This document describes the architecture, dev workflow, and key commands needed to work on this project as an AI agent. Read it before making changes.
tuna-installer/ ← this repo (tuna-os/tuna-installer)
├── tuna_installer/ ← Python GTK4/Adwaita GUI (the Flatpak app)
│ └── views/
│ ├── progress.py ← VTE terminal, fisherman launcher, progress JSON parser
│ ├── done.py ← final screen (reboot / log viewer)
│ └── confirm.py ← confirmation screen before install
├── fisherman/ ← git submodule → tuna-os/fisherman (Go backend)
│ └── fisherman/
│ ├── cmd/fisherman/main.go ← install pipeline (steps 1-9)
│ └── internal/
│ ├── disk/ ← partition, format, mount, finalize
│ ├── luks/ ← LUKS format, open, TPM2 enrol
│ ├── install/ ← bootc install to-filesystem (podman run)
│ ├── post/ ← hostname, flatpak copy, cleanup/unmount
│ ├── progress/ ← JSON-line progress emitter
│ ├── recipe/ ← recipe.go schema + Validate()
│ └── runner/ ← Run() helper (exec + set-x logging)
├── flatpak/
│ └── org.tunaos.Installer.json ← Flatpak manifest (GNOME 50 runtime)
├── data/ ← GSchema, desktop file, icons
├── po/ ← translations
└── .github/workflows/flatpak.yml ← CI: builds + publishes "continuous" pre-release
fisherman is a root-level CLI that reads a JSON recipe and executes the full disk install pipeline. It emits newline-delimited JSON progress to stdout:
{"type":"step","step":2,"total_steps":9,"step_name":"Formatting EFI partition"}
{"type":"substep","message":"Pulling container image"}
{"type":"info","message":"Writing hostname: tunaos"}
{"type":"complete","message":"Installation complete!"}Install pipeline (main.go):
| Step | Action |
|---|---|
| 1 | Partition disk (sgdisk via disk.Partition / disk.PartitionEncrypted) |
| 2 | Format EFI (mkfs.fat -F32) and optionally /boot (mkfs.ext4) |
| 3 | Set up LUKS (optional: cryptsetup luksFormat + luksOpen) |
| 4 | Format root filesystem (mkfs.xfs or mkfs.btrfs) |
| 5 | Mount everything at /mnt/fisherman-target |
| 6 | bootc install to-filesystem via podman run --privileged |
| 7 | Copy system Flatpaks (/var/lib/flatpak → target) |
| 8 | Write /etc/hostname into the ostree deployment |
| 9 | Finalize: fstrim → remount ro → fsfreeze/thaw |
Key design decisions:
--skip-finalizeis passed to bootc so the target stays writable for step 8. Step 9 manually replicatesbootc's internalfinalize_filesystem().- Scratch space for bootc blob downloads is
/var/fisherman-tmp(disk-backed), bind-mounted to/var/tmpon the host. Do NOT change this to/run/*—/runis a tmpfs (~50% RAM) and too small for large images. - Partition layout: always 3-partition (EFI +
/bootext4 + root). The separate ext4/bootis required for two reasons: (1) GRUB's built-in XFS driver cannot read el10 XFS features (nrext64,exchange,rmapbt), so GRUB must only ever read ext4; (2) for encrypted installs,bootupctl(inside its bwrap sandbox) must be able to find the/bootUUID from a raw block device rather than a LUKS mapper. BothPartition()andPartitionEncrypted()produce the same 3-partition GPT table; the difference is that encrypted installs additionally set up LUKS on p3.
The GUI collects user choices and writes a recipe JSON, then launches fisherman via a VTE terminal.
Flatpak sandbox constraints:
- fisherman is staged to
~/.cache/tuna-installer/fisherman(host-visible via--filesystem=host) by_stage_fisherman_on_host()inprogress.py. - fisherman runs on the host via
flatpak-spawn --host pkexec <path>. systemctl rebootmust be called asflatpak-spawn --host systemctl rebootfrom inside the sandbox (seedone.py).- The installer log is written to
~/.cache/tuna-installer/fisherman-output.log.
Recipe JSON written by the GUI:
{
"disk": "/dev/nvme0n1",
"filesystem": "xfs",
"btrfsSubvolumes": false,
"encryption": {
"type": "tpm2-luks-passphrase",
"passphrase": "hunter2"
},
"image": "ghcr.io/tuna-os/yellowfin:gnome50",
"targetImgref": "ghcr.io/tuna-os/yellowfin:gnome50",
"selinuxDisabled": true,
"hostname": "tunaos",
"flatpaks": ["org.mozilla.firefox", "..."]
}Encryption types: "none", "luks-passphrase", "tpm2-luks", "tpm2-luks-passphrase".
fisherman lives at fisherman/ and is a git submodule pointing to
github.com/tuna-os/fisherman. You must commit and push changes there
separately before updating the parent repo's submodule pointer.
# 1. Edit files inside fisherman/fisherman/
cd fisherman/fisherman
# ... make changes ...
go build ./cmd/fisherman/ # quick compile check
go vet ./... # lint
# 2. Commit + push fisherman
git add -A && git commit -m "fix: describe the change"
git push
# 3. Update the submodule pointer in the parent repo
cd /var/home/james/dev/tuna-installer
git add fisherman
git commit -m "chore: update fisherman submodule (describe the change)"
git pushcd /var/home/james/dev/tuna-installer
# edit tuna_installer/views/*.py or other files
git add -A && git commit -m "fix: describe the change"
git pushcd /var/home/james/dev/tuna-installer
# Build and install locally (takes ~10 min first time; cached after)
flatpak run org.flatpak.Builder \
--force-clean --user --install \
_build flatpak/org.tunaos.Installer.json
# Bundle for deployment to a remote machine
flatpak build-bundle \
~/.local/share/flatpak/repo \
org.tunaos.Installer.flatpak \
org.tunaos.Installer
# Deploy to a remote machine (e.g. 192.168.0.119)
scp org.tunaos.Installer.flatpak james@192.168.0.119:~
ssh james@192.168.0.119 \
"flatpak uninstall --user -y org.tunaos.Installer; \
flatpak install --user --bundle -y ~/org.tunaos.Installer.flatpak"flatpak run org.tunaos.Installer
# Or with a local fisherman binary (dev/test):
TUNA_FISHERMAN_PATH=/path/to/fisherman flatpak run org.tunaos.Installer# Build fisherman
cd fisherman/fisherman
go build -o /tmp/fisherman ./cmd/fisherman/
# Run with a recipe (as root — fisherman needs root for disk ops)
sudo /tmp/fisherman /path/to/recipe.json
# Watch the log on a remote machine
ssh james@192.168.0.119 "tail -f ~/.cache/tuna-installer/fisherman-output.log"- Every push to
maintriggers.github/workflows/flatpak.ymlwhich builds the Flatpak and publishes it as thecontinuouspre-release on GitHub. .github/workflows/python-test.ymlruns on every push: 30 unit tests (no display) + 14 GTK UI integration tests (Xvfb).- Tagged pushes (
v*) publish a named release. - Container:
ghcr.io/flathub-infra/flatpak-github-actions:gnome-50 - The submodule is checked out recursively by CI (
submodules: recursive).
Always verify CI passes after pushing both submodule + parent repo commits.
tests/
├── unit/
│ └── test_processor.py ← 30 pure-Python tests for processor.py (no display)
└── ui/
├── conftest.py ← GResource loader + Adw.init() for headless GTK
└── test_wizard.py ← 14 GTK integration tests (real widgets via Xvfb)
Run unit tests:
pytest tests/unit/ -vRun UI tests (requires a display — use Xvfb in CI or a live X session locally):
xvfb-run -a pytest tests/ui/ -vWhen you change tuna_installer/utils/processor.py:
- Update
tests/unit/test_processor.pyto cover new fields or changed logic. - Every new recipe field emitted by
processor.pyshould have at least one parametrized test asserting the correct JSON value in the output recipe.
When you change a wizard step's get_finals() output (e.g. defaults/image.py,
defaults/disk.py, defaults/encryption.py, defaults/user.py):
- Update
tests/ui/test_wizard.pyif the changed step is covered there. - If a new
get_finals()key is added, add an assertion for it in the relevantTestXxxStepclass.
When you add a new wizard step:
- Add the step to
_SYS_RECIPE["steps"]intests/ui/test_wizard.pyonly if its template widgets are available in the CI libadwaita version (Ubuntu 24.04 ships libadwaita 1.5.x —Adw.ButtonRowand other ≥ 1.6 widgets will fail). If in doubt, leave the step out of the test recipe and test via unit tests only. - Add unit test coverage in
test_processor.pyfor any new recipe fields the step produces.
When you change fisherman/fisherman/internal/recipe/recipe.go:
- Update
fisherman/fisherman/internal/recipe/recipe_test.go— add valid and invalid cases for any new fields or validation rules.
| File | Purpose |
|---|---|
fisherman/fisherman/cmd/fisherman/main.go |
Install pipeline, step ordering, totalSteps |
fisherman/fisherman/internal/disk/format.go |
FinalizeFilesystem, FormatBoot, MountEFI, BindMount |
fisherman/fisherman/internal/disk/partition.go |
Partition (2-part), PartitionEncrypted (3-part) |
fisherman/fisherman/internal/luks/luks.go |
LUKS format, open, close, EnrollTPM2 |
fisherman/fisherman/internal/install/install.go |
BootcInstall → podman command |
fisherman/fisherman/internal/post/post.go |
WriteHostname, CopyFlatpaks, Cleanup |
fisherman/fisherman/internal/recipe/recipe.go |
Recipe struct, Validate() |
tuna_installer/views/progress.py |
VTE terminal, fisherman launch, JSON progress parsing |
tuna_installer/views/done.py |
Final screen, reboot button, log viewer |
flatpak/org.tunaos.Installer.json |
Flatpak manifest (runtime, finish-args, Go version) |
.github/workflows/flatpak.yml |
CI build + publish workflow |
.github/workflows/python-test.yml |
CI unit + GTK UI integration tests |
tests/unit/test_processor.py |
30 unit tests for processor.py (no display needed) |
tests/ui/conftest.py |
GResource loader + Adw.init() for headless GTK tests |
tests/ui/test_wizard.py |
14 GTK integration tests (image step finals, E2E recipe gen) |
- UI freeze during blob download:
__on_vte_contents_changedinprogress.pyscrapes the entire VTE text buffer on every character change. When bootc fires 60+ blob copy lines per second, the GTK main loop starves. Fix: switch to tailing the log file directly withGLib.io_add_watch. - TPM2 enrolment failure:
systemd-cryptenroll --unlock-key-file=-fails with "Reading keyfile /var/roothome/- failed". Non-fatal (password fallback works). bootc install finalizeis a no-op upstream: We replicate the real finalization ops indisk.FinalizeFilesystem()ourselves (fstrim, remount ro, fsfreeze/thaw).- Set BootNext on Reboot: The "Reboot Now" button should temporarily set the
boot drive to the newly installed drive for the next boot (via
efibootmgr --bootnext). This ensures the system doesn't reboot back into the installer if the installation media is still plugged in.
# Watch the live install log
tail -f ~/.cache/tuna-installer/fisherman-output.log
# Check the most recent recipe used
ls -lt ~/.cache/tuna-installer/tuna-recipe-*.json | head -1 | xargs cat
# Inspect the installed disk after install (replace nvme0n1 with actual disk)
sudo lsblk -o NAME,SIZE,FSTYPE,LABEL,UUID /dev/nvme0n1
sudo mount /dev/nvme0n1p2 /tmp/ir && sudo mount /dev/nvme0n1p1 /tmp/ie
cat /tmp/ir/boot/grub2/grub.cfg
cat /tmp/ie/EFI/almalinux/bootuuid.cfg
ls /tmp/ir/boot/loader/entries/
sudo umount /tmp/ie /tmp/ir
# Check EFI boot entries
efibootmgr
# Check bootupd state on installed root
sudo mount /dev/nvme0n1p2 /tmp/ir
cat /tmp/ir/boot/bootupd-state.json
sudo umount /tmp/ir- Move
images.jsontofisherman(Done): The image registry (fisherman/data/images.json) now lives in thefishermanbackend. This allowsfishermanto act as a universal registry of BootC images, containing not just the OCI references but also the specific installation requirements for each image (e.g., whether it requires manual user creation, specific kernel arguments, or filesystem defaults). - Universal BootC Registry: Evolving the image manifest into a standard format that other installers or tools could consume to understand the "metadata" of a BootC image.
- Dynamic Installation Carousel: The
images.jsonshould eventually include acarouselproperty for each image or group, allowing for distribution-specific slideshows during the installation process, with support for inheritance and/etcoverrides.
tuna-os/tuna-installer— this repo (GUI + submodule)tuna-os/fisherman— Go backend (submodule atfisherman/)tuna-os/github-copr— COPR definitions for c10s-gnome COPRs used in the image- Images are published to
ghcr.io/tuna-os/(e.g.yellowfin:gnome50,yellowfin:gnome-hwe)