Massive shout-out to M1cha for making this possible (M1cha/archlinux-ostree).
This is a helper script which aids in curating your own setup by demonstrating how to:
- Build an immutable OSTree image by using rootfs from a Podman Containerfile.
- Partition and prepare UEFI/GPT disks for a minimal OSTree host system.
- Generate OSTree repository in a empty filesystem.
- Integrate OSTree with GRUB2 bootloader.
- Upgrade an existing OSTree repository with a new rootfs image.
/
├── boot
│ └── efi
└── ostree
├── deploy
│ └── archlinux
└── repo
├── config
├── extensions
├── objects
├── refs
├── state
└── tmp
Everything is deleted between deployments except for:
/dev
partitions which OSTree does not reside on are untouched./etc
only if--merge
option is specified./home
is symlinked to/var/home
(see below)./var
data here is mounted from/ostree/deploy/archlinux/var
to avoid duplication.
Notes:
/var/cache/podman
is populated only after the first deployment (to avoid including old data from the build machine), this speeds up consecutive builds./var/lib/containers
same as above but for Podman layers and images. Base images are updated automatically duringupgrade
command.
- OSTree
- Podman with CRUN and Native-Overlayfs
- GRUB2
- XFS (not required)
My vision is to build a secure and minimal base system which is resilient against breakage and provides setup automation to reduce the burden of doing manual tasks. This can be achieved by:
- Git.
- Read-only system files.
- Restore points.
- Automatic deployment, installation & configuration.
- Using only required components like kernel/firmware/driver, microcode and GGC in the base.
- Doing the rest in temporary namespaces such as Podman.
- Reproducible deployments.
- Versioned rollbacks.
- Immutable filesystem.
- Distribution agnostic toolset.
- Configuration management.
- Rootfs creation via containers.
- Each deployment does a factory reset of system's configuration (unless overridden).
-
Boot into any Arch Linux system:
For instance, using a live CD/USB ISO image from: Arch Linux Downloads.
-
Clone this repository:
$ sudo pacman -Sy git $ git clone https://github.com/GrabbenD/ostree-utility.git && cd ostree-utility
-
Find
ID-LINK
for installation device where OSTree image will be deployed:$ lsblk -o NAME,TYPE,FSTYPE,MODEL,ID-LINK,SIZE,MOUNTPOINTS,LABEL NAME TYPE FSTYPE MODEL ID-LINK SIZE MOUNTPOINTS LABEL sdb disk Virtual Disk scsi-360022480c22be84f8a61b39bbaed612f 300G ├─sdb1 part vfat scsi-360022480c22be84f8a61b39bbaed612f-part1 256M SYS_BOOT ├─sdb2 part xfs scsi-360022480c22be84f8a61b39bbaed612f-part2 24.7G SYS_ROOT └─sdb3 part xfs scsi-360022480c22be84f8a61b39bbaed612f-part3 275G SYS_HOME
-
Perform a takeover installation:
⚠️ WARNING⚠️ ostree.sh
is destructive and has no prompts while partitioning the specified disk, proceed with caution:$ chmod +x ostree.sh $ sudo ./ostree.sh install --dev scsi-360022480c22be84f8a61b39bbaed612f
⚙️ Update your BIOS boot order to access the installation.
💡 Default login is:
root
/ostree
💡 Use different Containerfile(s) with
--file FILE1:TAG1,FILE2:TAG2
option -
Upgrade an existing installation:
While booted into a OSTree system, use:
$ sudo ./ostree.sh upgrade
💡 Use
--merge
option to preserve contents of/etc
-
Revert to previous commit:
To undo the latest deployment (0); boot into the previous configuration (1) and execute:
$ sudo ./ostree.sh revert
This attribute can be temporarily removed with Overlay filesystem which allows you to modify read-only paths without persisting the changes:
$ ostree admin unlock
error: failed retrieving file '{name}.pkg.tar.zst' from {source} : The requested URL returned error: 404
Your persistent cache is out of sync with upstream, this can be resolved with:
$ ./ostree.sh upgrade --no-podman-cache