File README.md of Package SL-Micro

# SL-Micro (SUSE Linux Micro) v6.0

## Overview

This project contains KIWI image build configurations for **SL-Micro** (SUSE Linux Micro) version 6.0, branded as "Shift5 Manifold OS". SL-Micro is a lightweight, container-focused Linux distribution designed for edge computing, IoT, and container workloads.

SL-Micro provides:
- **Transactional updates** with automatic rollback capability
- **Immutable root filesystem** with btrfs snapshots
- **Container runtime support** (Podman)
- **Minimal attack surface** with reduced package set
- **SELinux enforcement** for enhanced security
- **Multiple hardware platform support**

## Architecture

The build system uses [KIWI](https://osinside.github.io/kiwi/) image builder and integrates with the openSUSE Build Service (OBS).

### Key Files

| File | Purpose |
|------|---------|
| `SL-Micro.kiwi` | Main KIWI configuration defining image profiles, packages, and build settings |
| `config.sh` | Image configuration script executed during build process |
| `_multibuild` | Defines which image flavors to build in OBS |
| `_constraints` | Build resource requirements (40GB disk space) |
| `_scmsync.obsinfo` | Source code management sync information |
| `editbootinstall_rpi.sh` | Raspberry Pi-specific bootloader installation script |
| `editbootinstall_pine64.sh` | Pine64-specific bootloader installation script |
| `SL-Micro.changes` | Changelog and release notes |

## Image Profiles and Variants

### Base Flavors
- **`full`** - Complete SL-Micro with KVM and container host capabilities
- **`container-host`** - Minimal SL-Micro focused on container workloads

### Platform Profiles
- **`x86`** - Standard x86_64 with UEFI boot
- **`x86-encrypted`** - x86_64 with LUKS2 full disk encryption
- **`x86-rt`** - x86_64 with real-time (RT) kernel
- **`x86-rt-encrypted`** - RT kernel with encryption
- **`rpi`** - Raspberry Pi (aarch64)
- **`aarch64-self_install`** - Self-installing ISO for aarch64

### Complete Image Variants
- **`Default`** - Full feature set (KVM + containers)
- **`Base`** - Container-only variant
- **`Default-encrypted`** - Full features with encryption
- **`Base-encrypted`** - Container-only with encryption
- **`Base-RT`** - Container-only with real-time kernel
- **`*-SelfInstall`** - Self-installing ISO variants

## System Configuration

### Storage Layout
- **Filesystem**: btrfs with read-only root snapshots
- **Volumes**: Separate subvolumes for `/home`, `/opt`, `/srv`, `/var`, `/usr/local`
- **Encryption**: LUKS2 with AES cipher (encrypted variants)
- **Snapshots**: Automatic system snapshots with rollback capability

### Security Features
- **SELinux**: Enforcing mode with targeted policy
- **Firewalld**: Enabled by default
- **Transactional updates**: Atomic system updates with rollback
- **Minimal packages**: Reduced attack surface
- **TPM2 support**: Hardware security module integration (encrypted variants)

### Boot Configuration
- **Bootloader**: GRUB2 with SLE branding
- **Kernel**: Default or real-time kernel options
- **Init system**: systemd with custom presets
- **Console**: Serial console support (`ttyS0,115200n81`)

## Hardware Support

### x86_64 Platforms
- Standard PC/server hardware
- VMware virtual machines
- QEMU/KVM virtual machines
- Real-time capable systems

### ARM64 Platforms
- **Raspberry Pi 4/5** - Complete hardware support including WiFi/Bluetooth
- **Pine64** - Allwinner-based ARM64 boards
- **Generic aarch64** - UEFI-capable ARM64 systems

### Platform-Specific Features
- **Raspberry Pi**: BCM43xx WiFi firmware, custom U-Boot configuration
- **Pine64**: Sunxi-specific drivers and U-Boot SPL installation
- **x86_64**: Shim secure boot support, multiple boot firmware types

## Build System Integration

### openSUSE Build Service
This project is designed for building with the openSUSE Build Service (OBS):

- **Repository**: Uses `obsrepositories:/` for package sources
- **Multi-build**: Configured to build multiple flavors simultaneously
- **Constraints**: Requires 40GB disk space for builds
- **SCM Sync**: Synchronized from SUSE products repository

### Currently Enabled Builds
According to `_multibuild`, only these variants are currently enabled:
- `Base-SelfInstall`
- `Base-encrypted`

## Package Management

### Core Components
- **Package manager**: zypper with transactional-update
- **Container runtime**: Podman with SELinux support
- **Network management**: NetworkManager
- **Time synchronization**: chronyd
- **Bootloader**: GRUB2 with snapshot support

### Cloud Integration
- **Cloud-init**: Automatic configuration in cloud environments
- **Ignition/Combustion**: Configuration management for edge deployments
- **First-boot setup**: jeos-firstboot for initial system configuration

## Usage Instructions

### Building Images
Images are typically built through the openSUSE Build Service. For local builds:

```bash
# Install KIWI
sudo zypper install python3-kiwi

# Build a specific profile
sudo kiwi-ng system build \
    --profile=Base \
    --type=oem \
    --description=SL-Micro.kiwi \
    --target-dir=./build
```

### Deployment
1. **Raw Images**: Flash to disk or deploy to hypervisor
2. **Self-Install ISOs**: Boot from ISO for automated installation
3. **Cloud Images**: Deploy to cloud platforms with cloud-init

### First Boot
The system supports multiple configuration methods:
- **Ignition**: For containerized workloads (preferred for edge)
- **Cloud-init**: For cloud environments
- **jeos-firstboot**: Interactive first-boot setup
- **Combustion**: Declarative system configuration

## Development and Customization

### Adding Packages
Modify the `<packages>` sections in `SL-Micro.kiwi` for different profiles.

### Platform Support
Add new platform profiles by:
1. Creating platform-specific `<profile>` entries
2. Adding platform packages
3. Creating `editbootinstall_*.sh` scripts if needed

### Configuration Changes
Modify `config.sh` to adjust system configuration, services, and setup scripts.

## Support and Documentation

- **KIWI Documentation**: https://osinside.github.io/kiwi/
- **SLE Micro Documentation**: https://documentation.suse.com/sle-micro/
- **Transactional Updates**: Built-in system update mechanism with rollback

## License

Licensed under MIT License (see `LICENSE` file).

## Maintainer

- **Author**: Shaun McDonnell
- **Contact**: crc@suse.com
- **Repository**: SUSE products repository (Marble)