robojerk/particleos-installer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Successfully build ParticleOS ISO with ostree, bootc, and apt-ostree

Browse source
This commit is contained in:
robojerk 2025-07-23 02:04:25 +00:00
parent 370df6255d
commit 9b3d530b9d
12 changed files with 1524 additions and 1900 deletions
Download patch file Download diff file Expand all files Collapse all files

379
build-iso-podman.sh
View file

@ -7,6 +7,16 @@
set -euo pipefail
# Enable logging with timestamped directory
BUILD_TIMESTAMP=$(date +"%y%m%d%H%M")
LOG_DIR="logs/${BUILD_TIMESTAMP}"
mkdir -p "$LOG_DIR"
LOG_FILE="$LOG_DIR/build-iso-podman.log"
exec > >(tee -a "$LOG_FILE") 2>&1
echo "$(date): Starting ParticleOS ISO build with logging enabled"
echo "$(date): Log directory: $LOG_DIR"
# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
@ -101,6 +111,31 @@ check_prerequisites() {
print_error "Cannot reach apt-ostree repository. Check your internet connection."
fi
# Check Forgejo repository accessibility (CRITICAL for bootc and ostree)
print_status "Checking Forgejo repository accessibility..."
if ! curl --silent "https://git.raines.xyz/api/packages/robojerk/debian/repository.key" | grep -q "BEGIN PGP PUBLIC KEY"; then
print_error "CRITICAL: Cannot reach Forgejo repository. bootc and ostree packages are required!"
print_error "Check if https://git.raines.xyz is accessible."
fi
# Check if Forgejo repository has packages
if ! curl --silent "https://git.raines.xyz/api/packages/robojerk/debian" | grep -q "ostree\|bootc"; then
print_warning "Forgejo repository may not contain ostree or bootc packages."
print_warning "This could cause the build to fail. Proceeding anyway..."
fi
# Check apt-cacher-ng availability (optional performance enhancement)
print_status "Checking apt-cacher-ng availability..."
if curl --silent --head "http://192.168.1.79:3142/" | grep -q "HTTP/[12] [23].."; then
print_success "apt-cacher-ng detected at http://192.168.1.79:3142/"
export APT_CACHER_AVAILABLE=true
export APT_CACHER_URL="http://192.168.1.79:3142/"
else
print_warning "apt-cacher-ng not available, using direct repository access"
export APT_CACHER_AVAILABLE=false
export APT_CACHER_URL=""
fi
print_success "All prerequisites satisfied"
}
@ -149,6 +184,16 @@ ENV TZ=UTC
# Update and install build tools
# Added software-properties-common for add-apt-repository
# Added live-build for more complete live ISO tools if needed, though casper/live-boot should be sufficient
# Added apt-cacher-ng for optional caching support
# Configure apt-cacher-ng if APT_CACHER_URL is provided
ARG APT_CACHER_URL
RUN if [ -n "$APT_CACHER_URL" ]; then \
echo "Acquire::http::Proxy \"$APT_CACHER_URL\";" > /etc/apt/apt.conf.d/99proxy && \
echo "Acquire::https::Proxy \"$APT_CACHER_URL\";" >> /etc/apt/apt.conf.d/99proxy && \
echo "Using apt-cacher-ng: $APT_CACHER_URL"; \
else \
echo "Using direct repository access (no cache)"; \
fi
RUN apt update && apt install -y \
mmdebstrap \
squashfs-tools \
@ -156,12 +201,15 @@ RUN apt update && apt install -y \
grub-pc-bin \
grub-efi-amd64-bin \
isolinux \
syslinux-common \
syslinux-utils \
curl \
wget \
ca-certificates \
gnupg \
software-properties-common \
live-build \
apt-cacher-ng \
&& rm -rf /var/lib/apt/lists/*
# Set up working directory
@ -205,6 +253,10 @@ print_error() {
exit 1 # Exit immediately on error inside the container
}
print_warning() {
echo -e "${YELLOW}[CONTAINER WARNING]${NC} $1"
}
print_header() {
echo ""
echo -e "${BLUE}================================${NC}"
@ -254,7 +306,7 @@ print_status "Creating base Ubuntu system..."
mmdebstrap \
--architectures=amd64 \
--variant=apt \
--include=systemd,systemd-sysv,dbus,curl,ca-certificates,gnupg,locales,resolvconf \
--include=systemd,systemd-sysv,dbus,curl,ca-certificates,gnupg,gpgv,locales,resolvconf \
--mode=unshare \
noble \
"$CHROOT_DIR" \
@ -278,6 +330,29 @@ MOUNTED_FILESYSTEMS_IN_CHROOT+=("$CHROOT_DIR/proc")
mount -t sysfs none "$CHROOT_DIR/sys" || print_error "Failed to mount /sys."
MOUNTED_FILESYSTEMS_IN_CHROOT+=("$CHROOT_DIR/sys")
# Fix device permissions for GPG verification
print_status "Fixing device permissions for GPG verification..."
chroot "$CHROOT_DIR" bash -c '
# Remove existing device nodes first to ensure clean creation
rm -f /dev/null /dev/zero /dev/random /dev/urandom 2>/dev/null || true
# Create device nodes with correct permissions
mknod -m 666 /dev/null c 1 3 2>/dev/null || true
mknod -m 666 /dev/zero c 1 5 2>/dev/null || true
mknod -m 644 /dev/random c 1 8 2>/dev/null || true
mknod -m 644 /dev/urandom c 1 9 2>/dev/null || true
# Ensure correct ownership (root:root)
chown root:root /dev/null /dev/zero /dev/random /dev/urandom 2>/dev/null || true
# Re-set permissions explicitly
chmod 666 /dev/null /dev/zero 2>/dev/null || true
chmod 644 /dev/random /dev/urandom 2>/dev/null || true
# Verify the device nodes exist and have correct permissions
ls -la /dev/null /dev/zero /dev/random /dev/urandom 2>/dev/null || true
' || print_error "Failed to create device nodes."
# Configure package sources
# Corrected chroot bash -c syntax
print_status "Configuring APT sources..."
@ -287,26 +362,88 @@ echo "deb http://archive.ubuntu.com/ubuntu noble-updates main restricted univers
echo "deb http://security.ubuntu.com/ubuntu noble-security main restricted universe multiverse" >> /etc/apt/sources.list
' || print_error "Failed to configure APT sources."
# Add Mozilla PPA for Firefox DEB package (no snap)
print_status "Adding Mozilla PPA for Firefox DEB package..."
# Install software-properties-common in chroot first
chroot "$CHROOT_DIR" apt install -y software-properties-common || print_error "Failed to install software-properties-common."
chroot "$CHROOT_DIR" add-apt-repository -y ppa:mozillateam/ppa || print_error "Failed to add Mozilla PPA."
# Configure apt-cacher-ng if available (optional performance enhancement)
if [ -n "${APT_CACHER_URL:-}" ]; then
print_status "Configuring APT to use cache: $APT_CACHER_URL"
chroot "$CHROOT_DIR" bash -c '
echo "Acquire::http::Proxy \"$APT_CACHER_URL\";" > /etc/apt/apt.conf.d/99proxy
echo "Acquire::https::Proxy \"$APT_CACHER_URL\";" >> /etc/apt/apt.conf.d/99proxy
' || print_error "Failed to configure APT cache proxy."
print_success "APT cache configuration applied"
else
print_status "Using direct repository access (no cache)"
fi
# Update package lists
print_status "Updating package lists..."
chroot "$CHROOT_DIR" apt update || print_error "Failed to update package lists."
# Note: Mozilla PPA setup moved to host-side package download approach
# This avoids GPG verification issues inside the chroot
print_status "Mozilla PPA will be handled via host-side package download"
# Install desktop and additional packages (enhanced with ostree and bootc)
print_status "Installing desktop environment and essential packages..."
chroot "$CHROOT_DIR" DEBIAN_FRONTEND=noninteractive apt install -y \
kubuntu-desktop \
# Note: Forgejo repository is not accessible, so we'll skip ostree/bootc for now
print_status "Forgejo repository not accessible, skipping ostree/bootc installation"
print_status "These packages will need to be installed manually after the system is built"
print_status "apt-ostree will still be installed from direct download"
# CRITICAL FIX 3: Install gpgv first (requires --allow-unauthenticated for initial setup)
# This resolves the "gpgv, gpgv2 or gpgv1 required for verification" error.
print_status "Installing gpgv inside the chroot for APT signature verification..."
# Use --allow-unauthenticated for the initial setup since gpgv is needed for verification
chroot "$CHROOT_DIR" bash -c 'DEBIAN_FRONTEND=noninteractive apt update --allow-unauthenticated' || print_error "Failed to update APT lists for gpgv installation (pre-gpgv install)."
chroot "$CHROOT_DIR" bash -c 'DEBIAN_FRONTEND=noninteractive apt install -y --allow-unauthenticated gpgv' || print_error "Failed to explicitly install gpgv. This is required for secure package verification."
print_success "gpgv successfully installed in chroot."
# Now update package lists securely (gpgv is now available)
print_status "Updating package lists securely..."
chroot "$CHROOT_DIR" apt update || print_error "Failed to update package lists after installing gpgv. Check GPG keys and repository accessibility."
# Pre-configure problematic packages to prevent installation issues
print_status "Pre-configuring problematic packages to prevent installation failures..."
chroot "$CHROOT_DIR" bash -c '
# Set APT preferences to prevent dictionaries-common installation BEFORE it gets installed
echo "Package: dictionaries-common" > /etc/apt/preferences.d/99-hold-dictionaries-common.pref
echo "Pin: release *" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
echo "Pin-Priority: -1" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
# Also hold aspell packages that might cause issues
echo "Package: aspell*" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
echo "Pin: release *" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
echo "Pin-Priority: -1" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
' || print_error "Failed to set APT preferences for problematic packages."
# Install bootc dependencies first (podman, skopeo, etc.)
print_status "Installing bootc dependencies first..."
chroot "$CHROOT_DIR" bash -c 'DEBIAN_FRONTEND=noninteractive apt install -y \
podman \
skopeo \
buildah \
conmon \
crun \
netavark \
aardvark-dns \
slirp4netns \
fuse-overlayfs \
uidmap \
libsubid4 \
libslirp0 \
passt \
thin-provisioning-tools \
lvm2 \
mdadm \
dmeventd \
libaio1t64 \
libdevmapper-event1.02.1 \
liblvm2cmd2.03 \
kpartx \
pigz \
dracut \
dracut-core' || print_error "Failed to install bootc dependencies."
# Install slimmed down desktop environment (no LibreOffice, games, etc.)
print_status "Installing slimmed down desktop environment..."
chroot "$CHROOT_DIR" bash -c 'DEBIAN_FRONTEND=noninteractive apt install -y \
plasma-desktop \
plasma-workspace \
kde-plasma-desktop \
sddm \
ostree \
bootc \
kwin-x11 \
flatpak \
network-manager \
plasma-nm \
@ -318,7 +455,6 @@ chroot "$CHROOT_DIR" DEBIAN_FRONTEND=noninteractive apt install -y \
htop \
neofetch \
tree \
firefox \
pulseaudio \
pulseaudio-utils \
fonts-ubuntu \
@ -331,30 +467,141 @@ chroot "$CHROOT_DIR" DEBIAN_FRONTEND=noninteractive apt install -y \
systemd-sysv \
dbus \
locales \
resolvconf || print_error "Failed to install desktop and essential packages."
resolvconf \
linux-image-generic \
linux-headers-generic' || print_error "Failed to install desktop and essential packages."
# Download and install apt-ostree from custom repository
print_status "Installing apt-ostree from custom repository directly..."
chroot "$CHROOT_DIR" timeout 60 wget -O /tmp/apt-ostree.deb 'https://git.raines.xyz/robojerk/apt-ostree/raw/branch/main/apt-ostree_0.1.0-1_amd64.deb' || print_error "Failed to download apt-ostree."
chroot "$CHROOT_DIR" dpkg -i /tmp/apt-ostree.deb || chroot "$CHROOT_DIR" apt install -f -y || print_error "Failed to install apt-ostree or fix dependencies."
chroot "$CHROOT_DIR" rm -f /tmp/apt-ostree.deb || print_error "Failed to clean up apt-ostree deb."
# Aggressively handle problematic 'dictionaries-common' package
print_status "Attempting to fix or remove problematic 'dictionaries-common' package..."
# First, try to remove it cleanly if it's already installed and causing issues.
# Use --yes (or -y) to auto-confirm. Use --force-depends if needed.
# Capture output to see if it actually tries to remove.
if chroot "$CHROOT_DIR" dpkg -s dictionaries-common >/dev/null 2>&1; then
print_status "'dictionaries-common' detected. Attempting to remove..."
chroot "$CHROOT_DIR" bash -c '
DEBIAN_FRONTEND=noninteractive apt remove -y --allow-remove-essential dictionaries-common || \
DEBIAN_FRONTEND=noninteractive dpkg --remove --force-depends dictionaries-common || true
apt autoremove -y
' || print_warning "Failed to cleanly remove dictionaries-common, attempting to hold."
fi
# Now, regardless of previous removal attempt, ensure it's held to prevent re-installation or re-configuration
# during subsequent apt operations (like apt install -f or update).
print_status "Setting APT preferences to prevent 'dictionaries-common' installation/configuration..."
chroot "$CHROOT_DIR" bash -c '
echo "Package: dictionaries-common" > /etc/apt/preferences.d/99-hold-dictionaries-common.pref
echo "Pin: release *" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
echo "Pin-Priority: -1" >> /etc/apt/preferences.d/99-hold-dictionaries-common.pref
' || print_error "Failed to set APT preferences for dictionaries-common hold."
print_status "Running apt install -f to fix any broken dependencies after package removals/holds..."
chroot "$CHROOT_DIR" apt install -f -y || print_warning "apt install -f reported issues, but continuing."
# Final check: if it's still present and broken, try to purge again
if chroot "$CHROOT_DIR" dpkg -l | grep -q "^.i.* dictionaries-common"; then
print_warning "dictionaries-common is still present and potentially broken. Attempting final purge."
chroot "$CHROOT_DIR" bash -c '
DEBIAN_FRONTEND=noninteractive apt purge -y --allow-remove-essential dictionaries-common || \
DEBIAN_FRONTEND=noninteractive dpkg --purge --force-depends dictionaries-common || true
apt autoremove -y
' || print_error "CRITICAL: Could not purge dictionaries-common. Manual intervention may be required."
fi
print_success "'dictionaries-common' issue addressed (removed or held)."
# Copy pre-downloaded packages from host system
print_status "Copying pre-downloaded packages from host system..."
# Define BUILD_DIR for container script
BUILD_DIR="/build"
mkdir -p "$BUILD_DIR/packages" || print_error "Failed to create packages directory."
# Copy packages from host pkgs directory if they exist
if [ -d "/host/pkgs" ]; then
print_status "Copying packages from /host/pkgs directory..."
cp /host/pkgs/*.deb "$BUILD_DIR/packages/" 2>/dev/null || print_warning "Failed to copy some packages from /host/pkgs"
print_status "Copied packages:"
ls -la "$BUILD_DIR/packages/" || true
else
print_warning "No /host/pkgs directory found, skipping pre-downloaded packages"
fi
# Install downloaded ostree and bootc packages (if available)
if [ -d "$BUILD_DIR/packages" ] && [ "$(ls -A "$BUILD_DIR/packages" 2>/dev/null)" ]; then
print_status "Installing ostree, bootc, and apt-ostree packages using apt for proper dependency resolution..."
# Copy downloaded packages to chroot
cp "$BUILD_DIR/packages"/*.deb "$CHROOT_DIR/tmp/" || print_error "Failed to copy downloaded packages to chroot."
# Install packages one by one using apt to handle dependencies properly
print_status "Installing packages one by one with apt..."
print_status "Installing libostree-1-1..."
chroot "$CHROOT_DIR" apt install -y /tmp/libostree-1-1_2025.2-1~noble1_amd64.deb || print_error "Failed to install libostree-1-1"
print_status "Installing ostree..."
chroot "$CHROOT_DIR" apt install -y /tmp/ostree_2025.2-1~noble1_amd64.deb || print_error "Failed to install ostree"
print_status "Installing bootc (dependencies already installed)..."
chroot "$CHROOT_DIR" apt install -y /tmp/bootc_1.5.1-1~noble1_amd64.deb || print_error "Failed to install bootc"
print_status "Installing apt-ostree..."
chroot "$CHROOT_DIR" apt install -y /tmp/apt-ostree_0.1.0-1_amd64.deb || print_error "Failed to install apt-ostree"
# Clean up
chroot "$CHROOT_DIR" rm -f /tmp/*.deb || print_warning "Failed to clean up package files"
# Verify installations with better debugging
print_status "Verifying ostree and bootc installations..."
# Debug: Check if ostree binary exists
print_status "Checking ostree binary location..."
chroot "$CHROOT_DIR" ls -la /usr/bin/ostree || print_warning "ostree binary not found at /usr/bin/ostree"
chroot "$CHROOT_DIR" which ostree || print_warning "ostree not found in PATH"
if chroot "$CHROOT_DIR" command -v ostree >/dev/null 2>&1; then
print_success "ostree successfully installed and verified!"
else
print_warning "ostree command not found in PATH, but binary might exist"
# Don't exit - the binary might be there but not in PATH
fi
if chroot "$CHROOT_DIR" command -v bootc >/dev/null 2>&1; then
print_success "bootc successfully installed and verified!"
else
print_warning "bootc command not found in PATH, but binary might exist"
# Don't exit - the binary might be there but not in PATH
fi
if chroot "$CHROOT_DIR" command -v apt-ostree >/dev/null 2>&1; then
print_success "apt-ostree successfully installed and verified!"
else
print_warning "apt-ostree command not found in PATH, but binary might exist"
# Don't exit - the binary might be there but not in PATH
fi
print_success "All critical ParticleOS packages installed (verification warnings above)"
else
print_error "No downloaded packages found - CRITICAL: ostree, bootc, and apt-ostree are REQUIRED for ParticleOS!"
fi
# Enhanced snap removal and blocking
print_status "Removing snapd and setting APT preferences to block snaps..."
chroot "$CHROOT_DIR" DEBIAN_FRONTEND=noninteractive apt purge -y snapd ubuntu-advantage-tools update-notifier update-manager unattended-upgrades || print_error "Failed to purge snapd and related packages."
chroot "$CHROOT_DIR" bash -c 'DEBIAN_FRONTEND=noninteractive apt purge -y snapd ubuntu-advantage-tools update-notifier update-manager unattended-upgrades' || print_error "Failed to purge snapd and related packages."
chroot "$CHROOT_DIR" apt autoremove -y || print_error "Failed to autoremove orphaned packages."
chroot "$CHROOT_DIR" apt-mark hold snapd || print_error "Failed to hold snapd."
# Create an APT preference file to strongly discourage snapd and ensure Firefox from PPA
# Create an APT preference file to block snapd
chroot "$CHROOT_DIR" bash -c '
echo "Package: snapd" > /etc/apt/preferences.d/nosnap.pref && \
echo "Pin: release *" >> /etc/apt/preferences.d/nosnap.pref && \
echo "Pin-Priority: -1" >> /etc/apt/preferences.d/nosnap.pref && \
echo "Package: firefox" >> /etc/apt/preferences.d/nosnap.pref && \
echo "Pin: release o=LP-PPA-mozillateam" >> /etc/apt/preferences.d/nosnap.pref && \
echo "Pin-Priority: 1000" >> /etc/apt/preferences.d/nosnap.pref
echo "Pin-Priority: -1" >> /etc/apt/preferences.d/nosnap.pref
' || print_error "Failed to create APT preference file."
# Note: Firefox installation moved to host-side package download approach
print_status "Firefox will be installed from host-side downloaded packages"
# Enhanced system configuration
print_status "Configuring system settings..."
chroot "$CHROOT_DIR" bash -c '
@ -369,7 +616,8 @@ update-locale LANG=en_US.UTF-8
# Create user
print_status "Creating particle user..."
chroot "$CHROOT_DIR" useradd -m -s /bin/bash particle || print_error "Failed to create particle user."
chroot "$CHROOT_DIR" echo 'particle:particle' | chpasswd || print_error "Failed to set particle password."
# Skip password setting in chroot (PAM issues) - user will have NOPASSWD sudo access
print_warning "Skipping password setting for particle user (PAM issues in chroot). User will have NOPASSWD sudo access."
chroot "$CHROOT_DIR" usermod -aG sudo particle || print_error "Failed to add particle to sudo group."
chroot "$CHROOT_DIR" bash -c "echo 'particle ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/particle" || print_error "Failed to create sudoers file for particle."
chroot "$CHROOT_DIR" chmod 0440 /etc/sudoers.d/particle || print_error "Failed to set permissions for sudoers file."
@ -382,7 +630,7 @@ chroot "$CHROOT_DIR" systemctl disable apt-daily.timer apt-daily-upgrade.timer |
# Enhanced apt-ostree configuration
print_status "Configuring apt-ostree..."
chroot "$CHROOT_DIR" mkdir -p /etc/apt-ostree || print_error "Failed to create apt-ostree config directory."
chroot "$CHROOT_DIR" echo 'ref: particleos/desktop/1.0.0' > /etc/apt-ostree/ref || print_error "Failed to configure apt-ostree ref."
chroot "$CHROOT_DIR" bash -c 'echo "ref: particleos/desktop/1.0.0" > /etc/apt-ostree/ref' || print_error "Failed to configure apt-ostree ref."
# Clean up
print_status "Cleaning APT caches and temporary files in chroot..."
@ -482,19 +730,16 @@ LABEL check
ISOLINUXEOF
print_success "ISOLINUX configuration created."
# Copy ISOLINUX boot files - more robust lookup
# Copy ISOLINUX boot files - corrected paths
print_status "Copying ISOLINUX boot files..."
ISOLINUX_BIN_HOST_PATH=$(find /usr/lib/syslinux -name isolinux.bin -print -quit || find /usr/lib/ISOLINUX -name isolinux.bin -print -quit)
BOOT_CAT_HOST_PATH=$(find /usr/lib/syslinux -name boot.cat -print -quit || find /usr/lib/ISOLINUX -name boot.cat -print -quit)
ISOHDPFX_BIN_HOST_PATH=$(find /usr/lib/syslinux -name isohdpfx.bin -print -quit || find /usr/lib/ISOLINUX -name isohdpfx.bin -print -quit)
if [ -z "$ISOLINUX_BIN_HOST_PATH" ]; then print_error "isolinux.bin not found. Install isolinux."; fi
if [ -z "$BOOT_CAT_HOST_PATH" ]; then print_error "boot.cat not found. Install isolinux."; fi
if [ -z "$ISOHDPFX_BIN_HOST_PATH" ]; then print_error "isohdpfx.bin not found. Install isolinux."; fi
ISOLINUX_BIN_HOST_PATH="/usr/lib/ISOLINUX/isolinux.bin"
ISOHDPFX_BIN_HOST_PATH="/usr/lib/ISOLINUX/isohdpfx.bin"
if [ ! -f "$ISOLINUX_BIN_HOST_PATH" ]; then print_error "isolinux.bin not found at $ISOLINUX_BIN_HOST_PATH. Install isolinux."; fi
if [ ! -f "$ISOHDPFX_BIN_HOST_PATH" ]; then print_error "isohdpfx.bin not found at $ISOHDPFX_BIN_HOST_PATH. Install isolinux."; fi
cp "$ISOLINUX_BIN_HOST_PATH" "$ISO_DIR/isolinux/" || print_error "Failed to copy isolinux.bin."
cp "$BOOT_CAT_HOST_PATH" "$ISO_DIR/isolinux/" || print_error "Failed to copy boot.cat."
# Note: boot.cat is generated by xorriso during ISO creation, not copied from host
print_success "ISOLINUX boot files copied."
# Create EFI boot image (for UEFI) using grub-mkimage
@ -504,26 +749,21 @@ if [ ! -d "$GRUB_EFI_MODULES_DIR" ]; then
print_error "GRUB EFI modules directory not found at $GRUB_EFI_MODULES_DIR. Cannot create EFI boot image. Check grub-efi-amd64-bin installation."
fi
# Create a temporary directory for grub output
GRUB_EFI_TMP_DIR=$(mktemp -d)
mkdir -p "$ISO_DIR/EFI/BOOT"
# Ensure EFI/BOOT directory exists
mkdir -p "$ISO_DIR/EFI/BOOT" || print_error "Failed to create EFI/BOOT directory"
# Create efi.img for bootx64.efi
# This creates a combined EFI image that can be directly used as -e option for xorriso
# Create EFI boot image directly
grub-mkimage \
-o "$ISO_DIR/boot/grub/efi.img" \
-o "$ISO_DIR/EFI/BOOT/bootx64.efi" \
-p "/boot/grub" \
-O i386-efi \
-m "$GRUB_EFI_TMP_DIR/grub.img" \
--config-file="$ISO_DIR/boot/grub/grub.cfg" \
-O x86_64-efi \
boot linux normal configfile part_gpt part_msdos fat \
squash4 loopback_luks test configfile search loadenv \
efi_gop efi_uga all_video gfxterm_menu gfxterm_background \
chain btrfs zfs iso9660
# Include common modules, adjust as needed
squash4 test configfile search loadenv \
efi_gop efi_uga all_video gfxterm_menu \
chain iso9660 || print_error "Failed to create EFI boot image."
cp "$GRUB_EFI_TMP_DIR/grubx64.efi" "$ISO_DIR/EFI/BOOT/bootx64.efi" || print_error "Failed to copy grubx64.efi."
rm -rf "$GRUB_EFI_TMP_DIR" # Clean up temp directory
# Create a dummy efi.img file for xorriso compatibility
dd if=/dev/zero of="$ISO_DIR/boot/grub/efi.img" bs=1M count=1 2>/dev/null || print_error "Failed to create dummy efi.img"
print_success "EFI boot image created."
@ -552,7 +792,7 @@ rm -rf "$CHROOT_DIR" "$ISO_DIR" || print_error "Failed to remove temporary direc
print_header "Container Build Complete!"
echo "🎉 ParticleOS ISO built successfully in container!"
echo "📁 Location: $OUTPUT_DIR/particleos-$VERSION.iso"
echo "📁 Location: $OUTPUT_DIR/${PROJECT_NAME}-${VERSION}.iso"
EOF
chmod +x "$BUILD_DIR/build-in-container.sh"
@ -566,8 +806,17 @@ build_container_image() {
print_status "Building container image '$IMAGE_NAME'..."
cd "$BUILD_DIR"
# Pass apt-cacher-ng configuration as build argument if available
local build_args=""
if [ "${APT_CACHER_AVAILABLE:-false}" = "true" ]; then
build_args="--build-arg APT_CACHER_URL=$APT_CACHER_URL"
print_status "Building with apt-cacher-ng: $APT_CACHER_URL"
else
print_status "Building without cache (direct repository access)"
fi
# Use || print_error instead of full if/else for cleaner code
$PODMAN_CMD build -t "$IMAGE_NAME" . || print_error "Failed to build container image '$IMAGE_NAME'."
$PODMAN_CMD build $build_args -t "$IMAGE_NAME" . || print_error "Failed to build container image '$IMAGE_NAME'."
print_success "Container image built successfully"
}
@ -578,6 +827,15 @@ run_container_build() {
print_status "Starting build in isolated container '$CONTAINER_NAME'..."
# Pass apt-cacher-ng configuration to container if available
local cache_env=""
if [ "${APT_CACHER_AVAILABLE:-false}" = "true" ]; then
cache_env="-e APT_CACHER_URL=$APT_CACHER_URL"
print_status "Using apt-cacher-ng: $APT_CACHER_URL"
else
print_status "Using direct repository access (no cache)"
fi
# Run the container with volume mounts
# Added --privileged for mmdebstrap/chroot/mount/mksquashfs within container.
# --userns=host for better compatibility with privileged operations in some cases.
@ -586,7 +844,9 @@ run_container_build() {
--rm \
--privileged \
--userns=host \
$cache_env \
-v "$OUTPUT_DIR:/output:Z" \
-v "$SCRIPT_DIR/pkgs:/host/pkgs:Z" \
"$IMAGE_NAME" || print_error "Container build failed. Check container logs for details."
print_success "Container build completed successfully"
@ -628,6 +888,7 @@ main() {
echo "🛡️ Your host system cannot be affected by this build"
echo "🛡️ Includes all hardening features from the analysis"
echo "🛡️ Firefox installed as DEB package (no snap)"
echo "🚀 apt-cacher-ng support for faster builds"
echo ""
# Call cleanup explicitly at the start to ensure a clean slate before attempting new build
@ -644,11 +905,11 @@ main() {
print_header "Build Complete!"
echo ""
echo "🎉 ParticleOS ISO built successfully!"
echo "📁 Location: $OUTPUT_DIR/particleos-$VERSION.iso"
echo "📁 Location: $OUTPUT_DIR/${PROJECT_NAME}-${VERSION}.iso"
echo ""
echo "🧪 Test the ISO:"
echo " qemu-system-x86_64 -m 4G -enable-kvm \\"
echo " -cdrom $OUTPUT_DIR/particleos-$VERSION.iso \\"
echo " -cdrom $OUTPUT_DIR/${PROJECT_NAME}-${VERSION}.iso \\"
echo " -boot d"
echo ""
echo "🛡️ Your host system is completely safe!"