|
1 | | - |
2 | | - |
3 | 1 | # Introduction |
4 | | -IncusOS is a minimal immutable OS image dedicated to running [Incus](https://linuxcontainers.org/incus). |
5 | | -It's based on [Debian](https://www.debian.org) trixie and built using [mkosi](https://github.com/systemd/mkosi). |
| 2 | +[IncusOS](https://linuxcontainers.org/incus-os) is an immutable OS image dedicated to running [Incus](https://linuxcontainers.org/incus). |
| 3 | +It's based on [Debian](https://www.debian.org) 13 and built using [mkosi](https://github.com/systemd/mkosi). |
| 4 | + |
6 | 5 | IncusOS can be installed on modern amd64 (x86_64) and arm64 systems. |
7 | 6 |
|
8 | 7 | This aims at providing a very fast, safe and reliable way to run an Incus server. |
| 8 | +It's got a strong focus on security, actively relying on UEFI Secure Boot and TPM 2.0 for boot security and disk encryption. |
| 9 | + |
| 10 | +You can read more about how to get started with IncusOS |
| 11 | +[here](https://linuxcontainers.org/incus-os/docs/main/getting-started/) |
| 12 | +including detailed instructions for physical installation or for running |
| 13 | +IncusOS on a variety of virtual machine platforms. |
| 14 | + |
| 15 | +The full documentation for IncusOS can be [found here](https://linuxcontainers.org/incus-os/docs/main). |
| 16 | + |
| 17 | +# Development |
| 18 | +This repository includes all the sources used to build the production IncusOS images. |
| 19 | + |
| 20 | +Builds are triggered by pushing a new tag to this repository which kicks |
| 21 | +in a full image build, that then gets downloaded and validated by our |
| 22 | +publishing server. The image is then made available in the `testing` |
| 23 | +channel until it's manually validated and promoted to the `stable` |
| 24 | +channel. |
| 25 | + |
| 26 | +The most recent image build logs can be found here: https://github.com/lxc/incus-os/actions/workflows/build.yml |
| 27 | +With the resulting images being published to: https://images.linuxcontainers.org/os/ |
| 28 | + |
| 29 | +A daily test is also run, exercising most of the API endpoints and |
| 30 | +running tests that would be impractical (too slow) to run for every pull |
| 31 | +request. |
| 32 | + |
| 33 | +[](https://github.com/lxc/incus-os/actions/workflows/daily.yml) |
| 34 | + |
| 35 | +# Contributing |
| 36 | +This repository is released under the terms of the Apache 2.0 license. |
9 | 37 |
|
10 | | -# Security features |
11 | | -IncusOS is designed to run on systems using UEFI with Secure Boot enabled. |
12 | | -On first boot, it will automatically add the relevant Secure Boot keys |
13 | | -(requires the system be in setup mode). |
14 | | - |
15 | | -This ensures that only our signed image can be booted on the system. |
16 | | -The image then uses dm-verity to validate every bit that's read from disk. |
17 | | - |
18 | | -All throughout boot, artifacts get measured through the TPM with the TPM |
19 | | -state used to manage disk encryption. |
20 | | - |
21 | | -This effectively ensures that the system can only boot valid IncusOS |
22 | | -images, that nothing can be altered on the system and that any |
23 | | -re-configuration of the system requires the use of a recovery key to |
24 | | -access the persistent storage. |
25 | | - |
26 | | -When updating, IncusOS uses an A/B update mechanism to reboot onto the |
27 | | -newer version while keeping the previous version available should a |
28 | | -revert be needed. |
29 | | - |
30 | | -# Status |
31 | | -IncusOS is still in early alpha development, which means it comes with some |
32 | | -important caveats: |
33 | | - |
34 | | - * There can and will be breaking changes, which may ultimately require a |
35 | | - fresh reinstall. Therefore, DO NOT use IncusOS with any kind of important |
36 | | - data. |
37 | | - |
38 | | - * Currently all development and testing of IncusOS is done through Incus |
39 | | - VMs. While it should be possible to run IncusOS on physical hardware or |
40 | | - other virtualization solutions (ie, Proxmox), support will be limited. |
41 | | - |
42 | | - * IncusOS is intentionally opinionated and requires modern hardware to |
43 | | - enable its various security features. IncusOS will never be installable |
44 | | - on systems without UEFI Secure Boot and a TPM. |
45 | | - |
46 | | -# Documentation |
47 | | -More detailed documentation is available in the `doc/` directory, including |
48 | | -a [brief example](doc/basic-install-steps.md) of how to configure and then |
49 | | -connect to Incus post-install. |
| 38 | +Detailed contribution guidelines can be found in [our documentation](https://linuxcontainers.org/incus-os/docs/main/contributing/). |
0 commit comments