CONTRIBUTING.md

winesapOS Contributor Guide

• winesapOS Contributor Guide
  • Getting Started
  • Architecture
    • Bootloaders
    • Partitions
    • Files
    • Base Operating System
  • Build
    • Container Versus Virtual Machine Builds
    • Download the Installer
    • Create Virtual Machine
      • virt-install (CLI)
      • virt-manager (GUI)
      • GNOME Boxes (GUI)
    • Environment Variables for Installation
    • Install winesapOS
    • Automated Container Build
    • Tests
      • Automatic
      • Manual
        • Upgrades
  • Workflows
    • Adding Applications
    • Updating Linux Kernels
    • Build Packages for winesapOS Repository
      • Environment Variables for Repository Build
      • GPG Signing
      • Repository Automation
    • Custom Scripts
    • Wayback Machine Backups
  • Release
    • Checklist
    • Publishing

Getting Started

There are various different ways to contribute to winesapOS:

• Open up new GitHub issues for feature requests or bugs to be addressed.
• Help create documentation, create new features, or fix bugs.

  • Extra attention and help is needed on these issues.

  • For code contributions, first copy of the pre-commit script to ensure the code passes these tests:

    $ cp git/hooks/pre-commit .git/hooks/pre-commit
    

This guide focuses on the technical architecture and workflows for winesapOS development.

Architecture

Bootloaders

winesapOS supports both GRUB and systemd-boot. GRUB is used by default due to more features being supported.

General comparison:

	GRUB	systemd-boot
Supported BIOS type	Legacy BIOS and UEFI	UEFI only
Supported file systems	Any	FAT32 only
Mounts	/boot/ (GRUB) and /boot/efi/ (EFI)	/boot/ (systemd-boot and EFI)
Requires EFI variables for UEFI support	No	Yes

winesapOS feature comparison:

	GRUB	systemd-boot
Supported build system	Container and VM	VM only
Btrfs snapshot menu	Yes (grub-btrfs)	No
Dual-boot support	Yes (os-prober)	No
LUKS encryption	Yes	No

Partitions

Performance Image

Partition	Label	File System	Size	Description
1	None	None	2 MiB	BIOS boot backwards compatibility.
2	wos-drive	exFAT	16 GiB	Cross-platform flash drive storage.
3	WOS-EFI	FAT32	500 MiB	UEFI boot firmware.
4	winesapos-boot	ext4	1 GiB	GRUB boot loader and Linux kernel.
5	winesapos-root	Btrfs	100%	The root and home file systems.

Secure Image

Partition	Label	File System	Size	Description
1	None	None	2 MiB	BIOS boot backwards compatibility.
2	wos-drive	exFAT	16 GiB	Cross-platform flash drive storage.
3	WOS-EFI	FAT32	500 MiB	UEFI boot firmware.
4	winesapos-boot	ext4	1 GiB	GRUB boot loader and Linux kernel.
5	winesapos-luks	LUKS	100%	The encrypted root and home file systems.
/dev/mapper/cryptroot	winesapos-root	Btrfs	100%	The root and home file systems.

Minimal Image

Partition	Label	File System	Size	Description
1	None	None	2 MiB	BIOS boot backwards compatibility.
2	WOS-EFI	FAT32	500 MiB	UEFI boot firmware.
3	winesapos-boot	ext4	1 GiB	GRUB boot loader and Linux kernel.
4	winesapos-root	Btrfs	100%	The root and home file systems.

Files

These are custom files and scripts that are installed as part of winesapOS. Unless otherwise stated, the source file can be found at the related path in the rootfs directory.

• /etc/modprobe.d/winesapos-broadcom-wifi.conf = If Broadcom Wi-Fi hardare is detected and there is no Internet connection, the proprietary driver is configured.
• /etc/modprobe.d/winesapos-controllers.conf = Configure Xbox controller support.
  • Source: scripts/winesapos-setup.sh
• /etc/modprobe.d/winesapos-framework-als-deactivate.conf = If a Framework laptop is detected, the ambient light sensor is disabled to fix input from special keys on the keyboard.
  • Source: scripts/winesapos-setup.sh
• /etc/modprobe.d/winesapos-mac.conf = Configure Mac support.
  • Source: scripts/winesapos-setup.sh
• /etc/modprobe.d/winesapos-nvidia.conf = Configure support for the NVIDIA open kernel module.
  • Source: scripts/winesapos-setup.sh
• /etc/modprobe.d/winesapos-nvidia-hibernate.conf = Configure NVIDIA hibernation support.
  • Source: scripts/winesapos-setup.sh
• /etc/NetworkManager/conf.d/wifi_backend.conf = Configures NetworkManger to use the IWD backend.
  • Source: scripts/winesapos-install.sh
• /etc/snapper/configs/{root,home} = The Snapper configuration for Btrfs backups.
  • Source: rootfs/etc/snapper/configs/root
• /usr/local/bin/winesapos-mute.sh = The script for the winesapos-mute.service.
• /var/winesapos/graphics = The graphics type that was selected during the setup process: amd, intel, nvidia-new, nvidia-old, virtualbox, or vmware.
  • Source: scripts/winesapos-setup.sh
• /var/winesapos/IMAGE_TYPE = The image type that was set during the build process.
  • Source: scripts/winesapos-install.sh
• /home/winesap/.winesapos/winesapos-dual-boot.desktop = A desktop shortcut for the winesapOS Dual-Boot Installer. There is also a symlink from '/home/winesap/Desktop/winesapos-dual-boot.desktop' to this file.
• /home/winesap/.winesapos/winesapos-ngfn.desktop = A desktop shortcut for the NVIDIA GeForce Now game streaming. There is also a symlink from '/home/winesap/Desktop/winesapos-ngfn.desktop' to this file.
• /home/winesap/.winesapos/winesapos-setup.desktop = A desktop shortcut for the winesapOS First-Time Setup wizard. There is also a symlink from '/home/winesap/Desktop/winesapos-setup.desktop' to this file.
• /home/winesap/.winesapos/winesapos-upgrade.desktop = A desktop shortcut for the winesapOS Upgrade wizard. There is also a symlink from '/home/winesap/Desktop/winesapos-upgrade.desktop' to this file.
• /home/winesap/.winesapos/winesapos-xcloud.desktop = A desktop shortcut for the Xbox Cloud Gaming streaming. There is also a symlink from '/home/winesap/Desktop/winesapos-xcloud.desktop' to this file.
• /usr/local/bin/winesapos-resize-root-file-system.sh = The script used for the winesapos-resize-root-file-system.service.
• /home/winesap/.winesapos/winesapos-setup.sh = The script used for the winesapOS First-Time Setup wizard.
  • Source: scripts/winesapos-setup.sh
• /home/winesap/.winesapos/winesapos_logo_icon.png = The winesapOS logo as a 96x96 icon for the winesapOS First-Time Setup and winesapOS Upgrade desktop shortcuts.
• /home/winesap/.winesapos/winesapos-upgrade-remote-stable.sh = The script used for the winesapOS Upgrade wizard. It pulls the latest upgrade script from the "stable" branch of winesapOS.
• /usr/local/bin/winesapos-sddm-health-check.sh = Check the status of SDDM and invoke a recovery console if it fails.
• /etc/sysctl.d/50-winesapos-ram-write-cache.conf = Configure caching writes into RAM.
  • Source: scripts/winesapos-install.sh
• /etc/sysctl.d/99-vm-zram-parameters.conf = Configure optimized zram settings used by Pop!_OS.
  • Source: scripts/winesapos-setup.sh
• /etc/systemd/zram-generator.conf = Configure zram to compress half of the available RAM.
  • Source: scripts/winesapos-setup.sh
• /usr/lib/modprobe.d/winesapos-amd.conf = Enable the AMDGPU driver for older graphics cards and apply various driver workarounds for known issues.
  • Source: scripts/winesapos-install.sh
• /usr/lib/modprobe.d/winesapos-mac.conf = Enable the Touch Bar driver (apple-touchbar) and disable the Ethernet over USB drivers which T2 Macs do not support.
  • Source: scripts/winesapos-install.sh
  • Source: scripts/winesapos-setup.sh
• /usr/lib/modules-load.d/winesapos-mac.conf = Enable the T2 driver (apple-bce).
  • Source: scripts/winesapos-install.sh
• /usr/lib/os-release-winesapos = The version and variant information for winesapOS. There is also a symlink from '/etc/os-release-winesapos' to this file.
• /usr/lib/sysctl.d/50-winesapos-open-files.conf = Configures an increased open files and memory mapping limit.
  • Source: scripts/winesapos-install.sh
• /usr/lib/systemd/system/pacman-mirrors.service = On Manjaro builds, this provides a service to find and configure the fastest mirrors for Pacman. This is not needed on Arch Linux builds as it has a Reflector service that comes with a service file.
• /usr/lib/systemd/system/winesapos-resize-root-file-system.service = A service that runs a script to resize the root file system upon first boot.
• /usr/lib/systemd/system/winesapos-sddm-health-check.service = Run the SDDM health check script for the first 5 minutes.
• /usr/lib/systemd/user/winesapos-mute.service = A user (not system) service for muting all audio. This is required for some newer Macs that have in-development hardware drivers that are extremely loud by default.
• /usr/lib/systemd/user.conf.d/20-file-limits.conf = Configure a higher open files limit.
  • Source: scripts/winesapos-install.sh
• /usr/local/bin/winesapos-dual-boot.sh = The script used for installing winesapOS in a dual-boot scenario.
• /usr/local/bin/winesapos-ventoy-bootstrap.sh = The script used to install Ventoy support.
• /usr/share/libalpm/hooks/winesapos-etc-grub.d-10_linux.hook = A Pacman hook to configure GRUB to use the winesapos-root label for booting in /etc/grub.d/10_linux.
• /usr/share/libalpm/hooks/winesapos-usr-share-grub-grub-mkconfig_lib.hook = A Pacman hook to configure GRUB to use the winesapos-root label for booting in /usr/share/grub/grub-mkconfig_lib.hook.

Base Operating System

winesapOS supports builds using Arch Linux or Manjaro.

Feature	Arch Linux	Manjaro	Description
Pin package versions	Yes	No	Manjaro does not have an equivalent to the Arch Linux Archive (ALA).
Stability	Low	High	Based on real-world testing and reported bugs, Manjaro builds are usually more stable than Arch Linux.
AUR compatibility	High	Low	AUR packages target Arch Linux and sometimes have build and/or runtime issues on Manjaro.

Arch Linux is used by default due to the compatibility with the large amount of AUR packages. However, developers have the option to create builds with Manjaro which provides an overall more stable experience.

Build

Container Versus Virtual Machine Builds

Use a container build for:

• Local development builds. Run a single command to build a new winesapOS image.
• CI/CD builds. Quickly test and publish new changes.
• Release builds. This ensures consistency with what is being built and tested in CI.

Use a virtual machine build for:

• GPU passthrough. Applications and games that require GPU acceleration can be thoroughly tested.
• Desktop testing. Reboot directly into a virtual machine to see and manually test new changes that require user interaction.

Download the Installer

Depending on which Arch Linux distribution you want to build, download the related installer. Both Arch Linux and Manjaro provide ISOs for a live CD environment.

• Arch Linux ISO
• Manjaro KDE Plasma Minimal ISO

Create Virtual Machine

A virtual machine is used to build winesapOS in a safe and isolated manner. The disks on the hypervisor will not be touched. It is assumed that QEMU/KVM will be used although other hypervisors can be used.

Requirements:

• UEFI boot
• 2 vCPUs
• 12 GB RAM
• Storage
  • Minimal image = 8 GiB storage (to fit on a 16 GB flash drive)
  • Performance or secure image = 25 GiB storage (to fit on a 32 GB flash drive)

virt-install (CLI)

• Create the virtual storage device.

  • Minimal image:

    sudo qemu-img create -f raw -o size=8G /var/lib/libvirt/images/winesapos.img
    

  • Performance or secure image:

    sudo qemu-img create -f raw -o size=25G /var/lib/libvirt/images/winesapos.img
    

• Create the virtual machine to use for installing winesapOS.

  • Arch Linux and Manjaro use an installer ISO image.

    sudo virt-install --name winesapos --boot loader=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd,loader.readonly=yes,loader.secure='no',loader.type=pflash --vcpus 2 --memory 12288 --disk path=/var/lib/libvirt/images/winesapos.img,bus=virtio,cache=none --cdrom=/var/lib/libvirt/images/<INSTALLER_ISO>
    

virt-manager (GUI)

Arch Linux and Manjaro:

1. Virtual Machine Manager (virt-manager)
2. File
3. New Virtual Machine
4. Local install media (ISO image or CDROM)
5. Forward
6. Choose ISO or CDROM install media: <INSTALLER_ISO>
7. Forward
8. Memory: 12288
9. CPUs: 2
10. Forward
11. Enable storage for this virtual machine: yes
12. Create a disk image for the virtual machine:

• Minimal image = 8.0 GiB
• Performance or secure image = 25.0 GiB

13. Forward
14. Name: winesapOS
15. Customize configuration before install: yes
16. Finish
17. Overview
18. Firmware: UEFI x86_64: /usr/share/edk2-ovmf/x64/OVMF_CODE.fd
19. Apply
20. Begin Installation

GNOME Boxes (GUI)

GNOME Boxes can be installed on any Linux distribution using Flatpak: flatpak install org.gnome.Boxes.

1. +

2. Download and operating system

3. (Select the three dots to show all available operating systems)

4. (Search for and select "Arch Linux x86_64 (Live)")

5. Review and Create

   • Memory: 12.0 GiB

   • Storage limit:

     • Minimal image = 8.0 GiB
     • Performance or secure image = 25.0 GiB

   • Enable EFI: Yes

6. Create

The created QCOW2 image will be stored as a file here: ~/.var/app/org.gnome.Boxes/data/gnome-boxes/images/archlinux. The downloaded ISO is stored as a file here: ~/Downloads/archlinux-x86_64.iso.

Environment Variables for Installation

For specialized builds, use environment variables to modify the installation settings.

$ export <KEY>=<VALUE>

Key	Values	Performance Value (Default)	Secure Value	Minimal Value	Description
WINESAPOS_DEBUG_INSTALL	true or false	true	true	true	Use set -x for debug shell logging during the installation.
WINESAPOS_DEBUG_TESTS	true or false	false	false	false	Use set -x for debug shell logging during the tests.
WINESAPOS_ENABLE_TESTING_REPO	true or false	false	false	false	Use the [winesapos-testing] repository instead of the stable [winesapos] repository during the installation.
WINESAPOS_BUILD_IN_VM_ONLY	true or false	true	true	true	If the build should fail and exit if it is not in a virtual machine. Set to false for a bare-metal installation.
WINESAPOS_CREATE_DEVICE	true or false	false	false	false	If the build should create and use an image file instead of using an existing block device.
WINESAPOS_CREATE_DEVICE_SIZE	integer for GiB	(None)	(None)	(None)	Manually override the default values for the device size (8 GiB with no cross-platform storage and 25 GiB with).
WINESAPOS_DEVICE		vda	vda	vda	If WINESAPOS_CREATE=false, then use the existing /dev/${WINESAPOS_DEVICE} block device to install winesapOS onto.
WINESAPOS_PARTITION_TABLE		gpt	gpt	gpt	Create a gpt (GPT for UEFI and legacy BIOS support) or msdos (MBR for only legacy BIOS support) partition table.
WINESAPOS_ENABLE_PORTABLE_STORAGE		true	true	false	If the 16 GiB exFAT flash drive storage should be enabled.
WINESAPOS_BUILD_CHROOT_ONLY	false	false	false	If partitioning and GRUB should be skipped for a chroot installation.
WINESAPOS_INSTALL_DIR		/winesapos	/winesapos	/winesapos	The chroot directory where winesapOS will be installed into.
WINESAPOS_DISTRO	arch or manjaro	arch	arch	arch	The Linux distribution to install with.
WINESAPOS_HTTP_PROXY			(None)	(None)	(None)
WINESAPOS_HTTP_PROXY_CA			(None)	(None)	(None)
WINESAPOS_DE	i3, cinnamon, cosmic, gnome, plasma, plasma-mobile, or sway	plasma	plasma	plasma	The desktop environment to install.
WINESAPOS_USER_NAME		winesap	winesap	winesap	The name of the user to create.
WINESAPOS_ENCRYPT	true or false	false	true	false	If the root partition should be encrypted with LUKS.
WINESAPOS_ENCRYPT_PASSWORD		password	password	password	The default password for the encrypted root partition.
WINESAPOS_LOCALE		en_US.UTF-8 UTF-8	en_US.UTF-8 UTF-8	en_US.UTF-8 UTF-8	The locale to use for /etc/locale.gen.
WINESAPOS_APPARMOR	true or false	false	true	false	If Apparmor should be installed and enabled.
WINESAPOS_PASSWD_EXPIRE	true or false	false	true	false	If the root user password will be forced to be changed after first login.
WINESAPOS_SUDO_NO_PASSWORD	true or false	true	false	true	If the user can run sudo without entering a password.
WINESAPOS_FIREWALL	true or false	false	true	false	If a firewall (firewalld) will be installed.
WINESAPOS_CPU_MITIGATIONS	true or false	false	true	false	If processor mitigations should be enabled in the Linux kernel.
WINESAPOS_DISABLE_KERNEL_UPDATES	true or false	false	false	false	If the Linux kernels should be excluded from being upgraded by Pacman.
WINESAPOS_DISABLE_KWALLET	true or false	true	false	true	If Kwallet should be enabled for securing various passwords.
WINESAPOS_ENABLE_KLIPPER	true or false	true	false	true	If Klipper should be disabled (as much as it can be) for storing copied text.
WINESAPOS_INSTALL_GAMING_TOOLS	true or false	true	true	false	Install all gaming tools and launchers.
WINESAPOS_INSTALL_PRODUCTIVITY_TOOLS	true or false	true	true	false	Install all productivity tools.
WINESAPOS_IMAGE_TYPE	minimal, performance, or secure	performance	secure	minimal	The image type to set in the file /var/winesapos/IMAGE_TYPE.
WINESAPOS_CUSTOM_SCRIPT		(None)	(None)	(None)	A custom script to run before the installation does a cleanup.
WINESAPOS_SINGLE_MIRROR	true or false	false	false	false	If a single mirror or a list of mirrors will be used.
WINESAPOS_SINGLE_MIRROR_URL	http://ohioix.mm.fcix.net/archlinux	http://ohioix.mm.fcix.net/archlinux	http://ohioix.mm.fcix.net/archlinux	http://ohioix.mm.fcix.net/archlinux	If a single mirror or a list of mirrors will be used. It is assumed that ``${WINESAPOS_SINGLE_MIRROR_URL}/[archlinux
WINESAPOS_BOOTLOADER	grub or systemd-boot	grub	grub	grub	The bootloader to use.
WINESAPOS_ENV_FILE		(None)	(None)	(None)	The scripts/env/${WINESAPOS_ENV_FILE} to load during a container build.

Install winesapOS

Once the virtual machine is running, a distribution of Arch Linux for winesapOS can be installed after the mirrors have been updated.

• Arch Linux:

  $ sudo journalctl -u reflector -f
  MMM DD HH:MM:SS archiso systemd[1]: reflector.service: Deactivated successfully.
  

• Manjaro:

  $ sudo journalctl -u mirrors-live -f
  MMM DD HH:MM:SS manjaro systemd[1]: mirrors-live.service: Deactivated successfully.
  

An automated script is provided to fully install the operating system. This script will only work in a virtual machine. Clone the entire project repository. This will provide additional files and scripts that will be copied into the virtual machine image.

Arch Linux requires installing the required git dependency.

$ sudo pacman -S -y
$ sudo pacman -S git

Clone the GitHub repository:

$ git clone https://github.com/winesapos/winesapos.git
$ cd winesapos/scripts/

Before running the installation script, optionally set environment variables to configure the build. Use sudo -E to load the environment variables.

• Performance-focused image build:

  • Arch Linux (default):

    # export WINESAPOS_DISTRO=arch
    # bash ./winesapos-install.sh
    

  • Manjaro:

    $ export WINESAPOS_DISTRO=manjaro
    $ sudo -E bash ./winesapos-install.sh
    

• Security-focused image build requires first sourcing the environment variables:

  • Arch Linux:

    # export WINESAPOS_DISTRO=arch
    # . ./env/winesapos-env-secure.sh
    # bash ./winesapos-install.sh
    

  • Manjaro:

    $ export WINESAPOS_DISTRO=manjaro
    $ . ./env/winesapos-env-secure.sh
    $ sudo -E bash ./winesapos-install.sh
    

• Minimal storage-focused image build requires first sourcing the environment variables:

  • Arch Linux:

    # export WINESAPOS_DISTRO=arch
    # . ./env/winesapos-env-minimal.sh
    # bash ./winesapos-install.sh
    

  • Manjaro:

    $ export WINESAPOS_DISTRO=manjaro
    $ . ./env/winesapos-env-minimal.sh
    $ sudo -E bash ./winesapos-install.sh
    

When complete, shutdown the virtual machine (do NOT restart).

Cleanup the image before use.

$ sudo virt-sysprep --operations defaults,-customize -a /var/lib/libvirt/images/winesapos.img

Automated Container Build

The .github/workflows/main.yml GitHub Actions workflow has the steps needed to automatically build an image using a container. These can be run manually.

If using a distribution that has SELinux in enforcing mode, set it to permissive first.

sudo setenforce 0

Both docker and podman are supported for builds.

Arch Linux build:

mkdir output && chmod 777 output
sudo docker build --pull --no-cache -t winesapos-img-builder build/.
sudo docker run --rm -v $(pwd):/workdir -v /dev:/dev --privileged=true winesapos-img-builder:latest /bin/bash -x /workdir/scripts/winesapos-build.sh

Manjaro build:

mkdir output && chmod 777 output
sed -i s'/archlinux:latest/manjarolinux\/base:latest/'g build/Dockerfile
sudo docker build --pull --no-cache -t winesapos-img-builder:manjaro build/.
sudo docker run --rm -v $(pwd):/workdir -v /dev:/dev --env WINESAPOS_DISTRO=manjaro --privileged=true winesapos-img-builder:manjaro /bin/bash -x /workdir/scripts/winesapos-build.sh

By default, the performance image is built. Use --env WINESAPOS_ENV_FILE=winesapos-env-minimal.sh or --env WINESAPOS_ENV_FILE=winesapos-env-secure.sh to build a different image type. Use the winesapOS testing repository with the argument --env WINESAPOS_ENABLE_TESTING_REPO=true.

Optionally do a build using the Arch Linux Archive (ALA) by using --env WINESAPOS_SINGLE_MIRROR=true --env WINESAPOS_SINGLE_MIRROR_URL=https://archive.archlinux.org/repos/2024/08/12. Manjaro does not have an ALA equivalent.

After the build, these files will be created:

• output/
  • winesapos.img = The raw image that was built.
  • winesapos-install.log = The install log.
  • winesapos-install-rc.txt = The return code from the tests indicating how many failed.
  • winesapos-packages.txt = The list of packages installed.

Tests

Automatic

Run the tests to ensure that everything was setup correctly. These are automatically ran and logged as part of the install script. The tests must be run with Bash.

$ sudo bash ./winesapos-tests.sh

Manual

On the hypervisor, clean up the virtual machine image. This will ensure that the image will generated unique values for additional security and stability. The customize operation is disabled because the operation will set a new machine-id which is not what we want. Our image already has a blank /etc/machine-id file which will be automatically re-generated on first boot.

$ sudo virt-sysprep --operations defaults,-customize -a /var/lib/libvirt/images/winesapos.img

Optionally flash the image onto an external storage device for testing hardware. Otherwise, run manual tests using a virtual machine.

$ sudo dd if=/var/lib/libvirt/images/winesapos.img of=/dev/<DEVICE>

Manual tests:

• Accept every first-time setup option to install and configure the system.
• Open and use every program on the desktop.
• Package Managers
  • Discover
    • Install a Flatpak package: org.gnome.BreakTimer
  • bauh
    • Install a Pacman package: nginx
    • Install a Flatpak package: org.gabmus.gfeeds
    • Install an AUR package: cmatrix-git
    • Install a Snap package: lxd
  • AppImagePool
    • Install an AppImage: GitNote
• Reboot and then use the display manager to launch Gamescope sessions for:
  • Open Gamepad UI
  • Steam

Upgrades

By default, the winesapOS upgrade script will update all upgrade files and exit if there are changes detected. For testing on a branch that is not stable (such as staging), set an environment variable to skip updating upgrade files as these are pulled from the stable branch.

export WINESAPOS_UPGRADE_FILES=false
export WINESAPOS_UPGRADE_TESTING_REPO=true
export WINESAPOS_UPGRADE_VERSION_CHECK=false
curl https://raw.githubusercontent.com/winesapOS/winesapOS/staging/scripts/winesapos-upgrade.sh | sudo -E bash

Workflows

Adding Applications

For new contributors:

• Fork the main branch of the winesapOS/winesapOS git repository.
• All shell scripts are written in Bash.
  • Check for syntax errors by using the command bash -n ${SCRIPT_FILE}.

If adding a new application to winesapOS, these are all of the places it needs to be updated:

• README.md needs to mention that application under the "Usability" or "Gaming support" sections under the "Features" header.
• CHANGELOG.md needs to mention that the application has has been Added, Changed, or Removed.
• src/winesapos-install.sh
  • The installer copies shortcut files for GUI applications to the desktop.
• src/winesapos-tests.sh needs updated tests to at least check for the existence of the package and desktop shortcut (if applicable).

Updating Linux Kernels

winesapOS ships two Linux kernels:

• Linux T2 = The latest stable Linux kernel with additional patches to support Intel Macs with the Apple T2 Security Chip.
• Linux LTS = The latest upstream Linux LTS kernel.
  • A new version of this kernel is released every year around December.
    • For Arch Linux builds, linux-lts is already used. For Manjaro builds, the linux<MAJOR_VERSION><MINOR_VERSION> package needs to be updated.
    • The Mac drivers need to build cleanly against this kernel.

Build Packages for winesapOS Repository

A container and script are provided to pre-build important AUR packages for winesapOS. If using a distribution that has SELinux in enforcing mode, set it to permissive first.

sudo setenforce 0
cd scripts/repo/
sudo docker build --pull --no-cache --tag ekultails/winesapos-build-repo:latest .
mkdir /tmp/winesapos-build-repo
chmod 777 /tmp/winesapos-build-repo
sudo docker run --name winesapos-build-repo --rm --volume /tmp/winesapos-build-repo:/output ekultails/winesapos-build-repo:latest &> /tmp/winesapos-build-repo_$(date --iso-8601=seconds).log

Check the amount of packages that failed to build (if any):

cat /tmp/winesapos-build-repo/winesapos-build-repo_exit-code.txt

Check to see what packages succeeded or failed to be built:

grep -P "PASSED|FAILED" /tmp/winesapos-build-repo_*.log

Those packages are then hosted on a Kubernetes cluster with the following requirements:

• cert-manager
• nginxinc/kubernetes-ingress
• longhorn

Apply all of the Kubernetes manifests to create NGINX containers on the Kubernetes cluster.

kubectl apply -f scripts/repo/k8s/

For copying new packages over, temporarily set deployment.spec.template.spec.containers.volumeMounts[0].readOnly to false.

kubectl --namespace winesapos-repo edit deployment deploy-winesapos-repo

Then copy the new files into one of the containers. A single persistent volume claim is shared among all of the containers.

kubectl --namespace winesapos-repo cp <PACKAGE_FILE> deploy-winesapos-repo-<UUID>:/usr/share/nginx/html/

Environment Variables for Repository Build

For specialized repository builds, use environment variables to determine what packages will be built.

sudo docker run --name winesapos-build-repo --rm --env WINESAPOS_REPO_BUILD_TESTING=true --env WINESAPOS_REPO_BUILD_LINUX_GIT=true --env WINESAPOS_REPO_BUILD_MESA_GIT=true --volume /tmp/winesapos-build-repo:/output ekultails/winesapos-build-repo:latest &> /tmp/winesapos-build-repo_$(date --iso-8601=seconds).log

Key	Values	Default	Description
WINESAPOS_REPO_BUILD_TESTING	true or false	false	Name the Pacman repository database as "winesapos-testing" instead of "winesapos".
WINESAPOS_REPO_BUILD_LINUX_GIT	true or false	false	Build linux-git.
WINESAPOS_REPO_BUILD_MESA_GIT	true or false	false	Build mesa-git and lib32-mesa-git.

GPG Signing

As of winesapOS 3.4.0, all packages and the metadata database are signed using a GPG key.

• Sign all of the packages:

  for pkg in $(ls -1 | grep "\.pkg\.tar"); do echo "${pkg}"; gpg --detach-sign --no-armor ${pkg}; done
  

• Update and sign the database:

  repo-add --verify --sign winesapos.db.tar.gz ./*.pkg.tar.xz ./*.pkg.tar.zst
  

Repository Automation

The winesapOS testing repository packages are automatically built and published on the 15th of every month. That GitHub Actions workflow can also be manually triggered at any time.

Custom Scripts

winesapOS supports running custom scripts before the installation finishes.

Specify the script to run before running winesapos-install.sh:

$ export WINESAPOS_CUSTOM_SCRIPT=/path/to/script.sh

Hints for writing a custom script:

• Source the scripts/env/winesapos-env-defaults.sh environment variables to load useful functions.
• Use one of the provided functions to install an application:
  • ${CMD_FLATPAK_INSTALL[@]}
  • ${CMD_PACMAN_INSTALL[@]}
  • ${CMD_YAY_INSTALL[@]}
• Use ${WINESAPOS_INSTALL_DIR} to reference the chroot directory used as part of the installation.

Wayback Machine Backups

On the server that hosts the winesapOS repository, run these commands to automatically backup all of the files to the Wayback Machine (Internet Archive):

$ export WINESAPOS_VERSION=3.3.0
$ cd /data/winesapos-repo/repo/winesapos-${WINESAPOS_VERSION}
$ curl -v https://web.archive.org/save/https://winesapos.lukeshort.cloud/repo/${WINESAPOS_VERSION}
$ find . -exec curl -v https://web.archive.org/save/https://winesapos.lukeshort.cloud/repo/${WINESAPOS_VERSION}/{} \;

It is also possible for a community member to do a backup by downloading the a mirror of the repository to their computer first:

$ wget -m https://winesapos.lukeshort.cloud/repo/
$ cd winesapos.lukeshort.cloud
$ find . -name "*.html" -exec curl -v "https://web.archive.org/save/https://{}" ';'

Release

Checklist

These are tasks the need to happen before publishing a stable release.

• Rebuild all AUR packages.

  • First publish them to the [winesapos-testing] repository and test them via a new build.
  • For the stable build and release, sign and then move these packages to the [winesapos] repository.

• Update the versions for these programs by changing these variables:

  • rootfs/usr/local/bin/winesapos-ventoy-bootstrap.sh
    • VENTOY_VER
  • scripts/winesapos-install.sh
    • ETCHER_VER
    • YAY_VER
  • scripts/winesapos-setup.sh
    • PROTON_GE_VERSION
    • PROTON_SAREK_VERSION
  • scripts/winesapos-upgrade.sh
    • CURL_STATIC_VER
    • ETCHER_VER
  • scripts/repo/winesapos-build-repo.sh
    • YAY_VER

• Delete old git branches:

  git branch -D <BRANCH>
  git push --delete origin <BRANCH>
  

• Test upgrades from every old stable version to the new stable version.

Publishing

• Add upgrade notes to the UPGRADES.md file.

• For a new release, update the rootfs/usr/lib/os-release-winesapos file in the git repository with the new VERSION and VERSION_ID before building an image.

• Before building an alpha or beta build, enable the [winesapos-testing] repository with export WINESAPOS_ENABLE_TESTING_REPO=true.

• Create a "minimal" and "performance" release image (not "secure") using a container build.

  • Due to the "secure" image having a common LUKS container encryption key that would be shared, users are encouraged to do their own custom build of winesapOS to generate a unique key instead.

• Make sure that no tests failed by checking the exit/return code of the installation script. It should be zero. If not, that is how many tests have failed. Review the installation log for more details.

  $ cat ./output/winesapos-install-rc.txt
  0
  $ less ./output/winesapos-install.log
  

• Sanitize the image.

  $ sudo cp ./output/winesapos.img /var/lib/libvirt/images/
  $ sudo virt-sysprep --operations defaults,-customize -a /var/lib/libvirt/images/winesapos.img
  

• Copy the packages list over for it to be checksummed.

  $ sudo cp ./output/winesapos-packages.txt /var/lib/libvirt/images/winesapos-<VERSION>-[performance|minimal].packages.txt
  

• Create a release by using the universal zip compression utility. Do this for the build of the "performance" (default) and "minimal" images.

  $ cd /var/lib/libvirt/images/
  $ sudo mv winesapos.img winesapos-<VERSION>-[performance|minimal].img
  $ sudo zip winesapos-<VERSION>-[performance|minimal].img.zip winesapos-<VERSION>-[performance|minimal].img
  $ ls -1 | grep winesapos
  winesapos-<VERSION>-[performance|minimal].img
  winesapos-<VERSION>-[performance|minimal].img.zip
  

• Create SHA512 checkums separately for the "performance" and "minimal" images and their related archive files. Users can then use those files to check for corruption or tampering.

  $ sha512sum winesapos-<VERSION>-[performance|minimal]* > winesapos-<VERSION>-[performance|minimal].sha512sum.txt
  $ sha512sum --check winesapos-<VERSION>-[performance|minimal].sha512sum.txt
  

• Create a tarball of the root file system from the minimal image.

  $ export WINESAPOS_VERSION="4.1.0"
  $ sudo -E guestmount --add winesapos-${WINESAPOS_VERSION}-minimal.img --mount /dev/sda4 --ro /mnt
  $ sudo -E guestmount --add winesapos-${WINESAPOS_VERSION}-minimal.img --mount /dev/sda3 --ro /mnt/boot
  $ sudo -E guestmount --add winesapos-${WINESAPOS_VERSION}-minimal.img --mount /dev/sda2 --ro /mnt/boot/efi
  $ sudo -E tar --create --preserve-permissions --zstd --directory /mnt --file winesapos-${WINESAPOS_VERSION}-minimal-rootfs.tar.zst .
  $ sha512sum winesapos-${WINESAPOS_VERSION}-minimal-rootfs.tar.zst | sudo -E tee winesapos-${WINESAPOS_VERSION}-minimal-rootfs.sha512sum.txt
  

• Take a screenshot of the desktop for the "performance" image.

  • Set the desktop resolution to 1280x768.
  • Use Squoosh to compress the image.
  • Rename the image to winesapos-desktop.jpg and commit it to the git repository.

• Create a git tag and push it.

  $ git tag X.Y.Z
  $ git push origin X.Y.Z
  

• Sync the stable branch with the latest tag. This is required for the upgrade script. Old versions of winesapOS will pull the latest upgrade script from the stable branch.

  $ git checkout stable
  $ git rebase X.Y.Z
  $ git push origin stable
  

• Upload the images to be hosted at https://winesapos.lukeshort.cloud/repo/iso/winesapos-${WINESAPOS_VERSION}/ and also on the Internet Archive.

  $ cd /usr/local/bin/
  $ sudo url -LOs https://archive.org/download/ia-pex/ia
  $ sudo chmod +x /usr/local/bin/ia
  $ ia configure
  $ export WINESAPOS_VERSION=4.1.0
  $ export WINESAPOS_VERSION_NO_PERIODS=410
  $ cd /data/winesapos-repo/repo/iso/winesapos-${WINESAPOS_VERSION}/
  $ ia upload \
      winesapos-${WINESAPOS_VERSION_NO_PERIODS} \
      winesapos-${WINESAPOS_VERSION}-minimal.img.zip \
      winesapos-${WINESAPOS_VERSION}-minimal.packages.txt \
      winesapos-${WINESAPOS_VERSION}-minimal.sha512sum.txt \
      winesapos-${WINESAPOS_VERSION}-performance.img.zip \
      winesapos-${WINESAPOS_VERSION}-performance.packages.txt \
      winesapos-${WINESAPOS_VERSION}-performance.sha512sum.txt \
      winesapos-${WINESAPOS_VERSION}-minimal-rootfs.tar.zst \
      winesapos-${WINESAPOS_VERSION}-minimal-rootfs.sha512sum.txt \
      --metadata="mediatype:data" \
      --metadata="title:winesapOS ${WINESAPOS_VERSION}" \
      --metadata="creator:Luke Short" \
      --metadata="summary:https://github.com/winesapOS/winesapOS/releases/tag/${WINESAPOS_VERSION}"