diff --git a/builder.sh b/builder.sh index 00eaebb..0e79ba1 100755 --- a/builder.sh +++ b/builder.sh @@ -43,14 +43,26 @@ echo "${buildid}" > .buildid echo "Composing ${VERSION}.${buildid} ..." -# shared repos +# repos import cp images/shared/*.repo "${IMAGE_DIR}" +cp "${IMAGE_DIR}"/repos/*.repo "${IMAGE_DIR}" # Ensure manifest has correct ref and releasever sed -i '/^ref:/d' "$MANIFEST" sed -i '/^releasever:/d' "$MANIFEST" sed -i "1i releasever: ${VERSION}" "$MANIFEST" sed -i "1i ref: ${REF}" "$MANIFEST" + +#Run a optional per image script to do image specific things +POSTPROCESS="${IMAGE_DIR}/postprocess.sh" +if [[ -x "${POSTPROCESS}" ]]; then + echo "Running postprocess script: ${POSTPROCESS}" + "${POSTPROCESS}" +else + echo "No postprocess.sh found in ${IMAGE_DIR}, skipping." +fi + + # --- COMPOSE IMAGE --- ARGS=( "--cachedir=cache" diff --git a/images/asahi-cosmic/asahi.yaml b/images/asahi-cosmic/asahi.yaml new file mode 100644 index 0000000..e3578dc --- /dev/null +++ b/images/asahi-cosmic/asahi.yaml @@ -0,0 +1,16 @@ +#Asahi specific packages +packages: + # base + - alsa-ucm-asahi + - asahi-platform-metapackage + - asahi-repos + # - fedora-asahi-remix-scripts # Depends on dnf right now + - tiny-dfr + # boot + - grub2-efi-aa64-modules + - uboot-images-armv8 + - asahi-fwupdate + - dracut-asahi + - update-m1n1 + # desktop-environments + - aajohan-comfortaa-fonts \ No newline at end of file diff --git a/images/asahi-cosmic/manifest.yaml b/images/asahi-cosmic/manifest.yaml new file mode 100644 index 0000000..4093ae8 --- /dev/null +++ b/images/asahi-cosmic/manifest.yaml @@ -0,0 +1,67 @@ +metadata: + summary: Asahi remix atomic with the cosmic desktop + +edition: "2024" #todo: figure out what this is used for + +# Be minimal +recommends: false + +# Default to `bash` in our container, the same as other containers we ship. +container-cmd: + - /sbin/init + +#Settings +#Set the default systemd target +default_target: graphical.target +#Set selinux to true +selinux: true + +include: + - ../shared/base.yaml + - ./asahi.yaml + - ./packages.yaml + +repos: + - fedora-base + - fedora-updates + - fedora-asahi-remix-hotfixes + - copr:copr.fedorainfracloud.org:group_asahi:fedora-remix-branding + - copr:copr.fedorainfracloud.org:group_asahi:fedora-remix-scripts + - copr:copr.fedorainfracloud.org:group_asahi:kernel + - copr:copr.fedorainfracloud.org:group_asahi:mesa + - copr:copr.fedorainfracloud.org:group_asahi:u-boot + +postprocess: + - | + #!/usr/bin/env bash + set -xeuo pipefail + + # Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295 + # From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf + install -dm0755 /usr/lib/systemd/journald.conf.d/ + echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf + + # See: https://src.fedoraproject.org/rpms/glibc/pull-request/4 + # Basically that program handles deleting old shared library directories + # mid-transaction, which never applies to rpm-ostree. This is structured as a + # loop/glob to avoid hardcoding (or trying to match) the architecture. + for x in /usr/sbin/glibc_post_upgrade.*; do + if test -f ${x}; then + ln -srf /usr/bin/true ${x} + fi + done + + # Remove loader directory causing issues in Anaconda in unified core mode + # Will be obsolete once we start using bootupd + rm -rf /usr/lib/ostree-boot/loader + + # Undo RPM scripts enabling units; we want the presets to be canonical + # https://github.com/projectatomic/rpm-ostree/issues/1803 + rm -rf /etc/systemd/system/* + systemctl preset-all + rm -rf /etc/systemd/user/* + systemctl --user --global preset-all + + # Fix triggerin for samba-client in cups package (not supported by rpm-ostree yet) + # https://github.com/fedora-silverblue/issue-tracker/issues/532 + ln -snf /usr/libexec/samba/cups_backend_smb /usr/lib/cups/backend/smb \ No newline at end of file diff --git a/images/asahi-cosmic/packages.yaml b/images/asahi-cosmic/packages.yaml new file mode 100644 index 0000000..64de5ab --- /dev/null +++ b/images/asahi-cosmic/packages.yaml @@ -0,0 +1,273 @@ +#Cosmic related packages +packages: + - cosmic-edit + - cosmic-files + - cosmic-initial-setup + - cosmic-player + - cosmic-session + - cosmic-store + - cosmic-term + - flatpak + - gnome-disk-utility + - gnome-keyring-pam + - gnome-system-monitor + - mesa-dri-drivers + - mesa-vulkan-drivers + - plymouth-system-theme + - system-config-printer + - xdg-desktop-portal-gtk + +# System packages (boot) +packages-aarch64: + - grub2-efi + - efibootmgr + - shim + +#System packages (common) + +# Core packages (common.yaml upstream) +packages: + # Ensure that we have a kernel. Kernel packages are not in any comps group + # - kernel + # - kernel-modules + # - kernel-modules-extra + # Do not include "full" Git as it brings in Perl + - git-core + # Explicitely add Git docs + - git-core-doc + # Required until we've completed the move to systemd-sysusers + # See: https://github.com/fedora-silverblue/issue-tracker/issues/362 + - nss-altfiles + # Container management + - buildah + - podman + - skopeo + # Keep fuse-overlayfs for compatibilty and rootless containers use cases + # See: https://github.com/coreos/fedora-coreos-tracker/issues/1749 + - fuse-overlayfs + # See: https://github.com/fedora-silverblue/issue-tracker/issues/503 + - systemd-container + # Provides terminal tools like clear, reset, tput, and tset + - ncurses + # Flatpak support + - flatpak + - xdg-desktop-portal + # the archive repo for more reliable package layering + # https://github.com/coreos/fedora-coreos-tracker/issues/400 + - fedora-repos-archive + # Always include at least full English language support by default + # https://gitlab.com/fedora/ostree/sig/-/issues/14 + - langpacks-en + # Selected packages from the anaconda-tools group. See: https://gitlab.com/fedora/ostree/sig/-/issues/5 + - dosfstools + - lvm2 + - nvme-cli + - xfsprogs + # HFS filesystem tools for Apple hardware + # See https://github.com/projectatomic/rpm-ostree/issues/1380 + - hfsplus-tools + + # See: https://github.com/fedora-silverblue/issue-tracker/issues/390 + - wireguard-tools + # See: https://gitlab.com/fedora/ostree/sig/-/issues/101 + - gnupg2-scdaemon + - NetworkManager + - NetworkManager-bluetooth + - NetworkManager-config-connectivity-fedora + - NetworkManager-wifi + - NetworkManager-wwan + - acl + - alsa-ucm + - alsa-utils + - at-spi2-atk + - at-spi2-core + - attr + - audit + - b43-fwcutter + - b43-openfwwf + - bash + - bash-color-prompt + - bash-completion + - bc + - bind-utils + - bluez-cups + - brcmfmac-firmware + - brltty + - btrfs-progs + - bzip2 + - chrony + - cifs-utils + - colord + - compsize + - coreutils + - cpio + - cryptsetup + - cups + - cups-browsed + - cups-filters + - curl + - cyrus-sasl-plain + - default-editor + - default-fonts-cjk-mono + - default-fonts-cjk-sans + - default-fonts-cjk-serif + - default-fonts-core-emoji + - default-fonts-core-math + - default-fonts-core-mono + - default-fonts-core-sans + - default-fonts-core-serif + - default-fonts-other-mono + - default-fonts-other-sans + - default-fonts-other-serif + - dnsmasq + - e2fsprogs + - ethtool + - exfatprogs + - file + - filesystem + - firewalld + - fpaste + - fwupd + - gamemode + - glibc + - glibc-all-langpacks + - gnupg2 + - gstreamer1-plugin-dav1d + - gstreamer1-plugin-libav + - gstreamer1-plugins-bad-free + - gstreamer1-plugins-good + - gstreamer1-plugins-ugly-free + - gutenprint + - gutenprint-cups + - hostname + - hplip + - hunspell + - ibus-anthy + - ibus-chewing + - ibus-gtk3 + - ibus-gtk4 + - ibus-hangul + - ibus-libpinyin + - ibus-m17n + - ibus-typing-booster + - iproute + - iptables-nft + - iptstate + - iputils + - kbd + - kmscon + - less + - libglvnd-gles + - linux-firmware + - logrotate + - lrzsz + - lsof + - man-db + - man-pages + - mdadm + - mesa-dri-drivers + - mesa-vulkan-drivers + - mpage + - mtr + - nfs-utils + - nss-altfiles + - nss-mdns + - ntfs-3g + - ntfsprogs + - opensc + - openssh-clients + - openssh-server + - pam_afs_session + - paps + - passwdqc + - pciutils + - pinfo + - pipewire-alsa + - pipewire-config-raop + - pipewire-gstreamer + - pipewire-pulseaudio + - pipewire-utils + - plymouth + - plymouth-system-theme + - policycoreutils + - policycoreutils-python-utils + - prefixdevname + - procps-ng + - psmisc + - quota + - realtek-firmware + - rootfiles + - rpm + - rpm-ostree + - rsync + - samba-client + - selinux-policy-targeted + - setup + - shadow-utils + - sos + - speech-dispatcher + - spice-vdagent + - spice-webdavd + - sssd-common + - sssd-kcm + - sudo + - system-config-printer-udev + - systemd + - systemd-oomd-defaults + - systemd-resolved + - systemd-udev + - tar + - time + - tree + - unzip + - uresourced + - usb_modeswitch + - usbutils + - util-linux + - vim-minimal + - wget2-wget + - which + - whois + - wireplumber + - words + - wpa_supplicant + - zip + - zram-generator-defaults + - qrtr + - rmtfs + + +# Make sure the following are not pulled in when Recommended by other packages +exclude-packages: + - PackageKit + # We can not include openh264. See https://fedoraproject.org/wiki/OpenH264 + - gstreamer1-plugin-openh264 + - mozilla-openh264 + - openh264 + # https://github.com/fedora-silverblue/issue-tracker/issues/517 + - sdubby + # Exclude Tk. We can not exclude Tcl as it is neeeded for usb_modeswitch + - tk + # Exclude QEMU. See: https://gitlab.com/fedora/ostree/sig/-/issues/58 + - qemu-kvm + - qemu-kvm-core + - qemu-device-display-virtio-gpu + - qemu-device-display-virtio-vga + # See: https://github.com/fedora-silverblue/issue-tracker/issues/646 + - hplip-gui + # Ensure that we do not include any Perl package + - perl-interpreter + - perl-libs + # Exclude GNOME Software's langpack plugin to avoid layering langpacks on + # systems where GNOME Software is included + - gnome-software-fedora-langpacks + # We include wget instead + - wcurl + # See: https://fedoraproject.org/wiki/Changes/AtomicDesktopDropPklaCompat + - polkit-pkla-compat + # See: https://fedoraproject.org/wiki/Changes/AtomicDesktopDropFuse2 + # See: https://gitlab.com/fedora/ostree/sig/-/issues/50 + - fuse + - fuselibs + # Can only be excluded on variants that do not include GNOME Software + - PackageKit-glib \ No newline at end of file diff --git a/images/asahi-cosmic/postprocess.sh b/images/asahi-cosmic/postprocess.sh new file mode 100644 index 0000000..be2774d --- /dev/null +++ b/images/asahi-cosmic/postprocess.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -euxo pipefail + +#Get the asahi GPG keys +dnf copr enable -y @asahi/fedora-remix-branding +dnf install -y asahi-repos \ No newline at end of file diff --git a/images/asahi-cosmic/repos/fedora-asahi-remix-hotfixes.repo b/images/asahi-cosmic/repos/fedora-asahi-remix-hotfixes.repo new file mode 100644 index 0000000..e892b01 --- /dev/null +++ b/images/asahi-cosmic/repos/fedora-asahi-remix-hotfixes.repo @@ -0,0 +1,11 @@ +[fedora-asahi-remix-hotfixes] +name=Fedora Asahi Remix Hotfixes +baseurl=https://fedora-asahi-remix.org/repos/hotfixes/$releasever/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 +priority=1 \ No newline at end of file diff --git a/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo b/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo new file mode 100644 index 0000000..39b004c --- /dev/null +++ b/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo @@ -0,0 +1,11 @@ +copr:copr.fedorainfracloud.org:group_asahi:fedora-remix-branding] +name=Copr repo for fedora-remix-branding owned by @asahi +baseurl=https://download.copr.fedorainfracloud.org/results/@asahi/fedora-remix-branding/fedora-$releasever-$basearch/ +type=rpm-md +skip_if_unavailable=False +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-group_asahi-fedora-remix-branding +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 +priority=1 \ No newline at end of file diff --git a/images/asahi-cosmic/repos/group_asahi-fedora-remix-scripts.repo b/images/asahi-cosmic/repos/group_asahi-fedora-remix-scripts.repo new file mode 100644 index 0000000..4892287 --- /dev/null +++ b/images/asahi-cosmic/repos/group_asahi-fedora-remix-scripts.repo @@ -0,0 +1,11 @@ +[copr:copr.fedorainfracloud.org:group_asahi:fedora-remix-scripts] +name=Copr repo for fedora-remix-scripts owned by @asahi +baseurl=https://download.copr.fedorainfracloud.org/results/@asahi/fedora-remix-scripts/fedora-$releasever-$basearch/ +type=rpm-md +skip_if_unavailable=False +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-group_asahi-fedora-remix-scripts +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 +priority=5 \ No newline at end of file diff --git a/images/asahi-cosmic/repos/group_asahi-kernel.repo b/images/asahi-cosmic/repos/group_asahi-kernel.repo new file mode 100644 index 0000000..deddf3a --- /dev/null +++ b/images/asahi-cosmic/repos/group_asahi-kernel.repo @@ -0,0 +1,11 @@ +[copr:copr.fedorainfracloud.org:group_asahi:kernel] +name=Copr repo for kernel owned by @asahi +baseurl=https://download.copr.fedorainfracloud.org/results/@asahi/kernel/fedora-$releasever-$basearch/ +type=rpm-md +skip_if_unavailable=False +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-group_asahi-kernel +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 +priority=5 \ No newline at end of file diff --git a/images/asahi-cosmic/repos/group_asahi-mesa.repo b/images/asahi-cosmic/repos/group_asahi-mesa.repo new file mode 100644 index 0000000..003845a --- /dev/null +++ b/images/asahi-cosmic/repos/group_asahi-mesa.repo @@ -0,0 +1,11 @@ +[copr:copr.fedorainfracloud.org:group_asahi:mesa] +name=Copr repo for mesa owned by @asahi +baseurl=https://download.copr.fedorainfracloud.org/results/@asahi/mesa/fedora-$releasever-$basearch/ +type=rpm-md +skip_if_unavailable=False +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-group_asahi-mesa +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 +priority=5 \ No newline at end of file diff --git a/images/asahi-cosmic/repos/group_asahi-u-boot.repo b/images/asahi-cosmic/repos/group_asahi-u-boot.repo new file mode 100644 index 0000000..8a76103 --- /dev/null +++ b/images/asahi-cosmic/repos/group_asahi-u-boot.repo @@ -0,0 +1,11 @@ +[copr:copr.fedorainfracloud.org:group_asahi:u-boot] +name=Copr repo for u-boot owned by @asahi +baseurl=https://download.copr.fedorainfracloud.org/results/@asahi/u-boot/fedora-$releasever-$basearch/ +type=rpm-md +skip_if_unavailable=False +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-group_asahi-u-boot +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 +priority=5 \ No newline at end of file diff --git a/images/base/manifest.yaml b/images/base/manifest.yaml index bfd6abf..54e7f98 100644 --- a/images/base/manifest.yaml +++ b/images/base/manifest.yaml @@ -6,8 +6,7 @@ edition: "2024" #todo: figure out what this is used for variables: passwd_mode: full -# Be minimal -recommends: false +recommends: true # Default to `bash` in our container, the same as other containers we ship. container-cmd: @@ -21,12 +20,10 @@ include: - ../shared/base.yaml packages: + - kernel # this is implied by dependencies but let's make it explicit - coreutils - # We need dnf for building derived container images. In Fedora, this pulls - # in dnf5. In CentOS/RHEL, this pulls in dnf(4). We can simplify this back to - # just `dnf` once the `dnf` package is retired from Fedora. - - /usr/bin/dnf + - dnf # Even in minimal, we have this. If you don't want SELinux today, you'll need # to build a custom image. - selinux-policy-targeted @@ -34,11 +31,23 @@ packages: - container-selinux # Needed for tpm2 bound luks - tpm2-tools + +packages-x86_64: + - grub2 grub2-efi-x64 efibootmgr shim + - microcode_ctl + +exclude-packages: + - kernel-debug-core + +remove-from-packages: +# The grub bits are mainly designed for desktops, and IMO haven't seen + # enough testing in concert with ostree. At some point we'll flesh out + # the full plan in https://github.com/coreos/fedora-coreos-tracker/issues/47 +- [grub2-tools, /etc/grub.d/08_fallback_counting, + /etc/grub.d/10_reset_boot_success, + /etc/grub.d/12_menu_auto_hide, + /usr/lib/systemd/.*] repos: - fedora-base - fedora-updates - -container: - oci: true - diff --git a/images/shared/base.yaml b/images/shared/base.yaml index 51e1d08..65726dc 100644 --- a/images/shared/base.yaml +++ b/images/shared/base.yaml @@ -161,11 +161,40 @@ postprocess: rm -rf /etc/systemd/user/* systemctl --user --global preset-all +#Selected ownership fixes for files in /etc & /var owned by a dynamic UID/GID +# See: https://gitlab.com/fedora/ostree/sig/-/issues/90 + - | + #!/bin/bash + set -xeuo pipefail + cat > /usr/lib/tmpfiles.d/90-atomic-desktops-ownership-fixes.conf << 'EOF' + Z /var/lib/passim - passim passim + Z /var/log/passim - passim passim + Z /etc/colord/ - colord colord + EOF + #Enable Compose FS + - | + #!/usr/bin/env bash + set -xeuo pipefail + cat >> /usr/lib/ostree/prepare-root.conf << 'EOF' + [composefs] + enabled = yes + EOF + + #Sysroot read-only + - | + #!/usr/bin/env bash + set -xeuo pipefail + + install -dm 0755 -o 0 -g 0 /usr/lib/ostree + cat >> /usr/lib/ostree/prepare-root.conf << 'EOF' + [sysroot] + readonly = true + EOF packages: - - kernel + # systemd. Also name systemd-pam because it was dropped to a recommends # but we still want it for handling user logins/sessions. - systemd systemd-pam @@ -176,21 +205,4 @@ packages: - xfsprogs e2fsprogs dosfstools - bootupd -packages-x86_64: - - grub2 grub2-efi-x64 efibootmgr shim - - microcode_ctl - -exclude-packages: - - kernel-debug-core - - # The grub bits are mainly designed for desktops, and IMO haven't seen - # enough testing in concert with ostree. At some point we'll flesh out - # the full plan in https://github.com/coreos/fedora-coreos-tracker/issues/47 - -remove-from-packages: -- [grub2-tools, /etc/grub.d/08_fallback_counting, - /etc/grub.d/10_reset_boot_success, - /etc/grub.d/12_menu_auto_hide, - /usr/lib/systemd/.*] -