Skip to content

feat: add Arch Linux base images (grub, uki, uki-secureboot)#5

Merged
henrywang merged 1 commit into
mainfrom
arch
Jun 3, 2026
Merged

feat: add Arch Linux base images (grub, uki, uki-secureboot)#5
henrywang merged 1 commit into
mainfrom
arch

Conversation

@henrywang
Copy link
Copy Markdown
Owner

@henrywang henrywang commented Jun 3, 2026

Bootstrap a minimal Arch rootfs via pacman --root /rootfs (avoids pacstrap's chroot mounts which are unavailable in non-privileged builds), build the initramfs with dracut --sysroot, and produce three FROM-scratch targets mirroring the Fedora and Ubuntu pattern.

Key implementation notes:

  • pacman -r skips backup files (pacman.conf, mirrorlist) that already exist on the build host; copy them explicitly before installing
  • Keyring refreshed post-install from the newly-downloaded archlinux-keyring package so derivative image builds can verify all current developer keys
  • mkinitcpio hooks masked in /rootfs before kernel install to prevent mkinitcpio from running in the builder container
  • Arch kernel lands at /boot/vmlinuz-linux (not /boot/vmlinuz-$KVER); copied to /usr/lib/modules/$KVER/vmlinuz after dracut
  • GRUB+Secure Boot not supported: shim-signed is AUR-only
  • All stage-2 pacman calls use -Syu to prevent partial-upgrade failures when Docker layer cache is reused across builds
  • KVER emptiness guard added before dracut invocation
  • ci-arch-uki auto-detects OVMF_VARS.fd for local UKI testing

Adds justfile build/e2e/ci recipes and CI jobs (e2e-arch, container push) following the same structure as Ubuntu.

@henrywang
feat: add Arch Linux base images (grub, uki, uki-secureboot)
e82d655 
Bootstrap a minimal Arch rootfs via `pacman --root /rootfs` (avoids
pacstrap's chroot mounts which are unavailable in non-privileged builds),
build the initramfs with `dracut --sysroot`, and produce three FROM-scratch
targets mirroring the Fedora and Ubuntu pattern.

Key implementation notes:
- pacman -r skips backup files (pacman.conf, mirrorlist) that already
  exist on the build host; copy them explicitly before installing
- Keyring refreshed post-install from the newly-downloaded archlinux-keyring
  package so derivative image builds can verify all current developer keys
- mkinitcpio hooks masked in /rootfs before kernel install to prevent
  mkinitcpio from running in the builder container
- Arch kernel lands at /boot/vmlinuz-linux (not /boot/vmlinuz-$KVER);
  copied to /usr/lib/modules/$KVER/vmlinuz after dracut
- GRUB+Secure Boot not supported: shim-signed is AUR-only
- All stage-2 pacman calls use -Syu to prevent partial-upgrade failures
  when Docker layer cache is reused across builds
- KVER emptiness guard added before dracut invocation
- ci-arch-uki auto-detects OVMF_VARS.fd for local UKI testing

Adds justfile build/e2e/ci recipes and CI jobs (e2e-arch, container push)
following the same structure as Ubuntu.
@henrywang henrywang merged commit 925c29d into main Jun 3, 2026
4 checks passed
@henrywang henrywang deleted the arch branch June 3, 2026 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@henrywang