chore: move /usr/etc to /etc per upstream rpm-ostree recommendation

2025-11-01 10:57:49 +00:00 · 2024-08-08 15:48:30 -07:00
parent ed02255f57
commit 3fb96ece10
40 changed files with 20 additions and 24 deletions
--- a/files/scripts/createautostartdir.sh
+++ b/files/scripts/createautostartdir.sh
@@ -3,4 +3,4 @@
 # Tell build process to exit if there are any errors.
 set -oue pipefail

-mkdir -p /usr/etc/xdg/autostart
+mkdir -p /etc/xdg/autostart
--- a/files/scripts/disablesealertpopups.sh
+++ b/files/scripts/disablesealertpopups.sh
@@ -3,4 +3,4 @@
 # Tell build process to exit if there are any errors.
 set -oue pipefail

-echo "X-GNOME-Autostart-enabled=false" >> /usr/etc/xdg/autostart/sealertauto.desktop
+echo "X-GNOME-Autostart-enabled=false" >> /etc/xdg/autostart/sealertauto.desktop
--- a/files/scripts/disableuserns.sh
+++ b/files/scripts/disableuserns.sh
@@ -10,9 +10,9 @@ echo "
 # https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
 user.max_user_namespaces = 0

-" >> /usr/etc/sysctl.d/hardening.conf
+" >> /etc/sysctl.d/hardening.conf

-mkdir -p /usr/etc/systemd/system/upower.service.d/
+mkdir -p /etc/systemd/system/upower.service.d/

 echo "

@@ -20,10 +20,10 @@ echo "
 # Namespaces
 PrivateUsers=no

-" >> /usr/etc/systemd/system/upower.service.d/namespaces.conf
+" >> /etc/systemd/system/upower.service.d/namespaces.conf


-mkdir -p /usr/etc/systemd/system/colord.service.d/
+mkdir -p /etc/systemd/system/colord.service.d/

 echo "

@@ -31,7 +31,7 @@ echo "
 # Namespaces
 PrivateUsers=no

-" >> /usr/etc/systemd/system/colord.service.d/namespaces.conf
+" >> /etc/systemd/system/colord.service.d/namespaces.conf

 chown root:root /usr/bin/bwrap
 chmod u+s /usr/bin/bwrap
@@ -62,4 +62,4 @@ semodule -i chrome_sandbox.pp

 rm chrome_sandbox.te
 rm chrome_sandbox.mod
-rm chrome_sandbox.pp
+rm chrome_sandbox.pp
--- a/files/scripts/hardencontainerpolicy.sh
+++ b/files/scripts/hardencontainerpolicy.sh
@@ -3,7 +3,7 @@
 # Tell build process to exit if there are any errors.
 set -oue pipefail

-sed -i 's/insecureAcceptAnything/reject/' /usr/etc/containers/policy.json
+sed -i 's/insecureAcceptAnything/reject/' /etc/containers/policy.json


 # Exception for build-container-installer to allow the ISO generation script to work
@@ -32,4 +32,4 @@ yq -i -o=j '.transports.docker |=
        }
      ]
    }
-+ .' /usr/etc/containers/policy.json
+ .' /etc/containers/policy.json
--- a/files/scripts/homebrewanalyticsoptout.sh
+++ b/files/scripts/homebrewanalyticsoptout.sh
@@ -8,4 +8,4 @@ echo "

 HOMEBREW_NO_ANALYTICS=1

-" >> /usr/etc/environment
+" >> /etc/environment
--- a/files/scripts/removebluefinfirstboot.sh
+++ b/files/scripts/removebluefinfirstboot.sh
@@ -3,4 +3,4 @@
 # Tell build process to exit if there are any errors.
 set -oue pipefail

-rm /usr/etc/skel/.config/autostart/bluefin-firstboot.desktop
+rm /etc/skel/.config/autostart/bluefin-firstboot.desktop
--- a/files/scripts/removechsh.sh
+++ b/files/scripts/removechsh.sh
@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-
-# Tell build process to exit if there are any errors.
-set -oue pipefail
-
-rm /usr/bin/chsh
--- a/files/scripts/setfilepermissions.sh
+++ b/files/scripts/setfilepermissions.sh
@@ -3,4 +3,4 @@
 # Tell build process to exit if there are any errors.
 set -oue pipefail

-chmod 440 /usr/etc/sudoers.d/timeout
+chmod 440 /etc/sudoers.d/timeout
--- a/files/system/dx/usr/etc/skel/.config/Code/User/settings.json
+++ b/files/system/dx/usr/etc/skel/.config/Code/User/settings.json
--- a/files/system/usr/etc/NetworkManager/conf.d/rand_mac.conf
+++ b/files/system/usr/etc/NetworkManager/conf.d/rand_mac.conf
--- a/files/system/usr/etc/chrony.conf
+++ b/files/system/usr/etc/chrony.conf
--- a/files/system/usr/etc/containers/registries.d/build-container-installer.yaml
+++ b/files/system/usr/etc/containers/registries.d/build-container-installer.yaml
--- a/files/system/usr/etc/containers/registries.d/davincibox.yaml
+++ b/files/system/usr/etc/containers/registries.d/davincibox.yaml
--- a/files/system/usr/etc/containers/toolbox.conf
+++ b/files/system/usr/etc/containers/toolbox.conf
--- a/files/system/usr/etc/distrobox/distrobox.conf
+++ b/files/system/usr/etc/distrobox/distrobox.conf
--- a/files/system/usr/etc/firewalld/zones/FedoraWorkstation.xml
+++ b/files/system/usr/etc/firewalld/zones/FedoraWorkstation.xml
--- a/files/system/usr/etc/ld.so.preload
+++ b/files/system/usr/etc/ld.so.preload
--- a/files/system/usr/etc/login.defs
+++ b/files/system/usr/etc/login.defs
--- a/files/system/usr/etc/modprobe.d/blacklist.conf
+++ b/files/system/usr/etc/modprobe.d/blacklist.conf
--- a/files/system/usr/etc/pki/containers/build-container-installer.pub
+++ b/files/system/usr/etc/pki/containers/build-container-installer.pub
--- a/files/system/usr/etc/pki/containers/davincibox.pub
+++ b/files/system/usr/etc/pki/containers/davincibox.pub
--- a/files/system/usr/etc/profile.d/gnome-disable-jit.sh
+++ b/files/system/usr/etc/profile.d/gnome-disable-jit.sh
--- a/files/system/usr/etc/security/faillock.conf
+++ b/files/system/usr/etc/security/faillock.conf
--- a/files/system/usr/etc/security/limits.d/99-disable-coredump.conf
+++ b/files/system/usr/etc/security/limits.d/99-disable-coredump.conf
--- a/files/system/usr/etc/security/pwquality.conf
+++ b/files/system/usr/etc/security/pwquality.conf
--- a/files/system/usr/etc/sudoers.d/timeout
+++ b/files/system/usr/etc/sudoers.d/timeout
--- a/files/system/usr/etc/sway/config.d/99-noxwayland.conf
+++ b/files/system/usr/etc/sway/config.d/99-noxwayland.conf
--- a/files/system/usr/etc/sysconfig/chronyd
+++ b/files/system/usr/etc/sysconfig/chronyd
--- a/files/system/usr/etc/sysctl.d/hardening.conf
+++ b/files/system/usr/etc/sysctl.d/hardening.conf
--- a/files/system/usr/etc/systemd/resolved.conf.d/securedns.conf
+++ b/files/system/usr/etc/systemd/resolved.conf.d/securedns.conf
--- a/files/system/usr/etc/systemd/system.conf.d/disable-coredump.conf
+++ b/files/system/usr/etc/systemd/system.conf.d/disable-coredump.conf
--- a/files/system/usr/etc/systemd/user.conf.d/disable-coredump.conf
+++ b/files/system/usr/etc/systemd/user.conf.d/disable-coredump.conf
--- a/files/system/usr/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf
+++ b/files/system/usr/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf
--- a/files/system/usr/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf
+++ b/files/system/usr/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf
--- a/files/system/kinoite/usr/etc/sddm.conf.d/10-wayland.conf
+++ b/files/system/kinoite/usr/etc/sddm.conf.d/10-wayland.conf
--- a/files/system/kinoite/usr/etc/xdg/kdeglobals
+++ b/files/system/kinoite/usr/etc/xdg/kdeglobals
--- a/files/system/server/usr/etc/firewalld/zones/FedoraServer.xml
+++ b/files/system/server/usr/etc/firewalld/zones/FedoraServer.xml
--- a/files/system/server/usr/etc/ssh/sshd_config.d/30-hardening.conf
+++ b/files/system/server/usr/etc/ssh/sshd_config.d/30-hardening.conf
--- a/modules/secureblue-signing/secureblue-signing.sh
+++ b/modules/secureblue-signing/secureblue-signing.sh
@@ -3,7 +3,7 @@
 # Tell build process to exit if there are any errors.
 set -euo pipefail

-CONTAINER_DIR="/usr/etc/containers"
+CONTAINER_DIR="/etc/containers"
 MODULE_DIRECTORY="${MODULE_DIRECTORY:-"/tmp/modules"}"
 IMAGE_NAME_FILE="${IMAGE_NAME//\//_}"
 IMAGE_REGISTRY_TITLE=$(echo "$IMAGE_REGISTRY" | cut -d'/' -f2-)
@@ -19,15 +19,15 @@ if ! [ -d $CONTAINER_DIR/registries.d ]; then
   mkdir -p "$CONTAINER_DIR/registries.d"
 fi

-if ! [ -d "/usr/etc/pki/containers" ]; then
-    mkdir -p "/usr/etc/pki/containers"
+if ! [ -d "/etc/pki/containers" ]; then
+    mkdir -p "/etc/pki/containers"
 fi

 if ! [ -f "$CONTAINER_DIR/policy.json" ]; then
    cp "$MODULE_DIRECTORY/signing/policy.json" "$CONTAINER_DIR/policy.json"
 fi

-mv "/usr/etc/pki/containers/$IMAGE_NAME.pub" "/usr/etc/pki/containers/$IMAGE_REGISTRY_TITLE.pub"
+mv "/etc/pki/containers/$IMAGE_NAME.pub" "/etc/pki/containers/$IMAGE_REGISTRY_TITLE.pub"

 POLICY_FILE="$CONTAINER_DIR/policy.json"

--- a/recipes/common/common-files.yml
+++ b/recipes/common/common-files.yml
@@ -1,4 +1,6 @@
 type: files
 files:
  - source: system/usr
-    destination: /usr
+    destination: /usr
+  - source: system/etc
+    destination: /etc