=head1 NAME

febootstrap - Bootstrap a basic Fedora system (like Debian debootstrap)

=head1 SYNOPSIS

 febootstrap [--options] REPO TARGET [MIRROR]

=head1 EXAMPLES

 febootstrap fedora-10 /tmp/f10
 febootstrap rawhide /tmp/rawhide
 febootstrap rawhide /tmp/rawhide http://mymirror/rawhide/x86_64/os
 febootstrap --groupinstall="Mail Server" fedora-10 /tmp/mailserver

=head1 DESCRIPTION

febootstrap creates a Fedora root filesystem, based on the Fedora
version specified by I<REPO> under the directory specified by
I<TARGET>.  Optionally I<MIRROR> can point to a local mirror
(otherwise the public Fedora mirrors are used).  I<REPO> names are
C<fedora-I<VERSION>> (eg. C<fedora-10>) or C<rawhide>.

febootstrap does I<not> need to be run as root.  If for some reason
you do run it as root, then it works slightly differently and may have
side effects such as stopping or starting system daemons.

For more advanced needs, take a look at L<mock(1)>, C<livecd-creator>
and I<thincrust.net>'s C<appliance-creator>.

The normal output is a root directory located at I<TARGET> and
a fakeroot logfile at C<I<TARGET>/fakeroot.log>.

=head1 OPTIONS

=over 4

=item B<-i package>

=item B<--install=package>

=item B<-g "group">

=item B<--groupinstall="group">

Specify the package or group to install.  To list multiple packages or
groups, you must give multiple C<-i> or C<-g> options.  Group names
can contain spaces, so use quotes where necessary.

These are passed directly to C<yum install> or C<yum groupinstall>
commands, and thus any dependencies are also resolved by yum.  You can
also use shell globs and filenames here, as with ordinary yum.

If no packages or groups are given, then we install the C<Core> group
which is a small working Fedora installation (but by no means
minimal).  Use C<yum groupinfo Core> to list the packages currently in
the C<Core> group.

=item B<--no-clean>

Normally febootstrap will clean up the yum repository
(C</var/cache/yum> inside the image).  This contains the downloaded
RPMs and metadata.  However if you give the C<--no-clean> option, then
the yum repository is left.  This is useful if you want to run further
yum commands inside the filesystem by hand.

=item B<-p "proxyurl">

=item B<--proxy="proxyurl">

URL to the proxy server that yum should use.

=item B<-u source>

=item B<--updates=source>

Pull in updates from an additional updates repository.  The possible
sources are:

=over 4

=item -u C<http://...> (a URL)

Get updates from the specific URL.

=item -u C<updates-released-fN> (an updates repository name)

Get updates from the public mirrors of the named repository
(eg. C<updates-released-f10>).  See REPOSITORIES below.

=item -u C<none> (default)

Don't add an updates repository.  This is the default.

=back

=back

=head1 REPOSITORIES

You can list available repositories by visiting this URL:

L<http://mirrors.fedoraproject.org/mirrorlist?repo=help&arch=i386>

(If necessary replace C<i386> with your architecture, but it seems
unlikely that this list will change based on architecture).

=head1 RUNNING EXTRA COMMANDS IN THE ROOT FILESYSTEM

If you want to run further commands inside the root filesystem, for
example additional C<yum> installs, then use C<febootstrap-run>.  See
the L<febootstrap-run(8)> manual page for more details.

You have to be careful about modifying files in the root filesystem
directly (without using C<febootstrap-run>).  It's easy to confuse
fakeroot and end up with the wrong permissions on files (see FAKEROOT
LOGFILE below).

C<febootstrap-run> runs the command inside the root filesystem, which
means it won't normally have access to files outside the root.  You
can use C<FAKECHROOT_EXCLUDE_PATH> environment variable (see
L<fakechroot(1)>) or copy files into the root first.

=head2 FAKEROOT LOGFILE

When febootstrap is run as non-root (the normal case) we use fakeroot
so that yum thinks it is running as root.  Fakeroot keeps track of
"real" file permissions in a log file which is saved into the target
directory as C<I<TARGET>/fakeroot.log>.

This logfile is indexed by inode number, which makes certain
operations safe and other operations unsafe.
Files should be replaced only by doing:

 echo updated-content > old-file

(since that preserves the original inode).

Deleting files and then creating new ones (even with a different name)
is usually unsafe, because the new files might reuse inodes claimed by
the old files, and so appear with peculiar permissions
(eg. unreadable, or as a symbolic link).

Deleting files is also usually unsafe, although the reasons are more
subtle.  If you just use C<rm> then the inode number is not deleted
from C<fakeroot.log> which means it can be reused by another file
later on.

In most cases it's usually safest to use C<febootstrap-run>.

You can use the fakeroot logfile in a number of ways:

=over 4

=item *

Use L<febootstrap-run(8)> to run a command with the faked file
permissions.

=item *

Use L<febootstrap-install(8)> to install a file with permissions
in the root filesystem.

=item *

Generate an initramfs (compressed cpio) file containing the correct
permissions using the tool C<febootstrap-to-initramfs>.

=item *

Generate a supermin appliance using the tool
C<febootstrap-to-supermin>.

=item *

Apply the permissions to the target directory using the forthcoming
tool C<febootstrap-fix-root> (requires root).

=back

=head1 RUNNING FEBOOTSTRAP AS ROOT

There is some rudimentary support for running C<febootstrap> as root.
However it is not well-tested and generally not recommended.

=head1 COMPARISON TO DEBOOTSTRAP

febootstrap cannot do cross-architecture installs (C<debootstrap
--foreign>).  The reason is that C<%pre> and C<%post> scripts cannot
run.  It may be possible to defer running of scriptlets (which is
basically how debootstrap works), and patches to do this are welcomed.

febootstrap cannot do 32-on-64 bit installs.  The reason is that
fakeroot and fakechroot do not load the correct preload library.  This
is really a bug in fakeroot/fakechroot, which we think would be easy
to fix.  (debootstrap deals with this case the same as for
C<--foreign> installs - see previous point).

=head1 OTHER RESTRICTIONS AND BUGS

The following programs are not run during C<%post> scriptlets (because
they are all statically linked, and fakechroot cannot run statically
linked programs).

=over 4

=item C</sbin/ldconfig> (from many packages)

=item C</usr/sbin/glibc_post_upgrade> (from C<glibc>)

=item C</usr/sbin/build-locale-archive> (from C<glibc-common>)

=item C</usr/sbin/libgcc_post_upgrade> (from C<libgcc>)

=back

If you wish, you can run them the first time you boot into the new
machine.

febootstrap recreates the repository anew each time, and this causes
yum to download all the RPMs every time.  This is very wasteful, and
we should provide a way to cache the repository.

=head1 HOME PAGE

L<http://et.redhat.com/~rjones/febootstrap>

=head1 SEE ALSO

L<febootstrap-to-initramfs(8)>,
L<febootstrap-minimize(8)>,
L<febootstrap-run(8)>,
L<febootstrap-install(8)>,
L<febootstrap-to-supermin(8)>,
L<fakeroot(1)>,
L<fakechroot(1)>,
L<yum(8)>,
L<rpm(8)>.

=head1 ALTERNATIVES

L<mock(1)>,
L<http://fedoraproject.org/wiki/FedoraLiveCD/LiveCDHowTo>,
L<http://thincrust.net/>,
L<debootstrap(8)>,
C<ubuntu-vm-builder>.

=head1 AUTHORS

Richard W.M. Jones <rjones @ redhat . com>

=head1 COPYRIGHT

(C) Copyright 2009 Red Hat Inc.,
L<http://et.redhat.com/~rjones/febootstrap>.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.