diff --git a/os/readme.md b/os/readme.md index 508cab8..a5ca6f4 100644 --- a/os/readme.md +++ b/os/readme.md @@ -23,7 +23,7 @@ However, VirtualBox (contained in the installer variant) only works with Secure ## How to build an ISO -We run the build inside a Docker container, so you need Docker installed on your host. +We run the build inside a container, so you need Podman (or Docker) installed on your host. Building works on Linux hosts, other OSes are untested. First, obtain the configuration files and put them in the folder `config`. @@ -32,11 +32,16 @@ If you want to create your own config, see the folder `config-example` for examp Run the following commands in the repository root folder. The `--privileged` flag is needed for mounting `/proc` and similar in the target system root. +You can try replacing it with `--cap-add=sys_admin,mknod --security-opt apparmor=unconfined` to reduce the privileges. ```bash mkdir -p osbuild/build +sudo podman pull debian:bookworm +sudo podman run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work/osbuild/build debian:bookworm + +# Alternative with Docker: sudo docker pull debian:bookworm -sudo docker run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work debian:bookworm +sudo docker run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work/osbuild/build debian:bookworm ``` Inside the container, run the following commands. @@ -50,7 +55,6 @@ apt-get update # unzip: for codeblocks plugin # build-essential, debhelper: for building custom udeb apt-get install --no-install-recommends python3 ca-certificates live-build rsync cpio unzip build-essential debhelper -cd osbuild/build python3 ../../os/build.py training-live ``` @@ -60,7 +64,7 @@ Once the build is finished, you will find the ISO at `osbuild/build/live-image-a During development, it's convenient to test the OS in a virtual machine. Install QEMU on your host. -The following commands should be run outside the docker container. +The following commands should be run outside the container. ```bash # training-live, legacy and EFI boot: