overthinkos/fedora-builder
ov-images/skills/fedora-builder/SKILL.md
Builder image with pixi, Node.js, and C/C++ build toolchain. Used as the default builder for multi-stage image builds. MUST be invoked before building, deploying, configuring, or troubleshooting the fedora-builder image.
tools
Updated Apr 24, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins fedora-builderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 2:20 PM115.3s1 file scanned
SKILL.md
- name:
- fedora-builder
- description:
- |
fedora-builder
Builder image with package managers and compilation tools. Default builder for pixi, npm, and cargo multi-stage builds (declared via builds: [pixi, npm, cargo]).
Image Properties
| Property | Value | |----------|-------| | Base | fedora | | Layers | rpmfusion, pixi, nodejs, build-toolchain | | Platforms | linux/amd64 | | Registry | ghcr.io/overthinkos |
Full Layer Stack
fedora(quay.io/fedora/fedora:43)rpmfusion— RPM Fusion free + nonfree repo configuration. Applied first so subsequent layers candnf installpackages from RPM Fusion (e.g.x264-devel,ffmpeg-devel,libva-devel)pixi— pixi package manager + env pathsnodejs— Node.js + npmbuild-toolchain— gcc, cmake, autoconf, ninja, git, pkg-config, plus the smithay/cargo build deps (rust,cargo,clang-devel,nasm,wayland-devel,libva-devel,x264-devel,ffmpeg-devel,pixman-devel, …) needed for builder-stage compilation of Wayland compositors like pixelflux. See/ov-layers:build-toolchainfor the full grouped list.
Why rpmfusion is first
The build-toolchain layer's dnf install references packages that live in RPM Fusion free
(libva-devel, x264-devel, ffmpeg-devel). These are required to build pixelflux from
source (its libva-sys, x264-sys, and ffmpeg-sys-next cargo crates link against the
system libs). Without rpmfusion applied first, those dnf install calls would fail.
See /ov-layers:selkies (Patched pixelflux build pipeline) for the consumer story.
Role in Build System
This image is referenced in defaults.builders as the builder for pixi, npm, and cargo multi-stage builds. It declares builds: [pixi, npm, cargo] to advertise its capabilities. The generator uses it as the FROM stage in multi-stage builds, providing build tools without bloating final images.
Quick Start
ov image build fedora-builder
ov shell fedora-builder
Key Layers
/ov-layers:pixi— Python package management foundation/ov-layers:nodejs— Node.js runtime and npm/ov-layers:build-toolchain— C/C++ compilation tools
Related Images
/ov-images:fedora— parent base
Verification
After ov image build:
ov image list— image appears in listov shell fedora-builder— interactive shell works
When to Use This Skill
MUST be invoked when the task involves the fedora-builder image, multi-stage builds, or build cache configuration. Invoke this skill BEFORE reading source code or launching Explore agents.
Related
/ov:image— image family umbrella (image:entries inoverthink.yml, build/validate/inspect/list)/ov:build—build.ymlvocabulary (distros, builders, init-systems)
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026