diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0d7c8ee5..0595aeeb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,8 +7,6 @@ on: workflow_dispatch: env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - BASE_FLAVOR: nokmods - MAIN_FLAVOR: main jobs: push-ghcr: @@ -31,6 +29,7 @@ jobs: - mate - vauxite major_version: [37, 38, 39] + build_target: [nokmods, kmods] include: - major_version: 37 is_latest_version: false @@ -55,6 +54,11 @@ jobs: major_version: 38 - image_name: vauxite major_version: 39 + # THE FOLLOWING EXCLUDE IS MESSY BUT TEMPORARY UNTIL F38 IS GONE + # see: https://github.com/ublue-os/main/issues/369 + # Fedora 39+ images do not include custom kmods (legacy) + - build_target: kmods + major_version: 39 steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 @@ -64,14 +68,27 @@ jobs: uses: actions/checkout@v4 - name: Matrix Variables + shell: bash run: | if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then echo "SOURCE_IMAGE=base" >> $GITHUB_ENV else echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV fi - echo "BASE_IMAGE=${{ matrix.image_name }}-${{ env.BASE_FLAVOR }}" >> $GITHUB_ENV - echo "MAIN_IMAGE=${{ matrix.image_name }}-${{ env.MAIN_FLAVOR }}" >> $GITHUB_ENV + # THE FOLLOWING IS MESSY BUT TEMPORARY UNTIL F38 IS GONE + # see: https://github.com/ublue-os/main/issues/369 + # Fedora 39+ images do not include custom kmods (legacy) + if [[ "${{ matrix.major_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + export IMAGE_FLAVOR=main + elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + export IMAGE_FLAVOR=nokmods + elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then + export IMAGE_FLAVOR=main + else + echo "ERROR: invalid workflow request - ${{ matrix.major_version }} - ${{ matrix.build_target }}" + exit 1 + fi + echo "IMAGE_NAME=${{ matrix.image_name }}-${IMAGE_FLAVOR}" >> $GITHUB_ENV - name: Generate tags id: generate-tags @@ -134,59 +151,28 @@ jobs: ver=$(skopeo inspect docker://quay.io/fedora-ostree-desktops/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') echo "VERSION=$ver" >> $GITHUB_OUTPUT - # Build metadata - - name: Base Image Metadata - uses: docker/metadata-action@v5 - id: meta-base - with: - images: | - ${{ env.BASE_IMAGE }} - labels: | - org.opencontainers.image.title=${{ env.BASE_IMAGE }} - org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} - org.opencontainers.image.description=A base Universal Blue ${{ matrix.image_name }} image with no extra kmod or kernel packages - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md - io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - - name: Main Image Metadata + # Generate image metadata + - name: Image Metadata uses: docker/metadata-action@v5 id: meta-main with: images: | - ${{ env.MAIN_IMAGE }} + ${{ env.IMAGE_NAME }} labels: | - org.opencontainers.image.title=${{ env.MAIN_IMAGE }} + org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} org.opencontainers.image.description=A base Universal Blue ${{ matrix.image_name }} image with batteries included io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 # Build image using Buildah action - - name: Build Base Image - id: build_image-base - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.BASE_IMAGE }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - IMAGE_NAME=${{ matrix.image_name }} - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} - labels: ${{ steps.meta-base.outputs.labels }} - oci: false - extra-args: | - --target=${{ env.BASE_FLAVOR }} - - - name: Build Main Image + - name: Build Image id: build_image-main uses: redhat-actions/buildah-build@v2 with: containerfiles: | ./Containerfile - image: ${{ env.MAIN_IMAGE }} + image: ${{ env.IMAGE_NAME }} tags: | ${{ steps.generate-tags.outputs.alias_tags }} build-args: | @@ -196,7 +182,7 @@ jobs: labels: ${{ steps.meta-main.outputs.labels }} oci: false extra-args: | - --target=${{ env.MAIN_FLAVOR }} + --target=${{ matrix.build_target }} # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 diff --git a/Containerfile b/Containerfile index b60fd653..80ae7a0c 100644 --- a/Containerfile +++ b/Containerfile @@ -9,40 +9,45 @@ ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-38}" COPY github-release-install.sh \ - nokmods-install.sh \ - nokmods-post-install.sh \ - nokmods-packages.json \ + install.sh \ + post-install.sh \ + packages.sh \ + packages.json \ /tmp/ COPY --from=ghcr.io/ublue-os/config:latest /rpms /tmp/rpms +COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/ublue-os /tmp/rpms RUN wget https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-$(rpm -E %fedora)/ublue-os-staging-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_ublue-os_staging.repo && \ wget https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-$(rpm -E %fedora)/kylegospo-oversteer-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_kylegospo_oversteer.repo && \ - /tmp/nokmods-install.sh && \ - /tmp/nokmods-post-install.sh && \ + /tmp/install.sh && \ + /tmp/post-install.sh && \ ## bootc wget https://copr.fedorainfracloud.org/coprs/rhcontainerbot/bootc/repo/fedora-"${FEDORA_MAJOR_VERSION}"/bootc-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/bootc.repo && \ rpm-ostree install bootc && \ rm -f /etc/yum.repos.d/bootc.repo && \ rm -f /etc/yum.repos.d/_copr_ublue-os_staging.repo && \ rm -f /etc/yum.repos.d/_copr_kylegospo_oversteer.repo && \ - rm -rf /tmp/* /var/* - -RUN ostree container commit && \ + rm -rf /tmp/* /var/* && \ + ostree container commit && \ mkdir -p /var/tmp && chmod -R 1777 /var/tmp -FROM nokmods AS main + +# !!! WARNING - KMODS IN MAIN IMAGES ARE DEPRECATED !!! + +# Only "legacy" (Fedora 38 and older) have custom kmods included in the "main" images. +FROM nokmods AS kmods ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-38}" -COPY main-install.sh /tmp/main-install.sh -COPY main-sys_files / +COPY kmods-install.sh /tmp/kmods-install.sh +COPY kmods-sys_files /tmp/kmods-files COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms /tmp/akmods-rpms -RUN /tmp/main-install.sh && \ - rm -rf /tmp/* /var/* - -RUN ostree container commit && \ +# kmods-install.sh will error if running in Fedora 39 or newer. +RUN /tmp/kmods-install.sh && \ + rm -rf /tmp/* /var/* && \ + ostree container commit && \ mkdir -p /var/tmp && chmod -R 1777 /var/tmp diff --git a/install.sh b/install.sh new file mode 100755 index 00000000..8450713a --- /dev/null +++ b/install.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +set -ouex pipefail + +RELEASE="$(rpm -E %fedora)" + +wget -P /tmp/rpms \ + https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm \ + https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm + +rpm-ostree install \ + /tmp/rpms/*.rpm \ + fedora-repos-archive + +# force use of single rpmfusion mirror +sed -i.bak 's%^metalink=%#metalink=%' /etc/yum.repos.d/rpmfusion-*.repo +sed -i 's%^#baseurl=http://download1.rpmfusion.org%baseurl=http://mirrors.ocf.berkeley.edu/rpmfusion%' /etc/yum.repos.d/rpmfusion-*.repo +# after F39 launches, bump to 40 +if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then + sed -i 's%free/fedora/releases%free/fedora/development%' /etc/yum.repos.d/rpmfusion-*.repo +fi + +# run common packages script +/tmp/packages.sh + +## install packages direct from github +/tmp/github-release-install.sh sigstore/cosign x86_64 + +# reset forced use of single rpmfusion mirror +rename -v .repo.bak .repo /etc/yum.repos.d/rpmfusion-*repo.bak diff --git a/main-install.sh b/kmods-install.sh similarity index 56% rename from main-install.sh rename to kmods-install.sh index 27d10c70..5646e2ac 100755 --- a/main-install.sh +++ b/kmods-install.sh @@ -2,7 +2,22 @@ set -ouex pipefail -rpm-ostree install /tmp/akmods-rpms/ublue-os/ublue-os-akmods-addons*.rpm +# !!! WARNING - KMODS IN MAIN IMAGES ARE DEPRECATED !!! + +echo "DEPRECATED: Universal Blue will not include kmods in *-main images for Fedora 39 and newer." + +# Only run if FEDORA_MAJOR_VERSION is less than 39 +if [[ ${FEDORA_MAJOR_VERSION} -gt 38 ]]; then \ + exit 1 +fi + +# proceed with rest of script without further version checks + + +# copy kmods related files into image filesystem +cp -rf /tmp/kmods-files/* / + + for REPO in $(rpm -ql ublue-os-akmods-addons|grep ^"/etc"|grep repo$); do echo "akmods: enable default entry: ${REPO}" sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' ${REPO} @@ -16,18 +31,14 @@ if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then sed -i 's%free/fedora/releases%free/fedora/development%' /etc/yum.repos.d/rpmfusion-*.repo fi -# Only run if FEDORA_MAJOR_VERSION is not 39 -if grep -qv "39" <<< $FEDORA_MAJOR_VERSION; then - rpm-ostree install \ - kernel-devel-matched \ - kernel-tools \ - /tmp/akmods-rpms/kmods/*xpadneo*.rpm \ - /tmp/akmods-rpms/kmods/*xpad-noone*.rpm \ - /tmp/akmods-rpms/kmods/*xone*.rpm \ - /tmp/akmods-rpms/kmods/*openrazer*.rpm \ - /tmp/akmods-rpms/kmods/*v4l2loopback*.rpm \ - /tmp/akmods-rpms/kmods/*wl*.rpm -fi +rpm-ostree install \ + kernel-devel-matched \ + /tmp/akmods-rpms/kmods/*xpadneo*.rpm \ + /tmp/akmods-rpms/kmods/*xpad-noone*.rpm \ + /tmp/akmods-rpms/kmods/*xone*.rpm \ + /tmp/akmods-rpms/kmods/*openrazer*.rpm \ + /tmp/akmods-rpms/kmods/*v4l2loopback*.rpm \ + /tmp/akmods-rpms/kmods/*wl*.rpm for REPO in $(rpm -ql ublue-os-akmods-addons|grep ^"/etc"|grep repo$); do echo "akmods: disable per defaults: ${REPO}" diff --git a/main-sys_files/usr/etc/modprobe.d/broadcom-wl-blacklist.conf b/kmods-sys_files/usr/etc/modprobe.d/broadcom-wl-blacklist.conf similarity index 100% rename from main-sys_files/usr/etc/modprobe.d/broadcom-wl-blacklist.conf rename to kmods-sys_files/usr/etc/modprobe.d/broadcom-wl-blacklist.conf diff --git a/main-sys_files/usr/etc/modprobe.d/default-disable-broadcom-wl.conf b/kmods-sys_files/usr/etc/modprobe.d/default-disable-broadcom-wl.conf similarity index 100% rename from main-sys_files/usr/etc/modprobe.d/default-disable-broadcom-wl.conf rename to kmods-sys_files/usr/etc/modprobe.d/default-disable-broadcom-wl.conf diff --git a/nokmods-packages.json b/packages.json similarity index 99% rename from nokmods-packages.json rename to packages.json index 7a43cb53..259bca1c 100644 --- a/nokmods-packages.json +++ b/packages.json @@ -16,6 +16,7 @@ "htop", "intel-media-driver", "just", + "kernel-tools", "libheif-tools", "libratbag-ratbagd", "libva-intel-driver", diff --git a/nokmods-install.sh b/packages.sh similarity index 51% rename from nokmods-install.sh rename to packages.sh index 78bbc045..0c444c38 100755 --- a/nokmods-install.sh +++ b/packages.sh @@ -4,42 +4,28 @@ set -ouex pipefail RELEASE="$(rpm -E %fedora)" +# build list of all packages requested for inclusion INCLUDED_PACKAGES=($(jq -r "[(.all.include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/nokmods-packages.json)) + | sort | unique[]" /tmp/packages.json)) + +# build list of all packages requested for exclusion EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/nokmods-packages.json)) + | sort | unique[]" /tmp/packages.json)) +# ensure exclusion list only contains packages already present on image if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]})) fi -wget -P /tmp/rpms \ - https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm \ - https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm - -rpm-ostree install \ - /tmp/rpms/*.rpm \ - fedora-repos-archive - -# force use of single rpmfusion mirror -sed -i.bak 's%^metalink=%#metalink=%' /etc/yum.repos.d/rpmfusion-*.repo -sed -i 's%^#baseurl=http://download1.rpmfusion.org%baseurl=http://mirrors.ocf.berkeley.edu/rpmfusion%' /etc/yum.repos.d/rpmfusion-*.repo -# after F39 launches, bump to 40 -if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then - sed -i 's%free/fedora/releases%free/fedora/development%' /etc/yum.repos.d/rpmfusion-*.repo -fi - +# simple case to install where no packages need excluding if [[ "${#INCLUDED_PACKAGES[@]}" -gt 0 && "${#EXCLUDED_PACKAGES[@]}" -eq 0 ]]; then rpm-ostree install \ ${INCLUDED_PACKAGES[@]} -elif [[ "${#INCLUDED_PACKAGES[@]}" -eq 0 && "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then - rpm-ostree override remove \ - ${EXCLUDED_PACKAGES[@]} - +# install/excluded packages both at same time elif [[ "${#INCLUDED_PACKAGES[@]}" -gt 0 && "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then rpm-ostree override remove \ ${EXCLUDED_PACKAGES[@]} \ @@ -50,8 +36,18 @@ else fi -## install packages direct from github -/tmp/github-release-install.sh sigstore/cosign x86_64 +# check if any excluded packages are still present +# (this can happen if an included package pulls in a dependency) +EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ + (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ + | sort | unique[]" /tmp/packages.json)) + +if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then + EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]})) +fi -# reset forced use of single rpmfusion mirror -rename -v .repo.bak .repo /etc/yum.repos.d/rpmfusion-*repo.bak +# remove any excluded packages which are still present on image +if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then + rpm-ostree override remove \ + ${EXCLUDED_PACKAGES[@]} +fi diff --git a/nokmods-post-install.sh b/post-install.sh similarity index 100% rename from nokmods-post-install.sh rename to post-install.sh