#89 Self-install image with gnome-initial-setup for Leap 15.5
Opened 5 months ago by lkocman. Modified 4 months ago

I think self-install image with enabled firstboot configuration (gnome-initial-setup) is a nice way to offer pre-loaded images for hardware vendors, or general, for any companies/corporations.

The Proof Of Concept that was worked on during hack week is available at
https://hackweek.opensuse.org/21/projects/opensuse-build-supported-by-suse-it and https://build.opensuse.org/repositories/isv:SUSE:suse-it-infra
This request is to make a self-install image available for Leap as well.

Problems

  • Add self-install image with gnome (POC used GNOME Live as a base)

  • GDM has disabled gnome-initial-setup for SLES / Leap (requires fork)

  • gnome-initial-setup is ancient (requires a fork)

  • Combustion is missing (do we want that, useful for e.g. initial root-password, if a company wants to disallow sudo for user).

I would recommend using full disk encryption (well without /boot) and changing luks password on the first boot. This was not working in POC (we've used combustion for this with https://github.com/SUSE/suse-csb-release/blob/cf9cd617ae3b0ca050f75ad5196101f7ca718796/combustion/script)


This should be considered for SLES as well but I'd personally prefer if SUSE IT would report these request in Jira.

This was asked by MgE, ideally against SLED 15 SP5

Metadata Update from @lkocman:
- Issue set to the milestone: 15.5

5 months ago

Flagging as sle accept pending, but never the less we're implementing this one.

Metadata Update from @lkocman:
- Custom field SUSE Jira - SUSE Linux Enterprise adjusted to https://jira.suse.com/browse/PED-1090
- Issue tagged with: SLE-Accept-Pending

5 months ago

For the beginning perhaps the combustion would be optional, some people don't seem to see having combustion as a benefit, and see it rather than a potential way to hijack the machine.

The combustion/ignition service is a one-shot service.

The combustion/ignition service is a one-shot service.

Yep, only run on first boot, so no "hijacking" possible.

Login to comment on this ticket.

Metadata