# Vetting live image

Debian-based Linux live image that PXE-booted hosts drop into. Runs the
`vetting-agent` binary under systemd and reaches back to the orchestrator
over HTTP+SSE.

## Building

Must be built on Linux (or WSL). On Windows:

```sh
wsl make -C live-image all
```

On Linux:

```sh
make -C live-image all
```

This produces `live-image/build/vmlinuz` and `live-image/build/initrd.img`.
Copy (or symlink) them into the directory configured as `pxe.live_dir` in
`deploy/vetting.yaml`; the orchestrator serves them at `/live/*`.

## iPXE binaries

The dnsmasq supervisor expects `ipxe.efi` and `undionly.kpxe` to live in
`pxe.tftp_root`. Fetch the latest release binaries from
https://boot.ipxe.org and drop them in that directory. The Makefile does
not download them automatically so their SHA256 can be operator-verified.

## WSL prerequisites (Windows dev)

```sh
sudo apt install mkosi debootstrap squashfs-tools dosfstools
```