github-personal/ostree-quarks
1
0
Fork 0
mirror of https://github.com/outbackdingo/ostree-quarks.git synced 2026-01-27 02:19:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Jorge O. Castro
2023-03-01 19:28:13 -05:00
committed by GitHub
commit 9c3c8dcfb4
23 changed files with 1130 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/CODEOWNERS vendored Normal file
View File

@@ -0,0 +1 @@
* @castrojo

13
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"

169
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,169 @@
name: build-ublue
on:
pull_request:
types:
- labeled
branches:
- main
paths-ignore:
- '**.md'
- '**.txt'
schedule:
- cron: '20 20 * * *' # 8:20pm everyday
push:
branches:
- main
paths-ignore:
- '**.md'
- '**.txt'
env:
IMAGE_NAME: base
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
jobs:
push-ghcr:
name: Build and push image
runs-on: ubuntu-22.04
if: contains(github.event.pull_request.labels.*.name, 'ok-to-build') || github.event_name != 'pull_request'
permissions:
contents: read
packages: write
id-token: write
strategy:
fail-fast: false
matrix:
major_version: [37]
include:
- major_version: 37
is_latest: true
is_stable: true
steps:
# Checkout push-to-registry action GitHub repository
- name: Checkout Push to Registry action
uses: actions/checkout@v3
- name: Generate tags
id: generate-tags
shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
alias_tags=()
# Only perform the follow code when the action is spawned from a Pull Request
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
alias_tags+=("pr-${{ github.event.number }}")
else
# The following is run when the timer is triggered or a merge/push to main
echo "date=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
alias_tags+=("${{ matrix.major_version }}")
if [[ "${{ matrix.is_latest }}" == "true" ]]; then
alias_tags+=("latest")
fi
if [[ "${{ matrix.is_stable }}" == "true" ]]; then
alias_tags+=("stable")
fi
fi
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
# Build metadata
- name: Image Metadata
uses: docker/metadata-action@v4
id: meta
with:
images: |
${{ env.IMAGE_NAME }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/base/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
# Build image using Buildah action
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
image: ${{ env.IMAGE_NAME }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
${{ steps.generate-tags.outputs.date }}
${{ steps.generate-tags.outputs.sha_short }}
build-args: |
FEDORA_MAJOR_VERSION=${{ matrix.major_version }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v5
with:
string: ${{ env.IMAGE_REGISTRY }}
# Push the image to GHCR (Image Registry)
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
# Sign container
- uses: sigstore/cosign-installer@main
if: github.event_name != 'pull_request'
# Only needed when running `cosign sign` using a key
- name: Write signing key to disk
if: github.event_name != 'pull_request'
run: |
echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key
# DEBUG: get character count of key
wc -c cosign.key
env:
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
- name: Echo outputs
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push.outputs) }}"
- name: Upload Container Export
if: github.event_name == 'pull_request'
run: |
mkdir -p output
podman save -o output/image.tar ${{ steps.build_image.outputs.image }}
echo "${{ steps.build_image.outputs.image }}" >> output/image
echo "${{ steps.build_image.outputs.tags }}" >> output/tags
- name: Publish Artifact
uses: actions/upload-artifact@v2
if: github.event_name == 'pull_request'
with:
name: output
path: output

14
.github/workflows/conventional-commits.yml vendored Normal file
View File

@@ -0,0 +1,14 @@
name: Conventional Commits
on:
pull_request:
branches: main
jobs:
build:
name: Conventional Commits
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: webiny/action-conventional-commits@v1.1.0

82
.github/workflows/pr-publish.yml vendored Normal file
View File

@@ -0,0 +1,82 @@
name: Publish PR builds
on:
workflow_run:
workflows: ["build-ublue"]
types:
- completed
env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
jobs:
upload:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: 'Download artifact'
uses: actions/github-script@v3.1.0
with:
script: |
var artifacts = await github.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "output"
})[0];
var download = await github.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/output.zip', Buffer.from(download.data));
- run: unzip output.zip
- name: Load Container Image
id: load_image
run: |
ls -lah
cat image
cat tags
podman load -i image.tar
image_name="localhost/$(head -n1 image):$(head -n1 tags)"
for t in $(cat tags); do
podman tag $image_name $(head -n1 image):$t
done
echo image="$(cat image)" >> $GITHUB_OUTPUT
delimiter="$(openssl rand -hex 8)"
{
echo "tags<<${delimiter}"
cat tags
echo "${delimiter}"
} >> $GITHUB_OUTPUT
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v5
with:
string: ${{ env.IMAGE_REGISTRY }}
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.load_image.outputs.image }}
tags: ${{ steps.load_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust

13
.github/workflows/release-please.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
on:
push:
branches:
- main
name: release-please
jobs:
release-please:
runs-on: ubuntu-latest
steps:
- uses: google-github-actions/release-please-action@v3
with:
release-type: node
package-name: release-please-action

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.idea

16
CHANGELOG.md Normal file
View File

@@ -0,0 +1,16 @@
# Changelog
## 1.0.0 (2023-02-04)
### Features
* Add code-of-conduct ([#39](https://github.com/ublue-os/base/issues/39)) ([aab8078](https://github.com/ublue-os/base/commit/aab8078cfdc7d2354e057a0ca4771d3a53d2df4c))
* add conventional commit linting and release notes generator ([b7820b4](https://github.com/ublue-os/base/commit/b7820b4ba312ca939d0dc977ed9f6a08d135324b))
* tag PR builds independently from matrix.version, latest, and stable ([b022183](https://github.com/ublue-os/base/commit/b02218386235e6d40a11a48b5b1171e9acf8d1eb))
### Bug Fixes
* Don't generate an image when README.md is updated ([#36](https://github.com/ublue-os/base/issues/36)) ([8c170cf](https://github.com/ublue-os/base/commit/8c170cfe89dd306eec0940f4dc50ed245c94bc2b))
* only generate date tag for main branch ([94aa5bb](https://github.com/ublue-os/base/commit/94aa5bb8df2aac0985d4c9422b19b0c03a3f25b0))

128
CODE_OF_CONDUCT.md Normal file
View File

@@ -0,0 +1,128 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
jorge.castro@gmail.com.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.

141
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,141 @@
# Welcome to Universal Blue
Thanks for taking the time to look into helping out!
All contributions are appreciated!
Please refer to our [Code of Conduct](/CODE_OF_CONDUCT.md) while you're at it!
Feel free to report issues as you find them, and [helping others in the discussions]() is always appreciated.
# Contributing
All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The community looks forward to your contributions.
> And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support the project and show your appreciation, which we would also be very happy about:
> - Star the project
> - Tweet about it
> - Refer this project in your project's readme
> - Mention the project at local meetups and tell your friends/colleagues
## Table of Contents
- [Code of Conduct](#code-of-conduct)
- [I Have a Question](#i-have-a-question)
- [I Want To Contribute](#i-want-to-contribute)
- [Reporting Bugs](#reporting-bugs)
- [How to test incoming changes](#how-to-test-incoming-changes)
- [Building Locally](#building-locally)
- [Styleguides](#styleguides)
- [Commit Messages](#commit-messages)
- [Join The Project Team](#join-the-project-team)
## Code of Conduct
This project and everyone participating in it is governed by the
[CONTRIBUTING.md Code of Conduct](/CODE_OF_CONDUCT.md).
By participating, you are expected to uphold this code. Please report unacceptable behavior
to jorge.castro@gmail.com
## I Have a Question
> If you want to ask a question, ask in the [discussion forum](https://github.com/orgs/ublue-os/discussions)
## I Want To Contribute
> ### Legal Notice
> When contributing to this project, you must agree that you have authored 100% of the content, that you have the necessary rights to the content and that the content you contribute may be provided under the project license.
Generally speaking we try to follow the [Lazy Concensus](http://lazyconcens.us/) model of development to keep the builds healthy and ourselves happy.
- If you're looking for concensus to make a decision post an issue for feedback and remember to account for timezones and weekends/holidays/work time.
- We want people to be opinionated in their builds so we're more of a loose confederation of repos than a top-down org.
- Try not to merge your own stuff, ask for a review. At some point when we have enough reviewers we'll be turning on branch protection.
### Reporting Bugs
#### Before Submitting a Bug Report
A good bug report should describe the issue in detail. Generally speaking:
- Make sure that you are using the latest version.
- Remember that these are unofficial builds, it's usually prudent to investigate an issue before reporting it here or in Fedora!
- Collect information about the bug:
- `rpm-ostree status -v` usually helps
- Image and Version
- Possibly your input and the output
- Can you reliably reproduce the issue? And can you also reproduce it with older versions?
### How to test incoming changes
One of the nice things about the image model is that we can generate an entire OS image for every change we want to commit, so this makes testing way easier than in the past. You can rebase to it, see if it works, and then move back. This also means we can increase the amount of testers!
We strive towards a model where proposed changes are more thoroughly reviewed and tested by the community. So here's how to do it. If you see a pull request that is opened up on an image you're following you can leave a review on how it's working for you. At the bottom of every PR you'll see something like this:
![image](https://user-images.githubusercontent.com/1264109/221305388-3860fc07-212c-4eb9-80d9-5d7a35a77f46.png)
Click on "Add your review", and then you'll see this:
![image](https://user-images.githubusercontent.com/1264109/221307636-5e312e48-821f-4206-848f-7fbc2c91cd78.png)
Don't worry, you can't mess anything up, all the merging and stuff will be done by the maintainer, what this does is lets us gather information in a more formal manner than just shoving everything in a forum thread. The more people are reviewing and testing images, the better off we'll be, especially for images that are new like Sericea.
At some point we'll have a bot that will leave you instructions on how to rebase to the image and all that stuff, but in the meantime we'll leave instructions manually.
Here's an example: https://github.com/ublue-os/nvidia/pull/49
## Building Locally
The minimum tools required are git and a working machine with podman enabled and configured.
Building locally is much faster than building in GitHub and is a good way to move fast before pushing to a remote.
### Clone the repo you want
git clone https://github.com/ublue-os/base.git
### Build the image
First make sure you can build an existing image:
podman build . -t something
Then confirm your image built:
podman image ls
TODO: Set up and push to your own local registry
### Make your changes
This usually involved editing the `Containerfile`. Most techniques for building containers apply here, if you're new to containers using the term "Dockerfile" in your searches usually shows more results when you're searching for information.
Check out CoreOS's [layering examples](https://github.com/coreos/layering-examples) for more information on customizing.
### Reporting problems to Fedora
We endevaour to be a good partner for Fedora.
This project is consuming new features in Fedora and ostree, it is not uncommon to find an issue.
Issues should be reported upstream, and in some cases we can help test and find fixes.
Some of the issues you find may involve other dependencies in other projects, in those cases the Fedora team will tell you where to report the issue.
Upstream bug tracker: [https://github.com/fedora-silverblue/issue-tracker/issues](https://github.com/fedora-silverblue/issue-tracker/issues)
## Styleguides
### Commit Messages
We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and enforce them with a bot to keep the changelogs tidy:
```
chore: add Oyster build script
docs: explain hat wobble
feat: add beta sequence
fix: remove broken confirmation message
refactor: share logic between 4d3d3d3 and flarhgunnstow
style: convert tabs to spaces
test: ensure Tayne retains clothing
```
## Join The Project Team
If you're interested in _maintaining_ something then let us know!
## Attribution
This guide is based on the **contributing.md**. [Make your own](https://contributing.md/)!

31
Containerfile Normal file
View File

@@ -0,0 +1,31 @@
# Multi-stage build
ARG FEDORA_MAJOR_VERSION=37
## Build ublue-os-base
FROM quay.io/fedora-ostree-desktops/silverblue:${FEDORA_MAJOR_VERSION}
# See https://pagure.io/releng/issue/11047 for final location
COPY etc /etc
COPY usr /usr
COPY ublue-firstboot /usr/bin
COPY recipe.yml /etc/ublue-recipe.yml
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
RUN rpm-ostree override remove firefox firefox-langpacks && \
echo "-- Installing RPMs defined in recipe.yml --" && \
rpm_packages=$(yq '.rpms[]' < /etc/ublue-recipe.yml) && \
for pkg in $rpm_packages; do \
echo "Installing: ${pkg}" && \
rpm-ostree install $pkg; \
done && \
echo "---" && \
sed -i 's/#AutomaticUpdatePolicy.*/AutomaticUpdatePolicy=stage/' /etc/rpm-ostreed.conf && \
systemctl enable rpm-ostreed-automatic.timer && \
systemctl enable flatpak-system-update.timer && \
rm -rf \
/tmp/* \
/var/* && \
ostree container commit

201
LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

80
README.md Normal file
View File

@@ -0,0 +1,80 @@
# base
[![build-ublue](https://github.com/ublue-os/base/actions/workflows/build.yml/badge.svg)](https://github.com/ublue-os/base/actions/workflows/build.yml)
A base image with a (mostly) stock Fedora Silverblue. Help us make a sweet base image: Pull requests and improvements appreciated and encouraged! Scroll to the bottom to see how to make your own!
## What is this?
This is a base Fedora Silverblue image designed to be customized to whatever you want, have GitHub build it for you, and then host it for you. You then just tell your computer to boot off of that image. GitHub keeps 90 days worth image backups for you, thanks Microsoft!
Check out the [spec for Fedora](https://fedoraproject.org/wiki/Changes/OstreeNativeContainerStable) for more information and proper explanation.
Check out our [organization page](https://github.com/ublue-os) for images with MATE, XFCE, and an Ubuntu-like flavor. Or go right to the [Nvidia image](https://github.com/ublue-os/nvidia), your pathway to a more reliable experience. Some of these are examples that build off of this base image, so build whatever you'd like!
These github actions and methods are meant to be shared and improved upon, [so come on in](https://github.com/orgs/ublue-os/discussions) and help out!
## Usage
> **Warning**
> This is an experimental feature and should not be used in production, try it in a VM for a while! If you are rebasing and not doing a clean install do a `touch ~/.config/ublue/firstboot-done` to keep your flatpak configuration untouched BEFORE you rebase, otherwise we're going to mangle it (for science).
To rebase an existing Silverblue/Kinoite machine to the latest release (37):
sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/ublue-os/base:37
We build date tags as well, so if you want to rebase to a particular day's release:
sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/ublue-os/base:20221217
The `latest` tag will automatically point to the latest build. Note that when a new version of Fedora is released that the `latest` tag will get updated to that latest release automatically.
## Features
- Start with a base Fedora Silverblue 37 image
- Removes Firefox from the base image
- Adds the following packages to the base image:
- distrobox and gnome-tweaks
- Sets automatic staging of updates for the system
- Sets flatpaks to update twice a day
- Everything else (desktop, artwork, etc) remains stock so you can use this as a good starting image
## Applications
- All applications installed per user instead of system wide, similar to openSUSE MicroOS, they are not on the base image. Thanks for the inspiration Team Green!
- Mozilla Firefox, Mozilla Thunderbird, Extension Manager, Libreoffice, DejaDup, FontDownloader, Flatseal, and the Celluloid Media Player
- Core GNOME Applications installed from Flathub
- GNOME Calculator, Calendar, Characters, Connections, Contacts, Evince, Firmware, Logs, Maps, NautilusPreviewer, TextEditor, Weather, baobab, clocks, eog, and font-viewer
## Further Customization
The `just` task runner is included for further customization after first boot.
It will copy the template from `/etc/justfile` to your home directory.
After that run the following commands:
- `just` - Show all tasks, more will be added in the future
- `just bios` - Reboot into the system bios (Useful for dualbooting)
- `just changelogs` - Show the changelogs of the pending update
- Set up distroboxes for the following images:
- `just distrobox-boxkit`
- `just distrobox-debian`
- `just distrobox-opensuse`
- `just distrobox-ubuntu`
- `just setup-flatpaks` - Install a selection of flatpaks, use this section to add your own apps
- `just setup-gaming` - Install Steam, Heroic Game Launcher, OBS Studio, Discord, Boatswain, Bottles, and ProtonUp-Qt. MangoHud is installed and enabled by default, hit right Shift-F12 to toggle
- `just update` - Update rpm-ostree, flatpaks, and distroboxes in one command
Check the [just website](https://just.systems) for tips on modifying and adding your own recipes.
## Verification
These images are signed with sisgstore's [cosign](https://docs.sigstore.dev/cosign/overview/). You can verify the signature by downloading the `cosign.pub` key from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/ublue-os/base
If you're forking this repo you should [read the docs](https://docs.github.com/en/actions/security-guides/encrypted-secrets) on keeping secrets in github. You need to [generate a new keypair](https://docs.sigstore.dev/cosign/overview/) with cosign. The public key can be in your public repo (your users need it to check the signatures), and you can paste the private key in Settings -> Secrets -> Actions.
## Making your own
See [the documentation](https://ublue.it/making-your-own/) on how to clone and use this repo for your own projects.

4
cosign.pub Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA
cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w==
-----END PUBLIC KEY-----

64
etc/justfile Normal file
View File

@@ -0,0 +1,64 @@
default:
@just --list
bios:
systemctl reboot --firmware-setup
changelogs:
rpm-ostree db diff --changelogs
distrobox-boxkit:
echo 'Creating Boxkit distrobox ...'
distrobox create --image ghcr.io/ublue-os/boxkit -n boxkit -Y
distrobox-debian:
echo 'Creating Debian distrobox ...'
distrobox create --image quay.io/toolbx-images/debian-toolbox:unstable -n debian -Y
distrobox-opensuse:
echo 'Creating openSUSE distrobox ...'
distrobox create --image quay.io/toolbx-images/opensuse-toolbox:tumbleweed -n opensuse -Y
distrobox-ubuntu:
echo 'Creating Ubuntu distrobox ...'
distrobox create --image quay.io/toolbx-images/ubuntu-toolbox:22.04 -n ubuntu -Y
setup-flatpaks:
echo 'Installing flatpaks from the ublue recipe ...'
flatpaks=$(dasel -f /etc/ublue-recipe.yml -r yaml -w json -s 'flatpaks')
flatpaks_count=$(echo $flatpaks | dasel -r json -s 'len()')
for i in $(seq 0 $(($flatpaks_count-1))); do
pkg=$(echo $flatpaks | dasel -r json "[${i}]" | tr -d '"')
echo "# Installing ${pkg}"
flatpak install --user --noninteractive flathub $pkg
done
setup-pwa:
echo 'Giving browser permission to create PWAs (Progressive Web Apps)'
# Add for your favorite chromium-based browser
flatpak override --user --filesystem=~/.local/share/applications --filesystem=~/.local/share/icons com.microsoft.Edge
setup-gaming:
echo 'Setting up gaming experience ... lock and load.'
flatpak install -y --user \\
com.discordapp.Discord \\
com.feaneron.Boatswain \\
org.freedesktop.Platform.VulkanLayer.MangoHud//22.08 \\
org.freedesktop.Platform.VulkanLayer.OBSVkCapture//22.08 \\
org.freedesktop.Platform.VulkanLayer.vkBasalt//22.08 \\
com.heroicgameslauncher.hgl \\
com.obsproject.Studio \\
com.obsproject.Studio.Plugin.OBSVkCapture \\
com.obsproject.Studio.Plugin.Gstreamer \\
com.usebottles.bottles \\
com.valvesoftware.Steam \\
com.valvesoftware.Steam.Utility.gamescope \\
net.davidotek.pupgui2
flatpak override com.usebottles.bottles --user --filesystem=xdg-data/applications
flatpak override --user --env=MANGOHUD=1 com.valvesoftware.Steam
flatpak override --user --env=MANGOHUD=1 com.heroicgameslauncher.hgl
update:
rpm-ostree update
flatpak update -y
distrobox upgrade -a

6
etc/profile.d/ublue-firstboot.sh Normal file
View File

@@ -0,0 +1,6 @@
if test "$(id -u)" -gt "0" && test -d "$HOME"; then
if test ! -e "$HOME"/.config/ublue/firstboot-done; then
mkdir -p "$HOME"/.config/autostart
cp -f /etc/skel.d/.config/autostart/ublue-firstboot.desktop "$HOME"/.config/autostart
fi
fi

8
etc/skel.d/.config/autostart/ublue-firstboot.desktop Normal file
View File

@@ -0,0 +1,8 @@
[Desktop Entry]
Name=Ublue Desktop FirstBoot Setup
Comment=Sets up Ublue Desktop Correctly On FirstBoot
Exec=/usr/bin/ublue-firstboot
Icon=org.gnome.Terminal
Type=Application
Categories=Utility;System;
Name[en_US]=startup

13
recipe.yml Normal file
View File

@@ -0,0 +1,13 @@
rpms:
- distrobox
- gnome-tweaks
- just
flatpaks:
- org.mozilla.firefox
- org.mozilla.Thunderbird
- com.mattjakeman.ExtensionManager
- org.libreoffice.LibreOffice
- org.gnome.DejaDup
- org.gustavoperedo.FontDownloader
- com.github.tchx84.Flatseal
- io.github.celluloid_player.Celluloid

99
ublue-firstboot Executable file
View File

@@ -0,0 +1,99 @@
#!/bin/sh
if test -e "$HOME"/.config/ublue/firstboot-done; then
echo "Already ran"
exit 0
fi
(
echo "# Waiting for Internet connection"
until /usr/bin/ping -q -c 1 flathub.org; do sleep 1; done
echo "00"
echo "# Removing Filtered Flathub Repository"
/usr/bin/flatpak remote-delete flathub --force ||:
if [ "$?" != 0 ] ; then
zenity --error \
--text="Removing Filtered Flathub Repo Failed"
exit 1
fi
echo "3"
echo "# Enabling Flathub Repository"
/usr/bin/flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
if [ "$?" != 0 ] ; then
zenity --error \
--text="Adding Flathub Repo Failed"
exit 1
fi
echo "5"
echo "# Replacing Fedora Flatpaks with Flathub Ones (this may take a while)"
/usr/bin/flatpak install --user --noninteractive org.gnome.Platform//43
/usr/bin/flatpak install --user --noninteractive --reinstall flathub $(flatpak list --app-runtime=org.fedoraproject.Platform --columns=application | tail -n +1 )
if [ "$?" != 0 ] ; then
zenity --error \
--text="Replacing Fedora Flatpaks Failed"
exit 1
fi
echo "20"
echo "Removing all preinstalled Flatpaks"
/usr/bin/flatpak remove --system --noninteractive --all ||:
if [ "$?" != 0 ] ; then
zenity --error \
--text="Removing all preinstalled flatpaks failed"
exit 1
fi
echo "# Removing Fedora Flatpak Repository"
/usr/bin/flatpak remote-delete fedora --force ||:
if [ "$?" != 0 ] ; then
zenity --error \
--text="Removing Fedora Flatpak Repo Failed"
exit 1
fi
echo "25"
echo "# Installing flatpaks from recipe"
flatpaks=$(yq '.flatpaks[]' < /etc/ublue-recipe.yml)
flatpaks_count=$(yq '.flatpaks[]' < /etc/ublue-recipe.yml | wc -l)
i=0
for pkg in $flatpaks; do
echo "# Installing ${pkg}"
/usr/bin/flatpak install --user --noninteractive flathub $pkg
if [ "$?" != 0 ] ; then
zenity --error \
--text="Installing ${pkg} Failed"
exit 1
fi
i=$((i+1))
# Automatically calculates evenly spaced progess using bc, cuts everything after decimal point.
echo "${i}/${flatpaks_count} * (95-30) + 30" | bc -l | cut -d "." -f1
done
echo "Enabling Flatpak auto update"
/usr/bin/systemctl --user enable --now flatpak-user-update.timer
if [ "$?" != 0 ] ; then
zenity --error \
--text="Setting Flatpak Autoupdate Failed"
exit 1
fi
echo "100"
echo "# Reticulating Final Splines"
mkdir -p "$HOME"/.config/ublue/
touch "$HOME"/.config/ublue/firstboot-done
cp -n /etc/justfile "$HOME"/.justfile
) |
zenity --progress --title="uBlue Desktop Firstboot" --percentage=0 --auto-close --no-cancel --width=300
if [ "$?" != 0 ] ; then
zenity --error \
--text="Firstboot Configuration Error"
fi

12
usr/lib/systemd/system/flatpak-system-update.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Flatpak Automatic Update
Documentation=man:flatpak(1)
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/flatpak --system update -y --noninteractive
[Install]
WantedBy=multi-user.target

11
usr/lib/systemd/system/flatpak-system-update.timer Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=Flatpak Automatic Update Trigger
Documentation=man:flatpak(1)
[Timer]
OnBootSec=5m
OnCalendar=0/6:00:00
Persistent=true
[Install]
WantedBy=timers.target

12
usr/lib/systemd/user/flatpak-user-update.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Flatpak Automatic Update
Documentation=man:flatpak(1)
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/flatpak --user update -y --noninteractive
[Install]
WantedBy=multi-user.target

11
usr/lib/systemd/user/flatpak-user-update.timer Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=Flatpak Automatic Update Trigger
Documentation=man:flatpak(1)
[Timer]
OnBootSec=5m
OnCalendar=0/6:00:00
Persistent=true
[Install]
WantedBy=timers.target