Can't install on fedora silverblue

[JeremiahSecrist]

Pre-Submit Checklist:

• Check applicable sources for existing issues:
  • Windows Known Issues
  • Linux Known Issues
  • Github Issues
  • New issue

What happened: Program failed to install.
After install the prerequisites needed for protmaster and rebooted I downloaded the rpm and run rpm-ostree install /path/to/rpm
During the installation it failed giving the following error. I understand silver-blue is more edge case scenario. That being said I'm willing to help test an any way possible.

What did you expect to happen?:
The program to install properly.

How did you reproduce it?:
Simply by downloading and installing into fedora silver-blue

Debug Information:
error: Running %post for portmaster: bwrap(/bin/sh): Child process killed by signal 1; run journalctl -t 'rpm-ostree(portmaster.post)' for more information

Portmaster.log

[dhaavi]

Hey @arouzing, thanks for reporting this.

I think the problem is this line:
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start'

I believe this is similar, possibly a duplicate of safing/portmaster#465.

We will look into this.
Internall tracked with CC#2168.

[JeremiahSecrist]

Thanks! Silverblue works a bit differently then normal fedora. it may require slightly different packaging in order to get it to work. If you would like I could link you to the information and limitation of packaging for fedora Silverblue.

[dhaavi]

I see. Yes, a couple references would definitely be nice.

[JeremiahSecrist]

https://docs.fedoraproject.org/en-US/fedora-silverblue/troubleshooting/
Here in the FAQ is a section mentioning issues when installing into opt or local.
It points to here If you need a tester for installing onto silverblue I'd be happy to test packages. As I would love to use postmaster on this machine!

[JeremiahSecrist]

As silver blue is mostly immutable certain most areas can not have dynamic data stored in them. The areas where mutable information is stored is located here

[dhaavi]

Thanks for the pointers!

silver blue is mostly immutable

Ah, yes. That would be a problem. But /opt seems to linked to /var/opt now, so maybe this isn't a problem after all.

[JeremiahSecrist]

chcon: failed to change context of '/opt/safing/portmaster/portmaster-start'

Does port-master make changes to /opt over time (I think you answered this before)? Do you think it would be possible to have the package detect silverblue and change directories?
The github issue I linked before only works for chrome currently.

[dhaavi]

Does port-master make changes to /opt over time

Yes. All data is there: config, databases, updates, logs.

Do you think it would be possible to have the package detect silverblue and change directories?

Maybe. Does silverblue have a special system for this in place? Eg. to query if silverblue is there and ways to interact?

But if /opt is really linked to /var/opt, then this shouldn't be a problem, should it?

[JeremiahSecrist]

Yes. All data is there: config, databases, updates, logs.
I'll have to look around more and see how different project accomplish this on fedora and still work with silverblue

But if /opt is really linked to /var/opt, then this shouldn't be a problem, should it?
It should with the current workaround in place but something seams off with the current configuration that the patch cant handle. I did some testing on my system and found some packages that accomplished patching into /var/opt with no issue.

I am asking around for some guidelines to see if I can help further! I do have some packages that I have used that store in opt and work, let me link them here:
Tabby
vagrant

other information:
https://www.pathname.com/fhs/pub/fhs-2.3.pdf

Thanks so much for taking the time to read all this I know you guys are busy!

[dhaavi]

I've looked into Tabby and Vagrant a bit and it seems they don't do automatic updates, which I think is causing the trouble here.

Another app I know does automatic updates and installs to /opt, is Google Chrome. Don't know if they have support for Silverblue.

https://www.pathname.com/fhs/pub/fhs-2.3.pdf

This is interesting. I haven't yet encountered such a detailed description yet.

I can say that we do not fully follow the definitions laid out here.
Well, except if Silverblue really just links /opt to /var/opt - then we should be ok.

Can you find out how exactly Silverblue handles /opt and /var/opt?

Thanks so much for taking the time to read all this I know you guys are busy!

Thanks for the appreciation. It's always nice when someone understands.

[JeremiahSecrist]

I think I found a Potential fix to the issue. It might be worth trying on a fedora silverblue vm. change the paths and install the compiled rpm with rpm-ostree install custom-package.rpm

The solution may not even apply in this situation. Maybe I'll see if I can find someone working on the silverblue team to take a look at this project and give some guidance?

I noticed they have a community section where you could reach out:
https://discussion.fedoraproject.org/tag/silverblue

[JayDoubleu]

This issue is caused by https://github.com/safing/portmaster-packaging/blob/0284b11d5f68efca0a108d689d934d88391e2b6d/linux/templates/snippets/post-install.sh#L18..L20

chcon: failed to change context of '/opt/safing/portmaster/portmaster-start' to ‘system_u:object_r:bin_t:s0’: Operation not supported

Removing lines mentioned above makes it install with rpm-ostree just fine.

I'm not sure if chcon should be in postinstall. Perhaps you could try something like below instead:

if command -V getenforce >/dev/null 2>&1; then
    semanage fcontext -a -t bin_t /opt/safing/portmaster/portmaster-start
    restorecon -v /opt/safing/portmaster/portmaster-start
fi

[cjao]

Thanks for the pointers!

silver blue is mostly immutable

Ah, yes. That would be a problem. But /opt seems to linked to /var/opt now, so maybe this isn't a problem after all.

While /opt is ordinarily linked to /var/opt, rpm-ostree install actually redirects files in /opt to /usr/lib/opt. This is because rpm-ostree expects all system code tracked by rpm to live under /usr and reserves /opt strictly for programs with custom (non-rpm) installers.

[JeremiahSecrist]

This issue is caused by https://github.com/safing/portmaster-packaging/blob/0284b11d5f68efca0a108d689d934d88391e2b6d/linux/templates/snippets/post-install.sh#L18..L20

chcon: failed to change context of '/opt/safing/portmaster/portmaster-start' to ‘system_u:object_r:bin_t:s0’: Operation not supported

Removing lines mentioned above makes it install with rpm-ostree just fine.

I'm not sure if chcon should be in postinstall. Perhaps you could try something like below instead:

if command -V getenforce >/dev/null 2>&1; then
    semanage fcontext -a -t bin_t /opt/safing/portmaster/portmaster-start
    restorecon -v /opt/safing/portmaster/portmaster-start
fi

Would it be alright if I ask how you modified the rpm? Did you recompile or just modify the rpm? If the latter, how did you go about that. Thanks in advance!

[JayDoubleu]

This issue is caused by https://github.com/safing/portmaster-packaging/blob/0284b11d5f68efca0a108d689d934d88391e2b6d/linux/templates/snippets/post-install.sh#L18..L20
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start' to ‘system_u:object_r:bin_t:s0’: Operation not supported
Removing lines mentioned above makes it install with rpm-ostree just fine.
I'm not sure if chcon should be in postinstall. Perhaps you could try something like below instead:

if command -V getenforce >/dev/null 2>&1; then
    semanage fcontext -a -t bin_t /opt/safing/portmaster/portmaster-start
    restorecon -v /opt/safing/portmaster/portmaster-start
fi

Would it be alright if I ask how you modified the rpm? Did you recompile or just modify the rpm? If the latter, how did you go about that. Thanks in advance!

@arouzing I cloned this repo, modified the mentioned lines and ran make rpm command. Before that would work I had to install bunch of weird golang deps as it looks like this RPM is being built by some lazy do it all magical go app.

FROM fedora:35
RUN dnf -y install '@Development tools'

RUN mkdir /tmp/build
RUN git clone https://github.com/JayDoubleu/portmaster-packaging.git /tmp/build

WORKDIR /tmp/build/linux

RUN dnf -y install ImageMagick

ADD https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 /usr/bin/gomplate
RUN chmod +x /usr/bin/gomplate

RUN echo [goreleaser] > /etc/yum.repos.d/goreleaser.repo
RUN echo name=GoReleaser >> /etc/yum.repos.d/goreleaser.repo
RUN echo baseurl=https://repo.goreleaser.com/yum/ >> /etc/yum.repos.d/goreleaser.repo 
RUN echo enabled=1 >> /etc/yum.repos.d/goreleaser.repo 
RUN echo gpgcheck=0 >> /etc/yum.repos.d/goreleaser.repo 

RUN dnf -y install nfpm

RUN make rpm

Add above to Containerfile

then run podman build -t portmaster .
It will build you an rpm.
Then you can extract it from container with :
podman run -it -v $(pwd):/tmp/pwd:Z portmaster cp dist/portmaster-0.7.0~2.x86_64.rpm /tmp/pwd

You will end up with portmaster-0.7.0~2.x86_64.rpm in your current working directory.
Then just simply install it with rpm-ostree install portmaster-0.7.0~2.x86_64.rpm

[JeremiahSecrist]

@JayDoubleu thankyou very much!

[JeremiahSecrist]

After a successful install and a reboot, it is however unable to startup.
The desktop file is misconfigured, since it is trying to write data on startup.
/opt/safing/portmaster/portmaster-start app --data=/opt/safing/portmaster (is the default command for portmaster.desktop)
changing it to /var/opt does not seam to be the solution either.
Error log

[JayDoubleu]

After a successful install and a reboot, it is however unable to startup. The desktop file is misconfigured, since it is trying to write data on startup. /opt/safing/portmaster/portmaster-start app --data=/opt/safing/portmaster (is the default command for portmaster.desktop) changing it to /var/opt does not seam to be the solution either. Error log

I would try getting fedora workstation in gnome boxes and see if it works at all in fedora.

Perks of being an early adopter for alpha software ;)

[JeremiahSecrist]

Perks of being an early adopter for alpha software ;)
It certainly is. I came across this project and really want to see it work on silver blue. A worthy price to pay.

I have a vm up and running, let me give it a shot.
edit:
I know un-modded portmaster works just fine on fedora workstation.

[JayDoubleu]

I also noticed this :

Feb 06 00:27:26  rpm-ostree(portmaster.post)[12328]: portmaster: Failed to download modules
Feb 06 00:27:26  rpm-ostree(portmaster.post)[12328]: portmaster: Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n

So you could try running sudo /opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update

[JeremiahSecrist]

That was attempted:

220205 19:29:58.159 ▶ BOF
220205 19:29:58.310 r/updating:099 ▶ WARN 001 updates: failed to save updated index stable.json: open /opt/safing/portmaster/updates/stable.json: permission denied
220205 19:29:58.310 r/updating:102 ▶ INFO 003 updates: updated index stable.json
220205 19:29:58.456 r/updating:092 ▶ WARN 004 updates: failed to ensure directory for updated index all/intel/intel.json: could not create dir /opt/safing/portmaster/updates/all: mkdir /opt/safing/portmaster/updates/all: permission denied
220205 19:29:58.456 r/updating:099 ▶ WARN 006 updates: failed to save updated index all/intel/intel.json: open /opt/safing/portmaster/updates/all/intel/intel.json: no such file or directory
220205 19:29:58.456 r/updating:102 ▶ INFO 008 updates: updated index all/intel/intel.json
220205 19:29:58.456 r/updating:144 ▶ INFO 009 updates: starting to download 12 updates
220205 19:30:03.457 r/updating:155 ▶ WARN 010 updates: failed to download all/ui/modules/assets.zip version 0.2.4: could not create updates folder: /opt/safing/portmaster/updates/all/ui/modules

[JayDoubleu]

Did you run it with sudo ?

[JeremiahSecrist]

I forgot sudo !! (I feel a bit stupid )
That being said, it does seam to hang at this phase, I'll let it set for a bit.

[JeremiahSecrist]

Currently hanging here:

220205 19:32:23.319 ▶ BOF
220205 19:32:23.448 r/updating:102 ▶ INFO 001 updates: updated index stable.json
220205 19:32:23.582 r/updating:102 ▶ INFO 002 updates: updated index all/intel/intel.json
220205 19:32:23.582 r/updating:144 ▶ INFO 003 updates: starting to download 12 updates

[JeremiahSecrist]

Update: workstation vm behaves almost the same way. Seems it may have been broken during compile or I / we are using the unstable branch during compile time?
did you fork from master or https://github.com/safing/portmaster-packaging/releases/tag/v0.7.0 ?

[JayDoubleu]

Looks like it installs into read only part of system safing -> /usr/lib/opt/safing

[JayDoubleu]

Update: workstation vm behaves almost the same way. Seems it may have been broken during compile or I / we are using the unstable branch during compile time? did you fork from master or https://github.com/safing/portmaster-packaging/releases/tag/v0.7.0 ?

master

[JeremiahSecrist]

Would it be possible to revert your fork back to that release? Or shall I make a new fork from that release?

[JeremiahSecrist]

We have already been thinking about creating a plain scripted installer, so you could just install to /opt in this case, without going through the package manager. What do you think about that?

This wont exactly be a solution. System modificarions should be done with rpms if the package cant run as a flatpak or toolbox.

from what @JayDoubleu mentioned the installer from what he could compile put it in the wrong directory via the rpm. If the selinux is fixed (which was with his suggested edit) and the install directory is fixed it may just work out of the box for silverblue. minus requiring manually starting services.

Run down of issues:
Install location is incorrect with current rpm packaging causing it to break.
Selinux needs to be adjusted.

Feel free to correct my statements @JayDoubleu

[CheariX]

I just found this issue since I had experienced the same problem (cf. fedora-silverblue/issue-tracker#317).
According to that issue, the problem seems to be related to the non standard packaging tool (nfpm)

Since you did a deep investigation of the RPM and the installation process, I thought this could be useful to find a solution.

[travier]

Another option would be to change https://github.com/safing/portmaster-packaging/blob/master/linux/templates/snippets/post-install.sh#L18 to check for the presence of /run/ostree-booted (indicates an rpm-ostree managed system) and change the path for the chcon / skip it.

[S7venLights]

Flatpak is suggested in Fedora

But I tried to install the RPM on Fedora Silverblue today by opening the rpm file in Software and it succeeded in layering the package and networkmanager is installed.
But opening the app does nothing and after setting the SE Linux policy this is what error I get:

portmaster.service - Portmaster by Safing
Loaded: loaded (/usr/lib/systemd/system/portmaster.service; disabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2022-11-02 16:42:03 EET; 8s ago
Docs: https://safing.io
https://docs.safing.io
Process: 21224 ExecStart=/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster core -- $PORTMASTER_ARGS (code=exited, status=1/FAILURE)
Process: 21271 ExecStopPost=/opt/safing/portmaster/portmaster-start recover-iptables (code=exited, status=1/FAILURE)
Main PID: 21224 (code=exited, status=1/FAILURE)
CPU: 186ms

Outside variables , I have FirewallD installed and this was in X11 windowing not wayland.

[Pryka]

Everything is working fine if one install Portmaster manually in home dir. I'm currently running it on Silverblue that way without issues.

And to avoid SELinux problems just do sudo chcon -t bin_t /path/to/portmaster-start

[S7venLights]

Really! How does one go about this manual home dir install?

[Pryka]

Really! How does one go about this manual home dir install?

Just follow official guide - https://docs.safing.io/portmaster/install/linux#manual-install-and-launching and change all directories in commands to some folder in your home dir instead /opt/

Also remove sudo from command lines, it's needed only for SELinux sudo chcon -t bin_t in case of home install + for creating systemd service.

If you want autostart via systemd you need create portmaster.service according to manual install guide and change dirs to your new home location.

The point is, that you only need to alter dir paths to point your location instead of /opt

I have everything in here /var/home/pryka/Portmaster All work fine for 2 days now.

[S7venLights]

Okay thanks so much, I got it working but there are some problems to mention:

1. The download was very slow and the only way to check that it was still going was to watch the folder size until it stopped increasing.

2. I had to stop nextdns cli to avoid issues.

3. Had some errors running sudo /var/home/user/Applications/Portmaster/portmaster-start core

[sudo] password for user:
[control] 2022/11/07 07:18:45 starting /var/home/user/Applications/Portmaster/updates/linux_amd64/core/portmaster-core_v1-0-0 --data /var/home/user/Applications/Portmaster
221107 09:18:45.771 ▶ BOF
221107 09:18:46.183 v/location:299 ▶ WARN 001 netenv: failed to get IPv4 device location from traceroute: failed to send icmp packet: write ip4 0.0.0.0->1.1.1.1: sendto: operation not permitted
221107 10:12:38.218 nameserver:286 ▶ WARN 003 nameserver: failed to resolve noreply-watch-gjib39.go.dnscheck.tools.A: all 5 query-compliant resolvers failed, last error: read udp [fdc6:ff62:38b1::87e]:48529->[fdc6:ff62:38b1::1]:53: i/o timeout
This kept failing a number of times

4. Had some errors running /var/home/user/Applications/Portmaster/portmaster-start app

[control] 2022/11/07 07:19:20 starting /var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/portmaster-app_v0-2-5 --data /var/home/user/Applications/Portmaster
Portmaster data directory: /var/home/user/Applications/Portmaster
[10229:1107/091921.407643:ERROR:gl_surface_egl.cc(783)] No suitable EGL configs found.
[10229:1107/091921.407785:ERROR:gl_context_egl.cc(138)] eglGetConfigAttrib failed with error EGL_BAD_CONFIG
[10229:1107/091921.475387:ERROR:gl_surface_egl.cc(783)] No suitable EGL configs found.
[10229:1107/091921.475554:ERROR:gl_surface_egl.cc(2113)] eglCreatePbufferSurface failed with error EGL_BAD_CONFIG
[10229:1107/091921.475649:ERROR:gpu_info_collector.cc(80)] gl::GLContext::CreateOffscreenGLSurface failed
[10229:1107/091921.475744:ERROR:gpu_info_collector.cc(348)] Could not create surface for info collection.
[10229:1107/091921.475811:ERROR:gpu_init.cc(86)] CollectGraphicsInfo failed.
[10229:1107/091921.477681:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[10255:1107/091921.689442:ERROR:command_buffer_proxy_impl.cc(128)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer.
TypeError [ERR_INVALID_URL]: Invalid URL
at new NodeError (node:internal/errors:372:5)
at URL.onParseError (node:internal/url:553:9)
at new URL (node:internal/url:629:5)
at AppAPI. (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:131:25)
at step (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:42:23)
at Object.next (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:23:53)
at /var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:17:71
at new Promise ()
at __awaiter (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:13:12)
at AppAPI.openExternal (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:124:16) {
input: '/ui/modules/portmaster/settings?setting=filter%2FpreventBypassing',
code: 'ERR_INVALID_URL'
}
opening external: file:///ui/modules/portmaster/settings?setting=filter%252FpreventBypassing
gio: file:///ui/modules/portmaster/settings?setting=filter%252FpreventBypassing: Error when getting information for file “/ui/modules/portmaster/settings?setting=filter%2FpreventBypassing”: No such file or directory

5. After Restart the PC, postmaster isn't running, how do I make it start before other apps?
6. How will portmaster update if it's not a layered package? Will it use the in app updating?
7. How can I add a shortcut to the UI?
8. Result running: systemctl status portmaster
   Unit portmaster.service could not be found.

[Pryka]

1. I have only this warning 221107 11:42:25.499 v/location:299 ▶ WARN 001 netenv: failed to get IPv4 device location from traceroute: failed to send icmp packet: write ip4 0.0.0.0->1.1.1.1: sendto: operation not permitted

2. For me it only prompts some MESA-LOADER errors.

3. I think so.

4. You must create .desktop file in /var/home/user/.local/share/applications you can find in web how to do it.

5. Create portmaster.service manually, it's in the installation guide.

[S7venLights]

@Pryka Oh right I missed the step to create the service as I didn't copy the full instructions.

Tried to do it now but when I get to the command:

sudo systemctl enable --now portmaster
Failed to enable unit: Unit file portmaster.service does not exist.

It seems like Silverblue stores the systemd files in a different spot but this is what happens when I try use that spot:

sudo cp /var/home/D24/Desktop/portmaster/portmaster.service /usr/lib/systemd/system/
cp: cannot create regular file '/usr/lib/systemd/system/portmaster.service': Read-only file system

anyway I'll restart now and see if the /etc/systemd/system/portmaster.service does work. [It didn't]

@Pryka how did you manage this?

[S7venLights]

Anyone else know how I can solve this?

[CheariX]

You could try try:

sudo cp /var/home/D24/Desktop/portmaster/portmaster.service /etc/systemd/system/

[S7venLights]

sudo cp /var/home/D24/Desktop/portmaster/portmaster.service /etc/systemd/system/

Yeah that's what I did originally as the website instructs, and that landed me at the error I mentioned:

sudo systemctl enable --now portmaster
Failed to enable unit: Unit file portmaster.service does not exist.

Just now, I've also edited the paths in the portmaster.service file to match my paths so far as I can find. But same error

[WinkelCode]

Hey everyone, I wrote a script that installs Portmaster to /var/lib/safing-portmaster (or another path), configures SELinux, adds the path for .desktop files, and sets up the services. I tested it in Fedora Kinoite, but I think it should work in Silverblue too.

I recommend testing it in a VM first, and only running it if you understand what each part does.

Script: https://gist.github.com/WinkelCode/dffeb181a4c7903cbc463169324f61b8

Right now the main shortcomings are:

1. Complicated way of adding .desktop files and icons (couldn't find a global lookup directory that isn't Flatpak and is read-write on Kinoite) Edit: Hey, not so sketchy after all, that's how flatpak does it as well! (Script in /etc/profile.d)
2. Untested self-update functionality, not sure if/where we should put systemd unit and .desktop files in a known location.
3. It's only tested on Kinoite, and should work with a clean install. If it were a "production-ready" script, it would need better error handling/prevention (for example it can fail if certain folders don't exit yet, again, use only if you understand how it works).

[travier]

As anyone tried repackaging the RPM content without the scripts so that it installs via rpm-ostree?

[S7venLights]

Ooo exciting, and I've recently rebased to Kionite.

Do you think the script will solve the error I had before? (Posted above)

[WinkelCode]

Ooo exciting, and I've recently rebased to Kionite.

Do you think the script will solve the error I had before? (Posted above)

With my script (unrelated to the .rpm) I ran into issues where systemd would return vague "this service does not exist" errors. In my case it was because it acts weird when symlinking in units from different filesystems. However that shouldn't be the issue in your case. I wonder if you maybe missed a path or it's a permissions thing, since it came from your home directory? Try my command:

install_location="/var/lib/safing-portmaster" # Must not include trailing slash
sed -i "s|/opt/safing/portmaster|${install_location}|g" "$temp_dir/portmaster.service" # Change last path to where the unit file is

Make sure that the target path doesn't have a trailing slash, there is a spot in the file where it is written without it.

Edit: Fixed text errors

Edit 2: More text fixes (I just woke up lol)

[WinkelCode]

As anyone tried repackaging the RPM content without the scripts so that it installs via rpm-ostree?

Given my script works great (at least on my test system), I've been thinking about just writing an .rpm package from scratch. I've done exactly this for Silverblue/Kinoite before.

Looks like they use some type of universal Linux package generator right now, which seems like a weird decision given how simple this package really is (most of the heavy lifting is done by the built-in updater). I might take a look and see if I can finally make it properly patch the paths on ostree distros.

[S7venLights]

Given my script works great (at least on my test system), I've been thinking about just writing an .rpm package from scratch. I've done exactly this for Silverblue/Kinoite before.

Is Flatpak possible? Since Silverblue and Kionite are designed to use flatpak?

[S7venLights]

With my script (unrelated to the .rpm) I ran into issues where systemd would return vague "this service does not exist" errors. In my case it was because it acts weird when symlinking in units from different filesystems. However that shouldn't be the issue in your case. I wonder if you maybe missed a path or it's a permissions thing, since it came from your home directory? Try my command:

At what point of the process must I use your command?
To be clear: I already have Portmaster installed and working using @Pryka 's advice:
"Just follow official guide - https://docs.safing.io/portmaster/install/linux#manual-install-and-launching and change all directories in commands to some folder in your home dir instead /opt/ "

But it doesn't autostart at boot, since I couldn't do step to create the systemd service as I get this error:

$ sudo cp /var/home/User/Desktop/portmaster/portmaster.service /usr/lib/systemd/system/

cp: cannot create regular file '/usr/lib/systemd/system/portmaster.service': Read-only file system

[WinkelCode]

With my script (unrelated to the .rpm) I ran into issues where systemd would return vague "this service does not exist" errors. In my case it was because it acts weird when symlinking in units from different filesystems. However that shouldn't be the issue in your case. I wonder if you maybe missed a path or it's a permissions thing, since it came from your home directory? Try my command:

At what point of the process must I use your command? To be clear: I already have Portmaster installed and working using @Pryka 's advice: "Just follow official guide - https://docs.safing.io/portmaster/install/linux#manual-install-and-launching and change all directories in commands to some folder in your home dir instead /opt/ "

But it doesn't autostart at boot, since I couldn't do step to create the systemd service as I get this error:

$ sudo cp /var/home/D24/Desktop/portmaster/portmaster.service /usr/lib/systemd/system/

cp: cannot create regular file '/usr/lib/systemd/system/portmaster.service': Read-only file system

Ohh, I see now.

Copy portmaster.service into /etc/systemd/system/ then enable it.

My command is run against the unmodified .service file, it just replaces all the paths automatically. If you've already done it manually, there is no problem.

[S7venLights]

Yeah I did that before (as the website suggests)
And the Portmaster.service file does copy to /etc/systemd/system/
But then I run the following:

sudo systemctl daemon-reload
sudo systemctl enable --now portmaster
Failed to enable unit: Unit file portmaster.service does not exist.

Anyway I'll try run your script

[S7venLights]

So it installed and launched at boot! now I'm just copying in my preferences and rebooting to test :) :) :)

[S7venLights]

Used Your script and it's all working now, thanks many much! :) :) :)

[S7venLights]

@WinkelCode any chance you can help with this: StellarSand/Battery-Notifier#1 (comment)