diff options
| author | seth <[email protected]> | 2024-01-25 08:20:48 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2024-01-25 11:16:13 -0500 |
| commit | c9e0dd7c15260eb73d59b9996a5a9a17548afd59 (patch) | |
| tree | b23d24c9e463a76205ac464e381cb9e6685013f5 | |
| parent | 4a2a030af2daef14c40a16e00ad186ac77796cea (diff) | |
don't use script files
| -rw-r--r-- | Containerfile | 11 | ||||
| -rw-r--r-- | akmods/Containerfile | 65 | ||||
| -rw-r--r-- | akmods/NOTICE.md | 2 | ||||
| -rwxr-xr-x | akmods/build_cert.sh | 8 | ||||
| -rwxr-xr-x | akmods/build_nvidia.sh | 28 | ||||
| -rwxr-xr-x | akmods/install.sh | 7 | ||||
| -rwxr-xr-x | akmods/prep.sh | 27 | ||||
| -rw-r--r-- | base/Containerfile | 66 | ||||
| -rwxr-xr-x | base/initial_setup.sh (renamed from initial_setup.sh) | 0 | ||||
| -rw-r--r-- | base/packages.yaml | 14 | ||||
| -rw-r--r-- | nvidia/Containerfile | 16 | ||||
| -rwxr-xr-x | nvidia/install.sh | 16 | ||||
| -rwxr-xr-x | override.sh | 39 |
13 files changed, 151 insertions, 148 deletions
diff --git a/Containerfile b/Containerfile deleted file mode 100644 index c5f7c39..0000000 --- a/Containerfile +++ /dev/null @@ -1,11 +0,0 @@ -ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-silverblue}" -ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/${IMAGE_FLAVOR}" -ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" - -FROM ${BASE_IMAGE}:${FEDORA_VERSION} as builder - -COPY initial_setup.sh /usr/local/bin/initial_setup.sh -COPY override.sh /tmp/override.sh - -RUN /tmp/override.sh && rpm-ostree cleanup -m && \ - rm -rf /tmp/* /var/* && ostree container commit diff --git a/akmods/Containerfile b/akmods/Containerfile index 5d2c892..8a6a01b 100644 --- a/akmods/Containerfile +++ b/akmods/Containerfile @@ -2,20 +2,71 @@ ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/base" ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" FROM ${BASE_IMAGE}:${FEDORA_VERSION} as builder +ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" ARG NVIDIA_VERSION="${NVIDIA_VERSION:-535}" -COPY prep.sh /tmp/prep.sh -COPY build_*.sh /tmp -COPY install.sh /tmp/install.sh + COPY certs /tmp/certs COPY akmods-cert.spec /tmp/akmods-cert/akmods-cert.spec -RUN /tmp/prep.sh +RUN mkdir -p \ + # this is required for ld to work and build akmods + # see https://github.com/coreos/rpm-ostree/issues/4201 & + # https://github.com/coreos/rpm-ostree/issues/1614 + /var/lib/alternatives \ + # for signed artifacts + /var/cache/rpms/kmods \ + # for akmods public cert + /var/cache/rpms/akmods-cert + +# setup rpmfusion +RUN rpm-ostree install \ + https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${FEDORA_VERSION}.noarch.rpm \ + https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${FEDORA_VERSION}.noarch.rpm + +# install test or real keys +RUN if [ ! -e /tmp/certs/private_key.priv ]; then \ + echo "WARNING: Using test signing key" && \ + cp /tmp/certs/private_key.priv{.test,} && \ + cp /tmp/certs/public_key.der{.test,}; \ +fi + +RUN install -Dm644 {/tmp/certs,/etc/pki/akmods/certs}/public_key.der && \ + install -Dm644 {/tmp/certs,/etc/pki/akmods/private}/private_key.priv + +# install kmods +RUN rpm-ostree install \ + akmods \ + mock \ + # nvidia + akmod-nvidia-${NVIDIA_VERSION}* \ + xorg-x11-drv-nvidia-{cuda,power}-${NVIDIA_VERSION}* + + +# nvidia +RUN export kernel_version="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" && \ + export akmod_version="$(basename "$(rpm -q akmod-nvidia --queryformat '%{VERSION}-%{RELEASE}')" ".fc${release%%.*}")" && \ + akmods --force --kernels "$kernel_version" --kmod nvidia && \ + if ! modinfo /usr/lib/modules/"$kernel_version"/extra/nvidia/nvidia{,-drm,-modeset,-peermem,-uvm}.ko.xz &> /dev/null; then \ + cat /var/cache/akmods/nvidia/"$akmod_version"-for-"$kernel_version".failed.log && exit 1; \ + fi + + +# certificate rpm +RUN install -D /etc/pki/akmods/certs/public_key.der /tmp/akmods-cert/rpmbuild/SOURCES/public_key.der +RUN rpmbuild -ba \ + --define '_topdir /tmp/akmods-cert/rpmbuild' \ + --define '%_tmppath %{_topdir}/tmp' \ + /tmp/akmods-cert/akmods-cert.spec + -RUN /tmp/build_nvidia.sh ${NVIDIA_VERSION} -RUN /tmp/build_cert.sh +# wrap everything up +RUN cp /tmp/akmods-cert/rpmbuild/RPMS/noarch/getchoo-akmods-cert*.rpm /var/cache/rpms/akmods-cert/ +RUN find /var/cache/akmods -type f -name \*.rpm | while read -r rpm; do \ + cp "$rpm" /var/cache/rpms/kmods/; \ +done -RUN /tmp/install.sh +# send it off FROM scratch COPY --from=builder /var/cache/rpms /rpms diff --git a/akmods/NOTICE.md b/akmods/NOTICE.md index 99e8f10..9ee1144 100644 --- a/akmods/NOTICE.md +++ b/akmods/NOTICE.md @@ -2,7 +2,7 @@ The section uses code derived from ublue-os' [akmods](https://github.com/ublue-os/akmods) repository. Specifically `build-ublue-os-akmods-addons.sh`, `ublue-os-akmods-addons.spec`, `build-prep.sh`, and -`build-kmod-nvidia.sh` were modified +`build-kmod-nvidia.sh` were adapted into the Containerfile ``` Apache License diff --git a/akmods/build_cert.sh b/akmods/build_cert.sh deleted file mode 100755 index 65e60e7..0000000 --- a/akmods/build_cert.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -set -euxo pipefail - -install -D /etc/pki/akmods/certs/public_key.der /tmp/akmods-cert/rpmbuild/SOURCES/public_key.der -rpmbuild -ba \ - --define '_topdir /tmp/akmods-cert/rpmbuild' \ - --define '%_tmppath %{_topdir}/tmp' \ - /tmp/akmods-cert/akmods-cert.spec diff --git a/akmods/build_nvidia.sh b/akmods/build_nvidia.sh deleted file mode 100755 index 1931149..0000000 --- a/akmods/build_nvidia.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -set -euxo pipefail - -_usage=" -usage: ./build_nvidia.sh nvidia_driver_version -" - -if [ $# -lt 1 ]; then - echo "$_usage" - exit 1 -fi - -NVIDIA_VERSION="$1" -release="$(rpm -E '%fedora.%_arch')" - -rpm-ostree install \ - akmod-nvidia-"$NVIDIA_VERSION"* \ - xorg-x11-drv-nvidia-{cuda,power}-"$NVIDIA_VERSION"* \ - -# Either successfully build and install the kernel modules, or fail early with debug output -kernel_version="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" -akmod_version="$(basename "$(rpm -q akmod-nvidia --queryformat '%{VERSION}-%{RELEASE}')" ".fc${release%%.*}")" - -akmods --force --kernels "$kernel_version" --kmod nvidia - -if ! modinfo /usr/lib/modules/"$kernel_version"/extra/nvidia/nvidia{,-drm,-modeset,-peermem,-uvm}.ko.xz &> /dev/null; then - cat /var/cache/akmods/nvidia/"$akmod_version"-for-"$kernel_version".failed.log && exit 1 -fi diff --git a/akmods/install.sh b/akmods/install.sh deleted file mode 100755 index d8d1a87..0000000 --- a/akmods/install.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -set -euxo pipefail - -cp /tmp/akmods-cert/rpmbuild/RPMS/noarch/getchoo-akmods-cert*.rpm /var/cache/rpms/akmods-cert/ -find /var/cache/akmods -type f -name \*.rpm | while read -r rpm; do - cp "$rpm" /var/cache/rpms/kmods/ -done diff --git a/akmods/prep.sh b/akmods/prep.sh deleted file mode 100755 index b7ee4ae..0000000 --- a/akmods/prep.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -set -euxo pipefail - -# enable alternatives (for ld to be available) -mkdir -p /var/lib/alternatives - -# install rpmfusion -release=$(rpm -E %fedora) -rpm-ostree install \ - "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$release.noarch.rpm" \ - "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$release.noarch.rpm" - -rpm-ostree install akmods mock - -if [ ! -e /tmp/certs/private_key.priv ]; then - echo "WARNING: Using test signing key." >> "${GITHUB_OUTPUT:-/dev/stdout}" - cp /tmp/certs/private_key.priv{.test,} - cp /tmp/certs/public_key.der{.test,} -fi - -install -Dm644 {/tmp/certs,/etc/pki/akmods/certs}/public_key.der -install -Dm644 {/tmp/certs,/etc/pki/akmods/private}/private_key.priv - -# directory for signed artifacts -mkdir -p /var/cache/rpms/kmods -# directory for akmods public cert -mkdir -p /var/cache/rpms/akmods-cert diff --git a/base/Containerfile b/base/Containerfile new file mode 100644 index 0000000..ae51051 --- /dev/null +++ b/base/Containerfile @@ -0,0 +1,66 @@ +ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-silverblue}" +ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/${IMAGE_FLAVOR}" +ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" + +FROM ${BASE_IMAGE}:${FEDORA_VERSION} +ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" + + +COPY initial_setup.sh /usr/bin/ +COPY packages.yaml /tmp/ +COPY --from=docker.io/mikefarah/yq /usr/bin/yq /tmp/ + +# remove non-flatpak firefox +RUN rpm-ostree override remove firefox firefox-langpacks + +# setup third party repos +RUN rpm-ostree install \ + https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${FEDORA_VERSION}.noarch.rpm \ + https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${FEDORA_VERSION}.noarch.rpm + +# install software/hardware codecs +RUN rpm-ostree override remove \ + mesa-va-drivers \ + libavcodec-free \ + libavfilter-free \ + libavformat-free \ + libavutil-free \ + libpostproc-free \ + libswresample-free \ + libswscale-free && \ + rpm-ostree install \ + mesa-va-drivers-freeworld \ + mesa-vdpau-drivers-freeworld \ + gstreamer1-plugin-libav \ + gstreamer1-plugins-bad-free-extras \ + gstreamer1-plugins-bad-freeworld \ + gstreamer1-plugins-ugly \ + gstreamer1-vaapi \ + ffmpeg + + +# install third party packages & repos +RUN cd /etc/yum.repos.d/ && \ + curl -LO https://pkgs.tailscale.com/stable/fedora/tailscale.repo \ + echo -e '\ + [code]\n\ + name=Visual Studio Code\n\ + baseurl=https://packages.microsoft.com/yumrepos/vscode\n\ + enabled=1\n\ + gpgcheck=1\n\ + gpgkey=https://packages.microsoft.com/keys/microsoft.asc\ + ' > vscode.repo && \ + rpm-ostree install code tailscale && \ + systemctl enable tailscaled + + +# install fedora rpms +RUN readarray -td '' pkgs < <(/tmp/yq '.install[]' /tmp/packages.yaml) && \ + rpm-ostree install "${pkgs[@]}" + +RUN sed -i 's/#AutomaticUpdatePolicy.*/AutomaticUpdatePolicy=stage/' /etc/rpm-ostreed.conf + + +RUN rpm-ostree cleanup -m && \ + rm -rf /tmp/* /var/* && \ + ostree container commit diff --git a/initial_setup.sh b/base/initial_setup.sh index 0d60ddc..0d60ddc 100755 --- a/initial_setup.sh +++ b/base/initial_setup.sh diff --git a/base/packages.yaml b/base/packages.yaml new file mode 100644 index 0000000..2d8b10e --- /dev/null +++ b/base/packages.yaml @@ -0,0 +1,14 @@ +install: + - chromium + - fish # > bash + # gnome stuff + - adw-gtk3-theme + - gnome-tweaks + - gnome-shell-extension-caffeine + - qadwaitadecorations-qt5 + - qadwaitadecorations-qt6 + # maybe one day these will be good on flatpak :p + - lutris + - mangohud + - steam +remove: [] diff --git a/nvidia/Containerfile b/nvidia/Containerfile index 31f6da8..830432f 100644 --- a/nvidia/Containerfile +++ b/nvidia/Containerfile @@ -2,12 +2,20 @@ ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-getchblue}" ARG BASE_IMAGE="ghcr.io/getchoo/${IMAGE_FLAVOR}" ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" -FROM ${BASE_IMAGE}:${FEDORA_VERSION} as builder +FROM ${BASE_IMAGE}:${FEDORA_VERSION} ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" ARG NVIDIA_VERSION="${NVIDIA_VERSION:-535}" -COPY install.sh /tmp/install.sh +# copy our signed artifacts over COPY --from=ghcr.io/getchoo/akmods:${FEDORA_VERSION}-${NVIDIA_VERSION} /rpms /tmp/akmods -RUN /tmp/install.sh ${NVIDIA_VERSION} && rpm-ostree cleanup -m && \ - rm -rf /tmp/* /var/* && ostree container commit +# install our pub cert to import, along with signed kmods +RUN rpm-ostree install \ + /tmp/akmods/akmods-cert/getchoo-akmods-cert*.rpm \ + xorg-x11-drv-nvidia-{cuda,power}-${NVIDIA_VERSION}* \ + nvidia-vaapi-driver \ + /tmp/akmods/kmods/kmod-nvidia-*.rpm + +RUN rpm-ostree cleanup -m && \ + rm -rf /tmp/* /var/* && \ + ostree container commit diff --git a/nvidia/install.sh b/nvidia/install.sh deleted file mode 100755 index f3c577f..0000000 --- a/nvidia/install.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -set -euxo pipefail - -NVIDIA_VERSION="${1:-}" - -if [ -z "${NVIDIA_VERSION}" ]; then - echo "I need a major version of a NVIDIA driver! (i.e., 535)" - exit 1 -fi - -rpm-ostree install /tmp/akmods/akmods-cert/getchoo-akmods-cert*.rpm - -rpm-ostree install \ - xorg-x11-drv-nvidia-{cuda,power}-"$NVIDIA_VERSION"* \ - nvidia-vaapi-driver \ - /tmp/akmods/kmods/kmod-nvidia-*.rpm diff --git a/override.sh b/override.sh deleted file mode 100755 index 4d3597a..0000000 --- a/override.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash -set -euxo pipefail - -to_add=( - "chromium" - "fish" # > bash - - # gnome stuff - "adw-gtk3-theme" - "gnome-tweaks" - "gnome-shell-extension-caffeine" - qadwaitadecorations-qt{5,6} - - # maybe one day these will be good on flatpak :p - "lutris" - "mangohud" - "steam" -) - -# remove non-flatpak firefox -rpm-ostree override remove firefox firefox-langpacks - -# install rpm fusion -release=$(rpm -E %fedora) -rpm-ostree install \ - "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$release.noarch.rpm" \ - "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$release.noarch.rpm" - -# install hardware codecs -rpm-ostree override remove mesa-va-drivers --install mesa-va-drivers-freeworld -rpm-ostree install mesa-vdpau-drivers-freeworld - -# install software codecs -## i have no idea why i have to do this just for ffmpeg -rpm-ostree override remove libavcodec-free libavfilter-free libavformat-free libavutil-free libpostproc-free libswresample-free libswscale-free --install ffmpeg -rpm-ostree install gstreamer1-plugin-libav gstreamer1-plugins-bad-free-extras gstreamer1-plugins-bad-freeworld gstreamer1-plugins-ugly gstreamer1-vaapi - -# install extra packages -rpm-ostree install "${to_add[@]}" |