feat: Automatically set up Brew if not already configured. (#949)

ublue-os · Feb 26, 2024 · fad9acd · fad9acd
1 parent e5b52e8
commit fad9acd
Show file tree

Hide file tree

Showing 14 changed files with 49 additions and 29 deletions.
diff --git a/Containerfile b/Containerfile
@@ -81,6 +81,8 @@ COPY --from=ghcr.io/ublue-os/bluefin-cli /usr/bin/atuin /usr/bin/atuin
 COPY --from=ghcr.io/ublue-os/bluefin-cli /usr/share/bash-prexec /usr/share/bash-prexec
 
 RUN wget https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo && \
+    wget https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh -O /usr/libexec/brew-install && \
+    chmod +x /usr/libexec/brew-install && \
     /tmp/build.sh && \
     /tmp/image-info.sh && \
     /tmp/fetch-quadlets.sh && \

diff --git a/usr/bin/ublue-nix-install b/usr/bin/ublue-nix-install
diff --git a/usr/bin/ublue-nix-uninstall b/usr/bin/ublue-nix-uninstall
diff --git a/usr/lib/systemd/system/ublue-system-flatpak-manager.service b/usr/lib/systemd/system/ublue-system-flatpak-manager.service
@@ -6,7 +6,7 @@ After=network-online.target ublue-system-setup.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/ublue-system-flatpak-manager
+ExecStart=/usr/libexec/ublue-system-flatpak-manager
 Restart=on-failure
 RestartSec=30
 StartLimitInterval=0

diff --git a/usr/lib/systemd/system/ublue-system-setup.service b/usr/lib/systemd/system/ublue-system-setup.service
@@ -6,7 +6,7 @@ Before=systemd-user-sessions.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/bin/ublue-system-setup
+ExecStart=/usr/libexec/ublue-system-setup
 
 [Install]
 WantedBy=multi-user.target
diff --git a/usr/lib/systemd/user/ublue-user-flatpak-manager.service b/usr/lib/systemd/user/ublue-user-flatpak-manager.service
@@ -6,7 +6,7 @@ After=network-online.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/ublue-user-flatpak-manager
+ExecStart=/usr/libexec/ublue-user-flatpak-manager
 Restart=on-failure
 RestartSec=30
 StartLimitInterval=0

diff --git a/usr/lib/systemd/user/ublue-user-setup.service b/usr/lib/systemd/user/ublue-user-setup.service
@@ -3,7 +3,7 @@ Description=Configure system for current user
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/ublue-user-setup
+ExecStart=/usr/libexec/ublue-user-setup
 
 [Install]
 WantedBy=default.target
diff --git a/usr/libexec/ublue-privileged-user-setup b/usr/libexec/ublue-privileged-user-setup
@@ -0,0 +1,7 @@
+#!/usr/bin/bash
+
+# Enable NTP
+timedatectl set-ntp true
+
+# Allow Tailscale Control
+tailscale set --operator="$(getent passwd $PKEXEC_UID | cut -d: -f1)"
diff --git a/usr/bin/ublue-system-flatpak-manager → usr/libexec/ublue-system-flatpak-manager b/usr/bin/ublue-system-flatpak-manager → usr/libexec/ublue-system-flatpak-manager
diff --git a/usr/bin/ublue-system-setup → usr/libexec/ublue-system-setup b/usr/bin/ublue-system-setup → usr/libexec/ublue-system-setup
@@ -5,7 +5,7 @@ IMAGE_NAME=$(jq -r '."image-name"' < $IMAGE_INFO)
 IMAGE_FLAVOR=$(jq -r '."image-flavor"' < $IMAGE_INFO)
 
 # SCRIPT VERSION
-HWS_VER=1
+HWS_VER=2
 HWS_VER_FILE="/etc/ublue/hws_version"
 HWS_VER_RAN=$(cat $HWS_VER_FILE)
 

diff --git a/usr/bin/ublue-user-flatpak-manager → usr/libexec/ublue-user-flatpak-manager b/usr/bin/ublue-user-flatpak-manager → usr/libexec/ublue-user-flatpak-manager
diff --git a/usr/bin/ublue-user-setup → usr/libexec/ublue-user-setup b/usr/bin/ublue-user-setup → usr/libexec/ublue-user-setup
@@ -28,9 +28,6 @@ fi
 IMAGE_INFO="/usr/share/ublue-os/image-info.json"
 IMAGE_NAME=$(jq -r '."image-name"' < $IMAGE_INFO)
 
-# Enable NTP
-timedatectl set-ntp true
-
 # Ensure custom ptyxis theme is present
 PTYXIS_THEME_DIR="/usr/etc/skel/.local/share/org.gnome.Ptyxis/palettes"
 PTYXIS_DIR="$HOME/.local/share/org.gnome.Ptyxis/palettes"
@@ -39,6 +36,14 @@ if [[ ! -f "$PTYXIS_DIR/catppuccin-dynamic.palette" ]]; then
   cp "$PTYXIS_THEME_DIR/catppuccin-dynamic.palette" "$PTYXIS_DIR/catppuccin-dynamic.palette"
 fi
 
+# Install brew
+if [[ ! -x /var/home/linuxbrew/.linuxbrew/bin/brew ]]; then
+  NONINTERACTIVE=1 /usr/libexec/brew-install
+fi
+
+# Handle privileged tasks
+pkexec /usr/libexec/ublue-privileged-user-setup
+
 # Prevent future executions
 echo "Writing state file"
 echo $USER_SETUP_VER > $USER_SETUP_VER_FILE
diff --git a/usr/share/polkit-1/actions/org.ublue.privileged.user.setup.policy b/usr/share/polkit-1/actions/org.ublue.privileged.user.setup.policy
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+  <vendor>Universal Blue</vendor>
+  <vendor_url>https://github.com/ublue-os/</vendor_url>
+
+  <action id="org.ublue.policykit.privileged.user.setup">
+    <description>Allows certain user configuration tasks to run as root</description>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>yes</allow_any>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/libexec/ublue-privileged-user-setup</annotate>
+  </action>
+
+</policyconfig>
diff --git a/usr/share/polkit-1/rules.d/20-privileged-ruser.rules b/usr/share/polkit-1/rules.d/20-privileged-ruser.rules
@@ -0,0 +1,6 @@
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.ublue.policykit.privileged.user.setup") &&
+         subject.isInGroup("wheel")) {
+        return polkit.Result.YES;
+    }
+});