This repository is meant to be used to learn and test various ublue builds.
Beware, this repository can at any time disapair or break.
Rebase from an Fedora Atomic distribution:
rpm-ostree rebase ostree-unverified-registry:ghcr.io/yardquit/apprendo:latest
Restart your system for the changes take effect:
systemctl reboot
Rebase from unsigned to signed:
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/yardquit/apprendo:latest
Restart your system for the changes take effect:
systemctl reboot
Rebase from an ublue atomic distribution:
sudo bootc switch --enforce-container-sigpolicy ghcr.io/yardquit/apprendo:latest
Restart your system for the changes take effect:
systemctl reboot
You can use your YubiKey as an additional factor of sudo authentication.
YubiKey Registration: Follow the below instructions to complete the registration process.
# Insert your YubiKey into a compatible USB port on your computer.
ykpamcfg -2
Ensure that YubiKey support is enabled and functional in your system settings.
sudo echo "Testing sudo with YubiKey"
Once your YubiKey is registered and supported by your system, you can use it to access the sudo command.
Enabling and Installing fapolicyd for Enhanced Security
To secure your system, follow these steps to install, enable, and start fapolicyd.
Use the following command to install fapolicyd, its SELinux module, and a plugin for rpm-ostree.
rpm-ostree install fapolicyd fapolicyd-selinux rpm-plugin-fapolicyd
Restart your system for the changes take effect:
systemctl reboot
Configure the fapolicyd to allow repository packages, else fapolicyd will allow everything.
sudo sed -i 's/integrity = none/integrity = sha256/g' /etc/fapolicyd/fapolicyd.conf
Configure the fapolicyd service to start automatically on boot and enable it immediately.
sudo systemctl enable --now fapolicyd.service