diff --git a/ucore/Containerfile b/ucore/Containerfile index 18ffab6..f1ca96c 100644 --- a/ucore/Containerfile +++ b/ucore/Containerfile @@ -1,5 +1,5 @@ ARG COREOS_VERSION="${COREOS_VERSION:-stable}" -ARG FEDORA_VERSION="${FEDORA_VERSION:-40}" +ARG FEDORA_VERSION="${FEDORA_VERSION:-42}" ARG IMAGE_VERSION="${IMAGE_VERSION:-stable}" ARG IMAGE_REGISTRY="${IMAGE_REGISTRY:-ghcr.io/ublue-os}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-coreos-stable}" @@ -65,4 +65,4 @@ RUN --mount=type=cache,dst=/var/cache/libdnf5 \ /ctx/install-ucore-hci.sh \ && /ctx/cleanup.sh -RUN ["bootc", "container", "lint"] \ No newline at end of file +RUN ["bootc", "container", "lint"] diff --git a/ucore/cleanup.sh b/ucore/cleanup.sh index 296d785..3ade435 100755 --- a/ucore/cleanup.sh +++ b/ucore/cleanup.sh @@ -2,7 +2,8 @@ set -eoux pipefail -rm -rf /tmp/* || true +find /boot/* -maxdepth 0 -exec rm -fr {} \; || true +find /tmp/* -maxdepth 0 -type d \! -name rpms -exec rm -fr {} \; || true find /var/* -maxdepth 0 -type d \! -name cache -exec rm -fr {} \; find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 \! -name rpm-ostree -exec rm -fr {} \; @@ -10,4 +11,4 @@ find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 \! -name rpm-ostree -exec #bootc container lint ostree container commit mkdir -p /var/tmp \ -&& chmod -R 1777 /var/tmp \ No newline at end of file +&& chmod -R 1777 /var/tmp diff --git a/ucore/install-ucore-minimal.sh b/ucore/install-ucore-minimal.sh index 93ed5eb..a0dab55 100755 --- a/ucore/install-ucore-minimal.sh +++ b/ucore/install-ucore-minimal.sh @@ -8,7 +8,6 @@ RELEASE="$(rpm -E %fedora)" pushd /tmp/rpms/kernel KERNEL_VERSION=$(find kernel-*.rpm | grep -P "kernel-(\d+\.\d+\.\d+)-.*\.fc${RELEASE}\.${ARCH}" | sed -E 's/kernel-//' | sed -E 's/\.rpm//') popd -QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(\d+\.\d+\.\d+)' | sed -E 's/kernel-//')" #### PREPARE # enable testing repos if not enabled on testing stream @@ -40,31 +39,31 @@ dnf -y install ublue-os-signing cp /usr/etc/containers/policy.json /etc/containers/policy.json rm -rf /usr/etc -# Handle Kernel Skew with override replace -if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then - echo "Installing signed kernel from kernel-cache." - cd /tmp - rpm2cpio /tmp/rpms/kernel/kernel-core-*.rpm | cpio -idmv - cp ./lib/modules/*/vmlinuz /usr/lib/modules/*/vmlinuz - cd / -else - # Remove Existing Kernel - for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra; do - if rpm -q $pkg >/dev/null 2>&1; then - rpm --erase $pkg --nodeps - fi - done - echo "Install kernel version ${KERNEL_VERSION} from kernel-cache." - dnf -y install \ - /tmp/rpms/kernel/kernel-[0-9]*.rpm \ - /tmp/rpms/kernel/kernel-core-*.rpm \ - /tmp/rpms/kernel/kernel-modules-*.rpm -fi +# Replace Existing Kernel with packages from akmods cached kernel +for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra; do + if rpm -q $pkg >/dev/null 2>&1; then + rpm --erase $pkg --nodeps + fi +done +echo "Install kernel version ${KERNEL_VERSION} from kernel-cache." +dnf -y install \ + /tmp/rpms/kernel/kernel-[0-9]*.rpm \ + /tmp/rpms/kernel/kernel-core-*.rpm \ + /tmp/rpms/kernel/kernel-modules-*.rpm + +# Ensure kernel packages can't be updated by other dnf operations +dnf versionlock add kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra ## ALWAYS: install ZFS (and sanoid deps) dnf -y install /tmp/rpms/akmods-zfs/kmods/zfs/*.rpm /tmp/rpms/akmods-zfs/kmods/zfs/other/zfs-dracut-*.rpm # for some reason depmod ran automatically with zfs 2.1 but not with 2.2 -depmod -a -v ${KERNEL_VERSION} +echo "Update modules.dep, etc..." +depmod -a "${KERNEL_VERSION}" + +# Regenerate initramfs, for new kernel and zfs; not including NVIDIA kmod +QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(\d+\.\d+\.\d+)' | sed -E 's/kernel-//')" +/usr/bin/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" +chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" ## CONDITIONAL: install NVIDIA if [[ "-nvidia" == "${NVIDIA_TAG}" ]]; then