├── COPYING ├── README.md ├── arch.sh ├── base.sh ├── centos.sh ├── configure.pkg.d ├── NetworkManager.sh ├── WindowMaker.sh ├── emacs.sh ├── firefox.sh ├── gnome.sh ├── gtk.sh ├── iptables.sh ├── lxde.sh ├── sockets.sh ├── ssh.sh ├── systemd.sh ├── vlc.sh ├── wayland.sh ├── xfce.sh └── xorg.sh ├── examples ├── containers │ ├── ArxFatalis.sh │ ├── Fallout.sh │ ├── FasterThanLight.sh │ ├── GrimFandango.sh │ ├── KerbalSpaceProgram.sh │ ├── Psychonauts.sh │ ├── RollerCoasterTycoon.sh │ ├── TheBindingOfIsaac.sh │ ├── TheLongestJourney.sh │ ├── TheSims.sh │ ├── VVVVVV.sh │ └── XCOM.sh └── systems │ ├── chromebook.sh │ ├── desktop-arch.sh │ ├── desktop-fedora.sh │ ├── desktop-gentoo.sh │ ├── desktop-opensuse.sh │ ├── desktop-ubuntu.sh │ ├── fitpc.sh │ ├── macmini.sh │ ├── netbook.sh │ ├── riscv.sh │ └── yoga.sh ├── fedora.sh ├── gentoo.sh ├── install.sh ├── legacy ├── centos7.sh ├── centos8.sh ├── fedora30.sh ├── fedora31.sh ├── fedora32.sh ├── fedora33.sh ├── fedora34.sh ├── fedora35.sh ├── fedora36.sh ├── fedora37.sh ├── fedora38.sh ├── fedora39.sh ├── fedora40.sh ├── ubuntu20.04.sh ├── ubuntu20.10.sh ├── ubuntu21.10.sh ├── ubuntu22.04.sh └── ubuntu22.10.sh ├── opensuse.sh └── ubuntu.sh /arch.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | packages_buildroot=() 3 | 4 | options[selinux]= 5 | options[uefi_vars]= 6 | options[verity_sig]= 7 | 8 | function create_buildroot() { 9 | local -r dir="https://mirrors.kernel.org/archlinux/iso/latest" 10 | local -r release=$($curl -L "$dir/sha256sums.txt" | $sed -n 's/.*-bootstrap-\([0-9.]*\)-.*/\1/p') 11 | local -r image="$dir/archlinux-bootstrap-$release-$DEFAULT_ARCH.tar.gz" 12 | 13 | opt bootable && packages_buildroot+=(dracut linux-hardened) 14 | opt bootable && [[ ${options[arch]:-$DEFAULT_ARCH} == *[3-6x]86* ]] && packages_buildroot+=(intel-ucode linux-firmware) 15 | opt gpt && opt uefi && packages_buildroot+=(dosfstools mtools) 16 | opt read_only && ! opt squash && packages_buildroot+=(erofs-utils) 17 | opt secureboot && packages_buildroot+=(pesign) 18 | opt squash && packages_buildroot+=(squashfs-tools) 19 | opt uefi && packages_buildroot+=(binutils librsvg imagemagick) 20 | opt uefi_vars && packages_buildroot+=(qemu-system-x86) 21 | 22 | $curl -L "$image.sig" > "$output/image.tgz.sig" 23 | $curl -L "$image" > "$output/image.tgz" 24 | verify_distro "$output"/image.tgz{.sig,} 25 | $tar --strip-components=1 -C "$buildroot" -xzf "$output/image.tgz" 26 | $rm -f "$output"/image.tgz{.sig,} 27 | 28 | # Use the kernel.org and mit.edu mirrors with parallel downloads. 29 | $sed -i \ 30 | -e '/https.*kernel.org/s/^#*//' \ 31 | -e '/https.*mit.edu/s/^#*//' \ 32 | "$buildroot/etc/pacman.d/mirrorlist" 33 | $sed -i -e '/^#ParallelDownloads/s/^#//' "$buildroot/etc/pacman.conf" 34 | 35 | configure_initrd_generation 36 | initialize_buildroot "$@" 37 | 38 | script "${packages_buildroot[@]}" << 'EOF' 39 | pacman-key --init 40 | pacman-key --populate archlinux 41 | pacman --noconfirm --sync --needed --refresh{,} --sysupgrade{,} "$@" 42 | 43 | # Work around Arch not providing Intel microcode so dracut can find it. 44 | if [[ -e /boot/intel-ucode.img ]] 45 | then 46 | mkdir -p /lib/firmware/intel-ucode 47 | cpio --to-stdout -i < /boot/intel-ucode.img > /lib/firmware/intel-ucode/all.img 48 | fi 49 | EOF 50 | } 51 | 52 | function install_packages() { 53 | opt bootable || opt networkd && packages+=(systemd) 54 | opt networkd && packages+=(gnutls) 55 | 56 | mkdir -p root/var/lib/pacman 57 | mount -o bind,X-mount.mkdir {,root}/var/cache/pacman 58 | trap -- 'umount root/var/cache/pacman ; trap - RETURN' RETURN 59 | 60 | mkdir -p root/usr/local/bin # Work around a broken post_install. 61 | ln -fns ../../bin/true root/usr/local/bin/dirmngr 62 | pacman --noconfirm --root=root \ 63 | --sync --refresh --sysupgrade "${packages[@]:-filesystem}" "$@" 64 | rm -f root/usr/local/bin/dirmngr 65 | 66 | # Create a UTF-8 locale so things work. 67 | localedef --prefix=root -c -f UTF-8 -i en_US en_US.UTF-8 68 | 69 | # Define basic users and groups prior to configuring other stuff. 70 | [[ -e root/usr/lib/sysusers.d/basic.conf ]] && 71 | systemd-sysusers --root=root basic.conf 72 | 73 | # List everything installed in the image and what was used to build it. 74 | pacman --query > packages-buildroot.txt 75 | pacman --root=root --query > packages.txt 76 | } 77 | 78 | function distro_tweaks() { 79 | [[ -s root/etc/inputrc ]] && sed -i \ 80 | -e '/5.*g-of-history/s/: .*/: history-search-backward/' \ 81 | -e '/6.*d-of-history/s/: .*/: history-search-forward/' \ 82 | root/etc/inputrc 83 | 84 | sed -i -e "s/^PS1='./&\$? /" root/etc/{bash,skel/}.bashrc 85 | echo "alias ll='ls -l'" >> root/etc/skel/.bashrc 86 | } 87 | 88 | function save_boot_files() if opt bootable 89 | then 90 | opt uefi && [[ ! -s logo.bmp ]] && 91 | sed /m2/d /usr/share/pixmaps/archlinux-logo.svg > /root/logo.svg && 92 | magick -background none /root/logo.svg logo.bmp 93 | [[ -s initrd.img ]] || build_systemd_ramdisk "$(cd /lib/modules ; compgen -G '[0-9]*')" 94 | [[ -s vmlinuz ]] || cp -pt . /lib/modules/*/vmlinuz 95 | fi 96 | 97 | # Override dm-init with userspace since the Arch kernel doesn't enable it. 98 | eval "$(declare -f kernel_cmdline | $sed 's/opt ramdisk[ &]*dmsetup=/dmsetup=/')" 99 | 100 | # Override default OVMF paths for this distro's packaging. 101 | eval "$(declare -f set_uefi_variables | $sed \ 102 | -e 's,/usr/\S*VARS\S*.fd,/usr/share/edk2-ovmf/x64/OVMF_VARS.fd,' \ 103 | -e 's,/usr/\S*CODE\S*.fd,/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd,' \ 104 | -e 's,/usr/\S*/Shell.efi,/usr/share/edk2-shell/x64/Shell.efi,' \ 105 | -e 's,/usr/\S*/EnrollDefaultKeys.efi,,')" 106 | 107 | function configure_initrd_generation() if opt bootable 108 | then 109 | # Don't expect that the build system is the target system. 110 | $mkdir -p "$buildroot/etc/dracut.conf.d" 111 | $cat << EOF > "$buildroot/etc/dracut.conf.d/99-settings.conf" 112 | add_drivers+=" ${options[ramdisk]:+loop} " 113 | compress="zstd --threads=0 --ultra -22" 114 | hostonly="no" 115 | i18n_install_all="no" 116 | reproducible="yes" 117 | EOF 118 | 119 | # Create a generator to handle verity since dm-init isn't enabled. 120 | if opt verity 121 | then 122 | local -r gendir=/usr/lib/systemd/system-generators 123 | $mkdir -p "$buildroot$gendir" 124 | echo > "$buildroot$gendir/dmsetup-verity-root" '#!/bin/bash -eu 125 | read -rs cmdline < /proc/cmdline 126 | [[ $cmdline == *DVR=\"*\"* ]] || exit 0 127 | concise=${cmdline##*DVR=\"} concise=${concise%%\"*} 128 | device=${concise#* * * * } device=${device%% *} 129 | if [[ $device =~ ^[A-Z]+= ]] 130 | then 131 | tag=${device%%=*} tag=${tag,,} 132 | device=${device#*=} 133 | [[ $tag == partuuid ]] && device=${device,,} 134 | device="/dev/disk/by-$tag/$device" 135 | fi 136 | device=$(systemd-escape --path "$device").device 137 | rundir=/run/systemd/system 138 | mkdir -p "$rundir/sysroot.mount.d" 139 | echo > "$rundir/dmsetup-verity-root.service" "[Unit] 140 | DefaultDependencies=no 141 | After=$device 142 | Requires=$device 143 | [Service] 144 | ExecStart=/usr/sbin/dmsetup create --concise \"$concise\" 145 | RemainAfterExit=yes 146 | Type=oneshot" 147 | echo > "$rundir/sysroot.mount.d/verity-root.conf" "[Unit] 148 | After=dev-mapper-root.device dmsetup-verity-root.service 149 | Requires=dev-mapper-root.device dmsetup-verity-root.service"' 150 | $chmod 0755 "$buildroot$gendir/dmsetup-verity-root" 151 | echo >> "$buildroot/etc/dracut.conf.d/99-settings.conf" \ 152 | "install_optional_items+=\" $gendir/dmsetup-verity-root \"" 153 | fi 154 | 155 | # Load overlayfs in the initrd in case modules aren't installed. 156 | if opt read_only 157 | then 158 | $mkdir -p "$buildroot/usr/lib/modules-load.d" 159 | echo overlay > "$buildroot/usr/lib/modules-load.d/overlay.conf" 160 | fi 161 | fi 162 | 163 | function verify_distro() { 164 | local -rx GNUPGHOME="$output/gnupg" 165 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 166 | $mkdir -pm 0700 "$GNUPGHOME" 167 | $gpg --import 168 | $gpg --verify "$1" "$2" 169 | } << 'EOF' 170 | -----BEGIN PGP PUBLIC KEY BLOCK----- 171 | 172 | mDMEY1+RVxYJKwYBBAHaRw8BAQdAd3XdZwOmmiALePwd26Bu3hPblAfHflGN+Lud 173 | gE2Qyby0JVBpZXJyZSBTY2htaXR6IDxwaWVycmVAYXJjaGxpbnV4Lm9yZz6ImQQT 174 | FggAQQIbAwUJHDIEgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBD6AyhqLifac 175 | ulfZinal75BURJpcBQJjX5NoAhkBAAoJEHal75BURJpctA8BAIV45djib0s98wM3 176 | Os4gSUvKH7D2n08FrzQCwCyNcYLWAQDL1iZzeOcCPYwkOdvLdvlbI3MNuMEwpWG/ 177 | YK+YOWfQCrQkUGllcnJlIFNjaG1pdHogPHBpZXJyZUBhcmNobGludXguZGU+iJYE 178 | ExYIAD4CGwMFCRwyBIAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQ+gMoai4n2 179 | nLpX2Yp2pe+QVESaXAUCY1+TaAAKCRB2pe+QVESaXN2LAP0d/tMN/EGsnVjCkP2U 180 | u1RUjgqnN7c/l145vlESwYTmhwEA+ftbKY8WhNR+uvF+aWypm1LP7YPkZ1cRZBg5 181 | OpS+7Qy4MwRjX5HTFgkrBgEEAdpHDwEBB0DjSWuxVrnVYEIcJlRJPmn54ReBGvqP 182 | +EYB2BVx5ZFPv4h+BBgWCAAmFiEEPoDKGouJ9py6V9mKdqXvkFREmlwFAmNfkdMC 183 | GyAFCRwyBIAACgkQdqXvkFREmlzEGwEAwvDuiUn1Mgw0x7/m0hXzveAAgLVdJWD+ 184 | 0/YiepxE9GoA/jCgNca2AuWyi416FYQkFtqtlIjWUb56hY5WlBvpNZIOuDgEY1+R 185 | VxIKKwYBBAGXVQEFAQEHQIhe0t8UMpN+G4c24ByW/Y1vu1m3C62KsvlRPzw/R0AN 186 | AwEIB4h+BBgWCAAmFiEEPoDKGouJ9py6V9mKdqXvkFREmlwFAmNfkVcCGwwFCRwy 187 | BIAACgkQdqXvkFREmlynZgD+PlibATlapVxz6EprGMfnktevUlfWQwShRJ+w/x8I 188 | zyAA/0nOvoE7j4sdvg4QoW/s2nPYaDy8EK/XAMRT15eScYIH 189 | =ttGH 190 | -----END PGP PUBLIC KEY BLOCK----- 191 | EOF 192 | -------------------------------------------------------------------------------- /centos.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | . fedora.sh # Inherit Fedora's RPM functions. 3 | 4 | options[loadpin]= 5 | options[verity_sig]= 6 | 7 | DEFAULT_RELEASE=9 8 | 9 | function create_buildroot() { 10 | local -r cver=20241112.0 11 | local -r image="https://cloud.centos.org/centos/${options[release]:=$DEFAULT_RELEASE}-stream/$DEFAULT_ARCH/images/CentOS-Stream-Container-Minimal-${options[release]}-$cver.$DEFAULT_ARCH.tar.xz" 12 | 13 | opt bootable && packages_buildroot+=(kernel-core zstd) 14 | opt bootable && [[ ${options[arch]:-$DEFAULT_ARCH} == *[3-6x]86* ]] && packages_buildroot+=(linux-firmware microcode_ctl) 15 | opt bootable && opt squash && packages_buildroot+=(kernel-modules) 16 | opt gpt && packages_buildroot+=(util-linux) 17 | opt gpt && opt uefi && packages_buildroot+=(dosfstools mtools) 18 | opt read_only || packages_buildroot+=(findutils) 19 | opt read_only && ! opt squash && packages_buildroot+=(erofs-utils) 20 | opt secureboot && packages_buildroot+=(pesign) 21 | opt selinux && packages_buildroot+=(kernel-core policycoreutils qemu-kvm-core zstd) 22 | opt squash && packages_buildroot+=(squashfs-tools) 23 | opt uefi && packages_buildroot+=(binutils centos-logos ImageMagick systemd-boot-unsigned) 24 | opt uefi_vars && packages_buildroot+=(dosfstools mtools qemu-kvm-core) 25 | opt verity && packages_buildroot+=(veritysetup) 26 | opt verity_sig && opt bootable && packages_buildroot+=(kernel-devel keyutils) 27 | packages_buildroot+=(crypto-policies-scripts e2fsprogs openssl systemd) 28 | 29 | $curl -L "$image" > "$output/image.txz" 30 | verify_distro "$output/image.txz" 31 | $tar -C "$output" --transform='s,^\([^/]*/\)\?,tmp/,' -xJf "$output/image.txz" 32 | $tar -C "$buildroot" -xf "$output/tmp/layer.tar" 33 | $rm -fr "$output/image.txz" "$output/tmp" 34 | 35 | # Disable bad packaging options. 36 | $sed -i -e '/^[[]main]/ainstall_weak_deps=False' "$buildroot/etc/dnf/dnf.conf" 37 | [[ -x $buildroot/usr/bin/dnf ]] || $ln -fns dnf-3 "$buildroot/usr/bin/dnf" 38 | 39 | configure_initrd_generation 40 | initialize_buildroot "$@" 41 | 42 | opt networkd || { opt read_only && ! opt squash ; } || opt uefi && enable_repo_epel # EPEL now has core RPMs. 43 | script "${packages_buildroot[@]}" << 'EOF' 44 | dnf --assumeyes --setopt={keepcache=1,tsflags=nodocs} upgrade 45 | exec dnf --assumeyes --setopt={keepcache=1,tsflags=nodocs} install "$@" 46 | EOF 47 | } 48 | 49 | # Override package installation to go back to pre-dnf5. 50 | eval "$(declare -f install_packages | 51 | $sed 's/libdnf5/dnf/g;s/ --use-host-config / /')" 52 | 53 | function distro_tweaks() { 54 | exclude_paths+=('usr/lib/.build-id') 55 | 56 | rm -fr root/etc/rc.{d,local} 57 | 58 | mkdir -p root/usr/lib/systemd/system/local-fs.target.wants 59 | ln -fst root/usr/lib/systemd/system/local-fs.target.wants ../tmp.mount 60 | 61 | [[ -d root/etc/crypto-policies ]] && 62 | base_dir=$PWD/root/etc/crypto-policies \ 63 | profile_dir=$PWD/root/usr/share/crypto-policies \ 64 | update-crypto-policies --no-reload --set FUTURE 65 | 66 | [[ -s root/etc/dnf/dnf.conf ]] && 67 | sed -i -e '/^[[]main]/ainstall_weak_deps=False' root/etc/dnf/dnf.conf 68 | 69 | [[ -s root/etc/locale.conf ]] || 70 | echo LANG=C.UTF-8 > root/etc/locale.conf 71 | 72 | sed -i -e 's/^[^#]*PS1="./&\\$? /;s/mask 002$/mask 022/' root/etc/bashrc 73 | } 74 | 75 | # Override the UEFI logo source to use the dark background variant for CentOS. 76 | eval "$(declare -f save_boot_files | $sed \ 77 | -e s/magick/convert/ \ 78 | -e "s/-trim/& -color-matrix '0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0'/" \ 79 | -e 's,fedora\(-logos/fedora_logo\),centos\1_darkbackground,')" 80 | 81 | # Override SELinux labeling to work with the CentOS kernel (and no busybox). 82 | function relabel() if opt selinux 83 | then 84 | local -r root=$(mktemp --directory --tmpdir="$PWD" relabel.XXXXXXXXXX) 85 | mkdir -p "$root"/{bin,dev,etc,lib,proc,sys,sysroot} 86 | ln -fns lib "$root/lib64" 87 | ln -fst "$root/etc" ../sysroot/etc/selinux 88 | 89 | cat << 'EOF' > "$root/init" ; chmod 0755 "$root/init" 90 | #!/bin/bash -eux 91 | trap -- 'echo o > /proc/sysrq-trigger ; read -rst 60' EXIT 92 | export PATH=/bin 93 | mount -t devtmpfs devtmpfs /dev 94 | mount -t proc proc /proc 95 | mount -t sysfs sysfs /sys 96 | for mod in sd_mod libata ata_piix jbd2 mbcache ext4 97 | do insmod "/lib/$mod.ko" 98 | done 99 | mount /dev/sda /sysroot 100 | load_policy -i 101 | policy=$(sed -n 's/^SELINUXTYPE=//p' /etc/selinux/config) 102 | setfiles -vFr /sysroot \ 103 | "/sysroot/etc/selinux/$policy/contexts/files/file_contexts" /sysroot 104 | [[ -x /bin/mksquashfs ]] && /bin/mksquashfs /sysroot /sysroot/squash.img \ 105 | -noappend -comp zstd -Xcompression-level 22 -wildcards -ef /ef 106 | [[ -x /bin/mkfs.erofs ]] && IFS=$'\n' && /bin/mkfs.erofs \ 107 | $(while read ; do echo "$REPLY" ; done < /ef) \ 108 | /sysroot/erofs.img /sysroot 109 | echo SUCCESS > /sysroot/LABEL-SUCCESS 110 | umount /sysroot 111 | EOF 112 | 113 | if opt squash 114 | then 115 | disk=squash.img 116 | echo "$disk" > "$root/ef" 117 | (IFS=$'\n' ; echo "${exclude_paths[*]}") >> "$root/ef" 118 | cp -t "$root/bin" /usr/sbin/mksquashfs 119 | elif opt read_only 120 | then 121 | disk=erofs.img 122 | local path 123 | for path in "$disk" "${exclude_paths[@]//\*/[^/]*}" 124 | do 125 | path=${path//+/[+]} ; path=${path//./[.]} 126 | echo "--exclude-regex=^${path//\?/[^/]}$" 127 | done > "$root/ef" 128 | cp -t "$root/bin" /usr/bin/mkfs.erofs 129 | fi 130 | 131 | cp -t "$root/bin" \ 132 | /usr/*bin/{bash,load_policy,mount,sed,setfiles,umount} 133 | cp /usr/bin/kmod "$root/bin/insmod" 134 | find /usr/lib/modules/*/kernel '(' \ 135 | -name sd_mod.ko.xz -o \ 136 | -name libata.ko.xz -o -name ata_piix.ko.xz -o \ 137 | -name ext4.ko.xz -o -name jbd2.ko.xz -o -name mbcache.ko.xz -o \ 138 | -false ')' -exec cp -at "$root/lib" '{}' + 139 | unxz "$root"/lib/*.xz 140 | 141 | { ldd "$root"/bin/* || : ; } | 142 | sed -n 's,^[^/]\+\(/[^ ]*\).*,\1,p' | sort -u | 143 | while read -rs ; do cp -t "$root/lib" "$REPLY" ; done 144 | 145 | find "$root" -mindepth 1 -printf '%P\n' | 146 | cpio -D "$root" -H newc -R 0:0 -o | 147 | zstd --threads=0 --ultra -22 > relabel.img 148 | 149 | umount root 150 | local -r cores=$([[ -e /dev/kvm ]] && nproc) 151 | /usr/libexec/qemu-kvm -nodefaults -no-reboot -serial stdio < /dev/null \ 152 | ${cores:+-cpu host -smp cores="$cores"} -m 1G \ 153 | -kernel /lib/modules/*/vmlinuz -initrd relabel.img \ 154 | -append 'console=ttyS0 enforcing=0 lsm=selinux' \ 155 | -drive file=/dev/loop-root,format=raw,media=disk 156 | mount /dev/loop-root root 157 | opt read_only && mv -t . "root/$disk" 158 | [[ -s root/LABEL-SUCCESS ]] ; rm -f root/LABEL-SUCCESS 159 | fi 160 | 161 | # Override early microcode ramdisk creation for CentOS Intel paths. 162 | eval "$(declare -f build_microcode_ramdisk | $sed \ 163 | -e s,lib/firmware/i,usr/share/microcode_ctl/ucode_with_caveats/intel/i,g)" 164 | 165 | # Override dm-init with userspace since the CentOS kernel disables it. 166 | eval "$( 167 | declare -f kernel_cmdline | $sed 's/opt ramdisk[ &]*dmsetup=/dmsetup=/' 168 | declare -f configure_initrd_generation | $sed 's/if opt ramdisk/if true/' 169 | )" 170 | 171 | # Override UEFI variable generation to deal with CentOS disabling vvfat. 172 | eval "$(declare -f set_uefi_variables | $sed -e '/timeout/i\ 173 | mkfs.vfat -CF 32 -n ENROLL "$root.img" $(( 260 << 10 ))\ 174 | MTOOLS_SKIP_CHECK=1 mcopy -Qsi "$root.img" "$root"/* ::/ 175 | s|file="fat:[^,]*"|file="$root.img"| 176 | s,qemu-system-\S*,/usr/libexec/qemu-kvm,')" 177 | 178 | # CentOS container releases are horribly broken. Check sums with no signature. 179 | function verify_distro() [[ 180 | $($sha256sum "$1") == $(case $DEFAULT_ARCH in 181 | aarch64) echo ff4189a767e1e30bd4579d89ed5e4007657c9258901365a881935cad22277fde ;; 182 | ppc64le) echo a59f8a6e61bfa5574de4eca14ed93bb5c8ea356cb76c10f14e30c0a07f4359ac ;; 183 | s390x) echo 33a3e024ec9f2b2409e99b44e4c8d4987d09f4ef29de2342f342b366afd0a57e ;; 184 | x86_64) echo c3be98f79edc2b4c4db596df9c1896fda934a44f2aaec6d9d7037c69f73f4812 ;; 185 | esac)\ * 186 | ]] 187 | 188 | # OPTIONAL (BUILDROOT) 189 | 190 | function enable_repo_epel() { 191 | local -r key="RPM-GPG-KEY-EPEL-${options[release]}" 192 | local -r url="https://dl.fedoraproject.org/pub/epel/epel-release-latest-${options[release]}.noarch.rpm" 193 | $sed -i -e '/^[[]crb]$/,/^$/s/^enabled=.*/enabled=1/' "$buildroot/etc/yum.repos.d/centos.repo" 194 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 195 | } << 'EOF' 196 | cat << 'EOG' > /tmp/key ; rpmkeys --import /tmp/key 197 | -----BEGIN PGP PUBLIC KEY BLOCK----- 198 | 199 | mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp 200 | CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 201 | 2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW 202 | DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu 203 | n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z 204 | 39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy 205 | XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK 206 | 44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS 207 | 9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH 208 | DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq 209 | uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB 210 | tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI 211 | ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE 212 | FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF 213 | 3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC 214 | nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n 215 | R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG 216 | 4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe 217 | CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL 218 | 9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 219 | w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT 220 | /yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd 221 | fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE 222 | r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux 223 | VL469Kj5m13T6w== 224 | =Mjs/ 225 | -----END PGP PUBLIC KEY BLOCK----- 226 | EOG 227 | curl -L "$1" > epel.rpm 228 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} epel.rpm 229 | rpm --install epel.rpm 230 | exec rm -f epel.rpm 231 | EOF 232 | 233 | # OPTIONAL (IMAGE) 234 | 235 | function save_rpm_db() { 236 | opt selinux && local policy && 237 | for policy in root/etc/selinux/*/contexts/files 238 | do echo /usr/lib/rpm-db /var/lib/rpm >> "$policy/file_contexts.subs_dist" 239 | done 240 | mv root/var/lib/rpm root/usr/lib/rpm-db 241 | ln -fns ../../usr/lib/rpm-db root/var/lib/rpm 242 | echo > root/usr/lib/tmpfiles.d/rpm-db.conf \ 243 | 'L /var/lib/rpm - - - - ../../usr/lib/rpm-db' 244 | } 245 | 246 | # WORKAROUNDS 247 | 248 | # Older CentOS releases are still available, but most of them are EOL. 249 | [[ ${options[release]:-$DEFAULT_RELEASE} -ge DEFAULT_RELEASE ]] || 250 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 251 | -------------------------------------------------------------------------------- /configure.pkg.d/NetworkManager.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | opt networkd || if [[ -s root/usr/lib/systemd/system/NetworkManager.service ]] 3 | then 4 | # Start NetworkManager when it's installed and networkd isn't used. 5 | mkdir -p root/usr/lib/systemd/system/multi-user.target.wants 6 | ln -fst root/usr/lib/systemd/system/multi-user.target.wants \ 7 | ../NetworkManager.service 8 | 9 | # Make the network-online.target unit functional. 10 | mkdir -p root/usr/lib/systemd/system/network-online.target.wants 11 | ln -fst root/usr/lib/systemd/system/network-online.target.wants \ 12 | ../NetworkManager-wait-online.service 13 | 14 | # Use NetworkManager's DNS settings. 15 | ln -fst root/etc ../run/NetworkManager/resolv.conf 16 | fi 17 | -------------------------------------------------------------------------------- /configure.pkg.d/WindowMaker.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -s root/etc/X11/WindowMaker/WindowMaker ]] 3 | then 4 | local -A config=( 5 | [CloseKey]='"Mod1+F4"' 6 | [CycleWorkspaces]=YES 7 | [DontLinkWorkspaces]=NO 8 | [DragMaximizedWindow]=RestoreGeometry 9 | [FocusMode]=sloppy 10 | [IconPosition]='"blv"' 11 | [NextWorkspaceKey]='"Mod1+Right"' 12 | [NoWindowOverDock]=YES 13 | [NoWindowOverIcons]=YES 14 | [OpaqueMoveResizeKeyboard]=YES 15 | [OpaqueResize]=YES 16 | [PrevWorkspaceKey]='"Mod1+Left"' 17 | [RunKey]='"Mod1+F2"' 18 | [SmoothWorkspaceBack]=YES 19 | [SnapToTopMaximizesFullscreen]=YES 20 | [WindowSnapping]=YES 21 | [WrapMenus]=YES 22 | ) 23 | sed -i \ 24 | -e "/[ \t]\(^$(for k in "${!config[@]}" ; do echo -n "\|$k" ; done)\) =/d" \ 25 | -e '/^{/'r<(for k in "${!config[@]}" ; do echo " $k = ${config[$k]};" ; done) \ 26 | -e 's|.*/usr/share/icons|&",\n&/hicolor/scalable/apps|' \ 27 | root/etc/X11/WindowMaker/WindowMaker 28 | sed -i -e 's/"Run...", /&SHORTCUT, "Mod1+F2", /' root/etc/X11/WindowMaker/WMRootMenu 29 | fi 30 | -------------------------------------------------------------------------------- /configure.pkg.d/emacs.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -x root/usr/bin/emacs || -h root/usr/bin/emacs ]] 3 | then 4 | # Enable some basics to make Emacs more useful and less annoying. 5 | cat << 'EOF' > root/etc/skel/.emacs 6 | ; Enable the Emacs package manager. 7 | (require 'package) 8 | (add-to-list 'package-archives '("melpa" . "http://melpa.org/packages/") t) 9 | (package-initialize) 10 | ; Efficiency 11 | (menu-bar-mode 0) 12 | (fset 'yes-or-no-p 'y-or-n-p) 13 | (setq gc-cons-threshold 10485760) 14 | (setq kill-read-only-ok t) 15 | ; Cleanliness 16 | (setq-default indent-tabs-mode nil) 17 | (setq backup-inhibited t) 18 | (setq auto-save-default nil) 19 | ; Time 20 | (setq display-time-day-and-date t) 21 | (setq display-time-24hr-format t) 22 | (display-time-mode 1) 23 | ; Place 24 | (setq line-number-mode t) 25 | (setq column-number-mode t) 26 | (when (and (version<= "26.0.50" emacs-version) (<= 100 (window-total-width))) 27 | (global-display-line-numbers-mode)) 28 | EOF 29 | 30 | # Generate the portable dump file on boot if it wasn't packaged. 31 | compgen -G "root/usr/libexec/emacs/2[7-9].*/*/" && # Only Emacs >= 27 32 | if ! compgen -G "root/usr/libexec/emacs/*/*/emacs*.pdmp" 33 | then 34 | ln -fst root/usr/libexec/emacs/*/* \ 35 | ../../../../../var/cache/emacs/emacs.pdmp 36 | mkdir -p root/usr/lib/systemd/system/multi-user.target.wants 37 | cat << 'EOF' > root/usr/lib/systemd/system/emacs-pdmp.service 38 | [Unit] 39 | Description=Create a cached portable dump file for faster Emacs startup 40 | ConditionPathExists=!/var/cache/emacs/emacs.pdmp 41 | [Service] 42 | CacheDirectory=emacs 43 | ExecStart=/usr/bin/emacs --batch --eval='(dump-emacs-portable "/var/cache/emacs/emacs.pdmp")' 44 | Type=oneshot 45 | [Install] 46 | WantedBy=multi-user.target 47 | EOF 48 | ln -fst root/usr/lib/systemd/system/multi-user.target.wants \ 49 | ../emacs-pdmp.service 50 | fi 51 | 52 | # If Emacs was installed, assume it is the desired default editor. 53 | echo 'export EDITOR=emacs' >> root/etc/skel/.bash_profile 54 | fi 55 | -------------------------------------------------------------------------------- /configure.pkg.d/firefox.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | local dir 3 | if dir=$(compgen -G 'root/usr/lib*/firefox/browser') 4 | then 5 | dir="${dir%%$'\n'*}/defaults/preferences" 6 | [[ -h $dir && ${dir/\/browser} == root$(readlink "$dir") ]] && 7 | ln -fns ../../defaults/preferences "$dir" 8 | mkdir -p "$dir" 9 | 10 | # Disable things that store and send your confidential information. 11 | cat << 'EOF' > "$dir/privacy.js" 12 | // Prevent Mozilla from experimenting on default settings. 13 | pref("app.normandy.enabled", false); 14 | // Opt out of allowing Mozilla to install random studies. 15 | pref("app.shield.optoutstudies.enabled", false); 16 | // Disable the beacon API for analytical trash. 17 | pref("beacon.enabled", false); 18 | // Don't recommend things. 19 | pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); 20 | pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); 21 | // Disable spam-tier nonsense on new tabs. 22 | pref("browser.newtabpage.enabled", false); 23 | // Don't try to predict search terms, and don't prioritize them over history. 24 | pref("browser.search.suggest.enabled", false); 25 | pref("browser.urlbar.quicksuggest.enabled", false); 26 | pref("browser.urlbar.showSearchSuggestionsFirst", false); 27 | pref("browser.urlbar.suggest.recentsearches", false); 28 | pref("browser.urlbar.suggest.trending", false); 29 | // Don't download autocomplete URLs. 30 | pref("browser.urlbar.speculativeConnect.enabled", false); 31 | // Don't send URL bar keystrokes to advertisers. 32 | pref("browser.urlbar.suggest.quicksuggest", false); 33 | pref("browser.urlbar.suggest.quicksuggest.sponsored", false); 34 | // Don't send information to Mozilla. 35 | pref("datareporting.healthreport.uploadEnabled", false); 36 | // Never give up laptop battery information. 37 | pref("dom.battery.enabled", false); 38 | // Disable "privacy preserving" tracking. 39 | pref("dom.private-attribution.submission.enabled", false); 40 | // Require HTTPS by default. 41 | pref("dom.security.https_only_mode", true); 42 | // Remove useless Pocket stuff. 43 | pref("extensions.pocket.enabled", false); 44 | // Never send location data. 45 | pref("geo.enabled", false); 46 | // Disable executing scripts in PDFs by default again. 47 | pref("pdfjs.enableScripting", false); 48 | // Send DNT all the time. 49 | pref("privacy.donottrackheader.enabled", true); 50 | // Prevent various cross-domain tracking methods. 51 | pref("privacy.firstparty.isolate", true); 52 | // Never try to save credentials. 53 | pref("signon.rememberSignons", false); 54 | EOF 55 | 56 | # Try to fix many UI "improvements" and be more usable in general. 57 | cat << 'EOF' > "$dir/usability.js" 58 | // Don't yell at the user for configuring the browser. 59 | pref("browser.aboutConfig.showWarning", false); 60 | pref("general.warnOnAboutConfig", false); 61 | // Fix the Ctrl+Tab behavior. 62 | pref("browser.ctrlTab.recentlyUsedOrder", false); 63 | // Never open more browser windows. 64 | pref("browser.link.open_newwindow.restriction", 0); 65 | // Don't make notification buttons about new browser features. 66 | pref("browser.messaging-system.whatsNewPanel.enabled", false); 67 | // Include a sensible search bar. 68 | pref("browser.search.openintab", true); 69 | pref("browser.search.widget.inNavBar", true); 70 | // Restore sessions instead of starting at home, and make the home page blank. 71 | pref("browser.startup.homepage", "about:blank"); 72 | pref("browser.startup.page", 3); 73 | // Fit more stuff on the screen. 74 | pref("browser.tabs.drawInTitlebar", true); 75 | pref("browser.uidensity", 1); 76 | // Disable obnoxious visual spam when selecting the URL. 77 | pref("browser.urlbar.openViewOnFocus", false); 78 | // Stop hiding protocols. 79 | pref("browser.urlbar.trimURLs", false); 80 | // Don't ask for confirmation to quit with the keyboard. 81 | pref("browser.warnOnQuitShortcut", false); 82 | // Enable some mildly useful developer tools. 83 | pref("devtools.command-button-rulers.enabled", true); 84 | pref("devtools.command-button-scratchpad.enabled", true); 85 | pref("devtools.command-button-screenshot.enabled", true); 86 | // Make the developer tools frame match the browser theme. 87 | pref("devtools.theme", "dark"); 88 | // Display when messages are logged. 89 | pref("devtools.webconsole.timestampMessages", true); 90 | // Stop stretching PDFs off the screen for no reason. 91 | pref("pdfjs.defaultZoomValue", "page-fit"); 92 | // Prefer the PDF outline display. 93 | pref("pdfjs.sidebarViewOnLoad", 2); 94 | // Guess that odd-spread is going to be the most common case. 95 | pref("pdfjs.spreadModeOnLoad", 1); 96 | // Make widgets on web pages match the rest of the desktop. 97 | pref("widget.content.allow-gtk-dark-theme", true); 98 | EOF 99 | 100 | # Mozilla is weird about some settings. Write a policy file for them. 101 | cat << 'EOF' > "${dir%%/browser/*}/distribution/policies.json" 102 | { 103 | "policies": { 104 | "DisableAppUpdate": true, 105 | "DisableFirefoxStudies": true, 106 | "DisablePocket": true, 107 | "DisableTelemetry": true, 108 | "DisplayBookmarksToolbar": false, 109 | "DisplayMenuBar": false, 110 | "DontCheckDefaultBrowser": true, 111 | "EnableTrackingProtection": { 112 | "Cryptomining": true, 113 | "Fingerprinting": true, 114 | "Value": true, 115 | "Locked": false 116 | }, 117 | "FirefoxHome": { 118 | "Highlights": false, 119 | "Pocket": false, 120 | "Search": false, 121 | "Snippets": false, 122 | "TopSites": false, 123 | "Locked": false 124 | }, 125 | "Homepage": { 126 | "StartPage": "previous-session", 127 | "URL": "about:blank", 128 | "Locked": false 129 | }, 130 | "NewTabPage": false, 131 | "OverrideFirstRunPage": "", 132 | "OverridePostUpdatePage": "", 133 | "SearchBar": "separate", 134 | "SearchSuggestEnabled": false 135 | } 136 | } 137 | EOF 138 | fi 139 | -------------------------------------------------------------------------------- /configure.pkg.d/gnome.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # Fix GNOME as best as possible. 3 | [[ -s root/usr/share/glib-2.0/schemas/org.gnome.shell.gschema.xml ]] && 4 | cat << 'EOF' > root/usr/share/glib-2.0/schemas/99_fix.brain.damage.gschema.override 5 | [org.gnome.calculator] 6 | angle-units='radians' 7 | button-mode='advanced' 8 | [org.gnome.Charmap.WindowState] 9 | maximized=true 10 | [org.gnome.desktop.a11y] 11 | always-show-universal-access-status=true 12 | [org.gnome.desktop.calendar] 13 | show-weekdate=true 14 | [org.gnome.desktop.input-sources] 15 | xkb-options=['compose:rwin','ctrl:nocaps','grp_led:caps'] 16 | [org.gnome.desktop.interface] 17 | clock-format='24h' 18 | clock-show-date=true 19 | clock-show-seconds=true 20 | clock-show-weekday=true 21 | color-scheme='prefer-dark' 22 | font-antialiasing='rgba' 23 | font-hinting='full' 24 | [org.gnome.desktop.media-handling] 25 | automount=false 26 | automount-open=false 27 | autorun-never=true 28 | [org.gnome.desktop.notifications] 29 | show-in-lock-screen=false 30 | [org.gnome.desktop.peripherals.keyboard] 31 | numlock-state=true 32 | [org.gnome.desktop.peripherals.touchpad] 33 | natural-scroll=true 34 | tap-and-drag=true 35 | tap-to-click=true 36 | two-finger-scrolling-enabled=true 37 | [org.gnome.desktop.privacy] 38 | hide-identity=true 39 | recent-files-max-age=0 40 | remember-app-usage=false 41 | remember-recent-files=false 42 | send-software-usage-stats=false 43 | show-full-name-in-top-bar=false 44 | [org.gnome.desktop.screensaver] 45 | show-full-name-in-top-bar=false 46 | user-switch-enabled=false 47 | [org.gnome.desktop.session] 48 | idle-delay=0 49 | [org.gnome.desktop.wm.keybindings] 50 | cycle-windows=['Escape','Tab'] 51 | cycle-windows-backward=['Escape','Tab'] 52 | panel-main-menu=['s','F1','XF86LaunchA'] 53 | panel-run-dialog=['r','F2'] 54 | show-desktop=['d'] 55 | switch-applications=['Tab'] 56 | switch-applications-backward=['Tab'] 57 | [org.gnome.desktop.wm.preferences] 58 | button-layout='menu:minimize,maximize,close' 59 | focus-mode='sloppy' 60 | mouse-button-modifier='' 61 | visual-bell=true 62 | [org.gnome.eog.ui] 63 | statusbar=true 64 | [org.gnome.Evince.Default] 65 | continuous=false 66 | dual-page=true 67 | sizing-mode='fit-page' 68 | [org.gnome.settings-daemon.plugins.media-keys] 69 | on-screen-keyboard=['k'] 70 | [org.gnome.settings-daemon.plugins.power] 71 | ambient-enabled=false 72 | idle-dim=false 73 | sleep-inactive-ac-type='nothing' 74 | sleep-inactive-battery-type='nothing' 75 | [org.gnome.shell] 76 | always-show-log-out=true 77 | favorite-apps=['firefox.desktop','vlc.desktop','gnome-terminal.desktop'] 78 | [org.gnome.shell.keybindings] 79 | toggle-application-view=['a','XF86LaunchB'] 80 | [org.gnome.shell.overrides] 81 | focus-change-on-pointer-rest=false 82 | workspaces-only-on-primary=false 83 | [org.gnome.Terminal.Legacy.Keybindings] 84 | full-screen='disabled' 85 | help='disabled' 86 | [org.gnome.Terminal.Legacy.Settings] 87 | default-show-menubar=false 88 | menu-accelerator-enabled=false 89 | [org.gnome.Terminal.Legacy.Profile] 90 | background-color='#000000' 91 | background-transparency-percent=20 92 | foreground-color='#FFFFFF' 93 | login-shell=true 94 | scrollback-lines=100000 95 | scrollback-unlimited=false 96 | scrollbar-policy='never' 97 | use-transparent-background=true 98 | use-theme-colors=false 99 | EOF 100 | 101 | opt double_display_scale && 102 | [[ -s root/usr/share/glib-2.0/schemas/org.gnome.desktop.interface.gschema.xml ]] && 103 | cat << 'EOF' > root/usr/share/glib-2.0/schemas/99_display.scale.gschema.override 104 | [org.gnome.desktop.interface] 105 | scaling-factor=2 106 | [org.gnome.settings-daemon.plugins.xsettings] 107 | overrides={'Gdk/WindowScalingFactor':<2>} 108 | EOF 109 | 110 | # Rewind changes for older versions. 111 | local -a edits=() 112 | if [[ -s root/usr/share/gnome/gnome-version.xml ]] 113 | then 114 | local -i major=$(sed -n 's,.*\([0-9]*\).*,\1,p' root/usr/share/gnome/gnome-version.xml) 115 | local -i minor=$(sed -n 's,.*\([0-9]*\).*,\1,p' root/usr/share/gnome/gnome-version.xml) 116 | else 117 | edits=(0 root/usr/lib*/gnome-settings-daemon-*) 118 | local -i major=$([[ ${edits[-1]} =~ -[0-9]+$ ]] && echo ${edits[-1]##*-} || echo 0) 119 | local -i minor=0 120 | edits=() 121 | fi 122 | [[ major -gt 0 && major -le 41 ]] && edits+=( 123 | '/^color-scheme/d' 124 | '/^[[]org.gnome.settings-daemon.plugins.media-keys]/amax-screencast-length=0' 125 | ) 126 | [[ major -eq 3 ]] && edits+=( 127 | 's/^font-//' 128 | '/antialiasing/i[org.gnome.settings-daemon.plugins.xsettings]' 129 | ) 130 | [[ major -eq 3 && minor -le 32 ]] && edits+=( 131 | 's/desktop.peripherals.keyboard/settings-daemon.peripherals.keyboard/' 132 | "/^numlock-state=/s/=true/='on'/" 133 | '/^on-screen-keyboard=/{s/=[[]/=/;s/[],].*//;}' 134 | ) 135 | [[ -s root/usr/share/glib-2.0/schemas/99_fix.brain.damage.gschema.override && ${#edits[@]} -gt 0 ]] && 136 | sed -i "${edits[@]/#/-e}" root/usr/share/glib-2.0/schemas/99_fix.brain.damage.gschema.override 137 | -------------------------------------------------------------------------------- /configure.pkg.d/gtk.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -d root/usr/share/themes/Emacs/gtk-3.0 ]] 3 | then 4 | [[ ! -s root/etc/gtk-3.0/settings.ini ]] && 5 | mkdir -p root/etc/gtk-3.0 && 6 | echo '[Settings]' > root/etc/gtk-3.0/settings.ini 7 | 8 | # Make the keymap match the console, and prefer dark themes. 9 | sed -i -e '/^.Settings]/r/dev/stdin' root/etc/gtk-3.0/settings.ini << 'EOF' 10 | gtk-application-prefer-dark-theme = true 11 | gtk-button-images = true 12 | gtk-key-theme-name = Emacs 13 | gtk-menu-images = true 14 | EOF 15 | fi 16 | -------------------------------------------------------------------------------- /configure.pkg.d/iptables.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | local name ; for name in iptables ip6tables 3 | do 4 | [[ -s root/usr/lib/systemd/system/netfilter-persistent.service && ! -e root/usr/lib/systemd/system/$name.service ]] && 5 | ln -fns netfilter-persistent.service "root/usr/lib/systemd/system/$name.service" 6 | compgen -G "root/usr/lib/systemd/system/$name*.service" || continue 7 | 8 | local restore=$([[ -s root/usr/lib/systemd/system/$name-restore.service ]] && echo -restore) 9 | 10 | # Map the rules from /var into /etc if needed. 11 | [[ -n $restore ]] && mkdir -p root/etc/iptables && 12 | cat << EOF > root/usr/lib/tmpfiles.d/$name.conf 13 | d /var/lib/$name 14 | L /var/lib/$name/rules-save - - - - ../../../etc/iptables/$name.rules 15 | EOF 16 | 17 | # Write very simple firewall rules until they are customized. 18 | (cd root/etc/iptables && name+=.rules || cd root/etc/sysconfig 19 | [[ -d ../../usr/share/netfilter-persistent ]] && name=rules.v$(( 0${name//[!6]} ? 6 : 4 )) 20 | cat > "$name" ; chmod 0600 "$name" 21 | ) << EOF 22 | *filter 23 | :INPUT DROP [0:0] 24 | :FORWARD DROP [0:0] 25 | :OUTPUT ACCEPT [0:0] 26 | -A INPUT -i lo -j ACCEPT$([[ $name == *6* ]] || echo ' 27 | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT') 28 | COMMIT 29 | EOF 30 | 31 | # Enable the services to load the rules but not to save them. 32 | mkdir -p root/usr/lib/systemd/system/basic.target.wants 33 | ln -fst root/usr/lib/systemd/system/basic.target.wants \ 34 | "../$name$restore.service" 35 | done 36 | -------------------------------------------------------------------------------- /configure.pkg.d/lxde.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -s root/etc/lxdm/lxdm.conf ]] 3 | then 4 | sed -i \ 5 | -e 's/^[# ]*\(keyboard\|numlock\|skip_password\)=.*/\1=1/' \ 6 | -e 's/^[# ]*\(gtk_theme\)=.*/\1=Adwaita/' \ 7 | root/etc/lxdm/lxdm.conf 8 | 9 | # Select a default desktop environment. 10 | local wm ; for wm in startxfce4 startlxde wmaker 11 | do 12 | if [[ -x root/usr/bin/$wm ]] 13 | then 14 | sed -i \ 15 | -e "s,^[# ]*\(session\)=.*,\1=/usr/bin/$wm," \ 16 | root/etc/lxdm/lxdm.conf 17 | break 18 | fi 19 | done 20 | fi 21 | 22 | opt double_display_scale && 23 | [[ -s root/usr/lib/systemd/system/lxdm.service ]] && 24 | sed -i -e '/^[[]Service]$/aEnvironment=GDK_SCALE=2' root/usr/lib/systemd/system/lxdm.service 25 | -------------------------------------------------------------------------------- /configure.pkg.d/sockets.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | local socket unitdir=root/usr/lib/systemd/system 3 | local sockets=( 4 | docker 5 | libvirtd{,-admin,-ro} 6 | pcscd 7 | virtnetworkd{,-admin,-ro} 8 | ) 9 | mkdir -p "$unitdir/sockets.target.wants" 10 | for socket in "${sockets[@]}" 11 | do 12 | [[ ! -s $unitdir/$socket.socket ]] || 13 | ln -fst "$unitdir/sockets.target.wants" "../$socket.socket" 14 | done 15 | -------------------------------------------------------------------------------- /configure.pkg.d/ssh.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # Reject empty passwords and root logins. 3 | [[ -s root/etc/ssh/sshd_config ]] && 4 | sed -i \ 5 | -e 's/^[# ]*\(PermitEmptyPasswords\|PermitRootLogin\) .*/\1 no/' \ 6 | root/etc/ssh/sshd_config 7 | 8 | # If the SSH server is installed, enable it by default. 9 | if [[ -s root/usr/lib/systemd/system/sshd.service ]] 10 | then 11 | mkdir -p root/usr/lib/systemd/system/multi-user.target.wants 12 | ln -fst root/usr/lib/systemd/system/multi-user.target.wants \ 13 | ../sshd.service 14 | fi 15 | -------------------------------------------------------------------------------- /configure.pkg.d/systemd.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # Unit configuration should happen in /usr while building the image. 3 | rm -fr root/etc/systemd/system/* 4 | 5 | # Ignore the laptop lid, and kill all user processes on logout. 6 | mkdir -p root/usr/lib/systemd/logind.conf.d 7 | cat << 'EOF' > root/usr/lib/systemd/logind.conf.d/00-secure.conf 8 | [Login] 9 | HandleLidSwitch=ignore 10 | KillUserProcesses=yes 11 | EOF 12 | 13 | # Always start a login prompt on tty1. 14 | mkdir -p root/usr/lib/systemd/system/getty.target.wants 15 | ln -fns ../getty@.service \ 16 | root/usr/lib/systemd/system/getty.target.wants/getty@tty1.service 17 | 18 | # Configure a default font and keymap for the console (twice, for dracut). 19 | local font=eurlatgr root ; opt double_display_scale && font=latarcyrheb-sun32 20 | for root in root '' 21 | do 22 | rm -f "$root/etc/vconsole.conf" 23 | compgen -G "$root/usr/share/kbd/consolefonts/$font.*" || 24 | compgen -G "$root/???/*/consolefonts/$font.*" && 25 | echo "FONT=\"$font\"" >> "$root/etc/vconsole.conf" 26 | compgen -G "$root/usr/*/kbd/keymaps/legacy/i386/qwerty/emacs2.*" || 27 | compgen -G "$root/usr/share/kbd/keymaps/i386/qwerty/emacs2.*" || 28 | compgen -G "$root/usr/share/keymaps/i386/qwerty/emacs2.*" && 29 | echo 'KEYMAP="emacs2"' >> "$root/etc/vconsole.conf" 30 | done || : 31 | 32 | # Select a dbus.service unit if one was not installed. 33 | [[ -s root/usr/lib/systemd/system/dbus.service ]] || 34 | ln -fns dbus-broker.service root/usr/lib/systemd/system/dbus.service 35 | 36 | # Select a preferred display manager when it is installed. 37 | local dm ; for dm in gdm lxdm xdm 38 | do 39 | if [[ -s root/usr/lib/systemd/system/$dm.service ]] 40 | then 41 | ln -fns "$dm.service" \ 42 | root/usr/lib/systemd/system/display-manager.service 43 | break 44 | fi 45 | done 46 | 47 | # Define a default target on boot. 48 | [[ -s root/usr/lib/systemd/system/display-manager.service ]] && 49 | ln -fns graphical.target root/usr/lib/systemd/system/default.target || 50 | ln -fns multi-user.target root/usr/lib/systemd/system/default.target 51 | 52 | # Save pstore files to the journal on boot. 53 | mkdir -p root/usr/lib/systemd/pstore.conf.d 54 | cat << 'EOF' > root/usr/lib/systemd/pstore.conf.d/00-journal.conf 55 | [PStore] 56 | Storage=journal 57 | EOF 58 | mkdir -p root/usr/lib/systemd/system/basic.target.wants 59 | [[ -s root/usr/lib/systemd/system/systemd-pstore.service ]] && 60 | ln -fst root/usr/lib/systemd/system/basic.target.wants \ 61 | ../systemd-pstore.service 62 | 63 | # Work around Linux 5.10 breaking BLKDISCARD in systemd-repart. 64 | [[ -s root/usr/lib/systemd/system/systemd-repart.service ]] && 65 | sed -i -e 's,^ExecStart=.*systemd-repart.*,& --discard=no,' \ 66 | root/usr/lib/systemd/system/systemd-repart.service 67 | 68 | # Work around systemd-repart thinking it can use /var/tmp before /var exists. 69 | [[ -s root/usr/lib/systemd/system/systemd-repart.service ]] && 70 | mkdir -p root/usr/lib/systemd/system/systemd-repart.service.d && 71 | echo -e '[Service]\nEnvironment=TMPDIR=/tmp' \ 72 | > root/usr/lib/systemd/system/systemd-repart.service.d/tmp.conf 73 | 74 | # Use systemd to configure networking and DNS when requested. 75 | if opt networkd 76 | then 77 | mkdir -p root/usr/lib/systemd/system/multi-user.target.wants 78 | ln -fst root/usr/lib/systemd/system/multi-user.target.wants \ 79 | ../systemd-networkd.service ../systemd-resolved.service 80 | 81 | # Make the network-online.target unit functional. 82 | mkdir -p root/usr/lib/systemd/system/network-online.target.wants 83 | ln -fst root/usr/lib/systemd/system/network-online.target.wants \ 84 | ../systemd-networkd-wait-online.service 85 | 86 | # Have all unconfigured network interfaces default to DHCP. 87 | mkdir -p root/usr/lib/systemd/network 88 | cat << 'EOF' > root/usr/lib/systemd/network/99-dhcp.network 89 | [Match] 90 | Name=* 91 | 92 | [Network] 93 | DHCP=yes 94 | 95 | [DHCP] 96 | UseDomains=yes 97 | UseMTU=yes 98 | EOF 99 | 100 | # Disable the DNS stub listener by default. 101 | mkdir -p root/usr/lib/systemd/resolved.conf.d 102 | cat << 'EOF' > root/usr/lib/systemd/resolved.conf.d/00-stub.conf 103 | [Resolve] 104 | DNSStubListener=no 105 | EOF 106 | ln -fst root/etc ../run/systemd/resolve/resolv.conf 107 | fi 108 | 109 | # Sync the clock with NTP by default when networking is enabled. 110 | opt networkd || [[ -s root/usr/lib/systemd/system/NetworkManager.service ]] && 111 | if [[ -s root/usr/lib/systemd/system/systemd-timesyncd.service ]] 112 | then 113 | [[ -s root/usr/lib/systemd/system/dbus-org.freedesktop.timesync1.service ]] || 114 | ln -fns systemd-timesyncd.service \ 115 | root/usr/lib/systemd/system/dbus-org.freedesktop.timesync1.service 116 | mkdir -p root/usr/lib/systemd/system/sysinit.target.wants 117 | ln -fst root/usr/lib/systemd/system/sysinit.target.wants \ 118 | ../systemd-timesyncd.service 119 | fi 120 | -------------------------------------------------------------------------------- /configure.pkg.d/vlc.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -x root/usr/bin/vlc ]] 3 | then 4 | mkdir -p root/etc/skel/.config/vlc 5 | 6 | # Enable the advanced buttons, and fit them on one toolbar. 7 | cat << 'EOF' > root/etc/skel/.config/vlc/vlc-qt-interface.conf 8 | [MainWindow] 9 | MainToolbar1="64;64;38;65" 10 | MainToolbar2="0-2;64;3;1;4;64;7;9;64;10;20;19;64-4;39;37;65;35-4;" 11 | adv-controls=4 12 | EOF 13 | 14 | # Disable sending your data over the network and prompting for it. 15 | cat << 'EOF' > root/etc/skel/.config/vlc/vlcrc 16 | [qt] 17 | qt-privacy-ask=0 18 | [core] 19 | metadata-network-access=0 20 | [libbluray] 21 | bluray-region=A 22 | EOF 23 | fi 24 | -------------------------------------------------------------------------------- /configure.pkg.d/wayland.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -x root/usr/bin/weston ]] 3 | then 4 | mkdir -p root/etc/xdg/weston 5 | cat >> root/etc/xdg/weston/weston.ini 6 | fi << EOF 7 | [keyboard] 8 | keymap_options=compose:rwin,ctrl:nocaps,grp_led:caps 9 | numlock-on=true 10 | [libinput] 11 | enable-tap=true 12 | natural-scroll=true 13 | scroll-method=two-finger 14 | tap-and-drag=true${options[double_display_scale]:+ 15 | [output] 16 | scale=2} 17 | EOF 18 | -------------------------------------------------------------------------------- /configure.pkg.d/xfce.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | if [[ -s root/usr/share/xfwm4/defaults ]] 3 | then 4 | sed -i \ 5 | -e '/^click_to_focus=/s/=.*/=false/' \ 6 | -e '/^focus_delay=/s/=.*/=0/' \ 7 | root/usr/share/xfwm4/defaults 8 | 9 | opt double_display_scale && 10 | [[ -d root/usr/share/themes/Default-xhdpi ]] && 11 | sed -i -e 's/^theme=Default$/&-xhdpi/' root/usr/share/xfwm4/defaults 12 | fi 13 | -------------------------------------------------------------------------------- /configure.pkg.d/xorg.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | [[ -s root/usr/share/X11/app-defaults/XTerm ]] && 3 | cat <(echo) - << 'EOF' >> root/usr/share/X11/app-defaults/XTerm 4 | ! Set some sensible defaults. 5 | *backarrowKey: false 6 | *cursorBlink: true 7 | *metaSendsEscape: true 8 | *toolBar: false 9 | *ttyModes: erase ^? 10 | EOF 11 | 12 | # Default to dark mode for the XTerm-color class. 13 | [[ -s root/usr/share/X11/app-defaults/XTerm-color ]] && 14 | sed -i -e '/dark background/,/^$/s/^[ !]*\(.*:\)/\1/' \ 15 | root/usr/share/X11/app-defaults/XTerm-color 16 | 17 | # Allow passwordless users to log into the desktop through XDM. 18 | if [[ -s root/etc/X11/xdm/Xresources ]] 19 | then 20 | grep -Fqs allowNullPasswd root/etc/X11/xdm/Xresources || 21 | echo 'xlogin.Login.allowNullPasswd: true' >> root/etc/X11/xdm/Xresources 22 | fi 23 | -------------------------------------------------------------------------------- /examples/containers/ArxFatalis.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game Arx Fatalis. A 3 | # single argument is required, the path to an installer that arx-install-data 4 | # knows how to extract. 5 | # 6 | # It actually compiles the modernized GPL engine Arx Libertatis and only needs 7 | # the proprietary game assets. Persistent game data paths are bound into the 8 | # home directory of the calling user, so the container is interchangeable with 9 | # a native installation of the game. 10 | # 11 | # This script implements an option to demonstrate supporting the proprietary 12 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 13 | # version, and a non-numeric value defaults to the latest. 14 | 15 | options+=([distro]=fedora [gpt]=1 [release]=41 [squash]=1) 16 | 17 | packages+=( 18 | freetype 19 | libepoxy 20 | libX{cursor,i,inerama,randr,ScrnSaver} 21 | openal-soft 22 | pulseaudio-libs 23 | SDL2 24 | ) 25 | 26 | packages_buildroot+=( 27 | # Programs to configure and build Arx Libertatis 28 | cmake gcc-c++ ninja-build 29 | # Library dependencies 30 | {boost,freetype,glm,libepoxy,openal-soft,SDL2}-devel 31 | # Utility dependencies 32 | ImageMagick inkscape optipng 33 | # Runtime dependencies of arx-install-data 34 | findutils innoextract 35 | ) 36 | 37 | function initialize_buildroot() { 38 | $cp "${1:-setup_arx_fatalis_1.21_(21994).exe}" "$output/install.exe" 39 | 40 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 41 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 42 | 43 | # Download, verify, and extract the Arx Libertatis source release. 44 | local -r source_url='https://github.com/arx/ArxLibertatis/releases/download/1.2.1/arx-libertatis-1.2.1.tar.xz' 45 | $curl -L "$source_url.sig" > "$output/arx.txz.sig" 46 | $curl -L "$source_url" > "$output/arx.txz" 47 | verify "$output"/arx.txz{.sig,} 48 | $tar --transform='s,^/*[^/]*,arx,' -C "$output" -xf "$output/arx.txz" 49 | $rm -f "$output"/arx.txz{.sig,} 50 | 51 | # Support an option for running on a host with proprietary drivers. 52 | if opt nvidia 53 | then 54 | local -r suffix="-${options[nvidia]}xx" 55 | enable_repo_rpmfusion_nonfree 56 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 57 | else packages+=(mesa-dri-drivers mesa-libGL) 58 | fi 59 | } 60 | 61 | function customize_buildroot() { 62 | # Build the game engine before installing packages into the image. 63 | cmake -GNinja -S arx -B arx/build \ 64 | -DBUILD_CRASHREPORTER:BOOL=OFF -DCMAKE_INSTALL_PREFIX:PATH=/usr 65 | ninja -C arx/build -j"$(nproc)" all 66 | } 67 | 68 | function customize() { 69 | exclude_paths+=( 70 | root 71 | usr/bin/arx-install-data 72 | usr/{include,lib/debug,local,src} 73 | usr/{lib,share}/locale 74 | usr/lib/{sysimage,systemd,tmpfiles.d} 75 | usr/lib'*'/gconv 76 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 77 | ) 78 | 79 | DESTDIR="$PWD/root" ninja -C arx/build install 80 | root/usr/bin/arx-install-data --data-dir=root/usr/share/games/arx --source=install.exe 81 | rm -f install.exe 82 | 83 | ln -fns usr/bin/arx root/init 84 | 85 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 86 | #!/bin/sh -eu 87 | 88 | [ -e "${XDG_CONFIG_HOME:=$HOME/.config}/arx" ] || 89 | mkdir -p "$XDG_CONFIG_HOME/arx" 90 | 91 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/arx" ] || 92 | mkdir -p "$XDG_DATA_HOME/arx" 93 | 94 | exec sudo systemd-nspawn \ 95 | --bind="$XDG_CONFIG_HOME/arx:/home/$USER/.config/arx" \ 96 | --bind="$XDG_DATA_HOME/arx:/home/$USER/.local/share/arx" \ 97 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 98 | --bind="+/tmp:/home/$USER/.cache" \ 99 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 100 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 101 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 102 | --bind-ro=/etc/passwd \ 103 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 104 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 105 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 106 | --chdir="/home/$USER" \ 107 | --hostname=ArxFatalis \ 108 | --image="${IMAGE:-ArxFatalis.img}" \ 109 | --link-journal=no \ 110 | --machine="ArxFatalis-$USER" \ 111 | --private-network \ 112 | --read-only \ 113 | --setenv="HOME=/home/$USER" \ 114 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 115 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 116 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 117 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 118 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 119 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 120 | --tmpfs=/home \ 121 | --user="$USER" \ 122 | /init "$@" 123 | EOF 124 | } 125 | 126 | function verify() { 127 | local -rx GNUPGHOME="$output/gnupg" 128 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 129 | $mkdir -pm 0700 "$GNUPGHOME" 130 | $gpg --import 131 | $gpg --verify "$1" "$2" 132 | } << 'EOF' 133 | -----BEGIN PGP PUBLIC KEY BLOCK----- 134 | 135 | mQINBFJgDucBEADQgT9V3UHi8pKP/m7/F1EronduU4kLIfP//YbMRMYKYf8ns/X1 136 | p2mWtiwbNL0Y20RWaswkmaxhhi1jw/punMwrMryda5iATOlRvQTTrBW3QBKMaKjs 137 | B1oTeLLAkfGaLZnZJkcQqxypT5lTZbTCtLqJpVgBV2hv+YAvws74wpfT79xsHuWE 138 | PPfmkUr8el9vPTtyxc+HEm5l9lXt3GWLWCDKdaj/i2DsI+MET7TyYeOqU0bMeLp2 139 | NHNucDnU1VOIalYOZZ9mP0IlpGJKuLEqoergWoZ5mSVixHJjg/NIJ12E0FIiHL5a 140 | wCpI8X/+fxel/hB9lPPFPmdsawRuSgwV8l3FFxIjQbNKtOHPsTG00dkMXMriYQ/x 141 | dzohYngQdfYhHi0aK1kUYIsWlpzPrgM4Z2haifKId/n7DLvm7hzJo3ByPphqP3Gk 142 | c1ZlhSotD0Gujcwh3Wc1V0F6QWv3CDjsAt9EhDG+iB9UdwBF/7M/fVO13dpb4kWu 143 | Zcm1w6dk5dT5peZt5nU/16jZvwg6IiHSdxxA7tV6trtepUZ630FSLRIu9uHYn5gC 144 | bp5YrvZp95NjW3X5mtgRLB5oOxC0WdWhsjBadn6+6ZZyW/YUskhsAsukvvGs+8l4 145 | G0quHo7FSQQXRRr9e1npaGstzCrYzlM4yMCNOoDRXfh7voSesK4fBRCHVwARAQAB 146 | tDRBcnggTGliZXJ0YXRpcyBSZWxlYXNlcyA8cmVsZWFzZUBhcngtbGliZXJ0YXRp 147 | cy5vcmc+iQI5BBMBAgAjBQJSYA7nAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC 148 | F4AACgkQ+H1991CFml4b8A/+NQqE0Q6o6YRA11fBPX376ITo9xOX8JESI4RLNHXJ 149 | 9sBRSXjnJN/10ZJm+cYqU37dZzZa9bLpxlHb8aDQx79qMQl6V6xW6u1LF36Q//xG 150 | SL6MCP/cSSmVsePlBVoO9XxsaNep8LllT1RYVJ9RZHlhrV83TKKBZtHa4d497cvq 151 | 8qd1vjlWh/hS8Ouz6XHh3K064AahVvV8/WCFHhXkXCB8ER0Ylxis3hVgMCRquY4p 152 | 5pOEj1T4ZlEWuH/dsuY/1eE/sh/5Jds1CACx2TdaXcxT45QHp84BLj7rWtCYv4gO 153 | 05lYIGEwMD2KY9wwXtgPSWzNPwqt0OH5arVnIp7AOPcKARupMgPIHKW2xbJyZdND 154 | KK/YgChfyqVxFGFP1b6mmizY6J8MbWpJt5w1FVyxgorWHpVlbrSdMd2aZ0FstJRl 155 | z4+FhBkymbEoJUd7HVMxdWXlWAooges1iDp9SA3uR8rE9sLdm3qNfP5ahxAnXJb/ 156 | zfal9OMql0BaCp3Hqwf6KrV8jZAk3IPsJD6qEUIXvgHqYoGM18FJHm0nTJLsjS5A 157 | w2f7pdHIpLuwoO+mjs2+sXsZGe5ORrG3EDHeYurYeXi26ditd/5m9+myN7WO7M7H 158 | RIzYXVLLsDjezuerdOvFq4sChrBPXd4LM8OoCHMfVuvSuFHExN7y0bEI2NTxv4s4 159 | Z9W5Ag0EUmAO5wEQAKCK59W3IrTG5jSnw5fAaAKjtQ2qteup6Ext4L0vmrc3HW0S 160 | Awid2H54i4fydHTxWW4dws/iPm3F8ZP4ReDSBLPrFhD4l5Hir2OmADn/rRYPRkvj 161 | hv3k58eAFjYm3Ipoz7POnT5bioYCT20kVLBtoCdT1tkoYLOFxhGbHJz0hh9lbsNX 162 | s7Uwshl4CjTQr3wGtedf5EswUHwwclt21V5WTO/iixvvSe0+/MxBgbwx4vl16mTb 163 | CJIJ80QIA6jm+JVpHeXrNgNfmZ+h3D4ScIoUjDraha8BavE9Kt+jlbgdTDFlAMDa 164 | Wc+0vAaNImjhtOfVXUNiDmSbkqUWlHQDnQwoBOyt7kPLOn7eJTZEaUam06Qeay1t 165 | W0UxRbDyiVsgylc3gcYGoAx3Iu84pTen24O3sdV7gdGG6jEzEUeZX0IB9yd259b1 166 | uGXIxBm8aM5KvgRxM+m55U58Go6l07vRiF/f+iouyJ4A0jLAXwlL6CZ4T4fj1pMF 167 | kubyCA5VMEfojMvvBOvmJmDlxuRDvkAjkSS5nXkZqE0geKKySjaB/BgJiceLOuEW 168 | yuHqIMwS/7aiQjvNVVLv4HtTYOwfO4/i8WVSEHByIhjzqb1S+bS+XMqzwdhJunxj 169 | ALIXQqA5h+DdW/31udoFACjcPjtzKQP1tBAGOklVJUff6JnGRJSdirZitkZjABEB 170 | AAGJBD4EGAECAAkFAlJgDucCGy4CKQkQ+H1991CFml7BXSAEGQECAAYFAlJgDucA 171 | CgkQFPO8tCXpaC4QhRAAm1MbJHkqW2arQVsC/zyxx1y/det+uWNXKr/vCCivAswu 172 | 0L/IX1ujQTRtQt572jmq8icSlwADZSC5Mot5tv2+DoJi267yAU7KMyY4OvQEDpDC 173 | F5Ztp5SL5ungtc+CjR0Zfs3CdB4i05sNU6vEYRVkuebWUNpt4cgUIK2EAd5EAvgA 174 | DuqtGC3EJa4o/P+GeP8y7djwQZafK59ku+xJ7WOh/M0kGsFTBGUoiOyQUAQBv1RE 175 | papx0SONUZVQWne8mZJgdJ/TMGPdqTGa/AVUaZ6rizd0Ve4W8rztV8UVhB/3t4Gl 176 | KYyq4rOP+kEelfa3x+ZCdP5z7D6J1rXNpJEKkplTwnV8lAZyA7PGaOVD0VnOV1Nn 177 | lTyRgAhGsNhzjpEQa4dI9S9KYMSR5OWXGjfRKM6589sH91rZoUYGD7Ve8TV1Kpvp 178 | YjzZkyyLB7KUiGCf/s29Fy+o/o3uRaJVKskBjSAOAlPp/cDhKORC4p+1ERV8/hAI 179 | uInL7IqV9t8KR8kqjN5EZs22SQzi1PNxVCKHelNlnCnA+Y+4uBjGEZB1wk1C+Zwp 180 | rwairfZtpJS7R5uSSGkTGkqsb+Yxgp2UDVWb9BAVxBQPfBhBTre7OXTvBJtGXzD8 181 | IWSh04+or/dRv/6Bm6RP5MEWctvuy27zh9XzHExKUaAe8j50oxSdcvUfiT3kijcE 182 | uw/8DiuGN9p1LPjYIJ3ClLYma+Cpolp3gWKL5MaztTSOvoGE5AtUcv8GVgzsT0Sy 183 | N+BBdunaeU7ZlUHw6uspTegLSaGzGeT/3/gicknA/WAfQiKGinejFGwNwr4L9XKv 184 | SJEPNZyAG9RjZpxTOt9t/ynDapmN79RhrETzsgw4kzaAFV2K7QZi+OQhhtPkExsc 185 | ddaMkoVbZUTFNfexta6fLs8DcUh+mejAyDDkISlokduhQwqwkwTa8rGbL8bufJA9 186 | 3uEMfC3eRq24DdIaHBd5Kkoy5Qg88A7l7uT6bT/R9ZtMYvUl2wITuiJDAjFjkD7v 187 | qDpTn++Wlb5/oWAg+Fp9tw2/3sObiErsOextHhhCqPQC3aFeL9lotqP7tA7/5ZUm 188 | xZhZUMEnwkPvwj56mYcX+p5GAMXj3nQE26Lo6+ocIKPvEeyAvINDDO8At24P7P0u 189 | imQoObO88ZgKSyd4JFIxzfnuBGkfPSWjp6yWd/M/Q6hU7KvSydFTUx9IaLhCofyG 190 | 5eT3r5z5cyJxj3gyJvvHGvSwRh3x10VfDTpIKJ3TmB7GDWIwikgZanOPR2A2kje3 191 | Vcj3G4KreTABzi38HRvmrnxc3wF0eD/tVfollqXS/TIDKptTTfrXWF1m5YrYfWn6 192 | qtdR+pntlQyoXN2ydU2P1zEe5qUJR13RFwo2EXySVguAHfA= 193 | =ooDC 194 | -----END PGP PUBLIC KEY BLOCK----- 195 | EOF 196 | -------------------------------------------------------------------------------- /examples/containers/Fallout.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game Fallout. A single 3 | # argument is required, the path to an Inno Setup installer from GOG. 4 | # 5 | # Since the game is only for Windows, this simply installs a 32-bit Wine 6 | # container and extracts files from the installer. Persistent game data is 7 | # saved by mounting a path from the calling user's XDG data directory as an 8 | # overlay over the game's Wine drive path and binding configuration files. 9 | 10 | options+=([arch]=i686 [distro]=opensuse [gpt]=1 [squash]=1) 11 | 12 | packages+=( 13 | Mesa-dri{,-nouveau} 14 | wine 15 | ) 16 | 17 | packages_buildroot+=(innoextract) 18 | 19 | function initialize_buildroot() { 20 | $cp "${1:-setup_fallout_2.1.0.18.exe}" "$output/install.exe" 21 | 22 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 23 | $sed -i -e '/^[# ]*rpm.install.excludedocs/s/^[# ]*//' "$buildroot/etc/zypp/zypp.conf" 24 | } 25 | 26 | function customize() { 27 | exclude_paths+=( 28 | root 29 | usr/{include,lib/debug,local,src} 30 | usr/{lib,share}/locale 31 | usr/lib/{sysimage,systemd,tmpfiles.d} 32 | usr/lib'*'/gconv 33 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 34 | ) 35 | 36 | innoextract -md root/root install.exe 37 | rm -f install.exe 38 | mv root/root/app root/fallout 39 | sed '/^UAC_AWARE=/s/=1/=0/' root/fallout/f1_res.ini > root/fallout/f1_res.ini.orig 40 | cp root/fallout/fallout.cfg root/fallout/fallout.cfg.orig 41 | 42 | cat << 'EOF' > root/init ; chmod 0755 root/init 43 | #!/bin/sh -eu 44 | for file in f1_res.ini fallout.cfg 45 | do test -s "$file" || cat "$file.orig" > "$file" 46 | done 47 | DISPLAY= wine hostname 48 | exec wine explorer /desktop=virtual,1900x1200 /fallout/falloutwHR.exe "$@" 49 | EOF 50 | 51 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 52 | #!/bin/sh -eu 53 | 54 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/Fallout/SAVEGAME" ] || 55 | mkdir -p "$XDG_DATA_HOME/Fallout/SAVEGAME" 56 | 57 | for file in f1_res.ini fallout.cfg 58 | do 59 | test -e "$XDG_DATA_HOME/Fallout/$file" || 60 | touch "$XDG_DATA_HOME/Fallout/$file" 61 | done 62 | 63 | exec sudo systemd-nspawn \ 64 | --bind="$XDG_DATA_HOME/Fallout/SAVEGAME:/fallout/DATA/SAVEGAME" \ 65 | --bind="$XDG_DATA_HOME/Fallout/f1_res.ini:/fallout/f1_res.ini" \ 66 | --bind="$XDG_DATA_HOME/Fallout/fallout.cfg:/fallout/fallout.cfg" \ 67 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 68 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 69 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 70 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 71 | --bind-ro=/etc/passwd \ 72 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 73 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 74 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 75 | --chdir=/fallout \ 76 | --hostname=Fallout \ 77 | --image="${IMAGE:-Fallout.img}" \ 78 | --link-journal=no \ 79 | --machine="Fallout-$USER" \ 80 | --overlay="+/fallout/DATA/MAPS:$XDG_DATA_HOME/Fallout/SAVEGAME:/fallout/DATA/MAPS" \ 81 | --personality=x86 \ 82 | --private-network \ 83 | --read-only \ 84 | --setenv="HOME=/home/$USER" \ 85 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 86 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 87 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 88 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 89 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 90 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 91 | --tmpfs=/home \ 92 | --user="$USER" \ 93 | /init "$@" 94 | EOF 95 | } 96 | -------------------------------------------------------------------------------- /examples/containers/FasterThanLight.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game FTL. A single 3 | # argument is required, the path to a Linux installer from GOG. 4 | # 5 | # The container includes dependencies not bundled with the game. Persistent 6 | # game data paths are bound into the home directory of the calling user, so the 7 | # container is interchangeable with a native installation of the game. 8 | # 9 | # Since the game archive includes both i686 and x86_64 binaries, this script 10 | # supports using either depending on whether the CLI option "-o arch=i686" was 11 | # given. The i686 build may not be trustworthy, however, because the distro's 12 | # RPMs for that architecture are unsigned after Fedora 30. 13 | # 14 | # This script implements an option to demonstrate supporting the proprietary 15 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 16 | # version, and a non-numeric value defaults to the latest. 17 | 18 | options+=([arch]=x86_64 [distro]=fedora [gpt]=1 [release]=41 [squash]=1) 19 | 20 | packages+=( 21 | alsa-plugins-pulseaudio 22 | coreutils 23 | mesa-libGLU 24 | ) 25 | 26 | packages_buildroot+=(unzip) 27 | 28 | function initialize_buildroot() { 29 | $cp "${1:-ftl_advanced_edition_1_6_12_2_35269.sh}" "$output/ftl.zip" 30 | 31 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 32 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 33 | 34 | # Support an option for running on a host with proprietary drivers. 35 | if opt nvidia 36 | then 37 | local -r suffix="-${options[nvidia]}xx" 38 | enable_repo_rpmfusion_nonfree 39 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 40 | else packages+=(mesa-dri-drivers) 41 | fi 42 | } 43 | 44 | function customize_buildroot() if [[ ${options[arch]:-$DEFAULT_ARCH} == i686 ]] 45 | then 46 | sed -i -e 's/^enabled=.*/enabled=0/' /etc/yum.repos.d/*.repo 47 | sed "${options[nvidia]:+s/^enabled=.*/enabled=1/}" << 'EOF' > /etc/yum.repos.d/koji.repo 48 | [koji-fedora] 49 | name=Fedora $releasever - $basearch - Packages directly from Koji 50 | baseurl=https://kojipkgs.fedoraproject.org/repos/f$releasever-build/latest/$basearch/ 51 | enabled=1 52 | gpgcheck=0 53 | [koji-rpmfusion-free] 54 | name=RPM Fusion for Fedora $releasever - Free - Packages directly from Koji 55 | baseurl=https://koji.rpmfusion.org/kojifiles/repos/f$releasever-free-multilibs-build/latest/$basearch/ 56 | enabled=0 57 | gpgcheck=0 58 | [koji-rpmfusion-nonfree] 59 | name=RPM Fusion for Fedora $releasever - Nonfree - Packages directly from Koji 60 | baseurl=https://koji.rpmfusion.org/kojifiles/repos/f$releasever-nonfree-multilibs-build/latest/$basearch/ 61 | enabled=0 62 | gpgcheck=0 63 | EOF 64 | fi 65 | 66 | function customize() { 67 | exclude_paths+=( 68 | root 69 | usr/{include,lib/debug,local,src} 70 | usr/{lib,share}/locale 71 | usr/lib/{sysimage,systemd,tmpfiles.d} 72 | usr/lib'*'/gconv 73 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 74 | ) 75 | 76 | local -r drop=$([[ ${options[arch]:-$DEFAULT_ARCH} == i686 ]] && echo amd64) 77 | unzip -Cjd root ftl.zip 'data/noarch/game/data/FTL.*' -x "*FTL.${drop:-x86}" || [[ $? -eq 1 ]] 78 | mv root/FTL.* root/FTL 79 | rm -f ftl.zip 80 | 81 | cat << 'EOF' > root/init ; chmod 0755 root/init 82 | #!/bin/sh -eu 83 | mkdir -p "$HOME/.local/share" 84 | ln -fns /tmp/save "$HOME/.local/share/FasterThanLight" 85 | exec /FTL "$@" 86 | EOF 87 | 88 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,;}${drop:+s/-64//}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 89 | #!/bin/sh -eu 90 | 91 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/FasterThanLight" ] || 92 | mkdir -p "$XDG_DATA_HOME/FasterThanLight" 93 | 94 | exec sudo systemd-nspawn \ 95 | --bind="$XDG_DATA_HOME/FasterThanLight:/tmp/save" \ 96 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 97 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 98 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 99 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 100 | --bind-ro=/etc/passwd \ 101 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 102 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 103 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 104 | --chdir=/ \ 105 | --hostname=FasterThanLight \ 106 | --image="${IMAGE:-FasterThanLight.img}" \ 107 | --link-journal=no \ 108 | --machine="FasterThanLight-$USER" \ 109 | --personality=x86-64 \ 110 | --private-network \ 111 | --read-only \ 112 | --setenv="HOME=/home/$USER" \ 113 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 114 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 115 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 116 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 117 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 118 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 119 | --tmpfs=/home \ 120 | --user="$USER" \ 121 | /init "$@" 122 | EOF 123 | } 124 | -------------------------------------------------------------------------------- /examples/containers/GrimFandango.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game Grim Fandango. A 3 | # single argument is required, the path to a Linux installer from GOG. 4 | # 5 | # The container includes dependencies not bundled with the game. Persistent 6 | # game data paths are bound into the calling user's XDG data directory, so the 7 | # players have their own private save files. 8 | # 9 | # This script implements an option to demonstrate supporting the proprietary 10 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 11 | # version, and a non-numeric value defaults to the latest. 12 | 13 | options+=([arch]=i686 [distro]=ubuntu [gpt]=1 [release]=24.10 [squash]=1) 14 | 15 | packages+=( 16 | libasound2-plugins 17 | libgl{1,u1} 18 | ${options[nvidia]:+libnvidia-gl-${options[nvidia]/#*[!0-9]*/560}} 19 | libx{cursor1,i6,inerama1,randr2,ss1,xf86vm1} 20 | ) 21 | 22 | packages_buildroot+=(unzip) 23 | 24 | function initialize_buildroot() { 25 | $cp "${1:-gog_grim_fandango_remastered_2.3.0.7.sh}" "$output/grim.zip" 26 | } 27 | 28 | function customize() { 29 | exclude_paths+=( 30 | root 31 | usr/{include,lib/debug,local,src} 32 | usr/{lib,share}/locale 33 | usr/lib/{systemd,tmpfiles.d} 34 | usr/lib'*'/gconv 35 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 36 | ) 37 | 38 | unzip grim.zip -d root/root -x data/noarch/game/bin/{runtime-README.txt,{amd64,i386,scripts}/'*'} || [[ $? -eq 1 ]] 39 | mv root/root/data/noarch/game/bin root/grim 40 | rm -f grim.zip 41 | mkdir -p root/grim/Saves 42 | 43 | ln -fns grim/GrimFandango root/init 44 | 45 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 46 | #!/bin/sh -eu 47 | 48 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/GrimFandango" ] || 49 | mkdir -p "$XDG_DATA_HOME/GrimFandango" 50 | 51 | exec sudo systemd-nspawn \ 52 | --bind="$XDG_DATA_HOME/GrimFandango:/grim/Saves" \ 53 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 54 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 55 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 56 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 57 | --bind-ro=/etc/passwd \ 58 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 59 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 60 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 61 | --chdir=/grim \ 62 | --hostname=GrimFandango \ 63 | --image="${IMAGE:-GrimFandango.img}" \ 64 | --link-journal=no \ 65 | --machine="GrimFandango-$USER" \ 66 | --personality=x86 \ 67 | --private-network \ 68 | --read-only \ 69 | --setenv="HOME=/home/$USER" \ 70 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 71 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 72 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 73 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 74 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 75 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 76 | --tmpfs=/home \ 77 | --user="$USER" \ 78 | /init "$@" 79 | EOF 80 | } 81 | -------------------------------------------------------------------------------- /examples/containers/KerbalSpaceProgram.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game Kerbal Space 3 | # Program. A single argument is required, the path to a Linux binary release 4 | # archive. 5 | # 6 | # The container includes dependencies not bundled with the game. Persistent 7 | # game data is saved by mounting a path from the calling user's XDG data 8 | # directory as an overlay over the game's installation path. 9 | # 10 | # This script implements an option to demonstrate supporting the proprietary 11 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 12 | # version, and a non-numeric value defaults to the latest. 13 | 14 | options+=([arch]=x86_64 [distro]=fedora [gpt]=1 [release]=41 [squash]=1) 15 | 16 | packages+=( 17 | gtk2 18 | libX{cursor,i,inerama,randr,ScrnSaver,xf86vm} 19 | pulseaudio-libs 20 | setxkbmap 21 | ) 22 | 23 | packages_buildroot+=(unzip) 24 | 25 | function initialize_buildroot() { 26 | $cp "${1:-ksp-linux-1.11.2.zip}" "$output/KSP.zip" 27 | 28 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 29 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 30 | 31 | # Support an option for running on a host with proprietary drivers. 32 | if opt nvidia 33 | then 34 | local -r suffix="-${options[nvidia]}xx" 35 | enable_repo_rpmfusion_nonfree 36 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 37 | else packages+=(mesa-dri-drivers mesa-libGL) 38 | fi 39 | } 40 | 41 | function customize() { 42 | exclude_paths+=( 43 | KSP_linux/KSPLauncher'*' 44 | root 45 | usr/{include,lib/debug,local,src} 46 | usr/{lib,share}/locale 47 | usr/lib/{sysimage,systemd,tmpfiles.d} 48 | usr/lib'*'/gconv 49 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 50 | ) 51 | 52 | unzip -d root KSP.zip 53 | rm -f KSP.zip 54 | 55 | cat << 'EOF' > root/init ; chmod 0755 root/init 56 | #!/bin/sh -eu 57 | mkdir -p "$HOME/.config/unity3d/Squad" 58 | ln -fns /tmp/save "$HOME/.config/unity3d/Squad/Kerbal Space Program" 59 | exec ./KSP.x86_64 "$@" 60 | EOF 61 | 62 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 63 | #!/bin/sh -eu 64 | 65 | [ -e "${XDG_CONFIG_HOME:=$HOME/.config}/unity3d/Squad/Kerbal Space Program" ] || 66 | mkdir -p "$XDG_CONFIG_HOME/unity3d/Squad/Kerbal Space Program" 67 | 68 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/KerbalSpaceProgram" ] || 69 | mkdir -p "$XDG_DATA_HOME/KerbalSpaceProgram" 70 | 71 | exec sudo systemd-nspawn \ 72 | --ambient-capability=CAP_DAC_OVERRIDE \ 73 | --bind="$XDG_CONFIG_HOME/unity3d/Squad/Kerbal Space Program:/tmp/save" \ 74 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 75 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 76 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 77 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 78 | --bind-ro=/etc/passwd \ 79 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 80 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 81 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 82 | --capability=CAP_DAC_OVERRIDE \ 83 | --chdir=/KSP_linux \ 84 | --hostname=KerbalSpaceProgram \ 85 | --image="${IMAGE:-KerbalSpaceProgram.img}" \ 86 | --link-journal=no \ 87 | --machine="KerbalSpaceProgram-$USER" \ 88 | --overlay="+/KSP_linux:$XDG_DATA_HOME/KerbalSpaceProgram:/KSP_linux" \ 89 | --personality=x86-64 \ 90 | --private-network \ 91 | --read-only \ 92 | --setenv="HOME=/home/$USER" \ 93 | --setenv=LC_ALL=C \ 94 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 95 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 96 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 97 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 98 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 99 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 100 | --tmpfs=/home \ 101 | --user="$USER" \ 102 | /init "$@" 103 | EOF 104 | } 105 | -------------------------------------------------------------------------------- /examples/containers/Psychonauts.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game Psychonauts. A 3 | # single argument is required, the path to a Linux installer from GOG. 4 | # 5 | # The container includes dependencies not bundled with the game. Persistent 6 | # game data paths are bound into the home directory of the calling user, so the 7 | # container is interchangeable with a native installation of the game. 8 | # 9 | # This script implements an option to demonstrate supporting the proprietary 10 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 11 | # version, and a non-numeric value defaults to the latest. 12 | 13 | options+=([arch]=i686 [distro]=ubuntu [gpt]=1 [release]=24.10 [squash]=1) 14 | 15 | packages+=( 16 | libasound2-plugins 17 | libgl1 18 | ${options[nvidia]:+libnvidia-gl-${options[nvidia]/#*[!0-9]*/560}} 19 | libxcursor1 20 | ) 21 | 22 | packages_buildroot+=(unzip) 23 | 24 | function initialize_buildroot() { 25 | $cp "${1:-gog_psychonauts_2.0.0.4.sh}" "$output/psychonauts.zip" 26 | } 27 | 28 | function customize() { 29 | exclude_paths+=( 30 | root 31 | usr/{include,lib/debug,local,src} 32 | usr/{lib,share}/locale 33 | usr/lib/{systemd,tmpfiles.d} 34 | usr/lib'*'/gconv 35 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 36 | ) 37 | 38 | unzip psychonauts.zip -d root/root -x data/noarch/game/{Documents/'*',icon.bmp,psychonauts.png} || [[ $? -eq 1 ]] 39 | mv root/root/data/noarch/game root/psychonauts 40 | rm -f psychonauts.zip 41 | 42 | cat << 'EOF' > root/init ; chmod 0755 root/init 43 | #!/bin/sh -eu 44 | mkdir -p "$HOME/.local/share" 45 | ln -fns /tmp/save "$HOME/.local/share/Psychonauts" 46 | test -e /tmp/save/DisplaySettings.ini || 47 | cp -t /tmp/save /psychonauts/DisplaySettings.ini 48 | exec /psychonauts/Psychonauts "$@" 49 | EOF 50 | 51 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 52 | #!/bin/sh -eu 53 | 54 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/Psychonauts" ] || 55 | mkdir -p "$XDG_DATA_HOME/Psychonauts" 56 | 57 | exec sudo systemd-nspawn \ 58 | --bind="$XDG_DATA_HOME/Psychonauts:/tmp/save" \ 59 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 60 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 61 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 62 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 63 | --bind-ro=/etc/passwd \ 64 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 65 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 66 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 67 | --chdir="/home/$USER" \ 68 | --hostname=Psychonauts \ 69 | --image="${IMAGE:-Psychonauts.img}" \ 70 | --link-journal=no \ 71 | --machine="Psychonauts-$USER" \ 72 | --personality=x86 \ 73 | --private-network \ 74 | --read-only \ 75 | --setenv="HOME=/home/$USER" \ 76 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 77 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 78 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 79 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 80 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 81 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 82 | --tmpfs=/home \ 83 | --user="$USER" \ 84 | /init "$@" 85 | EOF 86 | } 87 | -------------------------------------------------------------------------------- /examples/containers/RollerCoasterTycoon.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game RollerCoaster 3 | # Tycoon. A single argument is required, the path to an Inno Setup installer 4 | # from GOG. 5 | # 6 | # Since the game is only for Windows, this simply installs a 32-bit Wine 7 | # container and extracts files from the installer. Persistent game data is 8 | # saved by mounting a path from the calling user's XDG data directory as an 9 | # overlay over the game's Wine drive path. 10 | 11 | options+=([arch]=i686 [distro]=opensuse [gpt]=1 [squash]=1) 12 | 13 | packages+=( 14 | Mesa-dri{,-nouveau} 15 | wine 16 | ) 17 | 18 | packages_buildroot+=(innoextract jq) 19 | 20 | function initialize_buildroot() { 21 | $cp "${1:-setup_rollercoaster_tycoon_deluxe_1.20.015_(17822).exe}" "$output/install.exe" 22 | 23 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 24 | $sed -i -e '/^[# ]*rpm.install.excludedocs/s/^[# ]*//' "$buildroot/etc/zypp/zypp.conf" 25 | } 26 | 27 | function customize() { 28 | exclude_paths+=( 29 | root 30 | usr/{include,lib/debug,local,src} 31 | usr/{lib,share}/locale 32 | usr/lib/{sysimage,systemd,tmpfiles.d} 33 | usr/lib'*'/gconv 34 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 35 | ) 36 | 37 | innoextract -md root/root install.exe 38 | rm -f install.exe 39 | wine_gog_script /RCT < root/root/app/goggame-1207658945.script > reg.sh 40 | mv root/root/app root/RCT 41 | 42 | sed $'/^REG_SCRIPT/{rreg.sh\nd;}' << 'EOF' > root/init ; chmod 0755 root/init 43 | #!/bin/sh -eu 44 | (unset DISPLAY 45 | REG_SCRIPT 46 | ) 47 | exec wine explorer /desktop=virtual,1024x768 /RCT/RCT.EXE "$@" 48 | EOF 49 | 50 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 51 | #!/bin/sh -eu 52 | 53 | for dir in Data 'Saved Games' Scenarios Tracks 54 | do 55 | test -e "${XDG_DATA_HOME:=$HOME/.local/share}/RollerCoasterTycoon/$dir" || 56 | mkdir -p "$XDG_DATA_HOME/RollerCoasterTycoon/$dir" 57 | done 58 | 59 | exec sudo systemd-nspawn \ 60 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 61 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 62 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 63 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 64 | --bind-ro=/etc/passwd \ 65 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 66 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 67 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 68 | --chdir=/RCT \ 69 | --hostname=RollerCoasterTycoon \ 70 | --image="${IMAGE:-RollerCoasterTycoon.img}" \ 71 | --link-journal=no \ 72 | --machine="RollerCoasterTycoon-$USER" \ 73 | --overlay="+/RCT:$XDG_DATA_HOME/RollerCoasterTycoon:/RCT" \ 74 | --personality=x86 \ 75 | --private-network \ 76 | --read-only \ 77 | --setenv="HOME=/home/$USER" \ 78 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 79 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 80 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 81 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 82 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 83 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 84 | --tmpfs=/home \ 85 | --user="$USER" \ 86 | /init "$@" 87 | EOF 88 | } 89 | -------------------------------------------------------------------------------- /examples/containers/TheBindingOfIsaac.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game The Binding of Isaac 3 | # (Wrath of the Lamb). A single argument is required, the path to a release 4 | # archive containing the bare SWF file. 5 | # 6 | # Ruffle is compiled from source to be used as the Flash player. Persistent 7 | # game data is saved in its own path under the calling user's XDG data 8 | # directory to keep it isolated from the native Flash persistent store. 9 | # 10 | # This script implements an option to demonstrate supporting the proprietary 11 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 12 | # version, and a non-numeric value defaults to the latest. 13 | 14 | options+=([distro]=fedora [gpt]=1 [release]=41 [squash]=1) 15 | 16 | packages+=( 17 | alsa-plugins-pulseaudio 18 | libxkbcommon-x11 19 | gtk3 20 | ) 21 | 22 | packages_buildroot+=( 23 | {alsa-lib,gtk3,libudev,openssl}-devel 24 | cargo 25 | java-latest-openjdk-headless 26 | tar 27 | unzip 28 | ) 29 | 30 | function initialize_buildroot() { 31 | $cp "${1:-the_binding_of_isaac_wrath_of_the_lamb-linux-1.48-1355426233.swf.zip}" "$output/BOI.zip" 32 | 33 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 34 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 35 | 36 | # Download, verify, and extract a recent Ruffle source tag. 37 | $curl -L https://github.com/ruffle-rs/ruffle/archive/refs/tags/nightly-2024-11-17.tar.gz > "$output/ruffle.tgz" 38 | [[ $($sha256sum "$output/ruffle.tgz") == 90c80109db8ac05f946f36ecb9c32d9a59541db46c6f0e9a569ea4bbcbc08dc1\ * ]] 39 | $tar --transform='s,^[^/]*,ruffle,' -C "$output" -xf "$output/ruffle.tgz" 40 | $rm -f "$output/ruffle.tgz" 41 | 42 | # Support an option for running on a host with proprietary drivers. 43 | if opt nvidia 44 | then 45 | local -r suffix="-${options[nvidia]}xx" 46 | enable_repo_rpmfusion_nonfree 47 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 48 | else packages+=(mesa-vulkan-drivers) 49 | fi 50 | } 51 | 52 | function customize_buildroot() { 53 | local -rx RUSTFLAGS='-Copt-level=3 -Ccodegen-units=1 -Clink-arg=-Wl,-z,relro -Clink-arg=-Wl,-z,now' 54 | cargo build --manifest-path=ruffle/Cargo.toml --package=ruffle_desktop --release 55 | } 56 | 57 | function customize() { 58 | strip -o root/ruffle_desktop ruffle/target/release/ruffle_desktop 59 | unzip -p BOI.zip -x '__MACOSX/*' > root/boiwotl.swf 60 | rm -f BOI.zip 61 | 62 | cat << 'EOF' > root/init ; chmod 0755 root/init 63 | #!/bin/sh -eu 64 | mkdir -p "$HOME/.local/share" 65 | ln -fns /tmp/save "$HOME/.local/share/ruffle" 66 | exec /ruffle_desktop --fullscreen /boiwotl.swf "$@" 67 | EOF 68 | 69 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 70 | #!/bin/sh -eu 71 | 72 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/TheBindingOfIsaac" ] || 73 | mkdir -p "$XDG_DATA_HOME/TheBindingOfIsaac" 74 | 75 | exec sudo systemd-nspawn \ 76 | --bind="$XDG_DATA_HOME/TheBindingOfIsaac:/tmp/save" \ 77 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 78 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 79 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 80 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 81 | --bind-ro=/etc/passwd \ 82 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 83 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 84 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 85 | --chdir="/home/$USER" \ 86 | --hostname=TheBindingOfIsaac \ 87 | --image="${IMAGE:-TheBindingOfIsaac.img}" \ 88 | --link-journal=no \ 89 | --machine="TheBindingOfIsaac-$USER" \ 90 | --private-network \ 91 | --read-only \ 92 | --setenv="HOME=/home/$USER" \ 93 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 94 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 95 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 96 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 97 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 98 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 99 | --tmpfs=/home \ 100 | --user="$USER" \ 101 | /init "$@" 102 | EOF 103 | } 104 | -------------------------------------------------------------------------------- /examples/containers/TheLongestJourney.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game The Longest Journey. 3 | # Two arguments are required, the paths to both Inno Setup installer fragments 4 | # from GOG (with the exe file first followed by the bin file). 5 | # 6 | # The container is just a wrapper for SCUMMVM to run the game. Persistent game 7 | # data is saved in its own path under the calling user's XDG data directory to 8 | # keep it isolated from any native SCUMMVM saved games. 9 | # 10 | # This script implements an option to demonstrate supporting the proprietary 11 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 12 | # version, and a non-numeric value defaults to the latest. 13 | 14 | options+=([distro]=fedora [gpt]=1 [release]=41 [squash]=1) 15 | 16 | packages+=(scummvm) 17 | 18 | packages_buildroot+=(innoextract) 19 | 20 | function initialize_buildroot() { 21 | $cp "${1:-setup_the_longest_journey_142_lang_update_(24607).exe}" "$output/install.exe" 22 | $cp "${2:-setup_the_longest_journey_142_lang_update_(24607)-1.bin}" "$output/install-1.bin" 23 | 24 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 25 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 26 | 27 | # Support an option for running on a host with proprietary drivers. 28 | if opt nvidia 29 | then 30 | local -r suffix="-${options[nvidia]}xx" 31 | enable_repo_rpmfusion_nonfree 32 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 33 | else packages+=(mesa-dri-drivers) 34 | fi 35 | } 36 | 37 | function customize() { 38 | exclude_paths+=( 39 | root 40 | usr/{include,lib/debug,local,src} 41 | usr/{lib,share}/locale 42 | usr/lib/{sysimage,systemd,tmpfiles.d} 43 | usr/lib'*'/gconv 44 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 45 | ) 46 | 47 | innoextract -md root/TLJ install.exe 48 | rm -fr install{.exe,-1.bin} root/TLJ/{app,commonappdata,gog*,manual.pdf,__redist,tlj_faq*} 49 | 50 | cat << 'EOF' > root/init ; chmod 0755 root/init 51 | #!/bin/sh -eu 52 | mkdir -p "$HOME/.config" "$HOME/.local/share" 53 | ln -fns /tmp/save "$HOME/.local/share/scummvm" 54 | ln -fst "$HOME/.config" ../.local/share/scummvm 55 | exec scummvm --auto-detect --fullscreen "$@" 56 | EOF 57 | 58 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 59 | #!/bin/sh -eu 60 | 61 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/TheLongestJourney" ] || 62 | mkdir -p "$XDG_DATA_HOME/TheLongestJourney" 63 | 64 | exec sudo systemd-nspawn \ 65 | --bind="$XDG_DATA_HOME/TheLongestJourney:/tmp/save" \ 66 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 67 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 68 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 69 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 70 | --bind-ro=/etc/passwd \ 71 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 72 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 73 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 74 | --chdir=/TLJ \ 75 | --hostname=TheLongestJourney \ 76 | --image="${IMAGE:-TheLongestJourney.img}" \ 77 | --link-journal=no \ 78 | --machine="TheLongestJourney-$USER" \ 79 | --private-network \ 80 | --read-only \ 81 | --setenv="HOME=/home/$USER" \ 82 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 83 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 84 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 85 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 86 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 87 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 88 | --tmpfs=/home \ 89 | --user="$USER" \ 90 | /init "$@" 91 | EOF 92 | } 93 | -------------------------------------------------------------------------------- /examples/containers/TheSims.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game The Sims: Complete 3 | # Collection. Seven arguments are required, the paths to the installer header 4 | # plus its five CAB files and the path to a no-CD executable. 5 | # 6 | # Since the game is only for Windows, this simply installs a 32-bit Wine 7 | # container and extracts files from the installer. Persistent game data is 8 | # saved by mounting a path from the calling user's XDG data directory as an 9 | # overlay over the game files. 10 | # 11 | # This script implements an option to demonstrate supporting the proprietary 12 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 13 | # version, and a non-numeric value defaults to the latest. 14 | 15 | options+=([arch]=i686 [distro]=ubuntu [gpt]=1 [release]=24.10 [squash]=1) 16 | 17 | packages+=( 18 | libgl1 19 | ${options[nvidia]:+libnvidia-gl-${options[nvidia]/#*[!0-9]*/560}} 20 | wine 21 | ) 22 | 23 | packages_buildroot+=(unshield) 24 | 25 | function initialize_buildroot() { 26 | $cp "${1:-data1.hdr}" "$output/data1.hdr" ; shift "0${1+1}" 27 | local -i i ; for (( i=1 ; i<=5 ; i++ )) 28 | do $cp "${!i:-data$i.cab}" "$output/data$i.cab" 29 | done 30 | $cp "${!i:-Sims.exe}" "$output/nocd.exe" 31 | } 32 | 33 | function customize() { 34 | exclude_paths+=( 35 | root 36 | usr/{include,lib/debug,local,src} 37 | usr/{lib,share}/locale 38 | usr/lib/{systemd,tmpfiles.d} 39 | usr/lib'*'/gconv 40 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 41 | ) 42 | 43 | # Extract the installer files. 44 | unshield -d root/root x data1.hdr 45 | rm -f data1.hdr data[1-5].cab 46 | 47 | # Restructure the extracted files as the installer would. 48 | local d ; for d in GameData Music SoundData 49 | do 50 | mkdir -p "root/sims/$d" 51 | mv -t "root/sims/$d" "root/root/$d"_*/* 52 | done 53 | mv -t root/sims root/root/{Debug_Support/*,Downloads,Expansion*,Template*,UIGraphics} 54 | mv root/sims/ExpansionPack{1,} 55 | mv root/sims/{ExpansionPackGOLD,Deluxe} 56 | mv root/sims/TemplateMagic{T,t}own 57 | cp -a root/sims/TemplateFamilyUnleashed root/sims/TemplateUserData/Patch 58 | cp -t root/sims/TemplateUserData/Houses root/sims/Template*/{{??,Neighborhood}Desc,House[2-9]?}.iff 59 | cp -t root/sims/TemplateUserData root/sims/TemplateMagictown/{Lot{Locations,Zoning},StreetNames}.iff 60 | mv nocd.exe root/sims/Sims.exe # Use the given no-CD EXE instead. 61 | 62 | # Allow user data to be initialized in an overlay. 63 | mkdir -p root/sims/.seed 64 | mv -t root/sims/.seed root/root/UserData{,2} 65 | chmod -R a+rX root/sims 66 | 67 | # Write the registry settings from the installer. 68 | cat << 'EOF' > root/install.reg 69 | Windows Registry Editor Version 5.00 70 | [HKLM\Software\Maxis\The Sims] 71 | "EP2Installed"="1" 72 | "EP3Installed"="1" 73 | "EP3Patch"="2" 74 | "EP4Installed"="1" 75 | "EP5Installed"="1" 76 | "EP5Patch"="1" 77 | "EP6Installed"="1" 78 | "EP7Installed"="1" 79 | "EP8Installed"="1" 80 | "EPDInstalled"="1" 81 | "EPDPatch"="1" 82 | "EPInstalled"="1" 83 | "Installed"="1" 84 | "InstallPath"="Z:\\sims" 85 | "Language"=dword:00000409 86 | "SIMS_CURRENT_NEIGHBORHOOD_NUM"="1" 87 | "SIMS_CURRENT_NEIGHBORHOOD_PATH"="UserData" 88 | "SIMS_DATA"="Z:\\sims" 89 | "SIMS_GAME_EDITION"="255" 90 | "SIMS_LANGUAGE"="USEnglish" 91 | "SIMS_MUSIC"="Z:\\sims" 92 | "SIMS_SKU"=dword:00000001 93 | "SIMS_SOUND"="Z:\\sims\\SoundData" 94 | "TELEPORT"="1" 95 | "Version"="1.2" 96 | EOF 97 | 98 | cat << 'EOF' > root/init ; chmod 0755 root/init 99 | #!/bin/bash -eu 100 | DISPLAY= wine reg import /install.reg 101 | for d in UserData UserData{2..3} 102 | do 103 | [[ -e $d ]] && continue 104 | cp -r TemplateUserData "$d" 105 | [[ ! -e .seed/$d ]] || cp -rt . ".seed/$d" 106 | done 107 | exec wine explorer /desktop=virtual,1024x768 Sims.exe -skip_intro -r1024x768 "$@" 108 | EOF 109 | 110 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 111 | #!/bin/sh -eu 112 | 113 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/TheSims" ] || 114 | mkdir -p "$XDG_DATA_HOME/TheSims" 115 | 116 | exec sudo systemd-nspawn \ 117 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 118 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 119 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 120 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 121 | --bind-ro=/etc/passwd \ 122 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 123 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 124 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 125 | --chdir=/sims \ 126 | --hostname=TheSims \ 127 | --image="${IMAGE:-TheSims.img}" \ 128 | --link-journal=no \ 129 | --machine="TheSims-$USER" \ 130 | --overlay="+/sims:$XDG_DATA_HOME/TheSims:/sims" \ 131 | --personality=x86 \ 132 | --private-network \ 133 | --read-only \ 134 | --setenv="HOME=/home/$USER" \ 135 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 136 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 137 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 138 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 139 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 140 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 141 | --tmpfs=/home \ 142 | --user="$USER" \ 143 | /init "$@" 144 | EOF 145 | } 146 | -------------------------------------------------------------------------------- /examples/containers/VVVVVV.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game VVVVVV. 3 | # 4 | # It compiles the free engine source and fetches the game assests. Persistent 5 | # game data paths are bound into the home directory of the calling user, so the 6 | # container is interchangeable with a native installation of the game. 7 | # 8 | # This script implements an option to demonstrate supporting the proprietary 9 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 10 | # version, and a non-numeric value defaults to the latest. 11 | 12 | options+=([distro]=fedora [gpt]=1 [release]=41 [squash]=1) 13 | 14 | packages+=( 15 | libXi 16 | pulseaudio-libs 17 | SDL2_mixer 18 | ) 19 | 20 | packages_buildroot+=(cmake gcc-c++ ninja-build SDL2_mixer-devel unzip) 21 | 22 | function initialize_buildroot() { 23 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 24 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 25 | 26 | # Support an option for running on a host with proprietary drivers. 27 | if opt nvidia 28 | then 29 | local -r suffix="-${options[nvidia]}xx" 30 | enable_repo_rpmfusion_nonfree 31 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 32 | else packages+=(mesa-dri-drivers mesa-libGL) 33 | fi 34 | } 35 | 36 | function customize_buildroot() { 37 | # Build the game engine before installing packages into the image. 38 | curl -L 'https://github.com/TerryCavanagh/VVVVVV/releases/download/2.4.1/VVVVVV-2.4.1.zip' > VVVVVV.zip 39 | [[ $(sha256sum VVVVVV.zip) == c453373cfa29456318c2ece7d452b2e971595004c1b353cd7073f6912b3c3d12\ * ]] 40 | unzip VVVVVV.zip 41 | rm -f VVVVVV.zip 42 | CFLAGS=-Wno-error=implicit-function-declaration \ 43 | cmake -GNinja -S VVVVVV/desktop_version -B VVVVVV/desktop_version/build \ 44 | -DCMAKE_INSTALL_PREFIX:PATH=/usr 45 | ninja -C VVVVVV/desktop_version/build -j"$(nproc)" all 46 | 47 | # Fetch the game assets. 48 | curl -L 'https://thelettervsixtim.es/makeandplay/data.zip' > data.zip 49 | [[ $(sha256sum data.zip) == c767809594f6472da9f56136e76657e38640d584164a46112250ac6293ecc0ea\ * ]] 50 | } 51 | 52 | function customize() { 53 | exclude_paths+=( 54 | root 55 | usr/{include,lib/debug,local,src} 56 | usr/{lib,share}/locale 57 | usr/lib/{sysimage,systemd,tmpfiles.d} 58 | usr/lib'*'/gconv 59 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 60 | ) 61 | 62 | cp -pt root VVVVVV/desktop_version/build/VVVVVV 63 | cp -pt root data.zip 64 | 65 | ln -fns VVVVVV root/init 66 | 67 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 68 | #!/bin/sh -eu 69 | 70 | [ -e "${XDG_DATA_HOME:=$HOME/.local/share}/VVVVVV" ] || 71 | mkdir -p "$XDG_DATA_HOME/VVVVVV" 72 | 73 | exec sudo systemd-nspawn \ 74 | --bind="$XDG_DATA_HOME/VVVVVV:/home/$USER/.local/share/VVVVVV" \ 75 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 76 | --bind="+/tmp:/home/$USER/.cache" \ 77 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 78 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 79 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 80 | --bind-ro=/etc/passwd \ 81 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 82 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 83 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 84 | --chdir=/ \ 85 | --hostname=VVVVVV \ 86 | --image="${IMAGE:-VVVVVV.img}" \ 87 | --link-journal=no \ 88 | --machine="VVVVVV-$USER" \ 89 | --private-network \ 90 | --read-only \ 91 | --setenv="HOME=/home/$USER" \ 92 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 93 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 94 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 95 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 96 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 97 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 98 | --tmpfs=/home \ 99 | --user="$USER" \ 100 | /init "$@" 101 | EOF 102 | } 103 | -------------------------------------------------------------------------------- /examples/containers/XCOM.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This builds a self-executing container image of the game X-COM: UFO Defense. 3 | # A single argument is required, the path to an Inno Setup installer from GOG. 4 | # 5 | # The container is just a wrapper for DOSBox to run the game. Persistent game 6 | # data is saved by mounting a path from the calling user's XDG data directory 7 | # as an overlay over the game's install path. 8 | # 9 | # This script implements an option to demonstrate supporting the proprietary 10 | # NVIDIA drivers on the host system. A numeric value selects the driver branch 11 | # version, and a non-numeric value defaults to the latest. 12 | 13 | options+=([distro]=fedora [gpt]=1 [release]=41 [squash]=1) 14 | 15 | packages+=( 16 | dosbox 17 | libXi 18 | ) 19 | 20 | packages_buildroot+=(innoextract) 21 | 22 | function initialize_buildroot() { 23 | $cp "${1:-setup_x-com_ufo_defense_1.2_(28046).exe}" "$output/install.exe" 24 | 25 | echo tsflags=nodocs >> "$buildroot/etc/dnf/dnf.conf" 26 | echo '%_install_langs %{nil}' >> "$buildroot/etc/rpm/macros" 27 | 28 | # Support an option for running on a host with proprietary drivers. 29 | if opt nvidia 30 | then 31 | local -r suffix="-${options[nvidia]}xx" 32 | enable_repo_rpmfusion_nonfree 33 | packages+=("xorg-x11-drv-nvidia${suffix##-*[!0-9]*xx}-libs") 34 | else packages+=(mesa-dri-drivers) 35 | fi 36 | } 37 | 38 | function customize() { 39 | exclude_paths+=( 40 | root 41 | usr/{include,lib/debug,local,src} 42 | usr/{lib,share}/locale 43 | usr/lib/{sysimage,systemd,tmpfiles.d} 44 | usr/lib'*'/gconv 45 | usr/share/{doc,help,hwdata,info,licenses,man,sounds} 46 | ) 47 | 48 | innoextract -md root/XCOM install.exe 49 | mv root/XCOM/__support/app/dosbox_xcomud.conf root/XCOM/dosbox.conf 50 | rm -fr install.exe root/XCOM/{app,commonappdata,DOSBOX,gog*,README.TXT,__redist,__support} 51 | 52 | cat << 'EOF' > root/init ; chmod 0755 root/init 53 | #!/bin/sh -eu 54 | exec dosbox -exit GO.BAT "$@" 55 | EOF 56 | 57 | sed "${options[nvidia]:+s, /dev/,&nvidia*&,}" << 'EOF' > launch.sh ; chmod 0755 launch.sh 58 | #!/bin/bash -eu 59 | 60 | for dir in GAME_{1..10} MISSDAT 61 | do 62 | [[ -e ${XDG_DATA_HOME:=$HOME/.local/share}/XCOM/$dir ]] || 63 | mkdir -p "$XDG_DATA_HOME/XCOM/$dir" 64 | done 65 | 66 | exec sudo systemd-nspawn \ 67 | --bind="+/tmp:${XDG_RUNTIME_DIR:=/run/user/$UID}" \ 68 | $(for dev in /dev/dri/* ; do echo "--bind=$dev" ; done) \ 69 | --bind-ro="${PULSE_COOKIE:-$HOME/.config/pulse/cookie}:/tmp/.pulse/cookie" \ 70 | --bind-ro="${PULSE_SERVER:-$XDG_RUNTIME_DIR/pulse/native}:/tmp/.pulse/native" \ 71 | --bind-ro=/etc/passwd \ 72 | ${DISPLAY:+--bind-ro="/tmp/.X11-unix/X${DISPLAY##*:}"} \ 73 | ${WAYLAND_DISPLAY:+--bind-ro="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"} \ 74 | ${XAUTHORITY:+--bind-ro="$XAUTHORITY:/tmp/.Xauthority"} \ 75 | --chdir=/XCOM \ 76 | --hostname=XCOM \ 77 | --image="${IMAGE:-XCOM.img}" \ 78 | --link-journal=no \ 79 | --machine="XCOM-$USER" \ 80 | --overlay="+/XCOM:$XDG_DATA_HOME/XCOM:/XCOM" \ 81 | --private-network \ 82 | --read-only \ 83 | --setenv="HOME=/home/$USER" \ 84 | --setenv=PULSE_COOKIE=/tmp/.pulse/cookie \ 85 | --setenv=PULSE_SERVER=/tmp/.pulse/native \ 86 | ${DISPLAY:+--setenv="DISPLAY=$DISPLAY"} \ 87 | ${WAYLAND_DISPLAY:+--setenv="WAYLAND_DISPLAY=$WAYLAND_DISPLAY"} \ 88 | ${XAUTHORITY:+--setenv=XAUTHORITY=/tmp/.Xauthority} \ 89 | ${XDG_RUNTIME_DIR:+--setenv="XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR"} \ 90 | --tmpfs=/home \ 91 | --user="$USER" \ 92 | /init "$@" 93 | EOF 94 | } 95 | -------------------------------------------------------------------------------- /examples/systems/desktop-arch.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This is a standalone Arch Linux workstation image that aims to demonstrate an 3 | # alternative to the Fedora workstation example. It should be approximately 4 | # equivalent so that they are interchangeable. 5 | # 6 | # The proprietary NVIDIA drivers are optionally installed here to demonstrate 7 | # how to use dkms to build kernel modules for an immutable image. 8 | 9 | options+=( 10 | [distro]=arch 11 | [gpt]=1 # Generate a ready-to-boot full disk image. 12 | [squash]=1 # Use a compressed file system to save space. 13 | [uefi]=1 # Create a UEFI executable to boot this image. 14 | [verity]=1 # Prevent the file system from being modified. 15 | ) 16 | 17 | packages+=( 18 | dracut linux-{hardened,firmware} 19 | 20 | # Utilities 21 | binutils 22 | emacs-nox 23 | file 24 | git 25 | grep 26 | gzip 27 | kbd 28 | lsof 29 | man-{db,pages} 30 | p7zip 31 | sed 32 | strace 33 | systemd-sysvcompat 34 | tar 35 | unzip 36 | which 37 | ## Accounts 38 | shadow 39 | sudo 40 | ## Hardware 41 | pciutils 42 | usbutils 43 | ## Network 44 | iproute2 45 | iptables-nft 46 | iputils 47 | net-tools 48 | openssh 49 | tcpdump 50 | traceroute 51 | wget 52 | 53 | # Disks 54 | cryptsetup 55 | dosfstools 56 | e2fsprogs 57 | hdparm 58 | lvm2 59 | mdadm 60 | squashfs-tools 61 | sshfs 62 | 63 | # Host 64 | ovmf 65 | qemu 66 | 67 | # GNOME 68 | eog 69 | evince 70 | gdm 71 | gnome-backgrounds 72 | gnome-calculator 73 | gnome-control-center 74 | gnome-clocks 75 | gnome-screenshot 76 | gnome-shell 77 | gnome-terminal 78 | gucharmap 79 | networkmanager 80 | pipewire-{jack,pulse} 81 | wireplumber 82 | 83 | # Graphics 84 | mesa{,-vdpau} vulkan-{intel,radeon} 85 | xf86-video-{amdgpu,intel,nouveau} 86 | 87 | # Fonts 88 | ttf-dejavu 89 | ttf-liberation 90 | 91 | # Browser 92 | firefox 93 | firefox-{noscript,ublock-origin} 94 | 95 | # VLC 96 | lib{aacs,bluray} 97 | libdvdcss 98 | vlc 99 | ) 100 | 101 | # Build the proprietary NVIDIA drivers using dkms. 102 | function initialize_buildroot() if opt nvidia 103 | then 104 | packages_buildroot+=(linux-hardened-headers nvidia-dkms) 105 | packages+=(nvidia-utils) 106 | fi 107 | 108 | function customize() { 109 | store_home_on_var +root 110 | 111 | echo "desktop-${options[distro]}" > root/etc/hostname 112 | 113 | # Drop development stuff. 114 | exclude_paths+=( 115 | usr/include 116 | usr/{lib,share}/pkgconfig 117 | 'usr/lib/lib*.a' 118 | ) 119 | 120 | # Install unpackaged NVIDIA drivers into the image. 121 | opt nvidia && ( 122 | cd root/lib/modules/*/kernel/drivers && 123 | mkdir -p ../../updates/dkms && 124 | exec cp -pt ../../updates/dkms \ 125 | /var/lib/dkms/nvidia/*/*/*/module/nvidia*.ko.zst 126 | ) 127 | 128 | # Sign the out-of-tree kernel modules to be usable with Secure Boot. 129 | opt nvidia && for module in root/lib/modules/*/updates/dkms/nvidia*.ko.zst 130 | do 131 | unzstd --rm "$module" ; module=${module%.zst} 132 | /lib/modules/*/build/scripts/sign-file \ 133 | sha512 "$keydir/sb.key" "$keydir/sb.crt" "$module" 134 | done 135 | 136 | # Make NVIDIA use kernel mode setting and the page attribute table. 137 | opt nvidia && cat << 'EOF' > root/usr/lib/modprobe.d/nvidia.conf 138 | options nvidia NVreg_UsePageAttributeTable=1 139 | options nvidia-drm modeset=1 140 | softdep nvidia post: nvidia-uvm 141 | EOF 142 | 143 | # Support an executable VM image for quick testing. 144 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 145 | #!/bin/sh -eu 146 | exec qemu-kvm -nodefaults \ 147 | -machine q35 -cpu host -m 8G \ 148 | -drive file=/usr/share/edk2/ovmf/OVMF_CODE.fd,format=raw,if=pflash,read-only=on \ 149 | -drive file=/usr/share/edk2/ovmf/OVMF_VARS.fd,format=raw,if=pflash,snapshot=on \ 150 | -audio pipewire,model=virtio -nic user,model=virtio-net-pci -vga virtio \ 151 | -drive file="${IMAGE:-gpt.img}",format=raw,media=disk,snapshot=on \ 152 | "$@" 153 | EOF 154 | } 155 | -------------------------------------------------------------------------------- /examples/systems/desktop-fedora.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This is a standalone workstation image that includes Firefox, VLC (supporting 3 | # DVDs and Blu-ray discs), the GNOME desktop, some common basic utilities, and 4 | # enough tools to build and run anything else in VMs or containers. 5 | # 6 | # An out-of-tree driver for a USB wireless device is included to demonstrate 7 | # setting up a build environment for bare kernel modules. This example also 8 | # optionally installs the proprietary NVIDIA drivers to demonstrate how to use 9 | # akmods for the resulting immutable image. A numeric option value selects the 10 | # driver branch version, and a non-numeric value defaults to the latest. 11 | 12 | options+=( 13 | [distro]=fedora 14 | [gpt]=1 # Generate a ready-to-boot full disk image. 15 | [selinux]=targeted # Enforce this SELinux policy. 16 | [squash]=1 # Use a compressed file system to save space. 17 | [uefi]=1 # Create a UEFI executable to boot this image. 18 | [verity]=1 # Prevent the file system from being modified. 19 | ) 20 | 21 | packages+=( 22 | glibc-langpack-en kernel-modules-extra linux-firmware 23 | 24 | # Utilities 25 | acl 26 | attr 27 | bash-color-prompt 28 | binutils 29 | bzip2 30 | emacs-nox 31 | file 32 | findutils 33 | git-core 34 | kbd-legacy 35 | lsof 36 | man-{db,pages} 37 | p7zip 38 | pinentry 39 | strace 40 | tar 41 | unzip 42 | vim-minimal 43 | which 44 | ## Accounts 45 | cracklib-dicts 46 | passwd 47 | sudo 48 | ## Hardware 49 | pciutils 50 | usbutils 51 | ## Network 52 | bind-utils 53 | iproute 54 | iptables-{nft,services} 55 | iputils 56 | net-tools 57 | openssh-clients 58 | tcpdump 59 | traceroute 60 | wget 61 | 62 | # Disks 63 | cryptsetup 64 | dosfstools 65 | e2fsprogs 66 | fuse-sshfs 67 | hdparm 68 | lvm2 69 | mdadm 70 | squashfs-tools 71 | 72 | # Host 73 | qemu-{audio-pipewire,device-display-virtio-vga,kvm-core,ui-curses,ui-gtk} 74 | systemd-container 75 | 76 | # Installer 77 | dnf5-plugins 78 | fedora-repos-rawhide 79 | rpmfusion-free-release{,-rawhide,-tainted} 80 | 81 | # GNOME 82 | eog 83 | evince 84 | gnome-backgrounds 85 | gnome-calculator 86 | gnome-clocks 87 | gnome-screenshot 88 | gnome-shell 89 | gnome-terminal 90 | gucharmap 91 | NetworkManager-wifi 92 | pipewire-pulseaudio 93 | 94 | # Graphics 95 | mesa-{dri,vulkan}-drivers 96 | mesa-{va,vdpau}-drivers-freeworld 97 | xorg-x11-drv-{amdgpu,intel,nouveau} 98 | 99 | # Fonts 100 | abattis-cantarell-fonts 101 | adobe-source-code-pro-fonts 102 | default-fonts-core 103 | 'dejavu-*-fonts' 104 | 'liberation-*-fonts' 105 | 106 | # Browser 107 | firefox 108 | mozilla-{noscript,openh264,privacy-badger,ublock-origin} 109 | 110 | # VLC 111 | lib{avcodec,heif}-freeworld 112 | lib{aacs,bdplus} 113 | libdvdcss 114 | vlc vlc-plugin-{ffmpeg,pipewire} 115 | vlc-plugins-freeworld 116 | ) 117 | 118 | # Install the akmod package to build the proprietary NVIDIA drivers. 119 | function initialize_buildroot() if opt nvidia 120 | then 121 | local -r suffix="-${options[nvidia]}xx" 122 | enable_repo_rpmfusion_nonfree 123 | $mkdir -p "$buildroot/usr/lib/modprobe.d" 124 | echo 'blacklist nouveau' > "$buildroot/usr/lib/modprobe.d/nvidia.conf" 125 | packages_buildroot+=("akmod-nvidia${suffix##-*[!0-9]*xx}") 126 | packages+=(libva-nvidia-driver rpmfusion-nonfree-release{,-rawhide,-tainted}) 127 | else enable_repo_rpmfusion_free 128 | fi 129 | 130 | # Install packages for building bare kernel modules. 131 | packages_buildroot+=(bc make gcc git-core kernel-devel) 132 | 133 | function customize_buildroot() { 134 | # Build a USB WiFi device's out-of-tree driver. 135 | git clone --branch=v5.6.4.2 https://github.com/aircrack-ng/rtl8812au.git 136 | git -C rtl8812au reset --hard b44d288f423ede0fc7cdbf92d07a7772cd727de4 137 | make -C rtl8812au -j"$(nproc)" all KVER="$(cd /lib/modules ; compgen -G '[0-9]*')" V=1 138 | 139 | # Build the proprietary NVIDIA drivers using akmods. 140 | opt nvidia || return 0 141 | echo exec akmodsbuild \ 142 | --kernels "$(cd /lib/modules ; compgen -G '[0-9]*')" \ 143 | --verbose /usr/src/akmods/nvidia*-kmod.latest | 144 | su --login --session-command="$( root/etc/hostname 154 | 155 | # Downgrade from super-strict crypto policies for regular Internet use. 156 | base_dir=$PWD/root/etc/crypto-policies \ 157 | profile_dir=$PWD/root/usr/share/crypto-policies \ 158 | update-crypto-policies --no-reload --set NEXT 159 | 160 | # Install the out-of-tree USB WiFi driver. 161 | install -pm 0644 -t root/lib/modules/*/kernel/drivers/net/wireless \ 162 | rtl8812au/88XXau.ko 163 | 164 | # Sign the out-of-tree kernel modules to be usable with Secure Boot. 165 | for module in \ 166 | ${options[nvidia]:+root/lib/modules/*/extra/nvidia*/*.ko.xz} \ 167 | root/lib/modules/*/kernel/drivers/net/wireless/88XXau.ko 168 | do 169 | [[ $module == *.xz ]] && unxz "$module" ; module=${module%.xz} 170 | /lib/modules/*/build/scripts/sign-file \ 171 | sha256 "$keydir/sb.key" "$keydir/sb.crt" "$module" 172 | done 173 | 174 | # Make NVIDIA use kernel mode setting and the page attribute table. 175 | opt nvidia && cat << 'EOF' > root/usr/lib/modprobe.d/nvidia.conf 176 | blacklist nouveau 177 | options nvidia NVreg_UsePageAttributeTable=1 178 | options nvidia-drm modeset=1 179 | EOF 180 | 181 | # Support an executable VM image for quick testing. 182 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 183 | #!/bin/sh -eu 184 | exec qemu-kvm -nodefaults \ 185 | -machine q35 -cpu host -m 8G \ 186 | -drive file=/usr/share/edk2/ovmf/OVMF_CODE.fd,format=raw,if=pflash,read-only=on \ 187 | -drive file=/usr/share/edk2/ovmf/OVMF_VARS.fd,format=raw,if=pflash,snapshot=on \ 188 | -audio pipewire,model=virtio -nic user,model=virtio-net-pci -vga virtio \ 189 | -drive file="${IMAGE:-gpt.img}",format=raw,media=disk,snapshot=on \ 190 | "$@" 191 | EOF 192 | } 193 | -------------------------------------------------------------------------------- /examples/systems/desktop-gentoo.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This is a standalone Gentoo workstation image that aims to demonstrate an 3 | # alternative to the Fedora workstation example. It should be approximately 4 | # equivalent so that they are interchangeable (in terms of applications; i.e. 5 | # Firefox, VLC, Emacs, QEMU, etc. are available). The main difference is this 6 | # build uses Xfce instead of GNOME for the desktop environment. 7 | # 8 | # Since this is Gentoo, it shows off some pointless build optimizations by 9 | # tuning binaries for the CPU detected on the build system. To disable this 10 | # and build a generic image, delete the two sections of code containing the 11 | # words "native" and "cpuid2cpuflags". 12 | # 13 | # The proprietary NVIDIA drivers are optionally installed here. A numeric 14 | # option value selects the driver branch version, and a non-numeric value 15 | # defaults to the latest. 16 | 17 | options+=( 18 | [distro]=gentoo # Use Gentoo to build this image from source. 19 | [gpt]=1 # Generate a ready-to-boot full disk image. 20 | [loadpin]=1 # Only load kernel files from the root FS. 21 | [rootmod]=nvme # Support root on an NVMe disk. 22 | [selinux]=targeted # Load this SELinux policy in permissive mode. 23 | [squash]=1 # Use a compressed file system to save space. 24 | [uefi]=1 # Create a UEFI executable to boot this image. 25 | [verity_sig]=1 # Require verifying all verity root hashes. 26 | ) 27 | 28 | packages+=( 29 | sys-kernel/gentoo-kernel sys-kernel/linux-firmware 30 | 31 | # Utilities 32 | app-arch/cpio 33 | app-arch/tar 34 | app-arch/unzip 35 | app-editors/emacs 36 | dev-debug/strace 37 | dev-vcs/git 38 | sys-apps/diffutils 39 | sys-apps/file 40 | sys-apps/findutils 41 | sys-apps/gawk 42 | sys-apps/grep 43 | sys-apps/kbd 44 | sys-apps/less 45 | sys-apps/man-pages 46 | sys-apps/sed 47 | sys-apps/which 48 | sys-devel/patch 49 | sys-process/lsof 50 | sys-process/procps 51 | ## Accounts 52 | app-admin/sudo 53 | sys-apps/shadow 54 | ## Hardware 55 | sys-apps/pciutils 56 | sys-apps/usbutils 57 | ## Network 58 | net-firewall/iptables 59 | net-misc/openssh 60 | net-misc/wget 61 | net-wireless/wpa_supplicant 62 | sys-apps/iproute2 63 | 64 | # Disks 65 | net-fs/sshfs 66 | sys-fs/cryptsetup 67 | sys-fs/e2fsprogs 68 | 69 | # Host 70 | app-emulation/qemu 71 | 72 | # Graphics 73 | lxde-base/lxdm 74 | media-sound/pavucontrol 75 | media-video/pipewire 76 | x11-apps/xev 77 | x11-base/xorg-server 78 | xfce-base/xfce4-meta 79 | 80 | # Browser 81 | www-client/firefox 82 | ) 83 | 84 | # Support generating native instruction set flags for supported CPUs. 85 | [[ $DEFAULT_ARCH =~ [3-6x]86|aarch|arm|powerpc ]] && packages_buildroot+=( 86 | app-portage/cpuid2cpuflags 87 | ) 88 | 89 | # Install early microcode updates for x86 CPUs. 90 | [[ ${options[arch]:-$DEFAULT_ARCH} == *[3-6x]86* ]] && packages_buildroot+=( 91 | sys-firmware/intel-microcode 92 | sys-kernel/linux-firmware 93 | ) 94 | 95 | function initialize_buildroot() { 96 | local -r portage="$buildroot/usr/${options[host]}/etc/portage" 97 | 98 | # Assume the build system is the target, and tune compilation for it. 99 | $sed -i \ 100 | -e '/^COMMON_FLAGS=/s/[" ]*$/ -march=native&/' \ 101 | -e '/^RUSTFLAGS=/s/[" ]*$/ -Ctarget-cpu=native&/' \ 102 | "$portage/make.conf" 103 | $sed -n '/^vendor_id.*GenuineIntel$/q0;$q1' /proc/cpuinfo && echo CONFIG_MNATIVE_INTEL=y >> "$buildroot/etc/kernel/config.d/native.config" 104 | $sed -n '/^vendor_id.*AuthenticAMD$/q0;$q1' /proc/cpuinfo && echo CONFIG_MNATIVE_AMD=y >> "$buildroot/etc/kernel/config.d/native.config" 105 | 106 | # Use the latest NVIDIA drivers when requested. 107 | echo "USE=\"\$USE dist-kernel kmod${options[nvidia]:+ cuda nvenc}\"" >> "$portage/make.conf" 108 | echo -e 'media-libs/nv-codec-headers\nx11-drivers/nvidia-drivers' >> "$portage/package.accept_keywords/nvidia.conf" 109 | echo 'x11-drivers/nvidia-drivers NVIDIA-r2' >> "$portage/package.license/nvidia.conf" 110 | echo 'x11-drivers/nvidia-drivers -tools' >> "$portage/package.use/nvidia.conf" 111 | [[ -z ${options[nvidia]-} || ${options[nvidia]} == *[!0-9]* ]] || 112 | echo ">=x11-drivers/nvidia-drivers-$((options[nvidia]+1))" >> "$portage/package.mask/nvidia.conf" 113 | 114 | # Enable general system settings. 115 | echo >> "$portage/make.conf" 'USE="$USE' \ 116 | berkdb dbus elfutils emacs gdbm git glib json libnotify libxml2 magic ncurses pcre2 readline sqlite udev uuid xml \ 117 | bidi fontconfig fribidi harfbuzz icu idn libidn2 nls truetype unicode \ 118 | apng bmp exif gif imagemagick jbig jpeg jpeg2k png svg tiff webp xcf xpm \ 119 | a52 alsa cdda faad flac libcanberra libsamplerate mp3 ogg opus pulseaudio sndfile sound speex vorbis \ 120 | aacs aom bdplus bluray cdio dav1d dvd ffmpeg libaom mpeg theora vpx x265 \ 121 | brotli bzip2 gzip lz4 lzma lzo snappy xz zlib zstd \ 122 | cryptsetup fido2 gcrypt gmp gnutls gpg mpfr nettle \ 123 | curl http2 ipv6 libproxy mbim modemmanager networkmanager wifi wps \ 124 | acl caps cracklib fprint hardened pam policykit seccomp smartcard xattr xcsecurity \ 125 | acpi dri gusb kms libglvnd opengl upower usb uvm vaapi vdpau \ 126 | cairo colord drm gdk-pixbuf gtk gtk3 gui lcms libdrm pango uxa wnck X xa xcb xft xinerama xkb xorg xrandr xvmc xwidgets \ 127 | aio branding haptic jit lto offensive pcap realtime system-info threads udisks utempter vte \ 128 | dynamic-loading extra gzip-el hwaccel postproc startup-notification toolkit-scroll-bars tray wallpapers wide-int \ 129 | -cups -dbusmenu -debug -geolocation -gstreamer -llvm -oss -perl -python -sendmail \ 130 | -gui -modemmanager -ppp'"' 131 | 132 | # Support a bunch of common video drivers. 133 | $sed -i -e '/^LLVM_TARGETS=/s/" *$/ AMDGPU&/' "$buildroot/etc/portage/make.conf" "$portage/make.conf" 134 | echo 'USE="$USE llvm"' >> "$portage/make.conf" 135 | echo "VIDEO_CARDS=\"amdgpu fbdev i915 intel nouveau${options[nvidia]:+ nvidia} panfrost radeon radeonsi qxl\"" >> "$portage/make.conf" 136 | packages+=(media-libs/libva-intel-driver) 137 | 138 | # Install VLC. 139 | $cat << 'EOF' >> "$portage/package.use/vlc.conf" 140 | dev-qt/qtgui:5 -dbus 141 | dev-qt/qtwidgets:5 -dbus -gtk 142 | media-video/vlc gui -vdpau 143 | sys-libs/zlib minizip 144 | EOF 145 | packages+=(media-video/vlc) 146 | } 147 | 148 | function customize_buildroot() { 149 | # Enable flags for instruction sets supported by this CPU. 150 | [[ -x /usr/bin/cpuid2cpuflags ]] && 151 | cpuid2cpuflags | sed -n 's/^\([^ :]*\): \(.*\)/\1="\2"/p' >> "/usr/${options[host]}/etc/portage/make.conf" 152 | 153 | # Bundle x86 early microcode updates into the kernel for no initrd. 154 | [[ ${options[arch]:-$DEFAULT_ARCH} == *[3-6x]86* ]] && 155 | echo "CONFIG_EXTRA_FIRMWARE=\"$(cd /lib/firmware && echo *-ucode/*)\"" >> /etc/kernel/config.d/firmware.config 156 | 157 | # Build less useless stuff on the host from bad dependencies. 158 | echo >> /etc/portage/make.conf 'USE="$USE' \ 159 | -cups -debug -emacs -geolocation -gstreamer -llvm -oss -perl -python -sendmail -X'"' 160 | 161 | # Block terribly broken binutils-config from deleting all libraries. 162 | ln -fns /bin/true /usr/bin/binutils-config 163 | } 164 | 165 | function customize() { 166 | drop_development 167 | store_home_on_var +root 168 | 169 | echo "desktop-${options[distro]}" > root/etc/hostname 170 | 171 | # Drop extra unused paths. 172 | exclude_paths+=( 173 | usr/lib/firmware/{'*-ucode',liquidio,mellanox,mrvl,netronome,qcom,qed} 174 | usr/local 175 | usr/share/qemu/'*'{aarch,arm,hppa,ppc,riscv,s390,sparc}'*' 176 | ) 177 | 178 | # Make NVIDIA use kernel mode setting and the page attribute table. 179 | opt nvidia && cat << 'EOF' > root/usr/lib/modprobe.d/nvidia-config.conf 180 | options nvidia NVreg_UsePageAttributeTable=1 181 | options nvidia-drm modeset=1 182 | softdep nvidia post: nvidia-uvm 183 | EOF 184 | 185 | # Support an executable VM image for quick testing. 186 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 187 | #!/bin/sh -eu 188 | exec qemu-kvm -nodefaults \ 189 | -machine q35 -cpu host -m 8G \ 190 | -drive file=/usr/share/edk2/ovmf/OVMF_CODE.fd,format=raw,if=pflash,read-only=on \ 191 | -drive file=/usr/share/edk2/ovmf/OVMF_VARS.fd,format=raw,if=pflash,snapshot=on \ 192 | -audio pipewire,model=virtio -nic user,model=virtio-net-pci -vga virtio \ 193 | -drive file="${IMAGE:-gpt.img}",format=raw,media=disk,snapshot=on \ 194 | "$@" 195 | EOF 196 | } 197 | -------------------------------------------------------------------------------- /examples/systems/desktop-opensuse.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This is a standalone openSUSE workstation image that aims to demonstrate an 3 | # alternative to the Fedora workstation example. It should be approximately 4 | # equivalent so that they are interchangeable. 5 | # 6 | # The proprietary NVIDIA drivers are optionally installed here to demonstrate 7 | # how to use the vendor's repository and install the modules in an immutable 8 | # image without development packages. 9 | 10 | options+=( 11 | [distro]=opensuse 12 | [gpt]=1 # Generate a ready-to-boot full disk image. 13 | [selinux]=targeted # Load this SELinux policy in permissive mode. 14 | [squash]=1 # Use a compressed file system to save space. 15 | [uefi]=1 # Create a UEFI executable to boot this image. 16 | [verity]=1 # Prevent the file system from being modified. 17 | ) 18 | 19 | packages+=( 20 | distribution-logos-openSUSE-Tumbleweed kernel-default kernel-firmware 21 | 22 | # Utilities 23 | 7zip 24 | binutils 25 | bzip2 26 | emacs-nox 27 | file 28 | findutils 29 | git-core 30 | grep 31 | gzip 32 | kbd 33 | lsof 34 | man{,-pages} 35 | procps 36 | sed 37 | strace 38 | tar 39 | unzip 40 | which 41 | ## Accounts 42 | cracklib-dict-small 43 | shadow 44 | sudo 45 | ## Hardware 46 | pciutils 47 | usbutils 48 | ## Network 49 | iproute2 50 | iptables-backend-nft 51 | iputils 52 | net-tools 53 | openssh 54 | tcpdump 55 | traceroute 56 | wget 57 | 58 | # Disks 59 | cryptsetup 60 | dosfstools 61 | e2fsprogs 62 | hdparm 63 | lvm2 64 | mdadm 65 | squashfs 66 | sshfs 67 | 68 | # Host 69 | qemu-{kvm,ovmf-x86_64} 70 | systemd-container 71 | 72 | # GNOME 73 | adwaita-icon-theme 74 | bolt 75 | colord 76 | eog 77 | evince{,-plugin-{djvu,pdf,tiff,xps}document} 78 | gdm-systemd 79 | gjs 80 | gnome-backgrounds 81 | gnome-calculator 82 | gnome-control-center 83 | gnome-clocks 84 | gnome-screenshot 85 | gnome-shell 86 | gnome-terminal 87 | gtk3-branding-openSUSE 88 | gucharmap 89 | NetworkManager-branding-openSUSE 90 | pipewire{,-pulseaudio} 91 | upower 92 | wallpaper-branding-openSUSE 93 | 94 | # Graphics 95 | Mesa-{dri{,-nouveau},lib{d3d,OpenCL,va}} 96 | libva-vdpau-driver libvdpau_{nouveau,r600,radeonsi,va_gl1,virtio_gpu} 97 | libvulkan_{intel,radeon} 98 | xf86-{input-libinput,video-{amdgpu,intel,nouveau}} 99 | 100 | # Fonts 101 | adobe-sourcecodepro-fonts 102 | dejavu-fonts 103 | liberation-fonts 104 | 'stix-*-fonts' 105 | 106 | # Browser 107 | MozillaFirefox MozillaFirefox-branding-openSUSE 108 | 109 | # VLC 110 | vlc-vdpau 111 | ) 112 | 113 | # Build the proprietary NVIDIA drivers from the vendor repository. 114 | function initialize_buildroot() if opt nvidia 115 | then 116 | enable_repo_nvidia 117 | packages_buildroot+=(createrepo_c nvidia-driver-G06-kmp-default rpm-build) 118 | fi 119 | 120 | # Package the bare NVIDIA modules to satisfy bad development dependencies. 121 | function customize_buildroot() if opt nvidia 122 | then 123 | local -r name=nvidia-driver-G06-kmp 124 | local -r kernel=$(compgen -G '/lib/modules/*/updates/nvidia.ko' | sed -n '1s,/updates.*,,p') 125 | cat << EOF > "/root/$name.spec" ; rpmbuild -ba "/root/$name.spec" 126 | Name: $name 127 | Version: $(rpm -q --qf '%{VERSION}' "$name-default" | sed -n '1s/_.*//p') 128 | Release: 1 129 | Summary: Prebuilt NVIDIA modules 130 | License: SUSE-NonFree 131 | Conflicts: $name-default 132 | %description 133 | %{summary}. 134 | %install 135 | mkdir -p %{buildroot}%{_modprobedir} %{buildroot}$kernel 136 | cp -at %{buildroot}%{_modprobedir} %{_modprobedir}/*nvidia*.conf 137 | cp -at %{buildroot}$kernel $kernel/updates 138 | %files 139 | %{_modprobedir}/*nvidia*.conf 140 | $kernel/updates 141 | EOF 142 | createrepo_c /usr/src/packages/RPMS 143 | zypper addrepo --no-gpgcheck /usr/src/packages/RPMS local 144 | packages+=("$name" nvidia-gl-G06 nvidia-video-G06) 145 | # Remove the modules here to skip installing them into the initrd. 146 | rm -fr "$kernel/updates" ; depmod "${kernel##*/}" 147 | fi 148 | 149 | function customize() { 150 | store_home_on_var +root 151 | 152 | echo "desktop-${options[distro]}" > root/etc/hostname 153 | 154 | # Drop development stuff. 155 | exclude_paths+=( 156 | usr/include 157 | usr/{'lib*',share}/pkgconfig 158 | usr/lib/firmware/{'*-ucode',liquidio,mellanox,mrvl,netronome,qcom,qed} 159 | ) 160 | 161 | # Sign the out-of-tree kernel modules to be usable with Secure Boot. 162 | opt nvidia && for module in root/lib/modules/*/updates/nvidia*.ko 163 | do 164 | /lib/modules/*/build/scripts/sign-file \ 165 | sha256 "$keydir/sb.key" "$keydir/sb.crt" "$module" 166 | done 167 | 168 | # Support an executable VM image for quick testing. 169 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 170 | #!/bin/sh -eu 171 | exec qemu-kvm -nodefaults \ 172 | -machine q35 -cpu host -m 8G \ 173 | -drive file=/usr/share/edk2/ovmf/OVMF_CODE.fd,format=raw,if=pflash,read-only=on \ 174 | -drive file=/usr/share/edk2/ovmf/OVMF_VARS.fd,format=raw,if=pflash,snapshot=on \ 175 | -audio pipewire,model=virtio -nic user,model=virtio-net-pci -vga virtio \ 176 | -drive file="${IMAGE:-gpt.img}",format=raw,media=disk,snapshot=on \ 177 | "$@" 178 | EOF 179 | } 180 | -------------------------------------------------------------------------------- /examples/systems/desktop-ubuntu.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This is a standalone Ubuntu workstation image that aims to demonstrate an 3 | # alternative to the Fedora workstation example. It should be approximately 4 | # equivalent so that they are interchangeable. 5 | # 6 | # The proprietary NVIDIA drivers are optionally installed here. A numeric 7 | # option value selects the driver branch version, and a non-numeric value 8 | # defaults to the latest. 9 | 10 | options+=( 11 | [distro]=ubuntu 12 | [gpt]=1 # Generate a ready-to-boot full disk image. 13 | [rootmod]=virtio_blk # Support root on a VirtIO disk. 14 | [selinux]=default # Load this SELinux policy in permissive mode. 15 | [squash]=1 # Use a compressed file system to save space. 16 | [uefi]=1 # Create a UEFI executable to boot this image. 17 | [verity]=1 # Prevent the file system from being modified. 18 | ) 19 | 20 | packages+=( 21 | linux-image-generic dracut 22 | 23 | # Utilities 24 | binutils 25 | bzip2 26 | console-data 27 | emacs-nox 28 | file 29 | findutils 30 | git 31 | grep 32 | gzip 33 | kbd 34 | less 35 | lsof 36 | man{-db,pages} 37 | p7zip-full 38 | procps 39 | sed 40 | strace 41 | tar 42 | unzip 43 | xz-utils 44 | ## Accounts 45 | sudo 46 | ## Hardware 47 | pciutils 48 | usbutils 49 | ## Network 50 | iproute2 51 | iptables-persistent 52 | net-tools 53 | openssh-client 54 | tcpdump 55 | traceroute 56 | wget 57 | 58 | # Disks 59 | cryptsetup 60 | dosfstools 61 | e2fsprogs 62 | hdparm 63 | lvm2 64 | mdadm 65 | squashfs-tools 66 | sshfs 67 | 68 | # Host 69 | ovmf 70 | qemu-{kvm,system-gui} 71 | systemd-container 72 | 73 | # GNOME 74 | adwaita-icon-theme-full 75 | eog 76 | evince 77 | gdm3 78 | gjs 79 | gnome-backgrounds 80 | gnome-calculator 81 | gnome-clocks 82 | gnome-control-center 83 | gnome-screenshot 84 | gnome-session 85 | gnome-terminal 86 | gucharmap 87 | network-manager-gnome 88 | pipewire-pulse 89 | wireplumber 90 | 91 | # Graphics 92 | mesa-{va,vdpau,vulkan}-drivers 93 | xserver-xorg-{input-libinput,video-{amdgpu,intel,nouveau}} 94 | 95 | # Fonts 96 | fonts-cantarell 97 | fonts-dejavu 98 | fonts-liberation2 99 | fonts-stix 100 | 101 | # Browser 102 | firefox 103 | 104 | # VLC 105 | vlc 106 | ) 107 | 108 | # Install proprietary NVIDIA drivers. Also update the buildroot for dracut. 109 | function initialize_buildroot() if opt nvidia 110 | then 111 | local -r driver_version=${options[nvidia]/#*[!0-9]*/560} 112 | packages+=( 113 | "linux-modules-nvidia-$driver_version-generic" 114 | "xserver-xorg-video-nvidia-$driver_version" 115 | ) 116 | packages_buildroot+=("linux-modules-nvidia-$driver_version-generic") 117 | fi 118 | 119 | # Enable a repository to install a real Firefox package. 120 | function customize_buildroot() { 121 | enable_repo_ppa mozillateam << 'EOF' 122 | -----BEGIN PGP PUBLIC KEY BLOCK----- 123 | 124 | mQINBGYov84BEADSrLhiWvqL3JJ3fTxjCGD4+viIUBS4eLSc7+Q7SyHm/wWfYNwT 125 | EqEvMMM9brWQyC7xyE2JBlVk5/yYHkAQz3f8rbkv6ge3J8Z7G4ZwHziI45xJKJ0M 126 | 9SgJH24WlGxmbbFfK4SGFNlg9x1Z0m5liU3dUSfhvTQdmBNqwRCAjJLZSiS03IA0 127 | 56V9r3ACejwpNiXzOnTsALZC2viszGiI854kqhUhFIJ/cnWKSbAcg6cy3ZAsne6K 128 | vxJVPsdEl12gxU6zENZ/4a4DV1HkxIHtpbh1qub1lhpGR41ZBXv+SQhwuMLFSNeu 129 | UjAAClC/g1pJ0gzI0ko1vcQFv+Q486jYY/kv+k4szzcB++nLILmYmgzOH0NEqT57 130 | XtdiBWhlb6oNfF/nYZAaToBU/QjtWXq3YImG2NiCUrCj9zAKHdGUsBU0FxN7HkVB 131 | B8aF0VYwB0I2LRO4Af6Ry1cqMyCQnw3FVh0xw7Vz4gQ57acUYeAJpT68q8E2XcUx 132 | riEP65/MBPoFlANLVMSrnsePEXmVzdysmXKnFVefeQ4E3dIDufXUIhrfmL1pMdTG 133 | anhmDEjY7I3pQQQIaLpnNhhSDZKDSk9C/Ax/8gEUgnnmd6BwZxh8Q7oDXcm2tyeu 134 | n2m9wCZI/eJI9P9G8ON8AkKvG4xFR+eqhowwzu7TLDr3feliG+UN+mJ8jwARAQAB 135 | tB5MYXVuY2hwYWQgUFBBIGZvciBNb3ppbGxhIFRlYW2JAk4EEwEKADgWIQRzi+uT 136 | IdGq7BPqk5GuvfSBm+IYZwUCZii/zgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX 137 | gAAKCRCuvfSBm+IYZ38/D/46eEIyG7Gb65sxt3QnlIN0+90kUjz83QpCnIyALZDc 138 | H2wPYBCMbyJFMG+rqVE8Yoh6WF0Rqy76LG+Y/xzO9eKIJGxVcSU75ifoq/M7pI1p 139 | aiqA9T8QcFBmo83FFoPvnid67aqg/tFsHl+YF9rUxMZndGRE9Hk96lkH1Y2wHMEs 140 | mAa582RELVEDDD2ellOPmQr69fRPa5IdJHkXjqGtoNQy5hAp49ofMLmeQ82d2OA+ 141 | kpzgiuSw8Nh1VrMZludcUArSQDCHoXuiPG/7Wn9Vy6fvKkTQK3mCW8i5HgCa0qxe 142 | vOKlDMz4virEEADMBs79iIyM6w1xm8JOD4734sgii2MPcQgmAlbu5LyBM5FfuO0u 143 | rTMvZM0btSWQX3nIsxQ3far9MJvUT4nebhTo59cED+1EjkD14mReTHwtWt1aye/b 144 | I8Rvor15RFiB8Ku6c41YmNKarSCzJDs4VEfsos4oMieEqA98J4ZOX67IT++ortcB 145 | uXmDJgvzGWEeyVOMoc/4oDJHNQjJg9XRGy8b/J3AVhk2BE/CD4lKhX3hWGbufrQz 146 | E8ENWuT4m3igQnBmOsrGlBPYIOKZvczQxri01vcKY95dKXb1jtnR9yR+JKgEP388 147 | 1B/8dEohynhMnzEqR9TIMEEy9Y8RKZ+Jiy+/Lg2XGrChiLsouUetfMQww6BTK+++ 148 | pw== 149 | =tIux 150 | -----END PGP PUBLIC KEY BLOCK----- 151 | EOF 152 | mkdir -p root/etc/apt/preferences.d 153 | cat << 'EOF' >> root/etc/apt/preferences.d/99firefox 154 | Package: firefox* 155 | Pin: release o=LP-PPA-mozillateam 156 | Pin-Priority: 501 157 | EOF 158 | } 159 | 160 | function customize() { 161 | store_home_on_var +root 162 | 163 | echo "desktop-${options[distro]}" > root/etc/hostname 164 | 165 | # Drop development stuff. 166 | exclude_paths+=( 167 | usr/include 168 | usr/{'lib*',share}/pkgconfig 169 | usr/lib/firmware/{'*-ucode',liquidio,mellanox,mrvl,netronome,qcom,qed} 170 | ) 171 | 172 | # Support an executable VM image for quick testing. 173 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 174 | #!/bin/sh -eu 175 | exec qemu-kvm -nodefaults \ 176 | -machine q35 -cpu host -m 8G \ 177 | -drive file=/usr/share/edk2/ovmf/OVMF_CODE.fd,format=raw,if=pflash,read-only=on \ 178 | -drive file=/usr/share/edk2/ovmf/OVMF_VARS.fd,format=raw,if=pflash,snapshot=on \ 179 | -audio pipewire,model=virtio -nic user,model=virtio-net-pci -vga virtio \ 180 | -drive file="${IMAGE:-gpt.img}",format=raw,if=virtio,media=disk,snapshot=on \ 181 | "$@" 182 | EOF 183 | } 184 | -------------------------------------------------------------------------------- /examples/systems/riscv.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # This is an example Gentoo build to try RISC-V on an emulator. There are some 3 | # things that still need to be implemented in upstream projects, particularly 4 | # around UEFI support. Secure Boot cannot be enforced with the current setup. 5 | 6 | options+=( 7 | [distro]=gentoo # Use Gentoo to build this image from source. 8 | [arch]=riscv64 # Target generic emulated RISC-V CPUs. 9 | [gpt]=1 # Generate a ready-to-boot full disk image. 10 | [loadpin]=1 # Only load kernel files from the root FS. 11 | [monolithic]=1 # Build all boot-related files into the kernel. 12 | [networkd]=1 # Let systemd manage the network configuration. 13 | [secureboot]= # Wait until systemd-boot supports RISC-V. 14 | [uefi]=1 # Create a UEFI executable to boot this image. 15 | [verity_sig]=1 # Require verifying all verity root hashes. 16 | ) 17 | 18 | packages+=( 19 | # Utilities 20 | app-arch/cpio 21 | app-arch/tar 22 | app-arch/unzip 23 | app-editors/emacs 24 | dev-debug/strace 25 | dev-vcs/git 26 | sys-apps/diffutils 27 | sys-apps/file 28 | sys-apps/findutils 29 | sys-apps/gawk 30 | sys-apps/grep 31 | sys-apps/kbd 32 | sys-apps/less 33 | sys-apps/man-pages 34 | sys-apps/sed 35 | sys-apps/which 36 | sys-devel/patch 37 | sys-process/lsof 38 | sys-process/procps 39 | ## Accounts 40 | app-admin/sudo 41 | sys-apps/shadow 42 | ## Network 43 | net-firewall/iptables 44 | net-misc/openssh 45 | net-misc/wget 46 | sys-apps/iproute2 47 | 48 | # Disks 49 | net-fs/sshfs 50 | sys-fs/cryptsetup 51 | sys-fs/e2fsprogs 52 | ) 53 | 54 | function initialize_buildroot() { 55 | local -r portage="$buildroot/usr/${options[host]}/etc/portage" 56 | 57 | # Packages just aren't keyworded enough, so accept anything stabilized. 58 | echo 'ACCEPT_KEYWORDS="*"' >> "$portage/make.conf" 59 | 60 | # Enable general system settings. 61 | echo >> "$portage/make.conf" 'USE="$USE' \ 62 | berkdb dbus elfutils emacs gdbm git glib json libnotify libxml2 magic ncurses pcre2 readline sqlite udev uuid xml \ 63 | bidi fontconfig fribidi harfbuzz icu idn libidn2 nls truetype unicode \ 64 | apng bmp exif gif imagemagick jbig jpeg jpeg2k png svg tiff webp xcf xpm \ 65 | a52 alsa cdda faad flac libcanberra libsamplerate mp3 ogg opus pulseaudio sndfile sound speex vorbis \ 66 | aacs aom bdplus bluray cdio dav1d dvd ffmpeg libaom mpeg theora vpx x265 \ 67 | brotli bzip2 gzip lz4 lzma lzo snappy xz zlib zstd \ 68 | cryptsetup fido2 gcrypt gmp gnutls gpg mpfr nettle \ 69 | curl http2 ipv6 libproxy mbim modemmanager networkmanager wifi wps \ 70 | acl caps cracklib fprint hardened pam policykit seccomp smartcard xattr xcsecurity \ 71 | acpi dri gusb kms libglvnd opengl upower usb uvm vaapi vdpau \ 72 | cairo colord drm gdk-pixbuf gtk gtk3 gui lcms libdrm pango uxa wnck X xa xcb xft xinerama xkb xorg xrandr xvmc xwidgets \ 73 | aio branding haptic jit lto offensive pcap realtime system-info threads udisks utempter vte \ 74 | dynamic-loading extra gzip-el hwaccel postproc startup-notification toolkit-scroll-bars tray wallpapers wide-int \ 75 | -cups -dbusmenu -debug -geolocation -gstreamer -llvm -oss -perl -python -sendmail \ 76 | -gtk -gui -modemmanager -opengl -X'"' 77 | 78 | # Build a static QEMU user binary for the target CPU. 79 | packages_buildroot+=(app-emulation/qemu) 80 | $cat << 'EOF' >> "$buildroot/etc/portage/package.use/qemu.conf" 81 | app-emulation/qemu qemu_user_targets_riscv64 static-user 82 | dev-libs/glib static-libs 83 | dev-libs/libpcre2 static-libs 84 | sys-apps/attr static-libs 85 | sys-libs/zlib static-libs 86 | EOF 87 | 88 | # Build RISC-V UEFI GRUB for bootloader testing. 89 | packages_buildroot+=(sys-boot/grub) 90 | 91 | # Download sources to build a UEFI firmware image. 92 | $curl -L https://github.com/riscv-software-src/opensbi/archive/v1.5.1.tar.gz > "$buildroot/root/opensbi.tgz" 93 | [[ $($sha256sum "$buildroot/root/opensbi.tgz") == 6bab6fadd69f38f08e5c767517aafbf8525f54454b2848d6a7eb0e74b683153b\ * ]] 94 | $curl -L https://github.com/u-boot/u-boot/archive/v2024.10.tar.gz > "$buildroot/root/u-boot.tgz" 95 | [[ $($sha256sum "$buildroot/root/u-boot.tgz") == 6c99df5f9402d05b5a5cfc60f941f0a584d0d9355fce46261bef008487a0f6c4\ * ]] 96 | } 97 | 98 | function customize_buildroot() { 99 | # Build less useless stuff on the host from bad dependencies. 100 | echo >> /etc/portage/make.conf 'USE="$USE' \ 101 | -cups -debug -emacs -geolocation -gstreamer -llvm -oss -perl -python -sendmail -X'"' 102 | 103 | # Configure the kernel by only enabling this system's settings. 104 | write_system_kernel_config 105 | } 106 | 107 | function customize() { 108 | drop_development 109 | store_home_on_var +root 110 | 111 | echo riscv > root/etc/hostname 112 | 113 | # Drop extra unused paths. 114 | exclude_paths+=( 115 | usr/lib/firmware 116 | usr/local 117 | ) 118 | 119 | # Dump Emacs into the image with QEMU to skip doing this on boot. 120 | local -r host=${options[host]} 121 | local -r gccdir=/$(cd "/usr/$host" ; compgen -G "usr/lib/gcc/$host/*") 122 | ln -ft "/usr/$host/tmp" /usr/bin/qemu-riscv64 123 | chroot "/usr/$host" \ 124 | /tmp/qemu-riscv64 -cpu rv64 -E "LD_LIBRARY_PATH=$gccdir" \ 125 | /usr/bin/emacs --batch --eval='(dump-emacs-portable "/tmp/emacs.pdmp")' --quick 126 | rm -f root/usr/libexec/emacs/*/*/emacs.pdmp \ 127 | root/usr/lib/systemd/system{,/multi-user.target.wants}/emacs-pdmp.service 128 | cp -pt root/usr/libexec/emacs/*/"$host" "/usr/$host/tmp/emacs.pdmp" 129 | 130 | # Build U-Boot to provide UEFI. 131 | tar --transform='s,^/*u[^/]*,u-boot,' -C /root -xf /root/u-boot.tgz 132 | cat /root/u-boot/configs/qemu-riscv64_smode_defconfig - << 'EOF' > /root/u-boot/.config 133 | CONFIG_BOOTDELAY=0 134 | EOF 135 | make -C /root/u-boot -j"$(nproc)" olddefconfig CROSS_COMPILE="$host-" V=1 136 | make -C /root/u-boot -j"$(nproc)" all CROSS_COMPILE="$host-" V=1 137 | 138 | # Build OpenSBI with a U-Boot payload for the firmware image. 139 | tar --transform='s,^/*o[^/]*,opensbi,' -C /root -xf /root/opensbi.tgz 140 | make -C /root/opensbi -j"$(nproc)" all \ 141 | CROSS_COMPILE="$host-" FW_PAYLOAD_PATH=/root/u-boot/u-boot.bin PLATFORM=generic V=1 142 | cp -p /root/opensbi/build/platform/generic/firmware/fw_payload.bin opensbi-uboot.bin 143 | chmod 0644 opensbi-uboot.bin 144 | 145 | # Support an executable VM image for quick testing. 146 | cat << 'EOF' > launch.sh ; chmod 0755 launch.sh 147 | #!/bin/sh -eu 148 | exec qemu-system-riscv64 -nodefaults -nographic \ 149 | -L "$PWD" -bios opensbi-uboot.bin \ 150 | -machine virt -cpu rv64 -m 4G -serial stdio \ 151 | -drive file="${IMAGE:-gpt.img}",format=raw,id=hd0,media=disk,snapshot=on \ 152 | -netdev user,id=net0 \ 153 | -object rng-random,id=rng0 \ 154 | -device virtio-blk-device,drive=hd0 \ 155 | -device virtio-net-device,netdev=net0 \ 156 | -device virtio-rng-device,rng=rng0 \ 157 | "$@" 158 | EOF 159 | } 160 | 161 | # Override the UEFI function as a hack to produce a UEFI GRUB image for the 162 | # bootloader until the systemd boot stub is working for RISC-V. 163 | function produce_uefi_exe() if opt uefi 164 | then 165 | grub-mkimage \ 166 | --compression=none \ 167 | --format=riscv64-efi \ 168 | --output=BOOTRISCV64.EFI \ 169 | --prefix='(hd0,gpt1)/' \ 170 | fat halt linux loadenv minicmd normal part_gpt reboot test 171 | cat << EOF > grub.cfg 172 | set default=boot-a 173 | set timeout=3 174 | menuentry 'Boot A' --id boot-a { 175 | linux /linux_a $(/dev/null && 192 | eval "$(declare -f partition | $sed '/^ *mcopy/a\ 193 | [[ -s initrd.img ]] && mcopy -i $esp_image initrd.img ::/initrd_a\ 194 | mcopy -i $esp_image vmlinuz ::/linux_a\ 195 | mcopy -i $esp_image grub.cfg ::/grub.cfg')" 196 | 197 | function write_system_kernel_config() if opt bootable 198 | then cat >> /etc/kernel/config.d/system.config 199 | fi << 'EOF' 200 | # Show initialization messages. 201 | CONFIG_PRINTK=y 202 | ## Output early printk messages to the console. 203 | CONFIG_RISCV_SBI_V01=y 204 | CONFIG_HVC_RISCV_SBI=y 205 | CONFIG_SERIAL_EARLYCON_RISCV_SBI=y 206 | # Support ext2/ext3/ext4 (which is not included for read-only images). 207 | CONFIG_EXT4_FS=y 208 | CONFIG_EXT4_FS_POSIX_ACL=y 209 | CONFIG_EXT4_FS_SECURITY=y 210 | CONFIG_EXT4_USE_FOR_EXT2=y 211 | # Support encrypted partitions. 212 | CONFIG_MD=y 213 | CONFIG_BLK_DEV_DM=y 214 | CONFIG_DM_CRYPT=m 215 | CONFIG_DM_INTEGRITY=m 216 | # Support FUSE. 217 | CONFIG_FUSE_FS=m 218 | # Support running containers in nspawn. 219 | CONFIG_POSIX_MQUEUE=y 220 | CONFIG_SYSVIPC=y 221 | CONFIG_IPC_NS=y 222 | CONFIG_NET_NS=y 223 | CONFIG_PID_NS=y 224 | CONFIG_USER_NS=y 225 | CONFIG_UTS_NS=y 226 | # Support mounting disk images. 227 | CONFIG_BLK_DEV=y 228 | CONFIG_BLK_DEV_LOOP=y 229 | # Support basic nftables firewall options. 230 | CONFIG_NETFILTER=y 231 | CONFIG_NF_CONNTRACK=y 232 | CONFIG_NF_TABLES=y 233 | CONFIG_NF_TABLES_IPV4=y 234 | CONFIG_NF_TABLES_IPV6=y 235 | CONFIG_NFT_CT=y 236 | ## Support translating iptables to nftables. 237 | CONFIG_NFT_COMPAT=y 238 | CONFIG_NETFILTER_XTABLES=y 239 | CONFIG_NETFILTER_XT_MATCH_STATE=y 240 | # Support some optional systemd functionality. 241 | CONFIG_COREDUMP=y 242 | CONFIG_MAGIC_SYSRQ=y 243 | CONFIG_NET_SCHED=y 244 | CONFIG_NET_SCH_DEFAULT=y 245 | CONFIG_NET_SCH_FQ_CODEL=y 246 | # TARGET HARDWARE: QEMU (virtio) 247 | CONFIG_FPU=y 248 | CONFIG_SOC_VIRT=y 249 | CONFIG_VIRTIO_MENU=y 250 | CONFIG_VIRTIO_MMIO=y 251 | ## QEMU virtio network 252 | CONFIG_NETDEVICES=y 253 | CONFIG_NET_CORE=y 254 | CONFIG_VIRTIO_NET=y 255 | ## QEMU virtio disk 256 | CONFIG_VIRTIO_BLK=y 257 | ## QEMU virtio console 258 | CONFIG_TTY=y 259 | CONFIG_VIRTIO_CONSOLE=y 260 | ## QEMU virtio RNG 261 | CONFIG_HW_RANDOM=y 262 | CONFIG_HW_RANDOM_VIRTIO=y 263 | EOF 264 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # SPDX-License-Identifier: GPL-3.0-or-later 3 | set -euo pipefail 4 | shopt -s nullglob 5 | 6 | # Configure required host commands via environment variables. 7 | blkid=${BLKID:-blkid} 8 | cat=${CAT:-cat} 9 | chmod=${CHMOD:-chmod} 10 | cp=${CP:-cp} 11 | curl=${CURL:-curl} 12 | dd=${DD:-dd} 13 | gpg=${GPG:-gpg2} 14 | ln=${LN:-ln} 15 | losetup=${LOSETUP:-losetup} 16 | mkdir=${MKDIR:-mkdir} 17 | mktemp=${MKTEMP:-mktemp} 18 | mv=${MV:-mv} 19 | nspawn=${NSPAWN:-systemd-nspawn} 20 | rm=${RM:-rm} 21 | sed=${SED:-sed} 22 | sha256sum=${SHA256SUM:-sha256sum} 23 | sha512sum=${SHA512SUM:-sha512sum} 24 | tar=${TAR:-tar} 25 | truncate=${TRUNCATE:-truncate} 26 | uname=${UNAME:-uname} 27 | 28 | # Load basic functions. 29 | . base.sh 30 | 31 | # Parse command-line options. 32 | declare -A cli_options 33 | declare -a cli_slots 34 | while getopts :BE:IKP:RSUVZa:c:d:hk:o:p:u opt 35 | do 36 | case $opt in 37 | B) cli_options[bootable]=1 ;; 38 | E) cli_options[uefi_path]=$OPTARG ;; 39 | I) cli_options[install_to_disk]=1 ;; 40 | K) cli_options[ramdisk]=1 ;; 41 | P) cli_slots+=(${OPTARG,,}) ;; 42 | R) cli_options[read_only]=1 ;; 43 | S) cli_options[squash]=1 ;; 44 | U) cli_options[uefi]=1 ;; 45 | V) cli_options[verity]=1 ;; 46 | Z) cli_options[selinux]=1 ;; 47 | a) cli_options[adduser]+="${OPTARG//$'\n'/ }"$'\n' ;; 48 | c) cli_options[signing_cert]=$OPTARG ;; 49 | d) cli_options[distro]=$OPTARG ;; 50 | h) usage ; exit 0 ;; 51 | k) cli_options[signing_key]=$OPTARG ;; 52 | o) cli_options[${OPTARG%%=*}]=${OPTARG#*=} ;; 53 | p) cli_options[packages]=$OPTARG ;; 54 | u) usage | { read -rs ; echo "$REPLY" ; } ; exit 0 ;; 55 | *) usage 1>&2 ; exit 1 ;; 56 | esac 57 | done 58 | shift $(( OPTIND - 1 )) 59 | 60 | # Load all library files now to combine CLI options with coded settings. 61 | ${*:+. "$1"} 62 | imply_options 63 | packages=() slots=() 64 | . "${options[distro]}".sh 65 | [[ -n $* ]] && { . "$1" ; shift ; } 66 | validate_options 67 | 68 | # Execute all of the build script functions. 69 | create_working_directory 70 | create_buildroot "$@" 71 | create_root_image 72 | script_with_keydb << EOF 73 | $(declare -p DEFAULT_ARCH disk exclude_paths options packages slots) 74 | $(declare -f) 75 | mount_root 76 | customize_buildroot 77 | install_packages \${options[packages]-} 78 | tmpfs_var 79 | tmpfs_home 80 | overlay_etc 81 | configure_packages 82 | configure_system 83 | distro_tweaks 84 | customize 85 | finalize_packages 86 | relabel 87 | squash 88 | unmount_root 89 | verity 90 | kernel_cmdline 91 | save_boot_files 92 | produce_uefi_exe 93 | partition 94 | set_uefi_variables 95 | EOF 96 | 97 | # Write the file system to disk at the given partition. 98 | if opt install_to_disk 99 | then 100 | disk=$($blkid -lo device -t "PARTUUID=$(get_slot_uuid)") 101 | $dd if="$output/final.img" of="$disk" status=progress 102 | fi 103 | 104 | # Save the UEFI binary. 105 | if opt uefi_path 106 | then 107 | [[ ${options[uefi_path]} == *[^/]/* ]] && 108 | $mkdir -p "${options[uefi_path]%/*}" 109 | $cp -p "$output/BOOT$(archmap_uefi ${options[arch]-}).EFI" \ 110 | "${options[uefi_path]}" 111 | fi 112 | -------------------------------------------------------------------------------- /legacy/fedora30.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=30). 3 | 4 | options[verity_sig]= 5 | 6 | # Override buildroot creation to set the container image file name. 7 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.2/')" 8 | 9 | function verify_distro() { 10 | local -rx GNUPGHOME="$output/gnupg" 11 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 12 | $mkdir -pm 0700 "$GNUPGHOME" 13 | $gpg --import 14 | $gpg --verify "$1" 15 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 16 | } << 'EOF' 17 | -----BEGIN PGP PUBLIC KEY BLOCK----- 18 | 19 | mQINBFturGcBEACv0xBo91V2n0uEC2vh69ywCiSyvUgN/AQH8EZpCVtM7NyjKgKm 20 | bbY4G3R0M3ir1xXmvUDvK0493/qOiFrjkplvzXFTGpPTi0ypqGgxc5d0ohRA1M75 21 | L+0AIlXoOgHQ358/c4uO8X0JAA1NYxCkAW1KSJgFJ3RjukrfqSHWthS1d4o8fhHy 22 | KJKEnirE5hHqB50dafXrBfgZdaOs3C6ppRIePFe2o4vUEapMTCHFw0woQR8Ah4/R 23 | n7Z9G9Ln+0Cinmy0nbIDiZJ+pgLAXCOWBfDUzcOjDGKvcpoZharA07c0q1/5ojzO 24 | 4F0Fh4g/BUmtrASwHfcIbjHyCSr1j/3Iz883iy07gJY5Yhiuaqmp0o0f9fgHkG53 25 | 2xCU1owmACqaIBNQMukvXRDtB2GJMuKa/asTZDP6R5re+iXs7+s9ohcRRAKGyAyc 26 | YKIQKcaA+6M8T7/G+TPHZX6HJWqJJiYB+EC2ERblpvq9TPlLguEWcmvjbVc31nyq 27 | SDoO3ncFWKFmVsbQPTbP+pKUmlLfJwtb5XqxNR5GEXSwVv4I7IqBmJz1MmRafnBZ 28 | g0FJUtH668GnldO20XbnSVBr820F5SISMXVwCXDXEvGwwiB8Lt8PvqzXnGIFDAu3 29 | DlQI5sxSqpPVWSyw08ppKT2Tpmy8adiBotLfaCFl2VTHwOae48X2dMPBvQARAQAB 30 | tDFGZWRvcmEgKDMwKSA8ZmVkb3JhLTMwLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 31 | cmc+iQI4BBMBAgAiBQJbbqxnAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK 32 | CRDvPBEfz8ZZudTnD/9170LL3nyTVUCFmBjT9wZ4gYnpwtKVPa/pKnxbbS+Bmmac 33 | g9TrT9pZbqOHrNJLiZ3Zx1Hp+8uxr3Lo6kbYwImLhkOEDrf4aP17HfQ6VYFbQZI8 34 | f79OFxWJ7si9+3gfzeh9UYFEqOQfzIjLWFyfnas0OnV/P+RMQ1Zr+vPRqO7AR2va 35 | N9wg+Xl7157dhXPCGYnGMNSoxCbpRs0JNlzvJMuAea5nTTznRaJZtK/xKsqLn51D 36 | K07k9MHVFXakOH8QtMCUglbwfTfIpO5YRq5imxlWbqsYWVQy1WGJFyW6hWC0+RcJ 37 | Ox5zGtOfi4/dN+xJ+ibnbyvy/il7Qm+vyFhCYqIPyS5m2UVJUuao3eApE38k78/o 38 | 8aQOTnFQZ+U1Sw+6woFTxjqRQBXlQm2+7Bt3bqGATg4sXXWPbmwdL87Ic+mxn/ml 39 | SMfQux/5k6iAu1kQhwkO2YJn9eII6HIPkW+2m5N1JsUyJQe4cbtZE5Yh3TRA0dm7 40 | +zoBRfCXkOW4krchbgww/ptVmzMMP7GINJdROrJnsGl5FVeid9qHzV7aZycWSma7 41 | CxBYB1J8HCbty5NjtD6XMYRrMLxXugvX6Q4NPPH+2NKjzX4SIDejS6JjgrP3KA3O 42 | pMuo7ZHMfveBngv8yP+ZD/1sS6l+dfExvdaJdOdgFCnp4p3gPbw5+Lv70HrMjA== 43 | =BfZ/ 44 | -----END PGP PUBLIC KEY BLOCK----- 45 | EOF 46 | 47 | # OPTIONAL (BUILDROOT) 48 | 49 | function enable_repo_rpmfusion_free() { 50 | local key="RPM-GPG-KEY-rpmfusion-free-fedora-${options[release]}" 51 | local url="https://rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/free-archive/fedora/updates/${options[release]}/$DEFAULT_ARCH/r/rpmfusion-free-release-${options[release]}-2.noarch.rpm" 52 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 53 | } << 'EOF' 54 | rpmkeys --import /dev/stdin << 'EOG' 55 | -----BEGIN PGP PUBLIC KEY BLOCK----- 56 | 57 | mQINBFrUUycBEADfDoQDUWJBi2QpXmFf7be+DMqBjgSZp3ibe29ON1iLe+gfyFjC 58 | 0KCuuz+RdfRizKkovlqMC7ucWqDIkc3fCsoWpb+Hpfw51WvLQCyodB0suHfaY0Rk 59 | k8Jhg5u0qnL8lJfiFEiVesKoUziIf+phLKpITK2LBD0kBNn5OnkWrPwNuN0wyvXP 60 | HAqxz3KZxxwBEn1RwUhYIJCZStaFoTDziWHIB2cYIKSdfquOh1UCVuQj63WnUXNL 61 | e4Wqbc62xJQBZkCfs3+r4FybcGrB07Mju0i7MeWzH6dMHYx6ZkGyA5CmOYfoRV2o 62 | CfOHqm3e+MvHDN+7JF6epNSQyMX47KIA5foJZlMe0RhuO8SwHCMc6d/Zc7iFKmG1 63 | IsWdBzGvJkMv1g4OaEAYRuVO5jWWO4370UVqQ9kvzky3aqGI391wekSSqDbLer6a 64 | 8isf4QDEqjzhVswxXg99I4zkXlMcYkBRumGBtq1KkcAtLoobVEg1WbQbQQTu4j/H 65 | ZKgFadwhasJK1jN+PtW+erV0l1KyDzjR4vTRR9AWg9ahsTLtRe9HvkBLBhKtrhW0 66 | oPqOW5I3n0LChnegYy7jit5ZPGS7oZvzbu+zok+lwQFLZdPxM2VuY6DQE8BNdXEP 67 | 3nLNGbVubv/MZILOws8/ACiONeW9C+RvzYznwmM+JqqhqmKiyr8WWlBfAQARAQAB 68 | tFNSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgzMCkgPHJw 69 | bWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCRQQTAQgALxYh 70 | BIDDssbnJ/PgkrRz4D3yzkPArtpuBQJa1FMnAhsDBAsJCAcDFQgKAh4BAheAAAoJ 71 | ED3yzkPArtpusgsP/RmuZOKEgrGL12uWo9OEyZLTjjJ9chJRPDNXPQe7/atNJmWe 72 | WwkWbKcWwSivwGP04SsJF1iWRcSwCOLe5wBSpuM5E1XsDufzKsLH1WkjOtDQ+O8U 73 | kkJwV64WT06FkSUze+cS7ni5LSObVqPvBtbKFl8lWciG1IDlK5++XW2VLD3dghAW 74 | 5boFZjoVNZoYhlyeZmtcDVlFdXex5Sw0B/gJY4uaHXBXrA1YyE4vBlrSDYrfh4eU 75 | glSGNMNS++78bQsN/C3VmtXpWsvNJa4jxYaXFOJd5g3iX5ttDQYF46PgJckZVurA 76 | 8PT066i4eJOwqDPnOQncsudcpbLPt+0F3cyeDPtjKh+RY48hAhTW0/lDq2onhGPk 77 | SOTDhPrx6vWLqDNBKOio3VloFdEOCsm2OniGZojJADm6m6kErY6n3On3y9TE2GDm 78 | Bx8apPxN7FJvwFqvieZt6B1R+57VStQ0YBCsfC1i5EVsNPnyoNqwvxs2IGsn3P/+ 79 | SuCw9+qa5aRsF+jdnHxKMmj1xm8dVtCCLfaMb4cl7wxgq9zolvlbRFnfHfhRoKhp 80 | fs3khghy5i2AU/bOChxRngX2QWR1A117IeADWtuspMFEOyeU5BlMcqjkFdOZI3jX 81 | 0VmGnXLcUEIa89z/0ktU6TW3MLQ/laFqj5LhGR9jzaDL6S7pOzNqQT4p3jzJ 82 | =S0gf 83 | -----END PGP PUBLIC KEY BLOCK----- 84 | EOG 85 | curl -L "$1" > rpmfusion-free.rpm 86 | curl -L "${1/-release-/-release-tainted-}" > rpmfusion-free-tainted.rpm 87 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} rpmfusion-free{,-tainted}.rpm 88 | rpm --install rpmfusion-free{,-tainted}.rpm 89 | exec rm -f rpmfusion-free{,-tainted}.rpm 90 | EOF 91 | 92 | function enable_repo_rpmfusion_nonfree() { 93 | local key="RPM-GPG-KEY-rpmfusion-nonfree-fedora-${options[release]}" 94 | local url="https://rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/nonfree-archive/fedora/releases/${options[release]}/Everything/$DEFAULT_ARCH/os/Packages/r/rpmfusion-nonfree-release-${options[release]}-1.noarch.rpm" 95 | enable_repo_rpmfusion_free 96 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 97 | } << 'EOF' 98 | rpmkeys --import /dev/stdin << 'EOG' 99 | -----BEGIN PGP PUBLIC KEY BLOCK----- 100 | 101 | mQINBFrUUy4BEAC0TX9UViv0ZWUMruCuR3s8niI388HlqPBF4eKv30V+zlwFiw/6 102 | JfrWlOZ1QfcK5DJbQT3LMVsVyGU3KTCquHGTPusSPFVpG1KLhBwXGMdZ3/y14xGZ 103 | xI37PyaZ5T170NchcST14f7cjkLtBuJ3IOIMwv1Uxi5Oc8QOo/i3RHMiiE1JKGuA 104 | FR8Td77VioV9+gr41VlexdjeAvf0UGylstbLkiEqYig2xhbD49vGZ97V/PJXEbpd 105 | nb6nJz0SUIKczQYbln7Arm9/8H91dBgWFkp8URVxtdQn/GJ3D6DBs+t6PlS1QD5m 106 | 2k999hDy0iRduwc4t2mO5jUio7LeMi0zkCtvx4HzJXSYissx7uR3odi32N5Z3Ywd 107 | ZnmdqCDVXx7QXSQ0V6UIffPHB+JzFT4EfIENCp55puzMXJZkugaP8PX3VtbPsCz6 108 | WMddNs7674VrJR7uhtmpumfNo9taXJdesZbcuUs6DyoW24WBEVDjlhPDjKCID0bm 109 | 0uPWheyxt3I4kTcTaRWJfQN8rQYHFtRpIE9qCDRNCsdYoMjuGHIlcBPTcNn3ksfv 110 | Hwrr7rYpKPHp/lkhoneWXhnBWNd6r5/1zy7bHxiSPgbPZt2YB5jAE3jHRmVyHCQo 111 | J6/+OcRhbL2cKUOBvuwQQXe/7qPPSjnkCamiQoiSZGOL39f8ql/rKJg98wARAQAB 112 | tFZSUE0gRnVzaW9uIG5vbmZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgzMCkg 113 | PHJwbWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCRQQTAQgA 114 | LxYhBIAXHI0syKq4TIRI6b3W7MQdFKeVBQJa1FMuAhsDBAsJCAcDFQgKAh4BAheA 115 | AAoJEL3W7MQdFKeVjK8QAIjV7blJJbCShlCpU1ul5wcDYMuF6nw+DmaPuL1koAYF 116 | dYRP+o9Sho/7tjkLT6lQaePSPF/SBxUjgI3+0HLb3soTwwSMfkCxF3DXlO9hUjJr 117 | L1jIUubx2RpBhjWpwpdJ/2JZHb2fwlKnKfS0bjyypV6QOngbspyXi/FKyGYF1UQO 118 | WZG0fuOr/vu1+VUY2YN8qnCkuyCnpTy5VbfWOht98nfnCf3vo+FXoMWx7wKB+CoY 119 | M9FryDlyF5te/z5dsv7/8MiSavw5vpdDdzqaiN7j69m4nHYRYco9pj3oM2WN/iu8 120 | 4Quf2Zfa4YgdXO1oYn7GYCmJZftnvEBWVZ1DjgGvoa1FV/suvDlc6+x0g6M2bORX 121 | jlnG1cjDD8eKjhy2HvVQLbnJxGce4wwvCHppgs6lHowIMNfgPvKFi1Lt2ABw0ojR 122 | wjYELGwF60s2u0Doh0Um3SNsFWGF4jcSyq/5+fdk93qPqEGv44tjrbRtC3O5KNCZ 123 | YTLbiR0ZcubpQap7pZHJLSbjPh74HrsgXtNNpnDNCQOQecSIuiff5fZzN7tyJrLL 124 | NCfJC5FlD/HHbNLLBYBOCM6N7h3gcyAJBGp6JwpchbZf5kOFMWlZIr8J8TDv2EHC 125 | shobGp/ukk6OFzG9MOnPFn19tnO1ZMB+ewATd968K+3yEwJ2woX02iguq77LGPj4 126 | =Gzco 127 | -----END PGP PUBLIC KEY BLOCK----- 128 | EOG 129 | curl -L "$1" > rpmfusion-nonfree.rpm 130 | curl -L "${1/-release-/-release-tainted-}" > rpmfusion-nonfree-tainted.rpm 131 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} rpmfusion-nonfree{,-tainted}.rpm 132 | rpm --install rpmfusion-nonfree{,-tainted}.rpm 133 | exec rm -f rpmfusion-nonfree{,-tainted}.rpm 134 | EOF 135 | 136 | [[ options[release] -ge DEFAULT_RELEASE ]] 137 | -------------------------------------------------------------------------------- /legacy/fedora31.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=31). 3 | 4 | # Override buildroot creation to set the container image file name. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.9/')" 6 | 7 | # Override buildroot packages to skip disabled Cisco and a builtin package. 8 | eval "$(declare -f create_buildroot | 9 | $sed 's/[^*]*cisco[^*]*/modular/;s/crypto-policies-scripts //')" 10 | 11 | # Override ramdisk creation since the kernel is too old to support zstd. 12 | eval "$(declare -f create_buildroot | $sed 's/ zstd//')" 13 | eval "$(declare -f configure_initrd_generation | $sed /compress=/d)" 14 | eval "$(declare -f relabel squash build_systemd_ramdisk | $sed \ 15 | -e 's/zstd --[^|>]*/xz --check=crc32 -9e /')" 16 | 17 | function verify_distro() { 18 | local -rx GNUPGHOME="$output/gnupg" 19 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 20 | $mkdir -pm 0700 "$GNUPGHOME" 21 | $gpg --import 22 | $gpg --verify "$1" 23 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 24 | } << 'EOF' 25 | -----BEGIN PGP PUBLIC KEY BLOCK----- 26 | 27 | mQINBFxq3QMBEADUhGfCfP1ijiggBuVbR/pBDSWMC3TWbfC8pt7fhZkYrilzfWUM 28 | fTsikPymSriScONXP6DNyZ5r7tgrIVdVrJvRIqIFRO0mufp9HyfWKDO//Ctyp7OQ 29 | zYw6NVthO/aWpyFfJpj6s4iZsYGqf9gByV8brBB8v8jEsCtVOj1BU3bMbLkMsRI9 30 | +WiLjDYyvopqNBQuIe8ogxSxpYdbUz6+jxzfvhRoBzWdjITd//Gjd90kkrBOMWkO 31 | LTqO133OD1WMT08G5NuQ4KhjYsVvSbBpfdkTcNuP8gBP9LxCQDc+e1eAhZ95g3qk 32 | XLeKEK9j+F+wuG/OrEAxBsscCxXRUB38QH6CFe3UxGoSMnBi+jEhicudo+ItpFOy 33 | 7rPaYyRh4Pmu4QHcC83bNjp8NI6zTHrBmVuPqkxMn07GMAQav9ezBXj6umqTX4cU 34 | dsJUavJrJ3u7rT0lhBdiGrQ9zPbL07u2Kn+OXPAC3dKSf7G8TvwNAdry9esGSpi3 35 | 8aa1myQYVZvAlsIBkbN3fb1wvDJE5czVhzwQ77V2t66jxeg0o9/2OZVH3CozD2Zj 36 | v28LHuW/jnQHtsQ0fUyQYRmHxNEVkW10GGM7fQwxzpxFFS1O/2XEnfMu7yBHZsgL 37 | SojfUct0FhLhEN/g/IINX9ZCVrzK5/De27CNjYE1cgYD/lTmQ0SyjfKVwwARAQAB 38 | tDFGZWRvcmEgKDMxKSA8ZmVkb3JhLTMxLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 39 | cmc+iQI+BBMBAgAoAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCXGrkTQUJ 40 | Es8P/QAKCRBQyzkLPDNZxBmDD/90IFwAfFcQq5ENl7/o2CYQ9k2adTHbV5RoIOWC 41 | /o9I5/btn1y8WDhPOUNmsgbUqRqz6srlVplg+LkpIj67PVLDBwpVbCJC8o1fztd2 42 | MryVqdvu562WVhUorII+iW7nfqD0yv55nH9b/JR1qloUa8LpeKw84JgvxF5wVfyR 43 | id1WjI0DBk2taFR4xCfU5Tb262fbdFj5iB9xskP7oNeS29+SfDjlnybtlFoqr9UA 44 | nY1uvhBPkGmj45SJkpfP+L+kGYXVaUd29M/q/Pt46X1KDvr6Z0l8bSUEk3zfcNdj 45 | uEhtHBqSy1UPPAikGX1Q5wGdu7R7+mv/ARqfI6OC44ipoOMNK1Aiu6+slbPYphwX 46 | ighSz9yYuG0EdWt7akfKR0R04Kuej4LXLWcxTR4l8XDzThYgPP0g+z0XQJrAkVhi 47 | SrzICeC3K1GPSiUtNAxSTL+qWWgwvQyAPNoPV/OYmY+wUxUnKCZpEWPkL79lh6CM 48 | bJx/zlrOMzRumSzaOnKW9AOliviH4Rj89OmDifBEsQ0CewdHN9ly6g4ZFJJGYXJ5 49 | HTb5jdButTC3tDfvH8Z7dtXKdC4iqJCIxj698Xn8UjVefZQ2nbv5eXcZLfHtvbNB 50 | TTv1vvBV4G7aiHKYRSj7HmxhLBZC8Y/nmFAemOoOYDpR5eUmPmSbFayoLfRsFXmC 51 | HLs7cw== 52 | =6hRW 53 | -----END PGP PUBLIC KEY BLOCK----- 54 | EOF 55 | 56 | # OPTIONAL (BUILDROOT) 57 | 58 | function enable_repo_rpmfusion_free() { 59 | local key="RPM-GPG-KEY-rpmfusion-free-fedora-${options[release]}" 60 | local url="https://rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/free-archive/fedora/releases/${options[release]}/Everything/$DEFAULT_ARCH/os/Packages/r/rpmfusion-free-release-${options[release]}-1.noarch.rpm" 61 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 62 | } << 'EOF' 63 | rpmkeys --import /dev/stdin << 'EOG' 64 | -----BEGIN PGP PUBLIC KEY BLOCK----- 65 | 66 | mQINBFvEZi0BEADeq0E2/aYDWMYnUBloxAamr/DBo21/Xida69lQg/C8wGB/jz+i 67 | J9ZDEnLRDGlotBl3lwOhbzwXxk+4azH77+JIuUDiPkBb6e7rld0EMWNykLuWifV0 68 | Eq7qVBtr1cQfvLMDySvzIBPEGy3IbFnr7H7diR+A0WiwltVLcv4wW/ESRZUChBxy 69 | TGgQrYk98TGiJGMWlwi7IzopOliAYrc7oM1XyZQlTffhS5b0ygiwIxGOOjVR3waB 70 | m//0PVj8hZ+kHBgn2hXnLlWBkCRosxHmg+xcosUBgfBqKBPN8M800F6svvZS1msN 71 | mef7y2QytA9LSpey6mznqKEY8x8+9Ub4FCGiEEw8SoDCU48NpmADr6PXoJAtihEi 72 | 4NuBiqzpabKDR7IfhEWNgVM840OCmizFyT9L++SDZmww8rUHx55VOzVEf4fSRPXY 73 | gduexRo377+bj+wdpKfrUddkbdxuDVWweq8k5fZz7Y7HYtM60j9WxtUoLF37MNgZ 74 | 5bwrOU2NhLP+aqwyeE86/BqDdKVzxeq+PAaIl1ujTqbmJYJO0Kmt4G+GPhj6TpTq 75 | +X+Ci+YskPEcp7dqpH38rpuA3ZAVH4tHkW9UFFBHrvnxuOLrrAflondgLTo1xNo6 76 | E8Qrq7PGCjq/FdVM9tC3hupeKuXz5jaf65qbln4COromTXm5KyNOlWVgMwARAQAB 77 | tFNSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgzMSkgPHJw 78 | bWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCRQQTAQgALxYh 79 | BFmn/gf2ZMGydofF0m3u8FHEgZN6BQJbxGYtAhsDBAsJCAcDFQgKAh4BAheAAAoJ 80 | EG3u8FHEgZN6E5EQAN5kzvCyT/Ev6H/rS4QQE6+Zxb9YCGnlUOwPXcwtAqjGl4Hn 81 | kt9LXnrd4DThLBLEGZUpBe5/oNuZOLWRWvTG7UHR+pBdtxIyqUlxBhiIwSe+Q7rZ 82 | gehiXl2PhnaBHyTLoFGczNWiqKSIORnSmVg4SXuteG4So0PzRWBD9r2/7P/mZGyd 83 | wyiH34YUzsedPOO1sER8o+tQ6C9RlRmhZRQ9hBJIymga1FfCms6X5lEFfbsuSjEt 84 | acLvLJuO7bxfoYPiC2l+psFAitgT7UeEm/KW/Ul2M2YVONu1pRCkEoJzJ4B1ki9/ 85 | MK6Kw9QyQ6KXmOmzckJaInZQrwtcffjsdCjdQgoPUA//PVsysM4dtE7TPx2iRC2S 86 | Vci0eGT+XV3tUlDDlMLfx6PhpfAddN3okGIWE0Nwc9yNwwn+R2H/Nrw0Q74qiwP7 87 | uCgzGQBEKOATwJdm/EbtzSOzTgeunrlb1HO+XgjE+VBxp9vdzS/sOecixPyGdjW3 88 | B1NIHAU1O9tgQcBNSJ4txKEnKHw92HViHLXpOVIIeXW+2bjtgTtTE3TfAYVnyLMn 89 | uplg21hoH2L+fC281fgV64CzR+QjOiKWJSvub6wzy1a7/xPce8yaE89SwmxxVroS 90 | Ia81vrdksRmtLwAhgJfh6YoSdxKWdtB+/hz2QwK+lHV368XzdeAuWQQGpX3T 91 | =NNM4 92 | -----END PGP PUBLIC KEY BLOCK----- 93 | EOG 94 | curl -L "$1" > rpmfusion-free.rpm 95 | curl -L "${1/-release-/-release-tainted-}" > rpmfusion-free-tainted.rpm 96 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} rpmfusion-free{,-tainted}.rpm 97 | rpm --install rpmfusion-free{,-tainted}.rpm 98 | exec rm -f rpmfusion-free{,-tainted}.rpm 99 | EOF 100 | 101 | function enable_repo_rpmfusion_nonfree() { 102 | local key="RPM-GPG-KEY-rpmfusion-nonfree-fedora-${options[release]}" 103 | local url="https://rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/nonfree-archive/fedora/updates/${options[release]}/$DEFAULT_ARCH/r/rpmfusion-nonfree-release-${options[release]}-2.noarch.rpm" 104 | enable_repo_rpmfusion_free 105 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 106 | } << 'EOF' 107 | rpmkeys --import /dev/stdin << 'EOG' 108 | -----BEGIN PGP PUBLIC KEY BLOCK----- 109 | 110 | mQINBFvEZjsBEADo+8aA0e20azf2vU4JJ2rVHnr9RpVUcRYmr/rFEsEeYMIvDAYz 111 | ssprKuuz89XTe5OR8RSrTIVFOTqYrZYxuQbR35rzr9wpk45szcUMDNzi0L83AemS 112 | v1JgBF2gSoF9Ajbhbdwxxqje+yn86u0xWWsG4Xu1N/KZE/oyqAYwWzH9nizrSRSv 113 | SCsjZMk4SwEPB0lp2zTf21k5YwIv05+ubHq5/h9WScjjoA4LCJHIikNptONFemhS 114 | Ys3Vsacd0g4mAx3AyU8gGaFkQXapwhQWi1/UCbqFT/3S1ZApYthdYBpFwSv7PgUa 115 | BBJGFzwxrch9NF1wHivO4uzmPK2V8REKt2EgwPUfaAYCabPxxFFsWNOimv1zz3Wb 116 | 2DPZfE1YDjAi4qNfXENkqSReys7ETi2fGw2pr6PQtLJFYLbpKwXVvdr0PuAPPNQo 117 | kCAuCZKnNitxsxyaGYxN2gq3D6excKpo+3JQAdRTdC+vAFACs41QDLCLBYQUL4zn 118 | eXR/hkSmyeEDyrkuRztqUxI0eobMOS6KI6c2u+tYhWQY1OH1piV1aOa4OQQKFdZH 119 | 6WQAnbMqafG4lPmEO5cDT4JNRzWfyZXXa750mq6X3r2iRZMlroHoJAMUmF6+r8vP 120 | AfjC3Haqfbp6HlNpTET8GU8eeeNQM33Qpq1H2tGJPIt3ZVHOTzjjMnvFdwARAQAB 121 | tFZSUE0gRnVzaW9uIG5vbmZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgzMSkg 122 | PHJwbWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCRQQTAQgA 123 | LxYhBEyrlRp0k9ksrewEIZzmOgNUqGCSBQJbxGY7AhsDBAsJCAcDFQgKAh4BAheA 124 | AAoJEJzmOgNUqGCSkzwP/35oDsqFQNZGT2PJ3BpLkK/e8INCRsBgUHHzQiGri69v 125 | OBDt6RoJwKEYfsx7ps0oRhci6NZ5aTJL4g25xBibWB9dvce4c25Kho7VHassxXzv 126 | j6MrAuFNFHWpNNGXgiBTfMBOqcLxfx550wJyzyUVxxsmjbRm8Irz/ijZXavzyTw5 127 | xNmZw6a2XH1Zx9bNdv+o5I5pkmdJJGSw6BbI7j5xysV+A5yIFtCnKCwhsXrGRjnR 128 | 9V8MuocAXjzayLWJ4E0daZkJlyR5mhYuae4PR1wt75qj8UesjWTAniQFlWMe52+G 129 | Iqukb6TvxrLLTdaFi8orpoDG5PsdQ2kfyRQDcK5UMM4X8BC59Bq0NtuIezMio40O 130 | 1wGZFf1tUdGCImf5JtboKRTeAp32uvPjYR1Bbya8Yup6OuCrKDrdOdqKlULFp3H+ 131 | ia8W8hFCaGgvnpNveoBLFcMq6xxorQ4LhEcwnLABs9Y8UnL5Ao2ozijVA7Pkhdep 132 | dt5CYmEq77bxpQT1tLUt9jp246gZgMQQDZAR6BW+fg3FCpXDWguxF+Xzuf7JuL9O 133 | V2SKYTbdiljladNZO0sq566U6GJptKhl8pHlihkNyHc6jkQGxnzpzFolTUl66jbc 134 | f9jO+f+R9C+FDT1fcPPIolYTBRCvYQ9B6c+olHVTNNYUmW36TThsbXiYeqQw4JPA 135 | =Wn2x 136 | -----END PGP PUBLIC KEY BLOCK----- 137 | EOG 138 | curl -L "$1" > rpmfusion-nonfree.rpm 139 | curl -L "${1/-release-/-release-tainted-}" > rpmfusion-nonfree-tainted.rpm 140 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} rpmfusion-nonfree{,-tainted}.rpm 141 | rpm --install rpmfusion-nonfree{,-tainted}.rpm 142 | exec rm -f rpmfusion-nonfree{,-tainted}.rpm 143 | EOF 144 | 145 | [[ options[release] -ge DEFAULT_RELEASE ]] || 146 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 147 | -------------------------------------------------------------------------------- /legacy/fedora32.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=32). 3 | 4 | # Override buildroot creation to set the container image file name. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.6/')" 6 | 7 | # Override the networkd provider for when it was bundled with systemd. 8 | eval "$(declare -f install_packages | $sed s/-networkd//)" 9 | 10 | function verify_distro() { 11 | local -rx GNUPGHOME="$output/gnupg" 12 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 13 | $mkdir -pm 0700 "$GNUPGHOME" 14 | $gpg --import 15 | $gpg --verify "$1" 16 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 17 | } << 'EOF' 18 | -----BEGIN PGP PUBLIC KEY BLOCK----- 19 | 20 | mQINBF1RVqsBEADWMBqYv/G1r4PwyiPQCfg5fXFGXV1FCZ32qMi9gLUTv1CX7rYy 21 | H4Inj93oic+lt1kQ0kQCkINOwQczOkm6XDkEekmMrHknJpFLwrTK4AS28bYF2RjL 22 | M+QJ/dGXDMPYsP0tkLvoxaHr9WTRq89A+AmONcUAQIMJg3JxXAAafBi2UszUUEPI 23 | U35MyufFt2ePd1k/6hVAO8S2VT72TxXSY7Ha4X2J0pGzbqQ6Dq3AVzogsnoIi09A 24 | 7fYutYZPVVAEGRUqavl0th8LyuZShASZ38CdAHBMvWV4bVZghd/wDV5ev3LXUE0o 25 | itLAqNSeiDJ3grKWN6v0qdU0l3Ya60sugABd3xaE+ROe8kDCy3WmAaO51Q880ZA2 26 | iXOTJFObqkBTP9j9+ZeQ+KNE8SBoiH1EybKtBU8HmygZvu8ZC1TKUyL5gwGUJt8v 27 | ergy5Bw3Q7av520sNGD3cIWr4fBAVYwdBoZT8RcsnU1PP67NmOGFcwSFJ/LpiOMC 28 | pZ1IBvjOC7KyKEZY2/63kjW73mB7OHOd18BHtGVkA3QAdVlcSule/z68VOAy6bih 29 | E6mdxP28D4INsts8w6yr4G+3aEIN8u0qRQq66Ri5mOXTyle+ONudtfGg3U9lgicg 30 | z6oVk17RT0jV9uL6K41sGZ1sH/6yTXQKagdAYr3w1ix2L46JgzC+/+6SSwARAQAB 31 | tDFGZWRvcmEgKDMyKSA8ZmVkb3JhLTMyLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 32 | cmc+iQI4BBMBAgAiBQJdUVarAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK 33 | CRBsEwJtEslE0LdAD/wKdAMtfzr7O2y06/sOPnrb3D39Y2DXbB8y0iEmRdBL29Bq 34 | 5btxwmAka7JZRJVFxPsOVqZ6KARjS0/oCBmJc0jCRANFCtM4UjVHTSsxrJfuPkel 35 | vrlNE9tcR6OCRpuj/PZgUa39iifF/FTUfDgh4Q91xiQoLqfBxOJzravQHoK9VzrM 36 | NTOu6J6l4zeGzY/ocj6DpT+5fdUO/3HgGFNiNYPC6GVzeiA3AAVR0sCyGENuqqdg 37 | wUxV3BIht05M5Wcdvxg1U9x5I3yjkLQw+idvX4pevTiCh9/0u+4g80cT/21Cxsdx 38 | 7+DVHaewXbF87QQIcOAing0S5QE67r2uPVxmWy/56TKUqDoyP8SNsV62lT2jutsj 39 | LevNxUky011g5w3bc61UeaeKrrurFdRs+RwBVkXmtqm/i6g0ZTWZyWGO6gJd+HWA 40 | qY1NYiq4+cMvNLatmA2sOoCsRNmE9q6jM/ESVgaH8hSp8GcLuzt9/r4PZZGl5CvU 41 | eldOiD221u8rzuHmLs4dsgwJJ9pgLT0cUAsOpbMPI0JpGIPQ2SG6yK7LmO6HFOxb 42 | Akz7IGUt0gy1MzPTyBvnB+WgD1I+IQXXsJbhP5+d+d3mOnqsd6oDM/grKBzrhoUe 43 | oNadc9uzjqKlOrmrdIR3Bz38SSiWlde5fu6xPqJdmGZRNjXtcyJlbSPVDIloxw== 44 | =QWRO 45 | -----END PGP PUBLIC KEY BLOCK----- 46 | EOF 47 | 48 | # OPTIONAL (BUILDROOT) 49 | 50 | function enable_repo_rpmfusion_free() { 51 | local key="RPM-GPG-KEY-rpmfusion-free-fedora-${options[release]}" 52 | local url="https://rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/free-archive/fedora/releases/${options[release]}/Everything/$DEFAULT_ARCH/os/Packages/r/rpmfusion-free-release-${options[release]}-1.noarch.rpm" 53 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 54 | } << 'EOF' 55 | rpmkeys --import /dev/stdin << 'EOG' 56 | -----BEGIN PGP PUBLIC KEY BLOCK----- 57 | 58 | mQINBFyps4IBEADNQys3kVRoIzE+tbfUSjneQWYYDuONJP3i9tuJjKC6NJJCDBxB 59 | NqxRdZm2XQjF4NThJHB+wOY6/M7XRzUVPE1LtoEaA/FXj12jogt7TN5aDT4VDyRV 60 | nBKlsW4tW/FcxPS9R7lCLsnTfX16yr59vwA6KpLR3FsbDUJyFLRX33GMxZVtVAv4 61 | 181AeBA2WdTlebR8Cb0o0QowDyWkXRP97iV+qSiwhlOmCjl5LpQY1UZZ37VhoY+Y 62 | 1TkFT8fnYKe5FO8Q5b6hFcaIESvGQ0rOAQC1GoHksG19BoQm80TzkHpFXdPmhvJT 63 | +Q3J1xFID7WVwMtturtoTzW+MPcXcbeOquz5PbEAB3LocdYASkDcCpdLxNsVIWbe 64 | wVyXwTM8+/3kX+Pknc4PWdauOiap9w6og6x0ki1cVbYFo6X4mtfv5leIPkhfWqGn 65 | ZRwLNzCr/ilRuqerdkwvf0G/GebnzoSc9Sqsd552CHuXbB51OK0zP3ZnkG3y8i0R 66 | ls3J4PZY8IHxa1T4NQ4n0h4VrZ3TJhWQMvl1eI3aeTG4yM98jm3n+TQi73Z+PxjK 67 | +8iAa1jTjAPew1qzJxStJXy6LfNyqwtaSOYI/MWCD9F4PDvxmXhLQu/UU7F2JPJ2 68 | 4VApuAeMUDnb2aSNyCb894sJG126BwfHHjMKGAJadJInBMg9swlrx/R+AQARAQAB 69 | tFNSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgzMikgPHJw 70 | bWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCRQQTAQgALxYh 71 | BHvamO9ZMFCjSxaXq6DunYMQC82SBQJcqbOCAhsDBAsJCAcDFQgKAh4BAheAAAoJ 72 | EKDunYMQC82SfX0QAJJKGRFKuLX3tPHoUWutb85mXiClC1b8sLXnAGf3yZEXMZMi 73 | yIg6HEFfjpEYGLjjZDXR7vF2NzXpdzNV9+WNt8oafpdmeFRKAl2NFED7wZXsS/Bg 74 | KlxysH07GFEEcJ0hmeNP9fYLUZd/bpmRI/opKArKACmiJjKZGRVh7PoXJqUbeJIS 75 | fSnSxesCQzf5BbF//tdvmjgGinowuu6e5cB3fkrJBgw1HlZmkh88IHED3Ww/49ll 76 | dsI/e4tQZK0BydlqCWxguM/soIbfA0y/kpMb3aMRkN0pTKi7TcJcb9WWv/X96wSb 77 | hq1LyLzh7UYDULEnC8o/Lygc8DQ9WG+NoNI7cMvXeax80qNlPS2xuCwVddXK7EBk 78 | TgHpfG4b6/la5vH4Un3UuD03q+dq2iQn7FSFJ8iaBODg5JJQOqBLkg2dlPPv8hZK 79 | nb3Mf7Zu0rhyBm5DSfGkSGYv8JgRGsobek+pdP7bV2RPEmEuJycz7vV6kdS1BUvW 80 | f3wwFYe7MGXD9ITUcCq3a2TabsesqwqNzHizUbNWprrg8nQQRuEupas2+BDyGIL6 81 | 34hsfZcS8e/N7Eis+lEBEKMo7Fn36VZZXHHe7bkKPpIsxvHjNmFgvdQVAOJRR+iQ 82 | SvzIApckQfmMKIzPJ4Mju9RmjWOQKA/PFc1RynIhemRfYCfVvCuMVSHxsqsF 83 | =hrxJ 84 | -----END PGP PUBLIC KEY BLOCK----- 85 | EOG 86 | curl -L "$1" > rpmfusion-free.rpm 87 | curl -L "${1/-release-/-release-tainted-}" > rpmfusion-free-tainted.rpm 88 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} rpmfusion-free{,-tainted}.rpm 89 | rpm --install rpmfusion-free{,-tainted}.rpm 90 | exec rm -f rpmfusion-free{,-tainted}.rpm 91 | EOF 92 | 93 | function enable_repo_rpmfusion_nonfree() { 94 | local key="RPM-GPG-KEY-rpmfusion-nonfree-fedora-${options[release]}" 95 | local url="https://rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/nonfree-archive/fedora/releases/${options[release]}/Everything/$DEFAULT_ARCH/os/Packages/r/rpmfusion-nonfree-release-${options[release]}-1.noarch.rpm" 96 | enable_repo_rpmfusion_free 97 | [[ -s $buildroot/etc/pki/rpm-gpg/$key ]] || script "$url" 98 | } << 'EOF' 99 | rpmkeys --import /dev/stdin << 'EOG' 100 | -----BEGIN PGP PUBLIC KEY BLOCK----- 101 | 102 | mQINBFyptB8BEAC2C18FrMlCbotDF+Ki/b1sq+ACh9gl9OziTYCQveo4H/KU6PPV 103 | 9fIDlMuFLlWqIiP32m224etYafTARp3NZdeQGBwe1Cgod+HZ/Q5/lySJirsaPUMC 104 | WQDGT9zd8BadcprbKpbS4NPg0ZDMi26OfnaJRD7ONmXZBsBJpbqsSJL/mD5v4Rfo 105 | XmYSBzXNH2ScfRGbzVam5LPgIf7sOqPdVGUM2ZkdJ2Y2p6MHLhJko8LzVr3jhJiH 106 | 9AL0Z7f3xyepA9c8qcUx2IecZAOBIw18s9hyaXPXD4XejNP7WNAmClRhijhxBcML 107 | TpDglKGe5zoxpXwPsavQxa7uUYVUHc83sfP04Gjj50CZpMpR9kfp/uLvzYf1KQRj 108 | jM41900ZewXAAOScTp9vouqn23R8B8rLeQfL+HL1y47dC7dA4gvOEoAysznTed2e 109 | fl6uu4XG9VuK1pEPolXp07nbZ1jxEm4vbWJXCuB6WDJEeRw8AsCsRPfzFk/oUWVn 110 | kvzD0Xii6wht1fv+cmgq7ddDNuvNJ4aGi5zAmMOC9GPracWPygV+u6w/o7b8N8tI 111 | LcHKOjOBh2orowUZJf7jF+awHjzVCFFT+fcCzDwh3df+2fLVGVL+MdTWdCif9ovT 112 | t/SGtUK7hrOLWrDTsi1NFkvWLc8W8BGXsCTr/Qt4OHzP1Gsf17PlfsI3aQARAQAB 113 | tFZSUE0gRnVzaW9uIG5vbmZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgzMikg 114 | PHJwbWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCRQQTAQgA 115 | LxYhBP5ak5PLbicbWpDMGw2adpltwb4YBQJcqbQfAhsDBAsJCAcDFQgKAh4BAheA 116 | AAoJEA2adpltwb4YBmMP/R/K7SEr6eOFLt9tmsI06BCOLwYtQw1yBPOP/QcX9vZG 117 | Af6eWk5Otvub38ZKqxkO9j2SdAwr16cDXqL6Vfo45vqRCTaZpOBw2rRQlqgFNvQ2 118 | 7uzzUk8xkwAyh3tqcUuJjdPso/k02ZxPC5xR68pjOyyvb618RXxjuaaOHFqt2/4g 119 | LEBGcxfuBsKMwM8uZ5r61YRyZle23Ana8edvVOQWeyzF0hx/WXCRke/nCyDEE6OA 120 | IGhcA0XOjnzzLxTLjvmnjBUaenXnpBS8LA5OPOo0TjvPiAj7DSR8lfQYNorGxisD 121 | cEJm/upsJii/x3Tm4dwRvlmvZuw4CC7UCQ3FIu3eAsNoqRAeV8ND33T/L3feHkxj 122 | 0fkWwihAcx12ddaRM5iOEMPNmUTyufj9KZy21jAy3AooMiDb8o17u4fb6irUs/YE 123 | /TL1EG2W8L7R6idgjk//Ip8sNvxr3nwmyv7zJ6vWfhuS/inuEDdvHqqrs+s5n4gk 124 | jTKf3If3e6unzMNO5945DgvXcx09G0QqgdrRLprT+bj6581YbOnzvZdUqgOaw3M5 125 | pGdE6wHro7qtbp/HolJYx07l0AW3AW9v+mZSIBXp2UyHXzFN5ycwpgXo+rQ9mFP9 126 | wzK/najg8b1aC99psZhS/mVVFVQJC5Ozz4j/AMIaXQPaFhAFd6uRQPu7fZX/kjmN 127 | =U9qR 128 | -----END PGP PUBLIC KEY BLOCK----- 129 | EOG 130 | curl -L "$1" > rpmfusion-nonfree.rpm 131 | curl -L "${1/-release-/-release-tainted-}" > rpmfusion-nonfree-tainted.rpm 132 | rpm --checksig --define=_pkgverify_{'flags 0x0','level all'} rpmfusion-nonfree{,-tainted}.rpm 133 | rpm --install rpmfusion-nonfree{,-tainted}.rpm 134 | exec rm -f rpmfusion-nonfree{,-tainted}.rpm 135 | EOF 136 | 137 | [[ options[release] -ge DEFAULT_RELEASE ]] || 138 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 139 | -------------------------------------------------------------------------------- /legacy/fedora33.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=33). 3 | 4 | packages=(glibc-minimal-langpack) 5 | 6 | # Override UEFI splash screen creation for the old logo. 7 | eval "$(declare -f save_boot_files | $sed "s|\(convert.* \)\([^ ]*svg\)|sed \ 8 | '/id=.g524[17]/,/[/]/{//d;}' \2 > /root/logo.svg \&\& \1/root/logo.svg|")" 9 | 10 | # Override ESP creation to support old dosfstools that can't use offsets. 11 | eval "$(declare -f partition | $sed '/^ *if opt uefi/,/^ *fi/{ 12 | /esp_image=/s/=.*/=esp.img ; truncate --size=$(( esp * bs )) $esp_image/ 13 | s/ --offset=[^ ]* / /;s/ gpt.img / $esp_image / 14 | /^ *fi/idd bs=$bs conv=notrunc if=$esp_image of=gpt.img seek=$start 15 | }')" 16 | 17 | # Override UEFI variable generation to use the old QEMU bare SMBIOS argument. 18 | eval "$(declare -f set_uefi_variables | $sed -e '/timeout/i\ 19 | cat <(echo -en "\\x0B\\x05\\x34\\x12\\x01") "$keydir/sb.oem" <(echo -en "\\0\\0") > "$keydir/sb.smbios" 20 | s/type=11,path\(=\S*\)oem/file\1smbios/')" 21 | 22 | function verify_distro() { 23 | local -rx GNUPGHOME="$output/gnupg" 24 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 25 | $mkdir -pm 0700 "$GNUPGHOME" 26 | $gpg --import 27 | $gpg --verify "$1" 28 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 29 | } << 'EOF' 30 | -----BEGIN PGP PUBLIC KEY BLOCK----- 31 | 32 | mQINBF4wBvsBEADQmcGbVUbDRUoXADReRmOOEMeydHghtKC9uRs9YNpGYZIB+bie 33 | bGYZmflQayfh/wEpO2W/IZfGpHPL42V7SbyvqMjwNls/fnXsCtf4LRofNK8Qd9fN 34 | kYargc9R7BEz/mwXKMiRQVx+DzkmqGWy2gq4iD0/mCyf5FdJCE40fOWoIGJXaOI1 35 | Tz1vWqKwLS5T0dfmi9U4Tp/XsKOZGvN8oi5h0KmqFk7LEZr1MXarhi2Va86sgxsF 36 | QcZEKfu5tgD0r00vXzikoSjn3qA5JW5FW07F1pGP4bF5f9J3CZbQyOjTSWMmmfTm 37 | 2d2BURWzaDiJN9twY2yjzkoOMuPdXXvovg7KxLcQerKT+FbKbq8DySJX2rnOA77k 38 | UG4c9BGf/L1uBkAT8dpHLk6Uf5BfmypxUkydSWT1xfTDnw1MqxO0MsLlAHOR3J7c 39 | oW9kLcOLuCQn1hBEwfZv7VSWBkGXSmKfp0LLIxAFgRtv+Dh+rcMMRdJgKr1V3FU+ 40 | rZ1+ZAfYiBpQJFPjv70vx+rGEgS801D3PJxBZUEy4Ic4ZYaKNhK9x9PRQuWcIBuW 41 | 6eTe/6lKWZeyxCumLLdiS75mF2oTcBaWeoc3QxrPRV15eDKeYJMbhnUai/7lSrhs 42 | EWCkKR1RivgF4slYmtNE5ZPGZ/d61zjwn2xi4xNJVs8q9WRPMpHp0vCyMwARAQAB 43 | tDFGZWRvcmEgKDMzKSA8ZmVkb3JhLTMzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 44 | cmc+iQI4BBMBAgAiBQJeMAb7AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK 45 | CRBJ/XdJlXD/MZm2D/9kriL43vd3+0DNMeA82n2v9mSR2PQqKny39xNlYPyy/1yZ 46 | P/KXoa4NYSCA971LSd7lv4n/h5bEKgGHxZfttfOzOnWMVSSTfjRyM/df/NNzTUEV 47 | 7ORA5GW18g8PEtS7uRxVBf3cLvWu5q+8jmqES5HqTAdGVcuIFQeBXFN8Gy1Jinuz 48 | AH8rJSdkUeZ0cehWbERq80BWM9dhad5dW+/+Gv0foFBvP15viwhWqajr8V0B8es+ 49 | 2/tHI0k86FAujV5i0rrXl5UOoLilO57QQNDZH/qW9GsHwVI+2yecLstpUNLq+EZC 50 | GqTZCYoxYRpl0gAMbDLztSL/8Bc0tJrCRG3tavJotFYlgUK60XnXlQzRkh9rgsfT 51 | EXbQifWdQMMogzjCJr0hzJ+V1d0iozdUxB2ZEgTjukOvatkB77DY1FPZRkSFIQs+ 52 | fdcjazDIBLIxwJu5QwvTNW8lOLnJ46g4sf1WJoUdNTbR0BaC7HHj1inVWi0p7IuN 53 | 66EPGzJOSjLK+vW+J0ncPDEgLCV74RF/0nR5fVTdrmiopPrzFuguHf9S9gYI3Zun 54 | Yl8FJUu4kRO6JPPTicUXWX+8XZmE94aK14RCJL23nOSi8T1eW8JLW43dCBRO8QUE 55 | Aso1t2pypm/1zZexJdOV8yGME3g5l2W6PLgpz58DBECgqc/kda+VWgEAp7rO2A== 56 | =EPL3 57 | -----END PGP PUBLIC KEY BLOCK----- 58 | EOF 59 | 60 | [[ options[release] -ge DEFAULT_RELEASE ]] || 61 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 62 | -------------------------------------------------------------------------------- /legacy/fedora34.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=34). 3 | 4 | # Override the resolved provider for when it was bundled with systemd. 5 | eval "$(declare -f install_packages | $sed 's/ systemd-resolved//')" 6 | 7 | # Override RPM Fusion URLs with the archive server for EOL releases. 8 | eval "$(declare -f enable_repo_rpmfusion_{,non}free | $sed ' 9 | s,download1\([^/]*/[^/]*\),rhlx01.hs-esslingen.de/Mirrors/archive\1-archive,')" 10 | 11 | function verify_distro() { 12 | local -rx GNUPGHOME="$output/gnupg" 13 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 14 | $mkdir -pm 0700 "$GNUPGHOME" 15 | $gpg --import 16 | $gpg --verify "$1" 17 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 18 | } << 'EOF' 19 | -----BEGIN PGP PUBLIC KEY BLOCK----- 20 | 21 | mQINBF8sAZIBEADKYvLg/5FdLXcVryAFd7Q8qrJq23R7ebxUT1u48Dc8xrsfYJZq 22 | aMcna/xw47wZNyek4Z6YpzqfmnjR7H8yRH/1hAPi/ixYnA6DVL7O3eGE5lYGJzN3 23 | E2ILTzBOI9o/pavvtOqW9N5WIus8cqSdA921v8YPzr3/BTKgGqC9biOrMA+3sNoe 24 | U4T+dztLg20SyBTr/rBH0eui2p/ipvIRuJvHLTKTubR+yG804yupI69M6qFBDebT 25 | rm+CBmwVyj/DY/92LgvCgYqV/TL5FU4qvtyB6jd8JkEeaz/G7UmDRB5JqzKEu6TB 26 | N3SY7nwLiRpIaXet1TWVW/8UKSB2JvYt1LbZyEO82/QOIXxqvV6h3kuBI21RvURz 27 | VxEjRlvPRGHMZ80OoAQqNPkLnVTcX1eLj2ClbwoXCmXFSm72cCCt1SzcAmlaWh8E 28 | rXSUZfs7XqkBrbphXHZ1e6Vxjt/RyKC5doklfOhbuF8gJ31CPo/kuOjFrHGzOwgi 29 | Llec+GHGMfI/cUOu59qo3W85GHsntvEMk83QLkKjBInEYjZSAajp/lS4QF+SD4pl 30 | Qj6Vc1mMCmci61cXX5CcIl1YxNJZzUfZEZNbUjDajqGzkYJoG9n2yJB0w4OiqsAe 31 | ZCirmUIeDUNeI082epc4RFuV33hByGYY9kRWSyM+aCF6PYVISj4l1o9KcQARAQAB 32 | tDFGZWRvcmEgKDM0KSA8ZmVkb3JhLTM0LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 33 | cmc+iQJOBBMBCAA4FiEEjFummQvbJuGfKhqAEWGuaUVxmjkFAl8sAZICGw8FCwkI 34 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQEWGuaUVxmjlVuA//QnMA02tydqwpM7r4 35 | WZ4OvlVqFWHhn3oDaBSwBvn6R1oC0MWbr79nnFDn3tpSkZDUdb7wyArmaF8kG8tI 36 | wit5xD/JAzqRBVa9z2hY3n1SFafU/hp3DwbGIL4vLUv3fRayCgWsGhGp0tZvDC9q 37 | PSvQZ675XpRG4pt/TGJB5gGXw7Jxoae/ffaJeblLLRDlSV/bKJt9sYpdu5InDG2i 38 | yIUHfamtYQtnENKL/bN6w7tU/IEgCHqxPmPRiJ0gTUAi5Yabp1+JHqskE85Hm2QF 39 | xMonX595Ry1yZzCjPGhCPAknJ4BhisXV+E/iV3Jyh8vxbJCo1//ygd1Xz8SkCuu/ 40 | I0xPtFcVSIP2ikYpJwR2nwwQlLbQYIGCw/S1LV725oEYm/Z1xQ5zha2hBB+fxSwz 41 | 7MHsD2XIHrP8NNwt3ywG3NV/BSSkvSSStGUNcQyGRi3O/x/BEIRtWRxgoNO9o3jE 42 | xtWFq3G5+gKY+wfYz/cTGlsWPDG7Fzx4lNisIGATKtLNqdedl7LASPK93z0XDdnS 43 | kfKF0HrT9rdzIKRu4xWatUVIq/65Gv7nsavdsRAQL/Y0jl6sjjQac/Te5J0fByHY 44 | 6tGG1W0UWTd0rzFWitEZI/64/Bs83rGhjJNLqWXItZ5VqLe0TWzuxvRFLfM7oX8r 45 | n5Si4l7NpIJubWPqjPoCoP5lsS8= 46 | =V2FG 47 | -----END PGP PUBLIC KEY BLOCK----- 48 | EOF 49 | 50 | [[ options[release] -ge DEFAULT_RELEASE ]] || 51 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 52 | -------------------------------------------------------------------------------- /legacy/fedora35.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=35). 3 | 4 | # Override buildroot creation to set the container image file name. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.2/')" 6 | 7 | function verify_distro() { 8 | local -rx GNUPGHOME="$output/gnupg" 9 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 10 | $mkdir -pm 0700 "$GNUPGHOME" 11 | $gpg --import 12 | $gpg --verify "$1" 13 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 14 | } << 'EOF' 15 | -----BEGIN PGP PUBLIC KEY BLOCK----- 16 | 17 | mQINBGAcScoBEADLf8YHkezJ6adlMYw7aGGIlJalt8Jj2x/B2K+hIfIuxGtpVj7e 18 | LRgDU76jaT5pVD5mFMJ3pkeneR/cTmqqQkNyQshX2oQXwEzUSb1CNMCfCGgkX8Q2 19 | zZkrIcCrF0Q2wrKblaudhU+iVanADsm18YEqsb5AU37dtUrM3QYdWg9R+XiPfV8R 20 | KBjT03vVBOdMSsY39LaCn6Ip1Ovp8IEo/IeEVY1qmCOPAaK0bJH3ufg4Cueks+TS 21 | wQWTeCLxuZL6OMXoOPKwvMQfxbg1XD8vuZ0Ktj/cNH2xau0xmsAu9HJpekvOPRxl 22 | yqtjyZfroVieFypwZgvQwtnnM8/gSEu/JVTrY052mEUT7Ccb74kcHFTFfMklnkG/ 23 | 0fU4ARa504H3xj0ktbe3vKcPXoPOuKBVsHSv00UGYAyPeuy+87cU/YEhM7k3SVKj 24 | 6eIZgyiMO0wl1YGDRKculwks9A+ulkg1oTb4s3zmZvP07GoTxW42jaK5WS+NhZee 25 | 860XoVhbc1KpS+jfZojsrEtZ8PbUZ+YvF8RprdWArjHbJk2JpRKAxThxsQAsBhG1 26 | 0Lux2WaMB0g2I5PcMdJ/cqjo08ccrjBXuixWri5iu9MXp8qT/fSzNmsdIgn8/qZK 27 | i8Qulfu77uqhW/wt2btnitgRsqjhxMujYU4Zb4hktF8hKU/XX742qhL5KwARAQAB 28 | tDFGZWRvcmEgKDM1KSA8ZmVkb3JhLTM1LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 29 | cmc+iQJOBBMBCAA4FiEEeH6mrhFH7uVsQLMM20Y5cZhnxY8FAmAcScoCGw8FCwkI 30 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ20Y5cZhnxY+NYA/7BYpglySAZYHhjyKh 31 | /+f6zPfVvbH20Eq3kI7OFBN0nLX+BU1muvS+qTuS3WLrB3m3GultpKREJKLtm5ED 32 | 1rGzXAoT1yp9YI8LADdMCCOyjAjsoWU87YUuC+/bnjrTeR2LROCfyPC76W985iOV 33 | m5S+bsQDw7C2LrldAM4MDuoyZ1SitGaZ4KQLVt+TEa14isYSGCjzo7PY8V3JOk50 34 | gqWg82N/bm2EzS7T83WEDb1lvj4IlvxgIqKeg11zXYxmrYSZJJCfvzf+lNS6uxgH 35 | jx/J0ylZ2LibGr6GAAyO9UWrAZSwSM0EcjT8wECnxkSDuyqmWwVvNBXuEIV8Oe3Y 36 | MiU1fJN8sd7DpsFx5M+XdnMnQS+HrjTPKD3mWrlAdnEThdYV8jZkpWhDys3/99eO 37 | hk0rLny0jNwkauf/iU8Oc6XvMkjLRMJg5U9VKyJuWWtzwXnjMN5WRFBqK4sZomMM 38 | ftbTH1+5ybRW/A3vBbaxRW2t7UzNjczekSZEiaLN9L/HcJCIR1QF8682DdAlEF9d 39 | k2gQiYSQAaaJ0JJAzHvRkRJLLgK2YQYiHNVy2t3JyFfsram5wSCWOfhPeIyLBTZJ 40 | vrpNlPbefsT957Tf2BNIugzZrC5VxDSKkZgRh1VGvSIQnCyzkQy6EU2qPpiW59G/ 41 | hPIXZrKocK3KLS9/izJQTRltjMA= 42 | =PfT7 43 | -----END PGP PUBLIC KEY BLOCK----- 44 | EOF 45 | 46 | # OPTIONAL (IMAGE) 47 | 48 | function save_rpm_db() { 49 | opt selinux && local policy && 50 | for policy in root/etc/selinux/*/contexts/files 51 | do echo /usr/lib/rpm-db /var/lib/rpm >> "$policy/file_contexts.subs_dist" 52 | done 53 | mv root/var/lib/rpm root/usr/lib/rpm-db 54 | ln -fns ../../usr/lib/rpm-db root/var/lib/rpm 55 | echo > root/usr/lib/tmpfiles.d/rpm-db.conf \ 56 | 'L /var/lib/rpm - - - - ../../usr/lib/rpm-db' 57 | } 58 | 59 | [[ options[release] -ge DEFAULT_RELEASE ]] || 60 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 61 | -------------------------------------------------------------------------------- /legacy/fedora36.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=36). 3 | 4 | # Override buildroot creation to set the container image file name. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.5/')" 6 | 7 | # Override buildroot post-install to fix AMD microcode in broken versions. 8 | eval "$(declare -f create_buildroot | $sed 's/amd-ucode-firmware/linux-firmware/g')" 9 | [[ options[release] -gt 33 ]] && eval "$(declare -f create_buildroot | $sed ' 10 | /script.*EOF/,/EOF$/s,^exec \(.*\),\1\nfor fw in /lib/firmware/amd-ucode/*.bin.xz ; do unxz "$fw" ; done,')" 11 | 12 | # Point EOL releases at the archive repository server. 13 | eval "$(declare -f enable_repo_rpmfusion_{,non}free | $sed ' 14 | s,download1.rpmfusion.org/\([^/]*\),rhlx01.hs-esslingen.de/Mirrors/archive.rpmfusion.org/\1-archive,g')" 15 | 16 | function verify_distro() { 17 | local -rx GNUPGHOME="$output/gnupg" 18 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 19 | $mkdir -pm 0700 "$GNUPGHOME" 20 | $gpg --import 21 | $gpg --verify "$1" 22 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 23 | } << 'EOF' 24 | -----BEGIN PGP PUBLIC KEY BLOCK----- 25 | 26 | mQINBGAkKwgBEAC+IQKqp/BI1VIvRRqcnRoAxkzsY3pxIS1L+C4gaWjIMf1eBBTq 27 | v9eKd4xHsW80VL/tl81WZWO/7JXKmgHODiXrv4HmDIOo6Z1hxehjVRF3Ih4+sKHR 28 | XCJgwcdJnMfqTKnHiycQggeDuheWbfjV2Fgmvxy0jh0M5PCB5taNz41LmPOaUQmn 29 | PXcI05CjP5msKjRBObw5Cd2oad60pTNhnBWRf288S8W4wH4jNISOZLZTOf6HU5gJ 30 | w9wU9RZoaz8kZPNArlJjZsN83S0XLCxpa6UUgYdzPDHOWGtcWGs3bvNAlTYuacun 31 | oICOvTH/ZJU7mgaZbbdSPVLDJdLBKRVgHbdTAK0J913FEiU93GJR5bf/W5FMN7DV 32 | 6hsJVMiY/knJmkTFE9whDSjEc0TAYhQuC1HnzvMPGJvkeEz9nRqna5QUuo7V6LI4 33 | fZNTSlqFyIi/Oa3ZoliOyOshxJmU3y1HaNcHerO1nFbTtZ7s/TKBhY9oFq4T4gJV 34 | yFWy33p/JDxOtlVjpHEkzwXGdPe6R4xK8xHObEVraOMZMaweII+tMOGwVbxZu2kC 35 | A1aflM+oeyU1Fx9qqM0+dYyHO+kp3M5UtfM006RcNcdfoGrA4l6z9sUnHKsYzOLP 36 | RvKkzxiX3T91vHtRGCXjPOgOsJJzjkFtE1a5oFZg39fC99HZdbX0rUqAtQARAQAB 37 | tDFGZWRvcmEgKDM2KSA8ZmVkb3JhLTM2LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 38 | cmc+iQJOBBMBCAA4FiEEU97Sy5Iti42eY/0YmZ98vzircfQFAmAkKwgCGw8FCwkI 39 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQmZ98vzircfSGaxAAlDBWuY1Ch3YsssGE 40 | uaeOuaHmDj08p08WUAFUPBN0ID+0pmRQjywFzrufw8Z2g/lHwic+tpXXr/RtMmcl 41 | +WzLh1E34TRqEngjDJ27QBq1Jyid3h1manKLhZhJ8b1usKHP7Dqh7n+eMTv2Qgrt 42 | 6MrCNe4otWZ9WJ5vp/Bay5yAtU6lNoWBmJ+6BS1/2mg2jhoXrfg/Vey+/i6nYZIk 43 | M4IcYCyGCi9rjc8NMgkCyzPkPJtsy2taB+VdUcZyjFpc1acmC8sR/2/SEl4+pOtM 44 | UzW+OUOQFrerX/8MC5LqvmtsiPMyRDCOw3reJTXyoUIehoHoK9QtAdIRRP2nAkPy 45 | GKycVzsLbtheJXUZharXL1DwOkpMNlm3hp9BxX89m7dLblMSjtrQPs8CkpAExAQW 46 | FBltsD73ZhGnfE/XdWp7343m1w5W2m85/rczP+2et+c+HPmYTgaJTu8fAF0FoTDd 47 | uD1r9DxRa2oN3YBiPP/nXnhJaH//GgF/RRw7Fbc66fCh8DTrMsPgmyi/O3/pdSGe 48 | k0UqEfSdzNPbl7gVFlCbr4Ur5n1ph+sEZqOhMuyszLZZvYvUrHsDuanML5X25coP 49 | h+rqyjHJJeYlS2tMAQB1fmHB0LWhRhKYaOROAXFmUutFUxVVoigNCl8mV561DCz6 50 | 6/zy81ZGeyUGOEIZ1NFuoY0EhC8= 51 | =KaIq 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | EOF 54 | 55 | [[ options[release] -ge DEFAULT_RELEASE ]] || 56 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 57 | -------------------------------------------------------------------------------- /legacy/fedora37.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=37). 3 | 4 | # Override buildroot creation to set the container image file name. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.7/')" 6 | 7 | # Override package installation to use the bundled UEFI stub. 8 | eval "$(declare -f create_buildroot | $sed 's/systemd-boot[-a-z]*//')" 9 | 10 | # Override UEFI logo generation to support old ImageMagick and systemd. 11 | eval "$(declare -f save_boot_files | $sed "s/magick/convert/ 12 | s/-trim/& -color-matrix '0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0'/")" 13 | 14 | function verify_distro() { 15 | local -rx GNUPGHOME="$output/gnupg" 16 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 17 | $mkdir -pm 0700 "$GNUPGHOME" 18 | $gpg --import 19 | $gpg --verify "$1" 20 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 21 | } << 'EOF' 22 | -----BEGIN PGP PUBLIC KEY BLOCK----- 23 | 24 | mQINBGESvNwBEAC7HsCDTlugVeDSMFX6aW3zAPFMfvBssNj+89fdmbxcI9t7UY6f 25 | HvkkGziUET8e+9jB8R2/wXQCGOw1J+sfmwO4aN0LdVQjhKvVNj+F5jWt3m5FAIBa 26 | OTWS6Kvqw2ECTpH7fD86541eK3BuCni6d5U3PCd73t976FcUmpQ/1AthqMksM0Jz 27 | cJapvNmLTCR0NZ2XyyLmn/K1hgNXe8G5j0cSrJiY+Zpz5aQkT96j96Jm6W2A+tBI 28 | icU4n6V4vlj2TxmCumtXJGXGBGJnof/dCgh45aqi+sk5c429ns+5sooYcaEJojj6 29 | FYSITv10l+az6ZMJz/j61VYSkhMY8hQ4Wd+yL2JVzLE9N9V0L95sX1yEZ5ILmzwx 30 | oRKe4WHSBE6yMxNWobv7hmC+3ZC5mLPaEDS/g/0xuQj9Sy9eT2mhhFPxOv29YQ+P 31 | sC3zXHJMMT0tlGd72PVHQQ0JYONfMhcC+7AHGFGz8p4/wor2jIFG1ouqE6Lfzm8o 32 | XWZMYm3AydlrP/xkYaoWNE3jL/+dskSBr/Yz7ZzlkAqH9lb1HKnXQLTrw6gz6pmI 33 | KufSDXjEFNxnFI/9gMlshJtk5+QSDzezmxFm+NMviSvDUNAVIzrU1D84dauBYph4 34 | OrJVeECQHEotny/I53AdlVwLYB4TWkObzTs6vtV7Pz1TK2CmHpe3UW72xwARAQAB 35 | tDFGZWRvcmEgKDM3KSA8ZmVkb3JhLTM3LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 36 | cmc+iQJOBBMBCAA4FiEErLXuToMcdLt8Fo0n9VrT+1MjVSoFAmESvNwCGw8FCwkI 37 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ9VrT+1MjVSoPMhAAist7kK/YtcyBL/dt 38 | P55hPrkJT6Ay+e2Dvt4Pixe4iT32Y3jG12aoX2LY//mxVOOpV+EhXYTTb5aLt2Jj 39 | a8/qCKJFk7zuCOxa1hgdRcjoR7ZbU0lNjD9mMCax/YT9QafcaMEib/FlknP3g1SN 40 | GRSKLObTJd6BbtZXCE80JRIX+Dy6+/Oz7LXRXeKpiimhlXT1wuTaqAJEtuHdQvg7 41 | dkL4DzAJ2FiURVd5gvgo266WaCMafJjFRrSGHJm0c+V+0Z9NsuH80JbPm+rCUh5U 42 | E9PMyztqlqtldtqc1+aZ1iUbVuXY059BUmlAhmf5sAlBktY+hEabH/4kmfGccbBL 43 | TyBIn03Y9q9173okZSUe6q16m/hbbWI8dwkSpIADZbGGJbRi8PJpCg9y6KI355qD 44 | atE2irleoy6eXqpKa+uPTRBk7i/r6jDoA+u+tZyFfcEnwvSWP8cN1j5mNklvITZl 45 | YF1n5b3fejkZVdOmRZQNkyzMxYEd4UZFQZNYrx0nltAagRS8b5ikqNk2UTl+dyBG 46 | k9gLOSZhAa2JdmAqwe9rT69jaa4kZMLlxPPC3246s83t0s7lp7vF+zLPfPSvxpsU 47 | tg+fuT+OFKWYdBFF7VkEA+wezHAznIP6TPyQXbBpkzE889/hOXy4BYs0wy8Bpda/ 48 | Ve2Ba329f99dSCZKImi5DPCxJY4= 49 | =ZmVd 50 | -----END PGP PUBLIC KEY BLOCK----- 51 | EOF 52 | 53 | [[ options[release] -ge DEFAULT_RELEASE ]] || 54 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 55 | -------------------------------------------------------------------------------- /legacy/fedora38.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=38). 3 | 4 | # Override buildroot creation to set the container image file name. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.6/')" 6 | 7 | # Point EOL releases at the archive repository server. 8 | eval "$(declare -f create_buildroot | $sed ' 9 | s,dl.fedoraproject.org/pub,archives.fedoraproject.org/pub/archive,g')" 10 | 11 | function verify_distro() { 12 | local -rx GNUPGHOME="$output/gnupg" 13 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 14 | $mkdir -pm 0700 "$GNUPGHOME" 15 | $gpg --import 16 | $gpg --verify "$1" 17 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 18 | } << 'EOF' 19 | -----BEGIN PGP PUBLIC KEY BLOCK----- 20 | 21 | mQINBGIC2cYBEADJye1aE0AR17qwj6wsHWlCQlcihmqkL8s4gbOk1IevBbH4iXJx 22 | lu6bN+NhTcCCX6eHmaL5Pwb/bpkMmLR+/r1D2cLDK24YzvN6kJnwRQUTf2dbqYmg 23 | mNBgIMm+kAabBZPwUHUzyQ9CT/WJpYr1OYu8JIkdxF35nrPewnnOUUqxqbi8fXRQ 24 | gskSLF8UveiOjFIqmWwlPwT1UtnevAaF80UGQlkwFvqjjh4b9vKY2gHMAQwt+wg5 25 | HFFCSwSrnd88ZoDb3pKvDMeurYUiPzF5f2r+ziVkMuaSNckvp58uge7HvyqQPAdJ 26 | ZRswCCxhUAo9VqkNfB4Ud25ASyalk9jOE3HB8E35gFfPXvuX1n15THXNcwMEiybk 27 | Omne2YwXL8ShGNr5otjqywThMrrqcl2g/pJVTcpDHTR5Hn9YRp+GHlYLjyEr+/x7 28 | xM19y9ca9GUiJqDbEREHcKKIhYiGmcIjjcJvei/3C/aM4pqeGFJBbVSnw3qeMxH/ 29 | 6ArAMA1sAdShCkv2YjlcF0r4uoCjXdS3xrKLz9PSCquot7RySnOE9TZ7flfJll7Z 30 | q+lNaSeJg7FK8VWSUb9Lit6VEYVbzWKzespDDbujrHbFpydyq8gXurk7bSR2w0te 31 | gsmytQqT/w1z2bydgGF6SfY9Px0wuA8GQKr48l5Bhdc6+vHHFqPKzz0PVQARAQAB 32 | tDFGZWRvcmEgKDM4KSA8ZmVkb3JhLTM4LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 33 | cmc+iQJOBBMBCAA4FiEEalG7q7o9VGe2FxIhgJqNfOsQtGQFAmIC2cYCGw8FCwkI 34 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQgJqNfOsQtGScyw/7BLmD4Fwi4QZY94zl 35 | vlJdNufZRavOemSIVVDHoCr8pQBAdrvoMypxJd5zM4ODIqFsjdYpFti+Tkeq4/4U 36 | 25UoLPEOtU8UDt2uq7LqfdCxspaj7VyXAJIkpf7wEvLS4Jzo+YaMIlsd0dCrMXTM 37 | vhu4gKpBFW6C+gGlmuDyTJbyrf7ilytgVzVtIfRrT7XffylviIlZHwKm43UDjvzX 38 | YEl3EAFR1RjATwXMy2aJh7GCNsz+fKs+7YRKQUhpMF5un/2pyNJO+LbVGGwGZvga 39 | K9Kfsg/4r1ync4nDDD1dadKIHhobDeiJ9uZLoBvvVDz7Ywu7q/vv4zIPxstYBNq4 40 | 6fLKDtYXuJCK0EV9Qy4ox67t0UGlaRGH8y5YUqOI10xH7iQej0xWlSc8w2dKhPz8 41 | z9XLv2OMK+PvqvflhFHhWkqEoQRqTu0TVD0fLLe4lqieJlqZcJqW0F9G/vNSSWmf 42 | POLa/Nim71gL2fPjCJOIRV4K/cJSyBmu5NchG7dHD5sUtJxZ4TFSuepaBZ8cPK1x 43 | e26TaCBqoUWgUXWmw+P89aOpYOJYEFfT/VAm2Ywn+c1EFUmD+30wQ7aP/RUFl94z 44 | n0BjqsWDnCKVFHydZ0TZSpeADmXMg2VYZPcp/cQR1KjoBoDxAscis7b1XPQUg7CB 45 | zquq5jBVAnsNIhs7g47GWKyDUJM= 46 | =aCLl 47 | -----END PGP PUBLIC KEY BLOCK----- 48 | EOF 49 | 50 | [[ options[release] -ge DEFAULT_RELEASE ]] || 51 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 52 | -------------------------------------------------------------------------------- /legacy/fedora39.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=39). 3 | 4 | # Override buildroot creation to use the pre-OCI container format. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.5/ 6 | /image=/{s/-Generic..DEFAULT_ARCH-/-/;s/oci/$DEFAULT_ARCH/;} 7 | /mkdir.*oci/,/tar.*layer/c\ 8 | $tar -xJOf "$output/image.txz" "*/layer.tar" | $tar -C "$buildroot" -x\ 9 | $rm -f "$output/checksum" "$output/image.txz"')" 10 | 11 | # Override package installation to set the previous authentication profile. 12 | eval "$(declare -f install_packages | $sed 's/select local/select minimal/')" 13 | 14 | function verify_distro() { 15 | local -rx GNUPGHOME="$output/gnupg" 16 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 17 | $mkdir -pm 0700 "$GNUPGHOME" 18 | $gpg --import 19 | $gpg --verify "$1" 20 | [[ $($sha256sum "$2") == $($sed -n '/=/{s/.* //p;q;}' "$1")\ * ]] 21 | } << 'EOF' 22 | -----BEGIN PGP PUBLIC KEY BLOCK----- 23 | 24 | mQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy 25 | l/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ 26 | d/YmMWQUgbDlApbxFSGWiXMgT0Js5QdcywHI5oiCmV0lkZ+khZ4PkVWmk6uZgYWf 27 | JOG5wp5TDPnoYXlA4CLb6hu2691aDm9b99XYqEjhbeIzS9bFQrdrQzRMKyzLr8NW 28 | s8Pq2tgyzu8txlWdBXJyAMKldTPstqtygLL9UUdo7CIQQzWqeDbAnv+WdOmiI/hR 29 | etbbwNV+thkLJz0WD90C2L3JEeUJX5Qa4oPvfNLDeCKmJFEFUTCEdm0AYoQDjLJQ 30 | 3d3q9M09thXO/jYM0cSnJDclssLNsNWfjJAerLadLwNnYRuralw7f74QSLYdJAJU 31 | SFShBlctWKnlhQ7ehockqtgXtWckkqPZZjGiMXwHde9b9Yyi+VqtUQWxSWny+9g9 32 | 6tcoa3AdnmpqSTHQxYajD0EGXJ0z0NXfqxkI0lo8UxzypEBy4sARZ4XhTU73Zwk0 33 | LGhEUHlfyxXgRs6RRvM2UIoo+gou2M9rn/RWkhuHJNSfgrM0BmIBCjhjwGiS33Qh 34 | ysLDWJMdch8lsu1fTmLEFQrOB93oieOJQ0Ysi5gQY8TOT+oZvVi9pSMJuwARAQAB 35 | tDFGZWRvcmEgKDM5KSA8ZmVkb3JhLTM5LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 36 | cmc+iQJOBBMBCAA4FiEE6PI5lvIyGGQMtEy+dc9axBi450wFAmLykg8CGw8FCwkI 37 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQdc9axBi450yd4w//ZtghbZX5KFstOdBS 38 | rcbBfCK9zmRvzeejzGl6lPKfqwx7OOHYxFlRa9MYLl8QG7Aq6yRRWzzEHiSb0wJw 39 | WXz5tbkAmV/fpS4wnb3FDArD44u317UAnaU+UlhgK1g62lwI2dGpvTSvohMBMeBY 40 | B5aBd+sLi3UtiSRM2XhxvxaWwr/oFLjKDukgrPQzeV3F/XdxGhSz/GZUVFVprcrB 41 | h/dIo4k0Za7YVRhlVM0coOIcKbcjxAK9CCZ8+jtdIh3/BN5zJ0RFMgqSsrWYWeft 42 | BI3KWLbyMfRwEtp7xSi17WXbRfsSoqwIVgP+RCSaAdVuiYs/GCRsT3ydYcDvutuJ 43 | YZoE53yczemM/1HZZFI04zI7KBsKm9NFH0o4K2nBWuowBm59iFvWHFpX6em54cq4 44 | 45NwY01FkSQUqntfqCWFSowwFHAZM4gblOikq2B5zHoIntCiJlPGuaJiVSw9ZpEc 45 | +IEQfmXJjKGSkMbU9tmNfLR9skVQJizMTtoUQ12DWC+14anxnnR2hxnhUDAabV6y 46 | J5dGeb/ArmxQj3IMrajdNwjuk9GMeMSSS2EMY8ryOuYwRbFhBOLhGAnmM5OOSUxv 47 | A4ipWraXDW0bK/wXI7yHMkc6WYrdV3SIXEqJBTp7npimv3JC+exWEbTLcgvV70FP 48 | X55M9nDtzUSayJuEcfFP2c9KQCE= 49 | =J4qZ 50 | -----END PGP PUBLIC KEY BLOCK----- 51 | EOF 52 | 53 | [[ options[release] -ge DEFAULT_RELEASE ]] || 54 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 55 | -------------------------------------------------------------------------------- /legacy/fedora40.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=fedora [release]=40). 3 | 4 | # Override buildroot creation to use the pre-dnf5 container format. 5 | eval "$(declare -f create_buildroot | $sed 's/cver=.*/cver=1.14/ 6 | /image=/{s/-Minimal-\([^.]*\)\.\([^.]*\)/.\2-\1/;}')" 7 | 8 | # Override package installation to go back to pre-dnf5. 9 | eval "$(declare -f install_packages | 10 | $sed 's/libdnf5/dnf/g;s/ --use-host-config / /')" 11 | 12 | function verify_distro() { 13 | local -rx GNUPGHOME="$output/gnupg" 14 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 15 | $mkdir -pm 0700 "$GNUPGHOME" 16 | $gpg --import 17 | $gpg --verify "$1" 18 | [[ $($sha256sum "$2") == $($sed -n '/Generic\..*=/{s/.* //p;q;}' "$1")\ * ]] 19 | } << 'EOF' 20 | -----BEGIN PGP PUBLIC KEY BLOCK----- 21 | 22 | mQINBGPQTCwBEADFUL0EQLzwpKHtlPkacVI156F2LnWp6K69g/6yzllidHI3b7EV 23 | QgQ9/Kdou6wNuOahNKa6WcEi6grEXexD7pAcu4xdRUp79XxQy5pC7Aq2/Dwf0vRL 24 | 2y0kqof+C7iSzhHsfLoaqKKeh2njAo1KLZXYTHAWAMbXEyO/FJevaHLXe2+yYd7j 25 | luD58gyXgGDXXJ2lymLqs2jobjWdmGPNZGFl36RP3Dnk0FpbdH78kyIIsc2foYuF 26 | 00rnuumwCtK3V58VOZo6IkaYk2irdyeetmJjVHwLHwJB3EaAwGy9Z2oAH3LxxFfk 27 | rQb0DH0Nzb3fpEziopOOqSi+6guV4RHUKAkCUMu+Mo5XwFVPUAIfNRTVqoIaEasC 28 | WO26lhkB87wwIvyb/TPGSeh6laHPRf0QOUOLkugdkSHoaJFWoTCcu9Y4aeDpf+ZQ 29 | fMVmkJNRS1tXONgz+pDk1rro/tNrkusYG18xjvSZTB0P0C4b4+jgK5l7me0NU6G3 30 | Ww/hIng5lxWfXgE9bpxlN834v1xy5Z3v17guJu1ec/jzKzQQ4356wyegXURjYoWe 31 | awcnK1S+9gxivnkOk1bGLNxrEh5vB6PDcI1VQ1ECH50EHyvE1IXJDaaStdAkacv2 32 | qHcd15CnlBW1LYFj0CHs/sGu9FD0iSF95OVRX4gjg9Wa4f8KvtEO/f+FeQARAQAB 33 | tDFGZWRvcmEgKDQwKSA8ZmVkb3JhLTQwLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 34 | cmc+iQJOBBMBCAA4FiEEEV35rvhXhT7oRF0KBydwfqFbecwFAmPQTCwCGw8FCwkI 35 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQBydwfqFbecxJOw//XaoJG3zN01bVM63H 36 | nFmMW/EnLzKrZqH8ZNq8CP9ycoc4q8SYcMprHKG9jufzj5/FhtpYecp3kBMpSYHt 37 | Vu46LS9NajJDwdfvUMezVbieNIQ8icTR5s5IUYFlc47eG6PRe3k0n5fOPcIb6q82 38 | byrK3dQnanOcVdoGU7QO9LAAHO9hg0zgZa0MxQAlDQov3dZcr7u7qGcQmU5JzcRS 39 | JgfDxHxDuMjmq6Kd0/UwD00kd2ptZgRls0ntXdm9CZGtQ/Q0baJ3eRzccpd/8bxy 40 | RWF9MnOdmV6ojcFKYECjEzcuheUlcKQH9rLkeBSfgrIlK3L7LG8bg5ouZLdx17rQ 41 | XABNQGmJTaGAiEnS/48G3roMS8R7fhUljcKr6t63QQQJ2qWdPvI6EMC2xKZsLHK4 42 | XiUvrmJpUprvEQSKBUOf/2zuXDBshtAnoKh7h5aG+TvozL4yNG5DKpSH3MRj1E43 43 | KoMsP/GN/X5h+vJnvhiCWxNMPP81Op0czBAgukBm627FTnsvieJOOrzyxb1s75+W 44 | 56gJombmhzUfzr88AYY9mFy7diTw/oldDZcfwa8rvOAGJVDlyr2hqkLoGl+5jPex 45 | slt3NF4caE/wP9wPMgFRkmMOr8eiRhjlWLrO6mQdBp7Qsj3kEXioP+CZ1cv/sbaK 46 | 4DM7VidB4PLrMFQMaf0LpjpC2DM= 47 | =wOl2 48 | -----END PGP PUBLIC KEY BLOCK----- 49 | EOF 50 | 51 | [[ options[release] -ge DEFAULT_RELEASE ]] || 52 | . "legacy/${options[distro]}$(( --DEFAULT_RELEASE )).sh" 53 | -------------------------------------------------------------------------------- /legacy/ubuntu20.04.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=ubuntu [release]=20.04). 3 | 4 | # Override default OVMF paths. 5 | eval "$(declare -f set_uefi_variables | $sed s/_4M//g)" 6 | 7 | [[ ${options[release]} == 20.04 ]] 8 | -------------------------------------------------------------------------------- /legacy/ubuntu20.10.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=ubuntu [release]=20.10). 3 | 4 | # Override ramdisk creation since the kernel is too old to support zstd. 5 | eval "$(declare -f create_buildroot | $sed 's/ zstd//' 6 | declare -f configure_initrd_generation | $sed /compress=/d 7 | declare -f relabel squash build_systemd_ramdisk | 8 | $sed 's/zstd --[^|>]*/xz --check=crc32 -9e /')" 9 | 10 | # Override ESP creation to support old dosfstools that can't use offsets. 11 | eval "$(declare -f partition | $sed '/^ *if opt uefi/,/^ *fi/{ 12 | /esp_image=/s/=.*/=esp.img ; truncate --size=$(( esp * bs )) $esp_image/ 13 | s/ --offset=[^ ]* / /;s/ gpt.img / $esp_image / 14 | /^ *fi/idd bs=$bs conv=notrunc if=$esp_image of=gpt.img seek=$start 15 | }')" 16 | 17 | # Override variable generation to use the old QEMU bare SMBIOS argument. 18 | eval "$(declare -f set_uefi_variables | $sed -e '/timeout/i\ 19 | cat <(echo -en "\\x0B\\x05\\x34\\x12\\x01") "$keydir/sb.oem" <(echo -en "\\0\\0") > "$keydir/sb.smbios" 20 | s/type=11,path\(=\S*\)oem/file\1smbios/')" 21 | 22 | [[ ${options[release]} > 20.04 ]] || . "legacy/${options[distro]}20.04.sh" 23 | -------------------------------------------------------------------------------- /legacy/ubuntu21.10.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=ubuntu [release]=21.10). 3 | 4 | # Override previous UEFI logo edits. 5 | eval "$(declare -f save_boot_files | $sed \ 6 | -e 's,/g,&;// viewBox="0 0 22 22">/,' \ 7 | -e "s/convert.*svg/& -color-matrix '0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0'/")" 8 | 9 | [[ ${options[release]} == 20.04 ]] || # Don't use the old key for updated LTS. 10 | function verify_distro() { 11 | local -rx GNUPGHOME="$output/gnupg" 12 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 13 | $mkdir -pm 0700 "$GNUPGHOME" 14 | $gpg --import 15 | $gpg --verify "$2" "$1" 16 | [[ $($sha256sum "$3") == $($sed -n 's/ .*root.tar.xz$//p' "$1")\ * ]] 17 | } << 'EOF' 18 | -----BEGIN PGP PUBLIC KEY BLOCK----- 19 | 20 | mQINBFCMc9EBEADDKn9mOi9VZhW+0cxmu3aFZWMg0p7NEKuIokkEdd6P+BRITccO 21 | ddDLaBuuamMbt/V1vrxWC5J+UXe33TwgO6KGfH+ECnXD5gYdEOyjVKkUyIzYV5RV 22 | U5BMrxTukHuh+PkcMVUy5vossCk9MivtCRIqM6eRqfeXv6IBV9MFkAbG3x96ZNI/ 23 | TqaWTlaHGszz2Axf9JccHCNfb3muLI2uVnUaojtDiZPm9SHTn6O0p7Tz7M7+P8qy 24 | vc6bdn5FYAk+Wbo+zejYVBG/HLLE4+fNZPESGVCWZtbZODBPxppTnNVm3E84CTFt 25 | pmWFBvBE/q2G9e8s5/mP2ATrzLdUKMxr3vcbNX+NY1Uyvn0Z02PjbxThiz1G+4qh 26 | 6Ct7gprtwXPOB/bCITZL9YLrchwXiNgLLKcGF0XjlpD1hfELGi0aPZaHFLAa6qq8 27 | Ro9WSJljY/Z0g3woj6sXpM9TdWe/zaWhxBGmteJl33WBV7a1GucN0zF1dHIvev4F 28 | krp13Uej3bMWLKUWCmZ01OHStLASshTqVxIBj2rgsxIcqH66DKTSdZWyBQtgm/kC 29 | qBvuoQLFfUgIlGZihTQ96YZXqn+VfBiFbpnh1vLt24CfnVdKmzibp48KkhfqduDE 30 | Xxx/f/uZENH7t8xCuNd3p+u1zemGNnxuO8jxS6Ico3bvnJaG4DAl48vaBQARAQAB 31 | tG9VYnVudHUgQ2xvdWQgSW1hZ2UgQnVpbGRlciAoQ2Fub25pY2FsIEludGVybmFs 32 | IENsb3VkIEltYWdlIEJ1aWxkZXIpIDx1YnVudHUtY2xvdWRidWlsZGVyLW5vcmVw 33 | bHlAY2Fub25pY2FsLmNvbT6JAjgEEwECACIFAlCMc9ECGwMGCwkIBwMCBhUIAgkK 34 | CwQWAgMBAh4BAheAAAoJEH/z9AhHbPEAvRIQAMLE4ZMYiLvwSoWPAicM+3FInaqP 35 | 2rf1ZEf1k6175/G2n8cG3vK0nIFQE9Cus+ty2LrTggm79onV2KBGGScKe3ga+meO 36 | txj601Wd7zde10IWUa1wlTxPXBxLo6tpF4s4aw6xWOf4OFqYfPU4esKblFYn1eMK 37 | Dd53s3/123u8BZqzFC8WSMokY6WgBa+hvr5J3qaNT95UXo1tkMf65ZXievcQJ+Hr 38 | bp1m5pslHgd5PqzlultNWePwzqmHXXf14zI1QKtbc4UjXPQ+a59ulZLVdcpvmbjx 39 | HdZfK0NJpQX+j5PU6bMuQ3QTMscuvrH4W41/zcZPFaPkdJE5+VcYDL17DBFVzknJ 40 | eC1uzNHxRqSMRQy9fzOuZ72ARojvL3+cyPR1qrqSCceX1/Kp838P2/CbeNvJxadt 41 | liwI6rzUgK7mq1Bw5LTyBo3mLwzRJ0+eJHevNpxl6VoFyuoA3rCeoyE4on3oah1G 42 | iAJt576xXMDoa1Gdj3YtnZItEaX3jb9ZB3iz9WkzZWlZsssdyZMNmpYV30Ayj3CE 43 | KyurYF9lzIQWyYsNPBoXORNh73jkHJmL6g1sdMaxAZeQqKqznXbuhBbt8lkbEHMJ 44 | Stxc2IGZaNpQ+/3LCwbwCphVnSMq+xl3iLg6c0s4uRn6FGX+8aknmc/fepvRe+ba 45 | ntqvgz+SMPKrjeevuQINBFCMc9EBEADKGFPKBL7/pMSTKf5YH1zhFH2lr7tf5hbz 46 | ztsx6j3y+nODiaQumdG+TPMbrFlgRlJ6Ah1FTuJZqdPYObGSQ7qd/VvvYZGnDYJv 47 | Z1kPkNDmCJrWJs+6PwNARvyLw2bMtjCIOAq/k8wByKkMzegobJgWsbr2Jb5fT4cv 48 | FxYpm3l0QxQSw49rriO5HmwyiyG1ncvaFUcpxXJY8A2s7qX1jmjsqDY1fWsv5PaN 49 | ue0Fr3VXfOi9p+0CfaPY0Pl4GHzat/D+wLwnOhnjl3hFtfbhY5bPl5+cD51SbOnh 50 | 2nFv+bUK5HxiZlz0bw8hTUBN3oSbAC+2zViRD/9GaBYY1QjimOuAfpO1GZmqohVI 51 | msZKxHNIIsk5H98mN2+LB3vH+B6zrSMDm3d2Hi7ZA8wH26mLIKLbVkh7hr8RGQjf 52 | UZRxeQEf+f8F3KVoSqmfXGJfBMUtGQMTkaIeEFpMobVeHZZ3wk+Wj3dCMZ6bbt2i 53 | QBaoa7SU5ZmRShJkPJzCG3SkqN+g9ZcbFMQsybl+wLN7UnZ2MbSk7JEy6SLsyuVi 54 | 7EjLmqHmG2gkybisnTu3wjJezpG12oz//cuylOzjuPWUWowVQQiLs3oANzYdZ0Hp 55 | SuNjjtEILSRnN5FAeogs0AKH6sy3kKjxtlj764CIgn1hNidSr2Hyb4xbJ/1GE3Rk 56 | sjJi6uYIJwARAQABiQIfBBgBAgAJBQJQjHPRAhsMAAoJEH/z9AhHbPEA6IsP/3jJ 57 | DaowJcKOBhU2TXZglHM+ZRMauHRZavo+xAKmqgQc/izgtyMxsLwJQ+wcTEQT5uqE 58 | 4DoWH2T7DGiHZd/89Qe6HuRExR4p7lQwUop7kdoabqm1wQfcqr+77Znp1+KkRDyS 59 | lWfbsh9ARU6krQGryODEOpXJdqdzTgYhdbVRxq6dUopz1Gf+XDreFgnqJ+okGve2 60 | fJGERKYynUmHxkFZJPWZg5ifeGVt+YY6vuOCg489dzx/CmULpjZeiOQmWyqUzqy2 61 | QJ70/sC8BJYCjsESId9yPmgdDoMFd+gf3jhjpuZ0JHTeUUw+ncf+1kRf7LAALPJp 62 | 2PTSo7VXUwoEXDyUTM+dI02dIMcjTcY4yxvnpxRFFOtklvXt8Pwa9x/aCmJb9f0E 63 | 5FO0nj7l9pRd2g7UCJWETFRfSW52iktvdtDrBCft9OytmTl492wAmgbbGeoRq3ze 64 | QtzkRx9cPiyNQokjXXF+SQcq586oEd8K/JUSFPdvth3IoKlfnXSQnt/hRKv71kbZ 65 | IXmR3B/q5x2Msr+NfUxyXfUnYOZ5KertdprUfbZjudjmQ78LOvqPF8TdtHg3gD2H 66 | +G2z+IoH7qsOsc7FaJsIIa4+dljwV3QZTE7JFmsas90bRcMuM4D37p3snOpHAHY3 67 | p7vH1ewg+vd9ySST0+OkWXYpbMOIARfBKyrGM3nu 68 | =+MFT 69 | -----END PGP PUBLIC KEY BLOCK----- 70 | EOF 71 | 72 | [[ ${options[release]} > 20.10 ]] || . "legacy/${options[distro]}20.10.sh" 73 | -------------------------------------------------------------------------------- /legacy/ubuntu22.04.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=ubuntu [release]=22.04). 3 | 4 | # Override the UEFI stub provider for when it was bundled with systemd. 5 | eval "$(declare -f create_buildroot | $sed 's/ systemd-boot-efi / /')" 6 | 7 | # Override the resolved provider for when it was bundled with systemd. 8 | eval "$(declare -f install_packages | $sed /systemd-resolved/d)" 9 | 10 | [[ ${options[release]} > 21.10 ]] || . "legacy/${options[distro]}21.10.sh" 11 | -------------------------------------------------------------------------------- /legacy/ubuntu22.10.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | declare -f verify_distro &> /dev/null # Use ([distro]=ubuntu [release]=22.10). 3 | 4 | # Point EOL releases at the archive repository server. 5 | [[ 6 | ${options[release]#[0-9][0-9].} == 04 && # LTS are April releases... 7 | $(( ${options[release]%%.*} & 1 )) -eq 0 && # every other year... 8 | ${options[release]%%.*} -ge 20 # with the oldest supported from 2020. 9 | ]] || eval "$(declare -f create_buildroot | $sed '/fix-apt/i\ 10 | $sed -i -e "/ubuntu.com/s,://[a-z]*,://old-releases," "$buildroot/etc/apt/sources.list"' 11 | declare -f install_packages | $sed -e 's,://archive,://old-releases,')" 12 | 13 | [[ ${options[release]} > 22.04 ]] || . "legacy/${options[distro]}22.04.sh" 14 | -------------------------------------------------------------------------------- /opensuse.sh: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | packages=(aaa_base branding-openSUSE openSUSE-release) 3 | packages_buildroot=() 4 | 5 | options[enforcing]= 6 | options[loadpin]= 7 | options[verity_sig]= 8 | 9 | function create_buildroot() { 10 | local -r image="https://download.opensuse.org/tumbleweed/appliances/opensuse-tumbleweed-image.$DEFAULT_ARCH-lxc.tar.xz" 11 | 12 | opt bootable && packages_buildroot+=(kernel-default zstd) 13 | opt bootable && [[ ${options[arch]:-$DEFAULT_ARCH} == *[3-6x]86* ]] && packages_buildroot+=(ucode-{amd,intel}) 14 | opt gpt && opt uefi && packages_buildroot+=(dosfstools mtools) 15 | opt read_only && ! opt squash && packages_buildroot+=(erofs-utils) 16 | opt secureboot && packages_buildroot+=(mozilla-nss-tools pesign) 17 | opt selinux && packages_buildroot+=(busybox kernel-default policycoreutils qemu-x86 zstd) 18 | opt squash && packages_buildroot+=(squashfs) 19 | opt uefi && packages_buildroot+=(binutils distribution-logos-openSUSE-Tumbleweed ImageMagick systemd-boot) 20 | opt uefi_vars && packages_buildroot+=(ovmf qemu-ovmf-x86_64 qemu-x86) 21 | opt verity && packages_buildroot+=(cryptsetup device-mapper) 22 | packages_buildroot+=(curl e2fsprogs glib2-tools openssl) 23 | 24 | $curl -L "$image.sha256" > "$output/checksum" 25 | $curl -L "$image.sha256.asc" > "$output/checksum.sig" 26 | $curl -L "$image" > "$output/image.txz" 27 | verify_distro "$output"/checksum{,.sig} "$output/image.txz" 28 | $tar -C "$buildroot" -xJf "$output/image.txz" 29 | $rm -f "$output"/checksum{,.sig} "$output/image.txz" 30 | $ln -fns ../proc/self/mounts "$buildroot/etc/mtab" 31 | 32 | # Disable non-OSS packages by default. 33 | $sed -i -e '/^enabled=/s/=.*/=0/' "$buildroot/etc/zypp/repos.d/repo-non-oss.repo" 34 | 35 | # Bypass license checks since it is abused to display random warnings. 36 | $sed -i -e 's/^[# ]*\(autoAgreeWithLicenses\) *=.*/\1 = yes/' \ 37 | "$buildroot/etc/zypp/zypper.conf" 38 | 39 | # Let the configuration decide if the system should have documentation. 40 | $sed -i -e 's/^rpm.install.excludedocs/# &/' "$buildroot/etc/zypp/zypp.conf" 41 | 42 | # Disable broken UEFI script. 43 | ln -fns ../bin/true "$buildroot/usr/sbin/sdbootutil" 44 | 45 | configure_initrd_generation 46 | initialize_buildroot "$@" 47 | 48 | script "${packages_buildroot[@]}" << 'EOF' 49 | zypper --non-interactive dist-upgrade 50 | zypper --non-interactive update --allow-vendor-change 51 | zypper --non-interactive install --allow-vendor-change "$@" 52 | EOF 53 | 54 | # Don't block important file systems in the initrd. 55 | $rm -f "$buildroot/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" 56 | } 57 | 58 | function install_packages() { 59 | opt bootable && packages+=(systemd) 60 | opt networkd && packages+=(systemd-network) 61 | opt selinux && packages+=("selinux-policy-${options[selinux]}") 62 | 63 | enable_repo_ports 64 | zypper --gpg-auto-import-keys --non-interactive --installroot="$PWD/root" \ 65 | install "${packages[@]:-filesystem}" "$@" || [[ $? -eq 107 ]] 66 | 67 | # Define basic users and groups prior to configuring other stuff. 68 | grep -qs '^wheel:' root/etc/group || 69 | groupadd --prefix /wd/root --system --gid=10 wheel 70 | 71 | # Give this distro a compatible firewall before configuring it. 72 | tee \ 73 | >([[ -s root/usr/sbin/iptables-restore ]] && exec sed s/6//g > root/usr/lib/systemd/system/iptables.service || exec cat > /dev/null) \ 74 | << 'EOF' > $([[ -s root/usr/sbin/ip6tables-restore ]] && echo root/usr/lib/systemd/system/ip6tables.service || echo /dev/null) 75 | [Unit] 76 | Description=Load ip6tables firewall rules 77 | Before=network-pre.target 78 | Wants=network-pre.target 79 | AssertPathExists=/etc/sysconfig/ip6tables 80 | 81 | [Service] 82 | ExecStart=/usr/sbin/ip6tables-restore /etc/sysconfig/ip6tables 83 | ExecReload=/usr/sbin/ip6tables-restore /etc/sysconfig/ip6tables 84 | ExecStop=/usr/sbin/ip6tables -P INPUT ACCEPT 85 | ExecStop=/usr/sbin/ip6tables -P FORWARD ACCEPT 86 | ExecStop=/usr/sbin/ip6tables -P OUTPUT ACCEPT 87 | ExecStop=/usr/sbin/ip6tables -F 88 | ExecStop=/usr/sbin/ip6tables -X 89 | RemainAfterExit=yes 90 | Type=oneshot 91 | 92 | [Install] 93 | WantedBy=basic.target 94 | EOF 95 | 96 | # List everything installed in the image and what was used to build it. 97 | rpm -qa | sort > packages-buildroot.txt 98 | rpm --root="$PWD/root" -qa | sort > packages.txt 99 | } 100 | 101 | function distro_tweaks() { 102 | rm -fr root/etc/init.d root/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf 103 | 104 | [[ -s root/usr/share/systemd/tmp.mount ]] && 105 | mv -t root/usr/lib/systemd/system root/usr/share/systemd/tmp.mount 106 | 107 | [[ -s root/etc/zypp/repos.d/repo-non-oss.repo ]] && 108 | sed -i -e '/^enabled=/s/=.*/=0/' root/etc/zypp/repos.d/repo-non-oss.repo 109 | 110 | [[ -s root/usr/share/glib-2.0/schemas/openSUSE-branding.gschema.override ]] && 111 | mv root/usr/share/glib-2.0/schemas/{,50_}openSUSE-branding.gschema.override 112 | 113 | [[ -s root/usr/lib/systemd/system/polkit.service ]] && 114 | sed -i -e '/^Type=/iStateDirectory=polkit' root/usr/lib/systemd/system/polkit.service 115 | 116 | [[ -s root/etc/pam.d/common-auth ]] && 117 | sed -i -e 's/try_first_pass/& nullok/' root/etc/pam.d/common-auth 118 | 119 | sed -i -e '1,/ PS1=/s/ PS1="/&$? /' root/etc/bash.bashrc 120 | echo "alias ll='ls -l'" >> root/etc/skel/.alias 121 | } 122 | 123 | function save_boot_files() if opt bootable 124 | then 125 | opt uefi && [[ ! -s logo.bmp ]] && 126 | sed '//s,>,&,' /usr/share/pixmaps/distribution-logos/light-dual-branding.svg > /root/logo.svg && 127 | magick -background none -size 720x320 /root/logo.svg logo.bmp 128 | [[ -s initrd.img ]] || build_systemd_ramdisk "$(cd /lib/modules ; compgen -G "$(rpm -q --qf '%{VERSION}' kernel-default)*")" 129 | [[ -s vmlinuz ]] || cp -pt . /lib/modules/*/vmlinuz 130 | fi 131 | 132 | # Override relabeling to add the missing modules and fix pthread_cancel. 133 | eval "$(declare -f relabel | $sed \ 134 | -e '/find/iln -fns busybox "$root/bin/insmod"\ 135 | local mod ; for mod in drivers/ata/ata_piix fs/{jbd2/jbd2,mbcache,ext4/ext4}\ 136 | do zstd -cd /lib/modules/*/*/"$mod.ko.zst" > "$root/lib/${mod##*/}.ko"\ 137 | sed -i -e "/sda/iinsmod /lib/${mod##*/}.ko" "$root/init" ; done')" 138 | 139 | # Override dm-init with userspace since the openSUSE kernel doesn't enable it. 140 | eval "$(declare -f kernel_cmdline | $sed 's/opt ramdisk[ &]*dmsetup=/dmsetup=/')" 141 | 142 | # Override default OVMF paths for this distro's packaging. 143 | eval "$(declare -f set_uefi_variables | $sed \ 144 | -e 's,/usr/\S*VARS\S*.fd,/usr/share/qemu/ovmf-x86_64-smm-vars.bin,' \ 145 | -e 's,/usr/\S*CODE\S*.fd,/usr/share/qemu/ovmf-x86_64-smm-code.bin,' \ 146 | -e 's,/usr/\S*/\(Shell\|EnrollDefaultKeys\).efi,/usr/share/ovmf/\1.efi,g')" 147 | 148 | function configure_initrd_generation() if opt bootable 149 | then 150 | # Don't expect that the build system is the target system. 151 | $mkdir -p "$buildroot/etc/dracut.conf.d" 152 | $cat << EOF > "$buildroot/etc/dracut.conf.d/99-settings.conf" 153 | add_drivers+=" ${options[ramdisk]:+loop} " 154 | compress="zstd --threads=0 --ultra -22" 155 | hostonly="no" 156 | i18n_install_all="no" 157 | reproducible="yes" 158 | EOF 159 | 160 | # Create a generator to handle verity since dm-init isn't enabled. 161 | if opt verity 162 | then 163 | local -r gendir=/usr/lib/systemd/system-generators 164 | $mkdir -p "$buildroot$gendir" 165 | echo > "$buildroot$gendir/dmsetup-verity-root" '#!/bin/bash -eu 166 | read -rs cmdline < /proc/cmdline 167 | [[ $cmdline == *DVR=\"*\"* ]] || exit 0 168 | concise=${cmdline##*DVR=\"} concise=${concise%%\"*} 169 | device=${concise#* * * * } device=${device%% *} 170 | if [[ $device =~ ^[A-Z]+= ]] 171 | then 172 | tag=${device%%=*} tag=${tag,,} 173 | device=${device#*=} 174 | [[ $tag == partuuid ]] && device=${device,,} 175 | device="/dev/disk/by-$tag/$device" 176 | fi 177 | device=$(systemd-escape --path "$device").device 178 | rundir=/run/systemd/system 179 | mkdir -p "$rundir/sysroot.mount.d" 180 | echo > "$rundir/dmsetup-verity-root.service" "[Unit] 181 | DefaultDependencies=no 182 | After=$device 183 | Requires=$device 184 | [Service] 185 | ExecStart=/usr/sbin/dmsetup create --concise \"$concise\" 186 | RemainAfterExit=yes 187 | Type=oneshot" 188 | echo > "$rundir/sysroot.mount.d/verity-root.conf" "[Unit] 189 | After=dev-mapper-root.device dmsetup-verity-root.service 190 | Requires=dev-mapper-root.device dmsetup-verity-root.service"' 191 | $chmod 0755 "$buildroot$gendir/dmsetup-verity-root" 192 | echo >> "$buildroot/etc/dracut.conf.d/99-settings.conf" \ 193 | "install_optional_items+=\" $gendir/dmsetup-verity-root \"" 194 | fi 195 | 196 | # Load overlayfs in the initrd in case modules aren't installed. 197 | if opt read_only 198 | then 199 | $mkdir -p "$buildroot/usr/lib/modules-load.d" 200 | echo overlay > "$buildroot/usr/lib/modules-load.d/overlay.conf" 201 | fi 202 | fi 203 | 204 | function enable_repo_nvidia() { 205 | local -r repo='https://download.nvidia.com/opensuse/tumbleweed' 206 | $curl -L "$repo/repodata/repomd.xml.key" > "$output/nvidia.key" 207 | [[ $($sha256sum "$output/nvidia.key") == 599aa39edfa43fb81e5bf5743396137c93639ce47738f9a2ae8b9a5732c91762\ * ]] 208 | enter /usr/bin/rpmkeys --import nvidia.key 209 | $rm -f "$output/nvidia.key" 210 | echo -e > "$buildroot/etc/zypp/repos.d/nvidia.repo" \ 211 | "[nvidia]\nenabled=1\nautorefresh=1\nbaseurl=$repo\ngpgcheck=1" 212 | } 213 | 214 | function enable_repo_ports() if [[ ${options[arch]:-$DEFAULT_ARCH} != $DEFAULT_ARCH ]] 215 | then 216 | sed -i -e "s/^[# ]*arch *=.*/arch = ${options[arch]}/" /etc/zypp/zypp.conf 217 | sed -i -e "s,org/,&ports/${options[arch]/#i686/i586}/," /etc/zypp/repos.d/repo-{debug,non-oss,oss,update}.repo 218 | fi 219 | 220 | function verify_distro() { 221 | local -rx GNUPGHOME="$output/gnupg" 222 | trap -- '$rm -fr "$GNUPGHOME" ; trap - RETURN' RETURN 223 | $mkdir -pm 0700 "$GNUPGHOME" 224 | $gpg --import 225 | $gpg --verify "$2" "$1" 226 | [[ $($sha256sum "$3") == $($sed -n 's/ .*//p' "$1")\ * ]] 227 | } << 'EOF' 228 | -----BEGIN PGP PUBLIC KEY BLOCK----- 229 | 230 | mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006 231 | 090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ 232 | VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG 233 | rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ 234 | uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR 235 | uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss 236 | BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs 237 | fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7 238 | slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv 239 | p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc 240 | m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB 241 | tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz 242 | ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID 243 | AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4 244 | 8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu 245 | dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/ 246 | s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E 247 | QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B 248 | Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8 249 | I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK 250 | lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig 251 | V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz 252 | Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou 253 | WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M 254 | 6q2h+hgWNQ== 255 | =nMh8 256 | -----END PGP PUBLIC KEY BLOCK----- 257 | EOF 258 | 259 | # OPTIONAL (IMAGE) 260 | 261 | function drop_package() while read -rs 262 | do exclude_paths+=("${REPLY#/}") 263 | done < <(rpm --root="$PWD/root" -qal "$@") 264 | --------------------------------------------------------------------------------