diff --git a/just/bluefin-apps.just b/just/bluefin-apps.just index e65f98f0698..ccefe604438 100644 --- a/just/bluefin-apps.just +++ b/just/bluefin-apps.just @@ -111,10 +111,10 @@ install-incus: #!/usr/bin/env bash source /usr/lib/ujust/ujust.sh CURRENT_IMAGE=$(rpm-ostree status -b --json | jq -r '.deployments[0]."container-image-reference"') - if grep -q "bluefin-dx" <<< $CURRENT_IMAGE + if grep -Eq "bluefin-dx|aurora-dx" <<< $CURRENT_IMAGE then echo 'Installing and configuring Incus.' - /usr/bin/bluefin-incus + /usr/libexec/bluefin-incus else echo "Developer mode is currently ${b}${red}Disabled${n}." echo "Run \"just devmode\" to turn on Developer mode." diff --git a/system_files/dx/usr/lib/systemd/system/bluefin-dx-groups.service b/system_files/dx/usr/lib/systemd/system/bluefin-dx-groups.service index d025a7b5733..b3a1bc93fea 100644 --- a/system_files/dx/usr/lib/systemd/system/bluefin-dx-groups.service +++ b/system_files/dx/usr/lib/systemd/system/bluefin-dx-groups.service @@ -3,7 +3,7 @@ Description=Add wheel members to docker,incus-admin, and lxd groups [Service] Type=oneshot -ExecStart=/usr/bin/bluefin-dx-groups +ExecStart=/usr/libexec/bluefin-dx-groups Restart=on-failure RestartSec=30 StartLimitInterval=0 diff --git a/system_files/dx/usr/lib/systemd/system/incus-workaround.service b/system_files/dx/usr/lib/systemd/system/incus-workaround.service new file mode 100644 index 00000000000..78663000dae --- /dev/null +++ b/system_files/dx/usr/lib/systemd/system/incus-workaround.service @@ -0,0 +1,32 @@ +[Unit] +Description=Workaround swtpm not having the correct label +ConditionFileIsExecutable=/usr/bin/incus +ConditionFileIsExecutable=/usr/bin/incus-agent +ConditionPathExists=/usr/lib/incus +After=local-fs.target + +[Service] +Type=oneshot +# Copy if it doesn't exist +ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/overrides/incus ] || /usr/bin/cp /usr/bin/incus /usr/local/bin/overrides/incus" +ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/overrides/incus-agent ] || /usr/bin/cp /usr/bin/incus /usr/local/bin/overrides/incus-agent" +ExecStartPre=/usr/bin/bash -c "[ -d /usr/local/lib/overrides/incus ] || /usr/bin/cp -R /usr/bin/incus /usr/local/lib/overrides/incus" +# This is faster than using .mount unit. Also allows for the previous line/cleanup +ExecStartPre=/usr/bin/mount --bind /usr/local/bin/overrides/incus /usr/bin/incus +ExecStartPre=/usr/bin/mount --bind /usr/local/bin/overrides/incus-agent /usr/bin/incus-agent +ExecStartPre=/usr/bin/mount --bind /usr/local/lib/overrides/incus /usr/lib/incus +# Fix SELinux label +ExecStart=/usr/sbin/restorecon /usr/bin/incus +ExecStart=/usr/sbin/restorecon /usr/bin/incus-agent +ExecStart=/usr/sbin/restorecon -R /usr/lib/incus +# Clean-up after ourselves +ExecStop=/usr/bin/umount /usr/bin/incus +ExecStop=/usr/bin/umount /usr/bin/incus-agent +ExecStop=/usr/bin/umount /usr/lib/incus +ExecStop=/usr/bin/rm /usr/local/bin/overrides/incus +ExecStop=/usr/bin/rm /usr/local/bin/overrides/incus-agent +ExecStop=/usr/bin/rm -r /usr/local/lib/overrides/incus +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service b/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service index 271ed8293ac..b4cd40d9f1a 100644 --- a/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service +++ b/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service @@ -6,14 +6,14 @@ After=local-fs.target [Service] Type=oneshot # Copy if it doesn't exist -ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/.swtpm ] || /usr/bin/cp /usr/bin/swtpm /usr/local/bin/.swtpm" +ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/overrides/swtpm ] || /usr/bin/cp /usr/bin/swtpm /usr/local/bin/overrides/swtpm" # This is faster than using .mount unit. Also allows for the previous line/cleanup -ExecStartPre=/usr/bin/mount --bind /usr/local/bin/.swtpm /usr/bin/swtpm +ExecStartPre=/usr/bin/mount --bind /usr/local/bin/overrides/swtpm /usr/bin/swtpm # Fix SELinux label ExecStart=/usr/sbin/restorecon /usr/bin/swtpm # Clean-up after ourselves ExecStop=/usr/bin/umount /usr/bin/swtpm -ExecStop=/usr/bin/rm /usr/local/bin/.swtpm +ExecStop=/usr/bin/rm /usr/local/bin/overrides/swtpm RemainAfterExit=yes [Install] diff --git a/system_files/dx/usr/lib/systemd/user/bluefin-dx-user-vscode.service b/system_files/dx/usr/lib/systemd/user/bluefin-dx-user-vscode.service index 2cf7d94b5c4..dc2bda62511 100644 --- a/system_files/dx/usr/lib/systemd/user/bluefin-dx-user-vscode.service +++ b/system_files/dx/usr/lib/systemd/user/bluefin-dx-user-vscode.service @@ -5,7 +5,7 @@ After=network-online.target ublue-user-setup.service [Service] Type=oneshot -ExecStart=/usr/bin/bluefin-dx-user-vscode +ExecStart=/usr/libexec/bluefin-dx-user-vscode Restart=on-failure RestartSec=30 StartLimitInterval=0 diff --git a/system_files/dx/usr/lib/tmpfiles.d/incus-workaround.conf b/system_files/dx/usr/lib/tmpfiles.d/incus-workaround.conf new file mode 100644 index 00000000000..1bff42e96c6 --- /dev/null +++ b/system_files/dx/usr/lib/tmpfiles.d/incus-workaround.conf @@ -0,0 +1,3 @@ +C /usr/local/bin/overrides/incus - - - - /usr/bin/incus +C /usr/local/bin/overrides/incus-agent - - - - /usr/bin/incus-agent +C /usr/local/lib/overrides/incus - - - - /usr/lib/incus \ No newline at end of file diff --git a/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf b/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf index bf20bf6457b..d812cc26a57 100644 --- a/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf +++ b/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf @@ -1,2 +1,2 @@ -C /usr/local/bin/.swtpm - - - - /usr/bin/swtpm +C /usr/local/bin/overrides/swtpm - - - - /usr/bin/swtpm d /var/lib/swtpm-localca 0750 tss tss - - \ No newline at end of file diff --git a/system_files/dx/usr/bin/bluefin-dx-groups b/system_files/dx/usr/libexec/bluefin-dx-groups similarity index 100% rename from system_files/dx/usr/bin/bluefin-dx-groups rename to system_files/dx/usr/libexec/bluefin-dx-groups diff --git a/system_files/dx/usr/bin/bluefin-dx-user-vscode b/system_files/dx/usr/libexec/bluefin-dx-user-vscode similarity index 100% rename from system_files/dx/usr/bin/bluefin-dx-user-vscode rename to system_files/dx/usr/libexec/bluefin-dx-user-vscode diff --git a/system_files/dx/usr/bin/bluefin-incus b/system_files/dx/usr/libexec/bluefin-incus similarity index 61% rename from system_files/dx/usr/bin/bluefin-incus rename to system_files/dx/usr/libexec/bluefin-incus index 6eefd779ac2..7008025de06 100755 --- a/system_files/dx/usr/bin/bluefin-incus +++ b/system_files/dx/usr/libexec/bluefin-incus @@ -1,7 +1,7 @@ #!/usr/bin/env bash -# All the pieces needed to enable incus on Bluefin-dx -# This script is meant to be run on a bluefin-dx host +# All the pieces needed to enable incus on Developer Experience Hosts +# This script is meant to be run on a {bluefin,aurora}-dx host # if current user is root, warn and exit @@ -34,60 +34,30 @@ else echo "root:1000000:1000000000" | sudo tee -a /etc/subgid fi -if grep -q "root:1000:1" /etc/subgid +if grep -q "root:$UID:1" /etc/subgid then echo "" echo " * subgid root->user" else - echo "root:1000:1" | sudo tee -a /etc/subgid + echo "root:$UID:1" | sudo tee -a /etc/subgid fi -if grep -q "root:1000:1" /etc/subuid +if grep -q "root:$UID:1" /etc/subuid then echo "" echo " * subuid root->user" else - echo "root:1000:1" | sudo tee -a /etc/subuid + echo "root:$UID:1" | sudo tee -a /etc/subuid fi -# check to see if SELinux is set to permissive or disabled - -echo "" -echo "Checking SELinux status" -SELINUX_STATUS=$(getenforce) - -if [ "$SELINUX_STATUS" = "Enforcing" ] -then - echo "" - echo "SELinux must be set to Permissive or Disabled to enable Incus" - echo "Choose your new SELinux state:" - OPTION=$(gum choose Permissive Disabled Cancel) - if [ "$OPTION" = "Cancel" ] - then - echo "You have chosen to cancel the Incus installation process" - exit - else - sudo setenforce $OPTION - echo "You must reboot before continuing. You can run this script again." - exit - fi -fi - -# create necessary directories for lxcfs and incus - -echo "" -echo "Creating necessary directories for lxcfs and incus" -sudo mkdir -p /var/lib/lxcfs -sudo mkdir -p /var/lib/incus -sudo mkdir -p /var/log/incus - # enable incus services echo "" echo "Enabling incus services" +sudo systemctl enable --now incus-workaround.service sudo systemctl enable --now lxcfs -sudo systemctl enable --now incus - +sudo systemctl enable --now incus.socket +sudo systemctl start incus.service # run incus admin init echo ""