chore: copy config from upstream and remove dep (#593)

2025-11-02 03:18:00 +00:00 · 2024-11-21 17:23:06 -08:00
parent 5172baa133
commit 261936654f
59 changed files with 2753 additions and 1161 deletions
--- a/files/scripts/hardencontainerpolicy.sh
+++ b/files/scripts/hardencontainerpolicy.sh
@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-
-# Tell build process to exit if there are any errors.
-set -oue pipefail
-
-POLICY_FILE="/usr/etc/containers/policy.json"
-
-if [[ ! -f "$POLICY_FILE" ]]; then
-    echo "Error: $POLICY_FILE does not exist."
-    exit 1
-fi
-
-sed -i 's/insecureAcceptAnything/reject/' "$POLICY_FILE"
-
-
-yq -i -o=j '.transports.docker |=
-    {"ghcr.io/jasonn3": [
-        {
-          "type": "sigstoreSigned",
-          "keyPath": "/usr/etc/pki/containers/build-container-installer.pub",
-          "signedIdentity": {
-            "type": "matchRepository"
-          }
-        }
-      ]
-    }
-+ .' "$POLICY_FILE"
-
-yq -i -o=j '.transports.docker |=
-    {"ghcr.io/zelikos": [
-        {
-          "type": "sigstoreSigned",
-          "keyPath": "/usr/etc/pki/containers/davincibox.pub",
-          "signedIdentity": {
-            "type": "matchRepository"
-          }
-        }
-      ]
-    }
-+ .' "$POLICY_FILE"
-
-yq -i -o=j '.transports.docker |=
-    {"ghcr.io/wayblueorg": [
-        {
-          "type": "sigstoreSigned",
-          "keyPath": "/usr/etc/pki/containers/wayblue.pub",
-          "signedIdentity": {
-            "type": "matchRepository"
-          }
-        }
-      ]
-    }
-+ .' "$POLICY_FILE"
--- a/files/scripts/justfilehardening.sh
+++ b/files/scripts/justfilehardening.sh
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-# Tell build process to exit if there are any errors.
-set -oue pipefail
-
-patch /usr/share/ublue-os/just/15-luks.just < use-pkexec-in-luks-just.patch
-patch /usr/share/ublue-os/just/40-nvidia.just < remove-unusable-just-command.patch
--- a/files/scripts/remove-unusable-just-command.patch
+++ b/files/scripts/remove-unusable-just-command.patch
@@ -1,15 +0,0 @@
-61,74d60
-< # Switch between Nvidia image and NVK
-< toggle-nvk:
-<     #!/usr/bin/bash
-<     CURRENT_IMAGE=$(rpm-ostree status -b --json | jq -r '.deployments[0]."container-image-reference"' | sed -E 's/^.+\/(.+:.+)$/\1/')
-<     CURRENT_URI=$(rpm-ostree status -b --json | jq -r '.deployments[0]."container-image-reference"' | sed -E 's/^(.+\/).+:.+$/\1/')
-<     NEW_IMAGE=$CURRENT_IMAGE
-<     if [[ "$CURRENT_IMAGE" =~ "nvidia" ]]; then
-<       NEW_IMAGE=${CURRENT_IMAGE/-nvidia/}
-<     else
-<       NEW_IMAGE=${CURRENT_IMAGE/:/-nvidia:}
-<     fi
-<     echo "Rebasing to ${NEW_IMAGE}"
-<     rpm-ostree rebase ${CURRENT_URI}${NEW_IMAGE}
-< 
--- a/files/scripts/use-pkexec-in-luks-just.patch
+++ b/files/scripts/use-pkexec-in-luks-just.patch
@@ -1,8 +0,0 @@
-6c6
-<     sudo /usr/libexec/luks-enable-tpm2-autounlock
---
->     pkexec /usr/libexec/luks-enable-tpm2-autounlock
-11c11
-<     sudo /usr/libexec/luks-disable-tpm2-autounlock
---
->     pkexec /usr/libexec/luks-disable-tpm2-autounlock