From 38b8d6dc6d63c6bbb6856c923753bc2df2c14045 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 20:33:52 -0500 Subject: [PATCH 01/17] remove build-fix.sh simplify sudoif --- .github/workflows/create-release.yml | 9 +- Justfile | 112 ++++++-------------- build-fix.sh | 150 --------------------------- build.sh | 2 - 4 files changed, 39 insertions(+), 234 deletions(-) delete mode 100755 build-fix.sh diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index b1f5e66..96b730f 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -48,11 +48,12 @@ jobs: shell: bash run: | set -eoux pipefail - output=$(just merge-changelog) + declare -A output=$(just merge-changelog) cat changelog.md - jq -r <<< $output - echo "title=$(jq -r '."title"' <<< $output)" >> $GITHUB_OUTPUT - echo "tag=$(jq -r '."tag"' <<< $output)" >> $GITHUB_OUTPUT + for item in ${!output[@]}; do + echo ${output[$item]} + echo "$item=${output[$item])" >> $GITHUB_OUTPUT + done - name: Upload Changelogs as Artifact uses: actions/upload-artifact@v4 diff --git a/Justfile b/Justfile index 1432c2e..5a53594 100644 --- a/Justfile +++ b/Justfile @@ -14,6 +14,8 @@ images := '( [ucore-nvidia]="stable-nvidia-zfs" )' +export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } + [private] default: @just --list @@ -45,20 +47,9 @@ fix: clean: #!/usr/bin/bash set -euox pipefail - function sudoif(){ - if [[ "${UID}" -eq 0 ]]; then - "$@" - elif [[ "$(command -v sudo)" && -n "${SSH_ASKPASS:-}" ]] && [[ -n "${DISPLAY:-}" || -n "${WAYLAND_DISPLAY:-}" ]]; then - /usr/bin/sudo --askpass "$@" || exit 1 - elif [[ "$(command -v sudo)" ]]; then - /usr/bin/sudo "$@" || exit 1 - else - exit 1 - fi - } touch {{ repo_image_name }}_ - sudoif find {{ repo_image_name }}_* -type d -exec chmod 0755 {} \; - sudoif find {{ repo_image_name }}_* -type f -exec chmod 0644 {} \; + ${SUDOIF} find {{ repo_image_name }}_* -type d -exec chmod 0755 {} \; + ${SUDOIF} find {{ repo_image_name }}_* -type f -exec chmod 0644 {} \; find {{ repo_image_name }}_* -maxdepth 0 -exec rm -rf {} \; rm -f output*.env changelog*.md version.txt previous.manifest.json @@ -127,17 +118,6 @@ build image="bluefin": rechunk image="bluefin": #!/usr/bin/bash set -eoux pipefail - function sudoif(){ - if [[ "${UID}" -eq 0 ]]; then - "$@" - elif [[ "$(command -v sudo)" && -n "${SSH_ASKPASS:-}" ]] && [[ -n "${DISPLAY:-}" || -n "${WAYLAND_DISPLAY:-}" ]]; then - /usr/bin/sudo --askpass "$@" || exit 1 - elif [[ "$(command -v sudo)" ]]; then - /usr/bin/sudo "$@" || exit 1 - else - exit 1 - fi - } ID=$(podman images --filter reference=localhost/{{ repo_image_name }}:{{ image }} --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then @@ -145,12 +125,12 @@ rechunk image="bluefin": fi if [[ "${UID}" -gt "0" ]]; then - sudoif podman image scp ${UID}@localhost::localhost/{{ repo_image_name }}:{{ image }} root@localhost::localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} podman image scp ${UID}@localhost::localhost/{{ repo_image_name }}:{{ image }} root@localhost::localhost/{{ repo_image_name }}:{{ image }} fi - CREF=$(sudoif podman create localhost/{{ repo_image_name }}:{{ image }} bash) - MOUNT=$(sudoif podman mount $CREF) - FEDORA_VERSION="$(sudoif podman inspect $CREF | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" + CREF=$(${SUDOIF} podman create localhost/{{ repo_image_name }}:{{ image }} bash) + MOUNT=$(${SUDOIF} podman mount $CREF) + FEDORA_VERSION="$(${SUDOIF} podman inspect $CREF | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" OUT_NAME="{{ repo_image_name }}_{{ image }}" VERSION="{{ image }}-${FEDORA_VERSION}.$(date +%Y%m%d)" LABELS=" @@ -158,14 +138,14 @@ rechunk image="bluefin": org.opencontainers.image.revision=$(git rev-parse HEAD) ostree.linux=$(podman inspect localhost/{{ repo_image_name }}:{{ image }} | jq -r '.[].["Config"]["Labels"]["ostree.linux"]') org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses." - sudoif podman run --rm \ + ${SUDOIF} podman run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --env TREE=/var/tree \ --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/1_prune.sh - sudoif podman run --rm \ + ${SUDOIF} podman run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --volume "cache_ostree:/var/ostree" \ @@ -175,13 +155,13 @@ rechunk image="bluefin": --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/2_create.sh - sudoif podman unmount "$CREF" - sudoif podman rm "$CREF" + ${SUDOIF} podman unmount "$CREF" + ${SUDOIF} podman rm "$CREF" if [[ "${UID}" -gt "0" ]]; then - sudoif podman rmi localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} podman rmi localhost/{{ repo_image_name }}:{{ image }} fi podman rmi localhost/{{ repo_image_name }}:{{ image }} - sudoif podman run --rm \ + ${SUDOIF} podman run --rm \ --pull=newer \ --security-opt label=disable \ --volume "$PWD:/workspace" \ @@ -199,15 +179,15 @@ rechunk image="bluefin": ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/3_chunk.sh - sudoif find {{ repo_image_name }}_{{ image }} -type d -exec chmod 0755 {} \; || true - sudoif find {{ repo_image_name }}_{{ image }}* -type f -exec chmod 0644 {} \; || true + ${SUDOIF} find {{ repo_image_name }}_{{ image }} -type d -exec chmod 0755 {} \; || true + ${SUDOIF} find {{ repo_image_name }}_{{ image }}* -type f -exec chmod 0644 {} \; || true if [[ "${UID}" -gt "0" ]]; then - sudoif chown -R ${UID}:${GROUPS} "${PWD}" + ${SUDOIF} chown -R ${UID}:${GROUPS} "${PWD}" elif [[ "${UID}" == "0" && -n "${SUDO_USER:-}" ]]; then - sudoif chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" + ${SUDOIF} chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" fi - sudoif podman volume rm cache_ostree + ${SUDOIF} podman volume rm cache_ostree # Load Image into Podman and Tag [private] @@ -233,18 +213,6 @@ get-tags image="bluefin": build-iso image="bluefin" ghcr="0" clean="0": #!/usr/bin/bash set -eou pipefail - function sudoif(){ - if [[ "${UID}" -eq 0 ]]; then - "$@" - elif [[ "$(command -v sudo)" && -n "${SSH_ASKPASS:-}" ]] && [[ -n "${DISPLAY:-}" || -n "${WAYLAND_DISPLAY:-}" ]]; then - /usr/bin/sudo --askpass "$@" || exit 1 - elif [[ "$(command -v sudo)" ]]; then - /usr/bin/sudo "$@" || exit 1 - else - exit 1 - fi - } - # Validate declare -A images={{ images }} check=${images[{{ image }}]-} @@ -288,7 +256,7 @@ build-iso image="bluefin" ghcr="0" clean="0": # Load image into rootful podman if [[ "${UID}" -gt "0" ]]; then - sudoif podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" + ${SUDOIF} podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" fi # Generate Flatpak List @@ -360,7 +328,7 @@ build-iso image="bluefin" ghcr="0" clean="0": ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | grep -v 'org\.freedesktop\.Platform\.openh264' | sed 's/^deploy\///g' > /output/flatpaks-with-deps EOF # Create Flatpak List - sudoif podman run --rm --privileged \ + ${SUDOIF} podman run --rm --privileged \ --entrypoint /bin/bash \ -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ -e FLATPAK_TRIGGERS_DIR=/flatpak/triggers \ @@ -368,9 +336,9 @@ build-iso image="bluefin" ghcr="0" clean="0": -v ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \ ${IMAGE_FULL} /temp_flatpak_install_dir/install-flatpaks.sh - VERSION="$(sudoif podman inspect ${IMAGE_FULL} | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" + VERSION="$(${SUDOIF} podman inspect ${IMAGE_FULL} | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" if [[ "{{ ghcr }}" == "1" && "{{ clean }}" == "1" ]]; then - sudoif podman rmi ${IMAGE_FULL} + ${SUDOIF} podman rmi ${IMAGE_FULL} fi # list Flatpaks cat ${FLATPAK_REFS_DIR}/flatpaks-with-deps @@ -398,12 +366,12 @@ build-iso image="bluefin" ghcr="0" clean="0": iso_build_args+=(VERSION="$VERSION") iso_build_args+=(WEB_UI="false") # Build ISO - sudoif podman run --rm --privileged --pull=newer --security-opt label=disable "${iso_build_args[@]}" + ${SUDOIF} podman run --rm --privileged --pull=newer --security-opt label=disable "${iso_build_args[@]}" if [[ "${UID}" -gt "0" ]]; then - sudoif chown -R ${UID}:${GROUPS} "${PWD}" - sudoif podman rmi "${IMAGE_FULL}" + ${SUDOIF} chown -R ${UID}:${GROUPS} "${PWD}" + ${SUDOIF} podman rmi "${IMAGE_FULL}" elif [[ "${UID}" == "0" && -n "${SUDO_USER:-}" ]]; then - sudoif chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" + ${SUDOIF} chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" fi # Run ISO @@ -449,23 +417,11 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": #!/usr/bin/bash set -eoux pipefail - function sudoif(){ - if [[ "${UID}" -eq 0 ]]; then - "$@" - elif [[ "$(command -v sudo)" && -n "${SSH_ASKPASS:-}" ]] && [[ -n "${DISPLAY:-}" || -n "${WAYLAND_DISPLAY:-}" ]]; then - /usr/bin/sudo --askpass "$@" || exit 1 - elif [[ "$(command -v sudo)" ]]; then - /usr/bin/sudo "$@" || exit 1 - else - exit 1 - fi - } - # Get Cosign if Needed if [[ ! $(command -v cosign) ]]; then - COSIGN_CONTAINER_ID=$(sudoif podman create cgr.dev/chainguard/cosign:latest bash) - sudoif podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign - sudoif podman rm -f "${COSIGN_CONTAINER_ID}" + COSIGN_CONTAINER_ID=$(${SUDOIF} podman create cgr.dev/chainguard/cosign:latest bash) + ${SUDOIF} podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign + ${SUDOIF} podman rm -f "${COSIGN_CONTAINER_ID}" fi # Verify Cosign Image Signatures if needed @@ -548,8 +504,8 @@ merge-changelog: tag="{{ repo_image_name }}-$(date +%Y%m%d).0" fi cat << EOF - { - "title": "$tag (#$(git rev-parse --short HEAD))", - "tag": "$tag" - } + ( + [title]="$tag (#$(git rev-parse --short HEAD))" + [tag]="$tag" + ) EOF diff --git a/build-fix.sh b/build-fix.sh deleted file mode 100755 index bc31b66..0000000 --- a/build-fix.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/usr/bin/bash - -set -eoux pipefail - -repos=( - fedora-updates.repo - fedora-updates-archive.repo -) - -for repo in "${repos[@]}"; do - if [ $(grep -c "enabled=1" /etc/yum.repos.d/${repo}) -eq 0 ]; then - sed -i "0,/enabled=0/{s/enabled=0/enabled=1/}" /etc/yum.repos.d/${repo} - fi -done - -dnf5 reinstall -y \ - --repo=updates \ - elfutils-libelf \ - elfutils-libs \ - || true -dnf5 reinstall -y \ - --repo=updates \ - systemd-libs \ - || true -dnf5 reinstall -y \ - --repo=updates \ - vulkan-loader \ - || true -dnf5 reinstall -y \ - --repo=updates \ - alsa-lib \ - || true -dnf5 reinstall -y \ - --repo=updates \ - gnutls \ - || true -dnf5 reinstall -y \ - --repo=updates \ - glib2 \ - || true -dnf5 reinstall -y \ - --repo=updates \ - nspr \ - || true -dnf5 reinstall -y \ - --repo=updates \ - nss \ - nss-softokn \ - nss-softokn-freebl \ - nss-sysinit \ - nss-util \ - || true -dnf5 reinstall -y \ - --repo=updates \ - atk \ - at-spi2-atk \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libaom \ - || true -dnf5 reinstall -y \ - --repo=updates \ - gstreamer1 \ - gstreamer1-plugins-base \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libdecor \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libtirpc \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libuuid \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libblkid \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libmount \ - || true -dnf5 reinstall -y \ - --repo=updates \ - cups-libs \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libinput \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libopenmpt \ - || true -dnf5 reinstall -y \ - --repo=updates \ - llvm-libs \ - || true -dnf5 reinstall -y \ - --repo=updates \ - zlib-ng-compat \ - || true -dnf5 reinstall -y \ - --repo=updates \ - fontconfig \ - || true -dnf5 reinstall -y \ - --repo=updates \ - pciutils-libs \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libdrm \ - || true -dnf5 reinstall -y \ - --repo=updates \ - cpp \ - libatomic \ - libgcc \ - libgfortran \ - libgomp \ - libobjc \ - libstdc++ \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libX11 \ - libX11-common \ - libX11-xcb \ - || true -dnf5 reinstall -y \ - --repo=updates \ - libv4l \ - || true -if grep -q "aurora" <<< "${IMAGE}"; then \ - dnf5 reinstall -y \ - --repo=updates \ - qt6-qtbase \ - qt6-qtbase-common \ - qt6-qtbase-mysql \ - qt6-qtbase-gui \ - || true \ -; fi -dnf5 remove \ - glibc32 \ - || true diff --git a/build.sh b/build.sh index 74d675f..ea2b10a 100755 --- a/build.sh +++ b/build.sh @@ -12,13 +12,11 @@ mkdir -p /var/lib/alternatives # Changes case "${IMAGE}" in "aurora"* | "bluefin"*) - /ctx/build-fix.sh /ctx/desktop-packages.sh /ctx/steam.sh /ctx/vfio.sh ;; "cosmic"*) - /ctx/build-fix.sh /ctx/cosmic.sh /ctx/desktop-packages.sh /ctx/steam.sh From a71baa8116a2c29c9bc05acae51e46a61ecc055d Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 20:34:48 -0500 Subject: [PATCH 02/17] fix justfile --- Justfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Justfile b/Justfile index 5a53594..25d822c 100644 --- a/Justfile +++ b/Justfile @@ -13,7 +13,6 @@ images := '( [ucore]="stable-zfs" [ucore-nvidia]="stable-nvidia-zfs" )' - export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } [private] From b78657eb9a41a07acdddfa259506b7eb6f93ec4d Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 21:02:03 -0500 Subject: [PATCH 03/17] Update create-release.yml --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 96b730f..9c78bb4 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -48,7 +48,7 @@ jobs: shell: bash run: | set -eoux pipefail - declare -A output=$(just merge-changelog) + declare -A output="$(just merge-changelog)" cat changelog.md for item in ${!output[@]}; do echo ${output[$item]} From d4710182e20060d01c6b117ed81956e4b0aedd97 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 22:37:47 -0500 Subject: [PATCH 04/17] consolidate desktop/server changelogs --- .github/workflows/build.yml | 12 +----- .github/workflows/create-release.yml | 8 ++-- Justfile | 8 ++-- changelogs.py | 63 +++++++++++++++++----------- 4 files changed, 49 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4618abf..af23d8d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,19 +42,11 @@ jobs: images: '["ucore", "ucore-nvidia"]' image_flavor: Server - changelogs-server-stable: - name: Server Changelogs - uses: ./.github/workflows/changelogs.yml - secrets: inherit - needs: build-image-server - with: - target: ucore - build-iso-desktop: name: Desktop ISOs uses: ./.github/workflows/build-iso.yml secrets: inherit - needs: build-image-desktop + needs: [build-image-desktop, build-image-server] with: images: '["aurora", "aurora-nvidia", "bluefin", "bluefin-nvidia", "cosmic", "cosmic-nvidia"]' image_flavor: Desktop @@ -70,5 +62,5 @@ jobs: create-release: name: Create Release - needs: [build-iso-desktop, build-iso-bazzite, changelogs-server-stable] + needs: [build-iso-desktop, build-iso-bazzite] uses: ./.github/workflows/create-release.yml diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 9c78bb4..0d40795 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -48,11 +48,11 @@ jobs: shell: bash run: | set -eoux pipefail - declare -A output="$(just merge-changelog)" + output="$(just merge-changelog)" cat changelog.md - for item in ${!output[@]}; do - echo ${output[$item]} - echo "$item=${output[$item])" >> $GITHUB_OUTPUT + jq -r <<< "$output" + for k in $(jq 'keys[]' <<< $ouptut | tr -d \"); do + echo "$k=$(jq -r ".$k" <<< "$ouptut")" >> $GITHUB_OUTPUT done - name: Upload Changelogs as Artifact diff --git a/Justfile b/Justfile index 25d822c..82c3f57 100644 --- a/Justfile +++ b/Justfile @@ -503,8 +503,8 @@ merge-changelog: tag="{{ repo_image_name }}-$(date +%Y%m%d).0" fi cat << EOF - ( - [title]="$tag (#$(git rev-parse --short HEAD))" - [tag]="$tag" - ) + { + "title": "$tag (#$(git rev-parse --short HEAD))", + "tag": "$tag" + } EOF diff --git a/changelogs.py b/changelogs.py index db2bc67..ce28808 100644 --- a/changelogs.py +++ b/changelogs.py @@ -10,7 +10,7 @@ REGISTRY = "docker://ghcr.io/m2giles/" IMAGE_MATRIX = { - "image": ["aurora", "cosmic", "bluefin"], + "image": ["aurora", "cosmic", "bluefin", "ucore"], "image_flavor": ["main", "nvidia"], } @@ -36,6 +36,7 @@ PATTERN_PKGREL_CHANGED = "{prev} ➡️ {new}" PATTERN_PKGREL = "{version}" COMMON_PAT = "### All Images\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n" +DESKTOP_PAT = "### Desktop Images\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n" OTHER_NAMES = { "aurora": "### [Aurora Images](https://getaurora.dev/)\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", "bluefin": "### [Bluefin Images](https://projectbluefin.io/)\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", @@ -138,13 +139,15 @@ def get_tags(target: str, manifests: dict[str, Any]): if tag.endswith(".0"): continue if re.match(START_PATTERN(img[0]), tag): - version = re.sub(START_PATTERN(img[0]), "", tag) + tags.add(tag) + + version = STRIP_PATTERN(tag) for check_img in imgs: if f"{check_img[0]}-{version}" not in manifest["RepoTags"]: - continue - else: - tags.add(tag) - + try: + tags.remove(tag) + except: + continue tags = list(sorted(tags)) if not len(tags) >= 2: @@ -170,6 +173,7 @@ def get_packages(manifests: dict[str, Any]): def get_package_groups(target: str, prev: dict[str, Any], manifests: dict[str, Any]): common = set() + desktop = set() others = {k: set() for k in OTHER_NAMES.keys()} npkg = get_packages(manifests) @@ -196,6 +200,25 @@ def get_package_groups(target: str, prev: dict[str, Any], manifests: dict[str, A first = False + # Desktop common packages + first = True + for img, image, image_flavor in get_images(target): + if image not in ["aurora", "bluefin", "cosmic"]: + continue + if img not in pkg: + continue + + if first: + for p in pkg[img]: + if p not in common: + desktop.add(p) + else: + for c in desktop.copy(): + if c not in pkg[img]: + desktop.remove(c) + + first = False + # Find other packages for t, other in others.items(): first = True @@ -221,7 +244,8 @@ def get_package_groups(target: str, prev: dict[str, Any], manifests: dict[str, A if first: for p in pkg[img]: if p not in common: - other.add(p) + if p not in desktop: + other.add(p) else: for c in other.copy(): if c not in pkg[img]: @@ -229,7 +253,7 @@ def get_package_groups(target: str, prev: dict[str, Any], manifests: dict[str, A first = False - return sorted(common), {k: sorted(v) for k, v in others.items()} + return sorted(common), sorted(desktop), {k: sorted(v) for k, v in others.items()} def get_versions(manifests: dict[str, Any]): @@ -331,15 +355,12 @@ def generate_changelog( prev_manifests, manifests, ): - common, others = get_package_groups(target, prev_manifests, manifests) + common, desktop, others = get_package_groups(target, prev_manifests, manifests) versions = get_versions(manifests) prev_versions = get_versions(prev_manifests) prev_tags, curr_tags = get_tags(target, manifests) - if target == "stable": - target = "Desktop" - if not pretty: # Generate pretty version since we dont have it try: @@ -367,8 +388,8 @@ def generate_changelog( changelog = ( changelog.replace("{handwritten}", handwritten if handwritten else HANDWRITTEN_PLACEHOLDER) .replace("{target}", target) - .replace("{prev}", f"{target.lower()}-{STRIP_PATTERN(prev_tags[0])}") - .replace("{curr}", f"{target.lower()}-{STRIP_PATTERN(curr_tags[0])}") + .replace("{prev}", f"{STRIP_PATTERN(prev_tags[0])}") + .replace("{curr}", f"{STRIP_PATTERN(curr_tags[0])}") ) if urlmd: with open(urlmd, "r") as f: @@ -388,8 +409,11 @@ def generate_changelog( changes = "" changes += get_commits(prev_manifests, manifests, workdir) common = calculate_changes(common, prev_versions, versions) + desktop = calculate_changes(desktop, prev_versions, versions) if common: changes += COMMON_PAT.format(changes=common) + if desktop: + changes += DESKTOP_PAT.format(changes=desktop) for k, v in others.items(): chg = calculate_changes(v, prev_versions, versions) if chg: @@ -411,12 +435,7 @@ def main(): parser.add_argument("--handwritten", help="Handwritten changelog") args = parser.parse_args() - # Remove refs/tags, refs/heads, refs/remotes e.g. - # Tags cannot include / anyway. - target = args.target.split('/')[-1] - - if target == "main": - target = "stable" + target = args.target temp = list(get_images(target)) images = [] @@ -426,7 +445,6 @@ def main(): prev, curr = get_tags(target, manifests) print(f"Previous tag date: {STRIP_PATTERN(prev[0])}") print(f" Current tag date: {STRIP_PATTERN(curr[0])}") - prev_manifests = get_manifests(prev) title, changelog = generate_changelog( args.handwritten, @@ -438,9 +456,6 @@ def main(): manifests, ) - if target == "stable": - target = "Desktop" - print(f"Changelog:\n# {title}\n{changelog}") print(f"\nOutput:\nTITLE=\"{title}\"\nTAG=\"{target.lower()}-{STRIP_PATTERN(curr[0])}\"") From 825980a325e28ce3deb28baeb6257a589c689995 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:15:39 -0500 Subject: [PATCH 05/17] control set -x in builds --- .github/workflows/build-image.yml | 1 + .github/workflows/build-iso.yml | 1 + .github/workflows/create-release.yml | 2 +- Containerfile | 1 + Justfile | 21 +++++++++++---------- branding.sh | 2 +- build.sh | 2 +- cleanup.sh | 2 +- cosmic.sh | 2 +- desktop-defaults.sh | 2 +- desktop-packages.sh | 2 +- distrobox.sh | 2 +- flatpak.sh | 2 +- server-packages.sh | 2 +- signing.sh | 2 +- steam.sh | 2 +- vfio.sh | 2 +- 17 files changed, 27 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 0424bb9..d5ad511 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -16,6 +16,7 @@ concurrency: env: IMAGE_REGISTRY: ghcr.io/m2giles IMAGE_NAME: m2os + SET_X: 1 jobs: build-image: diff --git a/.github/workflows/build-iso.yml b/.github/workflows/build-iso.yml index c355505..ba4b02a 100644 --- a/.github/workflows/build-iso.yml +++ b/.github/workflows/build-iso.yml @@ -30,6 +30,7 @@ on: env: IMAGE_REGISTRY: ghcr.io/m2giles IMAGE_NAME: m2os + SET_X: 1 concurrency: group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.image_flavor }}.iso diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 0d40795..71fd03a 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -51,7 +51,7 @@ jobs: output="$(just merge-changelog)" cat changelog.md jq -r <<< "$output" - for k in $(jq 'keys[]' <<< $ouptut | tr -d \"); do + for k in $(jq 'keys[]' <<< "$output" | tr -d \"); do echo "$k=$(jq -r ".$k" <<< "$ouptut")" >> $GITHUB_OUTPUT done diff --git a/Containerfile b/Containerfile index ebfc909..0b1e423 100644 --- a/Containerfile +++ b/Containerfile @@ -9,6 +9,7 @@ FROM ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} ARG BASE_IMAGE="bluefin" ARG IMAGE="bluefin" +ARG SET_X="" RUN --mount=type=bind,from=ctx,src=/,dst=/ctx \ /ctx/build.sh diff --git a/Justfile b/Justfile index 82c3f57..e47f519 100644 --- a/Justfile +++ b/Justfile @@ -56,7 +56,7 @@ clean: [group('Image')] build image="bluefin": #!/usr/bin/bash - set -eoux pipefail + set ${SET_X:+-x} -eou pipefail declare -A images={{ images }} check=${images[{{ image }}]-} if [[ -z "$check" ]]; then @@ -102,6 +102,7 @@ build image="bluefin": BUILD_ARGS+=("--build-arg" "IMAGE={{ image }}") BUILD_ARGS+=("--build-arg" "BASE_IMAGE=$BASE_IMAGE") BUILD_ARGS+=("--build-arg" "TAG_VERSION=$TAG_VERSION") + BUILD_ARGS+=("--build-arg" "SET_X=${SET_X:-}") BUILD_ARGS+=("--tag" "localhost/{{ repo_image_name }}:{{ image }}") podman pull ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" buildah build --format docker --label "org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses." ${BUILD_ARGS[@]} . @@ -116,7 +117,7 @@ build image="bluefin": [private] rechunk image="bluefin": #!/usr/bin/bash - set -eoux pipefail + set ${SET_X:+-x} -eou pipefail ID=$(podman images --filter reference=localhost/{{ repo_image_name }}:{{ image }} --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then @@ -192,7 +193,7 @@ rechunk image="bluefin": [private] load-image image="bluefin": #!/usr/bin/bash - set -eou pipefail + set ${SET_X:+-x} -eou pipefail IMAGE=$(podman pull oci:${PWD}/{{ repo_image_name }}_{{ image }}) podman tag ${IMAGE} localhost/{{ repo_image_name }}:{{ image }} VERSION=$(podman inspect $IMAGE | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') @@ -203,7 +204,7 @@ load-image image="bluefin": # Get Tags get-tags image="bluefin": #!/usr/bin/bash - set -eou pipefail + set ${SET_X:+-x} -eou pipefail VERSION=$(podman inspect {{ repo_image_name }}:{{ image }} | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') echo "{{ image }} $VERSION" @@ -211,7 +212,7 @@ get-tags image="bluefin": [group('ISO')] build-iso image="bluefin" ghcr="0" clean="0": #!/usr/bin/bash - set -eou pipefail + set ${SET_X:+-x} -eou pipefail # Validate declare -A images={{ images }} check=${images[{{ image }}]-} @@ -377,7 +378,7 @@ build-iso image="bluefin" ghcr="0" clean="0": [group('ISO')] run-iso image="bluefin": #!/usr/bin/bash - set -eou pipefail + set ${SET_X:+-x} -eou pipefail if [[ ! -f "{{ repo_image_name }}_build/output/{{ image }}.iso" ]]; then just build-iso {{ image }} fi @@ -407,14 +408,14 @@ run-iso image="bluefin": [group('Changelogs')] changelogs branch="stable" urlmd="" handwritten="": #!/usr/bin/bash - set -eoux pipefail + set ${SET_X:+-x} -eou pipefail python3 changelogs.py {{ branch }} ./output-{{ branch }}.env ./changelog-{{ branch }}.md --workdir . --handwritten "{{ handwritten }}" --urlmd "{{ urlmd }}" # Verify Container with Cosign [group('Utility')] verify-container container="" registry="ghcr.io/ublue-os" key="": #!/usr/bin/bash - set -eoux pipefail + set ${SET_X:+-x} -eou pipefail # Get Cosign if Needed if [[ ! $(command -v cosign) ]]; then @@ -447,7 +448,7 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": [group('Utility')] secureboot image="bluefin": #!/usr/bin/bash - set -eoux pipefail + set ${SET_X:+-x} -eou pipefail # Get the vmlinuz to check kernel_release=$(podman inspect "{{ repo_image_name }}":"{{ image }}" | jq -r '.[].Config.Labels["ostree.linux"]') @@ -491,7 +492,7 @@ secureboot image="bluefin": # Merge Changelogs merge-changelog: #!/usr/bin/bash - set -eou pipefail + set ${SET_X:+-x} -eou pipefail rm -f changelog.md cat changelog*.md > changelog.md last_tag=$(git tag --list {{ repo_image_name }}-* | sort -r | head -1) diff --git a/branding.sh b/branding.sh index f5d48e3..7c8f2e2 100755 --- a/branding.sh +++ b/branding.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail if [[ "${IMAGE}" =~ cosmic|ucore ]]; then tee /usr/share/ublue-os/image-info.json <<'EOF' diff --git a/build.sh b/build.sh index ea2b10a..79ce18c 100755 --- a/build.sh +++ b/build.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail mkdir -p /var/lib/alternatives diff --git a/cleanup.sh b/cleanup.sh index a8651e5..273a5aa 100755 --- a/cleanup.sh +++ b/cleanup.sh @@ -1,7 +1,7 @@ #!/usr/bin/bash #shellcheck disable=SC2115 -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail repos=( _copr_ublue-os-akmods.repo diff --git a/cosmic.sh b/cosmic.sh index e272928..a83bca4 100755 --- a/cosmic.sh +++ b/cosmic.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail if [[ -z "${KERNEL_FLAVOR:-}" ]]; then KERNEL_FLAVOR=coreos-stable diff --git a/desktop-defaults.sh b/desktop-defaults.sh index ccfeb26..32ea797 100755 --- a/desktop-defaults.sh +++ b/desktop-defaults.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail mkdir -p /etc/xdg/autostart mkdir -p /etc/environment.d diff --git a/desktop-packages.sh b/desktop-packages.sh index fd76860..703d852 100755 --- a/desktop-packages.sh +++ b/desktop-packages.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail # Ublue Staging dnf5 -y copr enable ublue-os/staging diff --git a/distrobox.sh b/distrobox.sh index 5038b44..e14e443 100755 --- a/distrobox.sh +++ b/distrobox.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail # Distrobox Stuff mkdir -p /etc/distrobox/ diff --git a/flatpak.sh b/flatpak.sh index e95d631..7ea00f7 100755 --- a/flatpak.sh +++ b/flatpak.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail systemctl enable --global p11-kit-server.socket systemctl enable --global p11-kit-server.service diff --git a/server-packages.sh b/server-packages.sh index 00b9db8..fc6e882 100755 --- a/server-packages.sh +++ b/server-packages.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail # Docker Repo tee /etc/yum.repos.d/docker-ce.repo <<'EOF' diff --git a/signing.sh b/signing.sh index 26b12fb..1ec587a 100755 --- a/signing.sh +++ b/signing.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail # Signing mkdir -p /etc/containers diff --git a/steam.sh b/steam.sh index 74fbbae..624ba36 100755 --- a/steam.sh +++ b/steam.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail sed -i "0,/enabled=0/{s/enabled=0/enabled=1/}" /etc/yum.repos.d/negativo17-fedora-multimedia.repo diff --git a/vfio.sh b/vfio.sh index e2dab2d..b3dce96 100755 --- a/vfio.sh +++ b/vfio.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -eoux pipefail +set ${SET_X:+-x} -eou pipefail if [[ -z "${KERNEL_FLAVOR:-}" ]]; then KERNEL_FLAVOR=coreos-stable From 22279f9a1f583479cc6ea7d3289e8171f92e56fa Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:20:50 -0500 Subject: [PATCH 06/17] quiet local builds --- .github/workflows/build-image.yml | 11 ++++++++++- .github/workflows/build-iso.yml | 3 ++- .github/workflows/create-release.yml | 2 ++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index d5ad511..2ed510e 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -16,7 +16,6 @@ concurrency: env: IMAGE_REGISTRY: ghcr.io/m2giles IMAGE_NAME: m2os - SET_X: 1 jobs: build-image: @@ -57,16 +56,22 @@ jobs: shell: bash run: | sudo just build ${{ matrix.image }} + env: + SET_X: 1 - name: Rechunk Image shell: bash run: | sudo just rechunk ${{ matrix.image }} + env: + SET_X: 1 - name: Load and Tag Image shell: bash run: | just load-image ${{ matrix.image }} + env: + SET_X: 1 - name: Get Tags id: get_tags @@ -75,12 +80,16 @@ jobs: tags=$(just get-tags ${{ matrix.image }}) echo "tags=$tags" >> $GITHUB_OUTPUT echo $GITHUB_OUTPUT + env: + SET_X: 1 - name: Check Secureboot id: secureboot shell: bash run: | just secureboot ${{ matrix.image }} + env: + SET_X: 1 - name: Lowercase Registry id: registry_case diff --git a/.github/workflows/build-iso.yml b/.github/workflows/build-iso.yml index ba4b02a..e4d46e8 100644 --- a/.github/workflows/build-iso.yml +++ b/.github/workflows/build-iso.yml @@ -30,7 +30,6 @@ on: env: IMAGE_REGISTRY: ghcr.io/m2giles IMAGE_NAME: m2os - SET_X: 1 concurrency: group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.image_flavor }}.iso @@ -79,6 +78,8 @@ jobs: run: | sudo just build-iso ${{ matrix.image }} 1 1 tree "./${{ env.IMAGE_NAME }}_build/output/" + env: + SET_X: 1 - name: Upload ISOs and Checksum to Job Artifacts id: upload diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 71fd03a..d843dae 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -54,6 +54,8 @@ jobs: for k in $(jq 'keys[]' <<< "$output" | tr -d \"); do echo "$k=$(jq -r ".$k" <<< "$ouptut")" >> $GITHUB_OUTPUT done + env: + SET_X: 1 - name: Upload Changelogs as Artifact uses: actions/upload-artifact@v4 From 8e0737d19755ddbb7ab8ecc1ebdbf42de6dca5a8 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:31:56 -0500 Subject: [PATCH 07/17] set -x if id == 0 --- .github/workflows/build-image.yml | 11 +---------- .github/workflows/build-iso.yml | 2 -- .github/workflows/create-release.yml | 5 +++-- Justfile | 2 ++ 4 files changed, 6 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 2ed510e..d5ad511 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -16,6 +16,7 @@ concurrency: env: IMAGE_REGISTRY: ghcr.io/m2giles IMAGE_NAME: m2os + SET_X: 1 jobs: build-image: @@ -56,22 +57,16 @@ jobs: shell: bash run: | sudo just build ${{ matrix.image }} - env: - SET_X: 1 - name: Rechunk Image shell: bash run: | sudo just rechunk ${{ matrix.image }} - env: - SET_X: 1 - name: Load and Tag Image shell: bash run: | just load-image ${{ matrix.image }} - env: - SET_X: 1 - name: Get Tags id: get_tags @@ -80,16 +75,12 @@ jobs: tags=$(just get-tags ${{ matrix.image }}) echo "tags=$tags" >> $GITHUB_OUTPUT echo $GITHUB_OUTPUT - env: - SET_X: 1 - name: Check Secureboot id: secureboot shell: bash run: | just secureboot ${{ matrix.image }} - env: - SET_X: 1 - name: Lowercase Registry id: registry_case diff --git a/.github/workflows/build-iso.yml b/.github/workflows/build-iso.yml index e4d46e8..c355505 100644 --- a/.github/workflows/build-iso.yml +++ b/.github/workflows/build-iso.yml @@ -78,8 +78,6 @@ jobs: run: | sudo just build-iso ${{ matrix.image }} 1 1 tree "./${{ env.IMAGE_NAME }}_build/output/" - env: - SET_X: 1 - name: Upload ISOs and Checksum to Job Artifacts id: upload diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index d843dae..6c0a9da 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -10,6 +10,9 @@ on: permissions: contents: write +env: + SET_X: 1 + jobs: create-release: name: Create Release @@ -54,8 +57,6 @@ jobs: for k in $(jq 'keys[]' <<< "$output" | tr -d \"); do echo "$k=$(jq -r ".$k" <<< "$ouptut")" >> $GITHUB_OUTPUT done - env: - SET_X: 1 - name: Upload Changelogs as Artifact uses: actions/upload-artifact@v4 diff --git a/Justfile b/Justfile index e47f519..3b38ad7 100644 --- a/Justfile +++ b/Justfile @@ -13,7 +13,9 @@ images := '( [ucore]="stable-zfs" [ucore-nvidia]="stable-nvidia-zfs" )' + export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } +export SET_X := if `id -u` == "0" { "1" } else { "" } [private] default: From 9650f568bd6ae8fb8b9de17078fed9910ed6f5c6 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:33:03 -0500 Subject: [PATCH 08/17] fix justfile --- Justfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Justfile b/Justfile index 3b38ad7..d3fc00f 100644 --- a/Justfile +++ b/Justfile @@ -13,7 +13,6 @@ images := '( [ucore]="stable-zfs" [ucore-nvidia]="stable-nvidia-zfs" )' - export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } export SET_X := if `id -u` == "0" { "1" } else { "" } From 752011aaa85b48eb7d1cd4ac075e8271f706b903 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:44:32 -0500 Subject: [PATCH 09/17] explicitly specify incus dependencies --- server-packages.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/server-packages.sh b/server-packages.sh index fc6e882..60d14ae 100755 --- a/server-packages.sh +++ b/server-packages.sh @@ -30,7 +30,18 @@ SERVER_PACKAGES=( # Incus Packages SERVER_PACKAGES+=( + edk2-ovmf + genisoimage incus + incus-agent + incus-client + qemu-char-spice + qemu-device-display-virtio-vga + qemu-device-display-virtio-gpu + qemu-device-usb-redirect + qemu-img + qemu-kvm-core + swtpm ) # Docker Packages From 007c4297d65ad79d4b6fb81ee3a1bf50c7049f52 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:50:29 -0500 Subject: [PATCH 10/17] add back distrobuilder --- server-packages.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/server-packages.sh b/server-packages.sh index 60d14ae..47fe850 100755 --- a/server-packages.sh +++ b/server-packages.sh @@ -30,6 +30,7 @@ SERVER_PACKAGES=( # Incus Packages SERVER_PACKAGES+=( + distrobuilder edk2-ovmf genisoimage incus From d4c200e46e54b776914a2cc63e9afdc264a11683 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 00:27:22 -0500 Subject: [PATCH 11/17] control set_x --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index d3fc00f..f1535f6 100644 --- a/Justfile +++ b/Justfile @@ -14,7 +14,7 @@ images := '( [ucore-nvidia]="stable-nvidia-zfs" )' export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } -export SET_X := if `id -u` == "0" { "1" } else { "" } +export SET_X := if `id -u` == "0" { "1" } else { `echo ${SET_X:-}` } [private] default: From b64cca89cc80c37f4d32f276b0d45732f25d05e5 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 01:44:05 -0500 Subject: [PATCH 12/17] absolute path justfile --- Justfile | 252 +++++++++++++++++++++++++------------------------- changelogs.py | 7 -- 2 files changed, 128 insertions(+), 131 deletions(-) diff --git a/Justfile b/Justfile index f1535f6..18598ac 100644 --- a/Justfile +++ b/Justfile @@ -13,45 +13,46 @@ images := '( [ucore]="stable-zfs" [ucore-nvidia]="stable-nvidia-zfs" )' -export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } -export SET_X := if `id -u` == "0" { "1" } else { `echo ${SET_X:-}` } +export SUDOIF := if `id -u` == "0" { "" } else { "/usr/bin/sudo" } +export SET_X := if `id -u` == "0" { "1" } else { env_var_or_default('SET_X', '') } +just := just_executable() [private] default: - @just --list + @{{ just }} --list # Check Just Syntax [group('Just')] check: #!/usr/bin/bash - find . -type f -name "*.just" | while read -r file; do - echo "Checking syntax: $file" - just --unstable --fmt --check -f $file + /usr/bin/find . -type f -name "*.just" | while /usr/bin/read -r file; do + /usr/bin/echo "Checking syntax: $file" + {{ just }} --unstable --fmt --check -f $file done - echo "Checking syntax: Justfile" - just --unstable --fmt --check -f Justfile + /usr/bin/echo "Checking syntax: Justfile" + {{ just }} --unstable --fmt --check -f Justfile # Fix Just Syntax [group('Just')] fix: #!/usr/bin/bash - find . -type f -name "*.just" | while read -r file; do - echo "Checking syntax: $file" - just --unstable --fmt -f $file + /usr/bin/find . -type f -name "*.just" | while /usr/bin/read -r file; do + /usr/bin/echo "Checking syntax: $file" + {{ just }} --unstable --fmt -f $file done - echo "Checking syntax: Justfile" - just --unstable --fmt -f Justfile || { exit 1; } + /usr/bin/echo "Checking syntax: Justfile" + {{ just }} --unstable --fmt -f Justfile || { exit 1; } # Cleanup [group('Utility')] clean: #!/usr/bin/bash set -euox pipefail - touch {{ repo_image_name }}_ + /usr/bin/touch {{ repo_image_name }}_ ${SUDOIF} find {{ repo_image_name }}_* -type d -exec chmod 0755 {} \; ${SUDOIF} find {{ repo_image_name }}_* -type f -exec chmod 0644 {} \; - find {{ repo_image_name }}_* -maxdepth 0 -exec rm -rf {} \; - rm -f output*.env changelog*.md version.txt previous.manifest.json + /usr/bin/find {{ repo_image_name }}_* -maxdepth 0 -exec rm -rf {} \; + /usr/bin/rm -f output*.env changelog*.md version.txt previous.manifest.json # Build Image [group('Image')] @@ -68,50 +69,51 @@ build image="bluefin": "aurora"*|"bluefin"*) BASE_IMAGE=${check} TAG_VERSION=stable-daily - just verify-container ${BASE_IMAGE}:${TAG_VERSION} - skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json - fedora_version="$(jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | grep -oP 'fc\K[0-9]+')" + {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} + /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json + fedora_version="$(/usr/bin/jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | /usr/bin/grep -oP 'fc\K[0-9]+')" ;; "bazzite"*) BASE_IMAGE=${check} TAG_VERSION=stable - just verify-container ${BASE_IMAGE}:${TAG_VERSION} - skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json - fedora_version="$(jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | grep -oP 'fc\K[0-9]+')" + {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} + /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json + fedora_version="$(/usr/bin/jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | /usr/bin/grep -oP 'fc\K[0-9]+')" ;; "cosmic"*) - just verify-container bluefin:stable-daily - fedora_version="$(skopeo inspect docker://ghcr.io/ublue-os/bluefin:stable-daily | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" - just verify-container coreos-stable-kernel:${fedora_version} + {{ just }} verify-container bluefin:stable-daily + fedora_version="$(/usr/bin/skopeo inspect docker://ghcr.io/ublue-os/bluefin:stable-daily | /usr/bin/jq -r '.Labels["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" + {{ just }} verify-container coreos-stable-kernel:${fedora_version} BASE_IMAGE=base-main TAG_VERSION=${fedora_version} - just verify-container ${BASE_IMAGE}:${TAG_VERSION} - skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json + {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} + /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json ;; "ucore"*) BASE_IMAGE=ucore TAG_VERSION=${check} - just verify-container ${BASE_IMAGE}:${TAG_VERSION} - fedora_version="$(skopeo inspect docker://ghcr.io/ublue-os/ucore:${check} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" - just verify-container coreos-stable-kernel:${fedora_version} - skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json + {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} + fedora_version="$(/usr/bin/skopeo inspect docker://ghcr.io/ublue-os/ucore:${check} | /usr/bin/jq -r '.Labels["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" + {{ just }} verify-container coreos-stable-kernel:${fedora_version} + /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json ;; esac BUILD_ARGS+=("--label" "org.opencontainers.image.title={{ repo_image_name }}") BUILD_ARGS+=("--label" "org.opencontainers.image.version={{ image }}-${fedora_version}.$(date +%Y%m%d)") - BUILD_ARGS+=("--label" "ostree.linux=$(jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json)") + BUILD_ARGS+=("--label" "ostree.linux=$(/usr/bin/jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json)") + BUILD_ARGS+=("--label" "org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses.") BUILD_ARGS+=("--build-arg" "IMAGE={{ image }}") BUILD_ARGS+=("--build-arg" "BASE_IMAGE=$BASE_IMAGE") BUILD_ARGS+=("--build-arg" "TAG_VERSION=$TAG_VERSION") BUILD_ARGS+=("--build-arg" "SET_X=${SET_X:-}") BUILD_ARGS+=("--tag" "localhost/{{ repo_image_name }}:{{ image }}") - podman pull ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" - buildah build --format docker --label "org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses." ${BUILD_ARGS[@]} . + BUILD_ARGS+=("--format" "docker") + /usr/bin/buildah build "${BUILD_ARGS[@]}" . if [[ "${UID}" -gt "0" ]]; then - just rechunk {{ image }} + {{ just }} rechunk {{ image }} else - podman rmi ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" + /usr/bin/podman rmi ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" fi # Rechunk Image @@ -119,34 +121,34 @@ build image="bluefin": rechunk image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - ID=$(podman images --filter reference=localhost/{{ repo_image_name }}:{{ image }} --format "'{{ '{{.ID}}' }}'") + ID=$(/usr/bin/podman images --filter reference=localhost/{{ repo_image_name }}:{{ image }} --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then - just build {{ image }} + {{ just }} build {{ image }} fi if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} podman image scp ${UID}@localhost::localhost/{{ repo_image_name }}:{{ image }} root@localhost::localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} /usr/bin/podman image scp ${UID}@localhost::localhost/{{ repo_image_name }}:{{ image }} root@localhost::localhost/{{ repo_image_name }}:{{ image }} fi - CREF=$(${SUDOIF} podman create localhost/{{ repo_image_name }}:{{ image }} bash) - MOUNT=$(${SUDOIF} podman mount $CREF) - FEDORA_VERSION="$(${SUDOIF} podman inspect $CREF | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" + CREF=$(${SUDOIF} /usr/bin/podman create localhost/{{ repo_image_name }}:{{ image }} /usr/bin/bash) + MOUNT=$(${SUDOIF} /usr/bin/podman mount $CREF) + FEDORA_VERSION="$(${SUDOIF} /usr/bin/podman inspect $CREF | /usr/bin/jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" OUT_NAME="{{ repo_image_name }}_{{ image }}" VERSION="{{ image }}-${FEDORA_VERSION}.$(date +%Y%m%d)" LABELS=" org.opencontainers.image.title={{ repo_image_name }}:{{ image }} org.opencontainers.image.revision=$(git rev-parse HEAD) - ostree.linux=$(podman inspect localhost/{{ repo_image_name }}:{{ image }} | jq -r '.[].["Config"]["Labels"]["ostree.linux"]') + ostree.linux=$(/usr/bin/podman inspect localhost/{{ repo_image_name }}:{{ image }} | /usr/bin/jq -r '.[].["Config"]["Labels"]["ostree.linux"]') org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses." - ${SUDOIF} podman run --rm \ + ${SUDOIF} /usr/bin/podman run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --env TREE=/var/tree \ --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/1_prune.sh - ${SUDOIF} podman run --rm \ + ${SUDOIF} /usr/bin/podman run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --volume "cache_ostree:/var/ostree" \ @@ -156,13 +158,13 @@ rechunk image="bluefin": --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/2_create.sh - ${SUDOIF} podman unmount "$CREF" - ${SUDOIF} podman rm "$CREF" + ${SUDOIF} /usr/bin/podman unmount "$CREF" + ${SUDOIF} /usr/bin/podman rm "$CREF" if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} podman rmi localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} /usr/bin/podman rmi localhost/{{ repo_image_name }}:{{ image }} fi - podman rmi localhost/{{ repo_image_name }}:{{ image }} - ${SUDOIF} podman run --rm \ + /usr/bin/podman rmi localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} /usr/bin/podman run --rm \ --pull=newer \ --security-opt label=disable \ --volume "$PWD:/workspace" \ @@ -180,34 +182,34 @@ rechunk image="bluefin": ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/3_chunk.sh - ${SUDOIF} find {{ repo_image_name }}_{{ image }} -type d -exec chmod 0755 {} \; || true - ${SUDOIF} find {{ repo_image_name }}_{{ image }}* -type f -exec chmod 0644 {} \; || true + ${SUDOIF} /usr/bin/find {{ repo_image_name }}_{{ image }} -type d -exec chmod 0755 {} \; || true + ${SUDOIF} /usr/bin/find {{ repo_image_name }}_{{ image }}* -type f -exec chmod 0644 {} \; || true if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} chown -R ${UID}:${GROUPS} "${PWD}" + ${SUDOIF} /usr/bin/chown -R ${UID}:${GROUPS} "${PWD}" elif [[ "${UID}" == "0" && -n "${SUDO_USER:-}" ]]; then - ${SUDOIF} chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" + ${SUDOIF} /usr/bin/chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" fi - ${SUDOIF} podman volume rm cache_ostree + ${SUDOIF} /usr/bin/podman volume rm cache_ostree # Load Image into Podman and Tag [private] load-image image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - IMAGE=$(podman pull oci:${PWD}/{{ repo_image_name }}_{{ image }}) - podman tag ${IMAGE} localhost/{{ repo_image_name }}:{{ image }} - VERSION=$(podman inspect $IMAGE | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') - podman tag ${IMAGE} localhost/{{ repo_image_name }}:${VERSION} - podman images - rm -rf {{ repo_image_name }}_{{ image }} + IMAGE=$(/usr/bin/podman pull oci:${PWD}/{{ repo_image_name }}_{{ image }}) + /usr/bin/podman tag ${IMAGE} localhost/{{ repo_image_name }}:{{ image }} + VERSION=$(/usr/bin/podman inspect $IMAGE | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') + /usr/bin/podman tag ${IMAGE} localhost/{{ repo_image_name }}:${VERSION} + /usr/bin/podman images + /usr/bin/rm -rf {{ repo_image_name }}_{{ image }} # Get Tags get-tags image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - VERSION=$(podman inspect {{ repo_image_name }}:{{ image }} | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') - echo "{{ image }} $VERSION" + VERSION=$(/usr/bin/podman inspect {{ repo_image_name }}:{{ image }} | /usr/bin/jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') + /usr/bin/echo "{{ image }} $VERSION" # Build ISO [group('ISO')] @@ -222,10 +224,10 @@ build-iso image="bluefin" ghcr="0" clean="0": fi # Verify ISO Build Container - just verify-container "build-container-installer" "ghcr.io/jasonn3" "https://raw.githubusercontent.com/JasonN3/build-container-installer/refs/heads/main/cosign.pub" + {{ just }} verify-container "build-container-installer" "ghcr.io/jasonn3" "https://raw.githubusercontent.com/JasonN3/build-container-installer/refs/heads/main/cosign.pub" - mkdir -p {{ repo_image_name }}_build/{lorax_templates,flatpak-refs-{{ image }},output} - echo 'append etc/anaconda/profile.d/fedora-kinoite.conf "\\n[User Interface]\\nhidden_spokes =\\n PasswordSpoke"' \ + /usr/bin/mkdir -p {{ repo_image_name }}_build/{lorax_templates,flatpak-refs-{{ image }},output} + /usr/bin/echo 'append etc/anaconda/profile.d/fedora-kinoite.conf "\\n[User Interface]\\nhidden_spokes =\\n PasswordSpoke"' \ > {{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl # Build from GHCR or localhost @@ -233,17 +235,17 @@ build-iso image="bluefin" ghcr="0" clean="0": IMAGE_FULL=ghcr.io/{{ repo_name }}/{{ repo_image_name }}:{{ image }} IMAGE_REPO=ghcr.io/{{ repo_name }} # Verify Container for ISO - just verify-container "{{ repo_image_name }}:{{ image }}" "${IMAGE_REPO}" "https://raw.githubusercontent.com/{{ repo_name }}/{{ repo_image_name }}/refs/heads/main/cosign.pub" - podman pull "${IMAGE_FULL}" + {{ just }} verify-container "{{ repo_image_name }}:{{ image }}" "${IMAGE_REPO}" "https://raw.githubusercontent.com/{{ repo_name }}/{{ repo_image_name }}/refs/heads/main/cosign.pub" + /usr/bin/podman pull "${IMAGE_FULL}" TEMPLATES=( /github/workspace/{{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl ) else IMAGE_FULL=localhost/{{ repo_image_name }}:{{ image }} IMAGE_REPO=localhost - ID=$(podman images --filter reference=${IMAGE_FULL} --format "'{{ '{{.ID}}' }}'") + ID=$(/usr/bin/podman images --filter reference=${IMAGE_FULL} --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then - just build {{ image }} + {{ just }} build {{ image }} fi TEMPLATES=( /github/workspace/{{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl @@ -252,19 +254,19 @@ build-iso image="bluefin" ghcr="0" clean="0": # Check if ISO already exists. Remove it. if [[ -f "{{ repo_image_name }}_build/output/{{ image }}.iso" || -f "{{ repo_image_name }}_build/output/{{ image }}.iso-CHECKSUM" ]]; then - rm -f {{ repo_image_name }}_build/output/{{ image }}.iso* + /usr/bin/rm -f {{ repo_image_name }}_build/output/{{ image }}.iso* fi # Load image into rootful podman if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" + ${SUDOIF} /usr/bin/podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" fi # Generate Flatpak List - TEMP_FLATPAK_INSTALL_DIR="$(mktemp -d -p /tmp flatpak-XXXXX)" + TEMP_FLATPAK_INSTALL_DIR="$(/usr/bin/mktemp -d -p /tmp flatpak-XXXXX)" FLATPAK_REFS_DIR="{{ repo_image_name }}_build/flatpak-refs-{{ image }}" - FLATPAK_REFS_DIR_ABS="$(realpath ${FLATPAK_REFS_DIR})" - mkdir -p "${FLATPAK_REFS_DIR_ABS}" + FLATPAK_REFS_DIR_ABS="$(/usr/bin/realpath ${FLATPAK_REFS_DIR})" + /usr/bin/mkdir -p "${FLATPAK_REFS_DIR_ABS}" case "{{ image }}" in *"aurora"*) FLATPAK_LIST_URL="https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/aurora_flatpaks/flatpaks" @@ -279,7 +281,7 @@ build-iso image="bluefin" ghcr="0" clean="0": FLATPAK_LIST_URL="https://raw.githubusercontent.com/ublue-os/cosmic/refs/heads/main/flatpaks.txt" ;; esac - curl -Lo ${FLATPAK_REFS_DIR_ABS}/flatpaks.txt "${FLATPAK_LIST_URL}" + /usr/bin/curl -Lo ${FLATPAK_REFS_DIR_ABS}/flatpaks.txt "${FLATPAK_LIST_URL}" ADDITIONAL_FLATPAKS=( app/com.discordapp.Discord/x86_64/stable app/com.google.Chrome/x86_64/stable @@ -313,23 +315,23 @@ build-iso image="bluefin" ghcr="0" clean="0": ADDITIONAL_FLATPAKS+=(app/org.gnome.World.PikaBackup/x86_64/stable) fi FLATPAK_REFS=() - while IFS= read -r line; do + while IFS= /usr/bin/read -r line; do FLATPAK_REFS+=("$line") done < "${FLATPAK_REFS_DIR}/flatpaks.txt" FLATPAK_REFS+=("${ADDITIONAL_FLATPAKS[@]}") - echo "Flatpak refs: ${FLATPAK_REFS[@]}" + /usr/bin/echo "Flatpak refs: ${FLATPAK_REFS[@]}" # Generate installation script - tee "${TEMP_FLATPAK_INSTALL_DIR}/install-flatpaks.sh"< /output/flatpaks-with-deps + /usr/bin/tee "${TEMP_FLATPAK_INSTALL_DIR}/install-flatpaks.sh"< /output/flatpaks-with-deps EOF # Create Flatpak List - ${SUDOIF} podman run --rm --privileged \ + ${SUDOIF} /usr/bin/podman run --rm --privileged \ --entrypoint /bin/bash \ -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ -e FLATPAK_TRIGGERS_DIR=/flatpak/triggers \ @@ -337,12 +339,12 @@ build-iso image="bluefin" ghcr="0" clean="0": -v ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \ ${IMAGE_FULL} /temp_flatpak_install_dir/install-flatpaks.sh - VERSION="$(${SUDOIF} podman inspect ${IMAGE_FULL} | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" + VERSION="$(${SUDOIF} /usr/bin/podman inspect ${IMAGE_FULL} | /usr/bin/jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" if [[ "{{ ghcr }}" == "1" && "{{ clean }}" == "1" ]]; then - ${SUDOIF} podman rmi ${IMAGE_FULL} + ${SUDOIF} /usr/bin/podman rmi ${IMAGE_FULL} fi # list Flatpaks - cat ${FLATPAK_REFS_DIR}/flatpaks-with-deps + /usr/bin/cat ${FLATPAK_REFS_DIR}/flatpaks-with-deps #ISO Container Args iso_build_args=() if [[ "{{ ghcr }}" == "0" ]]; then @@ -367,12 +369,12 @@ build-iso image="bluefin" ghcr="0" clean="0": iso_build_args+=(VERSION="$VERSION") iso_build_args+=(WEB_UI="false") # Build ISO - ${SUDOIF} podman run --rm --privileged --pull=newer --security-opt label=disable "${iso_build_args[@]}" + ${SUDOIF} /usr/bin/podman run --rm --privileged --pull=newer --security-opt label=disable "${iso_build_args[@]}" if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} chown -R ${UID}:${GROUPS} "${PWD}" - ${SUDOIF} podman rmi "${IMAGE_FULL}" + ${SUDOIF} /usr/bin/chown -R ${UID}:${GROUPS} "${PWD}" + ${SUDOIF} /usr/bin/podman rmi "${IMAGE_FULL}" elif [[ "${UID}" == "0" && -n "${SUDO_USER:-}" ]]; then - ${SUDOIF} chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" + ${SUDOIF} /usr/bin/chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" fi # Run ISO @@ -381,7 +383,7 @@ run-iso image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail if [[ ! -f "{{ repo_image_name }}_build/output/{{ image }}.iso" ]]; then - just build-iso {{ image }} + {{ just }} build-iso {{ image }} fi port=8006; while grep -q ${port} <<< $(ss -tunalp); do @@ -389,7 +391,7 @@ run-iso image="bluefin": done echo "Using Port: ${port}" echo "Connect to http://localhost:${port}" - (sleep 30 && xdg-open http://localhost:${port})& + (sleep 30 && /usr/bin/xdg-open http://localhost:${port})& run_args=() run_args+=(--rm --privileged) run_args+=(--pull=newer) @@ -403,14 +405,14 @@ run-iso image="bluefin": run_args+=(--device=/dev/kvm) run_args+=(--volume "${PWD}/{{ repo_image_name }}_build/output/{{ image }}.iso":"/boot.iso":z) run_args+=(docker.io/qemux/qemu-docker) - podman run "${run_args[@]}" + /usr/bin/podman run "${run_args[@]}" # Test Changelogs [group('Changelogs')] changelogs branch="stable" urlmd="" handwritten="": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - python3 changelogs.py {{ branch }} ./output-{{ branch }}.env ./changelog-{{ branch }}.md --workdir . --handwritten "{{ handwritten }}" --urlmd "{{ urlmd }}" + /usr/bin/python3 changelogs.py {{ branch }} ./output-{{ branch }}.env ./changelog-{{ branch }}.md --workdir . --handwritten "{{ handwritten }}" --urlmd "{{ urlmd }}" # Verify Container with Cosign [group('Utility')] @@ -419,16 +421,18 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": set ${SET_X:+-x} -eou pipefail # Get Cosign if Needed - if [[ ! $(command -v cosign) ]]; then - COSIGN_CONTAINER_ID=$(${SUDOIF} podman create cgr.dev/chainguard/cosign:latest bash) - ${SUDOIF} podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign - ${SUDOIF} podman rm -f "${COSIGN_CONTAINER_ID}" + if [[ ! $(/usr/bin/command -v cosign) ]]; then + COSIGN_CONTAINER_ID=$(${SUDOIF} /usr/bin/podman create cgr.dev/chainguard/cosign:latest /bin/sh) + ${SUDOIF} /usr/bin/podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign + ${SUDOIF} /usr/bin/podman rm -f "${COSIGN_CONTAINER_ID}" fi + COSIGN="$(/usr/bin/command -v cosign)" + # Verify Cosign Image Signatures if needed if [[ -n "${COSIGN_CONTAINER_ID:-}" ]]; then - if ! cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign >/dev/null; then - echo "NOTICE: Failed to verify cosign image signatures." + if ! ${COSIGN} verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign >/dev/null; then + /usr/bin/echo "NOTICE: Failed to verify cosign image signatures." exit 1 fi fi @@ -440,8 +444,8 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": fi # Verify Container using cosign public key - if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then - echo "NOTICE: Verification failed. Please ensure your public key is correct." + if ! ${COSIGN} verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then + /usr/bin/echo "NOTICE: Verification failed. Please ensure your public key is correct." exit 1 fi @@ -452,22 +456,22 @@ secureboot image="bluefin": set ${SET_X:+-x} -eou pipefail # Get the vmlinuz to check - kernel_release=$(podman inspect "{{ repo_image_name }}":"{{ image }}" | jq -r '.[].Config.Labels["ostree.linux"]') - TMP=$(podman create "{{ repo_image_name }}":"{{ image }}" bash) + kernel_release=$(/usr/bin/podman inspect "{{ repo_image_name }}":"{{ image }}" | /usr/bin/jq -r '.[].Config.Labels["ostree.linux"]') + TMP=$(/usr/bin/podman create "{{ repo_image_name }}":"{{ image }}" /usr/bin/bash) podman cp "$TMP":/usr/lib/modules/"${kernel_release}"/vmlinuz /tmp/vmlinuz podman rm "$TMP" # Get the Public Certificates - curl --retry 3 -Lo /tmp/kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der - curl --retry 3 -Lo /tmp/akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der - openssl x509 -in /tmp/kernel-sign.der -out /tmp/kernel-sign.crt - openssl x509 -in /tmp/akmods.der -out /tmp/akmods.crt + /usr/bin/curl --retry 3 -Lo /tmp/kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + /usr/bin/curl --retry 3 -Lo /tmp/akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + /usr/bin/openssl x509 -in /tmp/kernel-sign.der -out /tmp/kernel-sign.crt + /usr/bin/openssl x509 -in /tmp/akmods.der -out /tmp/akmods.crt # Make sure we have sbverify - CMD="$(command -v sbverify)" + CMD="$(/usr/bin/command -v sbverify)" if [[ -z "${CMD:-}" ]]; then temp_name="sbverify-${RANDOM}" - podman run -dt \ + /usr/bin/podman run -dt \ --entrypoint /bin/sh \ --volume /tmp/vmlinuz:/tmp/vmlinuz:z \ --volume /tmp/kernel-sign.crt:/tmp/kernel-sign.crt:z \ @@ -475,18 +479,18 @@ secureboot image="bluefin": --name ${temp_name} \ alpine:edge podman exec ${temp_name} apk add sbsigntool - CMD="podman exec ${temp_name} /usr/bin/sbverify" + CMD="/usr/bin/podman exec ${temp_name} /usr/bin/sbverify" fi # Confirm that Signatures Are Good $CMD --list /tmp/vmlinuz returncode=0 if ! $CMD --cert /tmp/kernel-sign.crt /tmp/vmlinuz || ! $CMD --cert /tmp/akmods.crt /tmp/vmlinuz; then - echo "Secureboot Signature Failed...." + /usr/bin/echo "Secureboot Signature Failed...." returncode=1 fi if [[ -n "${temp_name:-}" ]]; then - podman rm -f "${temp_name}" + /usr/bin/podman rm -f "${temp_name}" fi exit "$returncode" @@ -494,17 +498,17 @@ secureboot image="bluefin": merge-changelog: #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - rm -f changelog.md - cat changelog*.md > changelog.md - last_tag=$(git tag --list {{ repo_image_name }}-* | sort -r | head -1) - date_extract="$(echo ${last_tag:-} | cut -d "-" -f 2 | cut -d "." -f 1)" - date_version="$(echo ${last_tag:-} | cut -d "." -f 2)" + /usr/bin/rm -f changelog.md + /usr/bin/cat changelog*.md > changelog.md + last_tag=$(/usr/bin/git tag --list {{ repo_image_name }}-* | /usr/bin/sort -r | /usr/bin/head -1) + date_extract="$(/usr/bin/echo ${last_tag:-} | /usr/bin/grep -oP 'm2os-\K[0-9]+')" + date_version="$(/usr/bin/echo ${last_tag:-} | /usr/bin/grep -oP '\.\K[1-9]$' || /usr/bin/true)" if [[ "${date_extract:-}" == "$(date +%Y%m%d)" ]]; then tag="{{ repo_image_name }}-${date_extract:-}.$(( ${date_version:-} + 1 ))" else - tag="{{ repo_image_name }}-$(date +%Y%m%d).0" + tag="{{ repo_image_name }}-$(date +%Y%m%d)" fi - cat << EOF + /usr/bin/cat << EOF { "title": "$tag (#$(git rev-parse --short HEAD))", "tag": "$tag" diff --git a/changelogs.py b/changelogs.py index ce28808..9fa10b2 100644 --- a/changelogs.py +++ b/changelogs.py @@ -19,11 +19,6 @@ "image_flavor": ["main", "nvidia"] } -UCORE_IMAGE_MATRIX = { - "image": ["ucore"], - "image_flavor": ["main", "nvidia"] -} - RETRIES = 3 RETRY_WAIT = 5 FEDORA_PATTERN = re.compile(r"\.fc\d\d") @@ -81,8 +76,6 @@ def get_images(target: str): if "bazzite" in target: matrix = BAZZITE_IMAGE_MATRIX - elif "ucore" in target: - matrix = UCORE_IMAGE_MATRIX else: matrix = IMAGE_MATRIX From 82d3334912a74ed1b72a614d294df00d1f0bbc3f Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 01:47:12 -0500 Subject: [PATCH 13/17] Revert "absolute path justfile" This reverts commit b64cca89cc80c37f4d32f276b0d45732f25d05e5. --- Justfile | 252 +++++++++++++++++++++++++------------------------- changelogs.py | 7 ++ 2 files changed, 131 insertions(+), 128 deletions(-) diff --git a/Justfile b/Justfile index 18598ac..f1535f6 100644 --- a/Justfile +++ b/Justfile @@ -13,46 +13,45 @@ images := '( [ucore]="stable-zfs" [ucore-nvidia]="stable-nvidia-zfs" )' -export SUDOIF := if `id -u` == "0" { "" } else { "/usr/bin/sudo" } -export SET_X := if `id -u` == "0" { "1" } else { env_var_or_default('SET_X', '') } -just := just_executable() +export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } +export SET_X := if `id -u` == "0" { "1" } else { `echo ${SET_X:-}` } [private] default: - @{{ just }} --list + @just --list # Check Just Syntax [group('Just')] check: #!/usr/bin/bash - /usr/bin/find . -type f -name "*.just" | while /usr/bin/read -r file; do - /usr/bin/echo "Checking syntax: $file" - {{ just }} --unstable --fmt --check -f $file + find . -type f -name "*.just" | while read -r file; do + echo "Checking syntax: $file" + just --unstable --fmt --check -f $file done - /usr/bin/echo "Checking syntax: Justfile" - {{ just }} --unstable --fmt --check -f Justfile + echo "Checking syntax: Justfile" + just --unstable --fmt --check -f Justfile # Fix Just Syntax [group('Just')] fix: #!/usr/bin/bash - /usr/bin/find . -type f -name "*.just" | while /usr/bin/read -r file; do - /usr/bin/echo "Checking syntax: $file" - {{ just }} --unstable --fmt -f $file + find . -type f -name "*.just" | while read -r file; do + echo "Checking syntax: $file" + just --unstable --fmt -f $file done - /usr/bin/echo "Checking syntax: Justfile" - {{ just }} --unstable --fmt -f Justfile || { exit 1; } + echo "Checking syntax: Justfile" + just --unstable --fmt -f Justfile || { exit 1; } # Cleanup [group('Utility')] clean: #!/usr/bin/bash set -euox pipefail - /usr/bin/touch {{ repo_image_name }}_ + touch {{ repo_image_name }}_ ${SUDOIF} find {{ repo_image_name }}_* -type d -exec chmod 0755 {} \; ${SUDOIF} find {{ repo_image_name }}_* -type f -exec chmod 0644 {} \; - /usr/bin/find {{ repo_image_name }}_* -maxdepth 0 -exec rm -rf {} \; - /usr/bin/rm -f output*.env changelog*.md version.txt previous.manifest.json + find {{ repo_image_name }}_* -maxdepth 0 -exec rm -rf {} \; + rm -f output*.env changelog*.md version.txt previous.manifest.json # Build Image [group('Image')] @@ -69,51 +68,50 @@ build image="bluefin": "aurora"*|"bluefin"*) BASE_IMAGE=${check} TAG_VERSION=stable-daily - {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} - /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json - fedora_version="$(/usr/bin/jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | /usr/bin/grep -oP 'fc\K[0-9]+')" + just verify-container ${BASE_IMAGE}:${TAG_VERSION} + skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json + fedora_version="$(jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | grep -oP 'fc\K[0-9]+')" ;; "bazzite"*) BASE_IMAGE=${check} TAG_VERSION=stable - {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} - /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json - fedora_version="$(/usr/bin/jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | /usr/bin/grep -oP 'fc\K[0-9]+')" + just verify-container ${BASE_IMAGE}:${TAG_VERSION} + skopeo inspect docker://ghcr.io/ublue-os/${BASE_IMAGE}:${TAG_VERSION} > /tmp/inspect-"{{ image }}".json + fedora_version="$(jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json | grep -oP 'fc\K[0-9]+')" ;; "cosmic"*) - {{ just }} verify-container bluefin:stable-daily - fedora_version="$(/usr/bin/skopeo inspect docker://ghcr.io/ublue-os/bluefin:stable-daily | /usr/bin/jq -r '.Labels["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" - {{ just }} verify-container coreos-stable-kernel:${fedora_version} + just verify-container bluefin:stable-daily + fedora_version="$(skopeo inspect docker://ghcr.io/ublue-os/bluefin:stable-daily | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" + just verify-container coreos-stable-kernel:${fedora_version} BASE_IMAGE=base-main TAG_VERSION=${fedora_version} - {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} - /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json + just verify-container ${BASE_IMAGE}:${TAG_VERSION} + skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json ;; "ucore"*) BASE_IMAGE=ucore TAG_VERSION=${check} - {{ just }} verify-container ${BASE_IMAGE}:${TAG_VERSION} - fedora_version="$(/usr/bin/skopeo inspect docker://ghcr.io/ublue-os/ucore:${check} | /usr/bin/jq -r '.Labels["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" - {{ just }} verify-container coreos-stable-kernel:${fedora_version} - /usr/bin/skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json + just verify-container ${BASE_IMAGE}:${TAG_VERSION} + fedora_version="$(skopeo inspect docker://ghcr.io/ublue-os/ucore:${check} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" + just verify-container coreos-stable-kernel:${fedora_version} + skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} > /tmp/inspect-"{{ image }}".json ;; esac BUILD_ARGS+=("--label" "org.opencontainers.image.title={{ repo_image_name }}") BUILD_ARGS+=("--label" "org.opencontainers.image.version={{ image }}-${fedora_version}.$(date +%Y%m%d)") - BUILD_ARGS+=("--label" "ostree.linux=$(/usr/bin/jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json)") - BUILD_ARGS+=("--label" "org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses.") + BUILD_ARGS+=("--label" "ostree.linux=$(jq -r '.Labels["ostree.linux"]' < /tmp/inspect-{{ image }}.json)") BUILD_ARGS+=("--build-arg" "IMAGE={{ image }}") BUILD_ARGS+=("--build-arg" "BASE_IMAGE=$BASE_IMAGE") BUILD_ARGS+=("--build-arg" "TAG_VERSION=$TAG_VERSION") BUILD_ARGS+=("--build-arg" "SET_X=${SET_X:-}") BUILD_ARGS+=("--tag" "localhost/{{ repo_image_name }}:{{ image }}") - BUILD_ARGS+=("--format" "docker") - /usr/bin/buildah build "${BUILD_ARGS[@]}" . + podman pull ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" + buildah build --format docker --label "org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses." ${BUILD_ARGS[@]} . if [[ "${UID}" -gt "0" ]]; then - {{ just }} rechunk {{ image }} + just rechunk {{ image }} else - /usr/bin/podman rmi ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" + podman rmi ghcr.io/ublue-os/"${BASE_IMAGE}":"${TAG_VERSION}" fi # Rechunk Image @@ -121,34 +119,34 @@ build image="bluefin": rechunk image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - ID=$(/usr/bin/podman images --filter reference=localhost/{{ repo_image_name }}:{{ image }} --format "'{{ '{{.ID}}' }}'") + ID=$(podman images --filter reference=localhost/{{ repo_image_name }}:{{ image }} --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then - {{ just }} build {{ image }} + just build {{ image }} fi if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} /usr/bin/podman image scp ${UID}@localhost::localhost/{{ repo_image_name }}:{{ image }} root@localhost::localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} podman image scp ${UID}@localhost::localhost/{{ repo_image_name }}:{{ image }} root@localhost::localhost/{{ repo_image_name }}:{{ image }} fi - CREF=$(${SUDOIF} /usr/bin/podman create localhost/{{ repo_image_name }}:{{ image }} /usr/bin/bash) - MOUNT=$(${SUDOIF} /usr/bin/podman mount $CREF) - FEDORA_VERSION="$(${SUDOIF} /usr/bin/podman inspect $CREF | /usr/bin/jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" + CREF=$(${SUDOIF} podman create localhost/{{ repo_image_name }}:{{ image }} bash) + MOUNT=$(${SUDOIF} podman mount $CREF) + FEDORA_VERSION="$(${SUDOIF} podman inspect $CREF | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" OUT_NAME="{{ repo_image_name }}_{{ image }}" VERSION="{{ image }}-${FEDORA_VERSION}.$(date +%Y%m%d)" LABELS=" org.opencontainers.image.title={{ repo_image_name }}:{{ image }} org.opencontainers.image.revision=$(git rev-parse HEAD) - ostree.linux=$(/usr/bin/podman inspect localhost/{{ repo_image_name }}:{{ image }} | /usr/bin/jq -r '.[].["Config"]["Labels"]["ostree.linux"]') + ostree.linux=$(podman inspect localhost/{{ repo_image_name }}:{{ image }} | jq -r '.[].["Config"]["Labels"]["ostree.linux"]') org.opencontainers.image.description={{ repo_image_name }} is my OCI image built from ublue projects. It mainly extends them for my uses." - ${SUDOIF} /usr/bin/podman run --rm \ + ${SUDOIF} podman run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --env TREE=/var/tree \ --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/1_prune.sh - ${SUDOIF} /usr/bin/podman run --rm \ + ${SUDOIF} podman run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --volume "cache_ostree:/var/ostree" \ @@ -158,13 +156,13 @@ rechunk image="bluefin": --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/2_create.sh - ${SUDOIF} /usr/bin/podman unmount "$CREF" - ${SUDOIF} /usr/bin/podman rm "$CREF" + ${SUDOIF} podman unmount "$CREF" + ${SUDOIF} podman rm "$CREF" if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} /usr/bin/podman rmi localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} podman rmi localhost/{{ repo_image_name }}:{{ image }} fi - /usr/bin/podman rmi localhost/{{ repo_image_name }}:{{ image }} - ${SUDOIF} /usr/bin/podman run --rm \ + podman rmi localhost/{{ repo_image_name }}:{{ image }} + ${SUDOIF} podman run --rm \ --pull=newer \ --security-opt label=disable \ --volume "$PWD:/workspace" \ @@ -182,34 +180,34 @@ rechunk image="bluefin": ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/3_chunk.sh - ${SUDOIF} /usr/bin/find {{ repo_image_name }}_{{ image }} -type d -exec chmod 0755 {} \; || true - ${SUDOIF} /usr/bin/find {{ repo_image_name }}_{{ image }}* -type f -exec chmod 0644 {} \; || true + ${SUDOIF} find {{ repo_image_name }}_{{ image }} -type d -exec chmod 0755 {} \; || true + ${SUDOIF} find {{ repo_image_name }}_{{ image }}* -type f -exec chmod 0644 {} \; || true if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} /usr/bin/chown -R ${UID}:${GROUPS} "${PWD}" + ${SUDOIF} chown -R ${UID}:${GROUPS} "${PWD}" elif [[ "${UID}" == "0" && -n "${SUDO_USER:-}" ]]; then - ${SUDOIF} /usr/bin/chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" + ${SUDOIF} chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" fi - ${SUDOIF} /usr/bin/podman volume rm cache_ostree + ${SUDOIF} podman volume rm cache_ostree # Load Image into Podman and Tag [private] load-image image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - IMAGE=$(/usr/bin/podman pull oci:${PWD}/{{ repo_image_name }}_{{ image }}) - /usr/bin/podman tag ${IMAGE} localhost/{{ repo_image_name }}:{{ image }} - VERSION=$(/usr/bin/podman inspect $IMAGE | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') - /usr/bin/podman tag ${IMAGE} localhost/{{ repo_image_name }}:${VERSION} - /usr/bin/podman images - /usr/bin/rm -rf {{ repo_image_name }}_{{ image }} + IMAGE=$(podman pull oci:${PWD}/{{ repo_image_name }}_{{ image }}) + podman tag ${IMAGE} localhost/{{ repo_image_name }}:{{ image }} + VERSION=$(podman inspect $IMAGE | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') + podman tag ${IMAGE} localhost/{{ repo_image_name }}:${VERSION} + podman images + rm -rf {{ repo_image_name }}_{{ image }} # Get Tags get-tags image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - VERSION=$(/usr/bin/podman inspect {{ repo_image_name }}:{{ image }} | /usr/bin/jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') - /usr/bin/echo "{{ image }} $VERSION" + VERSION=$(podman inspect {{ repo_image_name }}:{{ image }} | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]') + echo "{{ image }} $VERSION" # Build ISO [group('ISO')] @@ -224,10 +222,10 @@ build-iso image="bluefin" ghcr="0" clean="0": fi # Verify ISO Build Container - {{ just }} verify-container "build-container-installer" "ghcr.io/jasonn3" "https://raw.githubusercontent.com/JasonN3/build-container-installer/refs/heads/main/cosign.pub" + just verify-container "build-container-installer" "ghcr.io/jasonn3" "https://raw.githubusercontent.com/JasonN3/build-container-installer/refs/heads/main/cosign.pub" - /usr/bin/mkdir -p {{ repo_image_name }}_build/{lorax_templates,flatpak-refs-{{ image }},output} - /usr/bin/echo 'append etc/anaconda/profile.d/fedora-kinoite.conf "\\n[User Interface]\\nhidden_spokes =\\n PasswordSpoke"' \ + mkdir -p {{ repo_image_name }}_build/{lorax_templates,flatpak-refs-{{ image }},output} + echo 'append etc/anaconda/profile.d/fedora-kinoite.conf "\\n[User Interface]\\nhidden_spokes =\\n PasswordSpoke"' \ > {{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl # Build from GHCR or localhost @@ -235,17 +233,17 @@ build-iso image="bluefin" ghcr="0" clean="0": IMAGE_FULL=ghcr.io/{{ repo_name }}/{{ repo_image_name }}:{{ image }} IMAGE_REPO=ghcr.io/{{ repo_name }} # Verify Container for ISO - {{ just }} verify-container "{{ repo_image_name }}:{{ image }}" "${IMAGE_REPO}" "https://raw.githubusercontent.com/{{ repo_name }}/{{ repo_image_name }}/refs/heads/main/cosign.pub" - /usr/bin/podman pull "${IMAGE_FULL}" + just verify-container "{{ repo_image_name }}:{{ image }}" "${IMAGE_REPO}" "https://raw.githubusercontent.com/{{ repo_name }}/{{ repo_image_name }}/refs/heads/main/cosign.pub" + podman pull "${IMAGE_FULL}" TEMPLATES=( /github/workspace/{{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl ) else IMAGE_FULL=localhost/{{ repo_image_name }}:{{ image }} IMAGE_REPO=localhost - ID=$(/usr/bin/podman images --filter reference=${IMAGE_FULL} --format "'{{ '{{.ID}}' }}'") + ID=$(podman images --filter reference=${IMAGE_FULL} --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then - {{ just }} build {{ image }} + just build {{ image }} fi TEMPLATES=( /github/workspace/{{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl @@ -254,19 +252,19 @@ build-iso image="bluefin" ghcr="0" clean="0": # Check if ISO already exists. Remove it. if [[ -f "{{ repo_image_name }}_build/output/{{ image }}.iso" || -f "{{ repo_image_name }}_build/output/{{ image }}.iso-CHECKSUM" ]]; then - /usr/bin/rm -f {{ repo_image_name }}_build/output/{{ image }}.iso* + rm -f {{ repo_image_name }}_build/output/{{ image }}.iso* fi # Load image into rootful podman if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} /usr/bin/podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" + ${SUDOIF} podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" fi # Generate Flatpak List - TEMP_FLATPAK_INSTALL_DIR="$(/usr/bin/mktemp -d -p /tmp flatpak-XXXXX)" + TEMP_FLATPAK_INSTALL_DIR="$(mktemp -d -p /tmp flatpak-XXXXX)" FLATPAK_REFS_DIR="{{ repo_image_name }}_build/flatpak-refs-{{ image }}" - FLATPAK_REFS_DIR_ABS="$(/usr/bin/realpath ${FLATPAK_REFS_DIR})" - /usr/bin/mkdir -p "${FLATPAK_REFS_DIR_ABS}" + FLATPAK_REFS_DIR_ABS="$(realpath ${FLATPAK_REFS_DIR})" + mkdir -p "${FLATPAK_REFS_DIR_ABS}" case "{{ image }}" in *"aurora"*) FLATPAK_LIST_URL="https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/aurora_flatpaks/flatpaks" @@ -281,7 +279,7 @@ build-iso image="bluefin" ghcr="0" clean="0": FLATPAK_LIST_URL="https://raw.githubusercontent.com/ublue-os/cosmic/refs/heads/main/flatpaks.txt" ;; esac - /usr/bin/curl -Lo ${FLATPAK_REFS_DIR_ABS}/flatpaks.txt "${FLATPAK_LIST_URL}" + curl -Lo ${FLATPAK_REFS_DIR_ABS}/flatpaks.txt "${FLATPAK_LIST_URL}" ADDITIONAL_FLATPAKS=( app/com.discordapp.Discord/x86_64/stable app/com.google.Chrome/x86_64/stable @@ -315,23 +313,23 @@ build-iso image="bluefin" ghcr="0" clean="0": ADDITIONAL_FLATPAKS+=(app/org.gnome.World.PikaBackup/x86_64/stable) fi FLATPAK_REFS=() - while IFS= /usr/bin/read -r line; do + while IFS= read -r line; do FLATPAK_REFS+=("$line") done < "${FLATPAK_REFS_DIR}/flatpaks.txt" FLATPAK_REFS+=("${ADDITIONAL_FLATPAKS[@]}") - /usr/bin/echo "Flatpak refs: ${FLATPAK_REFS[@]}" + echo "Flatpak refs: ${FLATPAK_REFS[@]}" # Generate installation script - /usr/bin/tee "${TEMP_FLATPAK_INSTALL_DIR}/install-flatpaks.sh"< /output/flatpaks-with-deps + tee "${TEMP_FLATPAK_INSTALL_DIR}/install-flatpaks.sh"< /output/flatpaks-with-deps EOF # Create Flatpak List - ${SUDOIF} /usr/bin/podman run --rm --privileged \ + ${SUDOIF} podman run --rm --privileged \ --entrypoint /bin/bash \ -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ -e FLATPAK_TRIGGERS_DIR=/flatpak/triggers \ @@ -339,12 +337,12 @@ build-iso image="bluefin" ghcr="0" clean="0": -v ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \ ${IMAGE_FULL} /temp_flatpak_install_dir/install-flatpaks.sh - VERSION="$(${SUDOIF} /usr/bin/podman inspect ${IMAGE_FULL} | /usr/bin/jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | /usr/bin/grep -oP 'fc\K[0-9]+')" + VERSION="$(${SUDOIF} podman inspect ${IMAGE_FULL} | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+')" if [[ "{{ ghcr }}" == "1" && "{{ clean }}" == "1" ]]; then - ${SUDOIF} /usr/bin/podman rmi ${IMAGE_FULL} + ${SUDOIF} podman rmi ${IMAGE_FULL} fi # list Flatpaks - /usr/bin/cat ${FLATPAK_REFS_DIR}/flatpaks-with-deps + cat ${FLATPAK_REFS_DIR}/flatpaks-with-deps #ISO Container Args iso_build_args=() if [[ "{{ ghcr }}" == "0" ]]; then @@ -369,12 +367,12 @@ build-iso image="bluefin" ghcr="0" clean="0": iso_build_args+=(VERSION="$VERSION") iso_build_args+=(WEB_UI="false") # Build ISO - ${SUDOIF} /usr/bin/podman run --rm --privileged --pull=newer --security-opt label=disable "${iso_build_args[@]}" + ${SUDOIF} podman run --rm --privileged --pull=newer --security-opt label=disable "${iso_build_args[@]}" if [[ "${UID}" -gt "0" ]]; then - ${SUDOIF} /usr/bin/chown -R ${UID}:${GROUPS} "${PWD}" - ${SUDOIF} /usr/bin/podman rmi "${IMAGE_FULL}" + ${SUDOIF} chown -R ${UID}:${GROUPS} "${PWD}" + ${SUDOIF} podman rmi "${IMAGE_FULL}" elif [[ "${UID}" == "0" && -n "${SUDO_USER:-}" ]]; then - ${SUDOIF} /usr/bin/chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" + ${SUDOIF} chown -R ${SUDO_UID}:${SUDO_GID} "${PWD}" fi # Run ISO @@ -383,7 +381,7 @@ run-iso image="bluefin": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail if [[ ! -f "{{ repo_image_name }}_build/output/{{ image }}.iso" ]]; then - {{ just }} build-iso {{ image }} + just build-iso {{ image }} fi port=8006; while grep -q ${port} <<< $(ss -tunalp); do @@ -391,7 +389,7 @@ run-iso image="bluefin": done echo "Using Port: ${port}" echo "Connect to http://localhost:${port}" - (sleep 30 && /usr/bin/xdg-open http://localhost:${port})& + (sleep 30 && xdg-open http://localhost:${port})& run_args=() run_args+=(--rm --privileged) run_args+=(--pull=newer) @@ -405,14 +403,14 @@ run-iso image="bluefin": run_args+=(--device=/dev/kvm) run_args+=(--volume "${PWD}/{{ repo_image_name }}_build/output/{{ image }}.iso":"/boot.iso":z) run_args+=(docker.io/qemux/qemu-docker) - /usr/bin/podman run "${run_args[@]}" + podman run "${run_args[@]}" # Test Changelogs [group('Changelogs')] changelogs branch="stable" urlmd="" handwritten="": #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - /usr/bin/python3 changelogs.py {{ branch }} ./output-{{ branch }}.env ./changelog-{{ branch }}.md --workdir . --handwritten "{{ handwritten }}" --urlmd "{{ urlmd }}" + python3 changelogs.py {{ branch }} ./output-{{ branch }}.env ./changelog-{{ branch }}.md --workdir . --handwritten "{{ handwritten }}" --urlmd "{{ urlmd }}" # Verify Container with Cosign [group('Utility')] @@ -421,18 +419,16 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": set ${SET_X:+-x} -eou pipefail # Get Cosign if Needed - if [[ ! $(/usr/bin/command -v cosign) ]]; then - COSIGN_CONTAINER_ID=$(${SUDOIF} /usr/bin/podman create cgr.dev/chainguard/cosign:latest /bin/sh) - ${SUDOIF} /usr/bin/podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign - ${SUDOIF} /usr/bin/podman rm -f "${COSIGN_CONTAINER_ID}" + if [[ ! $(command -v cosign) ]]; then + COSIGN_CONTAINER_ID=$(${SUDOIF} podman create cgr.dev/chainguard/cosign:latest bash) + ${SUDOIF} podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign + ${SUDOIF} podman rm -f "${COSIGN_CONTAINER_ID}" fi - COSIGN="$(/usr/bin/command -v cosign)" - # Verify Cosign Image Signatures if needed if [[ -n "${COSIGN_CONTAINER_ID:-}" ]]; then - if ! ${COSIGN} verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign >/dev/null; then - /usr/bin/echo "NOTICE: Failed to verify cosign image signatures." + if ! cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign >/dev/null; then + echo "NOTICE: Failed to verify cosign image signatures." exit 1 fi fi @@ -444,8 +440,8 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": fi # Verify Container using cosign public key - if ! ${COSIGN} verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then - /usr/bin/echo "NOTICE: Verification failed. Please ensure your public key is correct." + if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then + echo "NOTICE: Verification failed. Please ensure your public key is correct." exit 1 fi @@ -456,22 +452,22 @@ secureboot image="bluefin": set ${SET_X:+-x} -eou pipefail # Get the vmlinuz to check - kernel_release=$(/usr/bin/podman inspect "{{ repo_image_name }}":"{{ image }}" | /usr/bin/jq -r '.[].Config.Labels["ostree.linux"]') - TMP=$(/usr/bin/podman create "{{ repo_image_name }}":"{{ image }}" /usr/bin/bash) + kernel_release=$(podman inspect "{{ repo_image_name }}":"{{ image }}" | jq -r '.[].Config.Labels["ostree.linux"]') + TMP=$(podman create "{{ repo_image_name }}":"{{ image }}" bash) podman cp "$TMP":/usr/lib/modules/"${kernel_release}"/vmlinuz /tmp/vmlinuz podman rm "$TMP" # Get the Public Certificates - /usr/bin/curl --retry 3 -Lo /tmp/kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der - /usr/bin/curl --retry 3 -Lo /tmp/akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der - /usr/bin/openssl x509 -in /tmp/kernel-sign.der -out /tmp/kernel-sign.crt - /usr/bin/openssl x509 -in /tmp/akmods.der -out /tmp/akmods.crt + curl --retry 3 -Lo /tmp/kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + curl --retry 3 -Lo /tmp/akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + openssl x509 -in /tmp/kernel-sign.der -out /tmp/kernel-sign.crt + openssl x509 -in /tmp/akmods.der -out /tmp/akmods.crt # Make sure we have sbverify - CMD="$(/usr/bin/command -v sbverify)" + CMD="$(command -v sbverify)" if [[ -z "${CMD:-}" ]]; then temp_name="sbverify-${RANDOM}" - /usr/bin/podman run -dt \ + podman run -dt \ --entrypoint /bin/sh \ --volume /tmp/vmlinuz:/tmp/vmlinuz:z \ --volume /tmp/kernel-sign.crt:/tmp/kernel-sign.crt:z \ @@ -479,18 +475,18 @@ secureboot image="bluefin": --name ${temp_name} \ alpine:edge podman exec ${temp_name} apk add sbsigntool - CMD="/usr/bin/podman exec ${temp_name} /usr/bin/sbverify" + CMD="podman exec ${temp_name} /usr/bin/sbverify" fi # Confirm that Signatures Are Good $CMD --list /tmp/vmlinuz returncode=0 if ! $CMD --cert /tmp/kernel-sign.crt /tmp/vmlinuz || ! $CMD --cert /tmp/akmods.crt /tmp/vmlinuz; then - /usr/bin/echo "Secureboot Signature Failed...." + echo "Secureboot Signature Failed...." returncode=1 fi if [[ -n "${temp_name:-}" ]]; then - /usr/bin/podman rm -f "${temp_name}" + podman rm -f "${temp_name}" fi exit "$returncode" @@ -498,17 +494,17 @@ secureboot image="bluefin": merge-changelog: #!/usr/bin/bash set ${SET_X:+-x} -eou pipefail - /usr/bin/rm -f changelog.md - /usr/bin/cat changelog*.md > changelog.md - last_tag=$(/usr/bin/git tag --list {{ repo_image_name }}-* | /usr/bin/sort -r | /usr/bin/head -1) - date_extract="$(/usr/bin/echo ${last_tag:-} | /usr/bin/grep -oP 'm2os-\K[0-9]+')" - date_version="$(/usr/bin/echo ${last_tag:-} | /usr/bin/grep -oP '\.\K[1-9]$' || /usr/bin/true)" + rm -f changelog.md + cat changelog*.md > changelog.md + last_tag=$(git tag --list {{ repo_image_name }}-* | sort -r | head -1) + date_extract="$(echo ${last_tag:-} | cut -d "-" -f 2 | cut -d "." -f 1)" + date_version="$(echo ${last_tag:-} | cut -d "." -f 2)" if [[ "${date_extract:-}" == "$(date +%Y%m%d)" ]]; then tag="{{ repo_image_name }}-${date_extract:-}.$(( ${date_version:-} + 1 ))" else - tag="{{ repo_image_name }}-$(date +%Y%m%d)" + tag="{{ repo_image_name }}-$(date +%Y%m%d).0" fi - /usr/bin/cat << EOF + cat << EOF { "title": "$tag (#$(git rev-parse --short HEAD))", "tag": "$tag" diff --git a/changelogs.py b/changelogs.py index 9fa10b2..ce28808 100644 --- a/changelogs.py +++ b/changelogs.py @@ -19,6 +19,11 @@ "image_flavor": ["main", "nvidia"] } +UCORE_IMAGE_MATRIX = { + "image": ["ucore"], + "image_flavor": ["main", "nvidia"] +} + RETRIES = 3 RETRY_WAIT = 5 FEDORA_PATTERN = re.compile(r"\.fc\d\d") @@ -76,6 +81,8 @@ def get_images(target: str): if "bazzite" in target: matrix = BAZZITE_IMAGE_MATRIX + elif "ucore" in target: + matrix = UCORE_IMAGE_MATRIX else: matrix = IMAGE_MATRIX From c5401d1bbf78e0c7ce0de022e27ddebaea10ffd2 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 02:02:34 -0500 Subject: [PATCH 14/17] improve merge-changelog --- Justfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Justfile b/Justfile index f1535f6..f4222c5 100644 --- a/Justfile +++ b/Justfile @@ -14,7 +14,7 @@ images := '( [ucore-nvidia]="stable-nvidia-zfs" )' export SUDOIF := if `id -u` == "0" { "" } else { "sudo" } -export SET_X := if `id -u` == "0" { "1" } else { `echo ${SET_X:-}` } +export SET_X := if `id -u` == "0" { "1" } else { env('SET_X', '') } [private] default: @@ -496,13 +496,13 @@ merge-changelog: set ${SET_X:+-x} -eou pipefail rm -f changelog.md cat changelog*.md > changelog.md - last_tag=$(git tag --list {{ repo_image_name }}-* | sort -r | head -1) - date_extract="$(echo ${last_tag:-} | cut -d "-" -f 2 | cut -d "." -f 1)" - date_version="$(echo ${last_tag:-} | cut -d "." -f 2)" + last_tag=$(git tag --list {{ repo_image_name }}-* | sort -V | tail -1) + date_extract="$(echo ${last_tag:-} | grep -oP '{{ repo_image_name }}-\K[0-9]+')" + date_version="$(echo ${last_tag:-} | grep -oP '\.\K[0-9]+$' || true)" if [[ "${date_extract:-}" == "$(date +%Y%m%d)" ]]; then tag="{{ repo_image_name }}-${date_extract:-}.$(( ${date_version:-} + 1 ))" else - tag="{{ repo_image_name }}-$(date +%Y%m%d).0" + tag="{{ repo_image_name }}-$(date +%Y%m%d)" fi cat << EOF { From bf4688b9b76d279b0fc31fd50ad325fb19f8d095 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 02:36:34 -0500 Subject: [PATCH 15/17] fetch everything for tags --- .github/workflows/create-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 6c0a9da..2e5fd06 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -21,6 +21,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: + fetch-depth: 0 fetch-tags: true - name: Download Artifacts From df70d69bad245c02a3ffee914567717f4933d3bc Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 02:49:10 -0500 Subject: [PATCH 16/17] remove UCORE_MATRIX --- changelogs.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/changelogs.py b/changelogs.py index ce28808..9fa10b2 100644 --- a/changelogs.py +++ b/changelogs.py @@ -19,11 +19,6 @@ "image_flavor": ["main", "nvidia"] } -UCORE_IMAGE_MATRIX = { - "image": ["ucore"], - "image_flavor": ["main", "nvidia"] -} - RETRIES = 3 RETRY_WAIT = 5 FEDORA_PATTERN = re.compile(r"\.fc\d\d") @@ -81,8 +76,6 @@ def get_images(target: str): if "bazzite" in target: matrix = BAZZITE_IMAGE_MATRIX - elif "ucore" in target: - matrix = UCORE_IMAGE_MATRIX else: matrix = IMAGE_MATRIX From d2a18ece0d276e5680e56ac7e39f49b7b08d9be1 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 30 Nov 2024 08:33:28 -0500 Subject: [PATCH 17/17] fix variable name. --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 2e5fd06..1a379fd 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -56,7 +56,7 @@ jobs: cat changelog.md jq -r <<< "$output" for k in $(jq 'keys[]' <<< "$output" | tr -d \"); do - echo "$k=$(jq -r ".$k" <<< "$ouptut")" >> $GITHUB_OUTPUT + echo "$k=$(jq -r ".$k" <<< "$output")" >> $GITHUB_OUTPUT done - name: Upload Changelogs as Artifact