These images are signed with Sigstore's cosign. You can verify the signature by downloading the cosign.pub file from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/nobodywatchin/aiOSThe Red Hat and OSBuild documentation on building bootc images is quite in-depth if you want to tinker.
In the meantime, here are some simple commands to get up and running:
TMP=$(mktemp) && \
curl -fsSL https://raw.githubusercontent.com/nobodywatchin/aiOS/main/image.toml -o "$TMP" && \
sudo podman pull ghcr.io/nobodywatchin/aios-lts:latest && \
sudo podman pull quay.io/centos-bootc/bootc-image-builder:latest && \
sudo podman run --rm -it --privileged --pull=newer \
--security-opt label=type:unconfined_t \
--network=host \
-v /var/lib/containers/storage:/var/lib/containers/storage \
-v "$(pwd)/output:/output" \
-v "$TMP:/config.toml:ro" \
quay.io/centos-bootc/bootc-image-builder:latest \
--type qcow2 \
--progress verbose \
--use-librepo=false \
--config /config.toml \
ghcr.io/nobodywatchin/aios-lts:latest
rm -f "$TMP"
TMP=$(mktemp) && \
curl -fsSL https://raw.githubusercontent.com/nobodywatchin/aiOS/main/iso.toml -o "$TMP" && \
sudo podman pull ghcr.io/nobodywatchin/aios-lts:latest && \
sudo podman pull quay.io/centos-bootc/bootc-image-builder:latest && \
sudo podman run --rm -it --privileged --pull=newer \
--security-opt label=type:unconfined_t \
--network=host \
-v /var/lib/containers/storage:/var/lib/containers/storage \
-v "$(pwd)/output:/output" \
-v "$TMP:/config.toml:ro" \
quay.io/centos-bootc/bootc-image-builder:latest \
--type iso \
--progress verbose \
--use-librepo=false \
--config /config.toml \
ghcr.io/nobodywatchin/aios-lts:latest
rm -f "$TMP"