on all of Fedora image-based variants
https://fedoraproject.org/wiki/Releases/41/ChangeSet#DNF_and_bootc_in_Image_Mode_Fedora_variants
! 7:30 FROM quay.io/fedora/fedora-coreos:testing
! ... dnf5, dnf5-plugins, virt-install virt-manager virt-viewer
! 10:00 bootc switch ghcr.io/jmarrero/jmarrero-f41-demo:latest
! podman bootc list
! podman bootc sst <hash>
!
FedoraProject - Bootc: Hands on Demo of 12:51
https://www.youtube.com/watch?v=fccox6sGCWA
! podman-bootc run --filesystem=xfs quay.io/vrothberg/build-and-boot:bootc
...
# boots status
staged:
booted:
# bootc update
! podman-bootc list
! podman-bootc ssh <hash>
FedoraProject - Bootc: Getting Started with Bootable Containers of 8:28
https://www.youtube.com/watch?v=bf1xqjLeA9M
FedoraProject - Fedora bootc: GitOps for Noobs of 33:46
https://www.youtube.com/watch?v=5ZN_7NDvavY
DevConf - Keynote: What if you could boot a container? of 34:55
https://www.youtube.com/watch?v=ERVyBc_fElY
https://pretalx.com/devconf-cz-2024/talk/AVSUU3/
https://danwalsh.livejournal.com/
$ podman build -t quay.io/examplecorp/soe:base .
$ podman run –privileged -d quay.io/examplecorp/soe:base
$ podman push quay.io/examplecorp/soe:base
FROM quay.io/examplecorp/soe:base
RUN …
$ podman build -t quay.io/examplecorp/postgres:latest .
$ podman run -d quay.io/examplecorp/postgres:latest
$ podman push quay.io/examplecorp/postgres:latest
...
15:00 var.bootc_image=ghcr.io/cgwalters/bootc-demo:latest podman run --rm \
--privileged \
-v /dev:/dev \
-v /:target \
-v /var/lib/containers:/var/lib/containers \
--pid=host \
--security-opt label=type:unconfined_t \
${var.bootc_image} bootc install to-existing-root
doc: provisioning machines ... on GCP (via OpenTofu)
16:00 we are mounting entire root into container, later - replace ?host? system with a container
18:00 ... WARNING: This operation will OVERWRITE THE BOOTED HOST ROOT FILESYSTEM and is NOT REVERSIBLE.
$ bootc status
21:00
bootc-image-builder - build disk images from container images
raw, iso, qcow2, mac vms, vdmk, hyperv, ami, azure
22:00
with Anaconda
# Basic setup
text
network --bootproto=dhcp --device=link --activate
# Basic partitioning
clearpart --all --initlabel --disklabel=gpt
reqpart --add-boot
part / --grow --fstype xfs
ostree container --url quay.io/exampleos/soe:latest
services --enabled=sshd
# Only inject a SSH key for root
rootpw --iscrypted locked
sshkey --username root "<your-key-here>"
reboot
MichaelHorn - Are Immutable Linux Distros Worth It? of 7:38
https://www.youtube.com/watch?v=TX0f_vyV06k
All Systems Go! - bootc: Generating an ecosystem around bootable OCI containers of 43:36
https://www.youtube.com/watch?v=rCokgSYiVHQ
! 7:00
$ cat Containerfile.cs9
...
RUN systemctl enable ... podman.socket ... custom-first-boot
...
! 9:00 sudo bootc switch registry...asg-bootc:latest-f40
... on qemu ...
https://grahamc.com/blog/nix-and-layered-docker-images/
https://media.ccc.de/v/all-systems-go-2024-266-bootc-generating-an-ecosystem-around-bootable-oci-containers
! ...
! podman run --privileged <yourimage> bootc install to-filesystem ...
! 24:00 !!! components diagram
AllSystemsGo - The road to a trusted and measured boot chain in Bootable Containers 6:00 of 40:35
https://www.youtube.com/watch?v=xQT5IqL0kzc
https://media.ccc.de/v/all-systems-go-2024-309-the-road-to-a-trusted-and-measured-boot-chain-in-bootable-containers
https://cfp.all-systems-go.io/all-systems-go-2024/talk/HVEZQQ/
https://cfp.all-systems-go.io/media/all-systems-go-2024/submissions/HVEZQQ/resources/2024_All_Systems_Go_-_The_road_to_a_tru_c4Y3IoH.pdf
! 2:00 bootc uses ostree underneath
! unpacks the container image files on the disk
! set up the kernel and initramfs
! writes the BLS (bootloader) config
issues
https://github.com/coreos/bootupd/issues/468
https://gitlab.com/fedora/bootc/tracker/-/issues/61
samples
https://github.com/redhat-cop/rhel-bootc-examples
cli
bootc (?podman-bootc)
install
to-disk | to-filesystem
upgrade
--check
rollback
switch
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку