Initial import of descriptions

Fedora-Linux.kiwi

@@ -0,0 +1 @@
+config.xml

README.md

@@ -6,6 +6,23 @@ The `rawhide` branch is used for Fedora Rawhide images and each release branch i
 
 All changes should be made via the PR workflow.
 
+## Image variants
+
+* Cloud Edition (image type: `oem`, image profiles: `Cloud-OpenStack`/`Cloud-AmazonEC2`/`Cloud-Azure`/`Cloud-GCE`)
+* Workstation Edition (image type: `iso`, image profiles: `Workstation-Live`)
+* KDE Spin (image type: `iso`, image profiles: `KDE-Live`)
+
+## Image build quickstart
+
+Set up your development environment and run the image build (substitute `<image_type>` and `<image_profile>` for the appropriate settings):
+
+```bash
+# Install kiwi
+[]$ sudo dnf --assumeyes install kiwi
+# Run the image build
+[]$ sudo ./kiwi-build --image-type=<image_type> --image-profile=<image_profile> --output-dir ./outdir
+```
+
 ## Licensing
 
 This is free software: you can redistribute it and/or modify

components/boot.xml

@@ -0,0 +1,22 @@
+<image>
+	<profiles>
+		<profile name="BootCore" description="Boot core packages"/>
+	</profiles>
+	<packages type="image" patternType="plusRecommended" profiles="BootCore">
+		<package name="grub2-efi-aa64" arch="aarch64"/>
+		<package name="grub2-efi-aa64-modules" arch="aarch64"/>
+		<package name="grub2-efi-x64" arch="x86_64"/>
+		<package name="grub2-efi-x64-modules" arch="x86_64"/>
+		<package name="grub2-pc" arch="x86_64"/>
+		<package name="grub2-pc-modules" arch="x86_64"/>
+		<package name="shim-signed-aa64" arch="aarch64"/>
+		<package name="shim-signed-x64" arch="x86_64"/>
+		<package name="kernel-core"/>
+		<package name="systemd-oomd-defaults"/>
+		<package name="systemd-resolved"/>
+	</packages>
+	<packages type="iso" patternType="plusRecommended" profiles="BootCore">
+		<package name="grub2-efi-aa64-cdboot" arch="aarch64"/>
+		<package name="grub2-efi-x64-cdboot" arch="x86_64"/>
+	</packages>
+</image>

components/desktop-environments.xml

@@ -0,0 +1,37 @@
+<image>
+	<profiles>
+		<profile name="DesktopCommon" description="Common desktop packages"/>
+		<profile name="GNOME-Desktop" description="GNOME Desktop">
+			<requires profile="DesktopCommon"/>
+		</profile>
+		<profile name="KDE-Desktop" description="KDE Plasma Desktop">
+			<requires profile="DesktopCommon"/>
+		</profile>
+	</profiles>
+	<packages type="image" patternType="plusRecommended" profiles="DesktopCommon">
+		<namedCollection name="internet-browser"/>
+		<namedCollection name="fonts"/>
+		<namedCollection name="multimedia"/>
+		<namedCollection name="networkmanager-submodules"/>
+		<namedCollection name="office-suite"/>
+		<namedCollection name="hardware-support"/>
+		<namedCollection name="print-client"/>
+		<namedCollection name="guest-desktop-agents"/>
+		<namedCollection name="standard"/>
+	</packages>
+	<packages type="image" patternType="plusRecommended" profiles="GNOME-Desktop">
+		<namedCollection name="workstation-product-environment"/>
+		<package name="fedora-release-workstation"/>
+	</packages>
+	<packages type="image" patternType="plusRecommended" profiles="KDE-Desktop">
+		<namedCollection name="kde-desktop-environment"/>
+		<namedCollection name="kde-apps"/>
+		<namedCollection name="kde-media"/>
+		<package name="fuse"/>
+		<package name="fedora-release-kde"/>
+		<package name="kde-l10n"/>
+		<ignore name="@admin-tools"/>
+		<ignore name="gnome-disk-utility"/>
+		<ignore name="system-config-printer"/>
+	</packages>
+</image>

components/liveinstall.xml

@@ -0,0 +1,30 @@
+<image>
+	<profiles>
+		<profile name="LiveInstall" description="Live Install ISO">
+			<requires profile="BootCore"/>
+		</profile>
+	</profiles>
+	<preferences profiles="LiveInstall">
+		<type image="iso" publisher="Fedora Project" volid="Fedora_Linux" primary="true" flags="dmsquash" firmware="uefi" kernelcmdline="quiet rhgb" mediacheck="false">
+			<bootloader name="grub2" grub_template="grub.cfg.iso-template" console="console" timeout="10"/>
+		</type>
+	</preferences>
+	<packages type="iso" patternType="plusRecommended" profiles="LiveInstall">
+		<!-- The point of a live image is to install -->
+		<namedCollection name="anaconda-tools"/>
+		<package name="anaconda"/>
+		<package name="anaconda-install-env-deps"/>
+		<package name="anaconda-live"/>
+		<!-- Need this for SVG release note images -->
+		<package name="aajohan-comfortaa-fonts"/>
+		<package name="dracut-live"/>
+		<package name="glibc-all-langpacks"/>
+		<package name="kernel"/>
+		<package name="kernel-modules"/>
+		<package name="kernel-modules-extra"/>
+		<package name="livesys-scripts"/>
+		<package name="btrfs-progs"/>
+		<package name="udisks2-btrfs"/>
+		<ignore name="gfs2-utils"/>
+	</packages>
+</image>

components/users.xml

@@ -0,0 +1,6 @@
+<image>
+	<users profiles="Cloud-Azure,Cloud-AmazonEC2,Cloud-GCE,Cloud-OpenStack,LiveInstall">
+		<!-- The password here does not matter, it will be erased in config.sh -->
+		<user name="root" groups="root" password="linux" home="/root" pwdformat="plain" />
+	</users>
+</image>

config.sh

@@ -0,0 +1,121 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+#======================================
+# Functions...
+#--------------------------------------
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+#======================================
+# Greeting...
+#--------------------------------------
+echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
+
+#======================================
+# Set SELinux booleans
+#--------------------------------------
+## Fixes KDE Plasma, see rhbz#2058657
+setsebool -P selinuxuser_execmod 1
+
+#======================================
+# Clear machine specific configuration
+#--------------------------------------
+## Clear machine-id on pre generated images
+rm -f /etc/machine-id
+echo 'uninitialized' > /etc/machine-id
+## remove random seed, the newly installed instance should make its own
+rm -f /var/lib/systemd/random-seed
+
+#======================================
+# Configure grub correctly
+#--------------------------------------
+## Works around issues with grub-bls
+## See: https://github.com/OSInside/kiwi/issues/2198
+echo "GRUB_DEFAULT=saved" >> /etc/default/grub
+## Disable submenus to match Fedora
+echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
+## Disable recovery entries to match Fedora
+echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
+
+#======================================
+# Delete & lock the root user password
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"Cloud"* ]] || [[ "$kiwi_profiles" == *"Live"* ]]; then
+	passwd -d root
+	passwd -l root
+fi
+
+#======================================
+# Setup default services
+#--------------------------------------
+
+if [[ "$kiwi_profiles" == *"Live"* ]]; then
+	## Configure livesys session
+	if [[ "$kiwi_profiles" == *"GNOME"* ]]; then
+		echo 'livesys_session="gnome"' > /etc/sysconfig/livesys
+	fi
+	if [[ "$kiwi_profiles" == *"KDE"* ]]; then
+		echo 'livesys_session="kde"' > /etc/sysconfig/livesys
+	fi
+fi
+
+#======================================
+# Setup default target
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then
+	systemctl set-default graphical.target
+else
+	systemctl set-default multi-user.target
+fi
+
+#======================================
+# Setup default customizations
+#--------------------------------------
+
+if [[ "$kiwi_profiles" == *"Azure"* ]]; then
+cat > /etc/ssh/sshd_config.d/50-client-alive-interval.conf << EOF
+ClientAliveInterval 120
+EOF
+
+cat >> /etc/chrony.conf << EOF
+# Azure's virtual time source:
+# https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
+refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0
+EOF
+fi
+
+if [[ "$kiwi_profiles" == *"GCE"* ]]; then
+cat <<EOF > /etc/NetworkManager/conf.d/gcp-mtu.conf
+# In GCP it is recommended to use 1460 as the MTU.
+# Set it to 1460 for all connections.
+# https://cloud.google.com/network-connectivity/docs/vpn/concepts/mtu-considerations
+[connection]
+ethernet.mtu = 1460
+EOF
+fi
+
+if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
+sed -e 's/.*UseDNS.*/UseDNS no/' -i /etc/ssh/sshd_config
+mkdir -m 0700 -p ~vagrant/.ssh
+cat > ~vagrant/.ssh/authorized_keys << EOKEYS
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+EOKEYS
+chmod 600 ~vagrant/.ssh/authorized_keys
+chown -R vagrant:vagrant ~vagrant/.ssh/
+
+cat > /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf <<EOF
+# For now the vagrant insecure key is an rsa key
+# https://github.com/hashicorp/vagrant/issues/11783
+PubkeyAcceptedKeyTypes=+ssh-rsa
+EOF
+
+# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
+mkdir -m 0700 -p /root/.ssh
+cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
+chmod 600 /root/.ssh/authorized_keys
+chown -R root:root /root/.ssh
+fi
+
+exit 0

config.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<image schemaversion="7.4" name="Fedora-Linux">
+	<description type="system">
+		<author>Fedora Project Contributors</author>
+		<contact>devel@lists.fedoraproject.org</contact>
+		<specification>Fedora Linux</specification>
+	</description>
+	<preferences>
+		<version>0.0.0</version>
+		<packagemanager>dnf</packagemanager>
+		<locale>en_US</locale>
+		<keytable>us</keytable>
+		<timezone>UTC</timezone>
+		<release-version>rawhide</release-version>
+	</preferences>
+	<include from="this://./repositories/core.xml"/>
+	<include from="this://./components/boot.xml"/>
+	<include from="this://./components/desktop-environments.xml"/>
+	<include from="this://./components/liveinstall.xml"/>
+	<include from="this://./components/users.xml"/>
+	<include from="this://./platforms/cloud.xml"/>
+	<include from="this://./platforms/vagrant.xml"/>
+	<include from="this://./platforms/workstation.xml"/>
+	<packages type="bootstrap">
+		<package name="basesystem"/>
+		<package name="filesystem"/>
+	</packages>
+</image>

grub.cfg.iso-template

@@ -0,0 +1,44 @@
+# Inspired by the config used for lorax-built live media
+
+set default=${default_boot}
+
+if [ "$$grub_platform" == "efi" ]; then
+	function load_video {
+		insmod efi_gop
+		insmod efi_uga
+		insmod video_bochs
+		insmod video_cirrus
+		insmod all_video
+	}
+	set basicgfx="nomodeset"
+else
+	function load_video {
+		insmod all_video
+	}
+	set basicgfx="nomodeset vga=791"
+fi
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+terminal_input console
+terminal_output ${terminal_setup}
+
+set timeout=${boot_timeout}
+set timeout_style=${boot_timeout_style}
+
+search ${search_params}
+
+menuentry "Start ${title}" --class fedora --class gnu-linux --class gnu --class os {
+	linux ($$root)${bootpath}/${kernel_file} ${boot_options}
+	initrd ($$root)${bootpath}/${initrd_file}
+}
+submenu "Troubleshooting -->" {
+	menuentry "Start ${title} in basic graphics mode" --class fedora --class gnu-linux --class gnu --class os {
+		linux ($$root)${bootpath}/${kernel_file} ${boot_options} $${basicgfx}
+		initrd ($$root)${bootpath}/${initrd_file}
+	}
+}

kiwi-build

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# Simple wrapper to call kiwi properly for image builds
+# Author: Neal Gompa <ngompa@fedoraproject.org>
+
+set -eu -o pipefail
+
+kiwibuildsh="$(basename "$0")"
+
+usage() {
+	echo >&2 "usage: $kiwibuildsh --output-dir=DIR --image-type=TYPE --image-profile=PROFILE [--debug]"
+	echo >&2 "   eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud --debug"
+	echo >&2 "   eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud"
+	exit 255
+}
+
+optTemp=$(getopt --options '+o:,t:,p:,d,h' --longoptions 'output-dir:,image-type:,image-profile:,debug,help' --name "$kiwibuildsh" -- "$@")
+eval set -- "$optTemp"
+unset optTemp
+
+output_dir=
+image_type=
+image_profile=
+debug=
+
+while true; do
+	case "$1" in
+		-o|--output-dir) output_dir="$2" ; shift 2 ;;
+		-t|--image-type) image_type="$2" ; shift 2 ;;
+		-p|--image-profile) image_profile="$2" ; shift 2 ;;
+		-d|--debug) debug="--debug" ; shift ;;
+		-h|--help) usage ;;
+		--) shift ; break ;;
+	esac
+done
+
+if [ -z "$output_dir" ] || [ -z "$image_type" ] || [ -z "$image_profile" ]; then
+	echo "Options not set!"
+	usage
+fi
+
+if [ -e "/sys/fs/selinux/enforce" ]; then
+	# Disable SELinux enforcement during the image build if it's enforcing
+	selinux_enforcing="$(cat /sys/fs/selinux/enforce)"
+	if [ "$selinux_enforcing" = "1" ]; then
+		setenforce 0
+	fi
+fi
+
+pushd kiwi-desc
+	set +e
+	kiwi-ng ${debug} --type="${image_type}" --profile="${image_profile}" --color-output system build --description "./" --target-dir "${output_dir}"
+	kiwi_status=$?
+	set -e
+popd
+
+if [ -e "/sys/fs/selinux/enforce" ]; then
+	# Re-enable SELinux enforcement now that image build is done
+	if [ "$selinux_enforcing" = "1" ]; then
+		setenforce 1
+	fi
+fi
+
+exit $kiwi_status

platforms/cloud.xml

@@ -0,0 +1,101 @@
+<image>
+	<profiles>
+		<profile name="CloudCore" description="Cloud spin core packages">
+			<requires profile="BootCore"/>
+		</profile>
+		<profile name="Cloud-Azure" description="Azure Guest Image">
+			<requires profile="CloudCore"/>
+		</profile>
+		<profile name="Cloud-AmazonEC2" description="Amazon EC2 HVM Guest Image">
+			<requires profile="CloudCore"/>
+		</profile>
+		<profile name="Cloud-GCE" description="GCE Guest Image">
+			<requires profile="CloudCore"/>
+		</profile>
+		<profile name="Cloud-OpenStack" description="OpenStack Guest Image">
+			<requires profile="CloudCore"/>
+		</profile>
+	</profiles>
+	<preferences profiles="Cloud-Azure">
+		<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" devicepersistency="by-uuid" formatoptions="force_size" format="vhd-fixed" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
+			<bootloader name="grub2" console="serial" timeout="0"/>
+			<systemdisk>
+				<volume name="@root=root"/>
+				<volume name="home" parent="/"/>
+				<volume name="var" parent="/"/>
+			</systemdisk>
+			<size unit="G">5</size>
+			<oemconfig>
+				<oem-resize>false</oem-resize>
+			</oemconfig>
+		</type>
+	</preferences>
+	<preferences profiles="Cloud-AmazonEC2">
+		<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
+			<bootloader name="grub2" timeout="0"/>
+			<size unit="G">5</size>
+			<systemdisk>
+				<volume name="@root=root"/>
+				<volume name="home" parent="/"/>
+				<volume name="var" parent="/"/>
+			</systemdisk>
+			<oemconfig>
+				<oem-resize>false</oem-resize>
+			</oemconfig>
+		</type>
+	</preferences>
+	<preferences profiles="Cloud-GCE">
+		<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=ttyS0,38400n8d" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" format="gce" firmware="uefi" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
+			<bootloader name="grub2" timeout="0"/>
+			<size unit="G">5</size>
+			<systemdisk>
+				<volume name="@root=root"/>
+				<volume name="home" parent="/"/>
+				<volume name="var" parent="/"/>
+			</systemdisk>
+			<oemconfig>
+				<oem-resize>false</oem-resize>
+			</oemconfig>
+		</type>
+	</preferences>
+	<preferences profiles="Cloud-OpenStack">
+		<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" format="qcow2" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
+			<bootloader name="grub2" timeout="0"/>
+			<size unit="G">5</size>
+			<systemdisk>
+				<volume name="@root=root"/>
+				<volume name="home" parent="/"/>
+				<volume name="var" parent="/"/>
+			</systemdisk>
+			<oemconfig>
+				<oem-resize>false</oem-resize>
+			</oemconfig>
+		</type>
+	</preferences>
+	<packages type="image" patternType="plusRecommended" profiles="CloudCore">
+		<namedCollection name="cloud-server-environment"/>
+		<ignore name="dracut-config-rescue"/>
+		<ignore name="firewalld"/>
+		<ignore name="kernel"/>
+		<ignore name="*-firmware"/>
+		<ignore name="geolite2-city"/>
+		<ignore name="geolite2-country"/>
+		<ignore name="plymouth"/>
+		<package name="python3-dnf-plugin-tracer"/>
+		<package name="glibc-langpack-en"/>
+	</packages>
+	<packages type="image" patternType="plusRecommended" profiles="Cloud-Azure">
+		<package name="WALinuxAgent"/>
+	</packages>
+	<packages type="image" patternType="plusRecommended" profiles="Cloud-GCE">
+		<package name="google-compute-engine-guest-configs"/>
+		<package name="google-compute-engine-oslogin"/>
+		<package name="google-guest-agent"/>
+	</packages>
+	<packages type="image" patternType="plusRecommended" profiles="Cloud-OpenStack">
+		<package name="qemu-guest-agent"/>
+	</packages>
+	<packages type="uninstall" profiles="Cloud-GCE">
+		<package name="cloud-init"/>
+	</packages>
+</image>

platforms/vagrant.xml

@@ -0,0 +1,34 @@
+<image>
+	<profiles>
+		<profile name="Vagrant" description="Vagrant guest image">
+			<requires profile="CloudCore"/>
+		</profile>
+	</profiles>
+	<preferences profiles="Vagrant">
+		<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" format="vagrant" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
+			<bootloader name="grub2" console="serial" timeout="1"/>
+			<size unit="G">5</size>
+			<systemdisk>
+				<volume name="@root=root"/>
+				<volume name="home" parent="/"/>
+				<volume name="var" parent="/"/>
+			</systemdisk>
+			<oemconfig>
+				<oem-resize>false</oem-resize>
+			</oemconfig>
+		</type>
+	</preferences>
+	<users profiles="Vagrant">
+		<!-- Standard password for the vagrant user, used by all images -->
+		<user name="vagrant" groups="vagrant" password="vagrant" home="/home/vagrant" pwdformat="plain" />
+		<user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/root" name="root" groups="root"/>
+	</users>
+	<packages type="image" patternType="plusRecommended" profiles="Vagrant">
+		<package name="dnf-yum"/>
+		<package name="rsync"/>
+		<package name="fuse-sshfs"/>
+		<package name="gdisk"/>
+		<package name="glibc-langpack-en"/>
+		<package name="qemu-guest-agent"/>
+	</packages>
+</image>

platforms/workstation.xml

@@ -0,0 +1,12 @@
+<image>
+	<profiles>
+		<profile name="Workstation-Live" description="Workstation Edition Live DVD">
+			<requires profile="GNOME-Desktop"/>
+			<requires profile="LiveInstall"/>
+		</profile>
+		<profile name="KDE-Live" description="KDE Plasma Spin Live DVD">
+			<requires profile="KDE-Desktop"/>
+			<requires profile="LiveInstall"/>
+		</profile>
+	</profiles>
+</image>

repositories/core-nonrawhide.xml

@@ -0,0 +1,12 @@
+<image>
+	<repository type="rpm-md" alias="fedora" sourcetype="metalink">
+		<source path="https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&amp;arch=$basearch">
+			<signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary"/>
+		</source>
+	</repository>
+        <repository type="rpm-md" alias="updates" sourcetype="metalink">
+                <source path="https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&amp;arch=$basearch">
+                        <signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary"/>
+                </source>
+        </repository>
+</image>

repositories/core-rawhide.xml

@@ -0,0 +1,7 @@
+<image>
+	<repository type="rpm-md" alias="rawhide" sourcetype="metalink">
+		<source path="https://mirrors.fedoraproject.org/metalink?repo=rawhide&amp;arch=$basearch">
+			<signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-rawhide-primary"/>
+		</source>
+	</repository>
+</image>

repositories/core.xml

@@ -0,0 +1 @@
+core-rawhide.xml

root/etc/fstab.script

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Set ESP mount options to match what Fedora does
+# https://github.com/OSInside/kiwi/issues/2201
+gawk -i inplace '$2 == "/boot/efi" { $4 = $4",umask=0077,shortname=winnt" } { print $0 }' /etc/fstab
+
+# Run selinux relabel at the right time
+# https://github.com/OSInside/kiwi/issues/2192
+# https://github.com/OSInside/kiwi/pull/2282#issuecomment-1514399308
+setfiles -F -p -c /etc/selinux/targeted/policy/policy.* -e /proc -e /sys -e /dev /etc/selinux/targeted/contexts/files/file_contexts /

root/etc/sysconfig/kernel

@@ -0,0 +1,6 @@
+# UPDATEDEFAULT specifies if kernel-install should make
+# new kernels the default
+UPDATEDEFAULT=yes
+
+# DEFAULTKERNEL specifies the default kernel package type
+DEFAULTKERNEL=kernel-core