Skip to content

Commit

Permalink
feat: enable 3rd party repos for akmods
Browse files Browse the repository at this point in the history
Provides 3rd party repos (negativo17 at ths time) in the
ublue-os-akmods-addons RPM, formerly named ublue-os-akmods-key.
  • Loading branch information
bsherman committed May 31, 2023
1 parent b35d0fd commit f2fec1b
Show file tree
Hide file tree
Showing 8 changed files with 79 additions and 67 deletions.
21 changes: 11 additions & 10 deletions Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,29 @@ FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS builder

COPY build*.sh /tmp
COPY certs /tmp/certs
COPY ublue-os-akmods-key.spec /tmp/ublue-os-akmods-key/ublue-os-akmods-key.spec
COPY ublue-os-akmods-addons.spec /tmp/ublue-os-akmods-addons/ublue-os-akmods-addons.spec

ADD https://negativo17.org/repos/fedora-steam.repo \
/tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo

RUN /tmp/build-prep.sh

RUN /tmp/build-ublue-os-akmods-key.sh
RUN /tmp/build-ublue-os-akmods-addons.sh

RUN /tmp/build-kmod-v4l2loopback.sh
RUN /tmp/build-kmod-wl.sh
RUN /tmp/build-kmod-xone.sh
RUN /tmp/build-kmod-xpadneo.sh

RUN mkdir /var/cache/rpms && \
for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
echo ${RPM}; \
cp "${RPM}" /var/cache/rpms/; \
done && \
cp /tmp/ublue-os-akmods-key/rpmbuild/RPMS/noarch/ublue-os-akmods-key*.rpm /var/cache/rpms/
RUN mkdir -p /var/cache/rpms/{kmods,ublue-os}
RUN cp /tmp/ublue-os-akmods-addons/rpmbuild/RPMS/noarch/ublue-os-akmods-addons*.rpm \
/var/cache/rpms/ublue-os/
RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
cp "${RPM}" /var/cache/rpms/kmods/; \
done

RUN find /var/cache/repos
RUN find /var/cache/rpms

FROM scratch

COPY --from=builder /var/cache/repos /repos
COPY --from=builder /var/cache/rpms /rpms
14 changes: 10 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,23 @@ A layer for adding extra kernel modules to your image. Use for better hardware s

Add this to your Containerfile to install all the RPM packages, replacing `RELEASE` with either `37` or `38`:

COPY --from=ghcr.io/ublue-os/akmods:RELEASE /repos/ /etc/yum.repos.d/
COPY --from=ghcr.io/ublue-os/akmods:RELEASE /rpms/ /tmp/rpms
RUN rpm-ostree install /tmp/rpms/*.rpm
RUN rpm-ostree install /tmp/rpms/ublue-os/*.rpm
RUN rpm-ostree install /tmp/rpms/kmods/*.rpm

This example shows:
1. copying all the rpms from the akmods image
2. installing the ublue specific RPM, providing any extra repos and the akmod signing key
3. installing the kmods RPMs, providing the actual kmods built in this repo

The rpmfusion and extra repos provide dependencies which are required by the kmods RPMs.

This example shows copying/enabling any custom repos from `akmods` into the target environment, but building also requires that rpmfusion repos are installed and available to provide dependencies for these kmod RPMs.

# Features

Feel free to PR more kmod build scripts into this repo!

- ublue-os-akmods-key - installs our kmods signing key; install and import to allow SecureBoot systems to use these kmods
- ublue-os-akmods-addons - installs extra repos and our kmods signing key; install and import to allow SecureBoot systems to use these kmods
- [v4l2loopback](https://github.com/umlaeute/v4l2loopback) - allows creating "virtual video devices"
- [wl (broadcom)](https://github.com/rpmfusion/broadcom-wl/) - support for some legacy broadcom wifi devices
- [xone](https://github.com/medusalix/xone) - xbox one controller USB wired/RF driver (akmod from [negativo17 steam repo](https://negativo17.org/steam/)
Expand Down
5 changes: 1 addition & 4 deletions build-kmod-xone.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,8 @@

set -oeux pipefail

mkdir -p /var/cache/repos

wget https://negativo17.org/repos/fedora-steam.repo -O /var/cache/repos/fedora-steam.repo

cp /var/cache/repos/fedora-steam.repo /etc/yum.repos.d/
cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo /etc/yum.repos.d/

ARCH="$(rpm -E '%_arch')"
KERNEL="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"
Expand Down
5 changes: 1 addition & 4 deletions build-kmod-xpadneo.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,8 @@

set -oeux pipefail

mkdir -p /var/cache/repos

wget https://negativo17.org/repos/fedora-steam.repo -O /var/cache/repos/fedora-steam.repo

cp /var/cache/repos/fedora-steam.repo /etc/yum.repos.d/
cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo /etc/yum.repos.d/

ARCH="$(rpm -E '%_arch')"
KERNEL="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"
Expand Down
13 changes: 13 additions & 0 deletions build-ublue-os-akmods-addons.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/sh

set -oeux pipefail


### BUILD UBLUE AKMODS-ADDONS RPM
#sed -i "s@gpgcheck=0@gpgcheck=1@" /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo

install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/public_key.der
rpmbuild -ba \
--define '_topdir /tmp/ublue-os-akmods-addons/rpmbuild' \
--define '%_tmppath %{_topdir}/tmp' \
/tmp/ublue-os-akmods-addons/ublue-os-akmods-addons.spec
12 changes: 0 additions & 12 deletions build-ublue-os-akmods-key.sh

This file was deleted.

43 changes: 43 additions & 0 deletions ublue-os-akmods-addons.spec
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
Name: ublue-os-akmods-addons
Version: 0.2
Release: 1%{?dist}
Summary: Signing key and repos for ublue os akmods

License: MIT
URL: https://github.com/ublue-os/akmods

BuildArch: noarch
Supplements: mokutil policycoreutils

Source0: public_key.der
Source1: negativo17-fedora-steam.repo

%description
Adds the signing key for importing with mokutil to enable secure boot for kernel modules and repo files required to install akmod dependencies.

%prep
%setup -q -c -T


%build
# Have different name for *.der in case kmodgenca is needed for creating more keys
install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der
install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo

sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo

install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der %{buildroot}%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo %{buildroot}%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo

%files
%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der
%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo
%attr(0644,root,root) %{_sysconfdir}/pki/akmods/certs/akmods-ublue.der
%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo

%changelog
* Tue May 30 2023 Benjamin Sherman <[email protected]> - 0.2
- Add negativo17 fedora-steam repo to enable xbox controllers

* Fri May 18 2023 David Hoell - 0.1
- Add key for enrolling ublue kernel modules for secure boot
33 changes: 0 additions & 33 deletions ublue-os-akmods-key.spec

This file was deleted.

0 comments on commit f2fec1b

Please sign in to comment.