woprandi
November 25, 2025, 9:17am
1
I build a bootc image front this simple Containerfile
ARG FEDORA_VERSION=43
FROM quay.io/fedora-ostree-desktops/silverblue:$FEDORA_VERSION
LABEL containers.bootc 1
LABEL ostree.bootable 1
RUN systemctl set-default graphical.target
RUN dnf config-manager setopt google-chrome.enabled=1
RUN mkdir /var/opt
RUN dnf install -y vim google-chrome-stable && dnf clean all
RUN bootc container lint
RUN ostree container commit
Running it with podman seems ok
❯ podman run --rm -it localhost/testosbuild:latest cat /etc/fedora-release
Fedora release 43 (Forty Three)
❯ podman run --rm -it localhost/testosbuild:latest whereis google-chrome
google-chrome: /usr/bin/google-chrome /usr/share/google-chrome /usr/share/man/man1/google-chrome.1.gz
But when I build iso installer :
❯ sudo podman run --rm -it --privileged --pull=newer \
--security-opt label=type:unconfined_t \
-v ./output:/output \
-v /var/lib/containers/storage:/var/lib/containers/storage \
-v ./config.toml:/config.toml:ro \
quay.io/centos-bootc/bootc-image-builder:latest \
--type iso \
--chown 1000:1000 \
--rootfs=btrfs \
localhost/testosbuild
And test it with GNOME Boxes, it’s a Fedora 42
And no chrome nor vim binary….
hricky
November 25, 2025, 9:45am
2
Since you are apparently building a derived container image, some of the RUN and LABEL instructions in your Containerfile are not necessary and therefore the issue may not be related to bootc-image-builder. Could you please clarify what changes you want to make to the base Silverblue container image so we can try to suggest a sample Containerfile? Could you also please provide the contents of the config.toml file that you use with bootc-image-builder?
woprandi
November 25, 2025, 10:01am
4
Currently, I’m experimenting bootc to generate system image for business laptop at work.
I don’t have huge need, probably just to install some softwares by default and automate system install. But it can changes in the future.
This is my kickstart file to automate the install (which works)
[customizations.installer.kickstart]
contents = “”"
text --non-interactive
#graphical
zerombr
clearpart --all --initlabel
firstboot --enable
lang fr_FR
keyboard fr
autopart
timezone Europe/Paris --utc
rootpw thepassword
xconfig --startxonboot
hricky
November 25, 2025, 12:42pm
5
For such a small set of packages, building a custom container image is probably too much of an overheads, but for learning/experimentation purposes it should be fine.
With the following I was able to build a derived container image, a disk image from it, and install it on a bare metal machine. The Google Chrome browser was installed and working.
Build the container image:
ContainerfileFROM quay.io/fedora-ostree-desktops/silverblue:43
LABEL org.opencontainers.image.title="Fedora Silverblue 43"
LABEL org.opencontainers.image.description="Customized image of Fedora Silverblue 43"
# - Replace nano with vim
# - Install Google Chrome
# - Remove SetUID/SetGID bits
# - Cleanup
RUN <<EORUN
set -xeuo pipefail
dnf swap --assumeyes --refresh --allowerasing nano vim-default-editor
mv /opt{,.bak}
mkdir /opt
dnf install --assumeyes --enablerepo="google-chrome" google-chrome-stable
mv /opt/google/chrome /usr/lib/google-chrome
ln --symbolic --force /usr/lib/google-chrome/google-chrome /usr/bin/google-chrome-stable
mkdir --parents usr/share/icons/hicolor/{16x16/apps,24x24/apps,32x32/apps,48x48/apps,64x64/apps,128x128/apps,256x256/apps}
for i in "16" "24" "32" "48" "64" "128" "256"; do
ln --symbolic --force /usr/lib/google-chrome/product_logo_${i}.png /usr/share/icons/hicolor/${i}x${i}/apps/google-chrome.png
done
rm --recursive --force /etc/cron.daily
rmdir /opt/{google,}
mv /opt{.bak,}
rm --recursive --force /var/lib/unbound/root.key
chmod ug-s \
/usr/bin/chage \
/usr/bin/chfn \
/usr/bin/chsh \
/usr/bin/gpasswd \
/usr/bin/newgrp \
/usr/bin/passwd \
/usr/bin/vmware-user-suid-wrapper
dnf clean all
rm --recursive --force /var /tmp /boot
mkdir /var /tmp /boot
bootc container lint --no-truncate --fatal-warnings
EORUN
sudo podman image build \
--pull=allways \
--tag localhost/silverblue-test:43 \
--file ./Containerfile
Build the ISO image:
config.toml[[customizations.user]]
name = "silverblue"
password = "pass"
groups = ["wheel"]
sudo podman image pull ghcr.io/osbuild/bootc-image-builder:latest
sudo podman container run \
--rm \
--interactive \
--tty \
--privileged \
--pull=newer \
--security-opt label=type:unconfined_t \
--volume ./config.toml:/config.toml:ro \
--volume ./output:/output \
--volume /var/lib/containers/storage:/var/lib/containers/storage \
ghcr.io/osbuild/bootc-image-builder:latest \
--rootfs btrfs \
--type anaconda-iso \
--chown 1000:1000 \
localhost/silverblue-test:43
woprandi
November 25, 2025, 3:05pm
6
hricky:
dnf install --assumeyes --enablerepo="google-chrome" google-chrome-stable
mv /opt/google/chrome /usr/lib/google-chrome
ln --symbolic --force /usr/lib/google-chrome/google-chrome /usr/bin/google-chrome-stable
mkdir --parents usr/share/icons/hicolor/{16x16/apps,24x24/apps,32x32/apps,48x48/apps,64x64/apps,128x128/apps,256x256/apps}
for i in "16" "24" "32" "48" "64" "128" "256"; do
ln --symbolic --force /usr/lib/google-chrome/product_logo_${i}.png /usr/share/icons/hicolor/${i}x${i}/apps/google-chrome.png
done
rm --recursive --force /etc/cron.daily
rmdir /opt/{google,}
mv /opt{.bak,}
rm --recursive --force /var/lib/unbound/root.key
chmod ug-s \
/usr/bin/chage \
/usr/bin/chfn \
/usr/bin/chsh \
/usr/bin/gpasswd \
/usr/bin/newgrp \
/usr/bin/passwd \
/usr/bin/vmware-user-suid-wrapper
dnf clean all
rm --recursive --force /var /tmp /boot
mkdir /var /tmp /boot
bootc container lint --no-truncate --fatal-warnings
EORUN
May I ask you why all of these tasks after chrome install ?
hricky
November 25, 2025, 3:44pm
7
To remove the SetUID/SetGID bits from certain binaries and clean the container image.
woprandi
November 25, 2025, 5:53pm
8
Well I’m stupid, I built the image as user so the image used to build iso was never updated…
Sorry for convenience. Thanks you for your time
