feat(liveiso): Migrate to experimental Titanoboa (ublue-os#4141)

* feat(liveiso): Migrate to experimental Titanoboa

Includes full support for Ventoy

Signed-off-by: Zeglius <33781398+Zeglius@users.noreply.github.com>

* ci(liveiso): force btrfs mount

Signed-off-by: Zeglius <33781398+Zeglius@users.noreply.github.com>

* ci(liveiso): point podman to installer directory

Signed-off-by: Zeglius <33781398+Zeglius@users.noreply.github.com>

---------

Signed-off-by: Zeglius <33781398+Zeglius@users.noreply.github.com>

Author: Zeglius

.github/workflows/build_iso_titanoboa.yml

@@ -54,12 +54,14 @@ jobs:
         if: ${{ steps.check_mnt.outputs.mnt_is_there == '1' }}
         uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
 
-      - name: Mount BTRFS for podman storage
-        if: ${{ steps.check_mnt.outputs.mnt_is_there == '1' }}
-        uses: ublue-os/container-storage-action@dc1f4c8f17b672069e921f001132f7cf98a423a6
-        with:
-          target-dir: /var/lib/containers
-        continue-on-error: true
+      - name: Mount Container Storage BTRFS Loopback
+        run: |
+          sudo truncate -s 70G /mnt/podman-storage.img
+          sudo mkfs.btrfs -f /mnt/podman-storage.img
+          sudo podman system reset --force
+          sudo systemctl stop podman.service
+          sudo mount -o compress-force=zstd:2 /mnt/podman-storage.img /var/lib/containers/storage
+          sudo systemctl start podman.service
 
       - name: Checkout Repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
@@ -82,13 +84,13 @@ jobs:
         id: generate-flatpak-dir-shortname
         shell: bash
         run: |
-          FLATPAK_DIR_SHORTNAME="installer/kde_flatpaks"
+          FLATPAK_DIR_SHORTNAME="kde_flatpaks"
 
           if [[ "${{ matrix.image_name }}" =~ "gnome" ]]; then
-            FLATPAK_DIR_SHORTNAME="installer/gnome_flatpaks"
+            FLATPAK_DIR_SHORTNAME="gnome_flatpaks"
           fi
 
-          echo "flatpak-dir-shortname=$(realpath ${FLATPAK_DIR_SHORTNAME})" >> $GITHUB_OUTPUT
+          echo "flatpak-dir-shortname=${FLATPAK_DIR_SHORTNAME}" >> $GITHUB_OUTPUT
 
       # Docker requires lowercase registry references
       - name: Lowercase Registry
@@ -118,17 +120,27 @@ jobs:
           fi
           echo "ref=${ref}" >> $GITHUB_OUTPUT
 
+      - name: Build Container Image
+        run: |
+          BASE_IMAGE="${{ steps.registry_case.outputs.lowercase }}/${{ steps.get-nondeck-ref.outputs.ref }}:${{ steps.generate-tag.outputs.tag }}"
+          INSTALL_IMAGE_PAYLOAD="${{ steps.registry_case.outputs.lowercase }}/${{ matrix.image_name }}:${{ steps.generate-tag.outputs.tag }}"
+          FLATPAK_DIR_SHORTNAME="${{ steps.generate-flatpak-dir-shortname.outputs.flatpak-dir-shortname }}"
+
+          sudo podman build \
+            --cap-add sys_admin \
+            --security-opt label=disable \
+            --build-arg BASE_IMAGE="$BASE_IMAGE" \
+            --build-arg INSTALL_IMAGE_PAYLOAD="$INSTALL_IMAGE_PAYLOAD" \
+            --build-arg FLATPAK_DIR_SHORTNAME="$FLATPAK_DIR_SHORTNAME" \
+            -t localhost/payload:latest installer/
+
       - name: Build ISOs
-        uses: ublue-os/titanoboa@main
+        uses: Zeglius/titanoboa@revamp-pr
         id: build
         with:
-          image-ref: ${{ steps.registry_case.outputs.lowercase }}/${{ steps.get-nondeck-ref.outputs.ref }}:${{ steps.generate-tag.outputs.tag }}
-          container-image: ${{ steps.registry_case.outputs.lowercase }}/${{ matrix.image_name }}:${{ steps.generate-tag.outputs.tag }}
+          image-ref: localhost/payload:latest
           # TODO (@Zeglius): Remove "liveiso" prefix once this becomes the main ISO
           iso-dest: ${{ matrix.image_name }}-${{ steps.generate-tag.outputs.tag }}-live-amd64.iso
-          flatpaks-list: ${{ steps.generate-flatpak-dir-shortname.outputs.flatpak-dir-shortname }}/flatpaks
-          hook-pre-initramfs: ${{ github.workspace }}/installer/titanoboa_hook_preinitramfs.sh
-          hook-post-rootfs: ${{ github.workspace }}/installer/titanoboa_hook_postrootfs.sh
 
       - name: Move ISOs to Upload Directory
         id: upload-directory

installer/Containerfile

@@ -0,0 +1,17 @@
+# run with --cap-add sys_admin --security-opt label=disable
+
+ARG BASE_IMAGE=${BASE_IMAGE:-ghcr.io/ublue-os/bazzite:latest}
+ARG INSTALL_IMAGE_PAYLOAD=${INSTALL_IMAGE_PAYLOAD:-ghcr.io/ublue-os/bazzite:latest}
+ARG FLATPAK_DIR_SHORTNAME=${FLATPAK_DIR_SHORTNAME:-kde_flatpaks}
+
+
+FROM $BASE_IMAGE
+ARG BASE_IMAGE
+ARG INSTALL_IMAGE_PAYLOAD
+ARG FLATPAK_DIR_SHORTNAME
+RUN --mount=type=bind,source=./.,target=/src \
+    env \
+    BASE_IMAGE="$BASE_IMAGE" \
+    INSTALL_IMAGE_PAYLOAD="$INSTALL_IMAGE_PAYLOAD" \
+    FLATPAK_DIR_SHORTNAME="$FLATPAK_DIR_SHORTNAME" \
+    /src/build.sh

installer/build.sh

@@ -0,0 +1,90 @@
+#!/usr/bin/bash
+# Ref: https://github.com/ondrejbudai/bootc-isos/blob/3b3a185e4a57947f57baf53d2be5aee469274f98/bazzite/src/build.sh
+
+set -exo pipefail
+
+{ export PS4='+( ${BASH_SOURCE}:${LINENO} ): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'; } 2>/dev/null
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+BASE_IMAGE=${BASE_IMAGE:?}
+INSTALL_IMAGE_PAYLOAD=${INSTALL_IMAGE_PAYLOAD:?}
+FLATPAK_DIR_SHORTNAME=${FLATPAK_DIR_SHORTNAME:?}
+
+# Create the directory that /root is symlinked to
+mkdir -p "$(realpath /root)"
+
+# bwrap tries to write /proc/sys/user/max_user_namespaces which is mounted as ro
+# so we need to remount it as rw
+mount -o remount,rw /proc/sys
+
+# Install flatpaks
+curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo
+xargs -r flatpak install -y --noninteractive <"/src/$FLATPAK_DIR_SHORTNAME/flatpaks"
+
+# Pull the container image to be installed
+podman pull "$INSTALL_IMAGE_PAYLOAD"
+
+# Run the preinitramfs hook
+"$SCRIPT_DIR/titanoboa_hook_preinitramfs.sh"
+
+# Install dracut-live and regenerate the initramfs
+dnf install -y dracut-live
+kernel=$(kernel-install list --json pretty | jq -r '.[] | select(.has_kernel == true) | .version')
+DRACUT_NO_XATTR=1 dracut -v --force --zstd --reproducible --no-hostonly \
+    --add "dmsquash-live dmsquash-live-autooverlay" \
+    "/usr/lib/modules/${kernel}/initramfs.img" "${kernel}"
+
+# Install livesys-scripts and configure them
+dnf install -y livesys-scripts
+if [[ ${BASE_IMAGE} == *-gnome* ]]; then
+    sed -i "s/^livesys_session=.*/livesys_session=gnome/" /etc/sysconfig/livesys
+else
+    sed -i "s/^livesys_session=.*/livesys_session=kde/" /etc/sysconfig/livesys
+fi
+systemctl enable livesys.service livesys-late.service
+
+# Run the postrootfs hook
+"$SCRIPT_DIR/titanoboa_hook_postrootfs.sh"
+
+# image-builder needs gcdx64.efi
+dnf install -y grub2-efi-x64-cdboot
+
+# image-builder expects the EFI directory to be in /boot/efi
+mkdir -p /boot/efi
+cp -av /usr/lib/efi/*/*/EFI /boot/efi/
+
+# Remove fallback efi
+cp -v /boot/efi/EFI/fedora/grubx64.efi /boot/efi/EFI/BOOT/fbx64.efi # NOTE: remove this line if breaks bootloader
+
+# Set the timezone to UTC
+rm -f /etc/localtime
+systemd-firstboot --timezone UTC
+
+# / in a booted live ISO is an overlayfs with upperdir pointed somewhere under /run
+# This means that /var/tmp is also technically under /run.
+# /run is of course a tmpfs, but set with quite a small size.
+# ostree needs quite a lot of space on /var/tmp for temporary files so /run is not enough.
+# Mount a larger tmpfs to /var/tmp at boot time to avoid this issue.
+rm -rf /var/tmp
+mkdir /var/tmp
+cat >/etc/systemd/system/var-tmp.mount <<'EOF'
+[Unit]
+Description=Larger tmpfs for /var/tmp on live system
+
+[Mount]
+What=tmpfs
+Where=/var/tmp
+Type=tmpfs
+Options=size=50%%,nr_inodes=1m,x-systemd.graceful-option=usrquota
+
+[Install]
+WantedBy=local-fs.target
+EOF
+systemctl enable var-tmp.mount
+
+# Copy in the iso config for image-builder
+mkdir -p /usr/lib/bootc-image-builder
+cp /src/iso.yaml /usr/lib/bootc-image-builder/iso.yaml
+
+# Clean up dnf cache to save space
+dnf clean all

installer/iso.yaml

@@ -0,0 +1,7 @@
+label: "Bazzite-Live"
+grub2:
+  timeout: 3
+  entries:
+    - name: "Launch Bazzite Installer"
+      linux: "/images/pxeboot/vmlinuz quiet rhgb root=live:CDLABEL=Bazzite-Live enforcing=0 rd.live.image"
+      initrd: "/images/pxeboot/initrd.img"