scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-19 19:44:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
46 Commits 1 Branch 0 Tags
4219b5fa7f91aa11c7eb5bfcf57dc9e844c471d9
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jorge O. Castro 4219b5fa7f Add initial instructions for signing
2022-12-27 19:12:53 -05:00
.github
Directly reference private key in signing step (#19)
2022-12-25 17:49:23 -05:00
etc
Initial commit
2022-12-08 12:13:51 -05:00
.gitignore
Create .gitignore file
2022-12-19 18:07:12 +00:00
Containerfile
Update Containerfile
2022-12-23 13:37:48 -05:00
cosign.pub
Add cosign public key
2022-12-25 09:00:07 -05:00
LICENSE
Initial commit
2022-12-08 12:07:40 -05:00
README.md
Add initial instructions for signing
2022-12-27 19:12:53 -05:00
ublue-firstboot
Remove the system installed (fedora flatpacks)
2022-12-21 20:19:57 +02:00

README.md

base

build-ublue

A base image with a (mostly) stock Fedora Silverblue. Help us make a sweet base image: Pull requests and improvements appreciated and encouraged!

Usage

Warning: This is an experimental feature and should not be used in production, try it in a VM for a while, you have been warned!

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/ublue-os/base:latest

We build date tags as well, so if you want to rebase to a particular day's release:

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/ublue-os/base:20221217

The latest tag will automatically point to the latest build.

Features

  • Start with a base Fedora Silverblue 37 image
  • Removes Firefox from the base image
  • Adds the following packages to the base image:
    • distrobox and gnome-tweaks
  • Sets automatic staging of updates for the system
  • Sets flatpaks to update twice a day
  • Everything else (desktop, artwork, etc) remains stock so you can use this as a good starting image

Applications

  • All applications installed per user instead of system wide, similar to openSUSE MicroOS, they are not on the base image. Thanks for the inspiration Team Green!
  • Mozilla Firefox, Mozilla Thunderbird, Extension Manager, Libreoffice, DejaDup, FontDownloader, Flatseal, and the Celluloid Media Player
  • Core GNOME Applications installed from Flathub
    • GNOME Calculator, Calendar, Characters, Connections, Contacts, Evince, Firmware, Logs, Maps, NautilusPreviewer, TextEditor, Weather, baobab, clocks, eog, and font-viewer

Verification

These images are signed with sisgstore's cosign. You can verify the signature by downloading the cosign.pub key from this repo and running the following command:

cosign verify --key cosign.pub ghcr.io/ublue-os/base

If you're forking this repo you should read the docs on keeping secrets in github. You need to generate a new keypair with cosign. The public key can be in your public repo (your users need it to check the signatures), and you can paste the private key in Settings -> Secrets -> Actions.

Description
No description provided
Readme Apache-2.0 1.9 MiB
Languages
Shell 33.2%
Just 33.2%
YAML 31.2%
JSON 2.4%