Skip to content

YardQuit/apprendo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Universal Blue Custom Image

universal-blue.org

Purpose

This repository is meant to be used to learn and test various ublue builds.
Beware, this repository can at any time disapair or break.

Install

rpm-ostree rebase

Rebase from an Fedora Atomic distribution:

rpm-ostree rebase ostree-unverified-registry:ghcr.io/yardquit/apprendo:latest

Restart your system for the changes take effect:

systemctl reboot

Rebase from unsigned to signed:

rpm-ostree rebase ostree-image-signed:docker://ghcr.io/yardquit/apprendo:latest

Restart your system for the changes take effect:

systemctl reboot

bootc switch

Rebase from an ublue atomic distribution:

sudo bootc switch --enforce-container-sigpolicy ghcr.io/yardquit/apprendo:latest

Restart your system for the changes take effect:

systemctl reboot

Post Installs

1. YubiKey

You can use your YubiKey as an additional factor of sudo authentication.
YubiKey Registration: Follow the below instructions to complete the registration process.

# Insert your YubiKey into a compatible USB port on your computer.
ykpamcfg -2

Ensure that YubiKey support is enabled and functional in your system settings.

sudo echo "Testing sudo with YubiKey"

Once your YubiKey is registered and supported by your system, you can use it to access the sudo command.

2. fapolicyd

Enabling and Installing fapolicyd for Enhanced Security

To secure your system, follow these steps to install, enable, and start fapolicyd.

Use the following command to install fapolicyd, its SELinux module, and a plugin for rpm-ostree.

rpm-ostree install fapolicyd fapolicyd-selinux rpm-plugin-fapolicyd

Restart your system for the changes take effect:

systemctl reboot

Configure the fapolicyd to allow repository packages, else fapolicyd will allow everything.

sudo sed -i 's/integrity = none/integrity = sha256/g' /etc/fapolicyd/fapolicyd.conf

Configure the fapolicyd service to start automatically on boot and enable it immediately.

sudo systemctl enable --now fapolicyd.service

About

personal customized universal blue image

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages