mkosi builds a bootable OS image from scratch. This way, we have full control over every detail of the image, especially over the image format and boot process. On the long run, we will implement fully, bit-by-bit reproducible images with mkosi, and use measured boot and an immutable root FS to ensure the image integrity through remote attestation.
make
You can upload the image with the tool of your choice, but the recommended way is using uplosi. Follow the uplosi readme to configure your upload for the desired cloud provider. Then run:
# Using -i and a imageVersionFile to increment the image version after the upload.
uplosi -i build/system.raw
If you want to use the image with libvirt, run the following to convert to qcow2 format:
qemu-img convert -f raw -O qcow2 build/system.raw build/system.qcow2
There is a debug variant of the image that provides a specific configuration to debug things within the podvm. It has additional packages installed that are commonly needed for debugging. Further, the image has access through the serial console enabled, you can access it through the portal of the cloud provider.
# for building the binaries
make fedora-binaries-builder
make binaries
# for building a debug image
make image-debug
Notice that building a debug image will overwrite any previous existing debug or production image.
For using SSH, create a file resources/authorized_keys
with your SSH public key. Ensure the permissions
are set to 0400
for the authorized_keys
file. SSH access is only possible for the root
user.
You can easily place additional files in resources/binaries-tree
after it has been populated by the
binaries build step. Notice that systemd units need to be enabled in the presets and links in the tree
won't be copied into the image.
If you want to add additional packages to the image, you can define mkosi.presets/system/mkosi.conf.d/fedora-extra.conf
:
[Match]
Distribution=fedora
[Content]
Packages=
cowsay
The following limitations apply to these images. Notice that the limitations are intentional to reduce complexity of configuration and CI and shall not be seen as open to-dos.
DISABLE_CLOUD_CONFIG=false
is implied. The mkosi images are currently using cloud init/cloud config, and there is no possibility to disable it.