runcom · November 21, 2023 09:06
diff --git a/Containerfile b/Containerfile
 FROM quay.io/centos-boot/centos-tier-1-dev:stream9
 RUN rpm-ostree install gdm firefox gnome-kiosk-script-session plymouth-system-theme
 RUN rm -rf /var/lib/gdm/.config/pulse/default.pa && rm -rf /var/lib/xkb/README.compiled && ostree container commit
diff --git a/example.ks b/example.ks
 text

 # Basic partitioning
 clearpart --all --initlabel --disklabel=gpt
 part prepboot  --size=4    --fstype=prepboot
 part biosboot  --size=1    --fstype=biosboot
 part /boot/efi --size=100  --fstype=efi
 part /boot     --size=1000  --fstype=ext4 --label=boot
 part / --grow --fstype xfs

 ostreecontainer --url quay.io/<user>/kiosk-demo:latest	--no-signature-verification

 firewall --disabled
 services --enabled=sshd

 user --name=core --groups=wheel

 # Only inject a SSH key for root
 rootpw --iscrypted locked
 # Add your example SSH key here!
 sshkey --username root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7xFq1HtZKZiaD8MfkhNtn37m8GSc1W168NoSaT9RSf cardno:000F_C36A3FC0"
 reboot

 # Workarounds until https://github.com/rhinstaller/anaconda/pull/5298/ lands
 bootloader --location=none --disabled
 %post --erroronfail
 set -euo pipefail
 # Work around anaconda wanting a root password
 passwd -l root
 rootdevice=$(findmnt -nv -o SOURCE /)
 device=$(lsblk -n -o PKNAME ${rootdevice})
 /usr/bin/bootupctl backend install --auto --with-static-configs --device /dev/${device} /

 # kiosk-user
 mkdir -p /var/lib/AccountsService/users

 cat > /var/lib/AccountsService/users/core << EOF
 [User]
 Session=gnome-kiosk-script
 SystemAccount=false
 EOF

 mkdir -p /home/core/.local/bin/
 cat > /home/core/.local/bin/gnome-kiosk-script << EOF
 #!/bin/sh
 while true; do
    firefox -kiosk https://time.gov/
 done
 EOF

 cat > /etc/gdm/custom.conf << EOF
 #Enable autologin for the user core
 # GDM configuration storage
 [daemon]
 # Uncomment the line below to force the login screen to use Xorg
 #WaylandEnable=false
 AutomaticLogin=core
 AutomaticLoginEnable=True
 [security]
 [xdmcp]
 [chooser]
 [debug]
 # Uncomment the line below to turn on debugging
 #Enable=true
 EOF

 chown -R core:core /home/core/
 chmod u+x /home/core/.local/bin/gnome-kiosk-script
 systemctl set-default graphical

 %end
diff --git a/how-to b/how-to
 podman build -t quay.io/<user>/kiosk-demo:latest .
 podman push quay.io/<user>/kiosk-demo:latest
 # disable sec boot (for some reason on my latest f39)
 sudo cp /usr/share/edk2/ovmf/OVMF_VARS.fd /var/lib/libvirt/qemu/nvram/sagano-demo_VARS.fd
 virt-install --connect qemu:///system --name sagano-demo --memory 2048 --vcpus 4 --disk size=40 \
          --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd,loader.readonly=yes,loader.secure='no',loader.type=pflash,nvram=/var/lib/libvirt/qemu/nvram/sagano-demo_VARS.fd --network=network=default,model=virtio \
          --os-variant rhel9.0 --location https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ \
          --noautoconsole --initrd-inject $(pwd)/example.ks --extra-args="inst.ks=file:/example.ks console=tty0 console=ttyS0,115200 inst.profile=rhel"
	FROM quay.io/centos-boot/centos-tier-1-dev:stream9
	RUN rpm-ostree install gdm firefox gnome-kiosk-script-session plymouth-system-theme
	RUN rm -rf /var/lib/gdm/.config/pulse/default.pa && rm -rf /var/lib/xkb/README.compiled && ostree container commit
	text

	# Basic partitioning
	clearpart --all --initlabel --disklabel=gpt
	part prepboot --size=4 --fstype=prepboot
	part biosboot --size=1 --fstype=biosboot
	part /boot/efi --size=100 --fstype=efi
	part /boot --size=1000 --fstype=ext4 --label=boot
	part / --grow --fstype xfs

	ostreecontainer --url quay.io/<user>/kiosk-demo:latest --no-signature-verification

	firewall --disabled
	services --enabled=sshd

	user --name=core --groups=wheel

	# Only inject a SSH key for root
	rootpw --iscrypted locked
	# Add your example SSH key here!
	sshkey --username root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7xFq1HtZKZiaD8MfkhNtn37m8GSc1W168NoSaT9RSf cardno:000F_C36A3FC0"
	reboot

	# Workarounds until https://github.com/rhinstaller/anaconda/pull/5298/ lands
	bootloader --location=none --disabled
	%post --erroronfail
	set -euo pipefail
	# Work around anaconda wanting a root password
	passwd -l root
	rootdevice=$(findmnt -nv -o SOURCE /)
	device=$(lsblk -n -o PKNAME ${rootdevice})
	/usr/bin/bootupctl backend install --auto --with-static-configs --device /dev/${device} /

	# kiosk-user
	mkdir -p /var/lib/AccountsService/users

	cat > /var/lib/AccountsService/users/core << EOF
	[User]
	Session=gnome-kiosk-script
	SystemAccount=false
	EOF

	mkdir -p /home/core/.local/bin/
	cat > /home/core/.local/bin/gnome-kiosk-script << EOF
	#!/bin/sh
	while true; do
	firefox -kiosk https://time.gov/
	done
	EOF

	cat > /etc/gdm/custom.conf << EOF
	#Enable autologin for the user core
	# GDM configuration storage
	[daemon]
	# Uncomment the line below to force the login screen to use Xorg
	#WaylandEnable=false
	AutomaticLogin=core
	AutomaticLoginEnable=True
	[security]
	[xdmcp]
	[chooser]
	[debug]
	# Uncomment the line below to turn on debugging
	#Enable=true
	EOF

	chown -R core:core /home/core/
	chmod u+x /home/core/.local/bin/gnome-kiosk-script
	systemctl set-default graphical

	%end
	podman build -t quay.io/<user>/kiosk-demo:latest .
	podman push quay.io/<user>/kiosk-demo:latest
	# disable sec boot (for some reason on my latest f39)
	sudo cp /usr/share/edk2/ovmf/OVMF_VARS.fd /var/lib/libvirt/qemu/nvram/sagano-demo_VARS.fd
	virt-install --connect qemu:///system --name sagano-demo --memory 2048 --vcpus 4 --disk size=40 \
	--boot loader=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd,loader.readonly=yes,loader.secure='no',loader.type=pflash,nvram=/var/lib/libvirt/qemu/nvram/sagano-demo_VARS.fd --network=network=default,model=virtio \
	--os-variant rhel9.0 --location https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ \
	--noautoconsole --initrd-inject $(pwd)/example.ks --extra-args="inst.ks=file:/example.ks console=tty0 console=ttyS0,115200 inst.profile=rhel"