# Particle-OS Phase 2 Containerfile # Builds on the minimal image and implements Phase 2 deliverables: # - OSTree repository setup and management # - System update and rollback mechanisms # - Network configuration and management # - Security hardening and SELinux integration # - Container runtime optimization FROM particle-os:minimal # Install Phase 2 required packages RUN apt-get update && apt-get install -y \ # OSTree management and deployment ostree-grub2 \ ostree-boot \ # Network management (systemd-networkd is already included in systemd) network-manager \ # Security tools apparmor \ apparmor-utils \ # Container runtime optimization containerd \ runc \ # System management systemd-container \ # Additional utilities for Phase 2 curl \ wget \ vim \ htop \ iotop \ && rm -rf /var/lib/apt/lists/* # Set up OSTree repository structure RUN mkdir -p /ostree/repo/refs/heads && \ mkdir -p /ostree/repo/refs/remotes && \ mkdir -p /ostree/repo/objects && \ mkdir -p /ostree/repo/state # Initialize OSTree repository if not already done RUN ostree --repo=/ostree/repo init --mode=bare || echo "Repository already initialized" # Create initial deployment structure RUN mkdir -p /sysroot/ostree/deploy/particle-os/minimal/deploy && \ mkdir -p /sysroot/ostree/deploy/particle-os/minimal/var && \ mkdir -p /sysroot/ostree/deploy/particle-os/minimal/usr # Set up home directory symlink for OSTree compliance RUN if [ ! -L /home ]; then \ ln -sf ../var/home /home; \ fi # Configure OSTree for Phase 2 RUN echo "OSTREE_OSVARIANT=minimal" >> /etc/ostree/ostree.conf && \ echo "OSTREE_SERVICES=" >> /etc/ostree/ostree.conf && \ echo "OSTREE_DESKTOP=" >> /etc/ostree/ostree.conf # Set up systemd services for Phase 2 RUN systemctl enable systemd-networkd # Create Phase 2 specific directories and files RUN mkdir -p /etc/systemd/system && \ mkdir -p /etc/systemd/user && \ mkdir -p /var/lib/systemd # Set up container runtime configuration RUN mkdir -p /etc/containerd && \ containerd config default > /etc/containerd/config.toml # Create Phase 2 management scripts RUN echo '#!/bin/bash' > /usr/local/bin/particle-ostree-update && \ echo 'echo "Particle-OS OSTree Update Tool"' >> /usr/local/bin/particle-ostree-update && \ echo 'echo "Phase 2: CoreOS Development"' >> /usr/local/bin/particle-ostree-update && \ echo 'echo "Available commands:"' >> /usr/local/bin/particle-ostree-update && \ echo 'echo " ostree admin status - Check deployment status"' >> /usr/local/bin/particle-ostree-update && \ echo 'echo " ostree admin os-diff - Show pending changes"' >> /usr/local/bin/particle-ostree-update && \ echo 'echo " ostree admin upgrade - Apply system updates"' >> /usr/local/bin/particle-ostree-update && \ chmod +x /usr/local/bin/particle-ostree-update # Create network configuration RUN echo '[Match]' > /etc/systemd/network/20-wired.network && \ echo 'Name=en*' >> /etc/systemd/network/20-wired.network && \ echo '[Network]' >> /etc/systemd/network/20-wired.network && \ echo 'DHCP=yes' >> /etc/systemd/network/20-wired.network # Set up security configuration RUN echo 'kernel.keys.root_maxkeys = 1000000' >> /etc/sysctl.conf && \ echo 'kernel.keys.root_maxbytes = 25000000' >> /etc/sysctl.conf # Create Phase 2 version file RUN echo "Particle-OS Phase 2 - CoreOS Development" > /etc/particle-os-phase && \ echo "Version: 0.2.0" >> /etc/particle-os-phase && \ echo "Phase: 2" >> /etc/particle-os-phase && \ echo "Status: Development" >> /etc/particle-os-phase # Label the image with Phase 2 information LABEL org.opencontainers.image.title="Particle-OS Phase 2" LABEL org.opencontainers.image.description="Phase 2: CoreOS Development with OSTree management" LABEL org.opencontainers.image.version="0.2.0" LABEL org.opencontainers.image.vendor="Particle-OS Project" LABEL org.opencontainers.image.source="https://github.com/your-org/particle-os" LABEL org.opencontainers.image.revision="0.2.0" LABEL org.opencontainers.image.ostree.osname="particle-os" LABEL org.opencontainers.image.ostree.osversion="0.2.0" LABEL org.opencontainers.image.ostree.osvariant="minimal" LABEL org.opencontainers.image.ostree.phase="2"