We are bringing UKI and strong boot integrity guarantees with composefs to Bootable Containers. We demonstrated our latest progress on that front at DevConf.cz 2025: https://pretalx.devconf.info/devconf-cz-2025/talk/739KGC/

#Fedora #BootableContainers #bootc #UKI #composefs

UKIs and composefs support for Bootable Containers DevConf.CZ 2025

Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guarenteeing that every byte of every file is verified on load. This is done, similar to Git, using only hashes. This means that the signature on the UKI effectively signs the whole tree. With composefs, file content is split from the metadata which enables de-duplication at the file level. We can thus host any number of OS images on a single filesystem and there is no need to reserve space on the system in advance for each image. This frees us from fixed size disk image formats such as dm-verity which is used in a lot of image based systems. We illustrate this architecture by building an OS image using an OCI container via the familiar Containerfile syntax, then pushing it to a container registry and finally deploying it on a system. We will also explain how this will be integrated with the Bootable Containers project (bootc).

Sean tells us about bootable containers and asks for our opinions on how he plans to use them with Kubernetes.

https://hybridcloudshow.com/hcs30/

#podcast #cloud #PlatformEngineering #bootablecontainers

Hybrid Cloud Show – Episode 30 – Hybrid Cloud Show

You can thank `bootc`, `/usr/lib/bootc/kargs.d/`, and @fiftydinar for your new ability to include kargs in your native container image.

Just make sure to update with `bootc` instead of `rpm-ostree`.

Check it out!

https://blue-build.org/reference/modules/kargs/

#BlueBuild #FedoraAtomic #Containers #OCI #Fedora #imagebased #bootc #BootableContainers

kargs

The kargs module injects kernel arguments into the image.

BlueBuild
Ah yes, nothing screams productivity like spending countless hours installing 53 different panels and 27 docks just to make your terminal look like a circa-2001 GeoCities page. 😎 Meanwhile, your bootable containers are out there actually doing *real work,* but sure, let's focus on choosing *the perfect shade of blue* for your desktop. 🖌️
https://blues.win/posts/joy-of-linux-theming/ #productivitydesign #terminalcustomization #bootablecontainers #retroaesthetics #techhumor #HackerNews #ngated
The Joy of Linux Theming in the Age of Bootable Containers

Having spent a couple of decades in the Linux world, I have always had an interest in Linux desktop environments and how they are themed. I would often come across a post on /r/unixporn that inspired me to try to customize the look and feel of my desktop environment. So I would install Xfce, LXQt or Sway and try to recreate components that I like from other users or create my own. I would end up installing different kinds of panels, plugins, docks and launchers as well as random themes, fonts and sounds.

Winblues

With Allison, I presented at FOSDEM how we can combine UKI, composefs and containers to build a fully signed boot chain. The slides and the recording are now available: https://fosdem.org/2025/schedule/event/fosdem-2025-5191--signed-sealed-and-delivered-with-ukis-and-composefs/

This is how we are planning to bring boot chain integrity to Bootable Containers.

This is a follow up on the initial work that we presented last year at @allsystemsgo: https://cfp.all-systems-go.io/all-systems-go-2024/talk/HVEZQQ/

#BootableContainers #bootc #Fedora #CoreOS #AtomicDesktpos #FedoraCoreOS #FOSDEM #FOSDEM2025

FOSDEM 2025 -

There's a big new update to the BlueBuild CLI, with some real nice DX upgrades. Thanks @gmpinder 💙

Make sure to read our release blog for a full list of features; and breaking changes!

https://blue-build.org/blog/v090-features-changes/

#BlueBuild #FedoraAtomic #Containers #OCI #UniversalBlue #Fedora #ImageBased #BootableContainers #Linux #OpenSource #CloudNative #uBlue

New CLI Features & Breaking Changes — v0.9.0

Stay up-to-date on new CLI features and breaking changes related to custom modules.

BlueBuild
bootc: Generating an ecosystem around bootable OCI containers

media.ccc.de
Bootc: Getting Started with Bootable Containers

YouTube

@Eeyore_Syndrome @LinuxRenaissance

To be more precise, the updates are #atomic, while most of the system is #immutable, that is a term with a certain meaning in programming languages but people not used to it think "can't be modified".

BTW the new term (specific to the current #FedoraAtomic / #CoreOS) may be #BootableContainers when they will migrate to #bootc and I think it makes very clear to many people that it brings all the advantages of the OCI ecosystem

I will definitely be taking a look at the new #ImageMode deployment method Red Hat announced yesterday during Summit. It has potential for some really cool applications and deployment cases. I'm thinking of spending some time this weekend messing around with generating @centos and @fedora images!

https://fedoramagazine.org/get-involved-with-fedora-bootable-containers/

https://developers.redhat.com/products/rhel-image-mode/overview?intcmp=7015Y000003t8u8QAA

#RedHat #RedHatSummit #RedHatEnterpriseLinux #RHEL #Containers #BootableContainers #Cloud #HybridCloid #BareMetal #BootC #CentOS #Fedora

Get Involved with Fedora Bootable Containers - Fedora Magazine

Bootable containers make it much simpler to create and collaborate on image-based Fedora systems. Here's how you can get involved.

Fedora Magazine