big fucking update

SoMuchForSubtlety · Oct 29, 2024 · fc20d36 · fc20d36
1 parent ebdb1db
commit fc20d36
Show file tree

Hide file tree

Showing 144 changed files with 1,324 additions and 1,199 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/Containerfile b/Containerfile
@@ -1,117 +1,45 @@
 ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME:-silverblue}"
 ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-main}"
 ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-main}"
-ARG SOURCE_IMAGE="${SOURCE_IMAGE:-$BASE_IMAGE_NAME-$IMAGE_FLAVOR}"
+ARG SOURCE_IMAGE="${SOURCE_IMAGE:-${BASE_IMAGE_NAME}-${IMAGE_FLAVOR}}"
 ARG BASE_IMAGE="ghcr.io/ublue-os/${SOURCE_IMAGE}"
-ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
+ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
+ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}"
+ARG KERNEL="${KERNEL:-6.9.12-200.fc40.x86_64}"
 ARG TARGET_BASE="${TARGET_BASE:-os}"
 
-FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS os
+# FROM's for Mounting
+ARG KMOD_SOURCE_COMMON="ghcr.io/ublue-os/akmods:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION}"
+ARG ZFS_CACHE="ghcr.io/ublue-os/akmods-zfs:coreos-stable-${FEDORA_MAJOR_VERSION}"
+ARG NVIDIA_CACHE="ghcr.io/ublue-os/akmods-nvidia:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION}"
+ARG KERNEL_CACHE="ghcr.io/ublue-os/${AKMODS_FLAVOR}-kernel:${KERNEL}"
+FROM ${KMOD_SOURCE_COMMON} AS akmods
+FROM ${ZFS_CACHE} AS zfs_cache
+FROM ${NVIDIA_CACHE} AS nvidia_cache
+FROM ${KERNEL_CACHE} AS kernel_cache
+
+FROM scratch AS ctx
+COPY / /
+
+FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS base
 
 ARG IMAGE_NAME="${IMAGE_NAME}"
 ARG IMAGE_VENDOR="${IMAGE_VENDOR}"
 ARG IMAGE_FLAVOR="${IMAGE_FLAVOR}"
 ARG AKMODS_FLAVOR="${AKMODS_FLAVOR}"
 ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}"
-ARG PACKAGE_LIST="os"
-
-COPY etc /etc
-COPY usr /usr
-COPY just /tmp/just
-COPY etc/yum.repos.d/ /etc/yum.repos.d/
-COPY packages.json /tmp/packages.json
-COPY build.sh /tmp/build.sh
-COPY image-info.sh /tmp/image-info.sh
-COPY workarounds.sh /tmp/workarounds.sh
-COPY optfix.sh /tmp/optfix.sh
-COPY completions.sh /tmp/completions.sh
-COPY apply-patches.sh /tmp/apply-patches.sh
-COPY patches patches/ /tmp/patches/
-
-# Copy ublue-update.toml to tmp first, to avoid being overwritten.
-COPY usr/etc/ublue-update/ublue-update.toml /tmp/ublue-update.toml
-
-# Add ublue kmods, add needed negativo17 repo and then immediately disable due to incompatibility with RPMFusion
-COPY --from=ghcr.io/ublue-os/akmods:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION} /rpms /tmp/akmods-rpms
-RUN sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo && \
-    wget https://negativo17.org/repos/fedora-multimedia.repo -O /etc/yum.repos.d/negativo17-fedora-multimedia.repo && \
-    if [[ "${FEDORA_MAJOR_VERSION}" -ge "39" ]]; then \
-        rpm-ostree install \
-            /tmp/akmods-rpms/kmods/*xpadneo*.rpm \
-            /tmp/akmods-rpms/kmods/*xone*.rpm \
-            /tmp/akmods-rpms/kmods/*openrazer*.rpm \
-            /tmp/akmods-rpms/kmods/*v4l2loopback*.rpm \
-            /tmp/akmods-rpms/kmods/*wl*.rpm \
-    ; fi && \
-    # Don't install evdi on asus because of conflicts
-    if grep -qv "asus" <<< "${AKMODS_FLAVOR}"; then \
-        rpm-ostree install \
-            /tmp/akmods-rpms/kmods/*evdi*.rpm \
-    ; fi && \
-    sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/negativo17-fedora-multimedia.repo
+ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}"
+ARG KERNEL="${KERNEL:-6.10.10-200.fc40.x86_64}"
 
 # packages that write to /opt during install
-RUN /tmp/optfix.sh
-RUN cat /etc/yum.repos.d/google-chrome.repo
-RUN rpm-ostree install $(curl -s https://api.github.com/repos/MuhammedKalkan/OpenLens/releases/latest | jq -r '.assets[] | select(.name | test("^OpenLens.*x86_64.rpm$")).browser_download_url')
-# see https://github.com/fedora-silverblue/issue-tracker/issues/408
-RUN sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/google-chrome.repo
-RUN sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/google-chrome.repo
-RUN rpm-ostree install google-chrome-stable
-# fix symlinks pointing to /opt
-RUN rm /usr/bin/open-lens
-RUN ln -s /usr/lib/opt/OpenLens/open-lens /usr/bin/open-lens
-RUN rm /usr/bin/google-chrome-stable
-RUN ln -s /usr/lib/opt/google/chrome/google-chrome /usr/bin/google-chrome-stable
-
-# add copr for morewaita-icon-theme
-RUN wget https://copr.fedorainfracloud.org/coprs/dusansimic/themes/repo/fedora-"${FEDORA_MAJOR_VERSION}"/dusansimic-themes-fedora-"${FEDORA_MAJOR_VERSION}".repo \
-    -O /etc/yum.repos.d/_copr_dusansimic-themes.repo
-# nerd fonts repo
-RUN wget https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/che-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo \
-    -O /etc/yum.repos.d/che-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo
-
-RUN wget https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo && \
-    /tmp/build.sh && \
-    /tmp/image-info.sh && \
-    pip install --prefix=/usr yafti && \
-    pip install --prefix=/usr topgrade && \
-    rpm-ostree install ublue-update && \
-    mkdir -p /usr/etc/flatpak/remotes.d && \
-    wget -q https://dl.flathub.org/repo/flathub.flatpakrepo -P /usr/etc/flatpak/remotes.d && \
-    cp /tmp/ublue-update.toml /usr/etc/ublue-update/ublue-update.toml && \
-    systemctl enable rpm-ostree-countme.service && \
-    systemctl enable tailscaled.service && \
-    systemctl enable dconf-update.service && \
-    systemctl enable ublue-update.timer && \
-    systemctl enable ublue-system-setup.service && \
-    systemctl enable ublue-system-flatpak-manager.service && \
-    systemctl --global enable ublue-user-flatpak-manager.service && \
-    systemctl --global enable ublue-user-setup.service && \
-    fc-cache -f /usr/share/fonts/ubuntu && \
-    fc-cache -f /usr/share/fonts/inter && \
-    find /tmp/just -iname '*.just' -exec printf "\n\n" \; -exec cat {} \; >> /usr/share/ublue-os/just/60-custom.just && \
-    rm -f /etc/yum.repos.d/tailscale.repo && \
-    rm -f /etc/yum.repos.d/charm.repo && \
-    rm -f /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo && \
-    rm -f /etc/yum.repos.d/gh-cli.repo && \
-    rm -f /etc/yum.repos.d/vscode.repo && \
-    rm -f /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo && \
-    rm -f /etc/yum.repos.d/fedora-cisco-openh264.repo && \
-    rm -f /etc/yum.repos.d/docker-ce.repo && \
-    rm -f /etc/yum.repos.d/_copr_dusansimic-themes.repo && \
-    rm -f /etc/yum.repos.d/_copr_che-nerd-fonts-"${FEDORA_MAJOR_VERSION}" && \
-    echo "Hidden=true" >> /usr/share/applications/fish.desktop && \
-    echo "Hidden=true" >> /usr/share/applications/htop.desktop && \
-    echo "Hidden=true" >> /usr/share/applications/nvtop.desktop && \
-    echo "Hidden=true" >> /usr/share/applications/gnome-system-monitor.desktop
+# RUN /tmp/optfix.sh
+# RUN cat /etc/yum.repos.d/google-chrome.repo
+# RUN rpm-ostree install $(curl -s https://api.github.com/repos/MuhammedKalkan/OpenLens/releases/latest | jq -r '.assets[] | select(.name | test("^OpenLens.*x86_64.rpm$")).browser_download_url')
 
-# apply patches
-RUN /tmp/apply-patches.sh
-
-# manually add symlinks for alternatives, see https://github.com/coreos/rpm-ostree/issues/1614
-RUN /tmp/workarounds.sh
+# fix symlinks pointing to /opt
+# RUN rm /usr/bin/open-lens
+# RUN ln -s /usr/lib/opt/OpenLens/open-lens /usr/bin/open-lens
 
 COPY --from=cgr.dev/chainguard/dive:latest /usr/bin/dive /usr/bin/dive
 COPY --from=cgr.dev/chainguard/flux:latest /usr/bin/flux /usr/bin/flux
@@ -120,60 +48,21 @@ COPY --from=cgr.dev/chainguard/ko:latest /usr/bin/ko /usr/bin/ko
 COPY --from=cgr.dev/chainguard/pulumi:latest /usr/bin/pulumi /usr/bin/pulumi
 COPY --from=cgr.dev/chainguard/pulumi:latest /usr/bin/pulumi-language-nodejs /usr/bin/pulumi-language-nodejs
 
-# install bw cli
-RUN curl -Lo /tmp/bw-linux.zip "https://vault.bitwarden.com/download/?app=cli&platform=linux"
-RUN unzip -d /usr/bin /tmp/bw-linux.zip bw
-RUN chmod +x /usr/bin/bw
-
-# install ksh
-RUN curl -Lo ./ksh "https://github.com/samox73/ksh/releases/latest/download/ksh" && \
-    chmod +x ./ksh && \
-    mv ./ksh /usr/bin/ksh
-
-# install kind
-RUN curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64" && \
-    chmod +x ./kind && \
-    mv ./kind /usr/bin/kind
-
-# Install kns/kctx and add completions for Bash
-RUN wget https://raw.githubusercontent.com/ahmetb/kubectx/master/kubectx -O /usr/bin/kubectx && \
-    wget https://raw.githubusercontent.com/ahmetb/kubectx/master/kubens -O /usr/bin/kubens && \
-    chmod +x /usr/bin/kubectx /usr/bin/kubens
-# install talosctl
-RUN curl -Lo ./talosctl "https://github.com/siderolabs/talos/releases/latest/download/talosctl-linux-amd64" && \
-    chmod +x ./talosctl && \
-    mv ./talosctl /usr/bin/talosctl
-# install sops
-RUN curl -Lo ./sops $(curl -s https://api.github.com/repos/getsops/sops/releases/latest | jq -r '.assets[] | select(.name | test("linux.amd64$")).browser_download_url') && \
-    chmod +x ./sops && \
-    mv ./sops /usr/bin/sops
-# install yq
-RUN curl -Lo ./yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64" && \
-    chmod +x ./yq && \
-    mv ./yq /usr/bin/yq
-# install crd2pulumi
-RUN curl -Lo ./crd2pulumi $(curl -s https://api.github.com/repos/pulumi/crd2pulumi/releases/latest | jq -r '.assets[] | select(.name | test("linux-amd64")).browser_download_url') && \
-    tar xf crd2pulumi --wildcards crd2pulumi && \
-    chmod +x ./crd2pulumi && \
-    mv ./crd2pulumi /usr/bin/crd2pulumi
-# install eksctl
-RUN curl -s -L "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz" | tar -xzf - && \
-    mv ./eksctl /usr/bin/eksctl
-# install goldwarden
-RUN rpm-ostree install $(curl -s https://api.github.com/repos/quexten/goldwarden/releases/latest | jq -r '.assets[] | select(.name | test("^goldwarden.*x86_64.rpm$")).browser_download_url')
-
-# shell completions
-RUN /tmp/completions.sh
-
-# Set up services
-RUN systemctl enable docker.socket && \
-    systemctl enable podman.socket && \
-    systemctl enable swtpm-workaround.service && \
-    systemctl disable pmie.service && \
-    systemctl disable pmlogger.service
-
-RUN wget https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -O /tmp/docker-compose && \
-    install -c -m 0755 /tmp/docker-compose /usr/bin
+RUN --mount=type=cache,dst=/var/cache/rpm-ostree \
+    --mount=type=bind,from=ctx,source=/,target=/ctx \
+    --mount=type=bind,from=akmods,source=/rpms,target=/tmp/akmods \
+    --mount=type=bind,from=nvidia_cache,source=/rpms,target=/tmp/akmods-rpms \
+    --mount=type=bind,from=kernel_cache,source=/tmp/rpms,target=/tmp/kernel-rpms \
+    --mount=type=bind,from=zfs_cache,source=/rpms,target=/tmp/akmods-zfs \
+    rpm-ostree cliwrap install-to-root / && \
+    mkdir -p /var/lib/alternatives && \
+    /ctx/build_files/build-base.sh  && \
+    mv /var/lib/alternatives /staged-alternatives && \
+    /ctx/build_files/clean-stage.sh && \
+    ostree container commit && \
+    mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \
+    mkdir -p /var/tmp && \
+    chmod -R 1777 /var/tmp
 
 RUN rm -rf /tmp/* /var/*
 RUN ostree container commit
diff --git a/Justfile b/Justfile
@@ -0,0 +1,100 @@
+export project_root := `git rev-parse --show-toplevel`
+export git_branch := ` git branch --show-current`
+
+alias run := run-container
+
+_default:
+    @just help
+
+_container_mgr:
+    @{{ project_root }}/scripts/container_mgr.sh
+
+_base_image image:
+    @{{ project_root }}/scripts/base-image.sh {{ image }}
+
+_tag image target:
+    @{{ project_root }}/scripts/make-tag.sh {{ image }} {{ target }}
+
+# Check Just Syntax
+just-check:
+    #!/usr/bin/bash
+    find "${project_root}" -type f -name "*.just" | while read -r file; do
+    	echo "Checking syntax: $file"
+    	just --unstable --fmt --check -f $file 
+    done
+    echo "Checking syntax: ${project_root}/Justfile"
+    just --unstable --fmt --check -f ${project_root}/Justfile
+
+# Fix Just Syntax
+just-fix:
+    #!/usr/bin/bash
+    find "${project_root}" -type f -name "*.just" | while read -r file; do
+    	echo "Checking syntax: $file"
+    	just --unstable --fmt -f $file
+    done
+    echo "Checking syntax: ${project_root}/Justfile"
+    just --unstable --fmt -f ${project_root}/Justfile || { exit 1; }
+
+# Build Image
+build image="" target="" version="":
+    @{{ project_root }}/scripts/build-image.sh {{ image }} {{ target }} {{ version }}
+
+# Run image
+run-container image="" target="" version="":
+    @{{ project_root }}/scripts/run-image.sh {{ image }} {{ target }} {{ version }}
+
+# # Run Booted Image Session w/ Guest
+# run-booted-guest image="" target="" version="":
+#     @{{ project_root }}/scripts/run-booted-guest.sh {{ image }} {{ target }} {{ version }}
+# # Run Booted Image Session w/ mounted in $USER and $HOME
+# run-booted-home image="" target="" version="":
+#     @{{ project_root }}/scripts/run-booted-home.sh {{ image }} {{ target }} {{ version }}
+
+# Create ISO from local dev build image
+build-iso image="" target="" version="":
+    @{{ project_root }}/scripts/build-iso.sh {{ image }} {{ target }} {{ version }}
+
+# Create ISO from local dev build image - use build-container-installer:main
+build-iso-installer-main image="" target="" version="":
+    @{{ project_root }}/scripts/build-iso-installer-main.sh {{ image }} {{ target }} {{ version }}
+
+# Run ISO from local dev build image
+run-iso image="" target="" version="":
+    @{{ project_root }}/scripts/run-iso.sh {{ image }} {{ target }} {{ version }}
+
+# Create ISO from currenct ghcr image
+build-iso-ghcr image="" target="" version="":
+    @{{ project_root }}/scripts/build-iso-ghcr.sh {{ image }} {{ target }} {{ version }}
+
+# Clean Directory. Remove ISOs and Build Files
+clean:
+    @{{ project_root }}/scripts/cleanup-dir.sh
+
+# Remove built images
+clean-images:
+    @{{ project_root }}/scripts/cleanup-images.sh
+
+# List Built Images
+list-images:
+    @{{ project_root }}/scripts/list-images.sh
+
+[private]
+help:
+    #!/usr/bin/bash
+    echo "                                                                              "
+    echo "These are helper scripts for building and testing development images          "
+    echo "                                                                              "
+    echo "You can run dev images either in 'booted like' setup with 'just run-booted'   "
+    echo "Or in a more stripped down version with 'just run'                            "
+    echo "Specify which image you wish to build and run by name.                        "
+    echo "Example: 'just run-container aurora' -> runs aurora without systemd           "
+    echo "                                                                              "
+    echo "Helper scripts are in 'project_root/scripts'.                                 "
+    echo "                                                                              "
+    echo "Modify the 'devcontainer.json' in 'project_root/.devcontainer' to support     "
+    echo "Running the devcontainer with podman or docker                                "
+    echo "Manually specify container manager with '$CONTAINER_MGR' enviornment variable "
+    echo "                                                                              "
+    just --list
+
+os: (build "os" "base" "stable")
diff --git a/apply-patches.sh b/apply-patches.sh
diff --git a/usr/etc/flatpak/system/install → bluefin_flatpaks/flatpaks_with_deps b/usr/etc/flatpak/system/install → bluefin_flatpaks/flatpaks_with_deps
diff --git a/build_files/apply-patches.sh b/build_files/apply-patches.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -oue pipefail
+
+for i in /ctx/patches/*.patch; do patch -d/ -p0 < "$i"; done
diff --git a/build_files/bootc.sh b/build_files/bootc.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+
+if [ "$FEDORA_MAJOR_VERSION" -ge "40" ]; then
+    /usr/bin/bootupctl backend generate-update-metadata
+fi
diff --git a/build_files/build-base.sh b/build_files/build-base.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/bash
+# shellcheck disable=SC1091
+
+set -ouex pipefail
+
+cp -r /ctx/just /tmp/just
+cp /ctx/packages.json /tmp/packages.json
+cp /ctx/system_files/etc/ublue-update/ublue-update.toml /tmp/ublue-update.toml
+
+rsync -rvK /ctx/system_files/ /
+
+/ctx/build_files/firmware.sh
+/ctx/build_files/cache_kernel.sh
+/ctx/build_files/copr-repos.sh
+/ctx/build_files/install-akmods.sh
+/ctx/build_files/packages.sh
+/ctx/build_files/nvidia.sh
+/ctx/build_files/image-info.sh
+/ctx/build_files/fetch-install.sh
+/ctx/build_files/font-install.sh
+/ctx/build_files/systemd.sh
+/ctx/build_files/initramfs.sh
+/ctx/build_files/bootc.sh
+/ctx/build_files/cleanup.sh
+/ctx/build_files/image-info.sh
+/ctx/build_files/workarounds.sh
+/ctx/build_files/apply-patches.sh
+/ctx/build_files/completions.sh
+
diff --git a/build_files/cache_kernel.sh b/build_files/cache_kernel.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/bash
+
+set -eoux pipefail
+
+if [[ -n "${NVIDIA_TYPE:-}" ]]; then
+    rpm-ostree override replace --experimental \
+        /tmp/kernel-rpms/kernel-[0-9]*.rpm \
+        /tmp/kernel-rpms/kernel-core-*.rpm \
+        /tmp/kernel-rpms/kernel-modules-*.rpm
+fi
diff --git a/build_files/clean-stage.sh b/build_files/clean-stage.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+set -eoux pipefail
+shopt -s extglob
+
+rm -rf /tmp/* || true
+rm -rf /var/!(cache)
+rm -rf /var/cache/!(rpm-ostree)