josh
e73e31af92
The live image was still carrying the Phase 2 package list, so SMART, CPUStress, and Network each hit a LookPath miss and returned pass-with-skip. A run that skipped every real check still ended in "completed" — nothing on the report said the image was broken. Add smartmontools, stress-ng, fio, iperf3, lshw, lm-sensors, e2fsprogs, and util-linux to mkosi.conf. Flip the three stages from skip-pass to fail when their binary is missing so any future packaging regression blocks the run instead of whispering past it. Legitimate "no hardware" skips (no GPU, no hwmon, no disks, non-destructive) are untouched. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Vetting live image
Debian-based Linux live image that PXE-booted hosts drop into. Runs the
vetting-agent binary under systemd and reaches back to the orchestrator
over HTTP+SSE.
Preferred build path: make release
Run make release from the repo root (Linux/WSL) — it builds the live
image and bundles it with the orchestrator binary, install scripts,
and pinned iPXE SHAs into a single vetting-bundle-<sha>.tar.gz. See
../docs/operations.md for the install flow.
Manual build (dev loop)
On Windows:
wsl make -C live-image all
On Linux:
make -C live-image all
This produces live-image/build/vmlinuz and live-image/build/initrd.img.
deploy/pxe-setup.sh picks them up automatically when run from the repo
tree — no manual copy needed.
iPXE binaries
The dnsmasq supervisor expects ipxe.efi and undionly.kpxe in
pxe.tftp_root. deploy/pxe-setup.sh fetches them from boot.ipxe.org
and verifies against pinned SHA256s in deploy/ipxe-shas.txt. Bumping
the pins requires a deliberate repo commit.
WSL prerequisites (Windows dev)
sudo apt install mkosi debootstrap squashfs-tools dosfstools