How to build custom Linux image

kjh1004 · August 27, 2021, 10:07am

Hi guys. I want to build custom Gentoo image, one based on hardened+nomultilib stage, and another one based on hardened+nomultilib+selinux stage. I’m going to setup own binary package server on Gentoo in the LXD container for my server.

I have following questions:

Is it a good idea to run SELinux inside container or is it a better idea to use virtual machine?
Is it possible to tell distrobuilder to download hardened+nomultilib stage instead of normal one?
What do you think about manually setting up chroot and packing LXD image using distrobuilder?
Is LXD compatible with SELinux? I’m not sure if I can use SELinux on production server using LXD as a container technology.

toby63 · August 27, 2021, 1:38pm

You might take a look at the example template here: lxc-ci/gentoo.yaml at master · lxc/lxc-ci · GitHub

As mentioned here: GitHub - lxc/distrobuilder: System container image builder for LXC and LXD

kjh1004 · August 27, 2021, 1:43pm

I tried to look at the example config but I literally have no idea how to force gentoo-http downloader to download stage3-amd64-hardened-nomultilib-openrc-20210822T170550Z.tar.xz image instead of stage3-amd64-20210630T214504Z.tar.xz.

$ sudo distrobuilder build-lxd gentoo.yaml                                                                                                                             
^Cmp/gentoo--amd64/stage3-amd64-20210630T214504Z.tar.xz: 4% (2.65MB/s)

toby63 · August 27, 2021, 2:04pm

Interesting.

According to distrobuilder/scheme.yaml at master · lxc/distrobuilder · GitHub it should be possible to specify more about the used image.

But in the gentoo.yaml it just states:

image:
  distribution: gentoo

Maybe try to modify that.

Otherwise it might also be possible to switch to the desired version inside the distro itself.
For example by setting the right repos (/etc/portage/repos.conf - Gentoo Wiki) and installing the right packages.

toby63 · August 27, 2021, 2:15pm

Just looked at the source code: distrobuilder/gentoo.go at master · lxc/distrobuilder · GitHub

@stgraber @monstermunchkin Do I read correctly that the regular stage3 image is hardcoded?

So it only varies according to architecture.

@kjh1004 would like to use a different image: current-stage3-amd64-hardened-nomultilib-openrc/

stgraber · August 27, 2021, 4:33pm

That would need a change to the source plugin to allow for that to be configurable.

monstermunchkin · September 13, 2021, 12:21pm

Once this PR is merged, you can use source.variant for whatever you want, not just systemd.