├── exclude-perl.yaml ├── bootc.yaml ├── .gitignore ├── dnf5.yaml ├── kinoite.yaml ├── silverblue.yaml ├── sway-atomic.yaml ├── budgie-atomic.yaml ├── cosmic-atomic.yaml ├── fedora-42.repo ├── kinoite-ostree.yaml ├── silverblue-ostree.yaml ├── sway-atomic-ostree.yaml ├── budgie-atomic-ostree.yaml ├── cosmic-atomic-ostree.yaml ├── ostree-classic.yaml ├── composefs.yaml ├── fedora-cisco-openh264.repo ├── fedora-42-updates.repo ├── cosmic-atomic-packages.yaml ├── kinoite-mobile.yaml ├── sysroot-ro.yaml ├── cosmic-atomic-common.yaml ├── .zuul.yaml ├── cinnamon-atomic.yaml ├── deepin-atomic.yaml ├── mate-atomic.yaml ├── sway-atomic-common.yaml ├── xfce-atomic.yaml ├── base-atomic.yaml ├── kinoite-mobile-packages.yaml ├── lxqt-atomic.yaml ├── rpmfusion.repo ├── qemu-user-static-x86_64.yaml ├── qemu-user-static-non-x86_64.yaml ├── compose.sh ├── budgie-atomic-common.yaml ├── group ├── deepin-atomic-packages.yaml ├── .github └── workflows │ └── build.yml ├── lxqt-atomic-packages.yaml ├── bootupd.yaml ├── LICENSE ├── sway-atomic-packages.yaml ├── initramfs.yaml ├── kernel-install.yaml ├── .gitlab-ci.yml ├── silverblue-common.yaml ├── silverblue-packages.yaml ├── cinnamon-atomic-packages.yaml ├── budgie-atomic-packages.yaml ├── passwd ├── kinoite-common.yaml ├── kinoite-packages.yaml ├── ci ├── validate └── validate.yaml ├── pitti-post.sh ├── xfce-atomic-packages.yaml ├── mate-atomic-packages.yaml ├── pitti-desktop.yaml ├── common-packages.yaml ├── common.yaml ├── comps-sync-exclude-list.yml ├── comps-sync.py ├── README.md └── justfile /exclude-perl.yaml: -------------------------------------------------------------------------------- 1 | # Ensure that we do not include any Perl package 2 | exclude-packages: 3 | - perl-interpreter 4 | - perl-libs 5 | -------------------------------------------------------------------------------- /bootc.yaml: -------------------------------------------------------------------------------- 1 | # Add bootc for Bootable Container images 2 | # See: https://fedoraproject.org/wiki/Changes/DNFAndBootcInImageModeFedora 3 | packages: 4 | - bootc 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /*.ociarchive 2 | /.buildid 3 | /cache/ 4 | /debugdata/ 5 | /fedora-comps/ 6 | /fedora-lorax-templates/ 7 | /iso/ 8 | /logs/ 9 | /repo/ 10 | /tmp/ 11 | -------------------------------------------------------------------------------- /dnf5.yaml: -------------------------------------------------------------------------------- 1 | # Add DNF5 for Bootable Container images 2 | # See: https://fedoraproject.org/wiki/Changes/DNFAndBootcInImageModeFedora 3 | packages: 4 | - dnf5 5 | - dnf5-plugins 6 | -------------------------------------------------------------------------------- /kinoite.yaml: -------------------------------------------------------------------------------- 1 | include: 2 | - kinoite-common.yaml 3 | 4 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 5 | repos: 6 | - fedora-42 7 | - fedora-42-updates 8 | -------------------------------------------------------------------------------- /silverblue.yaml: -------------------------------------------------------------------------------- 1 | include: 2 | - silverblue-common.yaml 3 | 4 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 5 | repos: 6 | - fedora-42 7 | - fedora-42-updates 8 | -------------------------------------------------------------------------------- /sway-atomic.yaml: -------------------------------------------------------------------------------- 1 | include: 2 | - sway-atomic-common.yaml 3 | 4 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 5 | repos: 6 | - fedora-42 7 | - fedora-42-updates 8 | -------------------------------------------------------------------------------- /budgie-atomic.yaml: -------------------------------------------------------------------------------- 1 | include: 2 | - budgie-atomic-common.yaml 3 | 4 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 5 | repos: 6 | - fedora-42 7 | - fedora-42-updates 8 | -------------------------------------------------------------------------------- /cosmic-atomic.yaml: -------------------------------------------------------------------------------- 1 | include: 2 | - cosmic-atomic-common.yaml 3 | 4 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 5 | repos: 6 | - fedora-42 7 | - fedora-42-updates 8 | -------------------------------------------------------------------------------- /fedora-42.repo: -------------------------------------------------------------------------------- 1 | [fedora-42] 2 | name=Fedora 42 $basearch 3 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-42&arch=$basearch 4 | enabled=1 5 | gpgcheck=1 6 | metadata_expire=1d 7 | -------------------------------------------------------------------------------- /kinoite-ostree.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | bootable_container: false 3 | 4 | include: 5 | - kinoite-common.yaml 6 | 7 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 8 | repos: 9 | - fedora-42 10 | - fedora-42-updates 11 | -------------------------------------------------------------------------------- /silverblue-ostree.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | bootable_container: false 3 | 4 | include: 5 | - silverblue-common.yaml 6 | 7 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 8 | repos: 9 | - fedora-42 10 | - fedora-42-updates 11 | -------------------------------------------------------------------------------- /sway-atomic-ostree.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | bootable_container: false 3 | 4 | include: 5 | - sway-atomic-common.yaml 6 | 7 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 8 | repos: 9 | - fedora-42 10 | - fedora-42-updates 11 | -------------------------------------------------------------------------------- /budgie-atomic-ostree.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | bootable_container: false 3 | 4 | include: 5 | - budgie-atomic-common.yaml 6 | 7 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 8 | repos: 9 | - fedora-42 10 | - fedora-42-updates 11 | -------------------------------------------------------------------------------- /cosmic-atomic-ostree.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | bootable_container: false 3 | 4 | include: 5 | - cosmic-atomic-common.yaml 6 | 7 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 8 | repos: 9 | - fedora-42 10 | - fedora-42-updates 11 | -------------------------------------------------------------------------------- /ostree-classic.yaml: -------------------------------------------------------------------------------- 1 | # Manifest for classic ostree varaints only and not Bootable Containers 2 | 3 | # We do not include any version of DNF in the classic ostree Atomic Desktops 4 | # See: https://fedoraproject.org/wiki/Changes/DNFAndBootcInImageModeFedora 5 | exclude-packages: 6 | - dnf5 7 | - dnf5-plugins 8 | -------------------------------------------------------------------------------- /composefs.yaml: -------------------------------------------------------------------------------- 1 | # Enable composefs 2 | # See: https://fedoraproject.org/wiki/Changes/ComposefsAtomicDesktops 3 | postprocess: 4 | - | 5 | #!/usr/bin/env bash 6 | set -xeuo pipefail 7 | 8 | cat >> /usr/lib/ostree/prepare-root.conf << 'EOF' 9 | [composefs] 10 | enabled = yes 11 | EOF 12 | -------------------------------------------------------------------------------- /fedora-cisco-openh264.repo: -------------------------------------------------------------------------------- 1 | [fedora-cisco-openh264] 2 | name=Fedora 41 openh264 (From Cisco) - $basearch 3 | metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-41&arch=$basearch 4 | type=rpm 5 | enabled=1 6 | metadata_expire=14d 7 | repo_gpgcheck=0 8 | gpgcheck=1 9 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-41-$basearch 10 | -------------------------------------------------------------------------------- /fedora-42-updates.repo: -------------------------------------------------------------------------------- 1 | [fedora-42-updates] 2 | name=Fedora 42 $basearch Updates 3 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f42&arch=$basearch 4 | enabled=1 5 | gpgcheck=1 6 | metadata_expire=1d 7 | 8 | [fedora-41-updates-testing] 9 | name=Fedora 41 $basearch Updates 10 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f41&arch=$basearch 11 | enabled=1 12 | gpgcheck=1 13 | metadata_expire=1d 14 | -------------------------------------------------------------------------------- /cosmic-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - ark 4 | - cosmic-edit 5 | - cosmic-files 6 | - cosmic-player 7 | - cosmic-session 8 | - cosmic-store 9 | - cosmic-term 10 | - flatpak 11 | - gnome-disk-utility 12 | - gnome-keyring-pam 13 | - gnome-system-monitor 14 | - initial-setup-gui 15 | - mesa-dri-drivers 16 | - mesa-vulkan-drivers 17 | - plymouth-system-theme 18 | - toolbox 19 | -------------------------------------------------------------------------------- /kinoite-mobile.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "kinoite-mobile" 3 | 4 | include: 5 | - kinoite-common.yaml 6 | 7 | # Override the default Kinoite ref from the kinoite-common.yaml manifest 8 | ref: fedora/42/${basearch}/kinoite-mobile 9 | rojig: 10 | name: fedora-kde 11 | summary: "Fedora Kinoite Mobile" 12 | license: MIT 13 | 14 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 15 | repos: 16 | - fedora-42 17 | - fedora-42-updates 18 | -------------------------------------------------------------------------------- /sysroot-ro.yaml: -------------------------------------------------------------------------------- 1 | # Set up default root config to mount sysroot as read only 2 | # https://fedoraproject.org/wiki/Changes/Silverblue_Kinoite_readonly_sysroot 3 | # See: https://gitlab.com/fedora/bootc/base-images/-/blob/main/tier-0/ostree.yaml 4 | postprocess: 5 | - | 6 | #!/usr/bin/env bash 7 | set -xeuo pipefail 8 | 9 | install -dm 0755 -o 0 -g 0 /usr/lib/ostree 10 | cat >> /usr/lib/ostree/prepare-root.conf << 'EOF' 11 | [sysroot] 12 | readonly = true 13 | EOF 14 | -------------------------------------------------------------------------------- /cosmic-atomic-common.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "cosmic-atomic" 3 | 4 | include: 5 | - common.yaml 6 | - cosmic-atomic-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/cosmic-atomic 9 | rojig: 10 | name: fedora-cosmic 11 | summary: "Fedora COSMIC Atomic" 12 | license: MIT 13 | 14 | packages: 15 | - fedora-release-cosmic-atomic 16 | # Portals for Flatpak 17 | - xdg-desktop-portal-gtk 18 | # Power management. Expected to be droped for tuned-ppd 19 | - power-profiles-daemon 20 | -------------------------------------------------------------------------------- /.zuul.yaml: -------------------------------------------------------------------------------- 1 | - project: 2 | check: 3 | jobs: 4 | - validate 5 | 6 | - job: 7 | name: validate 8 | description: Validate manifests, scripts, dependencies and compose the base image 9 | # Increased timeout as builds can take a while 10 | timeout: 3600 11 | run: ci/validate.yaml 12 | nodeset: 13 | nodes: 14 | - name: vm 15 | # Replace by a fixed version label after branching, once available: 16 | # https://fedora.softwarefactory-project.io/zuul/labels 17 | label: cloud-fedora-rawhide-medium 18 | -------------------------------------------------------------------------------- /cinnamon-atomic.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "cinnamon-atomic" 3 | 4 | include: 5 | - common.yaml 6 | - cinnamon-atomic-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/cinnamon 9 | rojig: 10 | name: fedora-cinnamon 11 | summary: "Fedora Cinnamon Atomic" 12 | license: MIT 13 | 14 | packages: 15 | # Portals for Flatpak 16 | - xdg-desktop-portal-gtk 17 | # Include GUI to manage updates & Flatpaks 18 | - gnome-software 19 | 20 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 21 | repos: 22 | - fedora-42 23 | - fedora-42-updates 24 | -------------------------------------------------------------------------------- /deepin-atomic.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "deepin-atomic" 3 | 4 | include: 5 | - common.yaml 6 | - deepin-atomic-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/deepin 9 | rojig: 10 | name: fedora-deepin 11 | summary: "Fedora Deepin Atomic" 12 | license: MIT 13 | 14 | packages: 15 | # Generic release package for desktop variants 16 | - fedora-release 17 | - fedora-release-ostree-desktop 18 | # GUI to manage updates & Flatpaks 19 | - gnome-software 20 | 21 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 22 | repos: 23 | - fedora-42 24 | - fedora-42-updates 25 | -------------------------------------------------------------------------------- /mate-atomic.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "mate-atomic" 3 | 4 | include: 5 | - common.yaml 6 | - mate-atomic-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/mate 9 | rojig: 10 | name: fedora-mate 11 | summary: "Fedora Mate Atomic" 12 | license: MIT 13 | 14 | packages: 15 | # Generic release sub package for desktop variants 16 | - fedora-release-ostree-desktop 17 | # Portals for Flatpak 18 | - xdg-desktop-portal-gtk 19 | 20 | exclude-packages: 21 | - python3-unbound 22 | 23 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 24 | repos: 25 | - fedora-42 26 | - fedora-42-updates 27 | -------------------------------------------------------------------------------- /sway-atomic-common.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "sway-atomic" 3 | 4 | include: 5 | - common.yaml 6 | - sway-atomic-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/sericea 9 | rojig: 10 | name: fedora-sericea 11 | summary: "Fedora Sway Atomic" 12 | license: MIT 13 | 14 | packages: 15 | - fedora-release-sway-atomic 16 | # explicitly list some defaults 17 | - firefox 18 | 19 | exclude-packages: 20 | # already excluded in comps-sync-exclude-list 21 | - PackageKit-glib 22 | - grubby 23 | # nothing in the tree would use these 24 | - tracker 25 | - tracker-miners 26 | - localsearch 27 | - tinysparql 28 | -------------------------------------------------------------------------------- /xfce-atomic.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "xfce-atomic" 3 | exclude_perl: false 4 | 5 | include: 6 | - common.yaml 7 | - xfce-atomic-packages.yaml 8 | 9 | ref: fedora/42/${basearch}/vauxite 10 | rojig: 11 | name: fedora-vauxite 12 | summary: "Fedora XFCE Atomic" 13 | license: MIT 14 | 15 | packages: 16 | - fedora-release-xfce 17 | # Generic release sub package for desktop variants 18 | - fedora-release-ostree-desktop 19 | # Portals for Flatpak 20 | - xdg-desktop-portal-gtk 21 | 22 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 23 | repos: 24 | - fedora-42 25 | - fedora-42-updates 26 | -------------------------------------------------------------------------------- /base-atomic.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "base-atomic" 3 | 4 | include: 5 | - common.yaml 6 | 7 | ref: fedora/42/${basearch}/base 8 | rojig: 9 | name: fedora-base 10 | summary: "Fedora Base Atomic" 11 | license: MIT 12 | 13 | packages: 14 | # Generic release package for desktop variants 15 | - fedora-release 16 | - fedora-release-ostree-desktop 17 | # XWayland support 18 | - xorg-x11-server-Xwayland 19 | # Portals for Flatpak 20 | - xdg-desktop-portal 21 | - xdg-desktop-portal-gtk 22 | 23 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 24 | repos: 25 | - fedora-42 26 | - fedora-42-updates 27 | -------------------------------------------------------------------------------- /kinoite-mobile-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - angelfish 4 | - arianna 5 | - bluedevil 6 | - elisa-player 7 | - haruna 8 | - kalk 9 | - kasts 10 | - kclock 11 | - keysmith 12 | - koko 13 | - krecorder 14 | - kweather 15 | - marknote 16 | - mesa-dri-drivers 17 | - mesa-vulkan-drivers 18 | - neochat 19 | - okular-mobile 20 | - plasma-discover 21 | - plasma-discover-notifier 22 | - plasma-mobile 23 | - plasma-mobile-sounds 24 | - plasma-settings 25 | - plymouth-system-theme 26 | - qmlkonsole 27 | - qrca 28 | - sddm 29 | - sddm-themes 30 | - sddm-wayland-plasma 31 | - spacebar 32 | - tokodon 33 | -------------------------------------------------------------------------------- /lxqt-atomic.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "lxqt-atomic" 3 | exclude_perl: false 4 | 5 | include: 6 | - common.yaml 7 | - lxqt-atomic-packages.yaml 8 | 9 | ref: fedora/42/${basearch}/lazurite 10 | rojig: 11 | name: fedora-lxqt 12 | summary: "Fedora LXQt Atomic" 13 | license: MIT 14 | 15 | packages: 16 | # Generic release package for desktop variants 17 | - fedora-release 18 | - fedora-release-ostree-desktop 19 | - libqtxdg 20 | - kvantum 21 | - kwin-wayland 22 | - plasma-systemsettings 23 | # Portals for Flatpak 24 | - xdg-desktop-portal-kde 25 | 26 | # Kept in the leaf manifest as they are overwritten by Pungi in composes 27 | repos: 28 | - fedora-42 29 | - fedora-42-updates 30 | -------------------------------------------------------------------------------- /rpmfusion.repo: -------------------------------------------------------------------------------- 1 | [rpmfusion-free] 2 | name=RPM Fusion for Fedora $releasever - Free 3 | #baseurl=http://download1.rpmfusion.org/free/fedora/releases/$releasever/Everything/$basearch/os/ 4 | metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-42&arch=$basearch 5 | enabled=1 6 | metadata_expire=14d 7 | type=rpm-md 8 | gpgcheck=0 9 | 10 | [rpmfusion-free-updates] 11 | name=RPM Fusion for Fedora $releasever - Free - Updates 12 | #baseurl=http://download1.rpmfusion.org/free/fedora/updates/$releasever/$basearch/ 13 | metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-updates-released-42&arch=$basearch 14 | enabled=1 15 | enabled_metadata=1 16 | type=rpm-md 17 | gpgcheck=0 18 | repo_gpgcheck=0 19 | -------------------------------------------------------------------------------- /qemu-user-static-x86_64.yaml: -------------------------------------------------------------------------------- 1 | # Keep only aarch64 emulation for x86_64 2 | # See: https://gitlab.com/fedora/ostree/sig/-/issues/59 3 | packages: 4 | - qemu-user-static-aarch64 5 | exclude-packages: 6 | - qemu-user-static-alpha 7 | - qemu-user-static-arm 8 | - qemu-user-static-cris 9 | - qemu-user-static-hexagon 10 | - qemu-user-static-hppa 11 | - qemu-user-static-loongarch64 12 | - qemu-user-static-m68k 13 | - qemu-user-static-microblaze 14 | - qemu-user-static-mips 15 | - qemu-user-static-or1k 16 | - qemu-user-static-ppc 17 | - qemu-user-static-riscv 18 | - qemu-user-static-s390x 19 | - qemu-user-static-sh4 20 | - qemu-user-static-sparc 21 | - qemu-user-static-x86 22 | - qemu-user-static-xtensa 23 | -------------------------------------------------------------------------------- /qemu-user-static-non-x86_64.yaml: -------------------------------------------------------------------------------- 1 | # Keep only x86_64 emulation for aarch64 2 | # See: https://gitlab.com/fedora/ostree/sig/-/issues/59 3 | packages: 4 | - qemu-user-static-x86 5 | exclude-packages: 6 | - qemu-user-static-aarch64 7 | - qemu-user-static-alpha 8 | - qemu-user-static-arm 9 | - qemu-user-static-cris 10 | - qemu-user-static-hexagon 11 | - qemu-user-static-hppa 12 | - qemu-user-static-loongarch64 13 | - qemu-user-static-m68k 14 | - qemu-user-static-microblaze 15 | - qemu-user-static-mips 16 | - qemu-user-static-or1k 17 | - qemu-user-static-ppc 18 | - qemu-user-static-riscv 19 | - qemu-user-static-s390x 20 | - qemu-user-static-sh4 21 | - qemu-user-static-sparc 22 | - qemu-user-static-xtensa 23 | -------------------------------------------------------------------------------- /compose.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | CACHE=/var/cache/ostree 4 | REPO=/var/tmp/repo 5 | # default to storing locally; can also be "registry:" to directly push 6 | SKOPEO_TARGET="${1:-containers-storage}" 7 | 8 | mkdir -p $CACHE 9 | 10 | if [ ! -d $REPO/objects ]; then 11 | ostree --repo=$REPO init --mode=archive-z2 12 | fi 13 | 14 | rpm-ostree compose tree --unified-core --cachedir=$CACHE --repo=$REPO pitti-desktop.yaml 15 | # HACK: networking in GitHub is a bit flaky, retry a few times 16 | for retry in $(seq 3); do 17 | rpm-ostree compose container-encapsulate --repo=$REPO pitti-desktop ${SKOPEO_TARGET}:ghcr.io/martinpitt/workstation-ostree-config:latest && exit 0 18 | [ "$SKOPEO_TARGET" = registry ] || break 19 | sleep 30 20 | done 21 | exit 1 22 | -------------------------------------------------------------------------------- /budgie-atomic-common.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "budgie-atomic" 3 | 4 | include: 5 | - common.yaml 6 | - budgie-atomic-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/onyx 9 | rojig: 10 | name: fedora-onyx 11 | summary: "Fedora Budgie Atomic" 12 | license: MIT 13 | 14 | packages: 15 | - fedora-release-budgie-atomic 16 | # Make sure that GNOME Software's rpm-ostree plugin is always installed 17 | - gnome-software-rpm-ostree 18 | 19 | # Make sure the following are not pulled in when Recommended by other packages 20 | exclude-packages: 21 | # Not needed in Budgie Desktop 22 | - tracker 23 | - tracker-miners 24 | - localsearch 25 | - tinysparql 26 | # Exclude GNOME Software's langpack plugin to avoid layering langpacks on Silverblue 27 | - gnome-software-fedora-langpacks 28 | -------------------------------------------------------------------------------- /group: -------------------------------------------------------------------------------- 1 | root:x:0: 2 | bin:x:1: 3 | daemon:x:2: 4 | sys:x:3: 5 | adm:x:4: 6 | tty:x:5: 7 | disk:x:6: 8 | lp:x:7: 9 | mem:x:8: 10 | kmem:x:9: 11 | wheel:x:10: 12 | cdrom:x:11: 13 | mail:x:12: 14 | man:x:15: 15 | dialout:x:18: 16 | floppy:x:19: 17 | games:x:20: 18 | tape:x:33: 19 | video:x:39: 20 | ftp:x:50: 21 | lock:x:54: 22 | audio:x:63: 23 | nobody:x:99: 24 | users:x:100: 25 | utmp:x:22: 26 | utempter:x:35: 27 | ssh_keys:x:999: 28 | systemd-journal:x:190: 29 | dbus:x:81: 30 | polkitd:x:998: 31 | etcd:x:997: 32 | dip:x:40: 33 | cgred:x:996: 34 | tss:x:59: 35 | avahi-autoipd:x:170: 36 | rpc:x:32: 37 | sssd:x:993: 38 | dockerroot:x:986: 39 | rpcuser:x:29: 40 | nfsnobody:x:65534: 41 | kube:x:994: 42 | sshd:x:74: 43 | chrony:x:992: 44 | tcpdump:x:72: 45 | input:x:104: 46 | systemd-timesync:x:991: 47 | systemd-network:x:990: 48 | systemd-resolve:x:989: 49 | systemd-bus-proxy:x:988: 50 | -------------------------------------------------------------------------------- /deepin-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - chromium 4 | - deepin-calculator 5 | - deepin-calendar 6 | - deepin-desktop 7 | - deepin-editor 8 | - deepin-file-manager 9 | - deepin-icon-theme 10 | - deepin-image-viewer 11 | - deepin-picker 12 | - deepin-screenshot 13 | - deepin-system-monitor 14 | - firewall-config 15 | - glx-utils 16 | - mesa-dri-drivers 17 | - mesa-vulkan-drivers 18 | - plymouth-system-theme 19 | - xorg-x11-drv-amdgpu 20 | - xorg-x11-drv-ati 21 | - xorg-x11-drv-evdev 22 | - xorg-x11-drv-libinput 23 | - xorg-x11-drv-nouveau 24 | - xorg-x11-drv-qxl 25 | - xorg-x11-drv-wacom 26 | - xorg-x11-server-Xorg 27 | - xorg-x11-xauth 28 | - xorg-x11-xinit 29 | packages-x86_64: 30 | - xorg-x11-drv-intel 31 | - xorg-x11-drv-openchrome 32 | - xorg-x11-drv-vmware 33 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | on: 3 | schedule: 4 | - cron: 0 2 * * 6 5 | workflow_dispatch: 6 | jobs: 7 | build: 8 | runs-on: ubuntu-latest 9 | permissions: 10 | contents: read 11 | packages: write 12 | timeout-minutes: 40 13 | container: 14 | image: docker.io/fedora:latest 15 | # Fix SELinux for the built OSTree: https://github.com/coreos/rpm-ostree/issues/1943 16 | options: --privileged --security-opt label:disable 17 | steps: 18 | - name: Install dependencies 19 | run: dnf install -y rpm-ostree selinux-policy selinux-policy-targeted policycoreutils podman overlayfs-tools fuse-overlayfs 20 | 21 | - name: Clone repository 22 | uses: actions/checkout@v4 23 | 24 | - name: Log into container registry 25 | run: podman login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io 26 | 27 | - name: Build OSTree and push it to registry 28 | run: ./compose.sh registry 29 | -------------------------------------------------------------------------------- /lxqt-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - breeze-cursor-theme 4 | - breeze-gtk 5 | - breeze-icon-theme 6 | - falkon 7 | - firewall-config 8 | - initial-setup-gui 9 | - lxqt-about 10 | - lxqt-archiver 11 | - lxqt-config 12 | - lxqt-globalkeys 13 | - lxqt-notificationd 14 | - lxqt-openssh-askpass 15 | - lxqt-panel 16 | - lxqt-policykit 17 | - lxqt-powermanagement 18 | - lxqt-qtplugin 19 | - lxqt-runner 20 | - lxqt-session 21 | - lxqt-themes 22 | - lxqt-themes-fedora 23 | - lxqt-wayland-session-default-compositor-miriway 24 | - mesa-dri-drivers 25 | - mesa-vulkan-drivers 26 | - network-manager-applet 27 | - nm-connection-editor 28 | - notification-daemon 29 | - obconf 30 | - openbox 31 | - pcmanfm-qt 32 | - perl-File-MimeInfo 33 | - plymouth-system-theme 34 | - qterminal 35 | - sddm 36 | - sddm-themes 37 | - sddm-wayland-miriway 38 | - upower 39 | - xdg-user-dirs 40 | -------------------------------------------------------------------------------- /bootupd.yaml: -------------------------------------------------------------------------------- 1 | # KEEP THIS IN SYNC WITH https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/bootupd.yaml 2 | # Integration with https://github.com/coreos/bootupd 3 | # xref https://github.com/coreos/fedora-coreos-tracker/issues/510 4 | packages: 5 | - bootupd 6 | 7 | postprocess: 8 | - | 9 | #!/bin/bash 10 | set -xeuo pipefail 11 | 12 | # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload 13 | /usr/bin/bootupctl backend generate-update-metadata 14 | 15 | # Enable migration to a static GRUB config 16 | install -dm0755 /usr/lib/systemd/system/bootloader-update.service.d 17 | cat > /usr/lib/systemd/system/bootloader-update.service.d/migrate-static-grub-config.conf << 'EOF' 18 | [Service] 19 | ExecStart=/usr/bin/bootupctl migrate-static-grub-config 20 | EOF 21 | 22 | echo "enable bootloader-update.service" > /usr/lib/systemd/system-preset/81-atomic-desktop.preset 23 | 24 | # Turn permissive mode on for bootupd until all SELinux issues are fixed 25 | semanage permissive --noreload --add bootupd_t 26 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is furnished 8 | to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice (including the next 11 | paragraph) shall be included in all copies or substantial portions of the 12 | Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 16 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS 17 | OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 18 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF 19 | OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /sway-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - NetworkManager-l2tp-gnome 4 | - NetworkManager-libreswan-gnome 5 | - NetworkManager-openconnect-gnome 6 | - NetworkManager-openvpn-gnome 7 | - NetworkManager-pptp-gnome 8 | - NetworkManager-sstp-gnome 9 | - NetworkManager-vpnc-gnome 10 | - Thunar 11 | - blueman 12 | - bolt 13 | - dunst 14 | - foot 15 | - fprintd-pam 16 | - gnome-keyring-pam 17 | - gnome-themes-extra 18 | - grim 19 | - gvfs 20 | - gvfs-smb 21 | - imv 22 | - kanshi 23 | - lxqt-policykit 24 | - mesa-dri-drivers 25 | - mesa-vulkan-drivers 26 | - network-manager-applet 27 | - pavucontrol 28 | - pinentry-gnome3 29 | - playerctl 30 | - plymouth-system-theme 31 | - polkit 32 | - pulseaudio-utils 33 | - sddm 34 | - sddm-wayland-sway 35 | - slurp 36 | - sway 37 | - sway-config-fedora 38 | - swaybg 39 | - swayidle 40 | - swaylock 41 | - system-config-printer 42 | - thunar-archive-plugin 43 | - waybar 44 | - wev 45 | - wl-clipboard 46 | - wlr-randr 47 | - wlsunset 48 | - xarchiver 49 | - xdg-desktop-portal-gtk 50 | - xdg-desktop-portal-wlr 51 | - xorg-x11-server-Xwayland 52 | -------------------------------------------------------------------------------- /initramfs.yaml: -------------------------------------------------------------------------------- 1 | # Set dracut configuration for the initramfs 2 | # See: https://gitlab.com/fedora/bootc/base-images/-/blob/main/tier-0/initramfs.yaml 3 | # See: https://github.com/coreos/fedora-coreos-config/tree/testing-devel/overlay.d/05core/usr/lib/dracut/dracut.conf.d 4 | postprocess: 5 | - | 6 | #!/usr/bin/env bash 7 | set -xeuo pipefail 8 | 9 | install -dm 0755 -o 0 -g 0 /usr/lib/dracut/dracut.conf.d 10 | 11 | - | 12 | #!/usr/bin/env bash 13 | set -xeuo pipefail 14 | 15 | cat > /usr/lib/dracut/dracut.conf.d/20-atomic-nohostonly.conf << 'EOF' 16 | # Default model is server-side generated initramfs 17 | hostonly=no 18 | EOF 19 | 20 | - | 21 | #!/usr/bin/env bash 22 | set -xeuo pipefail 23 | 24 | cat > /usr/lib/dracut/dracut.conf.d/20-atomic-nostrip.conf << 'EOF' 25 | # We don't ship `strip` or `eu-strip` today, and even if we did, it doesn't 26 | # save much space. So let's disable it to avoid the error-looking message. 27 | do_strip=no 28 | EOF 29 | 30 | - | 31 | #!/usr/bin/env bash 32 | set -xeuo pipefail 33 | 34 | cat > /usr/lib/dracut/dracut.conf.d/20-atomic-tpm-luks.conf << 'EOF' 35 | # Add support for systemd-cryptsetup and tpm2-tss LUKS locking 36 | add_dracutmodules+=" tpm2-tss systemd-pcrphase " 37 | EOF 38 | -------------------------------------------------------------------------------- /kernel-install.yaml: -------------------------------------------------------------------------------- 1 | # Configuration to enable kernel-install integration 2 | # Keep in sync with https://gitlab.com/fedora/bootc/base-images/-/blob/main/tier-0/kernel-install.yaml 3 | postprocess: 4 | - | 5 | #!/usr/bin/env bash 6 | set -xeuo pipefail 7 | source /usr/lib/os-release 8 | # Check if the ID is Fedora and VERSION_ID is 42 or higher 9 | if [[ "$ID" == "fedora" && "$VERSION_ID" -ge 42 ]]; then 10 | echo -e "# kernel-install will not try to run dracut and allow rpm-ostree to\n\ 11 | # take over. Rpm-ostree will use this to know that it is responsible\n\ 12 | # to run dracut and ensure that there is only one kernel in the image\n\ 13 | layout=ostree" | tee /usr/lib/kernel/install.conf > /dev/null 14 | fi 15 | # By default dnf keeps multiple versions of the kernel, with this 16 | # configuration we tell dnf to treat the kernel as everything else. 17 | # https://dnf.readthedocs.io/en/latest/conf_ref.html#main-options 18 | # Let's add the config to a distribution configuration file if dnf5 19 | # is used, we append to /etc/dnf/dnf.conf if not. 20 | if [ -d "/usr/share/dnf5/libdnf.conf.d/" ]; then 21 | echo -e "[main]\ninstallonlypkgs=''" >> /usr/share/dnf5/libdnf.conf.d/20-ostree-installonlypkgs.conf 22 | else 23 | echo "installonlypkgs=''" >> /etc/dnf/dnf.conf 24 | fi 25 | 26 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: MIT 2 | 3 | # Only used in https://gitlab.com/fedora/ostree/ci-test 4 | # For tests running in the Fedora infrastructure, see .zuul.yaml and 5 | # https://fedoraproject.org/wiki/Zuul-based-ci 6 | 7 | # See: https://gitlab.com/fedora/ostree/buildroot 8 | image: quay.io/fedora-ostree-desktops/buildroot 9 | 10 | stages: 11 | - build 12 | 13 | # As those are not official images, we build all available variants 14 | .parallel: 15 | parallel: 16 | matrix: 17 | - VARIANT: 18 | - silverblue 19 | - kinoite 20 | - kinoite-mobile 21 | - sway-atomic 22 | - xfce-atomic 23 | - lxqt-atomic 24 | - budgie-atomic 25 | - base-atomic 26 | - cosmic-atomic 27 | 28 | # Only build the images for merge requests 29 | buildmr: 30 | stage: build 31 | script: 32 | - just compose-image $VARIANT 33 | parallel: !reference [.parallel, parallel] 34 | rules: 35 | - if: $CI_PIPELINE_SOURCE == "merge_request_event" 36 | 37 | # Build and upload the images for commits pushed to the branch & scheduled pipelines 38 | build: 39 | stage: build 40 | script: 41 | - just compose-image $VARIANT 42 | - just upload-container $VARIANT 43 | parallel: !reference [.parallel, parallel] 44 | rules: 45 | - if: $CI_COMMIT_BRANCH == "main" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "schedule") 46 | -------------------------------------------------------------------------------- /silverblue-common.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | variant: "silverblue" 3 | 4 | include: 5 | - common.yaml 6 | - silverblue-packages.yaml 7 | 8 | ref: fedora/42/${basearch}/silverblue 9 | rojig: 10 | name: fedora-silverblue 11 | summary: "Fedora Silverblue" 12 | license: MIT 13 | 14 | packages: 15 | - fedora-release-silverblue 16 | - desktop-backgrounds-gnome 17 | - gnome-shell-extension-background-logo 18 | - pinentry-gnome3 19 | # Included for now to have layered Qt5 applications use a constistent style 20 | # Manually included here as it is excluded from the workstation-product group 21 | - qadwaitadecorations-qt5 22 | # Include evince-thumbnailer otherwise PDF thumbnails won't work in Nautilus 23 | # https://github.com/fedora-silverblue/issue-tracker/issues/98 24 | - evince-thumbnailer 25 | # Include evince-previewer otherwise print previews are broken in Evince 26 | # https://github.com/fedora-silverblue/issue-tracker/issues/122 27 | - evince-previewer 28 | # Include totem-video-thumbnailer for video thumbnailing in Nautilus 29 | # https://pagure.io/fedora-workstation/issue/168 30 | - totem-video-thumbnailer 31 | # Make sure that GNOME Software's rpm-ostree plugin is always installed 32 | - gnome-software-rpm-ostree 33 | 34 | # Make sure the following are not pulled in when Recommended by other packages 35 | exclude-packages: 36 | # Exclude GNOME Software's langpack plugin to avoid layering langpacks on Silverblue 37 | - gnome-software-fedora-langpacks 38 | -------------------------------------------------------------------------------- /silverblue-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - ModemManager 4 | - NetworkManager-adsl 5 | - NetworkManager-openconnect-gnome 6 | - NetworkManager-openvpn-gnome 7 | - NetworkManager-ppp 8 | - NetworkManager-pptp-gnome 9 | - NetworkManager-ssh-gnome 10 | - NetworkManager-vpnc-gnome 11 | - NetworkManager-wwan 12 | - adobe-source-code-pro-fonts 13 | - avahi 14 | - dconf 15 | - fprintd-pam 16 | - gdm 17 | - glib-networking 18 | - gnome-backgrounds 19 | - gnome-bluetooth 20 | - gnome-browser-connector 21 | - gnome-classic-session 22 | - gnome-color-manager 23 | - gnome-control-center 24 | - gnome-disk-utility 25 | - gnome-epub-thumbnailer 26 | - gnome-initial-setup 27 | - gnome-remote-desktop 28 | - gnome-session-wayland-session 29 | - gnome-settings-daemon 30 | - gnome-shell 31 | - gnome-software 32 | - gnome-system-monitor 33 | - gnome-user-docs 34 | - gnome-user-share 35 | - gvfs-afc 36 | - gvfs-afp 37 | - gvfs-archive 38 | - gvfs-fuse 39 | - gvfs-goa 40 | - gvfs-gphoto2 41 | - gvfs-mtp 42 | - gvfs-smb 43 | - librsvg2 44 | - libsane-hpaio 45 | - localsearch 46 | - mesa-dri-drivers 47 | - mesa-libEGL 48 | - mesa-vulkan-drivers 49 | - nautilus 50 | - plymouth-system-theme 51 | - polkit 52 | - ptyxis 53 | - rygel 54 | - systemd-oomd-defaults 55 | - tinysparql 56 | - xdg-desktop-portal 57 | - xdg-desktop-portal-gnome 58 | - xdg-desktop-portal-gtk 59 | - xdg-user-dirs-gtk 60 | - yelp 61 | -------------------------------------------------------------------------------- /cinnamon-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - NetworkManager-adsl 4 | - NetworkManager-bluetooth 5 | - NetworkManager-openconnect-gnome 6 | - NetworkManager-openvpn-gnome 7 | - NetworkManager-ppp 8 | - NetworkManager-pptp-gnome 9 | - NetworkManager-vpnc-gnome 10 | - NetworkManager-wifi 11 | - NetworkManager-wwan 12 | - blueman 13 | - cinnamon 14 | - cinnamon-control-center 15 | - cinnamon-screensaver 16 | - ffmpegthumbnailer 17 | - firefox 18 | - firewall-config 19 | - glx-utils 20 | - gnome-disk-utility 21 | - gnome-screenshot 22 | - gnome-system-monitor 23 | - gnome-terminal 24 | - gstreamer1-plugins-ugly-free 25 | - gvfs-archive 26 | - gvfs-gphoto2 27 | - gvfs-mtp 28 | - gvfs-smb 29 | - imsettings-gsettings 30 | - initial-setup-gui 31 | - mesa-dri-drivers 32 | - mesa-vulkan-drivers 33 | - metacity 34 | - nemo-fileroller 35 | - nemo-image-converter 36 | - nemo-preview 37 | - nm-connection-editor 38 | - pipewire-alsa 39 | - pipewire-pulseaudio 40 | - plymouth-system-theme 41 | - powerline 42 | - qadwaitadecorations-qt5 43 | - setroubleshoot 44 | - slick-greeter 45 | - slick-greeter-cinnamon 46 | - system-config-printer 47 | - wireplumber 48 | - xawtv 49 | - xdg-user-dirs-gtk 50 | - xorg-x11-drv-amdgpu 51 | - xorg-x11-drv-ati 52 | - xorg-x11-drv-evdev 53 | - xorg-x11-drv-libinput 54 | - xorg-x11-drv-nouveau 55 | - xorg-x11-drv-qxl 56 | - xorg-x11-drv-wacom 57 | - xorg-x11-server-Xorg 58 | - xorg-x11-xauth 59 | - xorg-x11-xinit 60 | packages-x86_64: 61 | - xorg-x11-drv-intel 62 | - xorg-x11-drv-openchrome 63 | - xorg-x11-drv-vmware 64 | -------------------------------------------------------------------------------- /budgie-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - ModemManager 4 | - NetworkManager-adsl 5 | - NetworkManager-openconnect-gnome 6 | - NetworkManager-openvpn-gnome 7 | - NetworkManager-ppp 8 | - NetworkManager-pptp-gnome 9 | - NetworkManager-ssh-gnome 10 | - NetworkManager-vpnc-gnome 11 | - NetworkManager-wwan 12 | - budgie-backgrounds 13 | - budgie-control-center 14 | - budgie-desktop 15 | - budgie-desktop-defaults 16 | - budgie-desktop-view 17 | - budgie-screensaver 18 | - dconf 19 | - firefox 20 | - fprintd-pam 21 | - gedit 22 | - glib-networking 23 | - glx-utils 24 | - gnome-bluetooth 25 | - gnome-color-manager 26 | - gnome-disk-utility 27 | - gnome-keyring-pam 28 | - gnome-settings-daemon 29 | - gnome-system-monitor 30 | - gnome-terminal 31 | - gvfs-afc 32 | - gvfs-afp 33 | - gvfs-archive 34 | - gvfs-fuse 35 | - gvfs-goa 36 | - gvfs-gphoto2 37 | - gvfs-mtp 38 | - gvfs-smb 39 | - lightdm 40 | - mesa-dri-drivers 41 | - mesa-vulkan-drivers 42 | - nemo 43 | - nemo-fileroller 44 | - nemo-seahorse 45 | - network-manager-applet 46 | - plasma-discover 47 | - plymouth-system-theme 48 | - polkit 49 | - seahorse 50 | - slick-greeter 51 | - xdg-desktop-portal 52 | - xdg-desktop-portal-gtk 53 | - xdg-user-dirs-gtk 54 | - xorg-x11-drv-amdgpu 55 | - xorg-x11-drv-ati 56 | - xorg-x11-drv-evdev 57 | - xorg-x11-drv-libinput 58 | - xorg-x11-drv-nouveau 59 | - xorg-x11-drv-qxl 60 | - xorg-x11-drv-wacom 61 | - xorg-x11-server-Xorg 62 | - xorg-x11-xauth 63 | - xorg-x11-xinit 64 | packages-x86_64: 65 | - xorg-x11-drv-intel 66 | - xorg-x11-drv-openchrome 67 | - xorg-x11-drv-vmware 68 | -------------------------------------------------------------------------------- /passwd: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | bin:x:1:1:bin:/bin:/usr/sbin/nologin 3 | daemon:x:2:2:daemon:/sbin:/usr/sbin/nologin 4 | adm:x:3:4:adm:/var/adm:/usr/sbin/nologin 5 | lp:x:4:7:lp:/var/spool/lpd:/usr/sbin/nologin 6 | sync:x:5:0:sync:/sbin:/bin/sync 7 | shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8 | halt:x:7:0:halt:/sbin:/sbin/halt 9 | mail:x:8:12:mail:/var/spool/mail:/usr/sbin/nologin 10 | operator:x:11:0:operator:/root:/usr/sbin/nologin 11 | games:x:12:100:games:/usr/games:/usr/sbin/nologin 12 | ftp:x:14:50:FTP User:/var/ftp:/usr/sbin/nologin 13 | nobody:x:99:99:Nobody:/:/usr/sbin/nologin 14 | dbus:x:81:81:System message bus:/:/usr/sbin/nologin 15 | polkitd:x:999:998:User for polkitd:/:/usr/sbin/nologin 16 | etcd:x:998:997:etcd user:/var/lib/etcd:/usr/sbin/nologin 17 | tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/usr/sbin/nologin 18 | avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/usr/sbin/nologin 19 | rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/usr/sbin/nologin 20 | sssd:x:995:993:User for sssd:/:/usr/sbin/nologin 21 | dockerroot:x:997:986:Docker User:/var/lib/docker:/usr/sbin/nologin 22 | rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/usr/sbin/nologin 23 | nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/usr/sbin/nologin 24 | kube:x:996:994:Kubernetes user:/:/usr/sbin/nologin 25 | sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/usr/sbin/nologin 26 | chrony:x:994:992::/var/lib/chrony:/usr/sbin/nologin 27 | tcpdump:x:72:72::/:/usr/sbin/nologin 28 | systemd-timesync:x:993:991:systemd Time Synchronization:/:/sbin/nologin 29 | systemd-network:x:991:990:systemd Network Management:/:/sbin/nologin 30 | systemd-resolve:x:990:989:systemd Resolver:/:/sbin/nologin 31 | systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/sbin/nologin 32 | -------------------------------------------------------------------------------- /kinoite-common.yaml: -------------------------------------------------------------------------------- 1 | include: 2 | - common.yaml 3 | 4 | # Default to Kinoite and override in Kinoite Mobile manifests 5 | variables: 6 | variant: "kinoite" 7 | 8 | conditional-include: 9 | - if: variant == "kinoite" 10 | include: 11 | - kinoite-packages.yaml 12 | - if: variant == "kinoite-mobile" 13 | include: 14 | - kinoite-mobile-packages.yaml 15 | 16 | # Default to Kinoite (Desktop). Overriden in the Kinoite Mobile manifest 17 | ref: fedora/42/${basearch}/kinoite 18 | rojig: 19 | name: fedora-kde 20 | summary: "Fedora Kinoite" 21 | license: MIT 22 | 23 | packages: 24 | - fedora-release-kinoite 25 | # Install some minor optional tools for KInfoCenter 26 | - vulkan-tools 27 | - xdpyinfo 28 | # Includes a KIO & KCM (can not be Flatpak'ed), used by Dolphin and Gwenview 29 | # See https://pagure.io/fedora-kde/SIG/issue/291 30 | - kamera 31 | # Make sure that previous Anaconda dependencies are kept in the image 32 | # See: https://pagure.io/fedora-kde/SIG/issue/243 33 | - mobile-broadband-provider-info 34 | # Make sure that modem support is installed 35 | - NetworkManager-ppp 36 | # Install gdb to make getting backtraces work with DrKonqi 37 | - gdb 38 | # Explicitely not included via comps 39 | # See: https://pagure.io/fedora-kde/SIG/issue/295 40 | - plasma-welcome-fedora 41 | # Make sure rpm-ostree support is installed 42 | - plasma-discover-rpm-ostree 43 | 44 | # Make sure the following are not pulled in when Recommended by other packages 45 | exclude-packages: 46 | - plasma-discover-offline-updates 47 | - plasma-discover-packagekit 48 | - plasma-pk-updates 49 | # Manually excluded as recommended by gtk3 (and likely gtk4 in the future) 50 | # See https://pagure.io/fedora-kde/SIG/issue/124 51 | - tracker 52 | - tracker-miners 53 | - localsearch 54 | - tinysparql 55 | # Ensure we do not include X11 support 56 | - plasma-x11 57 | - plasma-workspace-x11 58 | # Exclude mariadb server tools that bring in Perl 59 | - mariadb-server-utils 60 | -------------------------------------------------------------------------------- /kinoite-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - NetworkManager-config-connectivity-fedora 4 | - adwaita-gtk2-theme 5 | - akonadi-server 6 | - akonadi-server-mysql 7 | - ark 8 | - audiocd-kio 9 | - bluedevil 10 | - breeze-icon-theme 11 | - colord-kde 12 | - dolphin 13 | - ffmpegthumbs 14 | - filelight 15 | - firewall-config 16 | - flatpak-kcm 17 | - fprintd-pam 18 | - kaccounts-integration-qt6 19 | - kaccounts-providers 20 | - kcharselect 21 | - kde-connect 22 | - kde-gtk-config 23 | - kde-inotify-survey 24 | - kde-partitionmanager 25 | - kde-settings-pulseaudio 26 | - kdebugsettings 27 | - kdegraphics-thumbnailers 28 | - kdenetwork-filesharing 29 | - kdeplasma-addons 30 | - kdialog 31 | - kdnssd 32 | - kf6-baloo-file 33 | - kfind 34 | - khelpcenter 35 | - kinfocenter 36 | - kio-admin 37 | - kio-gdrive 38 | - kjournald 39 | - kmenuedit 40 | - konsole 41 | - krdp 42 | - krfb 43 | - kscreen 44 | - kscreenlocker 45 | - kwalletmanager5 46 | - kwin 47 | - kwrite 48 | - libappindicator-gtk3 49 | - mesa-dri-drivers 50 | - mesa-vulkan-drivers 51 | - pam-kwallet 52 | - phonon-qt6-backend-vlc 53 | - pinentry-qt 54 | - plasma-breeze 55 | - plasma-desktop 56 | - plasma-desktop-doc 57 | - plasma-discover 58 | - plasma-discover-notifier 59 | - plasma-disks 60 | - plasma-drkonqi 61 | - plasma-nm 62 | - plasma-nm-openconnect 63 | - plasma-nm-openvpn 64 | - plasma-nm-vpnc 65 | - plasma-pa 66 | - plasma-print-manager 67 | - plasma-systemmonitor 68 | - plasma-thunderbolt 69 | - plasma-vault 70 | - plasma-welcome 71 | - plasma-workspace 72 | - plasma-workspace-wallpapers 73 | - plasma-workspace-wayland 74 | - plymouth-system-theme 75 | - polkit-kde 76 | - samba-usershares 77 | - sddm 78 | - sddm-breeze 79 | - sddm-kcm 80 | - sddm-wayland-plasma 81 | - signon-kwallet-extension 82 | - spectacle 83 | - systemd-oomd-defaults 84 | - udisks2 85 | - vlc-plugin-gstreamer 86 | - xwaylandvideobridge 87 | -------------------------------------------------------------------------------- /ci/validate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # Validate basic syntax of shell script and yaml. 3 | 4 | import os 5 | import stat 6 | import subprocess 7 | import yaml 8 | 9 | validated=0 10 | 11 | def openat(dirfd, name, mode='r'): 12 | def opener(path, flags): 13 | return os.open(path, flags, dir_fd=dirfd) 14 | return open(name, mode, opener=opener) 15 | 16 | 17 | def validate_shell(rootfd, name): 18 | subprocess.check_call(['bash', '-n', name], preexec_fn=lambda: os.fchdir(rootfd)) 19 | global validated 20 | validated +=1 21 | 22 | 23 | for root, dirs, files, rootfd in os.fwalk('.'): 24 | # Skip folders that do not include content to validate 25 | for d in ['.git', '.github', 'repo', 'cache', 'tmp', 'logs', 'fedora-comps']: 26 | if d in dirs: 27 | dirs.remove(d) 28 | for f in ['.gitlab-ci.yml']: 29 | if f in files: 30 | files.remove(f) 31 | for name in files: 32 | if name.endswith(('.yaml', '.yml')): 33 | print("Validating:", name) 34 | with open(os.open(name, dir_fd=rootfd, flags=os.O_RDONLY)) as f: 35 | yaml.safe_load(f) 36 | result = subprocess.run(['grep', '-RniEv', '^( )*[a-z#/-]|^( )*\\[|^$|^#', name], encoding='UTF-8', 37 | preexec_fn=lambda: os.fchdir(rootfd)) 38 | if result.returncode == 0: 39 | raise Exception("Found likely invalid indentation in YAML file: {}".format(name)) 40 | validated +=1 41 | continue 42 | elif name.endswith('.sh'): 43 | print("Validating:", name) 44 | validate_shell(rootfd, name) 45 | continue 46 | stbuf = os.lstat(name, dir_fd=rootfd) 47 | if not stat.S_ISREG(stbuf.st_mode): 48 | continue 49 | if not stbuf.st_mode & stat.S_IXUSR: 50 | continue 51 | mimetype = subprocess.check_output(['file', '-b', '--mime-type', name], encoding='UTF-8', 52 | preexec_fn=lambda: os.fchdir(rootfd)).strip() 53 | if mimetype == 'text/x-shellscript': 54 | print("Validating:", name) 55 | validate_shell(rootfd, name) 56 | 57 | print(f"Validated {validated} files") 58 | -------------------------------------------------------------------------------- /pitti-post.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -xeuo pipefail 3 | 4 | # Enable SysRQ 5 | echo 'kernel.sysrq = 1' > /usr/lib/sysctl.d/90-sysrq.conf 6 | 7 | # power saving 8 | echo 'blacklist e1000e' > /usr/lib/modprobe.d/blacklist-local.conf 9 | 10 | # NetworkManager config 11 | cat < /usr/lib/NetworkManager/conf.d/local.conf 12 | [main] 13 | plugins= 14 | 15 | [device] 16 | #wifi.backend=iwd 17 | EOF 18 | #ln -sfn ../iwd.service /usr/lib/systemd/system/multi-user.target.wants/iwd.service 19 | 20 | ln -sfn /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 21 | 22 | # set up PAM for systemd-homed 23 | authselect enable-feature with-systemd-homed 24 | 25 | # homed is missing a lot of SELinux policy (https://bugzilla.redhat.com/show_bug.cgi?id=1809878) 26 | # "disabled" breaks rpm-ostree (https://bugzilla.redhat.com/show_bug.cgi?id=1882933), so just use permissive 27 | sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config 28 | 29 | # enable other units 30 | mkdir -p /usr/lib/systemd/system/getty.target.wants 31 | ln -s ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service 32 | ln -s ../systemd-timesyncd.service /usr/lib/systemd/system/sysinit.target.wants/systemd-timesyncd.service 33 | ln -s ../systemd-resolved.service /usr/lib/systemd/system/multi-user.target.wants/systemd-resolved.service 34 | ln -s ../systemd-homed.service /usr/lib/systemd/system/multi-user.target.wants/systemd-homed.service 35 | ln -s ../sshd.socket /usr/lib/systemd/system/sockets.target.wants/sshd.socket 36 | 37 | # disable unwanted services 38 | ln -sfn /dev/null /usr/lib/systemd/user/at-spi-dbus-bus.service 39 | 40 | # move OS systemd unit defaults to /usr 41 | cp -a --verbose /etc/systemd/system /etc/systemd/user /usr/lib/systemd/ 42 | rm -r /etc/systemd/system /etc/systemd/user 43 | 44 | # scanner permissions without scanner packages 45 | echo 'ACTION=="add|change", ENV{DEVTYPE}=="usb_device", ENV{ID_MODEL}=="CanoScan", MODE="666"' > /usr/lib/udev/rules.d/canoscan.rules 46 | 47 | # battery health 48 | echo 'ACTION=="add|change", ATTR{type}=="Battery", ATTR{charge_stop_threshold}="80"' > /usr/lib/udev/rules.d/80-battery-health.rules 49 | 50 | # update for Red Hat certificate 51 | # ln -s /etc/pki/ca-trust/source/anchors/2022-RH-IT-Root-CA.pem /etc/pki/tls/certs/2022-RH-IT-Root-CA.pem 52 | # update-ca-trust 53 | -------------------------------------------------------------------------------- /xfce-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - NetworkManager-openconnect-gnome 4 | - NetworkManager-openvpn-gnome 5 | - NetworkManager-pptp-gnome 6 | - NetworkManager-ssh-gnome 7 | - NetworkManager-vpnc-gnome 8 | - Thunar 9 | - adwaita-gtk2-theme 10 | - adwaita-icon-theme 11 | - atril 12 | - blueman 13 | - desktop-backgrounds-compat 14 | - firefox 15 | - galculator 16 | - glx-utils 17 | - gnome-keyring-pam 18 | - gparted 19 | - greybird-dark-theme 20 | - greybird-light-theme 21 | - greybird-xfce4-notifyd-theme 22 | - greybird-xfwm4-theme 23 | - gtk-xfce-engine 24 | - gvfs 25 | - gvfs-archive 26 | - gvfs-mtp 27 | - initial-setup-gui 28 | - lightdm-gtk 29 | - mesa-dri-drivers 30 | - mesa-vulkan-drivers 31 | - mint-y-theme 32 | - mousepad 33 | - network-manager-applet 34 | - nm-connection-editor 35 | - plymouth-system-theme 36 | - ristretto 37 | - thunar-archive-plugin 38 | - thunar-media-tags-plugin 39 | - thunar-volman 40 | - xarchiver 41 | - xdg-user-dirs-gtk 42 | - xfce4-about 43 | - xfce4-appfinder 44 | - xfce4-battery-plugin 45 | - xfce4-clipman-plugin 46 | - xfce4-cpugraph-plugin 47 | - xfce4-datetime-plugin 48 | - xfce4-dict-plugin 49 | - xfce4-diskperf-plugin 50 | - xfce4-eyes-plugin 51 | - xfce4-fsguard-plugin 52 | - xfce4-genmon-plugin 53 | - xfce4-mailwatch-plugin 54 | - xfce4-mount-plugin 55 | - xfce4-netload-plugin 56 | - xfce4-panel 57 | - xfce4-panel-profiles 58 | - xfce4-places-plugin 59 | - xfce4-power-manager 60 | - xfce4-pulseaudio-plugin 61 | - xfce4-screensaver 62 | - xfce4-screenshooter-plugin 63 | - xfce4-sensors-plugin 64 | - xfce4-session 65 | - xfce4-settings 66 | - xfce4-systemload-plugin 67 | - xfce4-taskmanager 68 | - xfce4-terminal 69 | - xfce4-time-out-plugin 70 | - xfce4-verve-plugin 71 | - xfce4-weather-plugin 72 | - xfce4-whiskermenu-plugin 73 | - xfce4-xkb-plugin 74 | - xfconf 75 | - xfdashboard 76 | - xfdashboard-themes 77 | - xfdesktop 78 | - xfwm4 79 | - xfwm4-themes 80 | - xorg-x11-drv-amdgpu 81 | - xorg-x11-drv-ati 82 | - xorg-x11-drv-evdev 83 | - xorg-x11-drv-libinput 84 | - xorg-x11-drv-nouveau 85 | - xorg-x11-drv-qxl 86 | - xorg-x11-drv-wacom 87 | - xorg-x11-server-Xorg 88 | - xorg-x11-xauth 89 | - xorg-x11-xinit 90 | packages-x86_64: 91 | - xorg-x11-drv-intel 92 | - xorg-x11-drv-openchrome 93 | - xorg-x11-drv-vmware 94 | -------------------------------------------------------------------------------- /mate-atomic-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - NetworkManager-adsl 4 | - NetworkManager-bluetooth 5 | - NetworkManager-openconnect-gnome 6 | - NetworkManager-openvpn-gnome 7 | - NetworkManager-ppp 8 | - NetworkManager-pptp-gnome 9 | - NetworkManager-ssh-gnome 10 | - NetworkManager-vpnc-gnome 11 | - NetworkManager-wifi 12 | - NetworkManager-wwan 13 | - atril 14 | - atril-caja 15 | - atril-thumbnailer 16 | - blueman 17 | - caja 18 | - caja-actions 19 | - caja-image-converter 20 | - caja-open-terminal 21 | - caja-sendto 22 | - caja-wallpaper 23 | - caja-xattr-tags 24 | - dconf-editor 25 | - engrampa 26 | - eom 27 | - f38-backgrounds-base 28 | - f38-backgrounds-extras-base 29 | - f38-backgrounds-extras-mate 30 | - f38-backgrounds-mate 31 | - fedora-release-matecompiz 32 | - firefox 33 | - firewall-config 34 | - glx-utils 35 | - gnome-epub-thumbnailer 36 | - gnome-themes-extra 37 | - gstreamer1-plugins-ugly-free 38 | - gtk2-engines 39 | - gucharmap 40 | - gvfs-afc 41 | - gvfs-afp 42 | - gvfs-archive 43 | - gvfs-fuse 44 | - gvfs-gphoto2 45 | - gvfs-mtp 46 | - gvfs-nfs 47 | - gvfs-smb 48 | - initial-setup-gui 49 | - libmatekbd 50 | - libmatemixer 51 | - libmateweather 52 | - libsecret 53 | - lightdm 54 | - lm_sensors 55 | - marco 56 | - mate-applets 57 | - mate-backgrounds 58 | - mate-calc 59 | - mate-control-center 60 | - mate-desktop 61 | - mate-dictionary 62 | - mate-disk-usage-analyzer 63 | - mate-icon-theme 64 | - mate-media 65 | - mate-menus 66 | - mate-menus-preferences-category-menu 67 | - mate-notification-daemon 68 | - mate-panel 69 | - mate-polkit 70 | - mate-power-manager 71 | - mate-screensaver 72 | - mate-screenshot 73 | - mate-search-tool 74 | - mate-session-manager 75 | - mate-settings-daemon 76 | - mate-system-log 77 | - mate-system-monitor 78 | - mate-terminal 79 | - mate-themes 80 | - mate-user-admin 81 | - mate-user-guide 82 | - mesa-dri-drivers 83 | - mesa-vulkan-drivers 84 | - mozo 85 | - network-manager-applet 86 | - nm-connection-editor 87 | - parole 88 | - pavucontrol 89 | - pipewire-alsa 90 | - pipewire-pulseaudio 91 | - pluma 92 | - plymouth-system-theme 93 | - seahorse 94 | - seahorse-caja 95 | - setroubleshoot 96 | - slick-greeter-mate 97 | - system-config-language 98 | - system-config-printer 99 | - system-config-printer-applet 100 | - usermode-gtk 101 | - xdg-user-dirs-gtk 102 | - xmodmap 103 | - xorg-x11-drv-amdgpu 104 | - xorg-x11-drv-ati 105 | - xorg-x11-drv-evdev 106 | - xorg-x11-drv-libinput 107 | - xorg-x11-drv-nouveau 108 | - xorg-x11-drv-qxl 109 | - xorg-x11-drv-wacom 110 | - xorg-x11-server-Xorg 111 | - xorg-x11-xauth 112 | - xorg-x11-xinit 113 | - xrdb 114 | packages-x86_64: 115 | - xorg-x11-drv-intel 116 | - xorg-x11-drv-openchrome 117 | - xorg-x11-drv-vmware 118 | -------------------------------------------------------------------------------- /pitti-desktop.yaml: -------------------------------------------------------------------------------- 1 | variables: 2 | bootable_container: false 3 | # for mutt 4 | exclude_perl: false 5 | 6 | include: common.yaml 7 | 8 | ref: pitti-desktop 9 | rojig: 10 | name: pitti-desktop 11 | summary: "Pitti Desktop" 12 | license: MIT 13 | 14 | repos: 15 | - fedora-42 16 | - fedora-42-updates 17 | - fedora-cisco-openh264 18 | - rpmfusion-free 19 | - rpmfusion-free-updates 20 | 21 | packages: 22 | # hardware/drivers 23 | - kernel 24 | - kernel-modules-extra 25 | - iwlwifi-mvm-firmware 26 | - alsa-sof-firmware 27 | - NetworkManager-wifi 28 | - NetworkManager-openvpn-gnome 29 | - powertop 30 | - wpa_supplicant 31 | - bluez 32 | - bluez-tools 33 | # basic system 34 | - acl 35 | - attr 36 | - basesystem 37 | - cryptsetup 38 | - dnsmasq 39 | - fedora-workstation-backgrounds 40 | - filesystem 41 | - glibc-langpack-de 42 | - glibc-langpack-en 43 | - hostname 44 | - iproute 45 | - kbd 46 | - nss-altfiles 47 | - pciutils 48 | - rpm-ostree 49 | # don't care, but rpm-ostree build fails otherwise 50 | - selinux-policy-targeted 51 | - sudo 52 | - usbutils 53 | # shell tools and development 54 | - bash-completion 55 | - bc 56 | - bzip2 57 | # authenticate to gmail 58 | - cyrus-sasl-plain 59 | - fpaste 60 | - git 61 | - gnupg2 62 | - isync 63 | - krb5-workstation 64 | - lsof 65 | - man-db 66 | - mtr 67 | - mutt 68 | - neovim 69 | - nmap-ncat 70 | - openssh-server 71 | - openvpn 72 | - podman 73 | - restic 74 | - rsync 75 | - strace 76 | - syncthing 77 | - systemd-container 78 | - toolbox 79 | - tree 80 | - w3m 81 | - wget 82 | 83 | # desktop plumbing/apps 84 | - dejavu-sans-fonts 85 | - dejavu-serif-fonts 86 | - dejavu-sans-mono-fonts 87 | - fontawesome-fonts 88 | - google-noto-emoji-color-fonts 89 | 90 | - gvfs-mtp 91 | - pulseaudio-utils 92 | - alsa-plugins-pulseaudio 93 | - gstreamer1-plugins-good 94 | - gstreamer1-plugins-bad-free 95 | - gstreamer1-plugin-openh264 96 | - gstreamer1-libav 97 | # for wf-recorder 98 | - libavdevice 99 | - xdg-desktop-portal-gtk 100 | 101 | - pavucontrol 102 | - pcmanfm 103 | - nm-connection-editor 104 | - blueman 105 | - eog 106 | - evince 107 | - rhythmbox 108 | - gnome-keyring 109 | - pinentry-gnome3 110 | - mate-polkit 111 | - lxterminal 112 | - gnome-disk-utility 113 | - rofimoji 114 | 115 | # sway/wayland desktop 116 | - sway 117 | - swayidle 118 | - swaylock 119 | - kanshi 120 | - mako 121 | - waybar 122 | - slurp 123 | - grim 124 | - xorg-x11-server-Xwayland 125 | - firefox 126 | - wofi 127 | - brightnessctl 128 | - wl-clipboard 129 | 130 | exclude-packages: 131 | # recommended by sway 132 | - alacritty 133 | - brltty 134 | - glibc-all-langpacks 135 | # recommended by gtk3 136 | - tracker 137 | - tracker-miners 138 | # recommended by toolbox 139 | - subscription-manager 140 | # recommended by udisks 141 | - exfatprogs 142 | - f2fs-tools 143 | - btrfs-progs 144 | - nilfs-utils 145 | - udftools 146 | # does not work 147 | - xdg-desktop-portal-wlr 148 | # recommended by containers-common-extra 149 | - qemu-user-static 150 | 151 | #add-files: 152 | # - ["2022-RH-IT-Root-CA.pem", "/etc/pki/ca-trust/source/anchors/2022-RH-IT-Root-CA.pem"] 153 | 154 | postprocess-script: pitti-post.sh 155 | -------------------------------------------------------------------------------- /common-packages.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT! This content is generated from comps-sync.py 2 | packages: 3 | - NetworkManager 4 | - NetworkManager-bluetooth 5 | - NetworkManager-config-connectivity-fedora 6 | - NetworkManager-wifi 7 | - NetworkManager-wwan 8 | - acl 9 | - alsa-ucm 10 | - alsa-utils 11 | - amd-gpu-firmware 12 | - at-spi2-atk 13 | - at-spi2-core 14 | - atheros-firmware 15 | - attr 16 | - audit 17 | - b43-fwcutter 18 | - b43-openfwwf 19 | - basesystem 20 | - bash 21 | - bash-color-prompt 22 | - bash-completion 23 | - bc 24 | - bind-utils 25 | - bluez-cups 26 | - brcmfmac-firmware 27 | - brltty 28 | - btrfs-progs 29 | - bzip2 30 | - chrony 31 | - cifs-utils 32 | - colord 33 | - compsize 34 | - coreutils 35 | - cpio 36 | - cryptsetup 37 | - cups 38 | - cups-browsed 39 | - cups-filters 40 | - curl 41 | - cyrus-sasl-plain 42 | - default-editor 43 | - default-fonts-cjk-mono 44 | - default-fonts-cjk-sans 45 | - default-fonts-cjk-serif 46 | - default-fonts-core-emoji 47 | - default-fonts-core-math 48 | - default-fonts-core-mono 49 | - default-fonts-core-sans 50 | - default-fonts-core-serif 51 | - default-fonts-other-mono 52 | - default-fonts-other-sans 53 | - default-fonts-other-serif 54 | - dhcp-client 55 | - dnsmasq 56 | - e2fsprogs 57 | - ethtool 58 | - exfatprogs 59 | - fedora-bookmarks 60 | - fedora-chromium-config 61 | - fedora-flathub-remote 62 | - fedora-workstation-backgrounds 63 | - fedora-workstation-repositories 64 | - file 65 | - filesystem 66 | - firefox 67 | - firewalld 68 | - fpaste 69 | - fros-gnome 70 | - fwupd 71 | - gamemode 72 | - glibc 73 | - glibc-all-langpacks 74 | - gnupg2 75 | - gstreamer1-plugin-dav1d 76 | - gstreamer1-plugin-libav 77 | - gstreamer1-plugins-bad-free 78 | - gstreamer1-plugins-good 79 | - gstreamer1-plugins-ugly-free 80 | - gutenprint 81 | - gutenprint-cups 82 | - hostname 83 | - hplip 84 | - hunspell 85 | - hyperv-daemons 86 | - ibus-anthy 87 | - ibus-chewing 88 | - ibus-gtk3 89 | - ibus-gtk4 90 | - ibus-hangul 91 | - ibus-libpinyin 92 | - ibus-m17n 93 | - ibus-typing-booster 94 | - intel-gpu-firmware 95 | - iproute 96 | - iptables-nft 97 | - iptstate 98 | - iputils 99 | - iwlegacy-firmware 100 | - iwlwifi-dvm-firmware 101 | - iwlwifi-mvm-firmware 102 | - kbd 103 | - less 104 | - libertas-firmware 105 | - libglvnd-gles 106 | - linux-firmware 107 | - logrotate 108 | - lrzsz 109 | - lsof 110 | - man-db 111 | - man-pages 112 | - mdadm 113 | - mesa-dri-drivers 114 | - mesa-vulkan-drivers 115 | - mpage 116 | - mt7xxx-firmware 117 | - mtr 118 | - nfs-utils 119 | - nss-altfiles 120 | - nss-mdns 121 | - ntfs-3g 122 | - ntfsprogs 123 | - nvidia-gpu-firmware 124 | - nxpwireless-firmware 125 | - open-vm-tools-desktop 126 | - opensc 127 | - openssh-clients 128 | - openssh-server 129 | - orca 130 | - pam_afs_session 131 | - paps 132 | - passwdqc 133 | - pciutils 134 | - pinfo 135 | - pipewire-alsa 136 | - pipewire-gstreamer 137 | - pipewire-pulseaudio 138 | - pipewire-utils 139 | - plocate 140 | - plymouth 141 | - plymouth-system-theme 142 | - policycoreutils 143 | - policycoreutils-python-utils 144 | - prefixdevname 145 | - procps-ng 146 | - psmisc 147 | - qemu-guest-agent 148 | - qt5-qtbase 149 | - qt5-qtbase-gui 150 | - qt5-qtdeclarative 151 | - qt5-qtxmlpatterns 152 | - quota 153 | - realmd 154 | - realtek-firmware 155 | - rootfiles 156 | - rpm 157 | - rpm-ostree 158 | - rsync 159 | - samba-client 160 | - selinux-policy-targeted 161 | - setup 162 | - shadow-utils 163 | - sos 164 | - speech-dispatcher 165 | - spice-vdagent 166 | - spice-webdavd 167 | - sssd-common 168 | - sssd-kcm 169 | - sudo 170 | - system-config-printer-udev 171 | - systemd 172 | - systemd-oomd-defaults 173 | - systemd-resolved 174 | - systemd-udev 175 | - tar 176 | - time 177 | - tiwilink-firmware 178 | - toolbox 179 | - tree 180 | - unzip 181 | - uresourced 182 | - usb_modeswitch 183 | - usbutils 184 | - util-linux 185 | - vim-minimal 186 | - wget2-wget 187 | - which 188 | - whois 189 | - wireplumber 190 | - words 191 | - wpa_supplicant 192 | - zip 193 | - zram-generator-defaults 194 | packages-x86_64: 195 | - alsa-sof-firmware 196 | - amd-ucode-firmware 197 | - cirrus-audio-firmware 198 | - intel-audio-firmware 199 | - intel-vsc-firmware 200 | - libva-intel-media-driver 201 | - mcelog 202 | - microcode_ctl 203 | - thermald 204 | - virtualbox-guest-additions 205 | packages-aarch64: 206 | - qcom-firmware 207 | - qrtr 208 | - rmtfs 209 | -------------------------------------------------------------------------------- /ci/validate.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | tasks: 3 | # https://pagure.io/fedora-ci/general/issue/505 4 | - name: Restart systemd-resolved 5 | become: true 6 | command: systemctl restart systemd-resolved 7 | when: zuul.branch == "rawhide" or zuul.branch == "main" 8 | 9 | - name: Upgrade all packages 10 | ansible.builtin.dnf: 11 | name: "*" 12 | state: latest 13 | become: true 14 | 15 | - name: Install dependencies 16 | package: 17 | name: 18 | - 'jq' 19 | - 'just' 20 | - 'ostree' 21 | - 'python3-pyyaml' 22 | - 'rpm-ostree' 23 | - 'selinux-policy-targeted' 24 | state: present 25 | become: true 26 | 27 | - name: Validate manifests and scripts syntax 28 | ansible.builtin.command: 29 | chdir: "{{ zuul.project.src_dir }}" 30 | cmd: just validate 31 | 32 | - name: Verify that the comps and manifests are synced 33 | ansible.builtin.shell: 34 | chdir: "{{ zuul.project.src_dir }}" 35 | cmd: "just validate comps-sync-check && touch .zuulci.comps" 36 | # Still run the next step if this one fails 37 | ignore_errors: true 38 | 39 | - name: Perform dependency resolution for Silverblue 40 | ansible.builtin.shell: 41 | chdir: "{{ zuul.project.src_dir }}" 42 | cmd: "just compose-dry-run silverblue && touch .zuulci.silverblue" 43 | # Still run the next step if this one fails 44 | ignore_errors: true 45 | 46 | - name: Perform dependency resolution for Silverblue (ostree classic) 47 | ansible.builtin.shell: 48 | chdir: "{{ zuul.project.src_dir }}" 49 | cmd: "just compose-dry-run silverblue-ostree && touch .zuulci.silverblue-ostree" 50 | # Still run the next step if this one fails 51 | ignore_errors: true 52 | 53 | - name: Perform dependency resolution for Kinoite 54 | ansible.builtin.shell: 55 | chdir: "{{ zuul.project.src_dir }}" 56 | cmd: "just compose-dry-run kinoite && touch .zuulci.kinoite" 57 | # Still run the next step if this one fails 58 | ignore_errors: true 59 | 60 | - name: Perform dependency resolution for Kinoite (ostree classic) 61 | ansible.builtin.shell: 62 | chdir: "{{ zuul.project.src_dir }}" 63 | cmd: "just compose-dry-run kinoite-ostree && touch .zuulci.kinoite-ostree" 64 | # Still run the next step if this one fails 65 | ignore_errors: true 66 | 67 | - name: Perform dependency resolution for Sway Atomic 68 | ansible.builtin.shell: 69 | chdir: "{{ zuul.project.src_dir }}" 70 | cmd: "just compose-dry-run sway-atomic && touch .zuulci.sway-atomic" 71 | # Still run the next step if this one fails 72 | ignore_errors: true 73 | 74 | - name: Perform dependency resolution for Sway Atomic (ostree classic) 75 | ansible.builtin.shell: 76 | chdir: "{{ zuul.project.src_dir }}" 77 | cmd: "just compose-dry-run sway-atomic-ostree && touch .zuulci.sway-atomic-ostree" 78 | # Still run the next step if this one fails 79 | ignore_errors: true 80 | 81 | - name: Perform dependency resolution for Budgie Atomic 82 | ansible.builtin.shell: 83 | chdir: "{{ zuul.project.src_dir }}" 84 | cmd: "just compose-dry-run budgie-atomic && touch .zuulci.budgie-atomic" 85 | # Still run the next step if this one fails 86 | ignore_errors: true 87 | 88 | - name: Perform dependency resolution for Budgie Atomic (ostree classic) 89 | ansible.builtin.shell: 90 | chdir: "{{ zuul.project.src_dir }}" 91 | cmd: "just compose-dry-run budgie-atomic-ostree && touch .zuulci.budgie-atomic-ostree" 92 | # Still run the next step if this one fails 93 | ignore_errors: true 94 | 95 | - name: Perform dependency resolution for COSMIC Atomic 96 | ansible.builtin.shell: 97 | chdir: "{{ zuul.project.src_dir }}" 98 | cmd: "just compose-dry-run cosmic-atomic && touch .zuulci.cosmic-atomic" 99 | # Still run the next step if this one fails 100 | ignore_errors: true 101 | 102 | - name: Perform dependency resolution for COSMIC Atomic (ostree classic) 103 | ansible.builtin.shell: 104 | chdir: "{{ zuul.project.src_dir }}" 105 | cmd: "just compose-dry-run cosmic-atomic-ostree && touch .zuulci.cosmic-atomic-ostree" 106 | # Still run the next step if this one fails 107 | ignore_errors: true 108 | 109 | - name: Compose the base variant 110 | ansible.builtin.command: 111 | chdir: "{{ zuul.project.src_dir }}" 112 | cmd: just compose-image base-atomic 113 | 114 | - name: Check if any previous dependency resolution steps failed 115 | ansible.builtin.shell: 116 | chdir: "{{ zuul.project.src_dir }}" 117 | cmd: "[[ -f .zuulci.comps ]] && [[ -f .zuulci.silverblue ]] && [[ -f .zuulci.silverblue-ostree ]] && [[ -f .zuulci.kinoite ]] && [[ -f .zuulci.kinoite-ostree ]] && [[ -f .zuulci.sway-atomic ]] && [[ -f .zuulci.sway-atomic-ostree ]] && [[ -f .zuulci.budgie-atomic ]] && [[ -f .zuulci.budgie-atomic-ostree ]] && [[ -f .zuulci.cosmic-atomic ]] && [[ -f .zuulci.cosmic-atomic-ostree ]]" 118 | -------------------------------------------------------------------------------- /common.yaml: -------------------------------------------------------------------------------- 1 | releasever: 42 2 | automatic-version-prefix: "${releasever}." 3 | mutate-os-release: "${releasever}" 4 | 5 | variables: 6 | # Default to Bootable Containers and override in classic ostree manifests 7 | bootable_container: true 8 | # Exclude Perl by default and override for XFCE & LXQt 9 | exclude_perl: true 10 | 11 | # Default to `bash` in our container, the same as other containers we ship. 12 | container-cmd: 13 | - /usr/bin/bash 14 | 15 | include: 16 | # See: https://gitlab.com/fedora/ostree/sig/-/issues/1 17 | - bootupd.yaml 18 | # Dracut configuration for the initramfs 19 | - initramfs.yaml 20 | # Read only sysroot 21 | - sysroot-ro.yaml 22 | # Enable kernel-install support 23 | - kernel-install.yaml 24 | # Enable composefs 25 | - composefs.yaml 26 | 27 | arch-include: 28 | x86_64: 29 | - qemu-user-static-x86_64.yaml 30 | aarch64: 31 | - qemu-user-static-non-x86_64.yaml 32 | 33 | conditional-include: 34 | # Manifests included only for classic ostree variants 35 | - if: bootable_container == false 36 | include: 37 | - ostree-classic.yaml 38 | # Manifests included only for the Bootable Container variants 39 | - if: bootable_container == true 40 | include: 41 | - bootc.yaml 42 | - dnf5.yaml 43 | - if: exclude_perl == true 44 | include: 45 | - exclude-perl.yaml 46 | 47 | packages: 48 | # Ensure that we have a kernel. Kernel packages are not in any comps group 49 | - kernel 50 | - kernel-modules 51 | - kernel-modules-extra 52 | # Do not include "full" Git as it brings in Perl 53 | - git-core 54 | # Required until we've completed the move to systemd-sysusers 55 | # See: https://github.com/fedora-silverblue/issue-tracker/issues/362 56 | - nss-altfiles 57 | # Container management 58 | - buildah 59 | - podman 60 | - skopeo 61 | # Keep fuse-overlayfs for compatibilty and rootless containers use cases 62 | # See: https://github.com/coreos/fedora-coreos-tracker/issues/1749 63 | - fuse-overlayfs 64 | # See: https://github.com/fedora-silverblue/issue-tracker/issues/503 65 | - systemd-container 66 | # Provides terminal tools like clear, reset, tput, and tset 67 | - ncurses 68 | # Flatpak support 69 | - flatpak 70 | - xdg-desktop-portal 71 | # Selected packages from the anaconda-tools group. See: https://gitlab.com/fedora/ostree/sig/-/issues/5 72 | - dosfstools 73 | - nvme-cli 74 | 75 | selinux: true 76 | documentation: true 77 | boot-location: modules 78 | etc-group-members: 79 | - wheel 80 | tmp-is-dir: true 81 | 82 | ignore-removed-users: 83 | - root 84 | ignore-removed-groups: 85 | - root 86 | check-passwd: 87 | type: file 88 | filename: passwd 89 | check-groups: 90 | type: file 91 | filename: group 92 | 93 | default_target: graphical.target 94 | 95 | packages-aarch64: 96 | - grub2-efi 97 | - efibootmgr 98 | - shim 99 | packages-x86_64: 100 | - grub2-efi-ia32 101 | - grub2-efi-x64 102 | - grub2-pc 103 | - efibootmgr 104 | - shim-ia32 105 | - shim-x64 106 | 107 | # Make sure the following are not pulled in when Recommended by other packages 108 | exclude-packages: 109 | - PackageKit 110 | # We can not include openh264. See https://fedoraproject.org/wiki/OpenH264 111 | # - gstreamer1-plugin-openh264 112 | # - mozilla-openh264 113 | # - openh264 114 | # Do not include dnf4. Classic ostree also exclude dnf5 in another manifest 115 | - dnf 116 | - dnf-plugins-core 117 | # https://github.com/fedora-silverblue/issue-tracker/issues/517 118 | - grubby 119 | - sdubby 120 | # Exclude Tk. We can not exclude Tcl as it is neeeded for usb_modeswitch 121 | - tk 122 | # Exclude QEMU. See: https://gitlab.com/fedora/ostree/sig/-/issues/58 123 | - qemu-kvm 124 | - qemu-kvm-core 125 | - qemu-device-display-virtio-gpu 126 | - qemu-device-display-virtio-vga 127 | # See: https://github.com/fedora-silverblue/issue-tracker/issues/646 128 | - hplip-gui 129 | 130 | postprocess: 131 | - | 132 | #!/usr/bin/env bash 133 | set -xeuo pipefail 134 | 135 | # Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295 136 | # From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf 137 | install -dm0755 /usr/lib/systemd/journald.conf.d/ 138 | echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf 139 | 140 | # See: https://src.fedoraproject.org/rpms/glibc/pull-request/4 141 | # Basically that program handles deleting old shared library directories 142 | # mid-transaction, which never applies to rpm-ostree. This is structured as a 143 | # loop/glob to avoid hardcoding (or trying to match) the architecture. 144 | for x in /usr/sbin/glibc_post_upgrade.*; do 145 | if test -f ${x}; then 146 | ln -srf /usr/bin/true ${x} 147 | fi 148 | done 149 | 150 | # Remove loader directory causing issues in Anaconda in unified core mode 151 | # Will be obsolete once we start using bootupd 152 | rm -rf /usr/lib/ostree-boot/loader 153 | 154 | # Undo RPM scripts enabling units; we want the presets to be canonical 155 | # https://github.com/projectatomic/rpm-ostree/issues/1803 156 | rm -rf /etc/systemd/system/* 157 | systemctl preset-all 158 | rm -rf /etc/systemd/user/* 159 | systemctl --user --global preset-all 160 | -------------------------------------------------------------------------------- /comps-sync-exclude-list.yml: -------------------------------------------------------------------------------- 1 | # This file has a list of packages to skip from comps that we don't want 2 | 3 | # Entirely skip all packages in those groups for the common set of packages 4 | exclude_list_groups: 5 | - libreoffice 6 | - gnome-desktop 7 | - container-management 8 | - base-x 9 | 10 | # Always exclude packages matching those regexp: 11 | # - PackageKit is spread across various groups 12 | # - We can not include openh264. See https://fedoraproject.org/wiki/OpenH264 13 | exclude_list_all_regexp: 14 | - "PackageKit.*" 15 | - "gstreamer1-plugin-openh264" 16 | - "mozilla-openh264" 17 | - "openh264" 18 | 19 | # Common exclude list for all ostree desktop versions 20 | exclude_list: 21 | core: 22 | # Make sure we only pull-in dnf5 and not dnf4 or yum 23 | - dnf 24 | - dnf-plugins-core 25 | - yum 26 | # We include dnf5 in another manifest, only for bootable containers 27 | - dnf5 28 | - dnf5-plugins 29 | # Not sure why this is there at all 30 | - dracut-config-rescue 31 | # Eh...you can install this in a priv container 32 | - parted 33 | # https://bugzilla.redhat.com/show_bug.cgi?id=1452348 34 | - grubby 35 | # Colin says we also don't need grubby-deprecated 36 | - grubby-deprecated 37 | # Why? 38 | - ncurses 39 | workstation-product: 40 | # Make sure we only pull-in dnf5 and not dnf4 or yum 41 | - dnf 42 | - dnf-plugins-core 43 | - deltarpm 44 | - python3-dnf-plugin-system-upgrade 45 | - python3-dnf-plugins-core 46 | # We include dnf5 in another manifest, only for bootable containers 47 | - dnf5 48 | - dnf5-plugins 49 | # We use fedora-release-silverblue instead 50 | - fedora-release-workstation 51 | # Really not worth listing explicitly 52 | - filesystem 53 | - mailcap 54 | # This seems like some weird legacy thing, it also 55 | # drags in usermode, which should also be deprecated 56 | # and blocks a /usr/sbin + /usr/bin unification. 57 | - setuptool 58 | # This probably doesn't need to be default 59 | - ppp 60 | # We removed cronie a while ago, should nuke these too 61 | - crontabs 62 | - at 63 | # See: https://gitlab.com/fedora/ostree/sig/-/issues/30 64 | - abrt-cli 65 | - abrt-desktop 66 | - abrt-java-connector 67 | # Requires libreoffice 68 | - unoconv 69 | # Will change to git-core as git pulls in Perl 70 | - git 71 | # Apps 72 | - evolution 73 | - evolution-ews 74 | - evolution-help 75 | - mediawriter 76 | - rhythmbox 77 | # This is ancient now, and IMO has been superceded by cgroups 78 | # Also it breaks with --unified-core. 79 | - psacct 80 | # Random tools: container 81 | - jwhois 82 | - net-tools 83 | - nmap-ncat 84 | - rdist 85 | - tcpdump 86 | - telnet 87 | - traceroute 88 | # filesystem tools, again priv container 89 | - dosfstools 90 | - symlinks 91 | # Misc 92 | - dos2unix 93 | # Gnome specific 94 | - desktop-backgrounds-gnome 95 | - gnome-shell-extension-background-logo 96 | - pinentry-gnome3 97 | # Excluded here for all desktops and manually re-added in Silverblue manifest 98 | - qadwaitadecorations-qt5 99 | # X11 specific 100 | - xorg-x11-drv-libinput 101 | networkmanager-submodules: 102 | # Let's use the builtin one by default 103 | - dhcp-client 104 | printing: 105 | # We don't use PackageKit 106 | - cups-pk-helper 107 | # For now... 108 | - ghostscript 109 | workstation-ostree-support: 110 | # Now only included in the legacy ostree variants 111 | - ostree-grub2 112 | 113 | # Desktop environment specific exclude lists 114 | desktop_exclude_list: 115 | gnome-desktop: 116 | # Non-critical apps -> Flatpak 117 | - baobab 118 | - cheese 119 | - snapshot 120 | - evince 121 | - evince-djvu 122 | - evince-nautilus 123 | - file-roller 124 | - file-roller-nautilus 125 | - gnome-boxes 126 | - gnome-calculator 127 | - gnome-calendar 128 | - gnome-characters 129 | - gnome-clocks 130 | - gnome-connections 131 | - gnome-contacts 132 | - gnome-documents 133 | - gnome-font-viewer 134 | - gnome-logs 135 | - gnome-maps 136 | - gnome-photos 137 | - gnome-screenshot 138 | - gnome-text-editor 139 | - gnome-weather 140 | - jwhois 141 | - loupe 142 | - rdist 143 | - sane-backends-drivers-scanners 144 | - simple-scan 145 | - sushi 146 | - symlinks 147 | - tcpdump 148 | - telnet 149 | - totem 150 | - totem-nautilus 151 | - traceroute 152 | budgie-desktop: 153 | # Incompatible with ostree for various reasons 154 | - abrt-desktop 155 | - cups-pk-helper 156 | - dnfdragora 157 | # Remove uncommon NetworkManager plugins 158 | - NetworkManager-fortisslvpn-gnome 159 | - NetworkManager-iodine-gnome 160 | - NetworkManager-l2tp-gnome 161 | - NetworkManager-libreswan-gnome 162 | - NetworkManager-sstp-gnome 163 | - NetworkManager-strongswan-gnome 164 | budgie-desktop-apps: 165 | # Non-critical apps -> Flatpak 166 | - atril 167 | - eom 168 | - gnome-calculator 169 | - parole 170 | - rhythmbox 171 | kde-desktop: 172 | # Incompatible with ostree for various reasons 173 | - abrt-desktop 174 | - cups-pk-helper 175 | - dnfdragora 176 | - plasma-pk-updates 177 | # Misc 178 | - ksshaskpass 179 | - kwebkitpart 180 | # Remove some NetworkManager plugins that pull-in lesser used VPN packages 181 | - plasma-nm-l2tp 182 | - plasma-nm-openswan 183 | - plasma-nm-pptp 184 | # Remove initial-setup from Kinoite 185 | # See: https://fedoraproject.org/wiki/Changes/KDERemoveInitialSetup 186 | - initial-setup-gui 187 | # Already included in all Atomic Desktops by default 188 | - toolbox 189 | # Already included by default for all variants 190 | - glibc-all-langpacks 191 | kde-mobile: 192 | # Already included by default for all variants 193 | - glibc-all-langpacks 194 | xfce-desktop: 195 | # Incompatible with ostree for various reasons 196 | - abrt-desktop 197 | - dnfdragora-updater 198 | # Non-critical apps -> Flatpak 199 | - fros-recordmydesktop 200 | - tumbler 201 | # Misc 202 | - alsa-utils 203 | - firewall-config 204 | - openssh-askpass 205 | - vim-enhanced 206 | # Remove uncommon NetworkManager plugins 207 | - NetworkManager-fortisslvpn-gnome 208 | - NetworkManager-iodine-gnome 209 | - NetworkManager-l2tp-gnome 210 | - NetworkManager-libreswan-gnome 211 | - NetworkManager-sstp-gnome 212 | - NetworkManager-strongswan-gnome 213 | xfce-apps: 214 | # Non-critical apps -> Flatpak 215 | - claws-mail 216 | - catfish 217 | - claws-mail-plugins-archive 218 | - claws-mail-plugins-att-remover 219 | - claws-mail-plugins-attachwarner 220 | - claws-mail-plugins-fetchinfo 221 | - claws-mail-plugins-mailmbox 222 | - claws-mail-plugins-newmail 223 | - claws-mail-plugins-notification 224 | - claws-mail-plugins-pgp 225 | - claws-mail-plugins-rssyl 226 | - claws-mail-plugins-smime 227 | - claws-mail-plugins-spam-report 228 | - claws-mail-plugins-tnef 229 | - claws-mail-plugins-vcalendar 230 | - geany 231 | - pidgin 232 | - seahorse 233 | - transmission 234 | lxqt-desktop: 235 | # Incompatible with ostree for various reasons 236 | - dnfdragora-updater 237 | # X11 is going away with Plasma 6 238 | - sddm-x11 239 | deepin-desktop: 240 | # Incompatible with ostree for various reasons 241 | - dnfdragora-updater 242 | mate-desktop: 243 | # Incompatible with ostree for various reasons 244 | - abrt-desktop 245 | - abrt-java-connector 246 | - dnfdragora-updater 247 | # Non-critical apps -> Flatpak 248 | - blivet-gui 249 | - filezilla 250 | - gnome-disk-utility 251 | - gnome-logs 252 | - gnote 253 | - gparted 254 | - hexchat 255 | - p7zip 256 | - p7zip-plugins 257 | - simple-scan 258 | - thunderbird 259 | - transmission-gtk 260 | - vim-enhanced 261 | - xfburn 262 | - yelp 263 | # Non critical NetworkManager plugins 264 | - NetworkManager-iodine-gnome 265 | - NetworkManager-l2tp-gnome 266 | - NetworkManager-libreswan-gnome 267 | - NetworkManager-ovs 268 | - NetworkManager-sstp-gnome 269 | - NetworkManager-strongswan-gnome 270 | - NetworkManager-team 271 | # Already in the common set 272 | - wireplumber 273 | swaywm-extended: 274 | # Non-critical apps -> Flatpak 275 | - mpv 276 | cinnamon-desktop: 277 | # Incompatible with ostree for various reasons 278 | - abrt-desktop 279 | - abrt-java-connector 280 | - dnfdragora-updater 281 | # Will switch to Silverblue on rebases 282 | - gnome-software 283 | # Non-critical apps -> Flatpak & toolbox 284 | - eom 285 | - gnome-calculator 286 | - gucharmap 287 | - hexchat 288 | - mpv 289 | - pidgin 290 | - sane-backends-drivers-scanners 291 | - shotwell 292 | - simple-scan 293 | - thunderbird 294 | - tmux 295 | - tmux-powerline 296 | - transmission 297 | - vim-powerline 298 | - xed 299 | - xfburn 300 | - xreader 301 | # Not default to cinnamon 302 | - paper-icon-theme 303 | # Non critical NetworkManager plugins 304 | - NetworkManager-iodine-gnome 305 | - NetworkManager-l2tp-gnome 306 | - NetworkManager-libreswan-gnome 307 | - NetworkManager-ovs 308 | - NetworkManager-sstp-gnome 309 | - NetworkManager-strongswan-gnome 310 | - NetworkManager-team 311 | cosmic-desktop-apps: 312 | # Non-critical apps -> Flatpak 313 | - gnome-calculator 314 | - nheko 315 | - okular 316 | - rhythmbox 317 | - thunderbird 318 | -------------------------------------------------------------------------------- /comps-sync.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | ''' 4 | Usage: ./comps-sync.py [--save] /path/to/comps-f42.xml.in 5 | 6 | Filter and sync packages from comps groups into rpm-ostree manifests. The sync 7 | will remove packages from the manifests which are not mentioned in comps and 8 | add missing packages from comps to the manifests. 9 | 10 | Use --save to write the changes and always exit with a 0 return code. 11 | Otherwise, exit with a non zero return code if any changes are needed. 12 | ''' 13 | 14 | import argparse 15 | import re 16 | import sys 17 | import yaml 18 | import libcomps 19 | 20 | ARCHES = ("x86_64", "aarch64") 21 | 22 | def fatal(msg): 23 | '''Print the error message and exit.''' 24 | print(msg, file = sys.stderr) 25 | sys.exit(1) 26 | 27 | def format_pkgtype(pkgtype): 28 | '''Return a printable string from a libcomps package type.''' 29 | if pkgtype == libcomps.PACKAGE_TYPE_DEFAULT: 30 | return 'default' 31 | if pkgtype == libcomps.PACKAGE_TYPE_MANDATORY: 32 | return 'mandatory' 33 | assert False 34 | 35 | def write_manifest(fpath, pkgs): 36 | '''Write the package list in a manifest.''' 37 | with open(fpath, 'w', encoding='UTF-8') as f: 38 | f.write("# DO NOT EDIT! This content is generated from comps-sync.py\n") 39 | f.write("packages:\n") 40 | for pkg in sorted(pkgs['all']): 41 | f.write(f' - {pkg}\n') 42 | for arch in ARCHES: 43 | if pkgs[arch]: 44 | f.write(f"packages-{arch}:\n") 45 | for pkg in sorted(pkgs[arch]): 46 | f.write(f' - {pkg}\n') 47 | print(f'Wrote {fpath}') 48 | 49 | def is_exclude_listed(pkgname, exclude_list_regexp): 50 | '''Check if pkgname is in the exclude list.''' 51 | for br in exclude_list_regexp: 52 | if br.match(pkgname): 53 | return True 54 | return False 55 | 56 | def load_packages_from_manifest(manifest_path): 57 | '''Load the list of packages from an rpm-ostree manifest file.''' 58 | with open(manifest_path, encoding='UTF-8') as f: 59 | manifest = yaml.safe_load(f) 60 | manifest_packages = {} 61 | manifest_packages['all'] = set(manifest['packages']) 62 | for arch in ARCHES: 63 | if f'packages-{arch}' in manifest: 64 | manifest_packages[arch] = set(manifest[f'packages-{arch}']) 65 | else: 66 | manifest_packages[arch] = set() 67 | return manifest_packages 68 | 69 | def load_packages_from_comps_group(comps_group_packages, comps, groupname, exclude_list, exclude_list_regexp): 70 | '''Load packages from a comps group, storing the group, type and arches.''' 71 | for arch in ARCHES: 72 | filtered = comps.arch_filter([arch]) 73 | group = filtered.groups_match(id=groupname)[0] 74 | for pkg in group.packages: 75 | pkgname = pkg.name 76 | if pkg.type not in (libcomps.PACKAGE_TYPE_DEFAULT, 77 | libcomps.PACKAGE_TYPE_MANDATORY): 78 | continue 79 | if pkgname in exclude_list or is_exclude_listed(pkgname, exclude_list_regexp): 80 | continue 81 | pkgdata = comps_group_packages.get(pkgname) 82 | if pkgdata is None: 83 | comps_group_packages[pkgname] = pkgdata = (pkg.type, set([groupname]), set([arch])) 84 | if (pkgdata[0] == libcomps.PACKAGE_TYPE_DEFAULT and 85 | pkg.type == libcomps.PACKAGE_TYPE_MANDATORY): 86 | comps_group_packages[pkgname] = pkgdata = (pkg.type, pkgdata[1], pkgdata[2]) 87 | pkgdata[1].add(groupname) 88 | pkgdata[2].add(arch) 89 | return comps_group_packages 90 | 91 | def compare_comps_manifest_package_lists(comps_group_pkgs, manifest_packages): 92 | '''Compare the list of packages in the comps and the manifests and return the difference.''' 93 | # Look for packages in the manifest but not in the comps 94 | comps_unknown = set() 95 | for arch in manifest_packages: 96 | for pkg in manifest_packages[arch]: 97 | if arch == "all": 98 | if pkg in comps_group_pkgs and set(comps_group_pkgs[pkg][2]) == set(ARCHES): 99 | continue 100 | else: 101 | if pkg in comps_group_pkgs and arch in comps_group_pkgs[pkg][2]: 102 | continue 103 | comps_unknown.add((pkg, arch)) 104 | 105 | # Look for packages in comps but not in the manifest 106 | pkgs_added = {} 107 | for (pkg, pkgdata) in comps_group_pkgs.items(): 108 | if set(ARCHES) == set(pkgdata[2]): 109 | if pkg not in manifest_packages['all']: 110 | pkgs_added[pkg] = pkgdata 111 | else: 112 | for arch in pkgdata[2]: 113 | if pkg not in manifest_packages[arch]: 114 | if pkg not in pkgs_added: 115 | pkgs_added[pkg] = (pkgdata[0], pkgdata[1], set([arch])) 116 | else: 117 | pkgs_added[pkg][2].add(arch) 118 | 119 | return comps_unknown, pkgs_added 120 | 121 | def update_manifests_from_groups(comps, groups, path, variant, save, comps_exclude_list, comps_exclude_list_all): 122 | manifest_packages = load_packages_from_manifest(path) 123 | 124 | comps_group_pkgs = {} 125 | for group in groups: 126 | exclude_list = comps_exclude_list.get(group, set()) 127 | comps_group_pkgs = load_packages_from_comps_group(comps_group_pkgs, comps, group, exclude_list, comps_exclude_list_all) 128 | 129 | (comps_unknown, pkgs_added) = compare_comps_manifest_package_lists(comps_group_pkgs, manifest_packages) 130 | 131 | n_manifest_new = len(comps_unknown) 132 | n_comps_new = len(pkgs_added) 133 | 134 | if variant == "common": 135 | print(f'Syncing common packages:\t+{n_comps_new}, -{n_manifest_new}') 136 | else: 137 | print(f'Syncing packages for {variant}:\t+{n_comps_new}, -{n_manifest_new}') 138 | if n_manifest_new != 0: 139 | for (pkg, arch) in sorted(comps_unknown, key = lambda x: x[0]): 140 | manifest_packages[arch].remove(pkg) 141 | print(f' - {pkg} (arches: {arch})') 142 | if n_comps_new != 0: 143 | for pkg in sorted(pkgs_added): 144 | (req, groups, arches) = pkgs_added[pkg] 145 | if set(ARCHES) == arches: 146 | manifest_packages['all'].add(pkg) 147 | print(' + {} ({}, groups: {}, arches: all)'.format(pkg, format_pkgtype(req), ', '.join(groups))) 148 | else: 149 | for arch in arches: 150 | manifest_packages[arch].add(pkg) 151 | print(' + {} ({}, groups: {}, arches: {})'.format(pkg, format_pkgtype(req), ', '.join(groups), ', '.join(arches))) 152 | 153 | if (n_manifest_new > 0 or n_comps_new > 0): 154 | if save: 155 | write_manifest(path, manifest_packages) 156 | return 1 157 | return 0 158 | 159 | def main(): 160 | parser = argparse.ArgumentParser() 161 | parser.add_argument("--save", help="Write changes to manifests", action='store_true') 162 | parser.add_argument("src", help="Source path") 163 | 164 | args = parser.parse_args() 165 | 166 | with open('comps-sync-exclude-list.yml', encoding='UTF-8') as f: 167 | doc = yaml.safe_load(f) 168 | comps_exclude_list = doc['exclude_list'] 169 | comps_exclude_list_groups = doc['exclude_list_groups'] 170 | comps_desktop_exclude_list = doc['desktop_exclude_list'] 171 | comps_exclude_list_all = [re.compile(x) for x in doc['exclude_list_all_regexp']] 172 | 173 | # Parse comps, and build up a set of all packages so we can find packages not 174 | # listed in comps *at all*, beyond just the workstation environment. 175 | comps = libcomps.Comps() 176 | comps.fromxml_f(args.src) 177 | 178 | # Parse the workstation-product environment to get the list of comps groups to 179 | # get packages from. 180 | groups = [] 181 | for gid in comps.environments['workstation-product-environment'].group_ids: 182 | if gid.name in comps_exclude_list_groups: 183 | continue 184 | groups.append(gid.name) 185 | 186 | # Always include the packages from the workstation-ostree-support group 187 | groups.append('workstation-ostree-support') 188 | 189 | # Return code indicates if changes have or would have been done 190 | ret = 0 191 | 192 | ret += update_manifests_from_groups(comps, groups, 'common-packages.yaml', "common", args.save, comps_exclude_list, comps_exclude_list_all) 193 | 194 | # List of comps groups used for each variant 195 | variant_comps_groups = { 196 | "budgie-atomic": ["budgie-desktop", "budgie-desktop-apps", "base-x"], 197 | "cinnamon-atomic": ["cinnamon-desktop", "base-x"], 198 | "cosmic-atomic": ["cosmic-desktop", "cosmic-desktop-apps", "base-graphical"], 199 | "deepin-atomic": ["deepin-desktop", "base-x"], 200 | "kinoite": ["kde-desktop", "base-graphical"], 201 | "kinoite-mobile": ["kde-mobile", "kde-mobile-apps", "base-graphical"], 202 | "lxqt-atomic": ["lxqt-desktop", "base-graphical"], 203 | "mate-atomic": ["mate-desktop", "base-x"], 204 | "silverblue": ["gnome-desktop", "base-graphical"], 205 | "sway-atomic": ["swaywm", "swaywm-extended", "base-graphical"], 206 | "xfce-atomic": ["xfce-desktop", "xfce-apps", "xfce-extra-plugins", "base-x"], 207 | } 208 | 209 | # Generate treefiles for all variants 210 | for variant, groups in variant_comps_groups.items(): 211 | print() 212 | ret += update_manifests_from_groups(comps, groups, f'{variant}-packages.yaml', variant, args.save, comps_desktop_exclude_list, comps_exclude_list_all) 213 | 214 | if not args.save and ret != 0: 215 | sys.exit(1) 216 | 217 | if __name__ == "__main__": 218 | main() 219 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Martin Pitt's desktop 2 | ===================== 3 | 4 | This is an [rpm-ostree](https://coreos.github.io/rpm-ostree/) based minimal 5 | [Fedora](https://getfedora.org/) developer desktop with the [sway window manager](https://swaywm.org/) and [podman](https://podman.io/)/[toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) for doing development and running less common graphical applications. 6 | 7 | It gets [automatically built](.github/workflows/build.yml) every week and [published as container image](https://github.com/martinpitt/ostree-pitti-workstation/pkgs/container/workstation-ostree-config), for using with [ostree native containers](https://coreos.github.io/rpm-ostree/container/). 8 | 9 | To use it from an existing OSTree based system like [Fedora CoreOS](https://getfedora.org/coreos) or [Fedora Silverblue](https://docs.fedoraproject.org/en-US/fedora-silverblue/), rebase your tree to it: 10 | 11 | ```sh 12 | sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/martinpitt/workstation-ostree-config 13 | ``` 14 | 15 | After that, you can install weekly updates with 16 | 17 | ``` 18 | sudo rpm-ostree upgrade 19 | ``` 20 | 21 | If anything goes wrong, you can go back to the previous version with `sudo rpm-ostree rollback`. 22 | 23 | Login 24 | ----- 25 | 26 | There is no graphical login manager. I log in on VT1, and my `.bashrc` 27 | automatically starts the GNOME SSH agent and sway: 28 | 29 | ```sh 30 | if [ "$(tty)" = "/dev/tty1" ]; then 31 | export `gnome-keyring-daemon --start --components=ssh` 32 | export BROWSER=firefox-wayland 33 | export XDG_CURRENT_DESKTOP=sway 34 | exec sway > $XDG_RUNTIME_DIR/sway.log 2>&1 35 | fi 36 | ``` 37 | 38 | Original README for [workstation-ostree-config](https://pagure.io/workstation-ostree-config) 39 | ============================================= 40 | 41 | # Manifests for Fedora Atomic Desktops variants 42 | 43 | This is the configuration needed to create 44 | [rpm-ostree](https://coreos.github.io/rpm-ostree/) based, desktop variants of 45 | Fedora, also known as 46 | [Fedora Atomic Desktops](https://fedoraproject.org/atomic-desktops/). 47 | 48 | This repo is managed by the 49 | [Fedora Atomic Desktops SIG](https://fedoraproject.org/wiki/SIGs/AtomicDesktops). 50 | 51 | The currently official Fedora Atomic Desktop variants are: 52 | 53 | - Fedora Silverblue 54 | - Fedora Kinoite 55 | - Fedora Sway Atomic 56 | - Fedora Budgie Atomic 57 | 58 | Reach out to the SIG if you are interested in creating and maintaining a new 59 | Atomic variant. 60 | 61 | ## Repository content 62 | 63 | Each variant is described in a YAML 64 | [treefile](https://coreos.github.io/rpm-ostree/treefile/) which is then used by 65 | rpm-ostree to compose an ostree commit with the package requested. 66 | 67 | In the Fedora infrastructure, composes are made via 68 | [pungi](https://pagure.io/pungi) with the configuration from: 69 | 70 | - for Rawhide and branched composes: 71 | [pagure.io/pungi-fedora](https://pagure.io/pungi-fedora) 72 | - for stable releases: 73 | [pagure.io/fedora-infra](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2) 74 | 75 | Installer ISOs are built using [Lorax](https://github.com/weldr/lorax) and 76 | additional templates: 77 | [pagure.io/fedora-lorax-templates](https://pagure.io/fedora-lorax-templates). 78 | 79 | ## Website 80 | 81 | The sources for the 82 | [Silverblue](https://fedoraproject.org/atomic-desktops/silverblue/), 83 | [Kinoite](https://fedoraproject.org/atomic-desktops/kinoite/), 84 | [Sway Atomic](https://fedoraproject.org/atomic-desktops/sway/) and 85 | [Budgie Atomic](https://fedoraproject.org/atomic-desktops/budgie/) websites are 86 | in [gitlab.com/fedora/fedora-websites-3.0](https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0). 87 | 88 | ## Issue trackers 89 | 90 | Issues common to all Fedora Atomic Desktops are tracked in 91 | [gitlab.com/fedora/ostree/sig](https://gitlab.com/fedora/ostree/sig/-/issues). 92 | 93 | Desktop specific issues should be filed in their respective issue trackers: 94 | 95 | - [Silverblue](https://github.com/fedora-silverblue/issue-tracker/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) 96 | - See also the [Workstation issue tracker](https://pagure.io/fedora-workstation/issues?status=Open&order_key=last_updated&order=desc) 97 | - [Kinoite](https://pagure.io/fedora-kde/SIG/issues?status=Open&order_key=last_updated&order=desc) 98 | ([KDE SIG](https://fedoraproject.org/wiki/SIGs/KDE)) 99 | - [Sway Atomic](https://gitlab.com/fedora/sigs/sway/SIG/-/issues) 100 | ([Sway SIG](https://fedoraproject.org/wiki/SIGs/Sway)) 101 | - [Budgie Atomic](https://pagure.io/fedora-budgie/project/issues?status=Open&order_key=last_updated&order=desc) 102 | ([Budgie SIG](https://fedoraproject.org/wiki/SIGs/Budgie)) 103 | 104 | ## Documentation 105 | 106 | The documentation for Fedora Atomic variants is currently duplicated for each 107 | variant at [Atomic Desktops](https://docs.fedoraproject.org/en-US/emerging/). 108 | 109 | There are plans to unify the documentation: 110 | [ostree/sig#10](https://gitlab.com/fedora/ostree/sig/-/issues/10) 111 | 112 | Documentation sources: 113 | 114 | - [Silverblue](https://github.com/fedora-silverblue/silverblue-docs) 115 | - [Kinoite](https://pagure.io/fedora-kde/kinoite-docs) 116 | - [Sway Atomic](https://gitlab.com/fedora/sigs/sway/sericea-docs) 117 | - Budgie Atomic (to be determined) 118 | 119 | ## Building 120 | 121 | All commonly used commands are listed as recipes in the 122 | [justfile](https://github.com/casey/just) (see 123 | [Just](https://github.com/casey/just)). 124 | 125 | Example to do a local build of Fedora Silverblue: 126 | 127 | ``` 128 | # Clone the config 129 | $ git clone https://pagure.io/workstation-ostree-config && cd workstation-ostree-config 130 | 131 | # Build the classic ostree commits (currently the default in Fedora) 132 | $ just compose-legacy variant=silverblue 133 | 134 | # Or build the new ostree native container (not default yet, still in development) 135 | $ just compose-image variant=silverblue 136 | ``` 137 | 138 | ## Testing 139 | 140 | Instructions to test the resulting build for classic ostree commits: 141 | 142 | - First, serve the ostree repo using an HTTP server. You can use any static 143 | file server. For example using 144 | : 145 | 146 | ``` 147 | simple-http-server --index --ip 192.168.122.1 --port 8000 148 | ``` 149 | 150 | - Then, on an already installed Silverblue system: 151 | 152 | ``` 153 | # Add an ostree remote 154 | sudo ostree remote add testremote http://192.168.122.1:8000/repo --no-gpg-verify 155 | 156 | # Pin the currently deployed (and probably working) version 157 | sudo ostree admin pin 0 158 | 159 | # List refs from variant remote 160 | sudo ostree remote refs testremote 161 | 162 | # Switch to your variant 163 | sudo rpm-ostree rebase testremote:fedora/rawhide/x86_64/silverblue 164 | 165 | # Reboot and test! 166 | ``` 167 | 168 | Instructions to test the resulting build for ostree native containers: 169 | 170 | - Push the OCI archive to a container registry 171 | - Rebase to it: 172 | 173 | ``` 174 | $ rpm-ostree rebase ostree-unverified-image:registry: 175 | ``` 176 | 177 | See [URL format for ostree native containers](https://coreos.github.io/rpm-ostree/container/#url-format-for-ostree-native-containers) for details. 178 | 179 | ## Syncing with Fedora Comps 180 | 181 | [Fedora Comps](https://pagure.io/fedora-comps) are "XML files used by various 182 | Fedora tools to perform grouping of packages into functional groups." 183 | 184 | Changes to the comps files need to be regularly propagated to this repo so that 185 | the Fedora Atomic variants are kept updated with the other desktop variants. 186 | 187 | ### Using `just` 188 | 189 | If you have the `just` command installed, you can run `just comps-sync` from a 190 | `git` checkout of this repo to update the packages included in the Fedora Atomic 191 | variants. Examine the changes and cross-reference them with PRs made to the 192 | `fedora-comps` repo. Create a pull request with the changes and note any PRs from 193 | `fedora-comps` in the commit message that are relevant to the changes you have 194 | generated. 195 | 196 | ### Using `comps-sync.py` directly 197 | 198 | If you don't have `just` installed or want to run the `comps-sync.py` script 199 | directly, you need to have an up-to-date `git` checkout of 200 | https://pagure.io/fedora-comps and a `git` checkout of this repository. 201 | 202 | Using the `comps-sync.py` script, provide the updated input XML file to examine 203 | the changes as a dry-run: 204 | 205 | `$ ./comps-sync.py /path/to/fedora-comps/comps-f42.xml.in` 206 | 207 | Examine the changes and cross-reference them with PRs made to the `fedora-comps` 208 | repo. When you are satisfied that the changes are accurate and appear safe, 209 | re-run the script with the `--save` option: 210 | 211 | `$ ./comps-sync.py --save /path/to/fedora-comps/comps-f42.xml.in` 212 | 213 | Create a pull request with the changes and note any PRs from `fedora-comps` 214 | in the commit message that are relevant to the changes you have generated. 215 | 216 | ## Branching instructions for new Fedora releases 217 | 218 | Follow those steps during the Fedora branch process in Fedora: 219 | 220 | ### Fedora Ansible 221 | 222 | Make a PR similar to 223 | [ansible#1318](https://pagure.io/fedora-infra/ansible/pull-request/1318) in 224 | [fedora-infra/ansible](https://pagure.io/fedora-infra/ansible). 225 | 226 | ### On Rawhide / main branch 227 | 228 | ``` 229 | sed -i "s/42/43/g" *.repo comps-sync.py 230 | sed -i "s/releasever: 42/releasever: 43/" common.yaml 231 | sed -i --follow-symlinks "s/# - fedora-42/# - fedora-43/" *.yaml 232 | mv fedora-42.repo fedora-43.repo 233 | mv fedora-42-updates.repo fedora-43-updates.repo 234 | sed -i "s/43/44/g" README.md 235 | sed -i "s/42/43/g" README.md 236 | ``` 237 | 238 | ### On the new branch (f42) 239 | 240 | ``` 241 | rm fedora-rawhide.repo 242 | sed -i --follow-symlinks "/- fedora-rawhide/d" *.yaml 243 | sed -i --follow-symlinks "s/# - fedora-42/- fedora-42/" *.yaml 244 | sed -i --follow-symlinks "s/ref: fedora\/rawhide/ref: fedora\/42/" *.yaml 245 | ``` 246 | 247 | ## Historical references 248 | 249 | Building and testing instructions: 250 | 251 | - https://dustymabe.com/2017/10/05/setting-up-an-atomic-host-build-server/ 252 | - https://dustymabe.com/2017/08/08/how-do-we-create-ostree-repos-and-artifacts-in-fedora/ 253 | - https://www.projectatomic.io/blog/2017/12/compose-custom-ostree/ 254 | - https://www.projectatomic.io/docs/compose-your-own-tree/ 255 | 256 | For some background, see: 257 | 258 | - 259 | - 260 | - 261 | - 262 | 263 | Note also this repo obsoletes https://pagure.io/atomic-ws 264 | -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- 1 | # This is a justfile. See https://github.com/casey/just 2 | # This is only used for local development. The builds made on the Fedora 3 | # infrastructure are run via Pungi in a Koji runroot. 4 | 5 | # Set a default for some recipes 6 | default_variant := "silverblue" 7 | # Current default in Pungi 8 | force_nocache := "true" 9 | 10 | # Just doesn't have a native dict type, but quoted bash dictionary works fine 11 | pretty_names := '( 12 | [silverblue]="Silverblue" 13 | [kinoite]="Kinoite" 14 | [kinoite-nightly]="Kinoite" 15 | [kinoite-beta]="Kinoite" 16 | [kinoite-mobile]="Kinoite" 17 | [sway-atomic]="Sway Atomic" 18 | [budgie-atomic]="Budgie Atomic" 19 | [xfce-atomic]="XFCE Atomic" 20 | [lxqt-atomic]="LXQt Atomic" 21 | [base-atomic]="Base Atomic" 22 | [cosmic-atomic]="COSMIC Atomic" 23 | )' 24 | 25 | # subset of the map from https://pagure.io/pungi-fedora/blob/main/f/general.conf 26 | volume_id_substitutions := '( 27 | [silverblue]="SB" 28 | [kinoite]="Kin" 29 | [kinoite-nightly]="Kin" 30 | [kinoite-beta]="Kin" 31 | [kinoite-mobile]="Kin" 32 | [sway-atomic]="SwA" 33 | [budgie-atomic]="BdA" 34 | [xfce-atomic]="XfA" 35 | [lxqt-atomic]="LxA" 36 | [base-atomic]="BsA" 37 | [cosmic-atomic]="CSMCA" 38 | )' 39 | 40 | # Default is to only validate the manifests 41 | all: validate 42 | 43 | # Basic validation to make sure the manifests are not completely broken 44 | validate: 45 | ./ci/validate 46 | 47 | # Comps-sync, but without pulling latest 48 | sync: 49 | #!/bin/bash 50 | set -euo pipefail 51 | 52 | if [[ ! -d fedora-comps ]]; then 53 | git clone https://pagure.io/fedora-comps.git 54 | fi 55 | 56 | default_variant={{default_variant}} 57 | version="$(rpm-ostree compose tree --print-only --repo=repo ${default_variant}.yaml | jq -r '."mutate-os-release"')" 58 | ./comps-sync.py --save fedora-comps/comps-f${version}.xml.in 59 | 60 | # Sync the manifests with the content of the comps groups 61 | comps-sync: 62 | #!/bin/bash 63 | set -euo pipefail 64 | 65 | if [[ ! -d fedora-comps ]]; then 66 | git clone https://pagure.io/fedora-comps.git 67 | else 68 | pushd fedora-comps > /dev/null || exit 1 69 | git fetch 70 | git reset --hard origin/main 71 | popd > /dev/null || exit 1 72 | fi 73 | 74 | default_variant={{default_variant}} 75 | version="$(rpm-ostree compose tree --print-only --repo=repo ${default_variant}.yaml | jq -r '."mutate-os-release"')" 76 | ./comps-sync.py --save fedora-comps/comps-f${version}.xml.in 77 | 78 | # Check if the manifests are in sync with the content of the comps groups 79 | comps-sync-check: 80 | #!/bin/bash 81 | set -euo pipefail 82 | 83 | if [[ ! -d fedora-comps ]]; then 84 | git clone https://pagure.io/fedora-comps.git 85 | else 86 | pushd fedora-comps > /dev/null || exit 1 87 | git fetch 88 | git reset --hard origin/main 89 | popd > /dev/null || exit 1 90 | fi 91 | 92 | default_variant={{default_variant}} 93 | version="$(rpm-ostree compose tree --print-only --repo=repo ${default_variant}.yaml | jq -r '."mutate-os-release"')" 94 | ./comps-sync.py fedora-comps/comps-f${version}.xml.in 95 | 96 | # Output the processed manifest for a given variant (defaults to Silverblue) 97 | manifest variant=default_variant: 98 | #!/bin/bash 99 | set -euo pipefail 100 | 101 | rpm-ostree compose tree --print-only --repo=repo {{variant}}.yaml 102 | 103 | # Perform dependency resolution for a given variant (defaults to Silverblue) 104 | compose-dry-run variant=default_variant: 105 | #!/bin/bash 106 | set -euxo pipefail 107 | 108 | mkdir -p repo cache logs 109 | if [[ ! -f "repo/config" ]]; then 110 | pushd repo > /dev/null || exit 1 111 | ostree init --repo . --mode=bare-user 112 | popd > /dev/null || exit 1 113 | fi 114 | 115 | rpm-ostree compose tree --unified-core --repo=repo --dry-run {{variant}}.yaml 116 | 117 | # Alias/shortcut for compose-image command 118 | compose variant=default_variant: (compose-image variant) 119 | 120 | # Compose a variant using the legacy non container path (defaults to Silverblue) 121 | compose-legacy variant=default_variant: 122 | #!/bin/bash 123 | set -euxo pipefail 124 | 125 | declare -A pretty_names={{pretty_names}} 126 | variant={{variant}} 127 | variant_pretty=${pretty_names[$variant]-} 128 | if [[ -z $variant_pretty ]]; then 129 | echo "Unknown variant" 130 | exit 1 131 | fi 132 | 133 | ./ci/validate > /dev/null || (echo "Failed manifest validation" && exit 1) 134 | 135 | mkdir -p repo cache logs 136 | if [[ ! -f "repo/config" ]]; then 137 | pushd repo > /dev/null || exit 1 138 | ostree init --repo . --mode=bare-user 139 | popd > /dev/null || exit 1 140 | fi 141 | # Set option to reduce fsync for transient builds 142 | ostree --repo=repo config set 'core.fsync' 'false' 143 | 144 | buildid="$(date '+%Y%m%d.0')" 145 | timestamp="$(date --iso-8601=sec)" 146 | echo "${buildid}" > .buildid 147 | 148 | version="$(rpm-ostree compose tree --print-only --repo=repo ${variant}.yaml | jq -r '."mutate-os-release"')" 149 | echo "Composing ${variant_pretty} ${version}.${buildid} ..." 150 | 151 | ARGS="--repo=repo --cachedir=cache" 152 | ARGS+=" --unified-core" 153 | if [[ {{force_nocache}} == "true" ]]; then 154 | ARGS+=" --force-nocache" 155 | fi 156 | CMD="rpm-ostree" 157 | if [[ ${EUID} -ne 0 ]]; then 158 | CMD="sudo rpm-ostree" 159 | fi 160 | 161 | ${CMD} compose tree ${ARGS} \ 162 | --add-metadata-string="version=${variant_pretty} ${version}.${buildid}" \ 163 | "${variant}-ostree.yaml" \ 164 | |& tee "logs/${variant}_${version}_${buildid}.${timestamp}.log" 165 | 166 | if [[ ${EUID} -ne 0 ]]; then 167 | sudo chown --recursive "$(id --user --name):$(id --group --name)" repo cache 168 | fi 169 | 170 | ostree summary --repo=repo --update 171 | 172 | # Compose an Ostree Native Container OCI image 173 | compose-image variant=default_variant: 174 | #!/bin/bash 175 | set -euxo pipefail 176 | 177 | declare -A pretty_names={{pretty_names}} 178 | variant={{variant}} 179 | variant_pretty=${pretty_names[$variant]-} 180 | if [[ -z $variant_pretty ]]; then 181 | echo "Unknown variant" 182 | exit 1 183 | fi 184 | 185 | ./ci/validate > /dev/null || (echo "Failed manifest validation" && exit 1) 186 | 187 | mkdir -p repo cache 188 | if [[ ! -f "repo/config" ]]; then 189 | pushd repo > /dev/null || exit 1 190 | ostree init --repo . --mode=bare-user 191 | popd > /dev/null || exit 1 192 | fi 193 | # Set option to reduce fsync for transient builds 194 | ostree --repo=repo config set 'core.fsync' 'false' 195 | 196 | buildid="$(date '+%Y%m%d.0')" 197 | timestamp="$(date --iso-8601=sec)" 198 | echo "${buildid}" > .buildid 199 | 200 | version="$(rpm-ostree compose tree --print-only --repo=repo ${variant}.yaml | jq -r '."mutate-os-release"')" 201 | echo "Composing ${variant_pretty} ${version}.${buildid} ..." 202 | 203 | ARGS="--cachedir=cache --initialize" 204 | if [[ {{force_nocache}} == "true" ]]; then 205 | ARGS+=" --force-nocache" 206 | fi 207 | # To debug with gdb, use: gdb --args ... 208 | CMD="rpm-ostree" 209 | if [[ ${EUID} -ne 0 ]]; then 210 | CMD="sudo rpm-ostree" 211 | fi 212 | 213 | ${CMD} compose image ${ARGS} \ 214 | --label="quay.expires-after=4w" \ 215 | "${variant}.yaml" \ 216 | "${variant}.ociarchive" 217 | 218 | # Clean up everything 219 | clean-all: 220 | just clean-repo 221 | just clean-cache 222 | 223 | # Only clean the ostree repo 224 | clean-repo: 225 | rm -rf ./repo 226 | 227 | # Only clean the package and repo caches 228 | clean-cache: 229 | rm -rf ./cache 230 | 231 | # Run from inside a container 232 | podman: 233 | podman run --rm -ti --volume $PWD:/srv:rw --workdir /srv --privileged quay.io/fedora-ostree-desktops/buildroot 234 | 235 | # Update the container image 236 | podman-pull: 237 | podman pull quay.io/fedora-ostree-desktops/buildroot 238 | 239 | # Build an ISO 240 | lorax variant=default_variant: 241 | #!/bin/bash 242 | set -euxo pipefail 243 | 244 | rm -rf iso 245 | # Do not create the iso directory or lorax will fail 246 | mkdir -p tmp cache/lorax 247 | 248 | declare -A pretty_names={{pretty_names}} 249 | declare -A volume_id_substitutions={{volume_id_substitutions}} 250 | variant={{variant}} 251 | variant_pretty=${pretty_names[$variant]-} 252 | volid_sub=${volume_id_substitutions[$variant]-} 253 | if [[ -z $variant_pretty ]] || [[ -z $volid_sub ]]; then 254 | echo "Unknown variant" 255 | exit 1 256 | fi 257 | 258 | if [[ ! -d fedora-lorax-templates ]]; then 259 | git clone https://pagure.io/fedora-lorax-templates.git 260 | else 261 | pushd fedora-lorax-templates > /dev/null || exit 1 262 | git fetch 263 | git reset --hard origin/main 264 | popd > /dev/null || exit 1 265 | fi 266 | 267 | version_number="$(rpm-ostree compose tree --print-only --repo=repo ${variant}.yaml | jq -r '."mutate-os-release"')" 268 | if [[ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]] || [[ -f "fedora-rawhide.repo" ]]; then 269 | version_pretty="Rawhide" 270 | version="rawhide" 271 | else 272 | version_pretty="${version_number}" 273 | version="${version_number}" 274 | fi 275 | source_url="https://kojipkgs.fedoraproject.org/compose/${version}/latest-Fedora-${version_pretty}/compose/Everything/x86_64/os/" 276 | volid="Fedora-${volid_sub}-x86_64-${version_pretty}" 277 | 278 | buildid="" 279 | if [[ -f ".buildid" ]]; then 280 | buildid="$(< .buildid)" 281 | else 282 | buildid="$(date '+%Y%m%d.0')" 283 | echo "${buildid}" > .buildid 284 | fi 285 | 286 | # Stick to the latest stable runtime available here 287 | # Only include a subset of Flatpaks here 288 | # Exhaustive list in https://pagure.io/pungi-fedora/blob/main/f/fedora.conf 289 | # flatpak_remote_refs="runtime/org.fedoraproject.Platform/x86_64/f39" 290 | # flatpak_apps=( 291 | # "app/org.gnome.Calculator/x86_64/stable" 292 | # "app/org.gnome.Calendar/x86_64/stable" 293 | # "app/org.gnome.Extensions/x86_64/stable" 294 | # "app/org.gnome.TextEditor/x86_64/stable" 295 | # "app/org.gnome.clocks/x86_64/stable" 296 | # "app/org.gnome.eog/x86_64/stable" 297 | # ) 298 | # for ref in ${flatpak_refs[@]}; do 299 | # flatpak_remote_refs+=" ${ref}" 300 | # done 301 | # FLATPAK_ARGS="" 302 | # FLATPAK_ARGS+=" --add-template=${pwd}/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl" 303 | # FLATPAK_ARGS+=" --add-template-var=flatpak_remote_name=fedora" 304 | # FLATPAK_ARGS+=" --add-template-var=flatpak_remote_url=oci+https://registry.fedoraproject.org" 305 | # FLATPAK_ARGS+=" --add-template-var=flatpak_remote_refs=${flatpak_remote_refs}" 306 | 307 | pwd="$(pwd)" 308 | 309 | lorax \ 310 | --product=Fedora \ 311 | --version=${version_pretty} \ 312 | --release=${buildid} \ 313 | --source="${source_url}" \ 314 | --variant="${variant_pretty}" \ 315 | --nomacboot \ 316 | --isfinal \ 317 | --buildarch=x86_64 \ 318 | --volid="${volid}" \ 319 | --logfile=${pwd}/logs/lorax.log \ 320 | --tmp=${pwd}/tmp \ 321 | --cachedir=cache/lorax \ 322 | --rootfs-size=8 \ 323 | --add-template=${pwd}/fedora-lorax-templates/ostree-based-installer/lorax-configure-repo.tmpl \ 324 | --add-template=${pwd}/fedora-lorax-templates/ostree-based-installer/lorax-embed-repo.tmpl \ 325 | --add-template-var=ostree_install_repo=file://${pwd}/repo \ 326 | --add-template-var=ostree_update_repo=file://${pwd}/repo \ 327 | --add-template-var=ostree_osname=fedora \ 328 | --add-template-var=ostree_oskey=fedora-${version_number}-primary \ 329 | --add-template-var=ostree_contenturl=mirrorlist=https://ostree.fedoraproject.org/mirrorlist \ 330 | --add-template-var=ostree_install_ref=fedora/${version}/x86_64/${variant} \ 331 | --add-template-var=ostree_update_ref=fedora/${version}/x86_64/${variant} \ 332 | ${pwd}/iso/linux 333 | 334 | # Upload the containers to a registry (Quay.io) 335 | upload-container variant=default_variant: 336 | #!/bin/bash 337 | set -euxo pipefail 338 | 339 | variant={{variant}} 340 | 341 | declare -A pretty_names={{pretty_names}} 342 | variant_pretty=${pretty_names[$variant]-} 343 | if [[ -z $variant_pretty ]]; then 344 | echo "Unknown variant" 345 | exit 1 346 | fi 347 | 348 | if [[ -z ${CI_REGISTRY_USER+x} ]] || [[ -z ${CI_REGISTRY_PASSWORD+x} ]]; then 349 | echo "Skipping artifact archiving: Not in CI" 350 | exit 0 351 | fi 352 | if [[ "${CI}" != "true" ]]; then 353 | echo "Skipping artifact archiving: Not in CI" 354 | exit 0 355 | fi 356 | 357 | version="" 358 | if [[ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]] || [[ -f "fedora-rawhide.repo" ]]; then 359 | version="rawhide" 360 | else 361 | version="$(rpm-ostree compose tree --print-only --repo=repo ${variant}.yaml | jq -r '."mutate-os-release"')" 362 | fi 363 | 364 | buildid="" 365 | if [[ -f ".buildid" ]]; then 366 | buildid="$(< .buildid)" 367 | else 368 | buildid="$(date '+%Y%m%d.0')" 369 | echo "${buildid}" > .buildid 370 | fi 371 | 372 | git_commit="" 373 | if [[ -n "${CI_COMMIT_SHORT_SHA}" ]]; then 374 | git_commit="${CI_COMMIT_SHORT_SHA}" 375 | else 376 | git_commit="$(git rev-parse --short HEAD)" 377 | fi 378 | 379 | # Login to the registry 380 | skopeo login --username "${CI_REGISTRY_USER}" --password "${CI_REGISTRY_PASSWORD}" quay.io 381 | 382 | # Copy to the new names 383 | image="quay.io/fedora-ostree-desktops/${variant}" 384 | 385 | # Use '--dest-compress-format zstd:chunked' only once 41 is released 386 | SKOPEO_ARGS="--retry-times 3 --dest-compress-format gzip" 387 | 388 | # Copy fully versioned tag (major version, build date/id, git commit) 389 | skopeo copy ${SKOPEO_ARGS} \ 390 | "oci-archive:${variant}.ociarchive" \ 391 | "docker://${image}:${version}.${buildid}" 392 | 393 | # Update "un-versioned" tag (only major version) 394 | skopeo copy ${SKOPEO_ARGS} \ 395 | "docker://${image}:${version}.${buildid}" \ 396 | "docker://${image}:${version}" 397 | 398 | if [[ "${variant}" == "kinoite-nightly" ]]; then 399 | # Update latest tag for kinoite-nightly only 400 | skopeo copy ${SKOPEO_ARGS} \ 401 | "docker://${image}:${version}.${buildid}" \ 402 | "docker://${image}:latest" 403 | fi 404 | --------------------------------------------------------------------------------