diff --git a/.github/workflows/build-silverblue-latest.yml-disabled b/.github/workflows/build-silverblue-latest.yml-disabled new file mode 100644 index 0000000..cf6dc53 --- /dev/null +++ b/.github/workflows/build-silverblue-latest.yml-disabled @@ -0,0 +1,29 @@ +name: Silverblue Latest +on: + merge_group: + pull_request: + branches: + - main + - testing + paths-ignore: + - '**.md' + - 'system_files/kinoite/**' + push: + branches: + - main + paths-ignore: + - '**.md' + - 'system_files/kinoite/**' + schedule: + - cron: '40 4 * * *' # 4:40 UTC everyday + workflow_dispatch: + +jobs: + build: + name: build + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + base_name: silverblue + image_version: latest + diff --git a/.github/workflows/build-silverblue-stable.yml b/.github/workflows/build-silverblue-stable.yml new file mode 100644 index 0000000..ab7b578 --- /dev/null +++ b/.github/workflows/build-silverblue-stable.yml @@ -0,0 +1,29 @@ +name: Silverblue Stable +on: + merge_group: + pull_request: + branches: + - main + - testing + paths-ignore: + - '**.md' + - 'system_files/kinoite/**' + push: + branches: + - main + paths-ignore: + - '**.md' + - 'system_files/kinoite/**' + schedule: + - cron: '15 5 * * 2' # 5:15 UTC everyday + workflow_dispatch: + +jobs: + build: + name: build + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + base_name: silverblue + image_version: stable + diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 45e300a..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,221 +0,0 @@ -name: build-ublue -on: - pull_request: - branches: - - main - schedule: - - cron: '5 5 * * *' # 5:05-ish UTC everyday (30 min delay after 'ublue-os/hwe' nvidia builds) - push: - branches: - - main - paths-ignore: - - '**/README.md' - workflow_dispatch: - -env: - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - -concurrency: - group: ${{ github.workflow }}-${{ github.ref || github.run_id }} - cancel-in-progress: true - -jobs: - push-ghcr: - name: custom image - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - id-token: write - strategy: - fail-fast: false - matrix: - image_name: [silverblue, kinoite] - #image_name: [silverblue, kinoite, sericea] - image_suffix: [main, nvidia] - major_version: [40] - # don't build hostrpm browsers anymore as not using them - # browser_mode: [flatpak, hostrpm] - browser_mode: [flatpak] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Matrix Variables - shell: bash - run: | - export IMAGE_NAME=${{ 'nvidia' == matrix.image_suffix && format('{0}-nvidia-custom', matrix.image_name) || format('{0}-custom', matrix.image_name) }} - - export SOURCE_IMAGE=${{ matrix.image_name }} - - - echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV - echo "SOURCE_IMAGE=$SOURCE_IMAGE" >> $GITHUB_ENV - - - name: Verify base image - uses: EyeCantCU/cosign-action/verify@v0.3.0 - with: - containers: ${{ env.SOURCE_IMAGE }}-${{ matrix.image_suffix }}:${{ matrix.major_version }} - - - name: Generate tags - id: generate-tags - shell: bash - run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - if [[ "${{ matrix.browser_mode}}" == "hostrpm" ]]; then - VARIANT="${{ matrix.major_version }}-browsers" - else - VARIANT="${{ matrix.major_version }}" - fi - - COMMIT_TAGS=() - BUILD_TAGS=() - - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${VARIANT}") - COMMIT_TAGS+=("${SHA_SHORT}-${VARIANT}") - - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - COMMIT_TAGS+=("pr-${{ github.event.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") - fi - - BUILD_TAGS=("${VARIANT}") - - # Append matching timestamp tags to keep a version history - for TAG in "${BUILD_TAGS[@]}"; do - BUILD_TAGS+=("${TAG}-${TIMESTAMP}") - done - - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - BUILD_TAGS+=("${TIMESTAMP}") - BUILD_TAGS+=("latest") - fi - - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - - name: Get current version - id: labels - run: | - ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.SOURCE_IMAGE }}-${{ matrix.image_suffix }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') - echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v5 - id: meta - with: - images: | - ${{ env.IMAGE_NAME }} - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.version=${{ env.SOURCE_IMAGE_VERSION }} - org.opencontainers.image.description=Custom ${{ matrix.image_name }} unfiltered Flathub, distrobox, automatic updates, and drivers (nvidia and xbox) - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/bsherman/ublue-custom/main/README.md - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - # Postfix image name with -custom to make it a little more descriptive - # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - IMAGE_NAME=${{ matrix.image_name }} - IMAGE_SUFFIX=${{ matrix.image_suffix }} - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} - BROWSER_MODE=${{ matrix.browser_mode}} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Sign container - - uses: sigstore/cosign-installer@v3.6.0 - if: github.event_name != 'pull_request' - - - name: Sign container image with keypair - if: github.event_name != 'pull_request' - run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS} - env: - TAGS: ${{ steps.push.outputs.digest }} - COSIGN_EXPERIMENTAL: false - COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - - - name: Verify keypair signature - if: github.event_name != 'pull_request' - run: | - cosign verify \ - --key cosign.pub \ - ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ matrix.major_version }} - - - name: Sign container image with OIDC - if: github.event_name != 'pull_request' - run: cosign sign -y ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ matrix.major_version }} - - - name: Verify OIDC signature - if: github.event_name != 'pull_request' - run: | - cosign verify \ - --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ - --certificate-identity-regexp "${{ github.server_url }}/${{ github.repository }}" \ - ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ matrix.major_version }} - - - name: Echo outputs - if: github.event_name != 'pull_request' - run: | - echo "${{ toJSON(steps.push.outputs) }}" diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml new file mode 100644 index 0000000..2c4b238 --- /dev/null +++ b/.github/workflows/reusable-build.yml @@ -0,0 +1,460 @@ +name: Reusable Build and Push +on: + workflow_call: + inputs: + image_version: + description: "The Image Version: gts, stable, or latest" + required: true + type: string + base_name: + description: "'silverblue' or 'kinoite'" + required: true + type: string + outputs: + images: + description: "An array of images built and pushed to the registry" + value: ${{ jobs.check.outputs.images }} +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + UPSTREAM_REGISTRY: ghcr.io/ublue-os + +concurrency: + group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.image_version }} + cancel-in-progress: true + +jobs: + build_container: + name: image + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + attestations: write + id-token: write + continue-on-error: false + outputs: + image_full: ${{ steps.generate-outputs.outputs.image }} + strategy: + fail-fast: false + matrix: + image_flavor: + - main + - nvidia + image_version: + - ${{ inputs.image_version }} + base_name: + - ${{ inputs.base_name }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Matrix Variables + shell: bash + run: | + # IMAGE_NAME + if [[ "${{ matrix.image_flavor }}" == "main" ]]; then + echo "IMAGE_NAME=${{ matrix.base_name }}-custom" >> $GITHUB_ENV + else + echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}-custom" >> $GITHUB_ENV + fi + + # BASE_IMAGE_NAME + echo "BASE_IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV + + # TARGET_NAME + if [[ "${{ matrix.base_name }}" =~ "dx" ]]; then + echo "TARGET_NAME"="dx" >> $GITHUB_ENV + else + echo "TARGET_NAME"="base" >> $GITHUB_ENV + fi + + # AKMODS_FLAVOR + if [[ "${{ matrix.image_version }}" =~ stable|gts ]]; then + echo "AKMODS_FLAVOR=coreos-stable" >> $GITHUB_ENV + elif [[ "${{ matrix.image_version }}" == "latest" ]]; then + echo "AKMODS_FLAVOR=fsync" >> $GITHUB_ENV + else + echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV + fi + + # Env for matrix.image_flavor + if [[ "${{ matrix.image_flavor }}" == "nvidia" && \ + "${{ matrix.image_version }}" != "beta" ]]; then + echo "image_flavor=main" >> $GITHUB_ENV + echo "nvidia_type=nvidia" >> $GITHUB_ENV + elif [[ "${{ matrix.image_flavor }}" == "main" && \ + "${{ matrix.image_version }}" != "beta" ]]; then + echo "image_flavor=${{ matrix.image_flavor }}" >> $GITHUB_ENV + echo "nvidia_type=main" >> $GITHUB_ENV + else + echo "image_flavor=${{ matrix.image_flavor }}" >> $GITHUB_ENV + fi + + - name: Get Current Fedora Version + id: labels + uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # v3.5.0 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + set -eox pipefail + if [[ ${{ matrix.image_version }} == "stable" ]]; then + KERNEL_RELEASE=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]') + elif [[ ${{ matrix.image_version }} == "gts" && ${{ env.AKMODS_FLAVOR }} != "surface" ]]; then + coreos_kernel_release=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]') + coreos_fedora_version=$(echo $coreos_kernel_release | grep -oP 'fc\K[0-9]+') + fedora_version=$(($coreos_fedora_version - 1)) + KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} | jq -r '.Labels["ostree.linux"]') + else + base_kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.BASE_IMAGE_NAME }}-${{ env.image_flavor }}:${{ matrix.image_version }} | jq -r '.Labels["ostree.linux"]') + base_fedora_version=$(echo $base_kernel_release | grep -oP 'fc\K[0-9]+') + KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.AKMODS_FLAVOR }}-kernel:${base_fedora_version} | jq -r '.Labels["ostree.linux"]') + fi + fedora_version=$(echo $KERNEL_RELEASE | grep -oP 'fc\K[0-9]+') + echo "kernel_release=$KERNEL_RELEASE" >> $GITHUB_ENV + echo "fedora_version=$fedora_version" >> $GITHUB_ENV + ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.BASE_IMAGE_NAME }}-${{ env.image_flavor }}:$fedora_version | jq -r '.Labels["org.opencontainers.image.version"]') + if [ -z "$ver" ] || [ "null" = "$ver" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi + echo "VERSION=$ver" >> $GITHUB_ENV + + + - name: Verify base image + uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 + with: + containers: ${{ env.BASE_IMAGE_NAME}}-${{ env.image_flavor }}:${{ env.fedora_version }} + registry: ghcr.io/ublue-os + + - name: Verify Akmods + uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 + with: + containers: akmods:${{ env.AKMODS_FLAVOR}}-${{ env.fedora_version }} + registry: ghcr.io/ublue-os + + - name: Verify Nvidia + uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 + with: + containers: akmods-nvidia:${{ env.AKMODS_FLAVOR}}-${{ env.fedora_version }} + registry: ghcr.io/ublue-os + + - name: Verify ZFS + uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 + with: + containers: akmods-zfs:coreos-stable-${{ env.fedora_version }} + registry: ghcr.io/ublue-os + + - name: Verify Kernel Cache + uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 + with: + containers: ${{ env.AKMODS_FLAVOR }}-kernel:${{ env.kernel_release }} + registry: ghcr.io/ublue-os + + - name: Verify Kernel Verion Matches + uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # v3.5.0 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + set -x + akmods_version=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:${{ env.AKMODS_FLAVOR }}-${{ env.fedora_version }} | jq -r '.Labels["ostree.linux"]') + if [[ "${akmods_version}" == "${{ env.kernel_release }}" ]]; then + echo "Kernel Versions Match" + else + echo "Kernel Version do Not Match" + exit 1 + fi + + - name: Check just syntax + uses: ublue-os/just-action@961e70ef33d8e0ef5ecf19dbb20739f3c0ce873b # v1 + + + - name: Generate tags + id: generate-tags + shell: bash + run: | + # Generate a timestamp for creating an image version history + TIMESTAMP="$(date +%Y%m%d)" + FEDORA_VERSION="${{ matrix.image_version }}" + + if [[ "${{ matrix.image_version }}" == "stable" ]]; then + IS_LATEST_VERSION=false + IS_STABLE_VERSION=true + IS_GTS_VERSION=false + IS_COREOS=true + elif [[ "${{ matrix.image_version }}" == "gts" ]]; then + IS_LATEST_VERSION=false + IS_STABLE_VERSION=true + IS_GTS_VERSION=true + IS_COREOS=false + elif [[ "${{ matrix.image_version }}" == "latest" ]]; then + IS_LATEST_VERSION=true + IS_STABLE_VERSION=true + IS_GTS_VERSION=false + IS_COREOS=false + elif [[ "${{ matrix.image_version }}" == "beta" ]]; then + IS_LATEST_VERSION=false + IS_STABLE_VERSION=false + IS_GTS_VERSION=false + IS_COREOS=false + fi + + COMMIT_TAGS=() + BUILD_TAGS=() + + # Have tags for tracking builds during pull request + SHA_SHORT="${GITHUB_SHA::7}" + COMMIT_TAGS+=("pr-${{ github.event.number }}-${FEDORA_VERSION}") + COMMIT_TAGS+=("${SHA_SHORT}-${FEDORA_VERSION}") + if [[ "$IS_LATEST_VERSION" == "true" ]] && \ + [[ "$IS_STABLE_VERSION" == "true" ]]; then + COMMIT_TAGS+=("pr-${{ github.event.number }}") + COMMIT_TAGS+=("${SHA_SHORT}") + fi + + if [[ ${{ matrix.image_version }} == "stable" ]]; then + BUILD_TAGS=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") + else + BUILD_TAGS=("${{ env.fedora_version }}" "${{ env.fedora_version }}-${TIMESTAMP}") + fi + + if [[ ${{ github.ref_name }} == "testing" ]]; then + if [[ ${{ matrix.image_version }} == "stable" ]]; then + BUILD_TAGS=("${FEDORA_VERSION}-testing" "${FEDORA_VERSION}-testing-${TIMESTAMP}") + else + BUILD_TAGS=("${{ env.fedora_version }}-testing" "${{ env.fedora_version }}-testing-${TIMESTAMP}") + fi + if [[ "$IS_LATEST_VERSION" == "true" ]] && \ + [[ "$IS_STABLE_VERSION" == "true" ]]; then + BUILD_TAGS+=("testing") + echo "DEFAULT_TAG=testing" >> $GITHUB_ENV + elif [[ "$IS_GTS_VERSION" == "true" ]]; then + BUILD_TAGS+=("gts-testing") + echo "DEFAULT_TAG=gts-testing" >> $GITHUB_ENV + elif [[ "$IS_COREOS" == "true" ]]; then + echo "DEFAULT_TAG=stable-testing" >> $GITHUB_ENV + fi + else + if [[ "$IS_LATEST_VERSION" == "true" ]] && \ + [[ "$IS_STABLE_VERSION" == "true" ]]; then + BUILD_TAGS+=("latest") + echo "DEFAULT_TAG=latest" >> $GITHUB_ENV + elif [[ "$IS_GTS_VERSION" == "true" ]]; then + BUILD_TAGS+=("gts") + echo "DEFAULT_TAG=gts" >> $GITHUB_ENV + elif [[ "$IS_COREOS" == "true" ]]; then + echo "DEFAULT_TAG=stable" >> $GITHUB_ENV + fi + fi + + if [[ "${{ github.event_name }}" == "pull_request" ]]; then + echo "Generated the following commit tags: " + for TAG in "${COMMIT_TAGS[@]}"; do + echo "${TAG}" + done + alias_tags=("${COMMIT_TAGS[@]}") + echo "DEFAULT_TAG=${SHA_SHORT}-${FEDORA_VERSION}" >> $GITHUB_ENV + else + alias_tags=("${BUILD_TAGS[@]}") + fi + echo "Generated the following build tags: " + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done + echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + + # Build metadata + - name: Image Metadata + uses: docker/metadata-action@v5 + id: meta + with: + images: | + ${{ env.IMAGE_NAME }} + labels: | + org.opencontainers.image.title=${{ env.IMAGE_NAME }} + org.opencontainers.image.version=${{ env.VERSION }} + org.opencontainers.image.description=Custom ${{ matrix.image_name }} unfiltered Flathub, distrobox, automatic updates, and drivers (nvidia and xbox) + ostree.linux=${{ env.kernel_release }} + io.artifacthub.package.readme-url=https://raw.githubusercontent.com/bsherman/ublue-custom/main/README.md + + - name: Pull images + if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' + uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # v3.5.0 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + # pull the base image used for FROM in containerfile so + # we can retry on that unfortunately common failure case + podman pull ${{ env.UPSTREAM_REGISTRY }}/${{ env.BASE_IMAGE_NAME }}-${{ env.image_flavor }}:${{ env.fedora_version }} + podman pull ${{ env.UPSTREAM_REGISTRY }}/akmods:${{ env.AKMODS_FLAVOR }}-${{ env.fedora_version }} + podman pull ${{ env.UPSTREAM_REGISTRY }}/akmods-nvidia:${{ env.AKMODS_FLAVOR }}-${{ env.fedora_version }} + podman pull ${{ env.UPSTREAM_REGISTRY }}/akmods-zfs:coreos-stable-${{ env.fedora_version }} + podman pull ${{ env.UPSTREAM_REGISTRY }}/${{ env.AKMODS_FLAVOR }}-kernel:${{ env.kernel_release }} + + # Build image using Buildah action + - name: Build Image + id: build_image + if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' + uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 + with: + containerfiles: | + ./Containerfile + image: ${{ env.IMAGE_NAME }} + tags: | + ${{ steps.generate-tags.outputs.alias_tags }} + build-args: | + BASE_IMAGE_NAME=${{ env.BASE_IMAGE_NAME }} + IMAGE_NAME=${{ env.IMAGE_NAME }} + IMAGE_FLAVOR=${{ env.image_flavor }} + IMAGE_VENDOR=${{ github.repository_owner }} + FEDORA_MAJOR_VERSION=${{ env.fedora_version }} + TARGET_BASE=${{ matrix.target_base }} + AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }} + NVIDIA_TYPE=${{ env.nvidia_type }} + KERNEL=${{ env.kernel_release }} + UBLUE_IMAGE_TAG=${{ matrix.image_version }} + labels: ${{ steps.meta.outputs.labels }} + oci: false + # TODO(GH-280) + # extra-args: | + # --target=${{ matrix.target_name || matrix.base_name }} + extra-args: | + --target=${{ env.TARGET_NAME }} + + - name: Check Secureboot + if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' + shell: bash + run: | + set -x + if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then + sudo apt update + sudo apt install sbsigntool curl openssl + fi + podman run -d --rm --name ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) "${{ env.IMAGE_NAME }}":$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) sleep 1000 + podman cp ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1):/usr/lib/modules/${{ env.kernel_release }}/vmlinuz . + podman rm -f ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) + sbverify --list vmlinuz + curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + openssl x509 -in kernel-sign.der -out kernel-sign.crt + openssl x509 -in akmods.der -out akmods.crt + sbverify --cert kernel-sign.crt vmlinuz || exit 1 + sbverify --cert akmods.crt vmlinuz || exit 1 + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 + id: push + if: github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Sign container + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + if: github.event_name != 'pull_request' + + - name: Sign container image + if: github.event_name != 'pull_request' + run: | + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + + - name: Generate file containing outputs + if: github.event_name != 'pull_request' + env: + DIGEST: ${{ steps.push.outputs.digest }} + IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} + IMAGE_NAME: ${{ env.IMAGE_NAME }} + IMAGE_FLAVOR: ${{ env.image_flavor }} + FEDORA_VERSION: ${{ matrix.image_version }} + run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${IMAGE_FLAVOR}-${FEDORA_VERSION}.txt" + + - name: Upload artifact + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 + with: + name: image-${{ env.IMAGE_NAME }}-${{ env.image_flavor }}-${{ matrix.image_version }} + retention-days: 1 + if-no-files-found: error + path: | + ${{ env.IMAGE_NAME }}-${{ env.image_flavor }}-${{ matrix.image_version }}.txt + + check: + name: Check all ${{ inputs.base_name }} ${{ inputs.image_version }} builds successful + if: always() + runs-on: ubuntu-latest + needs: [build_container] + outputs: + images: ${{ steps.generate-outputs.outputs.images }} + steps: + - name: Download artifacts + if: github.event_name != 'pull_request' + id: download-artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + with: + pattern: image-* + merge-multiple: true + + - name: Create output + if: github.event_name != 'pull_request' + id: generate-outputs + env: + JOBS: ${{ toJson(needs) }} + ARTIFACT_PATH: ${{ steps.download-artifacts.outputs.download-path }} + run: | + # Initialize the array + images=() + + # Populate the array with each line from each file in the artifacts directory + for file in $ARTIFACT_PATH/*; do + while IFS= read -r line; do + images+=("$line") + done < "$file" + done + + # Create the GITHUB_OUTPUT in the format '["image1", "image2", ...]' + echo "images=$(printf '%s\n' "${images[@]}" | jq -R -s -c 'split("\n") | .[:-1]')" >> $GITHUB_OUTPUT + + - name: Check Jobs + env: + JOBS: ${{ toJson(needs) }} + run: | + echo "Job status:" + echo $JOBS | jq -r 'to_entries[] | " - \(.key): \(.value.result)"' + + for i in $(echo $JOBS | jq -r 'to_entries[] | .value.result'); do + if [ "$i" != "success" ] && [ "$i" != "skipped" ]; then + echo "" + echo "Status check not okay!" + exit 1 + fi + done + diff --git a/Containerfile b/Containerfile index 11dd533..a94279b 100644 --- a/Containerfile +++ b/Containerfile @@ -1,29 +1,51 @@ -ARG SOURCE_IMAGE="${SOURCE_IMAGE:-silverblue}" -ARG IMAGE_SUFFIX="${IMAGE_SUFFIX:-main}" +ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME:-silverblue}" +ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-main}" +ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-main}" +ARG SOURCE_IMAGE="${SOURCE_IMAGE:-${BASE_IMAGE_NAME}-${IMAGE_FLAVOR}}" +ARG BASE_IMAGE="ghcr.io/ublue-os/${SOURCE_IMAGE}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" +ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}" +ARG KERNEL="${KERNEL:-6.10.7-200.fc40.x86_64}" -FROM ghcr.io/ublue-os/${SOURCE_IMAGE}-${IMAGE_SUFFIX}:${FEDORA_MAJOR_VERSION} +# FROM's for Mounting +ARG KMOD_SOURCE_COMMON="ghcr.io/ublue-os/akmods:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION}" +ARG ZFS_CACHE="ghcr.io/ublue-os/akmods-zfs:coreos-stable-${FEDORA_MAJOR_VERSION}" +ARG NVIDIA_CACHE="ghcr.io/ublue-os/akmods-nvidia:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION}" +ARG KERNEL_CACHE="ghcr.io/ublue-os/${AKMODS_FLAVOR}-kernel:${KERNEL}" +FROM ${KMOD_SOURCE_COMMON} AS akmods +FROM ${ZFS_CACHE} AS zfs_cache +FROM ${NVIDIA_CACHE} AS nvidia_cache +FROM ${KERNEL_CACHE} AS kernel_cache -ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" -ARG IMAGE_SUFFIX="${IMAGE_SUFFIX:-main}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -ARG BROWSER_MODE="${BROWSER_MODE:-flatpak}" - -COPY system_files/ / +FROM scratch AS ctx +COPY / / -# add akmods RPMs for installation -COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/kmods/*xpad*.rpm /tmp/akmods-rpms/ -COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/kmods/*xone*.rpm /tmp/akmods-rpms/ -COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/kmods/*openrazer*.rpm /tmp/akmods-rpms/ -COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/kmods/*v4l2loopback*.rpm /tmp/akmods-rpms/ +# base image section +FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS base -ADD packages.json /tmp/packages.json -ADD *.sh /tmp/ +ARG IMAGE_NAME="${IMAGE_NAME:-silverblue-custom}" +ARG IMAGE_VENDOR="${IMAGE_VENDOR:-bsherman}" +ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-main}" +ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-main}" +ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME:-silverblue}" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" +ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}" +ARG KERNEL="${KERNEL:-6.10.7-200.fc40.x86_64}" +ARG UBLUE_IMAGE_TAG="${UBLUE_IMAGE_TAG:-latest}" -RUN rpm-ostree cliwrap install-to-root / && \ - /tmp/install.sh && \ - /tmp/post-install.sh && \ - rm -rf /tmp/* /var/* && \ +# Build, cleanup, commit. +RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ + --mount=type=bind,from=ctx,source=/,target=/ctx \ + --mount=type=bind,from=akmods,source=/rpms,target=/tmp/akmods \ + --mount=type=bind,from=nvidia_cache,source=/rpms,target=/tmp/akmods-rpms \ + --mount=type=bind,from=kernel_cache,source=/tmp/rpms,target=/tmp/kernel-rpms \ + --mount=type=bind,from=zfs_cache,source=/rpms,target=/tmp/akmods-zfs \ + rpm-ostree cliwrap install-to-root / && \ + mkdir -p /var/lib/alternatives && \ + /ctx/build_files/build-base.sh && \ + mv /var/lib/alternatives /staged-alternatives && \ + /ctx/build_files/clean-stage.sh && \ ostree container commit && \ - mkdir -p /tmp /var/tmp && \ - chmod 1777 /tmp /var/tmp + mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ + mkdir -p /var/tmp && \ + chmod -R 1777 /var/tmp diff --git a/README.md b/README.md index e538c3b..ca1825e 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,11 @@ Based on: ## Features -In addition to the packages/config provided by base images, this image: +In addition to the packages/config provided by ublue-os main images, this: - Removes from the base image: - firefox + - gnome-extensions-app (replaced with Gnome Extensions flatpak) + - gnome- - Adds the following packages to the base image: - akmods from[ublue-os/akmods](https://github.com/ublue-os/akmods) - openrazer driver @@ -40,21 +42,20 @@ In addition to the packages/config provided by base images, this image: - [ptyxis](https://gitlab.gnome.org/chergert/ptyxis) (pronounced *tik-sys*) is a container oriented terminal - [powertop](https://github.com/fenrus75/powertop) - [tailscale](https://tailscale.com/) for VPN - - [tmux](https://github.com/tmux/tmux) - [libvirtd](https://libvirt.org/) and [qemu](https://qemu.org/) backend for running [kvm](https://linux-kvm.org/) VMs - [virt-manager](https://virt-manager.org/) UI for managing VMs on libvirtd - [waydroid](https://waydro.id/) - [wireguard-tools](https://www.wireguard.com/) for more VPN - zenity - for UI scripting - Only on Silverblue: Gnome specific packages - - default font set to Noto Sans - - gnome shell extensions (appindicator, dash-to-dock, gsconnect, move-clock, no-overview, notifications-reloaded) + - default font set to Inter and monospace font to IBM Plex Mono + - gnome shell extensions (appindicator, caffeine, dash-to-dock, gsconnect, no-overview, search-light, tailscale-gnome-qs ) - gsconnect (plus dependancies) - Only on Kinoite: KDE specific packages - k3b - libadwaita(-qt) - skanpage -- Sets faster timeout on systemd waiting for shutdown +- Sets faster timeout on systemd waiting for user processes to shutdown - Sets gnome's "APP is not responding" check to 30 seconds - Sets some custom gnome default settings (see etc/dconf) @@ -83,7 +84,6 @@ Click here to view the Universal Blue just documentation Available commands: - bios # Boot into this device's BIOS/UEFI screen - changelogs # Show the changelog - - chsh new_shell # Change the user's shell - configure-nvidia ACTION="prompt" # Configure the Nvidia driver - distrobox-fedora-custom # Create a Fedora (bsherman custom) container - enroll-secure-boot-key # Enroll Nvidia driver & KMOD signing key for secure boot - Enter password "ublue-os" if prompted @@ -124,23 +124,33 @@ For the best experience, install from an official Fedora OSTree ISO: After installation is complete, use the appropriate `rebase` command to install one of these custom images. -*Note: for `IMAGE_NAME` in the commands below, substitute one of these image names:* +**For `IMAGE_NAME` in the commands below, substitute one of these image names:** - `silverblue-custom` - `silverblue-nvidia-custom` - `kinoite-custom` - `kinoite-nvidia-custom` +**For `TAG` in the commands below, substitute one of these tags:** -We build `latest` which currently points to Fedora 40 (Fedora 41 will become latest after it releases and related packages have stabilized). Fedora 38 and 39 are no longer built here. You can chose a specific version by using the `40` tag instead of `latest`: +- `latest` - Fedora 40 with the current released kernnel +- `stable` - Fedora 40 with the last Fedora CoreOS stable kernel (this delays kernel upgrades a bit to avoid most kernel regressions) + +`latest`, which currently points to Fedora 40, will update after our upstreams have tested and I've tested these images out, too. sudo rpm-ostree rebase \ - ostree-unverified-registry:ghcr.io/bsherman/IMAGE_NAME:latest + ostree-unverified-registry:ghcr.io/bsherman/IMAGE_NAME:TAG + +We build date tags as well, so if you want to rebase to a particular day's release, you can. -We build date tags as well, so if you want to rebase to a particular day's release: +- `latest` on a given day is referened by Fedora release number, eg `40-20240915` +- `stable` on a given day is referened with `stable` , eg `stable-20240916` + + sudo rpm-ostree rebase \ + ostree-unverified-registry:ghcr.io/bsherman/IMAGE_NAME:40-20240915 sudo rpm-ostree rebase \ - ostree-unverified-registry:ghcr.io/bsherman/IMAGE_NAME:39-20240223 + ostree-unverified-registry:ghcr.io/bsherman/IMAGE_NAME:stable-20240916 ## Verification @@ -149,7 +159,7 @@ These images are signed with sigstore's [cosign](https://docs.sigstore.dev/cosig cosign verify \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ --certificate-identity-regexp "https://github.com/bsherman/ublue-custom" \ - ghcr.io/bsherman/IMAGE_NAME + ghcr.io/bsherman/IMAGE_NAME:TAG - cosign verify --key cosign.pub ghcr.io/bsherman/IMAGE_NAME + cosign verify --key cosign.pub ghcr.io/bsherman/IMAGE_NAME:TAG diff --git a/akmods.sh b/akmods.sh deleted file mode 100755 index d598be0..0000000 --- a/akmods.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh - -set -ouex pipefail - -wget https://negativo17.org/repos/fedora-steam.repo -O /etc/yum.repos.d/fedora-steam.repo - -sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-{cisco-openh264,modular,updates-modular}.repo - -# enable rpmfusion only if it was disabled -for REPO in $(ls /etc/yum.repos.d/rpmfusion-{,non}free{,-updates}.repo); do - echo $REPO - if [[ "$(grep enabled=1 ${REPO} > /dev/null; echo $?)" == "1" ]]; then \ - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' ${REPO} - fi -done - -KERNEL_VERSION="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" -# install stuff -rpm-ostree install --idempotent \ - /tmp/akmods/xone/kmod-xone-${KERNEL_VERSION}-*.rpm \ - /tmp/akmods/xpadneo/kmod-xpadneo-${KERNEL_VERSION}-*.rpm \ - /tmp/akmods-custom-key/rpmbuild/RPMS/noarch/akmods-custom-key-*.rpm \ - -# cleanup stuff -rm -rf /etc/yum.repos.d/fedora-steam.repo diff --git a/install-1password.sh b/build_files/1password.sh similarity index 100% rename from install-1password.sh rename to build_files/1password.sh diff --git a/build_files/bootc.sh b/build_files/bootc.sh new file mode 100755 index 0000000..31e1db5 --- /dev/null +++ b/build_files/bootc.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +if [ "$FEDORA_MAJOR_VERSION" -ge "40" ]; then + /usr/bin/bootupctl backend generate-update-metadata +fi diff --git a/build_files/build-base.sh b/build_files/build-base.sh new file mode 100755 index 0000000..8e48fd5 --- /dev/null +++ b/build_files/build-base.sh @@ -0,0 +1,26 @@ +#!/usr/bin/bash +# shellcheck disable=SC1091 + +set -ouex pipefail + +cp -r /ctx/just /tmp/just +cp /ctx/packages.json /tmp/packages.json + +rsync -rvK /ctx/system_files/shared/ / +rsync -rvK /ctx/system_files/"${BASE_IMAGE_NAME}"/ / + +/ctx/build_files/cache_kernel.sh +/ctx/build_files/copr-repos.sh +/ctx/build_files/install-akmods.sh +/ctx/build_files/packages.sh +/ctx/build_files/nvidia.sh +/ctx/build_files/1password.sh +/ctx/build_files/docker-ce.sh +/ctx/build_files/waydroid.sh +/ctx/build_files/fetch-install.sh +/ctx/build_files/image-info.sh +/ctx/build_files/systemd.sh +/ctx/build_files/custom-changes.sh +/ctx/build_files/initramfs.sh +/ctx/build_files/bootc.sh +/ctx/build_files/cleanup.sh diff --git a/build_files/cache_kernel.sh b/build_files/cache_kernel.sh new file mode 100755 index 0000000..a784acb --- /dev/null +++ b/build_files/cache_kernel.sh @@ -0,0 +1,10 @@ +#!/usr/bin/bash + +set -eoux pipefail + +if [[ -n "${NVIDIA_TYPE:-}" ]]; then + rpm-ostree override replace --experimental \ + /tmp/kernel-rpms/kernel-[0-9]*.rpm \ + /tmp/kernel-rpms/kernel-core-*.rpm \ + /tmp/kernel-rpms/kernel-modules-*.rpm +fi diff --git a/build_files/clean-stage.sh b/build_files/clean-stage.sh new file mode 100755 index 0000000..064dd0b --- /dev/null +++ b/build_files/clean-stage.sh @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +set -eoux pipefail +shopt -s extglob + +rm -rf /tmp/* || true +rm -rf /var/!(cache) +rm -rf /var/cache/!(rpm-ostree) diff --git a/build_files/cleanup.sh b/build_files/cleanup.sh new file mode 100755 index 0000000..d269780 --- /dev/null +++ b/build_files/cleanup.sh @@ -0,0 +1,22 @@ +#!/usr/bin/bash + +set -ouex pipefail + +# Hide Desktop Files. Hidden removes mime associations +sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/htop.desktop +sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/nvtop.desktop + +# Disable all COPRs and RPM Fusion Repos +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/negativo17-fedora-multimedia.repo +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/tailscale.repo +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/_copr_che-nerd-fonts-"${FEDORA_MAJOR_VERSION}".repo +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-cisco-openh264.repo +for i in /etc/yum.repos.d/rpmfusion-*; do + sed -i 's@enabled=1@enabled=0@g' "$i" +done + +if [ -f /etc/yum.repos.d/fedora-coreos-pool.repo ]; then + sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-coreos-pool.repo +fi diff --git a/build_files/copr-repos.sh b/build_files/copr-repos.sh new file mode 100755 index 0000000..b6ca489 --- /dev/null +++ b/build_files/copr-repos.sh @@ -0,0 +1,21 @@ +#!/usr/bin/bash + +set -ouex pipefail + +# Add Staging repo +curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo + +# Patched switcheroo +# Add repo +curl -Lo /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo https://copr.fedorainfracloud.org/coprs/sentry/switcheroo-control_discrete/repo/fedora-"${FEDORA_MAJOR_VERSION}"/sentry-switcheroo-control_discrete-fedora-"${FEDORA_MAJOR_VERSION}".repo + +# Switcheroo patch +rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:sentry:switcheroo-control_discrete \ + switcheroo-control + +rm /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo + +# Add Nerd Fonts +curl -Lo /etc/yum.repos.d/_copr_che-nerd-fonts-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/che-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo diff --git a/build_files/custom-changes.sh b/build_files/custom-changes.sh new file mode 100755 index 0000000..a5621ed --- /dev/null +++ b/build_files/custom-changes.sh @@ -0,0 +1,25 @@ +#!/usr/bin/bash + +set -ouex pipefail + +# temporarily disabled for testing various signature verification methods +# add customized container policy based on upstream's +#cat /usr/etc/containers/policy.json | jq -M '.transports.docker += {"ghcr.io/bsherman":[{"type":"sigstoreSigned","keyPath":"/usr/etc/pki/containers/bsherman.pub","signedIdentity":{"type":"matchRepository"}}]}' > /tmp/bsherman-policy.json && \ +# cp /tmp/bsherman-policy.json /usr/etc/containers/policy.json + +if [[ "${BASE_IMAGE_NAME}" = "silverblue" ]]; then + # custom gnome overrides + mkdir -p /tmp/ublue-schema-test && \ + find /usr/share/glib-2.0/schemas/ -type f ! -name "*.gschema.override" -exec cp {} /tmp/ublue-schema-test/ \; && \ + cp /usr/share/glib-2.0/schemas/*-ublue-custom.gschema.override /tmp/ublue-schema-test/ && \ + echo "Running error test for ublue-custom gschema override. Aborting if failed." && \ + glib-compile-schemas --strict /tmp/ublue-schema-test || exit 1 && \ + echo "Compiling gschema to include ublue-custom setting overrides" && \ + glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null +fi + +# custom shutdown timeouts +if [ ! -f /etc/systemd/user.conf ]; then + cp /usr/lib/systemd/user.conf /etc/systemd/ +fi +sed -i 's/#DefaultTimeoutStopSec.*/DefaultTimeoutStopSec=15s/' /etc/systemd/user.conf diff --git a/install-docker-ce.sh b/build_files/docker-ce.sh similarity index 100% rename from install-docker-ce.sh rename to build_files/docker-ce.sh diff --git a/build_files/fetch-install.sh b/build_files/fetch-install.sh new file mode 100755 index 0000000..8736e0a --- /dev/null +++ b/build_files/fetch-install.sh @@ -0,0 +1,16 @@ +#!/usr/bin/bash + +set -ouex pipefail + +# Starship Shell Prompt +curl -Lo /tmp/starship.tar.gz "https://github.com/starship/starship/releases/latest/download/starship-x86_64-unknown-linux-gnu.tar.gz" +tar -xzf /tmp/starship.tar.gz -C /tmp +install -c -m 0755 /tmp/starship /usr/bin +# shellcheck disable=SC2016 +echo 'eval "$(starship init bash)"' >> /etc/bashrc + +# Bash Prexec +curl -Lo /usr/share/bash-prexec https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh + +# Consolidate Just Files +find /tmp/just -iname '*.just' -exec printf "\n\n" \; -exec cat {} \; >> /usr/share/ublue-os/just/60-custom.just diff --git a/github-release-install.sh b/build_files/github-release-install.sh similarity index 100% rename from github-release-install.sh rename to build_files/github-release-install.sh diff --git a/build_files/image-info.sh b/build_files/image-info.sh new file mode 100755 index 0000000..2edeea6 --- /dev/null +++ b/build_files/image-info.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +set -ouex pipefail + +IMAGE_INFO="/usr/share/ublue-os/image-info.json" +IMAGE_REF="ostree-image-signed:docker://ghcr.io/$IMAGE_VENDOR/$IMAGE_NAME" + +#shellcheck disable=SC2153 +image_flavor="${IMAGE_FLAVOR}" + +if [[ "${NVIDIA_TYPE}" == "nvidia" ]]; then + image_flavor="nvidia" +fi + +cat > $IMAGE_INFO < /usr/lib/modules-load.d/zfs.conf +fi diff --git a/install-brave-browser.sh b/build_files/install-brave-browser.sh similarity index 100% rename from install-brave-browser.sh rename to build_files/install-brave-browser.sh diff --git a/install-google-chrome.sh b/build_files/install-google-chrome.sh similarity index 100% rename from install-google-chrome.sh rename to build_files/install-google-chrome.sh diff --git a/build_files/nvidia.sh b/build_files/nvidia.sh new file mode 100755 index 0000000..9462f8e --- /dev/null +++ b/build_files/nvidia.sh @@ -0,0 +1,11 @@ +#!/usr/bin/bash + +set -ouex pipefail + +# Nvidia Configurations +if [[ "${IMAGE_FLAVOR}" =~ "nvidia" || "${NVIDIA_TYPE}" =~ "nvidia" ]]; then + # Restore x11 for Nvidia Images + if [[ "${BASE_IMAGE_NAME}" =~ "kinoite" && "${FEDORA_MAJOR_VERSION}" -gt "39" ]]; then + rpm-ostree install plasma-workspace-x11 + fi +fi diff --git a/packages.sh b/build_files/packages.sh similarity index 70% rename from packages.sh rename to build_files/packages.sh index 0c444c3..ce56daa 100755 --- a/packages.sh +++ b/build_files/packages.sh @@ -5,13 +5,13 @@ set -ouex pipefail RELEASE="$(rpm -E %fedora)" # build list of all packages requested for inclusion -INCLUDED_PACKAGES=($(jq -r "[(.all.include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ - (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ +INCLUDED_PACKAGES=($(jq -r "[(.all.include | (.all, select(.\"$BASE_IMAGE_NAME\" != null).\"$BASE_IMAGE_NAME\")[]), \ + (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".include | (.all, select(.\"$BASE_IMAGE_NAME\" != null).\"$BASE_IMAGE_NAME\")[])] \ | sort | unique[]" /tmp/packages.json)) # build list of all packages requested for exclusion -EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ - (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ +EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$BASE_IMAGE_NAME\" != null).\"$BASE_IMAGE_NAME\")[]), \ + (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$BASE_IMAGE_NAME\" != null).\"$BASE_IMAGE_NAME\")[])] \ | sort | unique[]" /tmp/packages.json)) @@ -38,8 +38,8 @@ fi # check if any excluded packages are still present # (this can happen if an included package pulls in a dependency) -EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ - (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ +EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$BASE_IMAGE_NAME\" != null).\"$BASE_IMAGE_NAME\")[]), \ + (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$BASE_IMAGE_NAME\" != null).\"$BASE_IMAGE_NAME\")[])] \ | sort | unique[]" /tmp/packages.json)) if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then diff --git a/build_files/systemd.sh b/build_files/systemd.sh new file mode 100755 index 0000000..914c8ae --- /dev/null +++ b/build_files/systemd.sh @@ -0,0 +1,11 @@ +#!/usr/bin/bash + +set -ouex pipefail + +systemctl unmask dconf-update.service +systemctl enable dconf-update.service +systemctl enable rpm-ostree-countme.timer +systemctl enable libvirt-workaround.service +systemctl enable swtpm-workaround.service +systemctl enable tailscaled.service +#systemctl --global enable podman-auto-update.timer diff --git a/install-waydroid.sh b/build_files/waydroid.sh similarity index 100% rename from install-waydroid.sh rename to build_files/waydroid.sh diff --git a/build_files/workarounds.sh b/build_files/workarounds.sh new file mode 100755 index 0000000..6b469a3 --- /dev/null +++ b/build_files/workarounds.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +set -oeux pipefail + +# alternatives cannot create symlinks on its own during a container build +ln -sf /usr/bin/ld.bfd /etc/alternatives/ld && ln -sf /etc/alternatives/ld /usr/bin/ld diff --git a/install.sh b/install.sh deleted file mode 100755 index 86c12f3..0000000 --- a/install.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -set -ouex pipefail - -RELEASE="$(rpm -E %fedora)" - -# ensure that RPM post-install don't break with alternatives reqs -mkdir -p /var/lib/alternatives - -# Get required repos -# tailscale -curl https://pkgs.tailscale.com/stable/fedora/tailscale.repo -o /etc/yum.repos.d/tailscale.repo -# ublue-staging: needed for nvk enabled mesa, etc -curl https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-${RELEASE}/ublue-os-staging-fedora-${RELEASE}.repo?arch=x86_64 -o /etc/yum.repos.d/_copr_ublue-os-staging.repo -if [ "sericea" == "${IMAGE_NAME}" ]; then - curl https://copr.fedorainfracloud.org/coprs/tofik/sway/repo/fedora-${RELEASE}/tofik-sway-fedora-${RELEASE}.repo -o /etc/yum.repos.d/copr_tofik-sway.repo -fi - -for REPO in $(rpm -ql ublue-os-akmods-addons|grep ^"/etc"|grep repo$); do - echo "akmods: enable default entry: ${REPO}" - sed -i.bak '0,/enabled=0/{s/enabled=0/enabled=1/}' ${REPO} -done -rpm-ostree install /tmp/akmods-rpms/*.rpm -for REPO in $(rpm -ql ublue-os-akmods-addons|grep ^"/etc"|grep repo$); do - echo "akmods: restore defaults: ${REPO}" - mv ${REPO}.bak ${REPO} -done - -if [ "${FEDORA_MAJOR_VERSION}" -eq "39" ]; then - # F39 needs libadwaita for ptyxis too - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - gtk4 \ - vte291 \ - libadwaita -fi - - -# run common packages script -/tmp/packages.sh - -/tmp/install-1password.sh -/tmp/install-docker-ce.sh - -/tmp/install-waydroid.sh - -# remove used repos -rm -f /etc/yum.repos.d/_copr_kylegospo* -rm -f /etc/yum.repos.d/tailscale.repo -if [ "sericea" == "${IMAGE_NAME}" ]; then - rm -f /etc/yum.repos.d/copr_tofik-sway.repo -fi - -### github direct installs -/tmp/github-release-install.sh twpayne/chezmoi x86_64 - -### browser installs -if [ "hostrpm" == "${BROWSER_MODE}" ]; then - # use host-native browser installation - /tmp/install-brave-browser.sh - /tmp/install-google-chrome.sh -else - # for flatpak/distrbox only browser installation - rpm-ostree override remove firefox firefox-langpacks -fi diff --git a/just/developer.just b/just/developer.just new file mode 100644 index 0000000..05bd839 --- /dev/null +++ b/just/developer.just @@ -0,0 +1,25 @@ +# Install virtualization stack (libvirt/virt-manager/etc) +install-virtualization: + rpm-ostree install libvirt-client libvirt-daemon-kvm virt-install virt-manager + +# Un-install virtualization stack (libvirt/virt-manager/etc) +uninstall-virtualization: + rpm-ostree uninstall libvirt-client libvirt-daemon-kvm virt-install virt-manager + +# Install JetBrains Toolbox | https://www.jetbrains.com/toolbox-app/ +install-jetbrains-toolbox: + #!/usr/bin/env bash + pushd "$(mktemp -d)" + echo "Get latest JetBrains Toolbox version" + # Get the json with latest releases + curl -sSfL -o releases.json "https://data.services.jetbrains.com/products/releases?code=TBA&latest=true&type=release" + # Extract information + BUILD_VERSION=$(jq -r '.TBA[0].build' ./releases.json) + DOWNLOAD_LINK=$(jq -r '.TBA[0].downloads.linux.link' ./releases.json) + CHECKSUM_LINK=$(jq -r '.TBA[0].downloads.linux.checksumLink' ./releases.json) + echo "Installing JetBrains Toolbox ${BUILD_VERSION}" + curl -sSfL -O "${DOWNLOAD_LINK}" + curl -sSfL "${CHECKSUM_LINK}" | sha256sum -c + tar zxf jetbrains-toolbox-"${BUILD_VERSION}".tar.gz + echo "Launching JetBrains Toolbox" + ./jetbrains-toolbox-"${BUILD_VERSION}"/jetbrains-toolbox diff --git a/just/distrobox-custom.just b/just/distrobox-custom.just new file mode 100644 index 0000000..7fee52c --- /dev/null +++ b/just/distrobox-custom.just @@ -0,0 +1,3 @@ +# Create a Fedora (bsherman custom) container +distrobox-fedora-custom: + distrobox create --nvidia --image ghcr.io/bsherman/fedora-toolbox-custom:FEDORA_MAJOR_VERSION -n fedora-custom -Y diff --git a/just/flatpak.just b/just/flatpak.just new file mode 100644 index 0000000..4bd4253 --- /dev/null +++ b/just/flatpak.just @@ -0,0 +1,137 @@ +# Setup flathub remote, remove fedora remote if present +setup-flatpak-repos: + flatpak remote-add --if-not-exists --system flathub https://flathub.org/repo/flathub.flatpakrepo + flatpak uninstall --system --noninteractive `flatpak list --all --columns origin,application|grep ^fedora|awk '{print $2}'|xargs` + flatpak remote-delete --system fedora --force + +# Install typical GNOME apps +install-apps-gnome: + flatpak install --noninteractive --system flathub \\ + org.gnome.Calculator \\ + org.gnome.Calendar \\ + org.gnome.Characters \\ + org.gnome.Connections \\ + org.gnome.Contacts \\ + org.gnome.Evince \\ + org.gnome.Logs \\ + org.gnome.Loupe \\ + org.gnome.Maps \\ + org.gnome.NautilusPreviewer \\ + org.gnome.TextEditor \\ + org.gnome.Weather \\ + org.gnome.baobab \\ + org.gnome.clocks \\ + org.gnome.font-viewer \\ + org.gnome.SimpleScan \\ + org.gnome.SoundRecorder \\ + org.fedoraproject.MediaWriter \\ + org.mozilla.firefox \\ + com.github.tchx84.Flatseal \\ + com.mattjakeman.ExtensionManager \\ + io.github.celluloid_player.Celluloid \\ + it.mijorus.gearlever \\ + io.missioncenter.MissionCenter \\ + org.gustavoperedo.FontDownloader + +# Install typical KDE apps +install-apps-kde: + flatpak install --noninteractive --system flathub \\ + app/org.fedoraproject.MediaWriter/x86_64/stable \\ + app/org.mozilla.Thunderbird/x86_64/stable \\ + app/org.mozilla.firefox/x86_64/stable \\ + app/org.kde.kcalc/x86_64/stable \\ + app/org.kde.gwenview/x86_64/stable \\ + app/org.kde.kontact/x86_64/stable \\ + app/org.kde.okular/x86_64/stable \\ + app/org.kde.kweather/x86_64/stable \\ + app/org.kde.kclock/x86_64/stable \\ + app/org.kde.haruna/x86_64/stable \\ + app/org.kde.filelight/x86_64/stable \\ + app/com.github.tchx84.Flatseal/x86_64/stable \\ + app/io.github.dvlv.boxbuddyrs/x86_64/stable \\ + app/io.github.flattool.Warehouse/x86_64/stable \\ + app/org.fedoraproject.MediaWriter/x86_64/stable \\ + app/io.missioncenter.MissionCenter/x86_64/stable \\ + app/it.mijorus.gearlever/x86_64/stable + +# Install Productivity and Communications apps +install-apps-productivity: + flatpak install -y --system \\ + com.google.Chrome \\ + com.microsoft.Edge \\ + com.seafile.Client \\ + com.simplenote.Simplenote \\ + io.github.mimbrero.WhatsAppDesktop \\ + org.signal.Signal \\ + us.zoom.Zoom + +# Install Creative Media Apps +install-apps-creative: + flatpak install -y --system \\ + nl.hjdskes.gcolor3 \\ + org.audacityteam.Audacity \\ + org.gimp.GIMP \\ + org.inkscape.Inkscape \\ + org.kde.kdenlive \\ + org.kde.krita + +# Install Other misc apps for my home users +install-apps-misc: + flatpak install -y --system \\ + com.belmoussaoui.Obfuscate \\ + com.discordapp.Discord \\ + com.skype.Client \\ + com.slack.Slack \\ + de.haeckerfelix.Fragments \\ + org.gnome.Firmware \\ + org.gnome.seahorse.Application \\ + org.telegram.desktop \\ + tech.feliciano.pocket-casts + +# Give browsers permission to create PWAs (Progressive Web Apps) +install-pwa-flatpak-overrides: + flatpak override --system --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.google.Chrome + flatpak override --system --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.brave.Browser + flatpak override --system --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.microsoft.Edge + +# Install educational games +install-games-educational: + flatpak install -y --system \\ + org.kde.kturtle \\ + edu.mit.Scratch \\ + com.tux4kids.tuxmath \\ + com.tux4kids.tuxtype \\ + org.tuxpaint.Tuxpaint + +# Install light/casual games +install-games-light: + flatpak install -y --system \\ + net.sourceforge.lgames.LTris \\ + org.frozen_bubble.frozen-bubble \\ + org.gnome.Aisleriot \\ + org.gnome.Mines + +# Install Linux games +install-games-linux: + flatpak install -y --system \\ + io.github.retux_game.retux \\ + net.sourceforge.ExtremeTuxRacer \\ + net.supertuxkart.SuperTuxKart \\ + org.supertuxproject.SuperTux \\ + org.armagetronad.ArmagetronAdvanced \\ + party.supertux.supertuxparty + +# Install Minecraft games +install-games-minecraft: + flatpak install -y --system \\ + com.mojang.Minecraft \\ + io.mrarm.mcpelauncher \\ + org.prismlauncher.PrismLauncher + +# Install Steam with MangoHud, Gamescope and Prototricks +install-games-steam: + flatpak install -y --system \\ + org.freedesktop.Platform.VulkanLayer.MangoHud//22.08 \\ + com.github.Matoking.protontricks \\ + com.valvesoftware.Steam \\ + com.valvesoftware.Steam.Utility.gamescope diff --git a/system_files/usr/share/ublue-os/just/82-bazzite-waydroid.just b/just/waydroid-from-bazzite.just similarity index 100% rename from system_files/usr/share/ublue-os/just/82-bazzite-waydroid.just rename to just/waydroid-from-bazzite.just diff --git a/packages.json b/packages.json index 436618f..58594cb 100644 --- a/packages.json +++ b/packages.json @@ -17,7 +17,6 @@ "iotop", "ipcalc", "iperf3", - "langpacks-en", "libimobiledevice", "libretls", "libvirt-daemon", @@ -103,36 +102,23 @@ ] }, "exclude": { - "all": [], - "kinoite": [ - "plasma-welcome" + "all": [ + "firefox", + "firefox-langpacks" ], + "kinoite": [], "silverblue": [ "gnome-extensions-app", - "gnome-software-rpm-ostree", - "gnome-tour" + "gnome-software-rpm-ostree" ], "sericea": [ "sddm-x11" ] } }, - "39": { - "include": { - "all": [], - "kinoite": [ - "libadwaita-qt5" - ] - }, - "exclude": { - "all": [] - } - }, "40": { "include": { - "all": [ - "ptyxis" - ], + "all": [], "kinoite": [ "libadwaita-qt5", "libadwaita-qt6" diff --git a/post-install.sh b/post-install.sh deleted file mode 100755 index 9a656f7..0000000 --- a/post-install.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -set -ouex pipefail - -# temporarily disabled for testing various signature verification methods -# add customized container policy based on upstream's -#cat /usr/etc/containers/policy.json | jq -M '.transports.docker += {"ghcr.io/bsherman":[{"type":"sigstoreSigned","keyPath":"/usr/etc/pki/containers/bsherman.pub","signedIdentity":{"type":"matchRepository"}}]}' > /tmp/bsherman-policy.json && \ -# cp /tmp/bsherman-policy.json /usr/etc/containers/policy.json - -# custom gnome overrides -mkdir -p /tmp/ublue-schema-test && \ -find /usr/share/glib-2.0/schemas/ -type f ! -name "*.gschema.override" -exec cp {} /tmp/ublue-schema-test/ \; && \ -cp /usr/share/glib-2.0/schemas/*-ublue-custom.gschema.override /tmp/ublue-schema-test/ && \ -echo "Running error test for ublue-custom gschema override. Aborting if failed." && \ -glib-compile-schemas --strict /tmp/ublue-schema-test || exit 1 && \ -echo "Compiling gschema to include ublue-custom setting overrides" && \ -glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null - - -# pre-enabled services -systemctl unmask dconf-update.service -systemctl enable dconf-update.service -systemctl enable rpm-ostree-countme.timer -systemctl enable libvirt-workaround.service -systemctl enable swtpm-workaround.service -systemctl enable tailscaled.service - -# custom just recipes -sed -i "s/FEDORA_MAJOR_VERSION/${FEDORA_MAJOR_VERSION}/" /usr/share/ublue-os/just/60-custom.just - -# custom shutdown timeouts -if [ ! -f /etc/systemd/user.conf ]; then - cp /usr/lib/systemd/user.conf /etc/systemd/ -fi -if [ ! -f /etc/systemd/system.conf ]; then - cp /usr/lib/systemd/system.conf /etc/systemd/ -fi -sed -i 's/#DefaultTimeoutStopSec.*/DefaultTimeoutStopSec=15s/' /etc/systemd/user.conf -sed -i 's/#DefaultTimeoutStopSec.*/DefaultTimeoutStopSec=15s/' /etc/systemd/system.conf - -# generate pre-built initramfs only if main, since nvidia rebuilds this upstream -if [ "$FEDORA_MAJOR_VERSION" -ge "40" ]; then - if [ "$IMAGE_SUFFIX" == "main" ]; then - /tmp/build-initramfs.sh - fi -fi - -if [ "$FEDORA_MAJOR_VERSION" -ge "40" ]; then - /usr/bin/bootupctl backend generate-update-metadata -fi diff --git a/system_files/etc/containers/containers.conf.d/rootless-network.conf b/system_files/shared/etc/containers/containers.conf.d/rootless-network.conf similarity index 100% rename from system_files/etc/containers/containers.conf.d/rootless-network.conf rename to system_files/shared/etc/containers/containers.conf.d/rootless-network.conf diff --git a/system_files/etc/containers/registries.d/bsherman.yaml b/system_files/shared/etc/containers/registries.d/bsherman.yaml similarity index 100% rename from system_files/etc/containers/registries.d/bsherman.yaml rename to system_files/shared/etc/containers/registries.d/bsherman.yaml diff --git a/system_files/etc/default/waydroid-launcher b/system_files/shared/etc/default/waydroid-launcher similarity index 100% rename from system_files/etc/default/waydroid-launcher rename to system_files/shared/etc/default/waydroid-launcher diff --git a/system_files/etc/pki/containers/bsherman.pub b/system_files/shared/etc/pki/containers/bsherman.pub similarity index 100% rename from system_files/etc/pki/containers/bsherman.pub rename to system_files/shared/etc/pki/containers/bsherman.pub diff --git a/system_files/usr/bin/waydroid-launcher b/system_files/shared/usr/bin/waydroid-launcher similarity index 100% rename from system_files/usr/bin/waydroid-launcher rename to system_files/shared/usr/bin/waydroid-launcher diff --git a/system_files/usr/bin/xdg-terminal-exec b/system_files/shared/usr/bin/xdg-terminal-exec similarity index 100% rename from system_files/usr/bin/xdg-terminal-exec rename to system_files/shared/usr/bin/xdg-terminal-exec diff --git a/system_files/usr/lib/sysctl.d/60-kernel.conf b/system_files/shared/usr/lib/sysctl.d/60-kernel.conf similarity index 100% rename from system_files/usr/lib/sysctl.d/60-kernel.conf rename to system_files/shared/usr/lib/sysctl.d/60-kernel.conf diff --git a/system_files/usr/lib/sysctl.d/70-gaming.conf b/system_files/shared/usr/lib/sysctl.d/70-gaming.conf similarity index 100% rename from system_files/usr/lib/sysctl.d/70-gaming.conf rename to system_files/shared/usr/lib/sysctl.d/70-gaming.conf diff --git a/system_files/usr/lib/sysctl.d/75-networking.conf b/system_files/shared/usr/lib/sysctl.d/75-networking.conf similarity index 100% rename from system_files/usr/lib/sysctl.d/75-networking.conf rename to system_files/shared/usr/lib/sysctl.d/75-networking.conf diff --git a/system_files/usr/lib/sysctl.d/80-inotify.conf b/system_files/shared/usr/lib/sysctl.d/80-inotify.conf similarity index 100% rename from system_files/usr/lib/sysctl.d/80-inotify.conf rename to system_files/shared/usr/lib/sysctl.d/80-inotify.conf diff --git a/system_files/usr/lib/systemd/system/libvirt-workaround.service b/system_files/shared/usr/lib/systemd/system/libvirt-workaround.service similarity index 100% rename from system_files/usr/lib/systemd/system/libvirt-workaround.service rename to system_files/shared/usr/lib/systemd/system/libvirt-workaround.service diff --git a/system_files/usr/lib/systemd/system/swtpm-workaround.service b/system_files/shared/usr/lib/systemd/system/swtpm-workaround.service similarity index 100% rename from system_files/usr/lib/systemd/system/swtpm-workaround.service rename to system_files/shared/usr/lib/systemd/system/swtpm-workaround.service diff --git a/system_files/usr/lib/systemd/system/waydroid-workaround.service b/system_files/shared/usr/lib/systemd/system/waydroid-workaround.service similarity index 100% rename from system_files/usr/lib/systemd/system/waydroid-workaround.service rename to system_files/shared/usr/lib/systemd/system/waydroid-workaround.service diff --git a/system_files/usr/lib/tmpfiles.d/libvirt-workaround.conf b/system_files/shared/usr/lib/tmpfiles.d/libvirt-workaround.conf similarity index 100% rename from system_files/usr/lib/tmpfiles.d/libvirt-workaround.conf rename to system_files/shared/usr/lib/tmpfiles.d/libvirt-workaround.conf diff --git a/system_files/usr/lib/tmpfiles.d/pcp-ucore.conf b/system_files/shared/usr/lib/tmpfiles.d/pcp-ucore.conf similarity index 100% rename from system_files/usr/lib/tmpfiles.d/pcp-ucore.conf rename to system_files/shared/usr/lib/tmpfiles.d/pcp-ucore.conf diff --git a/system_files/usr/lib/tmpfiles.d/swtpm-workaround.conf b/system_files/shared/usr/lib/tmpfiles.d/swtpm-workaround.conf similarity index 100% rename from system_files/usr/lib/tmpfiles.d/swtpm-workaround.conf rename to system_files/shared/usr/lib/tmpfiles.d/swtpm-workaround.conf diff --git a/system_files/usr/lib/tmpfiles.d/waydroid-workaround.conf b/system_files/shared/usr/lib/tmpfiles.d/waydroid-workaround.conf similarity index 100% rename from system_files/usr/lib/tmpfiles.d/waydroid-workaround.conf rename to system_files/shared/usr/lib/tmpfiles.d/waydroid-workaround.conf diff --git a/system_files/usr/libexec/waydroid-container-start b/system_files/shared/usr/libexec/waydroid-container-start similarity index 100% rename from system_files/usr/libexec/waydroid-container-start rename to system_files/shared/usr/libexec/waydroid-container-start diff --git a/system_files/usr/libexec/waydroid-container-stop b/system_files/shared/usr/libexec/waydroid-container-stop similarity index 100% rename from system_files/usr/libexec/waydroid-container-stop rename to system_files/shared/usr/libexec/waydroid-container-stop diff --git a/system_files/usr/libexec/waydroid-fix-controllers b/system_files/shared/usr/libexec/waydroid-fix-controllers similarity index 100% rename from system_files/usr/libexec/waydroid-fix-controllers rename to system_files/shared/usr/libexec/waydroid-fix-controllers diff --git a/system_files/usr/share/polkit-1/actions/org.bazzite.waydroid.policy b/system_files/shared/usr/share/polkit-1/actions/org.bazzite.waydroid.policy similarity index 100% rename from system_files/usr/share/polkit-1/actions/org.bazzite.waydroid.policy rename to system_files/shared/usr/share/polkit-1/actions/org.bazzite.waydroid.policy diff --git a/system_files/usr/share/polkit-1/rules.d/100-libvirt-acl.rules b/system_files/shared/usr/share/polkit-1/rules.d/100-libvirt-acl.rules similarity index 100% rename from system_files/usr/share/polkit-1/rules.d/100-libvirt-acl.rules rename to system_files/shared/usr/share/polkit-1/rules.d/100-libvirt-acl.rules diff --git a/system_files/usr/share/polkit-1/rules.d/30-waydroid.rules b/system_files/shared/usr/share/polkit-1/rules.d/30-waydroid.rules similarity index 100% rename from system_files/usr/share/polkit-1/rules.d/30-waydroid.rules rename to system_files/shared/usr/share/polkit-1/rules.d/30-waydroid.rules diff --git a/system_files/etc/dconf/db/local.d/01-ublue-custom-keybindings b/system_files/silverblue/etc/dconf/db/local.d/01-ublue-custom-keybindings similarity index 100% rename from system_files/etc/dconf/db/local.d/01-ublue-custom-keybindings rename to system_files/silverblue/etc/dconf/db/local.d/01-ublue-custom-keybindings diff --git a/system_files/etc/dconf/db/local.d/04-custom-folders b/system_files/silverblue/etc/dconf/db/local.d/04-custom-folders similarity index 100% rename from system_files/etc/dconf/db/local.d/04-custom-folders rename to system_files/silverblue/etc/dconf/db/local.d/04-custom-folders diff --git a/system_files/etc/dconf/profile/user b/system_files/silverblue/etc/dconf/profile/user similarity index 100% rename from system_files/etc/dconf/profile/user rename to system_files/silverblue/etc/dconf/profile/user diff --git a/system_files/usr/lib/systemd/system/dconf-update.service b/system_files/silverblue/usr/lib/systemd/system/dconf-update.service similarity index 100% rename from system_files/usr/lib/systemd/system/dconf-update.service rename to system_files/silverblue/usr/lib/systemd/system/dconf-update.service diff --git a/system_files/usr/share/glib-2.0/schemas/z0-ublue-custom.gschema.override b/system_files/silverblue/usr/share/glib-2.0/schemas/z0-ublue-custom.gschema.override similarity index 100% rename from system_files/usr/share/glib-2.0/schemas/z0-ublue-custom.gschema.override rename to system_files/silverblue/usr/share/glib-2.0/schemas/z0-ublue-custom.gschema.override diff --git a/system_files/usr/share/ublue-os/just/60-custom.just b/system_files/usr/share/ublue-os/just/60-custom.just deleted file mode 100644 index 30989a0..0000000 --- a/system_files/usr/share/ublue-os/just/60-custom.just +++ /dev/null @@ -1,167 +0,0 @@ -# Create a Fedora (bsherman custom) container -distrobox-fedora-custom: - distrobox create --nvidia --image ghcr.io/bsherman/fedora-toolbox-custom:FEDORA_MAJOR_VERSION -n fedora-custom -Y - -# Setup flathub remote, remove fedora remote if present -setup-flatpak-repos: - flatpak remote-add --if-not-exists --system flathub https://flathub.org/repo/flathub.flatpakrepo - flatpak uninstall --system --noninteractive `flatpak list --all --columns origin,application|grep ^fedora|awk '{print $2}'|xargs` - flatpak remote-delete --system fedora --force - -# Install typical GNOME apps -install-apps-gnome: - flatpak install --noninteractive --system flathub \\ - org.gnome.Calculator \\ - org.gnome.Calendar \\ - org.gnome.Characters \\ - org.gnome.Connections \\ - org.gnome.Contacts \\ - org.gnome.Evince \\ - org.gnome.Logs \\ - org.gnome.Loupe \\ - org.gnome.Maps \\ - org.gnome.NautilusPreviewer \\ - org.gnome.TextEditor \\ - org.gnome.Weather \\ - org.gnome.baobab \\ - org.gnome.clocks \\ - org.gnome.font-viewer \\ - org.gnome.SimpleScan \\ - org.gnome.SoundRecorder \\ - org.fedoraproject.MediaWriter \\ - org.mozilla.firefox \\ - com.github.tchx84.Flatseal \\ - com.mattjakeman.ExtensionManager \\ - io.github.celluloid_player.Celluloid \\ - it.mijorus.gearlever \\ - io.missioncenter.MissionCenter \\ - org.gustavoperedo.FontDownloader - -# Install typical KDE apps -install-apps-kde: - flatpak install --noninteractive --system flathub \\ - app/org.fedoraproject.MediaWriter/x86_64/stable \\ - app/org.mozilla.Thunderbird/x86_64/stable \\ - app/org.mozilla.firefox/x86_64/stable \\ - app/org.kde.kcalc/x86_64/stable \\ - app/org.kde.gwenview/x86_64/stable \\ - app/org.kde.kontact/x86_64/stable \\ - app/org.kde.okular/x86_64/stable \\ - app/org.kde.kweather/x86_64/stable \\ - app/org.kde.kclock/x86_64/stable \\ - app/org.kde.haruna/x86_64/stable \\ - app/org.kde.filelight/x86_64/stable \\ - app/com.github.tchx84.Flatseal/x86_64/stable \\ - app/io.github.dvlv.boxbuddyrs/x86_64/stable \\ - app/io.github.flattool.Warehouse/x86_64/stable \\ - app/org.fedoraproject.MediaWriter/x86_64/stable \\ - app/io.missioncenter.MissionCenter/x86_64/stable \\ - app/it.mijorus.gearlever/x86_64/stable - -# Install Productivity and Communications apps -install-apps-productivity: - flatpak install -y --system \\ - com.google.Chrome \\ - com.microsoft.Edge \\ - com.seafile.Client \\ - com.simplenote.Simplenote \\ - io.github.mimbrero.WhatsAppDesktop \\ - org.signal.Signal \\ - us.zoom.Zoom - -# Install Creative Media Apps -install-apps-creative: - flatpak install -y --system \\ - nl.hjdskes.gcolor3 \\ - org.audacityteam.Audacity \\ - org.gimp.GIMP \\ - org.inkscape.Inkscape \\ - org.kde.kdenlive \\ - org.kde.krita - -# Install Other misc apps for my home users -install-apps-misc: - flatpak install -y --system \\ - com.belmoussaoui.Obfuscate \\ - com.discordapp.Discord \\ - com.skype.Client \\ - com.slack.Slack \\ - de.haeckerfelix.Fragments \\ - org.gnome.Firmware \\ - org.gnome.seahorse.Application \\ - org.telegram.desktop \\ - tech.feliciano.pocket-casts - -# Give browsers permission to create PWAs (Progressive Web Apps) -install-pwa-flatpak-overrides: - flatpak override --system --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.google.Chrome - flatpak override --system --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.brave.Browser - flatpak override --system --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.microsoft.Edge - -# Install educational games -install-games-educational: - flatpak install -y --system \\ - org.kde.kturtle \\ - edu.mit.Scratch \\ - com.tux4kids.tuxmath \\ - com.tux4kids.tuxtype \\ - org.tuxpaint.Tuxpaint - -# Install light/casual games -install-games-light: - flatpak install -y --system \\ - net.sourceforge.lgames.LTris \\ - org.frozen_bubble.frozen-bubble \\ - org.gnome.Aisleriot \\ - org.gnome.Mines - -# Install Linux games -install-games-linux: - flatpak install -y --system \\ - io.github.retux_game.retux \\ - net.sourceforge.ExtremeTuxRacer \\ - net.supertuxkart.SuperTuxKart \\ - org.supertuxproject.SuperTux \\ - org.armagetronad.ArmagetronAdvanced \\ - party.supertux.supertuxparty - -# Install Minecraft games -install-games-minecraft: - flatpak install -y --system \\ - com.mojang.Minecraft \\ - io.mrarm.mcpelauncher \\ - org.prismlauncher.PrismLauncher - -# Install Steam with MangoHud, Gamescope and Prototricks -install-games-steam: - flatpak install -y --system \\ - org.freedesktop.Platform.VulkanLayer.MangoHud//22.08 \\ - com.github.Matoking.protontricks \\ - com.valvesoftware.Steam \\ - com.valvesoftware.Steam.Utility.gamescope - -# Install virtualization stack (libvirt/virt-manager/etc) -install-virtualization: - rpm-ostree install libvirt-client libvirt-daemon-kvm virt-install virt-manager - -# Un-install virtualization stack (libvirt/virt-manager/etc) -uninstall-virtualization: - rpm-ostree uninstall libvirt-client libvirt-daemon-kvm virt-install virt-manager - -# Install JetBrains Toolbox | https://www.jetbrains.com/toolbox-app/ -install-jetbrains-toolbox: - #!/usr/bin/env bash - pushd "$(mktemp -d)" - echo "Get latest JetBrains Toolbox version" - # Get the json with latest releases - curl -sSfL -o releases.json "https://data.services.jetbrains.com/products/releases?code=TBA&latest=true&type=release" - # Extract information - BUILD_VERSION=$(jq -r '.TBA[0].build' ./releases.json) - DOWNLOAD_LINK=$(jq -r '.TBA[0].downloads.linux.link' ./releases.json) - CHECKSUM_LINK=$(jq -r '.TBA[0].downloads.linux.checksumLink' ./releases.json) - echo "Installing JetBrains Toolbox ${BUILD_VERSION}" - curl -sSfL -O "${DOWNLOAD_LINK}" - curl -sSfL "${CHECKSUM_LINK}" | sha256sum -c - tar zxf jetbrains-toolbox-"${BUILD_VERSION}".tar.gz - echo "Launching JetBrains Toolbox" - ./jetbrains-toolbox-"${BUILD_VERSION}"/jetbrains-toolbox