{"id":13473666,"url":"https://github.com/canonical/subiquity","last_synced_at":"2025-12-14T13:43:16.275Z","repository":{"id":33449823,"uuid":"37095216","full_name":"canonical/subiquity","owner":"canonical","description":"Ubuntu Server Installer, and backend for Ubuntu Desktop Installer","archived":false,"fork":false,"pushed_at":"2025-12-12T17:01:53.000Z","size":14242,"stargazers_count":542,"open_issues_count":49,"forks_count":190,"subscribers_count":43,"default_branch":"main","last_synced_at":"2025-12-14T07:57:47.704Z","etag":null,"topics":["consoleconf","firstboot","installer","ubuntu","ubuntu-core","ubuntu-server"],"latest_commit_sha":null,"homepage":"https://canonical-subiquity.readthedocs-hosted.com/en/latest/","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/canonical.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-06-08T21:57:45.000Z","updated_at":"2025-12-12T17:01:58.000Z","dependencies_parsed_at":"2023-10-23T19:25:13.332Z","dependency_job_id":"f548d66b-acbe-4148-8dee-b50920e23c7e","html_url":"https://github.com/canonical/subiquity","commit_stats":{"total_commits":4373,"total_committers":61,"mean_commits":71.68852459016394,"dds":0.4596386919734736,"last_synced_commit":"2fc55b43631e85c22580d7416994e6d724a4a38e"},"previous_names":["canonicalltd/subiquity"],"tags_count":100,"template":false,"template_full_name":null,"purl":"pkg:github/canonical/subiquity","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fsubiquity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fsubiquity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fsubiquity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fsubiquity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/canonical","download_url":"https://codeload.github.com/canonical/subiquity/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Fsubiquity/sbom","scorecard":{"id":264635,"data":{"date":"2025-08-11","repo":{"name":"github.com/canonical/subiquity","commit":"7ab87892f6e9543f28345920493db31889732f4a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.9,"checks":[{"name":"Code-Review","score":9,"reason":"Found 11/12 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/automatic-doc-checks.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Warn: no topLevel permission defined: .github/workflows/cla-check.yaml:1","Warn: no topLevel permission defined: .github/workflows/snap.yaml:1","Warn: no topLevel permission defined: .github/workflows/tics.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/automatic-doc-checks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/automatic-doc-checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cla-check.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/cla-check.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snap.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/snap.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snap.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/snap.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tics.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/tics.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tics.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/canonical/subiquity/tics.yaml/main?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(ubuntu/kinetic): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T11:40:10.209Z","repository_id":33449823,"created_at":"2025-08-17T11:40:10.209Z","updated_at":"2025-08-17T11:40:10.209Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27729153,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-14T02:00:11.348Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["consoleconf","firstboot","installer","ubuntu","ubuntu-core","ubuntu-server"],"created_at":"2024-07-31T16:01:05.809Z","updated_at":"2025-12-14T13:43:16.231Z","avatar_url":"https://github.com/canonical.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# subiquity \u0026 console-conf\n\u003e Ubuntu Server Installer \u0026 Snappy first boot experience\n\nThe repository contains the source for the new server installer (the\n\"subiquity\" part, aka \"ubiquity for servers\") and for the snappy first\nboot experience (the \"console-conf\" part).\n\nWe track bugs in Launchpad at\nhttps://bugs.launchpad.net/subiquity. Snappy first boot issues can\nalso be discussed in the forum at https://forum.snapcraft.io.\n\nOur localization platform is Launchpad, translations are managed at\nhttps://translations.launchpad.net/ubuntu/+source/subiquity/\n\nTo update translation template in launchpad:\n * update po/POTFILES.in with any new files that contain translations\n * execute clean target, i.e. $ debuild -S\n * dput subiquity into Ubuntu\n\nTo export and update translations in subiquity:\n * Wait for new subiquity to publish\n * Request fresh translation export from Launchpad at\nhttps://translations.launchpad.net/ubuntu/focal/+source/subiquity/+export\n * wait for export to generate\n * download, unpack, rename .po files into po directory, and commit changes\n\n# Acquire subiquity from source\n\n`git clone https://github.com/canonical/subiquity`\n\n`cd subiquity \u0026\u0026 make install_deps`\n\n# Testing out the installer Text-UI (TUI)\nSubiquity's text UI is available for testing without actually installing\nanything to a system or a VM.  Subiquity developers make use of this for rapid\ndevelopment.  After checking out subiquity you can start it:\n\n`make dryrun`\n\nAll of the features are present in dry-run mode.  The installer will emit its\nbackend configuration files to /tmp/subiquity-config-\\* but it won't attempt to\nrun any installer commands (which would fail without root privileges).  Further,\nsubiquity can load other machine profiles in case you want to test out the\ninstaller without having access to the machine.  A few sample machine\nprofiles are available in the repository at ./examples/machines and\ncan be loaded via the MACHINE make variable:\n\n`make dryrun MACHINE=examples/machines/simple.json`\n\n# Generating machine profiles\nMachine profiles are generated from the probert tool.  To collect a machine profile:\n\n`PYTHONPATH=probert ./probert/bin/probert --all \u003e mymachine.json`\n\n# Testing changes in KVM\n\nTo try out your changes for real, it is necessary to install them into\nan ISO. Rather than building one from scratch, it's much easier to\ninstall your version of subiquity into the daily image. Here's how to\ndo this:\n\n## Commit your changes locally\n\nIf you are only making a change in Subiquity itself, running `git add \u003cmodified-file...\u003e`\nand then `git commit` should be enough.\n\nOtherwise, if you made any modification to curtin or probert, you need to ensure that:\n\n* The modification is committed inside the relevant repository (i.e., `git add` + `git commit`).\n* The relevant `source` property in snapcraft.yaml points to the local\n  repository instead of the upstream repository.\n* The relevant `source-commit` property in snapcraft.yaml is updated to reflect\n  your new revision (one must use the full SHA-1 here).\n* The above modifications to snapcraft.yaml are committed.\n\nExample:\n```\nparts:\n  curtin:\n    plugin: nil\n\n    # Comment out the original source property, pointing to the upstream repository\n    #source: https://git.launchpad.net/curtin\n    # Instead, specify the name of the directory where curtin is checked out\n    source: curtin\n    source-type: git\n    # Update the below so it points to the commit ID within the curtin repository\n    source-commit: 7c18bf6a24297ed465a341a1f53875b61c878d6b\n```\n\n## Build and inject your changes into an ISO\n\n1. Build your changes into a snap:\n\n   ```\n   $ snapcraft pack --output subiquity_test.snap\n   ```\n\n2. Grab the current version of the installer:\n\n   ```\n   $ urlbase=http://cdimage.ubuntu.com/ubuntu-server/daily-live/current\n   $ isoname=$(distro-info -d)-live-server-$(dpkg --print-architecture).iso\n   $ zsync ${urlbase}/${isoname}.zsync\n   ```\n\n3. Run the provided script to make a copy of the downloaded installer\n   that has your version of subiquity:\n\n   ```\n   $ sudo ./scripts/inject-subiquity-snap.sh ${isoname} subiquity_test.snap custom.iso\n   ```\n\n4. Boot the new iso in KVM:\n\n   ```\n   $ qemu-img create -f raw target.img 10G\n   $ kvm -m 1024 -boot d -cdrom custom.iso -hda target.img -serial stdio\n   ```\n\n5. Finally, boot the installed image:\n\n   ```\n   $ kvm -m 1024 -hda target.img -serial stdio\n   ```\n\nThe first three steps are bundled into the script ./scripts/test-this-branch.sh.\n\n# Contributing\n\nPlease see our [contributing guidelines](CONTRIBUTING.md).\n\n# Documentation\n\nSubiquity's documentation is hosted at\n[https://canonical-subiquity.readthedocs-hosted.com/en/latest/](https://canonical-subiquity.readthedocs-hosted.com/en/latest/).\n\nThe documentation source can be found in the [doc/](doc/) folder, which\ncontains instructions for building a local preview.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcanonical%2Fsubiquity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcanonical%2Fsubiquity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcanonical%2Fsubiquity/lists"}