.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
. if \nF \{
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "SUPERMIN 1"
.TH SUPERMIN 1 "2014-07-12" "supermin-5.1.9" "Virtualization Support"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
supermin \- Tool for creating and building supermin appliances
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& supermin \-\-prepare \-o OUTPUTDIR PACKAGE [PACKAGE ...]
\&
\& supermin \-\-build \-o OUTPUTDIR \-f chroot|ext2 INPUT [INPUT ...]
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Supermin is a tool for building supermin appliances. These are tiny
appliances (similar to virtual machines), usually around 100KB in
size, which get fully instantiated on-the-fly in a fraction of a
second when you need to boot one of them.
.PP
This program used to be called febootstrap. This manual page
documents supermin 5.x which is a complete rewrite and quite different
from febootstrap 2.x. If you are looking for the febootstrap 2.x
tools, then this is not the right place.
.SS "\s-1BASIC OPERATION\s0"
.IX Subsection "BASIC OPERATION"
The supermin tool can be used in two modes, \fBpreparing\fR a tiny
supermin appliance, which is done on a build system. And \fBbuilding\fR,
which takes the supermin appliance and constructs a full, bootable
appliance, which is done on the end user's system.
.PP
Supermin does not need to be run as root, and generally \fIshould not\fR
be run as root. It does not affect the host system or the packages
installed on the host system.
.PP
\fI\s-1PREPARE MODE\s0\fR
.IX Subsection "PREPARE MODE"
.PP
\&\fI\-\-prepare\fR creates the tiny supermin appliance in the given output
directory. You give it a list of packages that you want installed,
and supermin will automatically find the dependencies. The list of
packages has to be installed on the host machine.
.PP
For example:
.PP
.Vb 1
\& supermin \-\-prepare bash coreutils \-o supermin.d
.Ve
.PP
creates a supermin appliance containing the packages \f(CW\*(C`bash\*(C'\fR and
\&\f(CW\*(C`coreutils\*(C'\fR. Specifically, it creates some files in directory
\&\f(CW\*(C`supermin.d\*(C'\fR. This directory \fIis\fR the supermin appliance. (See
\&\*(L"\s-1SUPERMIN APPLIANCES\*(R"\s0 below).
.PP
It is intended that the \fI\-\-prepare\fR step is done on a central build
machine, and the supermin appliance is distributed to end users (which
is easy because supermin appliances are so small).
.PP
\fI\s-1BUILD MODE\s0\fR
.IX Subsection "BUILD MODE"
.PP
\&\fI\-\-build\fR (previously a separate program called \f(CW\*(C`supermin\-helper\*(C'\fR)
builds the full appliance from the supermin appliance:
.PP
.Vb 1
\& supermin \-\-build \-\-format ext2 supermin.d \-o appliance.d
.Ve
.PP
This will create files called \f(CW\*(C`appliance.d/kernel\*(C'\fR,
\&\f(CW\*(C`appliance.d/root\*(C'\fR etc, which is the full sized bootable appliance.
.PP
It is intended that the \fI\-\-build\fR step is done on the end user's
machine at the last second before the appliance is needed. The
packages in the supermin appliance (those specified when the supermin
appliance was prepared) must be installed on the end user's machine.
.PP
Build and cache
.IX Subsection "Build and cache"
.PP
Typically you want to rebuild the appliance on the end user machine
only on demand. Supermin has some extra options to make this easy:
.PP
.Vb 3
\& supermin \-\-build \e
\& \-\-if\-newer \-\-lock /run/user/\`id \-u\`/supermin.lock \e
\& \-\-format ext2 supermin.d \-o appliance.d
.Ve
.PP
If multiple programs run this command in parallel, the instances will
wait on the lock file. The full appliance only gets rebuilt if it
doesn't exist or if it is older than the input files and host package
database.
.PP
Note that the lock file \fBmust not\fR be stored inside the \fI\-o\fR
directory.
.PP
\fI\s-1PACKAGES\s0\fR
.IX Subsection "PACKAGES"
.PP
By \*(L"package\*(R" we mean the \s-1RPM,\s0 Debian, (etc.) package,
eg. \f(CW\*(C`coreutils\*(C'\fR, \f(CW\*(C`perl\*(C'\fR.
.PP
In all cases supermin can only build a supermin appliance which is
identical in distro, version and architecture to the host. It does
\&\fInot\fR do cross-builds.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-\-help\fR" 4
.IX Item "--help"
Display brief command line usage, and exit.
.IP "\fB\-\-build\fR" 4
.IX Item "--build"
Build the full appliance from the supermin appliance. This used to be
a separate program called \f(CW\*(C`supermin\-helper\*(C'\fR.
.IP "\fB\-\-copy\-kernel\fR" 4
.IX Item "--copy-kernel"
(\fI\-\-build\fR mode only)
.Sp
Copy the kernel (and device tree, if created) instead of symlinking to
the kernel in \f(CW\*(C`/boot\*(C'\fR.
.Sp
This is fractionally slower, but is necessary if you want to change
the permissions or SELinux label on the kernel or device tree.
.IP "\fB\-\-dtb\fR \s-1WILDCARD\s0" 4
.IX Item "--dtb WILDCARD"
(\fI\-\-build\fR mode only)
.Sp
If specified, search for a device tree which is compatible with the
selected kernel and the name of which matches the given wildcard. You
can use a wildcard such as \f(CW\*(C`vexpress\-*a9*.dtb\*(C'\fR which would match
\&\f(CW\*(C`vexpress\-v2p\-ca9.dtb\*(C'\fR.
.Sp
Notes:
.RS 4
.IP "\(bu" 4
You may need to quote the wildcard to prevent it from being expanded
by your shell.
.IP "\(bu" 4
If no \fI\-\-dtb\fR option is given, no device tree will be looked for.
.IP "\(bu" 4
You only need a device tree on architectures such as \s-1ARM\s0 and PowerPC
which use them. On other architectures, don't use this option.
.IP "\(bu" 4
If you use this option and no compatible device tree can be found,
supermin will exit with an error.
.RE
.RS 4
.RE
.IP "\fB\-f\fR \s-1FORMAT\s0" 4
.IX Item "-f FORMAT"
.PD 0
.IP "\fB\-\-format\fR \s-1FORMAT\s0" 4
.IX Item "--format FORMAT"
.PD
(\fI\-\-build\fR mode only)
.Sp
Select the output format for the full appliance.
.Sp
There is no default. When using \fI\-\-build\fR you must specify the
\&\fI\-\-format\fR option.
.Sp
Possible formats are:
.RS 4
.IP "chroot" 4
.IX Item "chroot"
A directory tree in the host filesystem.
.Sp
The filesystem tree is written to \f(CW\*(C`OUTPUTDIR\*(C'\fR (ie. the \fI\-o\fR option).
.Sp
This is called a \f(CW\*(C`chroot\*(C'\fR because you could literally \fIchroot\fR\|(1)
into this directory afterwards, although it's a better idea to use a
container technology (\s-1LXC,\s0 etc.).
.Sp
No kernel, initrd or dtb is generated in this mode because it is
assumed that you will be running the appliance using the host kernel.
.IP "ext2" 4
.IX Item "ext2"
An ext2 filesystem disk image.
.Sp
The output kernel is written to \f(CW\*(C`OUTPUTDIR/kernel\*(C'\fR, the device tree
(if using) to \f(CW\*(C`OUTPUTDIR/dtb\*(C'\fR, a small initramfs which can mount the
appliance to \f(CW\*(C`OUTPUTDIR/initrd\*(C'\fR, and the ext2 filesystem image to
\&\f(CW\*(C`OUTPUTDIR/root\*(C'\fR. (Where \f(CW\*(C`OUTPUTDIR\*(C'\fR is specified by the \fI\-o\fR
option).
.RE
.RS 4
.RE
.IP "\fB\-\-host\-cpu\fR \s-1CPU\s0" 4
.IX Item "--host-cpu CPU"
(\fI\-\-build\fR mode only)
.Sp
Specify the host \s-1CPU \s0(eg. \f(CW\*(C`i686\*(C'\fR, \f(CW\*(C`x86_64\*(C'\fR). This is used as a
substring match when searching for compatible kernels. If not
specified, it defaults to the host \s-1CPU\s0 that supermin was compiled on.
.IP "\fB\-\-if\-newer\fR" 4
.IX Item "--if-newer"
(\fI\-\-build\fR mode only)
.Sp
The output directory is checked and it is \fInot\fR rebuilt unless it
needs to be.
.Sp
This is done by consulting the dates of the host package database
(\f(CW\*(C`/var/lib/rpm\*(C'\fR etc), the input supermin files, and the output
directory. The operation is only carried out if either the host
package database or the input supermin files are newer than the output
directory.
.Sp
See also \fI\-\-lock\fR below.
.IP "\fB\-\-list\-drivers\fR" 4
.IX Item "--list-drivers"
List the package manager drivers compiled into supermin, and whether
the corresponding package manager is detected on the current system.
.IP "\fB\-\-lock\fR \s-1LOCKFILE\s0" 4
.IX Item "--lock LOCKFILE"
(\fI\-\-build\fR mode only)
.Sp
If multiple parallel runs of supermin need to build a full appliance,
then you can use the \fI\-\-lock\fR option to ensure they do not stomp on
each other.
.Sp
The lock file is used to provide mutual exclusion so only one instance
of supermin will run at a time.
.Sp
Note that the lock file \fBmust not\fR be stored inside the output
directory.
.IP "\fB\-o\fR \s-1OUTPUTDIR\s0" 4
.IX Item "-o OUTPUTDIR"
Select the output directory.
.Sp
When using \fI\-\-prepare\fR, this is the directory where the supermin
appliance will be written. When using \fI\-\-build\fR, this is the
directory where the full appliance, kernel etc will be written.
.Sp
\&\fBAny previous contents of the output directory are deleted\fR, and a
new output directory is created.
.Sp
The output directory is created (nearly) atomically by constructing a
temporary directory called something like \f(CW\*(C`OUTPUTDIR.abc543\*(C'\fR, then
renaming the old output directory (if present) and deleting it, and
then renaming the temporary directory to \f(CW\*(C`OUTPUTDIR\*(C'\fR. By combining
this option with \fI\-\-lock\fR you can ensure that multiple parallel runs
of supermin do not conflict with each other.
.IP "\fB\-\-packager\-config\fR \s-1CONFIGFILE\s0" 4
.IX Item "--packager-config CONFIGFILE"
(\fI\-\-prepare\fR mode only)
.Sp
Set the configuration file for the package manager. This allows you
to specify alternate software repositories.
.Sp
For ArchLinux, this sets the pacman configuration file (default
\&\f(CW\*(C`/etc/pacman.conf\*(C'\fR). See \fIpacman.conf\fR\|(5).
.Sp
For Yum/RPM distributions, this sets the yum configuration file
(default \f(CW\*(C`/etc/yum.conf\*(C'\fR). See \fIyum.conf\fR\|(5).
.IP "\fB\-\-prepare\fR" 4
.IX Item "--prepare"
Prepare the supermin appliance.
.IP "\fB\-\-use\-installed\fR" 4
.IX Item "--use-installed"
(\fI\-\-prepare\fR mode only)
.Sp
If packages are already installed, use the contents (from the local
filesystem) instead of downloading them.
.Sp
Note that this can cause malformed appliances if local files have been
changed from what was originally in the package. This is particularly
a problem for configuration files.
.Sp
However this option is useful in some controlled situations: for
example when using supermin inside a freshly installed chroot, or if
you have no network access during the build.
.IP "\fB\-v\fR" 4
.IX Item "-v"
.PD 0
.IP "\fB\-\-verbose\fR" 4
.IX Item "--verbose"
.PD
Enable verbose messages.
.Sp
You can give this option multiple times to enable even more messages:
.RS 4
.IP "\fI\-v\fR" 4
.IX Item "-v"
Debugging of overall stages.
.IP "\fI\-v \-v\fR" 4
.IX Item "-v -v"
Detailed information within each stage.
.IP "\fI\-v \-v \-v\fR" 4
.IX Item "-v -v -v"
Massive amounts of debugging (far too much for normal use, but good
if you are trying to diagnose a bug in supermin).
.RE
.RS 4
.RE
.IP "\fB\-V\fR" 4
.IX Item "-V"
.PD 0
.IP "\fB\-\-version\fR" 4
.IX Item "--version"
.PD
Print the package name and version number, and exit.
.SH "SUPERMIN APPLIANCES"
.IX Header "SUPERMIN APPLIANCES"
Supermin appliances consist of just enough information to be able to
build an appliance containing the same operating system (Linux
version, distro, release etc) as the host \s-1OS. \s0 Since the host and
appliance share many common files such as \f(CW\*(C`/bin/bash\*(C'\fR and
\&\f(CW\*(C`/lib/libc.so\*(C'\fR there is no reason to ship these files in the
appliance. They can simply be read from the host on demand when the
appliance is launched. Therefore to save space we just store the
names of the packages we want from the host, and copy those in (plus
dependencies) at build time.
.PP
There are some files which cannot just be copied from the host in this
way. These include configuration files which the host admin might
have edited. So along with the list of host files, we also store a
skeleton base image which contains these files and the outline
directory structure.
.PP
Therefore the supermin appliance normally consists of at least two
control files (\f(CW\*(C`packages\*(C'\fR and \f(CW\*(C`base.tar.gz\*(C'\fR).
.IP "\fBpackages\fR" 4
.IX Item "packages"
The list of packages to be copied from the host. Dependencies are
resolved automatically.
.Sp
The file is plain text, one package name per line.
.IP "\fBbase.tar\fR" 4
.IX Item "base.tar"
.PD 0
.IP "\fBbase.tar.gz\fR" 4
.IX Item "base.tar.gz"
.PD
This tar file (which may be compressed) contains the skeleton
filesystem. Mostly it contains directories and a few configuration
files.
.Sp
All paths in the tar file should be relative to the root directory of
the appliance.
.IP "\fBhostfiles\fR" 4
.IX Item "hostfiles"
Any other files that are to be copied from the host. This is a plain
text file with one pathname per line.
.Sp
Paths can contain wildcards, which are expanded when the appliance
is created, eg:
.Sp
.Vb 1
\& /etc/yum.repos.d/*.repo
.Ve
.Sp
would copy all of the \f(CW\*(C`*.repo\*(C'\fR files into the appliance.
.Sp
Each pathname in the file should start with a \f(CW\*(C`/\*(C'\fR character.
.Sp
Supermin itself does not create hostfiles (although before versionĀ 5, this was the main mechanism used to create the full appliance).
However you may drop one or more of these files into the supermin
appliance directory if you want to copy random unpackaged files into
the full appliance.
.IP "\fBexcludefiles\fR" 4
.IX Item "excludefiles"
A list of filenames, directory names, or wildcards prefixed by \f(CW\*(C`\-\*(C'\fR
which are excluded from the final appliance.
.Sp
This is rather brutal since it just removes things, potentially
breaking packages. However it can be used as a convenient way to
minimize the size of the final appliance.
.Sp
Supermin itself does not create excludefiles. However you may drop
one of more of these files into the supermin appliance directory to
stop packaged files from being copied into the full appliance.
.PP
Note that the names above are just suggestions. You can use any names
you want, as supermin detects the contents of each file when it
reconstructs the appliance. You can also have multiple of each type
of file.
.SS "\s-1RECONSTRUCTING THE APPLIANCE\s0"
.IX Subsection "RECONSTRUCTING THE APPLIANCE"
The separate mode \f(CW\*(C`supermin \-\-build\*(C'\fR is used to reconstruct an
appliance from the supermin appliance files.
.PP
This program in fact iterates recursively over the files and
directories passed to it. A common layout could look like this:
.PP
.Vb 5
\& supermin.d/
\& supermin.d/base.tar.gz
\& supermin.d/extra.tar.gz
\& supermin.d/packages
\& supermin.d/zz\-hostfiles
.Ve
.PP
In this way extra files can be added to the appliance just by creating
another tar file (\f(CW\*(C`extra.tar.gz\*(C'\fR in the example above) and dropping
it into the directory, and additional host files can be added
(\f(CW\*(C`zz\-hostfiles\*(C'\fR in the example above). When the appliance is
constructed, the extra files will appear in the appliance.
.SS "\s-1MINIMIZING THE SUPERMIN APPLIANCE\s0"
.IX Subsection "MINIMIZING THE SUPERMIN APPLIANCE"
You may want to \*(L"minimize\*(R" the supermin appliance in order to save
time and space when it is instantiated. Typically you might want to
remove documentation, info files, man pages and locales.
.PP
You can do this by creating an excludefiles that lists files,
directories or wildcards that you don't want to include. They are
skipped when the full appliance is built.
.PP
.Vb 5
\& \-/boot/*
\& \-/lib/modules/*
\& \-/usr/share/doc/*
\& \-/usr/share/info/*
\& \-/usr/share/man/*
.Ve
.PP
Be careful what you remove because files may be necessary for correct
operation of the appliance.
.SS "\s-1KERNEL AND KERNEL MODULES\s0"
.IX Subsection "KERNEL AND KERNEL MODULES"
Usually the kernel and kernel modules are \fInot\fR included in the
supermin appliance.
.PP
When the full appliance is built, the kernel modules from the host are
copied in, and it is booted using the host kernel.
.PP
\fI\s-1USING A CUSTOM KERNEL AND KERNEL MODULES\s0\fR
.IX Subsection "USING A CUSTOM KERNEL AND KERNEL MODULES"
.PP
Supermin is able to choose the best host kernel available to boot the
appliance. However you can override this by setting environment
variables (see \*(L"\s-1ENVIRONMENT VARIABLES\*(R"\s0 below).
.PP
If you build a custom kernel (eg. by compiling Linux from source),
then you should do something like this:
.PP
.Vb 4
\& mkdir /tmp/kmods
\& make bzImage
\& make modules
\& make modules_install INSTALL_MOD_PATH=/tmp/kmods
\&
\& export SUPERMIN_KERNEL=/path/to/linux.git/arch/x86/boot/bzImage
\& export SUPERMIN_MODULES=/tmp/kmods/lib/modules/3.xx.yy
\&
\& supermin \-\-build \-f ext2 [etc]
.Ve
.SS "\s-1ENFORCING AVAILABILITY OF PACKAGES\s0"
.IX Subsection "ENFORCING AVAILABILITY OF PACKAGES"
Supermin builds the appliance by copying in the packages listed in
\&\f(CW\*(C`packages\*(C'\fR. For this to work those packages must be available. We
usually enforce this by adding requirements (eg. \s-1RPM \s0\f(CW\*(C`Requires:\*(C'\fR
lines) on the package that uses the supermin appliance, so that
package cannot be installed without pulling in the dependent packages
and thus making sure the packages are installed for supermin to use.
.SH "ENVIRONMENT VARIABLES"
.IX Header "ENVIRONMENT VARIABLES"
.IP "\s-1SUPERMIN_KERNEL\s0" 4
.IX Item "SUPERMIN_KERNEL"
If this environment variable is set, then automatic selection of the
kernel is bypassed and this kernel is used.
.Sp
The environment variable should point to a kernel file,
eg. \f(CW\*(C`/boot/vmlinuz\-3.0.x86_64\*(C'\fR
.IP "\s-1SUPERMIN_MODULES\s0" 4
.IX Item "SUPERMIN_MODULES"
This specifies the kernel modules directory to use.
.Sp
The environment variable should point to a module directory,
eg. \f(CW\*(C`/lib/modules/3.0.x86_64/\*(C'\fR
.IP "\s-1SUPERMIN_DTB\s0" 4
.IX Item "SUPERMIN_DTB"
Force the given device tree file to be used.
.IP "\s-1SUPERMIN_KERNEL_VERSION\s0" 4
.IX Item "SUPERMIN_KERNEL_VERSION"
On non\-x86 architectures, you may need to set this environment
variable if supermin cannot determine the kernel version of
\&\f(CW\*(C`SUPERMIN_KERNEL\*(C'\fR just by looking at the file.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
,
\&\fIguestfs\fR\|(3),
.
.SH "AUTHORS"
.IX Header "AUTHORS"
.IP "\(bu" 4
Richard W.M. Jones
.IP "\(bu" 4
Matthew Booth
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (C) 2009\-2014 Red Hat Inc.
.PP
This program is free software; you can redistribute it and/or modify
it under the terms of the \s-1GNU\s0 General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.PP
This program is distributed in the hope that it will be useful,
but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty of
\&\s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE. \s0 See the
\&\s-1GNU\s0 General Public License for more details.
.PP
You should have received a copy of the \s-1GNU\s0 General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, \s-1MA 02139, USA.\s0