From f2fec1b3f18a98ee2a823c33bce09dad53268964 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 31 May 2023 00:57:35 -0500 Subject: [PATCH] feat: enable 3rd party repos for akmods Provides 3rd party repos (negativo17 at ths time) in the ublue-os-akmods-addons RPM, formerly named ublue-os-akmods-key. --- Containerfile | 21 ++++++++-------- README.md | 14 ++++++++--- build-kmod-xone.sh | 5 +--- build-kmod-xpadneo.sh | 5 +--- build-ublue-os-akmods-addons.sh | 13 ++++++++++ build-ublue-os-akmods-key.sh | 12 --------- ublue-os-akmods-addons.spec | 43 +++++++++++++++++++++++++++++++++ ublue-os-akmods-key.spec | 33 ------------------------- 8 files changed, 79 insertions(+), 67 deletions(-) create mode 100755 build-ublue-os-akmods-addons.sh delete mode 100755 build-ublue-os-akmods-key.sh create mode 100644 ublue-os-akmods-addons.spec delete mode 100644 ublue-os-akmods-key.spec diff --git a/Containerfile b/Containerfile index 6104ffb0..e2ddf75a 100644 --- a/Containerfile +++ b/Containerfile @@ -7,28 +7,29 @@ FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS builder COPY build*.sh /tmp COPY certs /tmp/certs -COPY ublue-os-akmods-key.spec /tmp/ublue-os-akmods-key/ublue-os-akmods-key.spec +COPY ublue-os-akmods-addons.spec /tmp/ublue-os-akmods-addons/ublue-os-akmods-addons.spec + +ADD https://negativo17.org/repos/fedora-steam.repo \ + /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo RUN /tmp/build-prep.sh -RUN /tmp/build-ublue-os-akmods-key.sh +RUN /tmp/build-ublue-os-akmods-addons.sh RUN /tmp/build-kmod-v4l2loopback.sh RUN /tmp/build-kmod-wl.sh RUN /tmp/build-kmod-xone.sh RUN /tmp/build-kmod-xpadneo.sh -RUN mkdir /var/cache/rpms && \ - for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \ - echo ${RPM}; \ - cp "${RPM}" /var/cache/rpms/; \ - done && \ - cp /tmp/ublue-os-akmods-key/rpmbuild/RPMS/noarch/ublue-os-akmods-key*.rpm /var/cache/rpms/ +RUN mkdir -p /var/cache/rpms/{kmods,ublue-os} +RUN cp /tmp/ublue-os-akmods-addons/rpmbuild/RPMS/noarch/ublue-os-akmods-addons*.rpm \ + /var/cache/rpms/ublue-os/ +RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \ + cp "${RPM}" /var/cache/rpms/kmods/; \ + done -RUN find /var/cache/repos RUN find /var/cache/rpms FROM scratch -COPY --from=builder /var/cache/repos /repos COPY --from=builder /var/cache/rpms /rpms diff --git a/README.md b/README.md index 68efd11c..df6176a0 100644 --- a/README.md +++ b/README.md @@ -8,17 +8,23 @@ A layer for adding extra kernel modules to your image. Use for better hardware s Add this to your Containerfile to install all the RPM packages, replacing `RELEASE` with either `37` or `38`: - COPY --from=ghcr.io/ublue-os/akmods:RELEASE /repos/ /etc/yum.repos.d/ COPY --from=ghcr.io/ublue-os/akmods:RELEASE /rpms/ /tmp/rpms - RUN rpm-ostree install /tmp/rpms/*.rpm + RUN rpm-ostree install /tmp/rpms/ublue-os/*.rpm + RUN rpm-ostree install /tmp/rpms/kmods/*.rpm + +This example shows: +1. copying all the rpms from the akmods image +2. installing the ublue specific RPM, providing any extra repos and the akmod signing key +3. installing the kmods RPMs, providing the actual kmods built in this repo + +The rpmfusion and extra repos provide dependencies which are required by the kmods RPMs. -This example shows copying/enabling any custom repos from `akmods` into the target environment, but building also requires that rpmfusion repos are installed and available to provide dependencies for these kmod RPMs. # Features Feel free to PR more kmod build scripts into this repo! -- ublue-os-akmods-key - installs our kmods signing key; install and import to allow SecureBoot systems to use these kmods +- ublue-os-akmods-addons - installs extra repos and our kmods signing key; install and import to allow SecureBoot systems to use these kmods - [v4l2loopback](https://github.com/umlaeute/v4l2loopback) - allows creating "virtual video devices" - [wl (broadcom)](https://github.com/rpmfusion/broadcom-wl/) - support for some legacy broadcom wifi devices - [xone](https://github.com/medusalix/xone) - xbox one controller USB wired/RF driver (akmod from [negativo17 steam repo](https://negativo17.org/steam/) diff --git a/build-kmod-xone.sh b/build-kmod-xone.sh index 02b32c9d..b3c8d4c7 100755 --- a/build-kmod-xone.sh +++ b/build-kmod-xone.sh @@ -2,11 +2,8 @@ set -oeux pipefail -mkdir -p /var/cache/repos -wget https://negativo17.org/repos/fedora-steam.repo -O /var/cache/repos/fedora-steam.repo - -cp /var/cache/repos/fedora-steam.repo /etc/yum.repos.d/ +cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo /etc/yum.repos.d/ ARCH="$(rpm -E '%_arch')" KERNEL="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" diff --git a/build-kmod-xpadneo.sh b/build-kmod-xpadneo.sh index eb4dac42..2b33ce54 100755 --- a/build-kmod-xpadneo.sh +++ b/build-kmod-xpadneo.sh @@ -2,11 +2,8 @@ set -oeux pipefail -mkdir -p /var/cache/repos -wget https://negativo17.org/repos/fedora-steam.repo -O /var/cache/repos/fedora-steam.repo - -cp /var/cache/repos/fedora-steam.repo /etc/yum.repos.d/ +cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo /etc/yum.repos.d/ ARCH="$(rpm -E '%_arch')" KERNEL="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" diff --git a/build-ublue-os-akmods-addons.sh b/build-ublue-os-akmods-addons.sh new file mode 100755 index 00000000..bab8a516 --- /dev/null +++ b/build-ublue-os-akmods-addons.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -oeux pipefail + + +### BUILD UBLUE AKMODS-ADDONS RPM +#sed -i "s@gpgcheck=0@gpgcheck=1@" /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-steam.repo + +install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/public_key.der +rpmbuild -ba \ + --define '_topdir /tmp/ublue-os-akmods-addons/rpmbuild' \ + --define '%_tmppath %{_topdir}/tmp' \ + /tmp/ublue-os-akmods-addons/ublue-os-akmods-addons.spec diff --git a/build-ublue-os-akmods-key.sh b/build-ublue-os-akmods-key.sh deleted file mode 100755 index 7813e924..00000000 --- a/build-ublue-os-akmods-key.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -set -oeux pipefail - - -### BUILD UBLUE AKMODS-KEY RPM -install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-akmods-key/rpmbuild/SOURCES/public_key.der -rpmbuild -ba \ - --define '_topdir /tmp/ublue-os-akmods-key/rpmbuild' \ - --define '%_tmppath %{_topdir}/tmp' \ - /tmp/ublue-os-akmods-key/ublue-os-akmods-key.spec - diff --git a/ublue-os-akmods-addons.spec b/ublue-os-akmods-addons.spec new file mode 100644 index 00000000..d4e7ef47 --- /dev/null +++ b/ublue-os-akmods-addons.spec @@ -0,0 +1,43 @@ +Name: ublue-os-akmods-addons +Version: 0.2 +Release: 1%{?dist} +Summary: Signing key and repos for ublue os akmods + +License: MIT +URL: https://github.com/ublue-os/akmods + +BuildArch: noarch +Supplements: mokutil policycoreutils + +Source0: public_key.der +Source1: negativo17-fedora-steam.repo + +%description +Adds the signing key for importing with mokutil to enable secure boot for kernel modules and repo files required to install akmod dependencies. + +%prep +%setup -q -c -T + + +%build +# Have different name for *.der in case kmodgenca is needed for creating more keys +install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der +install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo + +sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo + +install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der %{buildroot}%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der +install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo %{buildroot}%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo + +%files +%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der +%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo +%attr(0644,root,root) %{_sysconfdir}/pki/akmods/certs/akmods-ublue.der +%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/negativo17-fedora-steam.repo + +%changelog +* Tue May 30 2023 Benjamin Sherman - 0.2 +- Add negativo17 fedora-steam repo to enable xbox controllers + +* Fri May 18 2023 David Hoell - 0.1 +- Add key for enrolling ublue kernel modules for secure boot diff --git a/ublue-os-akmods-key.spec b/ublue-os-akmods-key.spec deleted file mode 100644 index 002b04da..00000000 --- a/ublue-os-akmods-key.spec +++ /dev/null @@ -1,33 +0,0 @@ -Name: ublue-os-akmods-key -Version: 0.1 -Release: 1%{?dist} -Summary: Signing key for ublue os akmods - -License: MIT -URL: https://github.com/ublue-os/akmods - -BuildArch: noarch -Supplements: mokutil policycoreutils - -Source0: public_key.der - -%description -Add the signing key for importing with mokutil to enable secure boot for kernel modules - -%prep -%setup -q -c -T - - -%build -# Have different name for *.der in case kmodgenca is needed for creating more keys -install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der - -install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der %{buildroot}%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der - -%files -%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der -%attr(0644,root,root) %{_sysconfdir}/pki/akmods/certs/akmods-ublue.der - -%changelog -* Fri May 18 2023 David Hoell - 0.1 -- Add key for enrolling ublue kernel modules for secure boot