From cf3c38807ad8ae31a1a54c58a355646f0d4a2cdc Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Tue, 14 May 2024 16:15:17 -0400 Subject: [PATCH 01/51] chore(ci): Update builder to 24.04 (#577) --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 0b217a59..b94076dd 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -16,7 +16,7 @@ concurrency: jobs: build_ublue: name: main - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write From 7e073587cee57db4d77ca7677cf80d07f5bc0583 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Wed, 15 May 2024 23:07:32 -0400 Subject: [PATCH 02/51] feat(dev): add justfile for local testing and integration with vscode (#578) --- .gitignore | 2 + .vscode/tasks.json | 109 +++++++++++++++++++++++ Containerfile | 7 +- Justfile | 49 ++++++++++ just_scripts/build-image.sh | 29 ++++++ just_scripts/build-iso-installer-main.sh | 86 ++++++++++++++++++ just_scripts/build-iso-makefile-patch | 11 +++ just_scripts/build-iso.sh | 86 ++++++++++++++++++ just_scripts/cleanup-dir.sh | 11 +++ just_scripts/cleanup-images.sh | 20 +++++ just_scripts/container_mgr.sh | 21 +++++ just_scripts/get-defaults.sh | 30 +++++++ just_scripts/list-images.sh | 19 ++++ just_scripts/run-image.sh | 29 ++++++ just_scripts/run-iso.sh | 40 +++++++++ just_scripts/sudoif.sh | 14 +++ 16 files changed, 561 insertions(+), 2 deletions(-) create mode 100644 .vscode/tasks.json create mode 100644 Justfile create mode 100755 just_scripts/build-image.sh create mode 100755 just_scripts/build-iso-installer-main.sh create mode 100644 just_scripts/build-iso-makefile-patch create mode 100755 just_scripts/build-iso.sh create mode 100755 just_scripts/cleanup-dir.sh create mode 100755 just_scripts/cleanup-images.sh create mode 100755 just_scripts/container_mgr.sh create mode 100755 just_scripts/get-defaults.sh create mode 100755 just_scripts/list-images.sh create mode 100755 just_scripts/run-image.sh create mode 100755 just_scripts/run-iso.sh create mode 100755 just_scripts/sudoif.sh diff --git a/.gitignore b/.gitignore index 485dee64..7d6592a0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ .idea +*.iso +*.iso-CHECKSUM* diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 00000000..03d8e38f --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,109 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "label": "Connect to VM", + "dependsOn": [ + "Run-ISO", + "Open Browser" + ], + "problemMatcher": [] + }, + { + "label": "Open Browser", + "command": "${input:openSimpleBrowser}", + "problemMatcher": [] + }, + { + "label": "Build Container", + "command": "just", + "args": [ + "build", + "${input:outputChoice}" + ], + "problemMatcher": [], + "group": { + "kind": "build", + "isDefault": true + } + }, + { + "label": "Build ISO", + "command": "just", + "args": [ + "${input:installerChoice}", + "${input:outputChoice}" + ], + "problemMatcher": [] + }, + { + "label": "Run-ISO", + "command": "just", + "args": [ + "run-iso", + "${input:outputChoice}" + ], + "problemMatcher": [], + "isBackground": true + }, + { + "label": "List Images", + "command": "just", + "args": [ + "list-images" + ], + "problemMatcher": [] + }, + { + "label": "Run Container", + "command": "just", + "args": [ + "run-container", + "${input:outputChoice}" + ], + "problemMatcher": [] + } + ], + "inputs": [ + { + "id": "openSimpleBrowser", + "type": "command", + "command": "simpleBrowser.show", + "args": [ + "http://localhost:8006" + ] + }, + { + "id": "installerChoice", + "type": "pickString", + "description": "Choose which Installer Builder to use", + "default": "build-iso", + "options": [ + "build-iso", + "build-iso-git" + ] + }, + { + "id": "outputChoice", + "type": "pickString", + "description": "Choose which container to build", + "default": "silverblue", + "options": [ + "silverblue latest", + "kinoite latest", + "sericea latest", + "onyx latest", + "base latest", + "lazurite latest", + "vauxite latest", + "silverblue gts", + "kinoite gts", + "sericea gts", + "onyx gts", + "base gts", + "lazurite gts", + "vauxite gts" + ] + } + ] +} diff --git a/Containerfile b/Containerfile index fe3c8502..7415437f 100644 --- a/Containerfile +++ b/Containerfile @@ -4,6 +4,9 @@ ARG SOURCE_ORG="${SOURCE_ORG:-fedora-ostree-desktops}" ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" +FROM ghcr.io/ublue-os/config:latest as config +FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} as akmods + FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" @@ -17,8 +20,8 @@ COPY github-release-install.sh \ packages.json \ /tmp/ -COPY --from=ghcr.io/ublue-os/config:latest /rpms /tmp/rpms -COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/ublue-os /tmp/rpms +COPY --from=config /rpms /tmp/rpms +COPY --from=akmods /rpms/ublue-os /tmp/rpms COPY sys_files/usr /usr RUN mkdir -p /var/lib/alternatives && \ diff --git a/Justfile b/Justfile new file mode 100644 index 00000000..1e77de53 --- /dev/null +++ b/Justfile @@ -0,0 +1,49 @@ +export project_root := `git rev-parse --show-toplevel` +export git_branch := ` git branch --show-current` +export gts := "39" +export latest := "40" +export default_image := "silverblue" + +alias run := run-container +alias build-iso := build-iso-release + +_default: + @just --list + +_container_mgr: + @{{ project_root }}/just_scripts/container_mgr.sh + +_tag image: + @echo {{image}}-build + +# Build image +build image="" version="": + @{{ project_root }}/just_scripts/build-image.sh {{image}} {{version}} + +# Build ISO +build-iso-release image="" version="": + @{{ project_root }}/just_scripts/build-iso.sh {{image}} {{version}} + +# Build ISO using ISO Builder Git Head +build-iso-git image="" version="": + @{{ project_root }}/just_scripts/build-iso-installer-main.sh {{image}} {{version}} + +# Run ISO +run-iso image="" version="": + @{{ project_root }}/just_scripts/run-iso.sh {{image}} {{version}} + +# Run Container +run-container image="" version="": + @{{ project_root }}/just_scripts/run-image.sh {{image}} {{version}} + +# List Images +list-images: + @{{ project_root }}/just_scripts/list-images.sh + +# Clean Images +clean-images: + @{{ project_root }}/just_scripts/cleanup-images.sh + +# Clean ISOs +clean-isos: + @{{ project_root }}/just_scripts/cleanup-dir.sh diff --git a/just_scripts/build-image.sh b/just_scripts/build-image.sh new file mode 100755 index 00000000..4c0dd9e9 --- /dev/null +++ b/just_scripts/build-image.sh @@ -0,0 +1,29 @@ +#!/usr/bin/bash +set -eo pipefail +if [[ -z ${project_root} ]]; then + project_root=$(git rev-parse --show-toplevel) +fi +if [[ -z ${git_branch} ]]; then + git_branch=$(git branch --show-current) +fi + +# Get Inputs +image=$1 +version=$2 + +# Set image/target/version based on inputs +# shellcheck disable=SC2154,SC1091 +. "${project_root}/just_scripts/get-defaults.sh" + +# Get info +container_mgr=$(just _container_mgr) +tag=$(just _tag "${image}") + +# Build Image +$container_mgr build -f Containerfile \ + --build-arg="IMAGE_NAME=${tag}" \ + --build-arg="SOURCE_ORG=fedora-ostree-desktops" \ + --build-arg="SOURCE_IMAGE=${image}" \ + --build-arg="FEDORA_MAJOR_VERSION=${version}" \ + --tag localhost/"${tag}:${version}-${git_branch}" \ + "${project_root}" diff --git a/just_scripts/build-iso-installer-main.sh b/just_scripts/build-iso-installer-main.sh new file mode 100755 index 00000000..22e97c3b --- /dev/null +++ b/just_scripts/build-iso-installer-main.sh @@ -0,0 +1,86 @@ +#!/usr/bin/bash +#shellcheck disable=SC2154,SC2034 + +if [[ -z ${project_root} ]]; then + project_root=$(git rev-parse --show-toplevel) +fi +if [[ -z ${git_branch} ]]; then + git_branch=$(git branch --show-current) +fi + +# shellcheck disable=SC1091 +. "${project_root}/just_scripts/sudoif.sh" + +# Check if inside rootless container +if [[ -f /run/.containerenv ]]; then + #shellcheck disable=SC1091 + source /run/.containerenv + #shellcheck disable=SC2154 + if [[ "${rootless}" -eq "1" ]]; then + echo "Cannot build ISO inside rootless podman container... Exiting..." + exit 1 + fi +fi +container_mgr=$(just _container_mgr) +# If using rootless container manager, exit. Might not be best check +if "${container_mgr}" info | grep Root | grep -q /home; then + echo "Cannot build ISO with rootless container..." + exit 1 +fi + +# Get Inputs +image=$1 +version=$2 + +# Set image/target/version based on inputs +# shellcheck disable=SC2154,SC1091 +. "${project_root}/just_scripts/get-defaults.sh" + +# Set Container tag name +tag=$(just _tag "${image}") + +# Remove old ISO if present +sudoif rm -f "${project_root}/just_scripts/output/${tag}-${version}-${git_branch}.iso" +sudoif rm -f "${project_root}/just_scripts/output/${tag}-${version}-${git_branch}.iso-CHECKSUM" + +# Set variant +if [[ "${image}" =~ "silverblue" ]]; then + variant=Silverblue +else + variant=Kinoite +fi + +if [[ ${container_mgr} =~ "podman" ]]; then + api_socket=/run/podman/podman.sock +elif [[ ${container_mgr} =~ "docker" ]]; then + api_socket=/var/run/docker.sock +fi + +# Make sure image actually exists, build if it doesn't +ID=$(${container_mgr} images --filter reference=localhost/"${tag}:${version}-${git_branch}" --format "{{.ID}}") +if [[ -z ${ID} ]]; then + just build "${image}" "${version}" +fi + +workspace=${project_root} +if [[ -f /.dockerenv || -f /run/.containerenv ]]; then + workspace=${LOCAL_WORKSPACE_FOLDER} +fi + +# Make ISO +${container_mgr} run --rm --privileged \ + --volume "${api_socket}":/var/run/docker.sock \ + --volume "${workspace}"/just_scripts/build-iso-makefile-patch:/build-container-installer/container/Makefile \ + --volume "${workspace}"/just_scripts/output:/build-container-installer/build \ + ghcr.io/jasonn3/build-container-installer:main \ + ARCH="x86_64" \ + ENABLE_CACHE_DNF="false" \ + ENABLE_CACHE_SKOPEO="false" \ + ENROLLMENT_PASSWORD="ublue-os" \ + IMAGE_NAME="${tag}" \ + IMAGE_REPO="localhost" \ + IMAGE_TAG="${version}-${git_branch}" \ + ISO_NAME="build/${tag}-${version}-${git_branch}.iso" \ + SECURE_BOOT_KEY_URL='https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' \ + VARIANT="${variant}" \ + VERSION="${version}" diff --git a/just_scripts/build-iso-makefile-patch b/just_scripts/build-iso-makefile-patch new file mode 100644 index 00000000..bb8d7d9d --- /dev/null +++ b/just_scripts/build-iso-makefile-patch @@ -0,0 +1,11 @@ +$(IMAGE_NAME)-$(IMAGE_TAG): + skopeo copy docker-daemon:$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) oci:$(IMAGE_NAME)-$(IMAGE_TAG) + +install-deps: + $(install_pkg) skopeo + +FILES=$(filter-out Makefile,$(wildcard *)) +clean: +ifneq ($(FILES),) + rm -Rf $(FILES) +endif diff --git a/just_scripts/build-iso.sh b/just_scripts/build-iso.sh new file mode 100755 index 00000000..c34f3416 --- /dev/null +++ b/just_scripts/build-iso.sh @@ -0,0 +1,86 @@ +#!/usr/bin/bash +#shellcheck disable=SC2154,SC2034 + +if [[ -z ${project_root} ]]; then + project_root=$(git rev-parse --show-toplevel) +fi +if [[ -z ${git_branch} ]]; then + git_branch=$(git branch --show-current) +fi + +# shellcheck disable=SC1091 +. "${project_root}/just_scripts/sudoif.sh" + +# Check if inside rootless container +if [[ -f /run/.containerenv ]]; then + #shellcheck disable=SC1091 + source /run/.containerenv + #shellcheck disable=SC2154 + if [[ "${rootless}" -eq "1" ]]; then + echo "Cannot build ISO inside rootless podman container... Exiting..." + exit 1 + fi +fi +container_mgr=$(just _container_mgr) +# If using rootless container manager, exit. Might not be best check +if "${container_mgr}" info | grep Root | grep -q /home; then + echo "Cannot build ISO with rootless container..." + exit 1 +fi + +# Get Inputs +image=$1 +version=$2 + +# Set image/target/version based on inputs +# shellcheck disable=SC2154,SC1091 +. "${project_root}/just_scripts/get-defaults.sh" + +# Set Container tag name +tag=$(just _tag "${image}") + +# Remove old ISO if present +sudoif rm -f "${project_root}/just_scripts/output/${tag}-${version}-${git_branch}.iso" +sudoif rm -f "${project_root}/just_scripts/output/${tag}-${version}-${git_branch}.iso-CHECKSUM" + +# Set variant +if [[ "${image}" =~ "silverblue" ]]; then + variant=Silverblue +else + variant=Kinoite +fi + +if [[ ${container_mgr} =~ "podman" ]]; then + api_socket=/run/podman/podman.sock +elif [[ ${container_mgr} =~ "docker" ]]; then + api_socket=/var/run/docker.sock +fi + +# Make sure image actually exists, build if it doesn't +ID=$(${container_mgr} images --filter reference=localhost/"${tag}:${version}-${git_branch}" --format "{{.ID}}") +if [[ -z ${ID} ]]; then + just build "${image}" "${version}" +fi + +workspace=${project_root} +if [[ -f /.dockerenv || -f /run/.containerenv ]]; then + workspace=${LOCAL_WORKSPACE_FOLDER} +fi + +# Make ISO +${container_mgr} run --rm --privileged \ + --volume "${api_socket}":/var/run/docker.sock \ + --volume "${workspace}"/just_scripts/build-iso-makefile-patch:/build-container-installer/container/Makefile \ + --volume "${workspace}"/just_scripts/output:/build-container-installer/build \ + ghcr.io/jasonn3/build-container-installer:latest \ + ARCH="x86_64" \ + ENABLE_CACHE_DNF="false" \ + ENABLE_CACHE_SKOPEO="false" \ + ENROLLMENT_PASSWORD="ublue-os" \ + IMAGE_NAME="${tag}" \ + IMAGE_REPO="localhost" \ + IMAGE_TAG="${version}-${git_branch}" \ + ISO_NAME="build/${tag}-${version}-${git_branch}.iso" \ + SECURE_BOOT_KEY_URL='https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' \ + VARIANT="${variant}" \ + VERSION="${version}" diff --git a/just_scripts/cleanup-dir.sh b/just_scripts/cleanup-dir.sh new file mode 100755 index 00000000..03140923 --- /dev/null +++ b/just_scripts/cleanup-dir.sh @@ -0,0 +1,11 @@ +#!/usr/bin/bash +if [[ -z ${project_root} ]]; then + project_root=$(git rev-parse --show-toplevel) +fi +# shellcheck disable=SC1091 +. "${project_root}/just_scripts/sudoif.sh" + +set -euox pipefail + +#shellcheck disable=SC2154 +sudoif rm -f "${project_root}"/just_scripts/output/* #ISOs diff --git a/just_scripts/cleanup-images.sh b/just_scripts/cleanup-images.sh new file mode 100755 index 00000000..6b25bd7b --- /dev/null +++ b/just_scripts/cleanup-images.sh @@ -0,0 +1,20 @@ +#!/usr/bin/bash +set -euox pipefail +container_mgr=( + docker + podman + podman-remote +) +git_branches=($(git branch --format="%(refname:short)")) +for i in "${container_mgr[@]}"; do + if [[ $(command -v "$i") ]]; then + echo "Container Manager: ${i}" + for j in "${git_branches[@]}"; do + ID=$(${i} images --filter "reference=localhost/*-build:${gts}-${j}" --filter "reference=localhost/*-build:${latest}-${j}" --format "{{.ID}}") + if [[ -n "$ID" ]]; then + xargs -I {} "${i}" image rm {} <<< "$ID" + fi + done + echo "" + fi +done diff --git a/just_scripts/container_mgr.sh b/just_scripts/container_mgr.sh new file mode 100755 index 00000000..491f017b --- /dev/null +++ b/just_scripts/container_mgr.sh @@ -0,0 +1,21 @@ +#!/usr/bin/bash +valid_manager=( + docker + podman + podman-remote +) +if [[ -n ${CONTAINER_MGR} ]]; then + if [[ "${valid_manager[*]}" =~ ${CONTAINER_MGR} ]]; then + echo "${CONTAINER_MGR}" + else + exit 1 + fi +elif [[ $(command -v docker) ]]; then + echo docker +elif [[ $(command -v podman) ]]; then + echo podman +elif [[ $(command -v podman-remote) ]];then + echo podman-remote +else + exit 1 +fi \ No newline at end of file diff --git a/just_scripts/get-defaults.sh b/just_scripts/get-defaults.sh new file mode 100755 index 00000000..ea45b4c9 --- /dev/null +++ b/just_scripts/get-defaults.sh @@ -0,0 +1,30 @@ +#!/usr/bin/bash +if [[ -z "${image}" ]]; then + image=${default_image} +fi + +if [[ -z "${version}" ]]; then + version=${latest} +elif [[ ${version} == "latest" ]]; then + version=${latest} +elif [[ ${version} == "gts" ]]; then + version=${gts} +fi + +valid_images=( + silverblue + kinoite + sericea + onyx + base + lazurite + vauxite +) +image=${image,,} +if [[ ${image} == "mate" ]]; then + echo "Mate not supported..." + exit 1 +elif [[ ! ${valid_images[*]} =~ ${image} ]]; then + echo "Invalid image..." + exit 1 +fi \ No newline at end of file diff --git a/just_scripts/list-images.sh b/just_scripts/list-images.sh new file mode 100755 index 00000000..0fabbc59 --- /dev/null +++ b/just_scripts/list-images.sh @@ -0,0 +1,19 @@ +#!/usr/bin/bash +set -euo pipefail +container_mgr=( + docker + podman + podman-remote +) +git_branches=($(git branch --format="%(refname:short)")) +for i in "${container_mgr[@]}"; do + if [[ $(command -v "$i") ]]; then + echo "Container Manager: ${i}" + for j in "${git_branches[@]}"; do + ID=$(${i} images --filter "reference=localhost/*-build:${gts}-${j}" --filter "reference=localhost/*-build:${latest}-${j}" --format "{{.ID}}") + if [[ -n "$ID" ]]; then + ${i} images --filter "reference=localhost/*-build:${gts}-${j}" --filter "reference=localhost/*-build:${latest}-${j}" + fi + done + fi +done diff --git a/just_scripts/run-image.sh b/just_scripts/run-image.sh new file mode 100755 index 00000000..a768ba6f --- /dev/null +++ b/just_scripts/run-image.sh @@ -0,0 +1,29 @@ +#!/usr/bin/bash +if [[ -z ${project_root} ]]; then + project_root=$(git rev-parse --show-toplevel) +fi +if [[ -z ${git_branch} ]]; then + git_branch=$(git branch --show-current) +fi +set -eo pipefail + +# Get Inputs +image=$1 +version=$2 + +# Get image/target/version based on inputs +# shellcheck disable=SC2154,SC1091 +. "${project_root}/just_scripts/get-defaults.sh" + +# Get variables +container_mgr=$(just _container_mgr) +tag=$(just _tag "${image}") + +# Check if requested image exist, if it doesn't build it +ID=$(${container_mgr} images --filter reference=localhost/"${tag}":"${version}-${git_branch}" --format "{{.ID}}") +if [[ -z ${ID} ]]; then + just build "${image}" "${version}" +fi + +# Run image +"${container_mgr}" run -it --rm localhost/"${tag}:${version}-${git_branch}" /usr/bin/bash diff --git a/just_scripts/run-iso.sh b/just_scripts/run-iso.sh new file mode 100755 index 00000000..ea17b6f9 --- /dev/null +++ b/just_scripts/run-iso.sh @@ -0,0 +1,40 @@ +#!/usr/bin/bash +if [[ -z ${project_root} ]]; then + project_root=$(git rev-parse --show-toplevel) +fi +if [[ -z ${git_branch} ]]; then + git_branch=$(git branch --show-current) +fi +set -eo pipefail + +# Get Inputs +image=$1 +version=$2 + +# Get image/target/version based on inputs +# shellcheck disable=SC2154,SC1091 +. "${project_root}/just_scripts/get-defaults.sh" + +# Get variables +container_mgr=$(just _container_mgr) +tag=$(just _tag "${image}") + +#check if ISO exists. Create if it doesn't +if [[ ! -f "${project_root}/just_scripts/output/${tag}-${version}-${git_branch}.iso" ]]; then + just build-iso "$image" "$version" +fi + +workspace=${project_root} +if [[ -f /.dockerenv ]]; then + workspace=${LOCAL_WORKSPACE_FOLDER} +fi + +${container_mgr} run --rm --cap-add NET_ADMIN \ + --publish 127.0.0.1:8006:8006 \ + --env "CPU_CORES=2" \ + --env "RAM_SIZE=4G" \ + --env "DISK_SIZE=64G" \ + --env "BOOT_MODE=uefi" \ + --device=/dev/kvm \ + --volume "${workspace}/just_scripts/output/${tag}-${version}-${git_branch}.iso":/boot.iso \ + docker.io/qemux/qemu-docker \ No newline at end of file diff --git a/just_scripts/sudoif.sh b/just_scripts/sudoif.sh new file mode 100755 index 00000000..aeb7c722 --- /dev/null +++ b/just_scripts/sudoif.sh @@ -0,0 +1,14 @@ +#!/usr/bin/bash +function sudoif(){ + if [[ "${TERM_PROGRAM}" == "vscode" && \ + ! -f /run/.containerenv && \ + ! -f /.dockerenv ]]; then + [[ $(command -v systemd-run) ]] && \ + /usr/bin/systemd-run --uid=0 --gid=0 -d -E TERM="$TERM" -t -q -P -G "$@" \ + || exit 1 + else + [[ $(command -v sudo) ]] && \ + /usr/bin/sudo "$@" \ + || exit 1 + fi +} From d7c5c11473affa62578a7b446c4f3483f64eed3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 10:48:19 -0400 Subject: [PATCH 03/51] chore(deps): bump Wandalen/wretry.action from 3.4.0 to 3.5.0 (#576) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index b94076dd..6cc6132d 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -127,7 +127,7 @@ jobs: - name: Get current version id: labels - uses: Wandalen/wretry.action@v3.4.0 + uses: Wandalen/wretry.action@v3.5.0 with: attempt_limit: 3 attempt_delay: 15000 @@ -155,7 +155,7 @@ jobs: io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - name: Pull base image - uses: Wandalen/wretry.action@v3.4.0 + uses: Wandalen/wretry.action@v3.5.0 with: attempt_limit: 3 attempt_delay: 15000 @@ -192,7 +192,7 @@ jobs: string: ${{ env.IMAGE_REGISTRY }} - name: Push To GHCR - uses: Wandalen/wretry.action@v3.4.0 + uses: Wandalen/wretry.action@v3.5.0 id: push if: github.event_name != 'pull_request' env: From 9f5b4e74add8c053402e99a99fa37fe7f20b978e Mon Sep 17 00:00:00 2001 From: qoijjj <129108030+qoijjj@users.noreply.github.com> Date: Mon, 20 May 2024 11:39:02 -0700 Subject: [PATCH 04/51] fix: remove ffmpeg-free from all images (#582) --- packages.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages.json b/packages.json index 7eb17f42..f50c662b 100644 --- a/packages.json +++ b/packages.json @@ -170,6 +170,7 @@ }, "exclude": { "all": [ + "ffmpeg-free", "google-noto-sans-cjk-vf-fonts", "libavcodec-free", "libavdevice-free", From c8d9b00faefec18b2476b10de1be46f496524023 Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Thu, 30 May 2024 14:36:54 -0400 Subject: [PATCH 05/51] chore(ci): switch back to ubuntu 22.04 runners --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 6cc6132d..d13ef848 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -16,7 +16,7 @@ concurrency: jobs: build_ublue: name: main - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read packages: write From 2d8dca6e7d9b54b8637be49a2f0d0d80f3eb0bfc Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Mon, 3 Jun 2024 08:28:00 -0700 Subject: [PATCH 06/51] feat: Add flatpak-spawn package by default (#583) --- packages.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages.json b/packages.json index f50c662b..ba65edb1 100644 --- a/packages.json +++ b/packages.json @@ -10,6 +10,7 @@ "ffmpeg", "ffmpeg-libs", "ffmpegthumbnailer", + "flatpak-spawn", "fzf", "google-noto-sans-balinese-fonts", "google-noto-sans-cjk-fonts", From d5e186ef1bc7abd16610aa2442f5a9384c3047bd Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 9 Jun 2024 14:55:51 -0400 Subject: [PATCH 07/51] chore: Have kinoite make avif and webp thumbnails in dolphin (#584) Co-authored-by: Jorge O. Castro --- packages.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages.json b/packages.json index ba65edb1..97b9cd02 100644 --- a/packages.json +++ b/packages.json @@ -211,7 +211,10 @@ "40": { "include": { "all": [], - "kinoite": [] + "kinoite": [ + "kf6-kimageformats", + "qt6-qtimageformats" + ] }, "exclude": { "all": [ From 0afd8cf0caf9f4109bf10e12fae0ab0795e6ac3b Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Sun, 16 Jun 2024 20:09:31 -0700 Subject: [PATCH 08/51] feat: Add squashfs-tools (#586) --- packages.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages.json b/packages.json index 97b9cd02..aae38f64 100644 --- a/packages.json +++ b/packages.json @@ -42,6 +42,7 @@ "powerstat", "smartmontools", "solaar-udev", + "squashfs-tools", "symlinks", "tcpdump", "tmux", From e72d5afc246e45530bf9c56c1605c66ed1d11f11 Mon Sep 17 00:00:00 2001 From: RJ Trujillo Date: Tue, 18 Jun 2024 21:01:49 -0400 Subject: [PATCH 09/51] feat: Sign kernel with our akmods key (#588) Signed-off-by: RJ Sampson --- .github/workflows/reusable-build.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index d13ef848..904c4c63 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -103,9 +103,11 @@ jobs: [[ "${IS_STABLE_VERSION}" == "true" ]]; then BUILD_TAGS+=("${TIMESTAMP}") BUILD_TAGS+=("latest") + echo "DEFAULT_TAG=latest" >> $GITHUB_ENV elif [[ "${IS_GTS_VERSION}" == "true" ]]; then BUILD_TAGS+=("gts-${TIMESTAMP}") BUILD_TAGS+=("gts") + echo "DEFAULT_TAG=gts" >> $GITHUB_ENV fi if [[ "${{ github.event_name }}" == "pull_request" ]]; then @@ -114,6 +116,7 @@ jobs: echo "${TAG}" done alias_tags=("${COMMIT_TAGS[@]}") + echo "DEFAULT_TAG=${SHA_SHORT}-${VARIANT}" >> $GITHUB_ENV else alias_tags=("${BUILD_TAGS[@]}") fi @@ -183,6 +186,16 @@ jobs: labels: ${{ steps.meta.outputs.labels }} oci: false + - name: Sign kernel + uses: ublue-os/kernel-signer@v0.2.3 + with: + image: ${{ steps.build_image.outputs.image }} + default-tag: ${{ env.DEFAULT_TAG }} + privkey: ${{ secrets.AKMOD_PRIVKEY_20230518 }} + pubkey: /etc/pki/akmods/certs/akmods-ublue.der + tags: ${{ steps.build_image.outputs.tags }} + strip: false + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 - name: Lowercase Registry From 897a07b0a7a8df226197631b69af1d2999ca4302 Mon Sep 17 00:00:00 2001 From: qoijjj <129108030+qoijjj@users.noreply.github.com> Date: Sat, 22 Jun 2024 10:18:45 -0700 Subject: [PATCH 10/51] fix: reduce gap between upstream builds and ublue builds (#589) --- .github/workflows/build-39.yml | 2 +- .github/workflows/build-40.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-39.yml b/.github/workflows/build-39.yml index d90803aa..5c6a6126 100644 --- a/.github/workflows/build-39.yml +++ b/.github/workflows/build-39.yml @@ -3,7 +3,7 @@ on: pull_request: merge_group: schedule: - - cron: '0 15 * * *' # 3pm-ish UTC everyday (timed against official fedora container pushes) + - cron: '5 4 * * *' # 4am-ish UTC everyday (timed against official fedora container pushes) workflow_dispatch: jobs: diff --git a/.github/workflows/build-40.yml b/.github/workflows/build-40.yml index ad7a1e9b..bf2de37b 100644 --- a/.github/workflows/build-40.yml +++ b/.github/workflows/build-40.yml @@ -3,7 +3,7 @@ on: pull_request: merge_group: schedule: - - cron: '5 15 * * *' # 3pm-ish UTC everyday (timed against official fedora container pushes) + - cron: '5 3 * * *' # 3am-ish UTC everyday (timed against official fedora container pushes) workflow_dispatch: jobs: From a7dfe88f71b6db1fa540fdd5901cf2bee22e1ea9 Mon Sep 17 00:00:00 2001 From: RJ Trujillo Date: Sun, 23 Jun 2024 12:11:54 -0400 Subject: [PATCH 11/51] fix(ci): Don't sign kernel on PR (#590) Signed-off-by: RJ Sampson --- .github/workflows/reusable-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 904c4c63..93bb9913 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -188,6 +188,7 @@ jobs: - name: Sign kernel uses: ublue-os/kernel-signer@v0.2.3 + if: github.event_name != 'pull_request' with: image: ${{ steps.build_image.outputs.image }} default-tag: ${{ env.DEFAULT_TAG }} From ea43f00fd0fb4c3c4379d71fd30e00522df0fa4a Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sat, 29 Jun 2024 18:01:03 -0500 Subject: [PATCH 12/51] feat: set dracut zstd compression for initramfs regen (#595) --- sys_files/usr/lib/dracut/dracut.conf.d/10-compression.conf | 1 + 1 file changed, 1 insertion(+) create mode 100644 sys_files/usr/lib/dracut/dracut.conf.d/10-compression.conf diff --git a/sys_files/usr/lib/dracut/dracut.conf.d/10-compression.conf b/sys_files/usr/lib/dracut/dracut.conf.d/10-compression.conf new file mode 100644 index 00000000..af45d621 --- /dev/null +++ b/sys_files/usr/lib/dracut/dracut.conf.d/10-compression.conf @@ -0,0 +1 @@ +compress="zstd" From f99e5cb021994a194e8ac03545b6de382065968b Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Tue, 2 Jul 2024 13:33:21 -0500 Subject: [PATCH 13/51] chore: update cosign public key (#601) --- cosign.pub | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cosign.pub b/cosign.pub index f9482c42..bd5b1927 100644 --- a/cosign.pub +++ b/cosign.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA -cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHLRpBfPRYiMl9wb7s6fx47PzzNWu +3zyJgXhWEvxoOgwv9CpwjbvUwR9qHxNMWkJhuGE6cjDA2hpy1I6NbA+24Q== -----END PUBLIC KEY----- From a7af108a27d454cc699fb0ee955892ded65a8506 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 12 Jul 2024 17:44:41 -0400 Subject: [PATCH 14/51] feat: use cached kernel (#605) --- .github/workflows/reusable-build.yml | 56 +++++++++++++++++----------- Containerfile | 10 +++-- install.sh | 29 +++++++++++--- 3 files changed, 66 insertions(+), 29 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 93bb9913..0926c250 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -3,7 +3,7 @@ on: workflow_call: inputs: fedora_version: - description: 'The Fedora release version: 39, 40, 41 etc' + description: "The Fedora release version: 39, 40, 41 etc" required: true type: string env: @@ -141,8 +141,27 @@ jobs: echo "inspected image version must not be empty or null" exit 1 fi + linux=$(skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/main-kernel:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]') + AKMODS_KERNEL_VERSION=$(skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/akmods:main-${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]') + if [[ "${linux}" != "${AKMODS_KERNEL_VERSION}" ]]; then + echo "Kernel Versions do not match between AKMODS and Cached-Kernel." + exit 1 + fi + echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV + - name: Pull Images + uses: Wandalen/wretry.action@v3.5.0 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + # pull the base image used for FROM in containerfile so + # we can retry on that unfortunately common failure case + podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} + podman pull ${{ env.IMAGE_REGISTRY }}/akmods:main-${{ matrix.fedora_version }} + podman pull ghcr.io/ublue-os/main-kernel:${{ env.KERNEL_VERSION }} + # Generate image metadata - name: Image Metadata uses: docker/metadata-action@v5 @@ -154,19 +173,10 @@ jobs: org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.version=${{ env.SOURCE_IMAGE_VERSION }} org.opencontainers.image.description=A base Universal Blue ${{ matrix.image_name }} image with batteries included + ostree.linux=${{ env.KERNEL_VERSION }} io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - name: Pull base image - uses: Wandalen/wretry.action@v3.5.0 - with: - attempt_limit: 3 - attempt_delay: 15000 - command: | - # pull the base image used for FROM in containerfile so - # we can retry on that unfortunately common failure case - podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} - # Build image using Buildah action - name: Build Image id: build_image @@ -183,19 +193,23 @@ jobs: SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }} RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }} + KERNEL_VERSION=${{ env.KERNEL_VERSION }} labels: ${{ steps.meta.outputs.labels }} oci: false - - name: Sign kernel - uses: ublue-os/kernel-signer@v0.2.3 - if: github.event_name != 'pull_request' - with: - image: ${{ steps.build_image.outputs.image }} - default-tag: ${{ env.DEFAULT_TAG }} - privkey: ${{ secrets.AKMOD_PRIVKEY_20230518 }} - pubkey: /etc/pki/akmods/certs/akmods-ublue.der - tags: ${{ steps.build_image.outputs.tags }} - strip: false + # - name: Secureboot Signature Confirmation + # id: secureboot_confirm + # shell: bash + # run: | + # sudo apt-get update && sudo apt-get install -y sbsigntool curl openssl + # curl -Lo /tmp/kernel-signing.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + # curl -Lo /tmp/akmods-signing.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + # openssl x509 -in /tmp/kernel-signing.der -out /tmp/kernel-signing.crt + # openssl x509 -in /tmp/akmods-signing.der -out /tmp/akmods-signing.crt + # /usr/bin/podman run --rm --entrypoint /bin/bash "${{ steps.build_image.outputs.image }}":"$(echo '${{ steps.build_image.outputs.tags }}' | cut -d ' ' -f 1)" -c "cat /usr/lib/modules/*/vmlinuz" > /tmp/extracted-kernel + # sbverify --list /tmp/extracted-kernel + # sbverify --cert /tmp/kernel-signing.crt /tmp/extracted-kernel || exit 1 + # sbverify --cert /tmp/akmods-signing.crt /tmp/extracted-kernel || exit 1 # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 diff --git a/Containerfile b/Containerfile index 7415437f..98e36283 100644 --- a/Containerfile +++ b/Containerfile @@ -3,15 +3,18 @@ ARG SOURCE_IMAGE="${SOURCE_IMAGE:-silverblue}" ARG SOURCE_ORG="${SOURCE_ORG:-fedora-ostree-desktops}" ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" +ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" -FROM ghcr.io/ublue-os/config:latest as config -FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} as akmods +FROM ghcr.io/ublue-os/config:latest AS config +FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods +FROM ghcr.io/ublue-os/main-kernel:${KERNEL_VERSION} AS kernel FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -ARG RPMFUSION_MIRROR="" +ARG RPMFUSION_MIRROR="${:-}" +ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" COPY github-release-install.sh \ install.sh \ @@ -22,6 +25,7 @@ COPY github-release-install.sh \ COPY --from=config /rpms /tmp/rpms COPY --from=akmods /rpms/ublue-os /tmp/rpms +COPY --from=kernel /tmp/rpms /tmp/kernel-rpms COPY sys_files/usr /usr RUN mkdir -p /var/lib/alternatives && \ diff --git a/install.sh b/install.sh index e8100af4..3cff5312 100755 --- a/install.sh +++ b/install.sh @@ -1,24 +1,43 @@ -#!/bin/sh +#!/usr/bin/bash set -ouex pipefail RELEASE="$(rpm -E %fedora)" +KERNEL_SUFFIX="" +QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')" RPMFUSION_MIRROR_RPMS="https://mirrors.rpmfusion.org" if [ -n "${RPMFUSION_MIRROR}" ]; then RPMFUSION_MIRROR_RPMS=${RPMFUSION_MIRROR} fi -curl -Lo /tmp/rpms/rpmfusion-free-release-${RELEASE}.noarch.rpm ${RPMFUSION_MIRROR_RPMS}/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm -curl -Lo /tmp/rpms/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm ${RPMFUSION_MIRROR_RPMS}/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm +curl -Lo /tmp/rpms/rpmfusion-free-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/free/fedora/rpmfusion-free-release-"${RELEASE}".noarch.rpm +curl -Lo /tmp/rpms/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/nonfree/fedora/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm -curl -Lo /etc/yum.repos.d/_copr_ublue-os_staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-${RELEASE}/ublue-os-staging-fedora-${RELEASE}.repo -curl -Lo /etc/yum.repos.d/_copr_kylegospo_oversteer.repo https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-${RELEASE}/kylegospo-oversteer-fedora-${RELEASE}.repo +curl -Lo /etc/yum.repos.d/_copr_ublue-os_staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${RELEASE}"/ublue-os-staging-fedora-"${RELEASE}".repo +curl -Lo /etc/yum.repos.d/_copr_kylegospo_oversteer.repo https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-"${RELEASE}"/kylegospo-oversteer-fedora-"${RELEASE}".repo rpm-ostree install \ /tmp/rpms/*.rpm \ fedora-repos-archive +# Handle Kernel Skew with override replace +rpm-ostree cliwrap install-to-root / +if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then + echo "Installing signed kernel from kernel-cache." + cd /tmp/kernel-rpms + rpm2cpio /tmp/kernel-rpms/kernel-core-*.rpm | cpio -idmv + cp ./lib/modules/*/vmlinuz /usr/lib/modules/*/vmlinuz + cd / +else + echo "Install kernel version ${KERNEL_VERSION} from kernel-cache." + rpm-ostree override replace \ + --experimental \ + /tmp/kernel-rpms/kernel-[0-9]*.rpm \ + /tmp/kernel-rpms/kernel-core-*.rpm \ + /tmp/kernel-rpms/kernel-modules-*.rpm +fi + if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then # note: this is done before single mirror hack to ensure this persists in image and is not reset echo "Enable rpmfusion-(non)free-updates-testing with low priority for Fedora ${FEDORA_MAJOR_VERSION}" From ccd127927b34b0235569a2b27076e106d11e88d7 Mon Sep 17 00:00:00 2001 From: Marcel Sackermann <4560028+m0gg@users.noreply.github.com> Date: Sat, 13 Jul 2024 04:27:34 +0200 Subject: [PATCH 15/51] docs: fix link to contribution guide in PR template (#603) --- .github/pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 2018f211..fc8f96dc 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,3 +1,3 @@ ## Thank you for contributing to the Universal Blue project! -Please [read the Contributor's Guide](https://universal-blue.org/CONTRIBUTING/) before submitting a pull request. +Please [read the Contributor's Guide](https://universal-blue.org/contributing.html) before submitting a pull request. From 85d2bd8333851b4d6797f385e813d630643c16b4 Mon Sep 17 00:00:00 2001 From: Marcel Sackermann <4560028+m0gg@users.noreply.github.com> Date: Thu, 18 Jul 2024 05:00:44 +0200 Subject: [PATCH 16/51] feat: Improve Containerfile / enable workflow usage of containerized buildah (tag: v1) (#604) --- .github/workflows/reusable-build.yml | 33 +++++++++++++++ Containerfile | 63 +++++++++++++++------------- github-release-install.sh | 3 ++ install.sh | 35 +++++++--------- packages.sh | 13 +++--- post-install.sh | 2 +- 6 files changed, 94 insertions(+), 55 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 0926c250..a40aaae8 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -177,6 +177,39 @@ jobs: io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 + # buildah on ubuntu-22.04 builder is pretty dated and the version on + # ubuntu-24.04 misbehaves when using heredocs in Containerfiles + # (as of 2024-07-12) + # this wrapper script mimics toolbx/distrobox behaviour for buildah which + # is invoked by redhat-actions/buildah-build@v2 + - name: Install wrapper script for containerized buildah + id: fix-gh-buildah + shell: bash + run: | + cat > /usr/local/bin/buildah <<'EOF' + #!/bin/sh + set -eux + + # get local graphroot at runtime + GRAPH_ROOT="$(/usr/bin/buildah info | jq -r '.store.GraphRoot')" + + exec podman run --rm \ + --privileged \ + --net=host \ + --cgroups=disabled \ + --runtime=crun \ + --runtime-flag=cgroup-manager=disabled \ + --security-opt=label=disable \ + --security-opt=seccomp=unconfined \ + --device=/dev/fuse:rw \ + -v /home/runner:/home/runner \ + -v "$GRAPH_ROOT":/var/lib/containers/storage \ + -v "$(pwd):"/builder \ + -w /builder \ + quay.io/buildah/stable:v1 buildah "$@" + EOF + chmod +x /usr/local/bin/buildah + # Build image using Buildah action - name: Build Image id: build_image diff --git a/Containerfile b/Containerfile index 98e36283..9c5089ce 100644 --- a/Containerfile +++ b/Containerfile @@ -1,39 +1,44 @@ -ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" -ARG SOURCE_IMAGE="${SOURCE_IMAGE:-silverblue}" -ARG SOURCE_ORG="${SOURCE_ORG:-fedora-ostree-desktops}" +ARG IMAGE_NAME=silverblue +ARG SOURCE_IMAGE=silverblue +ARG SOURCE_ORG=fedora-ostree-desktops ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" +ARG FEDORA_MAJOR_VERSION=40 +ARG KERNEL_VERSION=6.9.7-200.fc40.x86_64 + +# workaround for selinux denying direct access to mounted buildcontext +FROM scratch AS ctx +COPY / / FROM ghcr.io/ublue-os/config:latest AS config FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods FROM ghcr.io/ublue-os/main-kernel:${KERNEL_VERSION} AS kernel - FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} -ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -ARG RPMFUSION_MIRROR="${:-}" -ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" - -COPY github-release-install.sh \ - install.sh \ - post-install.sh \ - packages.sh \ - packages.json \ - /tmp/ +ARG IMAGE_NAME=silverblue +ARG FEDORA_MAJOR_VERSION=40 +ARG RPMFUSION_MIRROR= +ARG KERNEL_VERSION=6.9.7-200.fc40.x86_64 -COPY --from=config /rpms /tmp/rpms -COPY --from=akmods /rpms/ublue-os /tmp/rpms -COPY --from=kernel /tmp/rpms /tmp/kernel-rpms COPY sys_files/usr /usr -RUN mkdir -p /var/lib/alternatives && \ - /tmp/install.sh && \ - /tmp/post-install.sh && \ - mv /var/lib/alternatives /staged-alternatives && \ - rm -rf /tmp/* /var/* && \ - ostree container commit && \ - mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ - mkdir -p /tmp /var/tmp && \ - chmod -R 1777 /tmp /var/tmp +RUN --mount=type=bind,from=ctx,source=/,target=/buildcontext \ + --mount=type=bind,from=config,source=/rpms,target=/rpms/config \ + --mount=type=bind,from=akmods,source=/rpms,target=/rpms/akmods \ + --mount=type=bind,from=kernel,source=/tmp/rpms,target=/rpms/kernel \ + < Date: Fri, 19 Jul 2024 15:55:10 -0400 Subject: [PATCH 17/51] Revert "feat: Improve Containerfile / enable workflow usage of containerized buildah (tag: v1)" (#610) --- .github/workflows/reusable-build.yml | 33 --------------- Containerfile | 63 +++++++++++++--------------- github-release-install.sh | 3 -- install.sh | 35 +++++++++------- packages.sh | 13 +++--- post-install.sh | 2 +- 6 files changed, 55 insertions(+), 94 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index a40aaae8..0926c250 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -177,39 +177,6 @@ jobs: io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - # buildah on ubuntu-22.04 builder is pretty dated and the version on - # ubuntu-24.04 misbehaves when using heredocs in Containerfiles - # (as of 2024-07-12) - # this wrapper script mimics toolbx/distrobox behaviour for buildah which - # is invoked by redhat-actions/buildah-build@v2 - - name: Install wrapper script for containerized buildah - id: fix-gh-buildah - shell: bash - run: | - cat > /usr/local/bin/buildah <<'EOF' - #!/bin/sh - set -eux - - # get local graphroot at runtime - GRAPH_ROOT="$(/usr/bin/buildah info | jq -r '.store.GraphRoot')" - - exec podman run --rm \ - --privileged \ - --net=host \ - --cgroups=disabled \ - --runtime=crun \ - --runtime-flag=cgroup-manager=disabled \ - --security-opt=label=disable \ - --security-opt=seccomp=unconfined \ - --device=/dev/fuse:rw \ - -v /home/runner:/home/runner \ - -v "$GRAPH_ROOT":/var/lib/containers/storage \ - -v "$(pwd):"/builder \ - -w /builder \ - quay.io/buildah/stable:v1 buildah "$@" - EOF - chmod +x /usr/local/bin/buildah - # Build image using Buildah action - name: Build Image id: build_image diff --git a/Containerfile b/Containerfile index 9c5089ce..98e36283 100644 --- a/Containerfile +++ b/Containerfile @@ -1,44 +1,39 @@ -ARG IMAGE_NAME=silverblue -ARG SOURCE_IMAGE=silverblue -ARG SOURCE_ORG=fedora-ostree-desktops +ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" +ARG SOURCE_IMAGE="${SOURCE_IMAGE:-silverblue}" +ARG SOURCE_ORG="${SOURCE_ORG:-fedora-ostree-desktops}" ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}" -ARG FEDORA_MAJOR_VERSION=40 -ARG KERNEL_VERSION=6.9.7-200.fc40.x86_64 - -# workaround for selinux denying direct access to mounted buildcontext -FROM scratch AS ctx -COPY / / +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" +ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" FROM ghcr.io/ublue-os/config:latest AS config FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods FROM ghcr.io/ublue-os/main-kernel:${KERNEL_VERSION} AS kernel + FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} -ARG IMAGE_NAME=silverblue -ARG FEDORA_MAJOR_VERSION=40 -ARG RPMFUSION_MIRROR= -ARG KERNEL_VERSION=6.9.7-200.fc40.x86_64 +ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" +ARG RPMFUSION_MIRROR="${:-}" +ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" -COPY sys_files/usr /usr +COPY github-release-install.sh \ + install.sh \ + post-install.sh \ + packages.sh \ + packages.json \ + /tmp/ -RUN --mount=type=bind,from=ctx,source=/,target=/buildcontext \ - --mount=type=bind,from=config,source=/rpms,target=/rpms/config \ - --mount=type=bind,from=akmods,source=/rpms,target=/rpms/akmods \ - --mount=type=bind,from=kernel,source=/tmp/rpms,target=/rpms/kernel \ - < Date: Fri, 19 Jul 2024 16:05:30 -0400 Subject: [PATCH 18/51] chore(ci): Ensure image has signed kernels (#611) Failures are currently expected. This PR protects us from building images with unsigned kernels. We need this merged so we can safely get the signing issue fixed. --- .github/workflows/reusable-build.yml | 31 ++++++++++++++++------------ 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 0926c250..93c23388 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -197,19 +197,24 @@ jobs: labels: ${{ steps.meta.outputs.labels }} oci: false - # - name: Secureboot Signature Confirmation - # id: secureboot_confirm - # shell: bash - # run: | - # sudo apt-get update && sudo apt-get install -y sbsigntool curl openssl - # curl -Lo /tmp/kernel-signing.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der - # curl -Lo /tmp/akmods-signing.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der - # openssl x509 -in /tmp/kernel-signing.der -out /tmp/kernel-signing.crt - # openssl x509 -in /tmp/akmods-signing.der -out /tmp/akmods-signing.crt - # /usr/bin/podman run --rm --entrypoint /bin/bash "${{ steps.build_image.outputs.image }}":"$(echo '${{ steps.build_image.outputs.tags }}' | cut -d ' ' -f 1)" -c "cat /usr/lib/modules/*/vmlinuz" > /tmp/extracted-kernel - # sbverify --list /tmp/extracted-kernel - # sbverify --cert /tmp/kernel-signing.crt /tmp/extracted-kernel || exit 1 - # sbverify --cert /tmp/akmods-signing.crt /tmp/extracted-kernel || exit 1 + - name: Check Secureboot + shell: bash + run: | + set -x + if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then + sudo apt update + sudo apt install sbsigntool curl openssl + fi + podman run -d --rm --name ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) "${{ env.IMAGE_NAME }}":$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) sleep 1000 + podman cp ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1):/usr/lib/modules/${{ env.KERNEL_VERSION }}/vmlinuz . + podman rm -f ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) + sbverify --list vmlinuz + curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + openssl x509 -in kernel-sign.der -out kernel-sign.crt + openssl x509 -in akmods.der -out akmods.crt + sbverify --cert kernel-sign.crt vmlinuz || exit 1 + sbverify --cert akmods.crt vmlinuz || exit 1 # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 From 90faeb3eb1e11e3a61824edfa113c01f02c61617 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 21 Jul 2024 13:04:26 -0400 Subject: [PATCH 19/51] chore(ci): Reduce copy layers (#612) Signed-off-by: m2Giles <69128853+m2Giles@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 2 +- Containerfile | 30 +++++++++++++--------------- cleanup.sh | 8 ++++++++ initramfs.sh | 7 +++++++ install.sh | 18 ++++++++++++----- packages.sh | 6 +++--- post-install.sh | 2 +- 7 files changed, 47 insertions(+), 26 deletions(-) create mode 100755 cleanup.sh create mode 100755 initramfs.sh diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 93c23388..86089a68 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -16,7 +16,7 @@ concurrency: jobs: build_ublue: name: main - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/Containerfile b/Containerfile index 98e36283..73ea353c 100644 --- a/Containerfile +++ b/Containerfile @@ -9,6 +9,9 @@ FROM ghcr.io/ublue-os/config:latest AS config FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods FROM ghcr.io/ublue-os/main-kernel:${KERNEL_VERSION} AS kernel +FROM scratch AS ctx +COPY / / + FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" @@ -16,24 +19,19 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG RPMFUSION_MIRROR="${:-}" ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" -COPY github-release-install.sh \ - install.sh \ - post-install.sh \ - packages.sh \ - packages.json \ - /tmp/ - -COPY --from=config /rpms /tmp/rpms -COPY --from=akmods /rpms/ublue-os /tmp/rpms -COPY --from=kernel /tmp/rpms /tmp/kernel-rpms COPY sys_files/usr /usr -RUN mkdir -p /var/lib/alternatives && \ - /tmp/install.sh && \ - /tmp/post-install.sh && \ +RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ + --mount=type=bind,from=ctx,src=/,dst=/ctx \ + --mount=type=bind,from=config,src=/rpms,dst=/tmp/rpms \ + --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \ + --mount=type=bind,from=kernel,src=/tmp/rpms,dst=/tmp/kernel-rpms \ + mkdir -p /var/lib/alternatives && \ + /ctx/install.sh && \ + /ctx/post-install.sh && \ mv /var/lib/alternatives /staged-alternatives && \ - rm -rf /tmp/* /var/* && \ + /ctx/cleanup.sh && \ ostree container commit && \ mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ - mkdir -p /tmp /var/tmp && \ - chmod -R 1777 /tmp /var/tmp + mkdir -p /var/tmp && \ + chmod -R 1777 /var/tmp diff --git a/cleanup.sh b/cleanup.sh new file mode 100755 index 00000000..064dd0b4 --- /dev/null +++ b/cleanup.sh @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +set -eoux pipefail +shopt -s extglob + +rm -rf /tmp/* || true +rm -rf /var/!(cache) +rm -rf /var/cache/!(rpm-ostree) diff --git a/initramfs.sh b/initramfs.sh new file mode 100755 index 00000000..f1941f0b --- /dev/null +++ b/initramfs.sh @@ -0,0 +1,7 @@ +#!/usr/bin/bash + +set -eoux pipefail + +QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(\d+\.\d+\.\d+)' | sed -E 's/kernel-//')" +/usr/libexec/rpm-ostree/wrapped/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" +chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" diff --git a/install.sh b/install.sh index 3cff5312..101d9ea0 100755 --- a/install.sh +++ b/install.sh @@ -11,21 +11,24 @@ if [ -n "${RPMFUSION_MIRROR}" ]; then RPMFUSION_MIRROR_RPMS=${RPMFUSION_MIRROR} fi -curl -Lo /tmp/rpms/rpmfusion-free-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/free/fedora/rpmfusion-free-release-"${RELEASE}".noarch.rpm -curl -Lo /tmp/rpms/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/nonfree/fedora/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm +mkdir -p /tmp/rpm-repos +curl -Lo /tmp/rpm-repos/rpmfusion-free-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/free/fedora/rpmfusion-free-release-"${RELEASE}".noarch.rpm +curl -Lo /tmp/rpm-repos/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/nonfree/fedora/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm curl -Lo /etc/yum.repos.d/_copr_ublue-os_staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${RELEASE}"/ublue-os-staging-fedora-"${RELEASE}".repo curl -Lo /etc/yum.repos.d/_copr_kylegospo_oversteer.repo https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-"${RELEASE}"/kylegospo-oversteer-fedora-"${RELEASE}".repo rpm-ostree install \ /tmp/rpms/*.rpm \ + /tmp/rpm-repos/*.rpm \ + /tmp/akmods-rpms/*.rpm \ fedora-repos-archive # Handle Kernel Skew with override replace rpm-ostree cliwrap install-to-root / if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then echo "Installing signed kernel from kernel-cache." - cd /tmp/kernel-rpms + cd /tmp rpm2cpio /tmp/kernel-rpms/kernel-core-*.rpm | cpio -idmv cp ./lib/modules/*/vmlinuz /usr/lib/modules/*/vmlinuz cd / @@ -33,6 +36,7 @@ else echo "Install kernel version ${KERNEL_VERSION} from kernel-cache." rpm-ostree override replace \ --experimental \ + --install=zstd \ /tmp/kernel-rpms/kernel-[0-9]*.rpm \ /tmp/kernel-rpms/kernel-core-*.rpm \ /tmp/kernel-rpms/kernel-modules-*.rpm @@ -59,10 +63,14 @@ if [ -n "${RPMFUSION_MIRROR}" ]; then fi # run common packages script -/tmp/packages.sh +/ctx/packages.sh ## install packages direct from github -/tmp/github-release-install.sh sigstore/cosign x86_64 +/ctx/github-release-install.sh sigstore/cosign x86_64 + +if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then + /ctx/initramfs.sh +fi if [ -n "${RPMFUSION_MIRROR}" ]; then # reset forced use of single rpmfusion mirror diff --git a/packages.sh b/packages.sh index 0c444c38..7194562f 100755 --- a/packages.sh +++ b/packages.sh @@ -7,12 +7,12 @@ RELEASE="$(rpm -E %fedora)" # build list of all packages requested for inclusion INCLUDED_PACKAGES=($(jq -r "[(.all.include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/packages.json)) + | sort | unique[]" /ctx/packages.json)) # build list of all packages requested for exclusion EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/packages.json)) + | sort | unique[]" /ctx/packages.json)) # ensure exclusion list only contains packages already present on image @@ -40,7 +40,7 @@ fi # (this can happen if an included package pulls in a dependency) EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/packages.json)) + | sort | unique[]" /ctx/packages.json)) if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]})) diff --git a/post-install.sh b/post-install.sh index 53d69526..7adc2743 100755 --- a/post-install.sh +++ b/post-install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -ouex pipefail From 3b629bbfa04e766b82c452d8fcf2e222a451717c Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Mon, 29 Jul 2024 14:57:41 -0400 Subject: [PATCH 20/51] feat: add fprint and libcamera (#616) --- packages.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages.json b/packages.json index aae38f64..78b01847 100644 --- a/packages.json +++ b/packages.json @@ -22,11 +22,15 @@ "intel-media-driver", "just", "kernel-tools", + "libcamera", + "libcamera-tools", + "libcamera-gstreamer", + "libcamera-ipa", "libheif-freeworld", "libheif-tools", "libratbag-ratbagd", "libva-intel-driver", - "libva-utils", + "libva-utils", "lshw", "mesa-va-drivers-freeworld.x86_64", "net-tools", @@ -39,6 +43,7 @@ "pam_yubico", "pamu2fcfg", "pipewire-codec-aptx", + "pipewire-plugin-libcamera", "powerstat", "smartmontools", "solaar-udev", From 3107f29c9abce745648c1236e8fd5f6e2e7f9739 Mon Sep 17 00:00:00 2001 From: Marcel Sackermann <4560028+m0gg@users.noreply.github.com> Date: Wed, 31 Jul 2024 22:00:18 +0200 Subject: [PATCH 21/51] feat(ci): honor `IMAGE_REGISTRY` in Containerfile (#607) --- .github/workflows/reusable-build.yml | 3 ++- Containerfile | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 86089a68..54dd018a 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -160,7 +160,7 @@ jobs: # we can retry on that unfortunately common failure case podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} podman pull ${{ env.IMAGE_REGISTRY }}/akmods:main-${{ matrix.fedora_version }} - podman pull ghcr.io/ublue-os/main-kernel:${{ env.KERNEL_VERSION }} + podman pull ${{ env.IMAGE_REGISTRY }}/main-kernel:${{ env.KERNEL_VERSION }} # Generate image metadata - name: Image Metadata @@ -194,6 +194,7 @@ jobs: FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }} RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }} KERNEL_VERSION=${{ env.KERNEL_VERSION }} + IMAGE_REGISTRY=${{ env.IMAGE_REGISTRY }} labels: ${{ steps.meta.outputs.labels }} oci: false diff --git a/Containerfile b/Containerfile index 73ea353c..a15bb0c6 100644 --- a/Containerfile +++ b/Containerfile @@ -4,10 +4,11 @@ ARG SOURCE_ORG="${SOURCE_ORG:-fedora-ostree-desktops}" ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" +ARG IMAGE_REGISTRY=ghcr.io/ublue-os -FROM ghcr.io/ublue-os/config:latest AS config -FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods -FROM ghcr.io/ublue-os/main-kernel:${KERNEL_VERSION} AS kernel +FROM ${IMAGE_REGISTRY}/config:latest AS config +FROM ${IMAGE_REGISTRY}/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods +FROM ${IMAGE_REGISTRY}/main-kernel:${KERNEL_VERSION} AS kernel FROM scratch AS ctx COPY / / From f2e005523f981dc08166e3eec1b2ba6ff16024fd Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Thu, 8 Aug 2024 10:01:59 -0400 Subject: [PATCH 22/51] feat: create emeritus.md (#621) --- emeritus.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 emeritus.md diff --git a/emeritus.md b/emeritus.md new file mode 100644 index 00000000..2aa1e9f8 --- /dev/null +++ b/emeritus.md @@ -0,0 +1,11 @@ +# Note: This should just be part of CODEOWNERS but we're too lazy to implement that, someone send a PR. + +# Universal Blue Contributors Emeritus + +Universal Blue strives for sustainability. As such it is expected for people to dip in and out of membership. + +The following contributors have become legend, forever enshrined as masters of automation: + +- [@bigpod98](https://github.com/bigpod98) +- [@bobslept](https://github.com/bobslept) +- [@akdev1l](https://github.com/akdevl1) From 12981252b81966813927744ae5f39ef6ceb53283 Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Thu, 8 Aug 2024 09:17:34 -0700 Subject: [PATCH 23/51] feat: Stop supporting chsh (#624) --- Containerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containerfile b/Containerfile index a15bb0c6..729b50e7 100644 --- a/Containerfile +++ b/Containerfile @@ -27,6 +27,7 @@ RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ --mount=type=bind,from=config,src=/rpms,dst=/tmp/rpms \ --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \ --mount=type=bind,from=kernel,src=/tmp/rpms,dst=/tmp/kernel-rpms \ + rm -f /usr/bin/chsh && \ mkdir -p /var/lib/alternatives && \ /ctx/install.sh && \ /ctx/post-install.sh && \ From e9c64192140b1e09d6d3b964597ed82f213546ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Aug 2024 19:36:47 -0400 Subject: [PATCH 24/51] chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#628) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 54dd018a..3e753e9b 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -254,7 +254,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} # Sign container - - uses: sigstore/cosign-installer@v3.5.0 + - uses: sigstore/cosign-installer@v3.6.0 if: github.event_name != 'pull_request' - name: Sign container image From 8b9725b2caa79f1484dfaf2a83a60b2ccc1b03fa Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Tue, 20 Aug 2024 10:49:58 -0700 Subject: [PATCH 25/51] fix: Include fuse package for AppImage support (#631) --- packages.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages.json b/packages.json index 78b01847..b089fd94 100644 --- a/packages.json +++ b/packages.json @@ -11,6 +11,7 @@ "ffmpeg-libs", "ffmpegthumbnailer", "flatpak-spawn", + "fuse", "fzf", "google-noto-sans-balinese-fonts", "google-noto-sans-cjk-fonts", From 7d01b9670091a301ecfbf094cdb250f4f14400f3 Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Sun, 25 Aug 2024 01:56:39 -0400 Subject: [PATCH 26/51] feat: add yubikey-manager (#630) --- packages.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages.json b/packages.json index b089fd94..531f9004 100644 --- a/packages.json +++ b/packages.json @@ -55,6 +55,7 @@ "traceroute", "vim", "wireguard-tools", + "yubikey-manager", "zstd" ], "silverblue": [ From 2a376609a5bd3227a982952bd173dc2f767c7d1e Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Wed, 28 Aug 2024 10:07:24 -0700 Subject: [PATCH 27/51] fix: Correct rpm-ostree issue that prevents rollbacks (#635) --- install.sh | 10 ++++++++++ packages.json | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index 101d9ea0..1ffd8170 100755 --- a/install.sh +++ b/install.sh @@ -48,6 +48,16 @@ if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then sed -i '0,/enabled=0/{s/enabled=0/enabled=1\npriority=110/}' /etc/yum.repos.d/rpmfusion-*-updates-testing.repo fi +# Temporary fix for an upstream issue +# https://github.com/coreos/rpm-ostree/issues/5048 +if [[ "${FEDORA_MAJOR_VERSION}" -eq 40 ]]; then + rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ + rpm-ostree \ + rpm-ostree-libs +fi + # after F41 launches, bump to 42 if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then # note: this is done before single mirror hack to ensure this persists in image and is not reset diff --git a/packages.json b/packages.json index 531f9004..6f0b108a 100644 --- a/packages.json +++ b/packages.json @@ -44,18 +44,18 @@ "pam_yubico", "pamu2fcfg", "pipewire-codec-aptx", - "pipewire-plugin-libcamera", + "pipewire-plugin-libcamera", "powerstat", "smartmontools", "solaar-udev", - "squashfs-tools", + "squashfs-tools", "symlinks", "tcpdump", "tmux", "traceroute", "vim", "wireguard-tools", - "yubikey-manager", + "yubikey-manager", "zstd" ], "silverblue": [ From 2e5e007a3310df664822a47b4689f629786c81d7 Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Sun, 15 Sep 2024 18:24:01 -0700 Subject: [PATCH 28/51] feat: Remove lchsh (#637) --- Containerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containerfile b/Containerfile index 729b50e7..8774ebb7 100644 --- a/Containerfile +++ b/Containerfile @@ -28,6 +28,7 @@ RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \ --mount=type=bind,from=kernel,src=/tmp/rpms,dst=/tmp/kernel-rpms \ rm -f /usr/bin/chsh && \ + rm -f /usr/bin/lchsh && \ mkdir -p /var/lib/alternatives && \ /ctx/install.sh && \ /ctx/post-install.sh && \ From 39bd13db95a317080c06f4ca7813b2a8c24f72ee Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Wed, 18 Sep 2024 19:54:58 -0700 Subject: [PATCH 29/51] fix: remove mate images (#639) --- .github/workflows/reusable-build.yml | 5 -- packages.json | 95 ---------------------------- 2 files changed, 100 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 3e753e9b..a03925ae 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -33,12 +33,7 @@ jobs: - onyx - base - lazurite - - mate - vauxite - exclude: - # There is currently no Fedora 40 version of mate - - image_name: mate - fedora_version: 40 steps: # Checkout push-to-registry action GitHub repository diff --git a/packages.json b/packages.json index 6f0b108a..d3d63b7f 100644 --- a/packages.json +++ b/packages.json @@ -71,101 +71,6 @@ "kio-admin", "ksshaskpass" ], - "mate": [ - "NetworkManager-adsl", - "NetworkManager-openconnect-gnome", - "NetworkManager-openvpn-gnome", - "NetworkManager-ppp", - "NetworkManager-pptp-gnome", - "NetworkManager-ssh-gnome", - "NetworkManager-vpnc-gnome", - "NetworkManager-wwan", - "atril", - "atril-caja", - "atril-thumbnailer", - "blueman", - "caja", - "caja-actions", - "caja-image-converter", - "caja-open-terminal", - "caja-sendto", - "caja-wallpaper", - "caja-xattr-tags", - "dconf-editor", - "engrampa", - "eom", - "fedora-release-matecompiz", - "firefox", - "firewall-config", - "gnome-epub-thumbnailer", - "gnome-themes-extra", - "gstreamer1-plugins-ugly-free", - "gtk2-engines", - "gucharmap", - "gvfs-afc", - "gvfs-afp", - "gvfs-archive", - "gvfs-fuse", - "gvfs-gphoto2", - "gvfs-mtp", - "gvfs-nfs", - "gvfs-smb", - "initial-setup-gui", - "libmatekbd", - "libmatemixer", - "libmateweather", - "libsecret", - "lightdm", - "lm_sensors", - "marco", - "mate-applets", - "mate-backgrounds", - "mate-calc", - "mate-control-center", - "mate-desktop-configs", - "mate-dictionary", - "mate-disk-usage-analyzer", - "mate-icon-theme", - "mate-media", - "mate-menus", - "mate-menus-preferences-category-menu", - "mate-notification-daemon", - "mate-panel", - "mate-polkit", - "mate-power-manager", - "mate-screensaver", - "mate-screenshot", - "mate-search-tool", - "mate-session-manager", - "mate-settings-daemon", - "mate-system-log", - "mate-system-monitor", - "mate-terminal", - "mate-themes", - "mate-user-admin", - "mate-user-guide", - "mozo", - "network-manager-applet", - "nm-connection-editor", - "orca", - "parole", - "pavucontrol", - "pipewire-alsa", - "pipewire-pulseaudio", - "pluma", - "seahorse", - "seahorse-caja", - "setroubleshoot", - "slick-greeter-mate", - "system-config-language", - "system-config-printer", - "system-config-printer-applet", - "usermode-gtk", - "xdg-desktop-portal-gtk", - "xdg-user-dirs-gtk", - "xmodmap", - "xrdb" - ], "sericea": [ "clipman", "gvfs-mtp", From da4f78fc304f33f0dcb87086e056dfb8ecd7a69d Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Sun, 22 Sep 2024 12:07:37 -0700 Subject: [PATCH 30/51] fix: Remove no longer needed rpm-ostree override (#640) --- install.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/install.sh b/install.sh index 1ffd8170..101d9ea0 100755 --- a/install.sh +++ b/install.sh @@ -48,16 +48,6 @@ if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then sed -i '0,/enabled=0/{s/enabled=0/enabled=1\npriority=110/}' /etc/yum.repos.d/rpmfusion-*-updates-testing.repo fi -# Temporary fix for an upstream issue -# https://github.com/coreos/rpm-ostree/issues/5048 -if [[ "${FEDORA_MAJOR_VERSION}" -eq 40 ]]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - rpm-ostree \ - rpm-ostree-libs -fi - # after F41 launches, bump to 42 if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then # note: this is done before single mirror hack to ensure this persists in image and is not reset From 77e26e6e553a1e2466b2cd9d7faecd3d637d5116 Mon Sep 17 00:00:00 2001 From: scarf Date: Sun, 29 Sep 2024 02:30:37 +0900 Subject: [PATCH 31/51] feat: add `wl-clipboard` to all images (#641) --- packages.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages.json b/packages.json index d3d63b7f..aa9c238d 100644 --- a/packages.json +++ b/packages.json @@ -55,6 +55,7 @@ "traceroute", "vim", "wireguard-tools", + "wl-clipboard", "yubikey-manager", "zstd" ], From adf15831b1ff1066c9622f5af19fd3ae3f720ad6 Mon Sep 17 00:00:00 2001 From: scarf Date: Sun, 29 Sep 2024 03:51:33 +0900 Subject: [PATCH 32/51] style: remove trailing spaces (#642) --- packages.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages.json b/packages.json index aa9c238d..f9406108 100644 --- a/packages.json +++ b/packages.json @@ -31,7 +31,7 @@ "libheif-tools", "libratbag-ratbagd", "libva-intel-driver", - "libva-utils", + "libva-utils", "lshw", "mesa-va-drivers-freeworld.x86_64", "net-tools", @@ -127,7 +127,7 @@ "all": [], "kinoite": [ "kf6-kimageformats", - "qt6-qtimageformats" + "qt6-qtimageformats" ] }, "exclude": { From 3dd8884f8de176fb3fe53e5f96e85c176f94c56a Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sat, 5 Oct 2024 18:50:02 -0500 Subject: [PATCH 33/51] feat: use negativo17 in lieu of rpmfusion (#636) --- .github/workflows/reusable-build.yml | 1 - Containerfile | 1 - install.sh | 54 +++++++++++----------------- packages.json | 18 +++++----- 4 files changed, 30 insertions(+), 44 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index a03925ae..b151443a 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -187,7 +187,6 @@ jobs: SOURCE_ORG=${{ env.SOURCE_ORG }} SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }} - RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }} KERNEL_VERSION=${{ env.KERNEL_VERSION }} IMAGE_REGISTRY=${{ env.IMAGE_REGISTRY }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Containerfile b/Containerfile index 8774ebb7..681dd3f3 100644 --- a/Containerfile +++ b/Containerfile @@ -17,7 +17,6 @@ FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -ARG RPMFUSION_MIRROR="${:-}" ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" COPY sys_files/usr /usr diff --git a/install.sh b/install.sh index 101d9ea0..7fe41033 100755 --- a/install.sh +++ b/install.sh @@ -6,21 +6,11 @@ RELEASE="$(rpm -E %fedora)" KERNEL_SUFFIX="" QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')" -RPMFUSION_MIRROR_RPMS="https://mirrors.rpmfusion.org" -if [ -n "${RPMFUSION_MIRROR}" ]; then - RPMFUSION_MIRROR_RPMS=${RPMFUSION_MIRROR} -fi - -mkdir -p /tmp/rpm-repos -curl -Lo /tmp/rpm-repos/rpmfusion-free-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/free/fedora/rpmfusion-free-release-"${RELEASE}".noarch.rpm -curl -Lo /tmp/rpm-repos/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/nonfree/fedora/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm - curl -Lo /etc/yum.repos.d/_copr_ublue-os_staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${RELEASE}"/ublue-os-staging-fedora-"${RELEASE}".repo curl -Lo /etc/yum.repos.d/_copr_kylegospo_oversteer.repo https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-"${RELEASE}"/kylegospo-oversteer-fedora-"${RELEASE}".repo rpm-ostree install \ /tmp/rpms/*.rpm \ - /tmp/rpm-repos/*.rpm \ /tmp/akmods-rpms/*.rpm \ fedora-repos-archive @@ -42,25 +32,27 @@ else /tmp/kernel-rpms/kernel-modules-*.rpm fi -if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then - # note: this is done before single mirror hack to ensure this persists in image and is not reset - echo "Enable rpmfusion-(non)free-updates-testing with low priority for Fedora ${FEDORA_MAJOR_VERSION}" - sed -i '0,/enabled=0/{s/enabled=0/enabled=1\npriority=110/}' /etc/yum.repos.d/rpmfusion-*-updates-testing.repo -fi +# use negativo17 for 3rd party packages with higher priority than default +curl -Lo /etc/yum.repos.d/negativo17-fedora-multimedia.repo https://negativo17.org/repos/fedora-multimedia.repo +sed -i '0,/enabled=0/{s/enabled=0/enabled=1\npriority=90/}' /etc/yum.repos.d/negativo17-fedora-multimedia.repo -# after F41 launches, bump to 42 -if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then - # note: this is done before single mirror hack to ensure this persists in image and is not reset - # pre-release rpmfusion is in a different location - sed -i "s%free/fedora/releases%free/fedora/development%" /etc/yum.repos.d/rpmfusion-*.repo -fi - -if [ -n "${RPMFUSION_MIRROR}" ]; then - # force use of single rpmfusion mirror - echo "Using single rpmfusion mirror: ${RPMFUSION_MIRROR}" - sed -i.bak "s%^metalink=%#metalink=%" /etc/yum.repos.d/rpmfusion-*.repo - sed -i "s%^#baseurl=http://download1.rpmfusion.org%baseurl=${RPMFUSION_MIRROR}%" /etc/yum.repos.d/rpmfusion-*.repo -fi +# use override to replace mesa and others with less crippled versions +rpm-ostree override replace \ + --experimental \ + --from repo='fedora-multimedia' \ + libheif \ + libva \ + libva-intel-media-driver \ + libvdpau \ + mesa-dri-drivers \ + mesa-filesystem \ + mesa-libEGL \ + mesa-libGL \ + mesa-libgbm \ + mesa-libglapi \ + mesa-libxatracker \ + mesa-va-drivers \ + mesa-vulkan-drivers # run common packages script /ctx/packages.sh @@ -71,9 +63,3 @@ fi if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then /ctx/initramfs.sh fi - -if [ -n "${RPMFUSION_MIRROR}" ]; then - # reset forced use of single rpmfusion mirror - echo "Revert from single rpmfusion mirror: ${RPMFUSION_MIRROR}" - rename -v .repo.bak .repo /etc/yum.repos.d/rpmfusion-*repo.bak -fi diff --git a/packages.json b/packages.json index f9406108..daba83f7 100644 --- a/packages.json +++ b/packages.json @@ -18,22 +18,21 @@ "google-noto-sans-javanese-fonts", "google-noto-sans-sundanese-fonts", "grub2-tools-extra", + "gstreamer1-plugins-bad", + "gstreamer1-plugins-ugly", "heif-pixbuf-loader", "htop", - "intel-media-driver", + "intel-vaapi-driver", "just", "kernel-tools", "libcamera", "libcamera-tools", "libcamera-gstreamer", "libcamera-ipa", - "libheif-freeworld", - "libheif-tools", + "libfdk-aac", "libratbag-ratbagd", - "libva-intel-driver", "libva-utils", "lshw", - "mesa-va-drivers-freeworld.x86_64", "net-tools", "nvme-cli", "nvtop", @@ -43,7 +42,7 @@ "pam-u2f", "pam_yubico", "pamu2fcfg", - "pipewire-codec-aptx", + "pipewire-libs-extra", "pipewire-plugin-libcamera", "powerstat", "smartmontools", @@ -85,8 +84,12 @@ }, "exclude": { "all": [ + "fdk-aac-free", "ffmpeg-free", "google-noto-sans-cjk-vf-fonts", + "gstreamer1-plugins-bad-free-libs", + "gstreamer1-plugins-bad-free", + "gstreamer1-plugins-ugly-free", "libavcodec-free", "libavdevice-free", "libavfilter-free", @@ -94,8 +97,7 @@ "libavutil-free", "libpostproc-free", "libswresample-free", - "libswscale-free", - "mesa-va-drivers" + "libswscale-free" ], "kinoite": [ "ffmpegthumbnailer", From ca6f6e553413efdf7788e8a4ff9e773624334573 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sun, 6 Oct 2024 14:59:40 -0500 Subject: [PATCH 34/51] chore: revert change of gstreamer-plugins (#645) --- packages.json | 5 ----- 1 file changed, 5 deletions(-) diff --git a/packages.json b/packages.json index daba83f7..da670699 100644 --- a/packages.json +++ b/packages.json @@ -18,8 +18,6 @@ "google-noto-sans-javanese-fonts", "google-noto-sans-sundanese-fonts", "grub2-tools-extra", - "gstreamer1-plugins-bad", - "gstreamer1-plugins-ugly", "heif-pixbuf-loader", "htop", "intel-vaapi-driver", @@ -87,9 +85,6 @@ "fdk-aac-free", "ffmpeg-free", "google-noto-sans-cjk-vf-fonts", - "gstreamer1-plugins-bad-free-libs", - "gstreamer1-plugins-bad-free", - "gstreamer1-plugins-ugly-free", "libavcodec-free", "libavdevice-free", "libavfilter-free", From 1d16ee0e8a46f60dd6defe9e81dc141cd0e26f61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 17:34:22 -0400 Subject: [PATCH 35/51] chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#646) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index b151443a..6be76ecf 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -248,7 +248,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} # Sign container - - uses: sigstore/cosign-installer@v3.6.0 + - uses: sigstore/cosign-installer@v3.7.0 if: github.event_name != 'pull_request' - name: Sign container image From 500612786d72f0377fe075138c8269332c08a938 Mon Sep 17 00:00:00 2001 From: qoijjj <129108030+qoijjj@users.noreply.github.com> Date: Wed, 9 Oct 2024 15:21:43 -0700 Subject: [PATCH 36/51] fix: bug in negativo prioritization command (#649) --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 7fe41033..02dcbf95 100755 --- a/install.sh +++ b/install.sh @@ -34,7 +34,7 @@ fi # use negativo17 for 3rd party packages with higher priority than default curl -Lo /etc/yum.repos.d/negativo17-fedora-multimedia.repo https://negativo17.org/repos/fedora-multimedia.repo -sed -i '0,/enabled=0/{s/enabled=0/enabled=1\npriority=90/}' /etc/yum.repos.d/negativo17-fedora-multimedia.repo +sed -i '0,/enabled=1/{s/enabled=1/enabled=1\npriority=90/}' /etc/yum.repos.d/negativo17-fedora-multimedia.repo # use override to replace mesa and others with less crippled versions rpm-ostree override replace \ From f9593536d60d2de93a55084ace11501552ae5bb1 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Fri, 18 Oct 2024 01:57:42 +0100 Subject: [PATCH 37/51] feat: enable Fedora 41 builds (#638) Co-authored-by: Benjamin Sherman --- .github/workflows/build-41.yml | 15 +++++++++++++++ install.sh | 10 ++++++++-- packages.json | 31 ++++++++++++++++++++----------- 3 files changed, 43 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/build-41.yml diff --git a/.github/workflows/build-41.yml b/.github/workflows/build-41.yml new file mode 100644 index 00000000..c0e4ffac --- /dev/null +++ b/.github/workflows/build-41.yml @@ -0,0 +1,15 @@ +name: ublue main 41 +on: + pull_request: + merge_group: + schedule: + - cron: '5 4 * * *' # 4am-ish UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + build: + name: build + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 41 \ No newline at end of file diff --git a/install.sh b/install.sh index 02dcbf95..6f511ed7 100755 --- a/install.sh +++ b/install.sh @@ -40,10 +40,8 @@ sed -i '0,/enabled=1/{s/enabled=1/enabled=1\npriority=90/}' /etc/yum.repos.d/neg rpm-ostree override replace \ --experimental \ --from repo='fedora-multimedia' \ - libheif \ libva \ libva-intel-media-driver \ - libvdpau \ mesa-dri-drivers \ mesa-filesystem \ mesa-libEGL \ @@ -54,6 +52,14 @@ rpm-ostree override replace \ mesa-va-drivers \ mesa-vulkan-drivers +if [[ "$FEDORA_MAJOR_VERSION" -ne "41" ]]; then + rpm-ostree override replace \ + --experimental \ + --from repo='fedora-multimedia' \ + libheif \ + libvdpau +fi + # run common packages script /ctx/packages.sh diff --git a/packages.json b/packages.json index da670699..abe66092 100644 --- a/packages.json +++ b/packages.json @@ -20,7 +20,6 @@ "grub2-tools-extra", "heif-pixbuf-loader", "htop", - "intel-vaapi-driver", "just", "kernel-tools", "libcamera", @@ -40,7 +39,6 @@ "pam-u2f", "pam_yubico", "pamu2fcfg", - "pipewire-libs-extra", "pipewire-plugin-libcamera", "powerstat", "smartmontools", @@ -92,7 +90,8 @@ "libavutil-free", "libpostproc-free", "libswresample-free", - "libswscale-free" + "libswscale-free", + "default-fonts-cjk-sans" ], "kinoite": [ "ffmpegthumbnailer", @@ -107,30 +106,40 @@ "39": { "include": { "all": [ - "bootc" + "bootc", + "intel-vaapi-driver", + "pipewire-libs-extra" ], "kinoite": [ "xwaylandvideobridge" ] }, "exclude": { - "all": [ - "default-fonts-cjk-sans" - ] + "all": [] } }, "40": { "include": { - "all": [], + "all": [ + "intel-vaapi-driver", + "pipewire-libs-extra" + ], "kinoite": [ "kf6-kimageformats", "qt6-qtimageformats" ] }, "exclude": { - "all": [ - "default-fonts-cjk-sans" - ] + "all": [] + } + }, + "41": { + "include": { + "all": [], + "kinoite": [] + }, + "exclude": { + "all": [] } } } From 73e6d049cd2328cb30754cdbcff0da33d142fc25 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 18 Oct 2024 13:40:54 -0400 Subject: [PATCH 38/51] feat: Add a beta tag (#651) Co-authored-by: Jorge O. Castro --- .github/workflows/reusable-build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 6be76ecf..9831a72a 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -63,14 +63,17 @@ jobs: IS_LATEST_VERSION=false IS_STABLE_VERSION=true IS_GTS_VERSION=true + IS_BETA_VERSION=false elif [[ "${{ matrix.fedora_version }}" -eq "40" ]]; then IS_LATEST_VERSION=true IS_STABLE_VERSION=true IS_GTS_VERSION=false + IS_BETA_VERSION=false elif [[ "${{ matrix.fedora_version }}" -eq "41" ]]; then IS_LATEST_VERSION=false IS_STABLE_VERSION=false IS_GTS_VERSION=false + IS_BETA_VERSION=true fi COMMIT_TAGS=() @@ -103,6 +106,10 @@ jobs: BUILD_TAGS+=("gts-${TIMESTAMP}") BUILD_TAGS+=("gts") echo "DEFAULT_TAG=gts" >> $GITHUB_ENV + elif [[ "${IS_BETA_VERSION}" == "true" ]]; then + BUILD_TAGS+=("beta-${TIMESTAMP}") + BUILD_TAGS+=("beta") + echo "DEFAULT_TAG=beta" >> $GITHUB_ENV fi if [[ "${{ github.event_name }}" == "pull_request" ]]; then From 55a4433ebf7458f69c791dc69cff32d522afdfd0 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sat, 26 Oct 2024 15:53:58 -0500 Subject: [PATCH 39/51] fix: handle new F41 selinux policies for sulogin-generator (#654) --- install.sh | 6 ++ .../system-generators/ublue-sulogin-generator | 65 ------------------- 2 files changed, 6 insertions(+), 65 deletions(-) delete mode 100755 sys_files/usr/lib/systemd/system-generators/ublue-sulogin-generator diff --git a/install.sh b/install.sh index 6f511ed7..d09d96ed 100755 --- a/install.sh +++ b/install.sh @@ -66,6 +66,12 @@ fi ## install packages direct from github /ctx/github-release-install.sh sigstore/cosign x86_64 +# use CoreOS' generator for emergency/rescue boot +# see detail: https://github.com/ublue-os/main/issues/653 +CSFG=/usr/lib/systemd/system-generators/coreos-sulogin-force-generator +curl -sSLo ${CSFG} https://raw.githubusercontent.com/coreos/fedora-coreos-config/refs/heads/stable/overlay.d/05core/usr/lib/systemd/system-generators/coreos-sulogin-force-generator +chmod +x ${CSFG} + if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then /ctx/initramfs.sh fi diff --git a/sys_files/usr/lib/systemd/system-generators/ublue-sulogin-generator b/sys_files/usr/lib/systemd/system-generators/ublue-sulogin-generator deleted file mode 100755 index ebee5d35..00000000 --- a/sys_files/usr/lib/systemd/system-generators/ublue-sulogin-generator +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/bash - -# This systemd.generator(7) detects if rescue or emergency targets were -# requested from the kernel cmdline; if so, it overrides the respective -# target to set force sulogin, allowing use of rescue/emergency targets -# on systems with locked root password (as is Fedora default). -# -# This does NOT bypass locked root password on a fsck failure, but WILL -# bypass when rescue/emergency targets are chosen from kernel cmdline. -# Since this requires console/grub access, it is assumed to be at least -# as secure as a user reset of the root password using grub to modify -# the kernel cmdline with init=/bin/bash . -# -# NOTE: the SYSTEMD_SULOGIN_FORCE method used here does not bypass any -# assigned password; root password is only bypassed when locked/unset. - -export PATH="/usr/bin:/usr/sbin:${PATH}" -if [ -n "$1" ]; then - # If invoked with arguments (not testing) log to kmsg - # https://github.com/systemd/systemd/issues/15638 - exec 1>/dev/kmsg; exec 2>&1 -fi - -# If invoked with no arguments (for testing) write to /tmp -UNIT_DIR="${1:-/tmp}" - -set -euo pipefail - -have_some_karg() { - local args=("$@") - IFS=" " read -r -a cmdline <<< "$( "${out_dir}/sulogin-force.conf" < Date: Sat, 26 Oct 2024 22:24:42 -0500 Subject: [PATCH 40/51] feat: add missing packages to Fedora 41 builds (#655) --- install.sh | 2 +- packages.json | 11 ++++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/install.sh b/install.sh index d09d96ed..2c3c0602 100755 --- a/install.sh +++ b/install.sh @@ -40,6 +40,7 @@ sed -i '0,/enabled=1/{s/enabled=1/enabled=1\npriority=90/}' /etc/yum.repos.d/neg rpm-ostree override replace \ --experimental \ --from repo='fedora-multimedia' \ + libheif \ libva \ libva-intel-media-driver \ mesa-dri-drivers \ @@ -56,7 +57,6 @@ if [[ "$FEDORA_MAJOR_VERSION" -ne "41" ]]; then rpm-ostree override replace \ --experimental \ --from repo='fedora-multimedia' \ - libheif \ libvdpau fi diff --git a/packages.json b/packages.json index abe66092..e6cb311f 100644 --- a/packages.json +++ b/packages.json @@ -20,6 +20,7 @@ "grub2-tools-extra", "heif-pixbuf-loader", "htop", + "intel-vaapi-driver", "just", "kernel-tools", "libcamera", @@ -39,6 +40,7 @@ "pam-u2f", "pam_yubico", "pamu2fcfg", + "pipewire-libs-extra", "pipewire-plugin-libcamera", "powerstat", "smartmontools", @@ -106,9 +108,7 @@ "39": { "include": { "all": [ - "bootc", - "intel-vaapi-driver", - "pipewire-libs-extra" + "bootc" ], "kinoite": [ "xwaylandvideobridge" @@ -120,10 +120,7 @@ }, "40": { "include": { - "all": [ - "intel-vaapi-driver", - "pipewire-libs-extra" - ], + "all": [], "kinoite": [ "kf6-kimageformats", "qt6-qtimageformats" From b0e7b02a6a8703d4b685e1b4a54c8f88ae205d13 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Mon, 28 Oct 2024 22:07:06 -0500 Subject: [PATCH 41/51] chore: ensure gnome software doesn't confuse users about dkms MOK (#658) --- install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/install.sh b/install.sh index 2c3c0602..767527e5 100755 --- a/install.sh +++ b/install.sh @@ -72,6 +72,10 @@ CSFG=/usr/lib/systemd/system-generators/coreos-sulogin-force-generator curl -sSLo ${CSFG} https://raw.githubusercontent.com/coreos/fedora-coreos-config/refs/heads/stable/overlay.d/05core/usr/lib/systemd/system-generators/coreos-sulogin-force-generator chmod +x ${CSFG} +# prevent gnome software from warning about dkms secureboot as these warnings +# would duplicate warnings provided by ublue already. we don't want confusion +rm -f /usr/libexec/gnome-software-dkms-helper + if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then /ctx/initramfs.sh fi From a411c6aba3ad035de588c9c5daf3f288e269a405 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Tue, 29 Oct 2024 12:40:07 -0400 Subject: [PATCH 42/51] Feat: Update tags for F41 Release (#657) --- .github/workflows/reusable-build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 9831a72a..930bdfb0 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -62,16 +62,16 @@ jobs: if [[ "${{ matrix.fedora_version }}" -eq "39" ]]; then IS_LATEST_VERSION=false IS_STABLE_VERSION=true - IS_GTS_VERSION=true + IS_GTS_VERSION=false IS_BETA_VERSION=false elif [[ "${{ matrix.fedora_version }}" -eq "40" ]]; then - IS_LATEST_VERSION=true + IS_LATEST_VERSION=false IS_STABLE_VERSION=true - IS_GTS_VERSION=false + IS_GTS_VERSION=true IS_BETA_VERSION=false elif [[ "${{ matrix.fedora_version }}" -eq "41" ]]; then - IS_LATEST_VERSION=false - IS_STABLE_VERSION=false + IS_LATEST_VERSION=true + IS_STABLE_VERSION=true IS_GTS_VERSION=false IS_BETA_VERSION=true fi From 77e6b443f6a6023582ef964e36fa7fd1c158033c Mon Sep 17 00:00:00 2001 From: qoijjj <129108030+qoijjj@users.noreply.github.com> Date: Wed, 30 Oct 2024 07:47:25 -0700 Subject: [PATCH 43/51] fix: remove redundant and less performant thumbnailer (#659) --- packages.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages.json b/packages.json index e6cb311f..d0957b27 100644 --- a/packages.json +++ b/packages.json @@ -95,6 +95,9 @@ "libswscale-free", "default-fonts-cjk-sans" ], + "silverblue": [ + "totem-video-thumbnailer" + ], "kinoite": [ "ffmpegthumbnailer", "plasma-discover-rpm-ostree" From 147b76b112cae7f624a66752ceb26c6733855174 Mon Sep 17 00:00:00 2001 From: Niklas <40402114+NiHaiden@users.noreply.github.com> Date: Wed, 30 Oct 2024 17:50:14 +0100 Subject: [PATCH 44/51] fix(kinoite): Include missing KDE image format codecs (#660) Co-authored-by: Kyle Gospodnetich --- packages.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages.json b/packages.json index d0957b27..392aeb45 100644 --- a/packages.json +++ b/packages.json @@ -136,7 +136,10 @@ "41": { "include": { "all": [], - "kinoite": [] + "kinoite": [ + "kf6-kimageformats", + "qt6-qtimageformats" + ] }, "exclude": { "all": [] From 4ece7029c186b3a92617108a8f120fea0999654a Mon Sep 17 00:00:00 2001 From: qoijjj <129108030+qoijjj@users.noreply.github.com> Date: Wed, 30 Oct 2024 13:14:47 -0700 Subject: [PATCH 45/51] chore: consistently remove rpm-ostree backend from software stores (#662) --- packages.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages.json b/packages.json index 392aeb45..f2a2961c 100644 --- a/packages.json +++ b/packages.json @@ -96,7 +96,8 @@ "default-fonts-cjk-sans" ], "silverblue": [ - "totem-video-thumbnailer" + "totem-video-thumbnailer", + "gnome-software-rpm-ostree" ], "kinoite": [ "ffmpegthumbnailer", From 12829ea1b846497085a38342af8a3821efff6102 Mon Sep 17 00:00:00 2001 From: Zeglius <33781398+Zeglius@users.noreply.github.com> Date: Thu, 31 Oct 2024 17:44:13 +0100 Subject: [PATCH 46/51] fix: Override copr plugin config to use fedora chroot by default (#663) --- .../usr/share/dnf/plugins/copr.vendor.conf | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 sys_files/usr/share/dnf/plugins/copr.vendor.conf diff --git a/sys_files/usr/share/dnf/plugins/copr.vendor.conf b/sys_files/usr/share/dnf/plugins/copr.vendor.conf new file mode 100644 index 00000000..935502d3 --- /dev/null +++ b/sys_files/usr/share/dnf/plugins/copr.vendor.conf @@ -0,0 +1,20 @@ +# This override is to handle the default behavior of dnf5 using ID at /etc/os-release +# to select which chroot gets used to fetch the copr repo. +# +# An example of the behavior displayed without this override in Bazzite: +# sudo dnf5 copr enable msmafra/hyprland +# https://copr.fedorainfracloud.org/api_3/rpmrepo/msmafra/hyprland/bazzite-41/ 100% | 726.0 B/s | 457.0 B | 00m01s +# Chroot not found in the given Copr project (bazzite-41-x86_64). You can choose one of the available chroots explicitly: +# fedora-40-aarch64 +# fedora-40-x86_64 +# fedora-41-aarch64 +# fedora-41-x86_64 +# fedora-rawhide-aarch64 +# fedora-rawhide-x86_64 +# +# See: +# https://github.com/rpm-software-management/dnf5/blob/01d4df824ff4a94ae1fc288f81923d02ba71173a/dnf5-plugins/copr_plugin/copr_config.cpp#L79-L81 +# https://github.com/rpm-software-management/dnf5/blob/01d4df824ff4a94ae1fc288f81923d02ba71173a/dnf5-plugins/copr_plugin/copr_repo.cpp#L146 + +[main] +distribution = fedora From 94470cc21e1a5f8119c8f503c6e887b8dd6aac6b Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 31 Oct 2024 12:27:14 -0500 Subject: [PATCH 47/51] =?UTF-8?q?chore:=20Revert=20"fix:=20Override=20copr?= =?UTF-8?q?=20plugin=20config=20to=20use=20fedora=20chroot=20=E2=80=A6=20(?= =?UTF-8?q?#664)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../usr/share/dnf/plugins/copr.vendor.conf | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 sys_files/usr/share/dnf/plugins/copr.vendor.conf diff --git a/sys_files/usr/share/dnf/plugins/copr.vendor.conf b/sys_files/usr/share/dnf/plugins/copr.vendor.conf deleted file mode 100644 index 935502d3..00000000 --- a/sys_files/usr/share/dnf/plugins/copr.vendor.conf +++ /dev/null @@ -1,20 +0,0 @@ -# This override is to handle the default behavior of dnf5 using ID at /etc/os-release -# to select which chroot gets used to fetch the copr repo. -# -# An example of the behavior displayed without this override in Bazzite: -# sudo dnf5 copr enable msmafra/hyprland -# https://copr.fedorainfracloud.org/api_3/rpmrepo/msmafra/hyprland/bazzite-41/ 100% | 726.0 B/s | 457.0 B | 00m01s -# Chroot not found in the given Copr project (bazzite-41-x86_64). You can choose one of the available chroots explicitly: -# fedora-40-aarch64 -# fedora-40-x86_64 -# fedora-41-aarch64 -# fedora-41-x86_64 -# fedora-rawhide-aarch64 -# fedora-rawhide-x86_64 -# -# See: -# https://github.com/rpm-software-management/dnf5/blob/01d4df824ff4a94ae1fc288f81923d02ba71173a/dnf5-plugins/copr_plugin/copr_config.cpp#L79-L81 -# https://github.com/rpm-software-management/dnf5/blob/01d4df824ff4a94ae1fc288f81923d02ba71173a/dnf5-plugins/copr_plugin/copr_repo.cpp#L146 - -[main] -distribution = fedora From 99b6864790c6605c652f591003bccefe605fae63 Mon Sep 17 00:00:00 2001 From: Zeglius <33781398+Zeglius@users.noreply.github.com> Date: Fri, 1 Nov 2024 06:54:36 +0100 Subject: [PATCH 48/51] fix: Override copr plugin config to use fedora chroot by default (resubmission) (#665) --- .../usr/share/dnf/plugins/copr.vendor.conf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 sys_files/usr/share/dnf/plugins/copr.vendor.conf diff --git a/sys_files/usr/share/dnf/plugins/copr.vendor.conf b/sys_files/usr/share/dnf/plugins/copr.vendor.conf new file mode 100644 index 00000000..3ad3bc76 --- /dev/null +++ b/sys_files/usr/share/dnf/plugins/copr.vendor.conf @@ -0,0 +1,19 @@ +# This override is to handle the default behavior of dnf5 using ID at /etc/os-release +# to select which chroot gets used to fetch the copr repo. +# +# An example of the behavior displayed without this override in Bazzite: +# sudo dnf5 copr enable ublue-os/bling +# https://copr.fedorainfracloud.org/api_3/rpmrepo/ublue-os/bling/bazzite-41/ 100% | 946.0 B/s | 500.0 B | 00m01s +# Chroot not found in the given Copr project (bazzite-41-x86_64). You can choose one of the available chroots explicitly: +# fedora-38-x86_64 +# fedora-39-x86_64 +# fedora-40-x86_64 +# fedora-41-x86_64 +# fedora-rawhide-x86_64 +# +# See: +# https://github.com/rpm-software-management/dnf5/blob/01d4df824ff4a94ae1fc288f81923d02ba71173a/dnf5-plugins/copr_plugin/copr_config.cpp#L79-L81 +# https://github.com/rpm-software-management/dnf5/blob/01d4df824ff4a94ae1fc288f81923d02ba71173a/dnf5-plugins/copr_plugin/copr_repo.cpp#L146 + +[main] +distribution = fedora From 90054b90907a9e403ea626e637ca367f78694cc3 Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Tue, 5 Nov 2024 15:11:49 -0800 Subject: [PATCH 49/51] feat: Replace gnome-software with non-dkms version on F41 and above. (#671) Co-authored-by: Benjamin Sherman --- install.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/install.sh b/install.sh index 767527e5..28dfbab8 100755 --- a/install.sh +++ b/install.sh @@ -60,6 +60,16 @@ if [[ "$FEDORA_MAJOR_VERSION" -ne "41" ]]; then libvdpau fi +# Disable DKMS support in gnome-software +if [[ "$FEDORA_MAJOR_VERSION" -ge "41" && "$IMAGE_NAME" == "silverblue" ]]; then + rpm-ostree override remove \ + gnome-software-rpm-ostree + rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ + gnome-software +fi + # run common packages script /ctx/packages.sh @@ -72,10 +82,6 @@ CSFG=/usr/lib/systemd/system-generators/coreos-sulogin-force-generator curl -sSLo ${CSFG} https://raw.githubusercontent.com/coreos/fedora-coreos-config/refs/heads/stable/overlay.d/05core/usr/lib/systemd/system-generators/coreos-sulogin-force-generator chmod +x ${CSFG} -# prevent gnome software from warning about dkms secureboot as these warnings -# would duplicate warnings provided by ublue already. we don't want confusion -rm -f /usr/libexec/gnome-software-dkms-helper - if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then /ctx/initramfs.sh fi From d8658c7cacac5a61d1ab06cdef1ddffc465ec97d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 23:16:40 +0000 Subject: [PATCH 50/51] chore(deps): bump Wandalen/wretry.action from 3.5.0 to 3.7.0 (#673) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Benjamin Sherman --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 930bdfb0..f55709b4 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -132,7 +132,7 @@ jobs: - name: Get current version id: labels - uses: Wandalen/wretry.action@v3.5.0 + uses: Wandalen/wretry.action@v3.7.0 with: attempt_limit: 3 attempt_delay: 15000 @@ -153,7 +153,7 @@ jobs: echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV - name: Pull Images - uses: Wandalen/wretry.action@v3.5.0 + uses: Wandalen/wretry.action@v3.7.0 with: attempt_limit: 3 attempt_delay: 15000 @@ -227,7 +227,7 @@ jobs: string: ${{ env.IMAGE_REGISTRY }} - name: Push To GHCR - uses: Wandalen/wretry.action@v3.5.0 + uses: Wandalen/wretry.action@v3.7.0 id: push if: github.event_name != 'pull_request' env: From 5635674579b2eec9f0b28bdc2f746d859857654c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Nov 2024 15:22:35 -0500 Subject: [PATCH 51/51] chore(deps): bump Wandalen/wretry.action from 3.7.0 to 3.7.2 (#675) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index f55709b4..8d5be829 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -132,7 +132,7 @@ jobs: - name: Get current version id: labels - uses: Wandalen/wretry.action@v3.7.0 + uses: Wandalen/wretry.action@v3.7.2 with: attempt_limit: 3 attempt_delay: 15000 @@ -153,7 +153,7 @@ jobs: echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV - name: Pull Images - uses: Wandalen/wretry.action@v3.7.0 + uses: Wandalen/wretry.action@v3.7.2 with: attempt_limit: 3 attempt_delay: 15000 @@ -227,7 +227,7 @@ jobs: string: ${{ env.IMAGE_REGISTRY }} - name: Push To GHCR - uses: Wandalen/wretry.action@v3.7.0 + uses: Wandalen/wretry.action@v3.7.2 id: push if: github.event_name != 'pull_request' env: