12 files changed, 987 insertions, 11 deletions

diff --git a/recipes-extended/images/README-xen.md b/recipes-extended/images/README-xen.md
new file mode 100644
index 00000000..82d72364
--- /dev/null
+++ b/recipes-extended/images/README-xen.md
@@ -0,0 +1,173 @@
+This README contains information on the xen reference images
+and testing / usability information
+
+Images
+------
+
+xen-image-minimal:
+
+This is the reference xen host image. It currently requires systemd
+and xen as DISTRO_FEATURES.
+
+All required dependencies are included for typical execution (and
+debug) of guests.
+
+xen-guest-image-minimal:
+
+This is the reference guest / domU image. Note that it boots the
+same kernel as the xen host image (unless multiconfig is used
+to differentiate).
+
+It creates tarballs, ext4 and qcow images for testing purposes.
+
+bundling
+--------
+
+Guests can be bundled automatically through the following mechanisms:
+
+  - via the variable XEN_BUNDLED_GUESTS
+  - via a xen configuration file in the deploy directory of the format
+    xen-guest-bundle-*.cfg
+
+The guests can be built via OE, or be 3rd party guests. They just
+must be in the deploy directory so they can be copied into the rootfs
+of the xen host image
+
+Type 1) XEN_BUNDLED_GUESTS
+
+If XEN_BUNDLED_GUESTS is used, it is simply a colon separated list of
+rootfs:kernels. Normal variable rules apply, so it can be set in a
+local.conf, or in a bbappend to the image recipe.
+
+An example would be:
+
+ XEN_BUNDLED_GUESTS = "xen-guest-image-minimal-qemuarm64.rootfs.ext4:Image"
+
+These point at symlinks created in the image deploy directory, or they
+can be specific images/kernels without the symlink.
+
+Type 2) A Xen guest configuration file
+
+If xen guest configuration files are found in the deploy directories
+the kernel and disk information contained within them will be processed
+and modified for the xen host. The kernel and guest image will be
+copied to the appropriate location, and the config made to match.
+
+These files following the naming convention: xen-guest-bundle*.cfg
+
+Guests of type #1 generate a configuration file that is picked up as
+type #2.
+
+An example config file follows:
+
+   name = "xen-guest"
+   memory = 512
+   vcpus = 1
+   disk = ['file:xen-guest-image-minimal-qemuarm64.rootfs.ext4,xvda,rw']
+   vif = ['bridge=xenbr0']
+   kernel = "Image"
+   extra = "root=/dev/xvda ro console=hvc0 ip=dhcp"
+
+It should also be noted that when a xen-guest-image-minimal is built
+with the XEN_GUEST_AUTO_BUNDLE varaible set to True, a configuration
+file for type #2 will be generated and the guest bundled automatically
+when the host image is built.
+
+kernel and rootfs are copied to the target in /var/lib/xen/images/
+
+configuration files are copied to: /etc/xen
+
+Guests can be launched after boot with: xl create -c /etc/xen/<config file>
+
+Build and boot
+--------------
+
+Using a reference qmeuarm64 MACHINE, the following are the commands
+to build and boot a guest.
+
+local.conf contains:
+
+   XEN_BUNDLED_GUESTS = "xen-guest-image-minimal-qemuarm64.rootfs.ext4:Image"
+
+ % bitbake xen-guest-image-minimal
+ % bitbake xen-image-minimal
+
+ % runqemu qemuarm64 nographic slirp qemuparams="-m 4096" tmp/deploy/images/qemuarm64/xen-image-minimal-qemuarm64.rootfs.ext4
+
+Poky (Yocto Project Reference Distro) 5.1 qemuarm64 hvc0
+
+qemuarm64 login: root
+
+WARNING: Poky is a reference Yocto Project distribution that should be used for
+testing and development purposes only. It is recommended that you create your
+own distribution for production use.
+
+ root@qemuarm64:~# uname -a
+Linux qemuarm64 6.10.11-yocto-standard #1 SMP PREEMPT Fri Sep 20 22:32:26 UTC 2024 aarch64 GNU/Linux
+root@qemuarm64:~# ls /etc/xen/
+auto
+cpupool
+scripts
+xen-guest-bundle-xen-guest-image-minimal-qemuarm64--20241112174803.cfg
+xl.conf
+root@qemuarm64:~# ls /var/lib/xen/images/
+Image--6.10.11+git0+4bf82718cf_6c956b2ea6-r0-qemuarm64-20241018190311.bin
+xen-guest-image-minimal-qemuarm64.rootfs-20241111222814.ext4
+
+ root@qemuarm64:~# ip a s
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host noprefixroute 
+       valid_lft forever preferred_lft forever
+2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master xenbr0 qlen 1000
+    link/ether 52:54:00:12:35:02 brd ff:ff:ff:ff:ff:ff
+3: sit0@NONE: <NOARP> mtu 1480 qdisc noop qlen 1000
+    link/sit 0.0.0.0 brd 0.0.0.0
+4: xenbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue qlen 1000
+    link/ether ee:e4:a8:24:24:e7 brd ff:ff:ff:ff:ff:ff
+    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic xenbr0
+       valid_lft 86354sec preferred_lft 86354sec
+    inet6 fec0::ece4:a8ff:fe24:24e7/64 scope site dynamic noprefixroute flags 100 
+       valid_lft 86356sec preferred_lft 14356sec
+    inet6 fe80::ece4:a8ff:fe24:24e7/64 scope link 
+       valid_lft forever preferred_lft forever
+
+ root@qemuarm64:~# xl create -c /etc/xen/xen-guest-bundle-xen-guest-image-minimal-qemuarm64--20241112174803.cfg
+
+qemuarm64 login: root
+
+WARNING: Poky is a reference Yocto Project distribution that should be used for
+testing and development purposes only. It is recommended that you create your
+own distribution for production use.
+
+root@qemuarm64:~# uname -a
+Linux qemuarm64 6.10.11-yocto-standard #1 SMP PREEMPT Fri Sep 20 22:32:26 UTC 2024 aarch64 GNU/Linux
+
+root@qemuarm64:~# wget example.com
+Connecting to example.com (93.184.215.14:80)
+wget: can't open 'index.html': File exists
+root@qemuarm64:~# rm index.html 
+root@qemuarm64:~# wget example.com
+Connecting to example.com (93.184.215.14:80)
+saving to 'index.html'
+index.html           100% |********************************|  1256  0:00:00 ETA
+'index.html' saved
+
+From the host:
+
+Connection to 127.0.0.1 closed.
+build4 [/home/bruc.../qemuarm64]> ssh -p 2222 root@127.0.0.1
+Last login: Tue Nov 12 20:42:57 2024 from 10.0.2.2
+
+WARNING: Poky is a reference Yocto Project distribution that should be used for
+testing and development purposes only. It is recommended that you create your
+own distribution for production use.
+
+root@qemuarm64:~# xl list
+Name                                        ID   Mem VCPUs      State   Time(s)
+Domain-0                                     0   192     4     r-----     696.2
+xen-guest                                    1   512     1     -b----     153.0
+root@qemuarm64:~# xl destroy xen-guest
+
diff --git a/recipes-extended/images/README.md b/recipes-extended/images/README.md
new file mode 100644
index 00000000..1a25f724
--- /dev/null
+++ b/recipes-extended/images/README.md
@@ -0,0 +1,311 @@
+This README describes the contents of the reference images in
+this directory, as well as some testing and usability tips.
+
+container-image-host
+--------------------
+
+As described in the recipe, this is a flexible image definition that
+is suitable for building a container host image for a target.
+
+The configuration options for the image are best found in the recipe
+itself, so the information will not be duplicated here. The type of
+container host that will be created is controlled by the CONTAINER_PROFILE
+variable:
+
+i.e. in your local.conf: CONTAINER_PROFILE="docker"
+
+The valid settings for this variable can be found in the image recipe.
+
+The recipe checks for mandatory distro features, recommends others
+and provides a list of optional distro features for some workloads.
+
+This image also builds using virt-unique-hostname, which ensures that
+there is some randomization as hostname is often used to identify
+hosts when clustered (i.e. k3s).
+
+To have enough disk space for container images, it is configured
+with extra space. Depending on your use case, you can add (or remove)
+space as appropriate.
+
+Also note that more memory than the default is often required.
+
+An example execution of the image is:
+
+  % runqemu qemuarm64 nographic slirp qemuparams="-m 2048" tmp/deploy/images/qemuarm64/container-image-host-qemuarm64.rootfs.ext4
+
+ssh is enabled in this image by default, so the image can be accessed
+via:
+
+  % ssh -p 2222 root@127.0.0.1
+
+After a container image has been built, it can be copied fro the
+deploy directory to the registry of your choice, for example:
+
+  % cd build/tmp/deploy/images/qemuarm64
+  % skopeo copy --dest-creds <username>:<creds> oci:c3-systemd-container-latest-oci:latest docker://zeddii/c3-systemd-container
+
+Examples of pulling images to the container host for the various
+runtimes follow:
+
+  % podman pull --creds <username>:<password> zeddii/container-devtools
+  % podman run -it docker.io/zeddii/container-devtools bash
+
+  % root@qemuarm64-54:~# docker login
+  # Login Succeeded
+  % root@qemuarm64-54:~# docker pull zeddii/container-devtools
+
+  % root@qemuarm64-54:~# docker run -it --entrypoint /bin/sh zeddii/container-base
+  # [  804.133881] docker0: port 1(veth2801d6a) entered blocking state
+  # [  804.134425] docker0: port 1(veth2801d6a) entered disabled state
+  # [  804.135018] veth2801d6a: entered allmulticast mode
+  # [  804.136101] veth2801d6a: entered promiscuous mode
+  # [  806.227282] eth0: renamed from veth384b37d
+  # [  806.235331] docker0: port 1(veth2801d6a) entered blocking state
+  # [  806.236010] docker0: port 1(veth2801d6a) entered forwarding state
+  # / # ls
+  # bin    boot   dev    etc    home   lib    media  mnt    proc   run    sbin   sys    tmp    usr    var
+
+container-base:
+---------------
+
+Provides a minimal container image (but not absolutely smallest) that is
+inherited / included by the other container images.
+
+By default container base does not execute anything (it doesn't define
+and OCI_IMAGE_ENTRYPOINT), but does provide a shell that can be used
+to inspect the image.
+
+  % root@qemuarm64-54:~# docker run -it zeddii/container-base sh       
+  [51393.764879] docker0: port 1(veth06cb397) entered blocking state
+  [51393.765340] docker0: port 1(veth06cb397) entered disabled state
+  [51393.765854] veth06cb397: entered allmulticast mode
+  [51393.766753] veth06cb397: entered promiscuous mode
+  [51396.060958] eth0: renamed from veth7e5a654
+  [51396.074281] docker0: port 1(veth06cb397) entered blocking state
+  [51396.074786] docker0: port 1(veth06cb397) entered forwarding state
+  / # ls
+  bin    boot   dev    etc    home   lib    media  mnt    proc   run    sbin   sys    tmp    usr    var
+  / # df -kh .
+  Filesystem                Size      Used Available Use% Mounted on
+  overlay                  37.8G      1.9G     33.8G   5% /
+  / # du -sh .
+  2.6M    .
+  / # 
+
+  % root@qemuarm64-54:~# ctr images pull --user <user>:<password> docker.io/zeddii/container-base:latest
+  docker.io/zeddii/container base:latest          saved
+  └──manifest (45395e734a93)                      complete        |++++++++++++++++++++++++++++++++++++++|
+     ├──layer (1fd5069cdbad)                      waiting         |--------------------------------------|
+     └──config (24b67db5b19e)                     waiting         |--------------------------------------|
+  application/vnd.oci.image.manifest.v1+json sha256:45395e734a931468f5329d20d20babf13fbabbcd993e27b0e5c4198d09130966
+  Pulling from OCI Registry (docker.io/zeddii/container-base:latest)      elapsed: 3.7 s  total:  463.0   (123.0 B/s)
+
+  % root@qemuarm64-54:~# ctr run --rm -t docker.io/zeddii/container-base:latest zedd_shell sh
+  / # date
+  Tue Oct 29 00:09:19 UTC 2024
+  / # 
+
+  % root@qemuarm64-54:~# nerdctl pull docker.io/zeddii/container-base:latest
+  docker.io/zeddii/container-base:latest:                                           resolved       |++++++++++++++++++++++++++++++++++++++| 
+  docker.io/zeddii/container-base:latest:                                           resolved       |++++++++++++++++++++++++++++++++++++++| 
+  manifest-sha256:45395e734a931468f5329d20d20babf13fbabbcd993e27b0e5c4198d09130966: exists         |++++++++++++++++++++++++++++++++++++++| 
+  config-sha256:24b67db5b19e0bb90291f1d5619362c7eaade7a8c65da9a32c2016394a5b57bf:   exists         |++++++++++++++++++++++++++++++++++++++| 
+  elapsed: 1.2 s                                                                    total:   0.0 B (0.0 B/s)
+
+  # FIXME: At the time of creating this README, bridge networking and CNI is not working.
+  % root@qemuarm64-54:~# nerdctl run -it --net=host docker.io/zeddii/container-base:latest sh
+  / # 
+
+container-devtools-base:
+-------------------------
+
+includes container-base, and adds image features to make development
+tools/headers available.
+
+Anything added to CORE_DEV_IMAGE_EXTRA_INSTALL will be installed into
+the image in it's development variant.
+
+The container shell is changed to bash from busybox.
+
+package-management is added to this image type, but by default there
+is no package feed configured (since it must be pointed at a build)
+
+  % root@qemuarm64-54:~# docker run -it zeddii/container-devtools bash
+  bash-5.2# du -sh .
+  399M    .
+  bash-5.2# rpm -qa | wc -l
+  308
+  bash-5.2# gcc --version 
+  gcc (GCC) 14.2.0
+  Copyright (C) 2024 Free Software Foundation, Inc.
+  This is free software; see the source for copying conditions.  There is NO
+  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+By default this container has (for rpm) package management configured
+to point to a feed being run against the local build on the host machine
+
+To create a package feed:
+
+  % bitbake package-index
+
+To add a package to the package-index (example: vim-tiny)
+
+  % bitbake vim-tiny
+  % bitbake vim-tiny --runall package_write_rpm
+  % bitbake package-index
+
+To run a local http server for the package feed:
+
+  % cd build/tmp/deploy
+  % sudo python3 -m http.server 80
+
+Run the dev container:
+
+  % docker run -it zeddii/container-devtools bash
+  % dnf makecache
+  % dnf --nogpgcheck install vim-tiny
+
+container-app-base:
+--------------------
+
+Includes container-base.
+
+Provides an application container that installs a package (or packages) to
+the container and make the specified command the OCI_IMAGE_ENTRYPOINT.
+
+   CONTAINER_APP_CMD : the binary to run via the OCI_IMAGE_ENTRYPOINT
+   CONATINER_APP: packages to install to the container
+
+The default entry point is the "date" command.
+
+  % root@qemuarm64-54:~# docker run zeddii/container-app-base
+  Mon Oct 28 18:41:23 UTC 2024
+
+  % root@qemuarm64-54:~# docker run --entrypoint "du" zeddii/container-app-base -sh
+  2.6M    .
+
+  % podman run docker.io/zeddii/container-app-base
+  Mon Oct 28 18:41:23 UTC 2024
+
+container-systemd-base:
+------------------------
+
+Extends container-base to create a systemd enabled container that is
+an appropriate starting point if a systemd applciation is being run
+or a mulit-user style environment is required.
+
+The application specified in SYSTEMD_CONTAINER_APP will be installed
+and be available to be executed.
+
+The rootfs of this container type is post processed to enable and
+disable services as specified by the containeer definition. This allows
+service that are not appropriate in a containerized environemnt to
+be disabled (i.e. getty login)
+
+The list of services can be found in the recipes themselves.
+
+This container enables ssh by default, so that it can be executed
+in the background and then accessed as a full environment.
+
+Note: this is currently a priviledged container if run under docker.
+
+There are multiple ways to add/remove permissions from the container,
+and most are configurable during launch:
+
+  % root@qemuarm64-54:~# docker run -d --rm --name systemd_test  --privileged --cap-add SYS_ADMIN \
+     --security-opt seccomp=unconfined --cgroup-parent=docker.slice --cgroupns private \
+     --tmpfs /tmp --tmpfs /run --tmpfs /run/lock zeddii/systemd-container-base
+
+or
+
+  % docker run -d --rm --name systemd_test --privileged  --cgroup-parent=docker.slice \
+     --cgroupns private  zeddii/c3-systemd-container
+
+  % root@qemuarm64-54:~# docker ps
+  CONTAINER ID   IMAGE                         COMMAND        CREATED         STATUS         PORTS     NAMES
+  4b07cc907e26   zeddii/c3-systemd-container   "/sbin/init"   5 minutes ago   Up 5 minutes             systemd_test
+
+  % podman run -d --name systemd_test --privileged --cgroupns=host --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
+           -v /sys/fs/cgroup:/sys/fs/cgroup:ro  zeddii/systemd-container-base
+
+  % ctr container create --privileged --runtime="io.containerd.runc.v2" \
+      --mount type=bind,src=/sys/fs/cgroup,dst=/sys/fs/cgroup,options=rbind:rw \
+      docker.io/zeddii/systemd-container-base:latest  my_systemd_container /sbin/init
+
+  % ctr task start --detach my_systemd_container
+
+  % ctr task ls
+    TASK                    PID    STATUS    
+    my_systemd_container    690    RUNNING
+
+Then add a user to the container so you can login:
+
+  % root@qemuarm64-54:~# docker exec systemd_test useradd testuser
+  % root@qemuarm64-54:~# docker exec systemd_test sh -c "echo 'testuser:password' | chpasswd"
+
+  % podman exec systemd_test useradd testuser
+  % podman exec systemd_test sh -c "echo 'testuser:password' | chpasswd"
+
+  % ctr task exec --exec-id test_exec my_systemd_container useradd testuser
+  % ctr task exec --exec-id test_exec my_systemd_container sh -c "echo 'testuser:password' | chpasswd"
+  % ctr task exec -t --exec-id test_exec my_systemd_container bash
+
+Get the IP address:
+
+  % root@qemuarm64-54:~# docker inspect systemd_test | grep \"IPAddress\":    
+            "IPAddress": "172.17.0.2",
+                    "IPAddress": "172.17.0.2",
+
+  % root@qemuarm64-54:~# podman inspect 2f9e00c53c13 | grep IPAdd
+               "IPAddress": "10.88.0.5",
+                         "IPAddress": "10.88.0.5",
+
+ssh into the container:
+
+  % root@qemuarm64-54:~# ssh testuser@172.17.0.2
+  % testuser@172.17.0.2's password:
+
+  WARNING: Poky is a reference Yocto Project distribution that should be used for         
+  testing and development purposes only. It is recommended that you create your                     
+  own distribution for production use.
+
+  4b07cc907e26:~$ systemctl  | grep running
+    init.scope                                    loaded active     running   System and Service Manager
+    session-c1.scope                              loaded active     running   Session c1 of User testuser
+    dbus.service                                  loaded active     running   D-Bus System Message Bus
+    dhcpcd.service                                loaded active     running   A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support
+    getty@tty1.service                            loaded active     running   Getty on tty1
+    sshd@2-172.17.0.2:22-172.17.0.1:39264.service loaded active     running   OpenSSH Per-Connection Daemon (172.17.0.1:39264)
+    systemd-journald.service                      loaded active     running   Journal Service
+    systemd-logind.service                        loaded active     running   User Login Management
+    systemd-networkd.service                      loaded active     running   Network Configuration
+    systemd-nsresourced.service                   loaded active     running   Namespace Resource Manager
+    systemd-resolved.service                      loaded active     running   Network Name Resolution
+    systemd-userdbd.service                       loaded active     running   User Database Manager
+    user@1000.service                             loaded active     running   User Manager for UID 1000
+    xinetd.service                                loaded active     running   Xinetd A Powerful Replacement For Inetd
+    dbus.socket                                   loaded active     running   D-Bus System Message Bus Socket
+    systemd-journald-dev-log.socket               loaded active     running   Journal Socket (/dev/log)
+    systemd-journald.socket                       loaded active     running   Journal Sockets
+    systemd-networkd.socket                       loaded active     running   Network Service Netlink Socket
+    systemd-nsresourced.socket                    loaded active     running   Namespace Resource Manager Socket
+    systemd-userdbd.socket                        loaded active     running   User Database Manager Socket
+
+
+   % root@qemuarm64-54:~# ssh testuser@10.88.0.5
+   The authenticity of host '10.88.0.5 (10.88.0.5)' can't be established.
+   ECDSA key fingerprint is SHA256:ydCJGSVNLdWiAcC5PUkDsiFZZ6sDTeQ9Nt13a6HQCc4.
+   This key is not known by any other names.
+   Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+   Warning: Permanently added '10.88.0.5' (ECDSA) to the list of known hosts.
+   testuser@10.88.0.5's password: 
+
+   WARNING: Poky is a reference Yocto Project distribution that should be used for
+   testing and development purposes only. It is recommended that you create your
+   own distribution for production use.
+
+   2f9e00c53c13:~$ 
+
+Enjoy!
+
+
diff --git a/recipes-extended/images/cloud-image-controller.bb b/recipes-extended/images/cloud-image-controller.bb
index c816545f..b192db90 100644
--- a/recipes-extended/images/cloud-image-controller.bb
+++ b/recipes-extended/images/cloud-image-controller.bb
@@ -29,4 +29,4 @@ inherit core-image
 IMAGE_FSTYPES = "wic.vmdk tar.gz"
 
 # Ensure extra space for guest images
-#IMAGE_ROOTFS_EXTRA_SPACE = "41943040"
+#IMAGE_ROOTFS_EXTRA_SPACE = "2000000"
diff --git a/recipes-extended/images/container-app-base.bb b/recipes-extended/images/container-app-base.bb
new file mode 100644
index 00000000..34381ed2
--- /dev/null
+++ b/recipes-extended/images/container-app-base.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Basic Application container image"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+include container-base.bb
+
+# CONTAINER_APP_CMD is the executable to run as the entrypoint of the
+# container. What we have below is a placholder. if you run this
+# container, you'll get the date echo'd
+CONTAINER_APP_CMD ?= "date"
+
+# The container app is the package(s) to install into the container.
+# They must provide the command specified in CONTAINER_APP_CMD
+CONTAINER_APP ?= ""
+
+OCI_IMAGE_ENTRYPOINT = "${CONTAINER_APP_CMD}"
+IMAGE_INSTALL:append = " ${CONTAINER_APP}"
diff --git a/recipes-extended/images/container-base.bb b/recipes-extended/images/container-base.bb
index c9dd32d1..64655e0b 100644
--- a/recipes-extended/images/container-base.bb
+++ b/recipes-extended/images/container-base.bb
@@ -7,6 +7,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
 IMAGE_FSTYPES = "container oci"
+
 inherit image
 inherit image-oci
 
@@ -21,6 +22,10 @@ IMAGE_INSTALL = " \
        ${CONTAINER_SHELL} \
 "
 
+# Keep the entrypoint empty so that this image can be easily be
+# inherted and re-used for interactive or non interactive images
+OCI_IMAGE_ENTRYPOINT ?= ""
+
 # If the following is configured in local.conf (or the distro):
 #      PACKAGE_EXTRA_ARCHS:append = " container-dummy-provides"
 # 
@@ -36,7 +41,16 @@ CONTAINER_SHELL ?= "${@bb.utils.contains('PACKAGE_EXTRA_ARCHS', 'container-dummy
 IMAGE_CONTAINER_NO_DUMMY = "1"
 
 # Workaround /var/volatile for now
+# This is required because the lack of post-install scripts means volatile
+# directories (/var/volatile/*, etc.) are not created, so we do that ourselves
+# in a minimal way below. We could bootstrap and run some of the more standard
+# scripts that do it at boot, but we avoid that until needed.
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_fixup_var_volatile ; "
+
+# This :remove is required, because it comes along and deletes our /var/volatile/
+# fixups!
+ROOTFS_POSTPROCESS_COMMAND:remove = "empty_var_volatile"
+
 rootfs_fixup_var_volatile () {
     install -m 1777 -d ${IMAGE_ROOTFS}/${localstatedir}/volatile/tmp
     install -m 755 -d ${IMAGE_ROOTFS}/${localstatedir}/volatile/log
diff --git a/recipes-extended/images/container-devtools-base.bb b/recipes-extended/images/container-devtools-base.bb
new file mode 100644
index 00000000..63d40ab7
--- /dev/null
+++ b/recipes-extended/images/container-devtools-base.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Basic container image with development tools"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+CONTAINER_SHELL = "bash"
+
+CORE_DEV_IMAGE_EXTRA_INSTALL ?= ""
+
+include container-base.bb
+inherit core-image
+
+CORE_DEV_IMAGE_EDITOR ?= "vim-tiny"
+# base-utils is required for post-install scriptlets in most packages,
+# coreutils or busybox can do the job
+CORE_DEV_IMAGE_CORE_UTILS ?= "${VIRTUAL-RUNTIME_base-utils}"
+
+IMAGE_INSTALL += " \
+   ${CORE_DEV_IMAGE_EXTRA_INSTALL} \
+   ${CORE_DEV_IMAGE_CORE_UTILS} \
+   ${CORE_DEV_IMAGE_EDITOR} \
+   "
+
+OCI_IMAGE_ENTRYPOINT = ""
+
+# development headers, tools and package management to update
+# the container.
+IMAGE_FEATURES += "dev-pkgs"
+IMAGE_FEATURES += "tools-sdk"
+IMAGE_FEATURES += "package-management"
+
+# This default configuration of 10.0.2.2 is configured
+# to contact a web server running against a bitbaked
+# package-index
+#
+#  % cd build/tmp/deploy
+#  % sudo python3 -m http.server 80
+#
+DEVTOOLS_BASE_PKG_FEED_URL ?= "http://10.0.2.2/rpm"
+
+
+# TODO: support more than rpm
+ROOTFS_POSTPROCESS_COMMAND += "rootfs_pkg_feed_config ; "
+rootfs_pkg_feed_config () {
+    if [ "${IMAGE_PKGTYPE}" = "rpm" ]; then
+       install -m 755 -d ${IMAGE_ROOTFS}/${sysconfdir}/yum.repos.d
+cat <<EOF >>${IMAGE_ROOTFS}/${sysconfdir}/yum.repos.d/oe-packages.repo
+[oe-packages]
+baseurl="${DEVTOOLS_BASE_PKG_FEED_URL}"
+EOF
+    fi
+}
diff --git a/recipes-extended/images/container-image-host.bb b/recipes-extended/images/container-image-host.bb
new file mode 100644
index 00000000..d63ef51e
--- /dev/null
+++ b/recipes-extended/images/container-image-host.bb
@@ -0,0 +1,129 @@
+DESCRIPTION = "A configurable container host image"
+LICENSE = "MIT"
+
+# This image is a reference implementation to create a target platform
+# capable of running containers. This includes kernel configuration,
+# container runtimes, tools and other support applications.
+#
+# The wpackages to install are largely described in the packagegroups
+# that are part of this layer. packagegroups are preferred as they can
+# easily be used to create similar images of different composition.
+# The recipes for the packages have their list of build and runtime
+# dependencies, as such, those dependencies are not part of the image
+# install or listed explicitly in the packgroups.
+#
+# CNCF areas that have choices are described by VIRTUAL-RUNTIME
+# variables. These variables can be set individually (in a distro,
+# layer or local configuration file), or can be set by the setting of
+# a "CONTAINER_PROFILE". It is possible to select incompatible
+# packages if setting the VIRTUAL-RUNTIME variables individually.
+# container profiles have been created as valid / tested stacks of the
+# components in meta-virtualization.
+#
+# The contents of the image are selected by testing the VIRTUAL-RUNTIME
+# values and mapping them to packagegroups.
+#
+# The possible VIRTUAL-RUNTIME variables (and their values) are
+# currently:
+#
+## engines: docker/docker-moby, virtual-containerd, cri-o, podman, lxc
+##    VIRTUAL-RUNTIME_container_engine ??= "podman"
+## runtime: runc, crun, runv, runx
+##    VIRTUAL-RUNTIME_container_runtime ??= "virtual-runc"
+## networking: cni, netavark
+##    VIRTUAL-RUNTIME_container_networking ??= "cni"
+## dns: cni, aardvark-dns
+##    VIRTUAL-RUNTIME_container_dns ??= "cni"
+## orchestration: k8s, k3s
+##    VIRTUAL-RUNTIME_container_orchestration ??= "k3s"
+## Kubernetes terminology "components"
+##   VIRTUAL-RUNTIME_cri ??= "virtual-containerd"
+##   VIRTUAL-RUNTIME_cni ??= "cni"
+#
+# To select a CONTAINER_PROFILE, set the variable in your local,
+# distro or layer configuration:
+#
+#   CONTAINER_PROFILE="<your value>"
+#
+# The possible values for CONTAINER_PROFILE can be found in
+# conf/distro/include in the format of: meta-virt-container-<profile>.inc
+#
+##    default (docker)
+##    containerd
+##    podman
+##    docker
+##    k3s-host
+##    k3s-node
+
+inherit features_check
+
+# minimum features tested to have a working container host
+# image. These will be enforced by the features_check inherit
+REQUIRED_DISTRO_FEATURES ?= " virtualization \
+                              systemd \
+                              seccomp \
+                            "
+
+# features that are typically enabled. Note, these are not
+# enforced, but maybe added to the required distro feature
+# definition in the future.
+RECOMMENDED_DISTRO_FEATURES ?= " pam \
+                                 usrmerge \
+                               "
+# features that are enabled for specific wworkloads. These
+# are not enforced, except for specific configurations.
+OPTIONAL_DISTRO_FEATURES ?= " vmsep \
+                              k3s \
+                              k8s \
+                             "
+
+REQUIRED_DISTRO_FEATURES:append = " ${@bb.utils.contains('VIRTUAL-RUNTIME_container_orchestration','k3s-node','k3s','',d)}"
+REQUIRED_DISTRO_FEATURES:append = " ${@bb.utils.contains('VIRTUAL-RUNTIME_container_orchestration','k3s-host','k3s','',d)}"
+
+# If the image is going to be placed into a cluster, we need some randomization
+# of the host name to make it unique
+IMAGE_FEATURES[validitems] += "virt-unique-hostname"
+IMAGE_FEATURES[validitems] += "container-tools"
+
+IMAGE_FEATURES += "ssh-server-openssh"
+IMAGE_FEATURES += "package-management"
+IMAGE_FEATURES += "virt-unique-hostname"
+# This may be automatically enabled in the future via a toold or debug flag
+# IMAGE_FEATURES += "container-tools"
+
+IMAGE_LINGUAS = " "
+
+# additional packages to install
+CONTAINER_IMAGE_HOST_EXTRA_INSTALL ?= ""
+
+# values can be: "all", "split" or ""
+CONTAINER_IMAGE_KERNEL_MODULES ?= "all"
+
+# These could be done via a mapping to allow a single selection line
+# per type of virtul runtime, but right now the format of the
+# virtual-runtime to packagegroup name is not mandated, so we keep
+# them separate to allow the mapping in the individual items.
+IMAGE_INSTALL = " \
+    packagegroup-core-boot \
+    packagegroup-oci \
+    container-host-config \
+    ${@bb.utils.contains('CONTAINER_IMAGE_KERNEL_MODULES','split','','kernel-modules',d)}  \
+    ${@bb.utils.contains_any('VIRTUAL-RUNTIME_container_engine','docker docker-moby','packagegroup-docker','',d)}  \
+    ${@bb.utils.contains_any('VIRTUAL-RUNTIME_container_engine','podman','packagegroup-podman','',d)}  \
+    ${@bb.utils.contains_any('VIRTUAL-RUNTIME_container_engine','containerd','packagegroup-containerd','',d)}  \
+    ${@bb.utils.contains('VIRTUAL-RUNTIME_container_networking','cni','packagegroup-cni','',d)}  \
+    ${@bb.utils.contains('VIRTUAL-RUNTIME_container_networking','netavark','packagegroup-netavark','',d)}  \
+    ${@bb.utils.contains('IMAGE_FEATURES','container-tools','packagegroup-container-tools','',d)}  \
+    ${@bb.utils.contains('VIRTUAL-RUNTIME_container_orchestration','k3s-host','packagegroup-k3s-host','',d)}  \
+    ${@bb.utils.contains('VIRTUAL-RUNTIME_container_orchestration','k3s-node','packagegroup-k3s-node','',d)}  \
+    ${CONTAINER_IMAGE_HOST_EXTRA_INSTALL} \
+    "
+
+# inherit the basics of a booting image
+inherit core-image
+
+IMAGE_ROOTFS_SIZE = "8192"
+
+# we always need extra space to install container images
+# 2GB
+IMAGE_ROOTFS_EXTRA_SPACE = "2000000"
diff --git a/recipes-extended/images/container-systemd-base.bb b/recipes-extended/images/container-systemd-base.bb
new file mode 100644
index 00000000..96ef4667
--- /dev/null
+++ b/recipes-extended/images/container-systemd-base.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Systemd system container for ${SYSTEMD_CONTAINER_APP}"
+DESCRIPTION = "A small systemd system container which will run \
+                ${SYSTEMD_CONTAINER_APP}."
+
+SYSTEMD_CONTAINER_APP ?= ""
+
+# Use local.conf to specify the application(s) to install
+IMAGE_INSTALL += "${SYSTEMD_CONTAINER_APP}"
+
+# Use local.conf to specify additional systemd services to disable. To overwrite
+# the default list use SERVICES_TO_DISABLE:pn-systemd-container in local.conf
+SERVICES_TO_DISABLE:append = " ${SYSTEMD_CONTAINER_DISABLE_SERVICES}"
+
+# Use local.conf to enable systemd services
+SERVICES_TO_ENABLE += "${SYSTEMD_CONTAINER_ENABLE_SERVICES}"
+
+require container-systemd-base.inc
diff --git a/recipes-extended/images/container-systemd-base.inc b/recipes-extended/images/container-systemd-base.inc
new file mode 100644
index 00000000..0b856e83
--- /dev/null
+++ b/recipes-extended/images/container-systemd-base.inc
@@ -0,0 +1,72 @@
+SUMMARY ?= "Sample systemd system container"
+DESCRIPTION ?= "A small systemd system container which will run \
+                the application defined in IMAGE_INSTALL."
+
+LICENSE ?= "MIT"
+LIC_FILES_CHKSUM ?= "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+# Some commands of interest:
+# % docker run -d --rm --name systemd_test  --privileged \
+#    --cap-add SYS_ADMIN --security-opt seccomp=unconfined --cgroup-parent=docker.slice \
+#    --cgroupns private --tmpfs /tmp --tmpfs /run --tmpfs /run/lock zeddii/systemd-container-base
+#
+# % docker run -d --rm --name systemd_test --privileged \
+#    --cgroup-parent=docker.slice --cgroupns private  zeddii/c3-systemd-container
+#
+# % docker inspect systemd_test
+# % docker inspect systemd_test | grep \"IPAddress\":
+# % docker exec systemd_test bash -c "echo 'testuser:password' | chpasswd"
+# % ssh testuser@172.17.0.2
+
+require container-base.bb
+
+OCI_IMAGE_ENTRYPOINT = "/sbin/init"
+
+IMAGE_INSTALL:append = " systemd"
+IMAGE_INSTALL:append = " packagegroup-core-base-utils"
+IMAGE_INSTALL:append = " packagegroup-core-ssh-openssh"
+IMAGE_INSTALL:append = " busybox"
+
+IMAGE_FEATURES ?= ""
+
+NO_RECOMMENDATIONS = "1"
+
+SERVICES_TO_DISABLE ?= " \
+    systemd-udevd.service \
+    systemd-udevd-control.socket \
+    systemd-udevd-kernel.socket \
+    proc-sys-fs-binfmt_misc.automount \
+    sys-fs-fuse-connections.mount \
+    sys-kernel-debug.mount \
+    systemd-hwdb-update.service \
+    serial-getty@ttyS0.service \
+    dev-ttyS0.device \
+    console-getty.service \
+    serial-getty@.service \
+"
+
+SERVICES_TO_ENABLE ?= ""
+
+disable_systemd_services () {
+        SERVICES_TO_DISABLE="${SERVICES_TO_DISABLE}"
+        if [ -n "$SERVICES_TO_DISABLE" ]; then
+                echo "Disabling systemd services:"
+                for service in $SERVICES_TO_DISABLE; do
+                        echo "    $service"
+                        systemctl --root="${IMAGE_ROOTFS}" mask $service > /dev/null >1
+                done
+        fi
+}
+
+enable_systemd_services () {
+        SERVICES_TO_ENABLE="${SERVICES_TO_ENABLE}"
+        if [ -n "$SERVICES_TO_ENABLE" ]; then
+                echo "Enabling additional systemd services:"
+                for service in $SERVICES_TO_ENABLE; do
+                        echo "    $service"
+                        systemctl --root="${IMAGE_ROOTFS}" enable $service > /dev/null >1
+                done
+        fi
+}
+
+ROOTFS_POSTPROCESS_COMMAND += "disable_systemd_services; enable_systemd_services;"
diff --git a/recipes-extended/images/xen-guest-image-minimal.bb b/recipes-extended/images/xen-guest-image-minimal.bb
index fced7639..76f320e4 100644
--- a/recipes-extended/images/xen-guest-image-minimal.bb
+++ b/recipes-extended/images/xen-guest-image-minimal.bb
@@ -1,6 +1,7 @@
 DESCRIPTION = "A Xen guest image."
 
-inherit core-image features_check
+inherit core-image features_check deploy
+inherit kernel-artifact-names
 
 IMAGE_INSTALL += " \
     packagegroup-core-boot \
@@ -23,3 +24,28 @@ LICENSE = "MIT"
 
 # Send console messages to xen console
 APPEND += "console=hvc0"
+
+IMAGE_FSTYPES = "tar.bz2 ext4 ext4.qcow2"
+
+XEN_GUEST_AUTO_BUNDLE ?= ""
+
+# When a xen-guest-image-minimal is built with the
+# XEN_GUEST_AUTO_BUNDLE varaible set to True, a configuration file for
+# automatic guest bundling will be generated and the guest bundled
+# automatically when a xen  host image is built.
+do_deploy() {
+    if [ -n "${XEN_GUEST_AUTO_BUNDLE}" ]; then
+        outname="xen-guest-bundle-${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}-${IMAGE_VERSION_SUFFIX}.cfg"
+cat <<EOF >>${DEPLOYDIR}/$outname
+name = "xen-guest"
+memory = 512
+vcpus = 1
+disk = ['file:${IMAGE_LINK_NAME}.ext4,xvda,rw']
+vif = ['bridge=xenbr0']
+kernel = "${KERNEL_IMAGETYPE}"
+extra = "root=/dev/xvda ro ip=dhcp"
+EOF
+    fi
+}
+
+addtask deploy after do_compile
diff --git a/recipes-extended/images/xen-image-minimal.bb b/recipes-extended/images/xen-image-minimal.bb
index fe79a485..6da797d7 100644
--- a/recipes-extended/images/xen-image-minimal.bb
+++ b/recipes-extended/images/xen-image-minimal.bb
@@ -1,9 +1,14 @@
 DESCRIPTION = "A minimal xen image"
 
+inherit features_check
+
+REQUIRED_DISTRO_FEATURES ?= "xen systemd"
+
 INITRD_IMAGE = "core-image-minimal-initramfs"
 
 XEN_KERNEL_MODULES ?= "kernel-module-xen-blkback kernel-module-xen-gntalloc \
                        kernel-module-xen-gntdev kernel-module-xen-netback kernel-module-xen-wdt \
+                       kernel-module-xt-comment kernel-module-xt-masquerade \
                        ${@bb.utils.contains('MACHINE_FEATURES', 'pci', "${XEN_PCIBACK_MODULE}", '', d)} \
                        ${@bb.utils.contains('MACHINE_FEATURES', 'acpi', '${XEN_ACPI_PROCESSOR_MODULE}', '', d)} \
                       "
@@ -16,6 +21,7 @@ IMAGE_INSTALL += " \
     qemu \
     kernel-image \
     kernel-vmlinux \
+    rsync \
     "
 
 # The hypervisor may not be within the dom0 filesystem image but at least
@@ -44,14 +50,6 @@ QB_QEMU_CLASSES = ""
 QB_QEMU_CLASSES:qemuall = "qemuboot-xen-defaults qemuboot-xen-dtb qemuboot-testimage-network"
 inherit ${QB_QEMU_CLASSES}
 
-do_check_xen_state() {
-    if [ "${@bb.utils.contains('DISTRO_FEATURES', 'xen', ' yes', 'no', d)}" = "no" ]; then
-        die "DISTRO_FEATURES does not contain 'xen'"
-    fi
-}
-
-addtask check_xen_state before do_rootfs
-
 # note: this may be unused, see the wic plugin
 syslinux_iso_populate:append() {
         install -m 0444 ${STAGING_DATADIR}/syslinux/libcom32.c32 ${ISODIR}${ISOLINUXDIR}
@@ -88,6 +86,168 @@ build_syslinux_cfg () {
         echo "  APPEND /xen.gz ${SYSLINUX_XEN_ARGS} --- /vmlinuz ${SYSLINUX_KERNEL_ARGS} --- /initrd" >> ${SYSLINUX_CFG}
 }
 
+# Function to parse the config file and get values for specific keys
+get_config_value() {
+    config_file="$1"
+    key="$2"
+    line=$(grep -w "$key" $config_file)
+    value=$(echo "$line" | cut -d '=' -f 2-)
+    # Remove quotes, leading/trailing whitespace, and content after the first comma
+    echo "${value#*=}" | sed "s/'//g; s/^\s*|\s*$//g; s/\[//g;s/\"//g;s/^ *//g;" | cut -d ',' -f 1
+}
+
+generate_guest_config() {
+    name=$1
+    kernel=$2
+    disk=$3
+    outname=$name.cfg
+
+    cat <<EOF >${DEPLOY_DIR_IMAGE}/$outname
+name = "$name"
+memory = 512
+vcpus = 1
+disk = ['file:$disk,xvda,rw']
+vif = ['bridge=xenbr0']
+kernel = "$kernel"
+extra = "root=/dev/xvda ro ip=dhcp"
+EOF
+}
+
+# Guests can be bundled automatically through the following mechanisms:
+#
+#   - via the variable XEN_BUNDLED_GUESTS
+#   - via a xen configuration file in the deploy directory of the format
+#     xen-guest-bundle-*.cfg
+#
+# The guests can be built via OE, or be 3rd party guests. They just
+# must be in the deploy directory so they can be copied into the rootfs
+# of the xen host image
+#
+# Type 1) XEN_BUNDLED_GUESTS
+#
+# If XEN_BUNDLED_GUESTS is used, it is simply a colon separated list of
+# rootfs:kernels. Normal variable rules apply, so it can be set in a
+# local.conf, or in a bbappend to the image recipe.
+#
+# An example would be:
+#
+#  XEN_BUNDLED_GUESTS = "xen-guest-image-minimal-qemuarm64.rootfs.ext4:Image"
+#
+# These point at symlinks created in the image deploy directory, or they
+# can be specific images/kernels without the symlink.
+#
+# Type 2) A Xen guest configuration file
+#
+# If xen guest configuration files are found in the deploy directories
+# the kernel and disk information contained within them will be processed
+# and modified for the xen host. The kernel and guest image will be
+# copied to the appropriate location, and the config made to match.
+#
+# These files following the naming convention: xen-guest-bundle*.cfg
+#
+# Guests of type #1 generate a configuration file that is picked up as
+# type #2.
+#
+# An example config file follows:
+#
+## name = "xen-guest"
+## memory = 512
+## vcpus = 1
+## disk = ['file:xen-guest-image-minimal-qemuarm64.rootfs.ext4,xvda,rw']
+## vif = ['bridge=xenbr0']
+## kernel = "Image"
+## extra = "root=/dev/xvda ro console=hvc0 ip=dhcp"
+#
+# It should also be noted that when a xen-guest-image-minimal is built
+# with the XEN_GUEST_AUTO_BUNDLE varaible set to True, a configuration
+# file for type #2 will be generated and the guest bundled automatically
+# when the host image is built.
+#
+# kernel and rootfs are copied to the target in /var/lib/xen/images/
+#
+# configuration files are copied to: /etc/xen
+#
+# Guests can be launched after boot with: xl create -c /etc/xen/<config file>
+#
+bundle_xen_guests() {
+    set +e
+
+    if [ -n "${XEN_BUNDLED_GUESTS}" ]; then
+        echo "Processing Xen bundled guests variable: ${XEN_BUNDLED_GUESTS}"
+        # these are a colon separated list of rootfs:kernel
+        count=1
+        for g in ${XEN_BUNDLED_GUESTS}; do
+            echo "Guest line: $g"
+            rootfs=$(echo "$g" | cut -d":" -f1)
+            kernel=$(echo "$g" | cut -d":" -f2)
+            name="xen-guest-bundle-$count"
+
+            if ! [ -e ${DEPLOY_DIR_IMAGE}/$rootfs ]; then
+                echo "rootfs '${DEPLOY_DIR_IMAGE}/$rootfs' not found, skipping ...."
+                continue
+            fi
+            if ! [ -e ${DEPLOY_DIR_IMAGE}/$kernel ]; then
+                echo "kernel '${DEPLOY_DIR_IMAGE}/$kernel' not found, skipping ...."
+                continue
+            fi
+
+            generate_guest_config $name $kernel $rootfs
+
+            count=$(expr $count + 1)
+        done
+    fi
+
+    echo ls ${DEPLOY_DIR_IMAGE}/xen-guest-bundle*.cfg
+    ls ${DEPLOY_DIR_IMAGE}/xen-guest-bundle*.cfg >/dev/null 2>/dev/null
+    if [ $? -eq 0 ]; then
+        for guest_cfg in $(ls ${DEPLOY_DIR_IMAGE}/xen-guest-bundle*.cfg); do
+            echo "Bundling guest: $guest_cfg"
+
+            CONFIG_FILE_BASE=$(basename $guest_cfg .cfg)
+            CONFIG_FILE="${DEPLOY_DIR_IMAGE}/$CONFIG_FILE_BASE.cfg"
+            DEST_DIR="${IMAGE_ROOTFS}/var/lib/xen/images"
+            MODIFIED_CONFIG_FILE="${DEPLOY_DIR_IMAGE}/$CONFIG_FILE_BASE-modified.cfg"
+
+            # Extract values from the configuration file
+            DISK_ORIG=$(get_config_value $CONFIG_FILE "disk" | sed 's/file://g')
+            DISK=$(readlink -f ${DEPLOY_DIR_IMAGE}/$DISK_ORIG)
+            DISK_NAME=$(basename $DISK)
+            KERNEL_ORIG=$(get_config_value $CONFIG_FILE "kernel")
+            KERNEL=$(readlink -f ${DEPLOY_DIR_IMAGE}/$KERNEL_ORIG)
+            KERNEL_NAME=$(basename $KERNEL)
+
+            if [ -z "$DISK" ]; then
+                echo "rootfs '$DISK' not found, skipping ...."
+                continue
+            fi
+            if [ -z "$KERNEL" ]; then
+                echo "kernel '$KERNEL' not found, skipping ...."
+                continue
+            fi
+
+            mkdir -p "$DEST_DIR"
+            # Copy the disk and kernel to the destination directory
+            echo "Copying disk and kernel files..."
+            echo cp "$DISK" "$DEST_DIR"
+            echo cp "$KERNEL" "$DEST_DIR"
+            cp "$DISK" "$DEST_DIR"
+            cp "$KERNEL" "$DEST_DIR"
+
+            # Create a modified config file with updated paths
+            sed -E \
+                -e "s#^(disk = \[)[^,]+#\1'file:/var/lib/xen/images/$DISK_NAME#" \
+                -e "s#^(kernel = )\"[^\"]+\"#\1\"/var/lib/xen/images/$KERNEL_NAME\"#" \
+                "$CONFIG_FILE" > "$MODIFIED_CONFIG_FILE"
+
+            mkdir -p ${IMAGE_ROOTFS}/etc/xen
+            cp $MODIFIED_CONFIG_FILE ${IMAGE_ROOTFS}/etc/xen/$CONFIG_FILE_BASE.cfg
+            rm -f $MODIFIED_CONFIG_FILE
+        done
+    fi
+    # exit 1
+}
+ROOTFS_POSTPROCESS_COMMAND += "bundle_xen_guests;"
+
 # Enable runqemu. eg: runqemu xen-image-minimal nographic slirp
 WKS_FILE:x86-64 = "directdisk-xen.wks"
 WKS_FILE_DEPENDS_DEFAULT:x86-64 = "syslinux-native"
@@ -102,7 +262,13 @@ QB_SERIAL_OPT = "-serial mon:stdio"
 # qemux86-64 machine does not include 'wic' in IMAGE_FSTYPES, which is needed
 # to boot this image, so add it here:
 IMAGE_FSTYPES:qemux86-64 += "wic"
+do_image_wic[depends] += "xen:do_deploy"
 # Networking: the qemuboot.bbclass default virtio network device works ok
 # and so does the emulated e1000 -- choose according to the network device
 # drivers that are present in your dom0 Linux kernel. To switch to e1000:
 # QB_NETWORK_DEVICE = "-device e1000,netdev=net0,mac=@MAC@"
+
+
+IMAGE_ROOTFS_SIZE = "8192"
+# we always need extra space to install VMs, so add 2GB
+IMAGE_ROOTFS_EXTRA_SPACE = "2000000"
diff --git a/recipes-extended/images/xtf-image.bb b/recipes-extended/images/xtf-image.bb
index f9ecea91..7b6eadfd 100644
--- a/recipes-extended/images/xtf-image.bb
+++ b/recipes-extended/images/xtf-image.bb
@@ -25,7 +25,7 @@ DESCRIPTION = "A minimal Xen Test Framework (XTF) image for testing the Xen hype
 # For testimage, see the qemu boot log: ${WORKDIR}/testimage/qemu_boot_log.*
 # and the test log: ${WORKDIR}/temp/log.do_testimage
 
-IMAGE_NAME="xtf"
+IMAGE_NAME = "xtf"
 
 IMAGE_INSTALL:append = " xtf"