Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/winsdominoes/seal-os

A nice little ublue distro for my liking.
https://github.com/winsdominoes/seal-os

atomic bluebuild bluebuild-image custom-image image-based immutable linux linux-custom-image oci oci-image operating-system

Last synced: 16 days ago
JSON representation

A nice little ublue distro for my liking.

Host: GitHub
URL: https://github.com/winsdominoes/seal-os
Owner: WinsDominoes
License: apache-2.0
Created: 2024-10-23T09:54:17.000Z (22 days ago)
Default Branch: main
Last Pushed: 2024-10-27T07:46:25.000Z (18 days ago)
Last Synced: 2024-10-27T08:27:32.019Z (18 days ago)
Topics: atomic, bluebuild, bluebuild-image, custom-image, image-based, immutable, linux, linux-custom-image, oci, oci-image, operating-system
Language: Makefile
Homepage: https://winscloud.net
Size: 29.3 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

# Seal OS [![bluebuild build badge](https://github.com/winsdominoes/seal-os/actions/workflows/build.yml/badge.svg)](https://github.com/winsdominoes/seal-os/actions/workflows/build.yml)

A nice little ublue based distro for my liking.

## Installation

> **Warning**
> [This is an experimental feature](https://www.fedoraproject.org/wiki/Changes/OstreeNativeContainerStable), try at your own discretion.

To rebase an existing atomic Fedora installation to the latest build:

- First rebase to the unsigned image, to get the proper signing keys and policies installed:
```
rpm-ostree rebase ostree-unverified-registry:ghcr.io/winsdominoes/seal-os:latest
```
- Reboot to complete the rebase:
```
systemctl reboot
```
- Then rebase to the signed image, like so:
```
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/winsdominoes/seal-os:latest
```
- Reboot again to complete the installation
```
systemctl reboot
```

The `latest` tag will automatically point to the latest build. That build will still always use the Fedora version specified in `recipe.yml`, so you won't get accidentally updated to the next major version.

## ISO
### Docker
```bash
# ISO command:
mkdir ./iso-output
sudo docker run --rm --privileged --volume ./iso-output:/build-container-installer/build --pull=always \
ghcr.io/jasonn3/build-container-installer:latest \
# ISO config:
IMAGE_REPO=ghcr.io/winsdominoes \
IMAGE_NAME=seal-os \
IMAGE_TAG=latest \
VARIANT=Silverblue # should match the variant your image is based on
```
### Podman
```bash
# ISO command:
mkdir ./iso-output
sudo podman run --rm --privileged --volume ./iso-output:/build-container-installer/build --security-opt label=disable --pull=newer \
ghcr.io/jasonn3/build-container-installer:latest \
# iso config:
IMAGE_REPO=ghcr.io/winsdominoes \
IMAGE_NAME=seal-os \
IMAGE_TAG=latest \
VARIANT=Silverblue
```

### Fedora Atomic
[https://blue-build.org/learn/universal-blue/#fresh-install-from-an-iso](https://blue-build.org/learn/universal-blue/#fresh-install-from-an-iso)

## Verification

These images are signed with [Sigstore](https://www.sigstore.dev/)'s [cosign](https://github.com/sigstore/cosign). You can verify the signature by downloading the `cosign.pub` file from this repo and running the following command:

```bash
cosign verify --key cosign.pub ghcr.io/winsdominoes/seal-os
```

## Documentation

[BlueBuild docs](https://blue-build.org/how-to/setup/)