Merge branch 'unstable' into testing

ublue-os · Oct 31, 2024 · 4eb59f6 · 4eb59f6
2 parents 506adfb + d3e986c
commit 4eb59f6
Show file tree

Hide file tree

Showing 5 changed files with 129 additions and 378 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -172,7 +172,7 @@ jobs:
             sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods-${{ matrix.target_nvidia_flavor }}:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}-${{ matrix.kernel_version }}
 
             # Add rechunk as well to remove this source of failure
-            sudo podman pull ghcr.io/hhd-dev/rechunk:v0.8.3
+            sudo podman pull ghcr.io/hhd-dev/rechunk:v1.0.1
 
       - name: Get source versions
         id: labels
@@ -268,16 +268,35 @@ jobs:
           echo "Generated the following:"
           cat $GITHUB_OUTPUT
 
+      - name: Check Secureboot
+        shell: bash
+        run: |
+          set -x
+          if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then
+            sudo apt update
+            sudo apt install sbsigntool curl openssl
+          fi
+          TMP=$(sudo podman create raw-img bash)
+          sudo podman cp $TMP:/usr/lib/modules/${{ matrix.kernel_version }}/vmlinuz .
+          sudo podman rm $TMP
+          sudo chmod 666 vmlinuz # might not be needed
+          sbverify --list vmlinuz
+          curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der
+          curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der
+          openssl x509 -in kernel-sign.der -out kernel-sign.crt
+          openssl x509 -in akmods.der -out akmods.crt
+          sbverify --cert kernel-sign.crt vmlinuz || exit 1
+          sbverify --cert akmods.crt vmlinuz || exit 1
+
       # Reprocess raw-img using rechunker which will delete it
       - name: Run Rechunker
         id: rechunk
-        uses: hhd-dev/rechunk@v0.8.6
+        uses: hhd-dev/rechunk@v1.0.1
         with:
-          rechunk: 'ghcr.io/hhd-dev/rechunk:v0.8.3'
+          rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1'
           ref: 'raw-img'
           prev-ref: '${{ steps.generate-prev-ref.outputs.ref }}'
           version: '${{ steps.generate-version.outputs.tag }}'
-          skip_compression: 1
           labels: |
             io.artifacthub.package.logo-url=https://raw.githubusercontent.com/ublue-os/bazzite/main/repo_content/logo.png
             io.artifacthub.package.readme-url=https://docs.bazzite.gg
@@ -352,36 +371,6 @@ jobs:
           done
           echo "alias_tags=${BUILD_TAGS[*]}" >> $GITHUB_OUTPUT
 
-      # Pull oci-dir image, remove oci dir to make space, and then tag appropriately
-      - name: Load in podman and tag
-        run: |
-          IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
-          sudo rm -rf ${{ steps.rechunk.outputs.output }}
-          for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
-            podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
-          done
-          # keep for secureboot check
-          podman tag $IMAGE rechunked-img
-
-      - name: Check Secureboot
-        shell: bash
-        run: |
-          set -x
-          if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then
-            sudo apt update
-            sudo apt install sbsigntool curl openssl
-          fi
-          TMP=$(podman create rechunked-img bash)
-          podman cp $TMP:/usr/lib/modules/${{ matrix.kernel_version }}/vmlinuz .
-          podman rm $TMP
-          sbverify --list vmlinuz
-          curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der
-          curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der
-          openssl x509 -in kernel-sign.der -out kernel-sign.crt
-          openssl x509 -in akmods.der -out akmods.crt
-          sbverify --cert kernel-sign.crt vmlinuz || exit 1
-          sbverify --cert akmods.crt vmlinuz || exit 1
-
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
       - name: Lowercase Registry
@@ -395,21 +384,22 @@ jobs:
         uses: Wandalen/wretry.action@v3.5.0
         id: push
         if: github.event_name != 'pull_request'
-        env:
-          REGISTRY_USER: ${{ github.actor }}
-          REGISTRY_PASSWORD: ${{ github.token }}
         with:
-          action: redhat-actions/push-to-registry@v2
           attempt_limit: 3
           attempt_delay: 15000
-          with: |
-            image: ${{ env.IMAGE_NAME }}
-            tags: ${{ steps.generate-tags.outputs.alias_tags }}
-            registry: ${{ steps.registry_case.outputs.lowercase }}
-            username: ${{ env.REGISTRY_USER }}
-            password: ${{ env.REGISTRY_PASSWORD }}
-            extra-args: |
-              --compression-format=zstd:chunked
+          command: |
+            echo "${{ secrets.GITHUB_TOKEN }}" | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin
+            for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
+              sudo skopeo copy ${{ steps.rechunk.outputs.ref }} docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:$tag
+            done
+
+      - name: Get Image Digest
+        id: digest
+        run: |
+          # Get digest for signing
+          DIGEST=$(sudo skopeo inspect --format '{{.Digest}}' ${{ steps.rechunk.outputs.ref }})
+          echo "Digest is: $DIGEST"
+          echo "digest=${DIGEST}" >> $GITHUB_OUTPUT
 
       - name: Sign container image
         uses: EyeCantCU/cosign-action/sign@v0.3.0
@@ -418,12 +408,7 @@ jobs:
           containers: ${{ env.IMAGE_NAME }}
           registry-token: ${{ secrets.GITHUB_TOKEN }}
           signing-secret: ${{ secrets.SIGNING_SECRET }}
-          tags: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
-
-      - name: Echo outputs
-        if: github.event_name != 'pull_request'
-        run: |
-          echo "${{ toJSON(steps.push.outputs) }}"
+          tags: ${{ steps.digest.outputs.digest }}
 
   generate_release:
     name: Generate Release

diff --git a/system_files/deck/shared/usr/share/ublue-os/firstboot/yafti.yml b/system_files/deck/shared/usr/share/ublue-os/firstboot/yafti.yml
@@ -6,27 +6,17 @@ screens:
   first-screen:
     source: yafti.screen.title
     values:
-      title: "Welcome to Bazzite (Handheld & HTPC Edition)"
+      title: "Welcome to Bazzite-Deck"
       icon: "/usr/share/ublue-os/bazzite/logo.svg"
       description: |
-        Configure your system to get started. This utility can be re-opened at any time, so don't feel like you have to get it perfect your first go-through.
-  configure-bazzite:
+        Install additional applications.
+  applications:
     source: yafti.screen.package
     values:
       title: Setting up Bazzite
       show_terminal: true
       package_manager: yafti.plugin.run
       groups:
-        Add input group to current user:
-          description: Adds the input group to your current user. Required by certain controller drivers.
-          default: true
-          packages:
-          - Set input group: sudo -A ujust add-user-to-input-group
-        BIOS &amp; Firmware Updates:
-          description: Enables BIOS &amp; Firmware updates for Steam Deck hardware
-          default: true
-          packages:
-          - Enable Updates: sudo -A ujust enable-deck-bios-firmware-updates
         Decky Loader:
           description: A plugin loader for the Steam Deck
           default: false
@@ -44,37 +34,6 @@ screens:
           packages:
           - Install Sunshine: ujust setup-sunshine install
           - Autostart Sunshine: ujust setup-sunshine autostart
-        Hide GRUB Menu:
-          description: |
-            NOTE: Press the escape key before boot to show the menu
-          default: false
-          packages:
-          - Hide GRUB: sudo -A ujust configure-grub hide
-        Oversteer:
-          description: Application to control supported steering wheels
-          default: false
-          packages:
-          - Install Oversteer: ujust install-oversteer
-        OpenRazer:
-          description: Enables additional capabilities for Razer Hardware
-          default: false
-          packages:
-          - Install OpenRazer: ujust install-openrazer
-        OpenRGB:
-          description: Open source RGB lighting control that doesn't depend on manufacturer software
-          default: false
-          packages:
-          - Install OpenRGB: ujust install-openrgb
-        Wootility:
-          description: A configurator for Wooting keyboards
-          default: false
-          packages:
-          - Retrieve Wootility: ujust install-wootility
-        OpenTabletDriver:
-          description: Open source, cross-platform, user-mode tablet driver
-          default: false
-          packages:
-          - Install OpenTabletDriver: ujust install-opentabletdriver
         Resilio Sync:
           description: A file synchronization utility powered by BitTorrent
           default: false
@@ -85,139 +44,58 @@ screens:
           default: false
           packages:
           - Install scrcpy: ujust install-scrcpy
-        SteamCMD:
-          description: Installs SteamCMD
-          default: true
-          packages:
-          - Install SteamCMD: ujust install-steamcmd
-  applications:
+  configure-bazzite:
     source: yafti.screen.package
     values:
       title: Application Installation
       show_terminal: true
       package_manager: yafti.plugin.flatpak
-      package_manager_defaults:
-        user: true
-        system: false
       groups:
-        Web Browsers:
-          description: Additional browsers to complement Firefox
-          default: false
+        Add input group to current user:
+            description: Adds the input group to your current user. Required by certain controller drivers.
+            default: true
+            packages:
+          - Set input group: sudo -A ujust add-user-to-input-group
+        BIOS &amp; Firmware Updates:
+          description: Enables BIOS &amp; Firmware updates for Steam Deck hardware
+          default: true
           packages:
-          - Brave: com.brave.Browser
-          - Google Chrome: com.google.Chrome
-          - LibreWolf: io.gitlab.librewolf-community
-          - Microsoft Edge: com.microsoft.Edge
-          - Opera: com.opera.Opera
-          - Vivaldi: com.vivaldi.Vivaldi
-        Gaming:
-          description: "Rock and Stone!"
+          - Enable Updates: sudo -A ujust enable-deck-bios-firmware-updates
+        Visible Password Aestriks:
+            description: Toggles pwfeedback on.
+            default: true
+            packages:
+            - Enable pwfeedback: sudo -A ujust toggle-password-feedback on
+        Hide GRUB Menu:
+          description: Hide GRUB at boot.
           default: false
           packages:
-          - BoilR: io.github.philipk.boilr
-          - Bottles: com.usebottles.bottles
-          - Chiaki4Deck (PlayStation Remote Play): io.github.streetpea.Chiaki4deck
-          - Discord (Discover Overlay Included): com.discordapp.Discord
-          - DOSBox Staging: io.github.dosbox-staging
-          - Fightcade: com.fightcade.Fightcade
-          - GeForce NOW Electron: io.github.hmlendea.geforcenow-electron
-          - Greenlight: io.github.unknownskl.greenlight
-          - Heroic Games Launcher (GOG &amp; Epic): com.heroicgameslauncher.hgl
-          - itch: io.itch.itch
-          - ludusavi (Game Save Backup): com.github.mtkennerly.ludusavi
-          - Minecraft (Prism Launcher): org.prismlauncher.PrismLauncher
-          - Minecraft Bedrock Launcher: io.mrarm.mcpelauncher
-          - Moonlight: com.moonlight_stream.Moonlight
-          - Mumble: info.mumble.Mumble
-          - OpenMW: org.openmw.OpenMW
-          - osu: sh.ppy.osu
-          - Space Cadet Pinball: com.github.k4zmu2a.spacecadetpinball
-          - Sonic Robo Blast 2: org.srb2.SRB2
-          - Sonic Robo Blast 2 Kart: org.srb2.SRB2Kart
-          - Steam Link: com.valvesoftware.SteamLink
-          - SuperTux: org.supertuxproject.SuperTux
-          - SuperTuxKart: net.supertuxkart.SuperTuxKart
-          - TeamSpeak: com.teamspeak.TeamSpeak
-          - XIV Launcher (Final Fantasy XIV): dev.goats.xivlauncher
-        Emulation:
-          description: Play games like it's 1972 (Leave these all unchecked if you're planning to use EmuDeck)
+          - Hide GRUB: sudo -A ujust configure-grub hide
+        Oversteer:
+          description: Application to control supported steering wheels
           default: false
           packages:
-          - Cemu: info.cemu.Cemu
-          - Dolphin: org.DolphinEmu.dolphin-emu
-          - DuckStation: org.duckstation.DuckStation
-          - MAME: org.mamedev.MAME
-          - melonDS: net.kuribo64.melonDS
-          - mGBA: io.mgba.mGBA
-          - PCSX2: net.pcsx2.PCSX2
-          - Parallel Launcher: ca.parallel_launcher.ParallelLauncher
-          - Pegasus: org.pegasus_frontend.Pegasus
-          - PPSSPP: org.ppsspp.PPSSPP
-          - RetroArch: org.libretro.RetroArch
-          - RetroDECK: net.retrodeck.retrodeck
-          - Rosalie's Mupen GUI: com.github.Rosalie241.RMG
-          - RPCS3: net.rpcs3.RPCS3
-          - Ryujinx: org.ryujinx.Ryujinx
-          - ScummVM: org.scummvm.ScummVM
-          - Snes9x: com.snes9x.Snes9x
-          - Stella: io.github.stella_emu.Stella
-          - xemu: app.xemu.xemu
-        Streaming:
-          description: Stream to the Internet
+          - Install Oversteer: ujust install-oversteer
+        OpenRazer:
+          description: Enables additional capabilities for Razer Hardware
           default: false
           packages:
-          - OBS Studio: com.obsproject.Studio
-          - Boatswain for Streamdeck: com.feaneron.Boatswain
-        Music:
-          description: "Rock and Roll!"
+          - Install OpenRazer: ujust install-openrazer
+        OpenRGB:
+          description: Open source RGB lighting control that doesn't depend on manufacturer software
           default: false
           packages:
-          - Cider (Apple Music Client): sh.cider.Cider
-          - Spotify: com.spotify.Client
-          - Strawberry Music Player: org.strawberrymusicplayer.strawberry
-          - Tidal-hifi: com.mastermindzh.tidal-hifi
-        Office and Productivity:
-          description: Bow to Capitalism
+          - Install OpenRGB: ujust install-openrgb
+        OpenTabletDriver:
+          description: Open source, cross-platform, user-mode tablet driver
           default: false
           packages:
-          - Ardour: org.ardour.Ardour
-          - Blender: org.blender.Blender
-          - darktable: org.darktable.Darktable
-          - GIMP: org.gimp.GIMP
-          - Inkscape: org.inkscape.Inkscape
-          - Joplin: net.cozic.joplin_desktop
-          - Kdenlive: org.kde.kdenlive
-          - Krita: org.kde.krita
-          - LibreOffice: org.libreoffice.LibreOffice
-          - Obsidian: md.obsidian.Obsidian
-          - OnlyOffice: org.onlyoffice.desktopeditors
-          - Planify: io.github.alainm23.planify
-          - Slack: com.slack.Slack
-          - Standard Notes: org.standardnotes.standardnotes
-          - Tenacity: org.tenacityaudio.Tenacity
-          - Thunderbird Email: org.mozilla.Thunderbird
-          - Xournal++: com.github.xournalpp.xournalpp
-        Utilities and System Tools:
-          description: Helpful tools
+          - Install OpenTabletDriver: ujust install-opentabletdriver
+        Wootility:
+          description: A configurator for Wooting keyboards
           default: false
           packages:
-          - AppImage Pool: io.github.prateekmedia.appimagepool
-          - Barrier: com.github.debauchee.barrier
-          - Bitwarden: com.bitwarden.desktop
-          - Calibre: com.calibre_ebook.calibre
-          - DejaDup: org.gnome.DejaDup
-          - Fedora Media Writer: org.fedoraproject.MediaWriter
-          - Gradience: com.github.GradienceTeam.Gradience
-          - KeePassXC: org.keepassxc.KeePassXC
-          - Main Menu: page.codeberg.libre_menu_editor.LibreMenuEditor
-          - Metadata Cleaner: fr.romainvigier.MetadataCleaner
-          - Pika Backup: org.gnome.World.PikaBackup
-          - qBittorrent: org.qbittorrent.qBittorrent
-          - Resources: net.nokyan.Resources
-          - SaveDesktop: io.github.vikdevelop.SaveDesktop
-          - Solaar: io.github.pwr_solaar.solaar
-          - Syncthing: com.github.zocker_160.SyncThingy
-          - VLC: org.videolan.VLC
+          - Retrieve Wootility: ujust install-wootility
   final-screen:
     source: yafti.screen.title
     values:
@@ -235,4 +113,4 @@ screens:
       - "Reboot now":
           run: systemctl reboot
       description: |
-        Thank you for trying Bazzite (Handheld & HTPC Edition). Please reboot to apply changes made by this setup utility.
+        Please reboot to apply changes made by this setup utility.