Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/travier/fedora-kinoite

Custom Fedora Kinoite images with some overlayed packages
https://github.com/travier/fedora-kinoite

Last synced: about 2 months ago
JSON representation

Custom Fedora Kinoite images with some overlayed packages

Host: GitHub
URL: https://github.com/travier/fedora-kinoite
Owner: travier
License: mit
Created: 2023-11-10T10:48:04.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-11-11T10:13:49.000Z (2 months ago)
Last Synced: 2024-11-29T17:50:56.063Z (about 2 months ago)
Language: Dockerfile
Homepage:
Size: 65.4 KB
Stars: 12
Watchers: 2
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Custom Fedora Kinoite images

This repository hosts Containerfiles and GitHub workflows to create custom
Fedora Kinoite images for my own usage.

The main image (`quay.io/travier/fedora-kinoite:latest`) is based on Fedora
Kinoite with the following packages overlayed:

- libvirtd (libvirt-daemon libvirt-daemon-config-network
libvirt-daemon-driver-interface libvirt-daemon-driver-network
libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret libvirt-daemon-driver-storage-core libvirt-dbus
qemu-kvm)
- vim, zsh

and the following default configuration:

- container policy set to verify those container images and toolbox images

The others images are currently used for testing various in progress changes
for Fedora Kinoite.

## How to use

- Install Fedora Kinoite, update to the latest version and reboot.

- Setup the key to validate container image signatures:

```
# Install public key
$ sudo mkdir /etc/pki/containers
$ curl -O "https://raw.githubusercontent.com/travier/fedora-kinoite/main/quay.io-travier-fedora-kinoite.pub"
$ sudo cp quay.io-travier-fedora-kinoite.pub /etc/pki/containers/
$ sudo restorecon -RFv /etc/pki/containers

# Configure registry to get sigstore signatures
$ cat /etc/containers/registries.d/quay.io-travier-fedora-kinoite.yaml
docker:
quay.io/travier/fedora-kinoite:
use-sigstore-attachments: true
$ sudo restorecon -RFv /etc/containers/registries.d/quay.io-travier-fedora-kinoite.yaml

# Setup the policy
$ sudo cp etc/containers/policy.json /etc/containers/policy.json
$ cat /etc/containers/policy.json
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker": {
...
"quay.io/travier/fedora-kinoite": [
{
"type": "sigstoreSigned",
"keyPath": "/etc/pki/containers/quay.io-travier-fedora-kinoite.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
],
...
"": [
{
"type": "insecureAcceptAnything"
}
]
},
...
}
}
```

- Then rebase to this image:

```
$ rpm-ostree rebase ostree-image-signed:registry:quay.io/travier/fedora-kinoite:latest
```

Then update normally using `rpm-ostree update` or Discover.

## Important notes

- The base images are not yet official Fedora images. The location will change.
- The images are only available for x86_64 for now.

## License

See [LICENSE](LICENSE) or [CC0](https://creativecommons.org/public-domain/cc0/).