From 3fb96ece1070e710c31f0842472df5d65d589925 Mon Sep 17 00:00:00 2001 From: qoijjj <129108030+qoijjj@users.noreply.github.com> Date: Thu, 8 Aug 2024 15:48:30 -0700 Subject: [PATCH] chore: move /usr/etc to /etc per upstream rpm-ostree recommendation --- files/scripts/createautostartdir.sh | 2 +- files/scripts/disablesealertpopups.sh | 2 +- files/scripts/disableuserns.sh | 12 ++++++------ files/scripts/hardencontainerpolicy.sh | 4 ++-- files/scripts/homebrewanalyticsoptout.sh | 2 +- files/scripts/removebluefinfirstboot.sh | 2 +- files/scripts/removechsh.sh | 6 ------ files/scripts/setfilepermissions.sh | 2 +- .../etc/skel/.config/Code/User/settings.json | 0 .../etc/NetworkManager/conf.d/rand_mac.conf | 0 files/system/{usr => }/etc/chrony.conf | 0 .../registries.d/build-container-installer.yaml | 0 .../etc/containers/registries.d/davincibox.yaml | 0 files/system/{usr => }/etc/containers/toolbox.conf | 0 files/system/{usr => }/etc/distrobox/distrobox.conf | 0 .../etc/firewalld/zones/FedoraWorkstation.xml | 0 files/system/{usr => }/etc/ld.so.preload | 0 files/system/{usr => }/etc/login.defs | 0 files/system/{usr => }/etc/modprobe.d/blacklist.conf | 0 .../etc/pki/containers/build-container-installer.pub | 0 .../{usr => }/etc/pki/containers/davincibox.pub | 0 .../{usr => }/etc/profile.d/gnome-disable-jit.sh | 0 files/system/{usr => }/etc/security/faillock.conf | 0 .../etc/security/limits.d/99-disable-coredump.conf | 0 files/system/{usr => }/etc/security/pwquality.conf | 0 files/system/{usr => }/etc/sudoers.d/timeout | 0 .../{usr => }/etc/sway/config.d/99-noxwayland.conf | 0 files/system/{usr => }/etc/sysconfig/chronyd | 0 files/system/{usr => }/etc/sysctl.d/hardening.conf | 0 .../etc/systemd/resolved.conf.d/securedns.conf | 0 .../etc/systemd/system.conf.d/disable-coredump.conf | 0 .../etc/systemd/user.conf.d/disable-coredump.conf | 0 .../org.gnome.Shell@wayland.service.d/override.conf | 0 .../user/plasma-kwin_wayland.service.d/override.conf | 0 .../{usr => }/etc/sddm.conf.d/10-wayland.conf | 0 files/system/kinoite/{usr => }/etc/xdg/kdeglobals | 0 .../{usr => }/etc/firewalld/zones/FedoraServer.xml | 0 .../etc/ssh/sshd_config.d/30-hardening.conf | 0 modules/secureblue-signing/secureblue-signing.sh | 8 ++++---- recipes/common/common-files.yml | 4 +++- 40 files changed, 20 insertions(+), 24 deletions(-) delete mode 100644 files/scripts/removechsh.sh rename files/system/dx/{usr => }/etc/skel/.config/Code/User/settings.json (100%) rename files/system/{usr => }/etc/NetworkManager/conf.d/rand_mac.conf (100%) rename files/system/{usr => }/etc/chrony.conf (100%) rename files/system/{usr => }/etc/containers/registries.d/build-container-installer.yaml (100%) rename files/system/{usr => }/etc/containers/registries.d/davincibox.yaml (100%) rename files/system/{usr => }/etc/containers/toolbox.conf (100%) rename files/system/{usr => }/etc/distrobox/distrobox.conf (100%) rename files/system/{usr => }/etc/firewalld/zones/FedoraWorkstation.xml (100%) rename files/system/{usr => }/etc/ld.so.preload (100%) rename files/system/{usr => }/etc/login.defs (100%) rename files/system/{usr => }/etc/modprobe.d/blacklist.conf (100%) rename files/system/{usr => }/etc/pki/containers/build-container-installer.pub (100%) rename files/system/{usr => }/etc/pki/containers/davincibox.pub (100%) rename files/system/{usr => }/etc/profile.d/gnome-disable-jit.sh (100%) rename files/system/{usr => }/etc/security/faillock.conf (100%) rename files/system/{usr => }/etc/security/limits.d/99-disable-coredump.conf (100%) rename files/system/{usr => }/etc/security/pwquality.conf (100%) rename files/system/{usr => }/etc/sudoers.d/timeout (100%) rename files/system/{usr => }/etc/sway/config.d/99-noxwayland.conf (100%) rename files/system/{usr => }/etc/sysconfig/chronyd (100%) rename files/system/{usr => }/etc/sysctl.d/hardening.conf (100%) rename files/system/{usr => }/etc/systemd/resolved.conf.d/securedns.conf (100%) rename files/system/{usr => }/etc/systemd/system.conf.d/disable-coredump.conf (100%) rename files/system/{usr => }/etc/systemd/user.conf.d/disable-coredump.conf (100%) rename files/system/{usr => }/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf (100%) rename files/system/{usr => }/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf (100%) rename files/system/kinoite/{usr => }/etc/sddm.conf.d/10-wayland.conf (100%) rename files/system/kinoite/{usr => }/etc/xdg/kdeglobals (100%) rename files/system/server/{usr => }/etc/firewalld/zones/FedoraServer.xml (100%) rename files/system/server/{usr => }/etc/ssh/sshd_config.d/30-hardening.conf (100%) diff --git a/files/scripts/createautostartdir.sh b/files/scripts/createautostartdir.sh index 76ce595..c6ccd98 100644 --- a/files/scripts/createautostartdir.sh +++ b/files/scripts/createautostartdir.sh @@ -3,4 +3,4 @@ # Tell build process to exit if there are any errors. set -oue pipefail -mkdir -p /usr/etc/xdg/autostart \ No newline at end of file +mkdir -p /etc/xdg/autostart diff --git a/files/scripts/disablesealertpopups.sh b/files/scripts/disablesealertpopups.sh index 73afd7c..fa5d357 100644 --- a/files/scripts/disablesealertpopups.sh +++ b/files/scripts/disablesealertpopups.sh @@ -3,4 +3,4 @@ # Tell build process to exit if there are any errors. set -oue pipefail -echo "X-GNOME-Autostart-enabled=false" >> /usr/etc/xdg/autostart/sealertauto.desktop +echo "X-GNOME-Autostart-enabled=false" >> /etc/xdg/autostart/sealertauto.desktop diff --git a/files/scripts/disableuserns.sh b/files/scripts/disableuserns.sh index dcc3415..8c770d0 100644 --- a/files/scripts/disableuserns.sh +++ b/files/scripts/disableuserns.sh @@ -10,9 +10,9 @@ echo " # https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj user.max_user_namespaces = 0 -" >> /usr/etc/sysctl.d/hardening.conf +" >> /etc/sysctl.d/hardening.conf -mkdir -p /usr/etc/systemd/system/upower.service.d/ +mkdir -p /etc/systemd/system/upower.service.d/ echo " @@ -20,10 +20,10 @@ echo " # Namespaces PrivateUsers=no -" >> /usr/etc/systemd/system/upower.service.d/namespaces.conf +" >> /etc/systemd/system/upower.service.d/namespaces.conf -mkdir -p /usr/etc/systemd/system/colord.service.d/ +mkdir -p /etc/systemd/system/colord.service.d/ echo " @@ -31,7 +31,7 @@ echo " # Namespaces PrivateUsers=no -" >> /usr/etc/systemd/system/colord.service.d/namespaces.conf +" >> /etc/systemd/system/colord.service.d/namespaces.conf chown root:root /usr/bin/bwrap chmod u+s /usr/bin/bwrap @@ -62,4 +62,4 @@ semodule -i chrome_sandbox.pp rm chrome_sandbox.te rm chrome_sandbox.mod -rm chrome_sandbox.pp \ No newline at end of file +rm chrome_sandbox.pp diff --git a/files/scripts/hardencontainerpolicy.sh b/files/scripts/hardencontainerpolicy.sh index 9dd1450..0173047 100644 --- a/files/scripts/hardencontainerpolicy.sh +++ b/files/scripts/hardencontainerpolicy.sh @@ -3,7 +3,7 @@ # Tell build process to exit if there are any errors. set -oue pipefail -sed -i 's/insecureAcceptAnything/reject/' /usr/etc/containers/policy.json +sed -i 's/insecureAcceptAnything/reject/' /etc/containers/policy.json # Exception for build-container-installer to allow the ISO generation script to work @@ -32,4 +32,4 @@ yq -i -o=j '.transports.docker |= } ] } -+ .' /usr/etc/containers/policy.json \ No newline at end of file ++ .' /etc/containers/policy.json diff --git a/files/scripts/homebrewanalyticsoptout.sh b/files/scripts/homebrewanalyticsoptout.sh index 73ba1a3..ddb7713 100644 --- a/files/scripts/homebrewanalyticsoptout.sh +++ b/files/scripts/homebrewanalyticsoptout.sh @@ -8,4 +8,4 @@ echo " HOMEBREW_NO_ANALYTICS=1 -" >> /usr/etc/environment +" >> /etc/environment diff --git a/files/scripts/removebluefinfirstboot.sh b/files/scripts/removebluefinfirstboot.sh index be0c665..ceb88f4 100644 --- a/files/scripts/removebluefinfirstboot.sh +++ b/files/scripts/removebluefinfirstboot.sh @@ -3,4 +3,4 @@ # Tell build process to exit if there are any errors. set -oue pipefail -rm /usr/etc/skel/.config/autostart/bluefin-firstboot.desktop \ No newline at end of file +rm /etc/skel/.config/autostart/bluefin-firstboot.desktop diff --git a/files/scripts/removechsh.sh b/files/scripts/removechsh.sh deleted file mode 100644 index 4d691cf..0000000 --- a/files/scripts/removechsh.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -# Tell build process to exit if there are any errors. -set -oue pipefail - -rm /usr/bin/chsh \ No newline at end of file diff --git a/files/scripts/setfilepermissions.sh b/files/scripts/setfilepermissions.sh index 4aec084..9490378 100644 --- a/files/scripts/setfilepermissions.sh +++ b/files/scripts/setfilepermissions.sh @@ -3,4 +3,4 @@ # Tell build process to exit if there are any errors. set -oue pipefail -chmod 440 /usr/etc/sudoers.d/timeout \ No newline at end of file +chmod 440 /etc/sudoers.d/timeout diff --git a/files/system/dx/usr/etc/skel/.config/Code/User/settings.json b/files/system/dx/etc/skel/.config/Code/User/settings.json similarity index 100% rename from files/system/dx/usr/etc/skel/.config/Code/User/settings.json rename to files/system/dx/etc/skel/.config/Code/User/settings.json diff --git a/files/system/usr/etc/NetworkManager/conf.d/rand_mac.conf b/files/system/etc/NetworkManager/conf.d/rand_mac.conf similarity index 100% rename from files/system/usr/etc/NetworkManager/conf.d/rand_mac.conf rename to files/system/etc/NetworkManager/conf.d/rand_mac.conf diff --git a/files/system/usr/etc/chrony.conf b/files/system/etc/chrony.conf similarity index 100% rename from files/system/usr/etc/chrony.conf rename to files/system/etc/chrony.conf diff --git a/files/system/usr/etc/containers/registries.d/build-container-installer.yaml b/files/system/etc/containers/registries.d/build-container-installer.yaml similarity index 100% rename from files/system/usr/etc/containers/registries.d/build-container-installer.yaml rename to files/system/etc/containers/registries.d/build-container-installer.yaml diff --git a/files/system/usr/etc/containers/registries.d/davincibox.yaml b/files/system/etc/containers/registries.d/davincibox.yaml similarity index 100% rename from files/system/usr/etc/containers/registries.d/davincibox.yaml rename to files/system/etc/containers/registries.d/davincibox.yaml diff --git a/files/system/usr/etc/containers/toolbox.conf b/files/system/etc/containers/toolbox.conf similarity index 100% rename from files/system/usr/etc/containers/toolbox.conf rename to files/system/etc/containers/toolbox.conf diff --git a/files/system/usr/etc/distrobox/distrobox.conf b/files/system/etc/distrobox/distrobox.conf similarity index 100% rename from files/system/usr/etc/distrobox/distrobox.conf rename to files/system/etc/distrobox/distrobox.conf diff --git a/files/system/usr/etc/firewalld/zones/FedoraWorkstation.xml b/files/system/etc/firewalld/zones/FedoraWorkstation.xml similarity index 100% rename from files/system/usr/etc/firewalld/zones/FedoraWorkstation.xml rename to files/system/etc/firewalld/zones/FedoraWorkstation.xml diff --git a/files/system/usr/etc/ld.so.preload b/files/system/etc/ld.so.preload similarity index 100% rename from files/system/usr/etc/ld.so.preload rename to files/system/etc/ld.so.preload diff --git a/files/system/usr/etc/login.defs b/files/system/etc/login.defs similarity index 100% rename from files/system/usr/etc/login.defs rename to files/system/etc/login.defs diff --git a/files/system/usr/etc/modprobe.d/blacklist.conf b/files/system/etc/modprobe.d/blacklist.conf similarity index 100% rename from files/system/usr/etc/modprobe.d/blacklist.conf rename to files/system/etc/modprobe.d/blacklist.conf diff --git a/files/system/usr/etc/pki/containers/build-container-installer.pub b/files/system/etc/pki/containers/build-container-installer.pub similarity index 100% rename from files/system/usr/etc/pki/containers/build-container-installer.pub rename to files/system/etc/pki/containers/build-container-installer.pub diff --git a/files/system/usr/etc/pki/containers/davincibox.pub b/files/system/etc/pki/containers/davincibox.pub similarity index 100% rename from files/system/usr/etc/pki/containers/davincibox.pub rename to files/system/etc/pki/containers/davincibox.pub diff --git a/files/system/usr/etc/profile.d/gnome-disable-jit.sh b/files/system/etc/profile.d/gnome-disable-jit.sh similarity index 100% rename from files/system/usr/etc/profile.d/gnome-disable-jit.sh rename to files/system/etc/profile.d/gnome-disable-jit.sh diff --git a/files/system/usr/etc/security/faillock.conf b/files/system/etc/security/faillock.conf similarity index 100% rename from files/system/usr/etc/security/faillock.conf rename to files/system/etc/security/faillock.conf diff --git a/files/system/usr/etc/security/limits.d/99-disable-coredump.conf b/files/system/etc/security/limits.d/99-disable-coredump.conf similarity index 100% rename from files/system/usr/etc/security/limits.d/99-disable-coredump.conf rename to files/system/etc/security/limits.d/99-disable-coredump.conf diff --git a/files/system/usr/etc/security/pwquality.conf b/files/system/etc/security/pwquality.conf similarity index 100% rename from files/system/usr/etc/security/pwquality.conf rename to files/system/etc/security/pwquality.conf diff --git a/files/system/usr/etc/sudoers.d/timeout b/files/system/etc/sudoers.d/timeout similarity index 100% rename from files/system/usr/etc/sudoers.d/timeout rename to files/system/etc/sudoers.d/timeout diff --git a/files/system/usr/etc/sway/config.d/99-noxwayland.conf b/files/system/etc/sway/config.d/99-noxwayland.conf similarity index 100% rename from files/system/usr/etc/sway/config.d/99-noxwayland.conf rename to files/system/etc/sway/config.d/99-noxwayland.conf diff --git a/files/system/usr/etc/sysconfig/chronyd b/files/system/etc/sysconfig/chronyd similarity index 100% rename from files/system/usr/etc/sysconfig/chronyd rename to files/system/etc/sysconfig/chronyd diff --git a/files/system/usr/etc/sysctl.d/hardening.conf b/files/system/etc/sysctl.d/hardening.conf similarity index 100% rename from files/system/usr/etc/sysctl.d/hardening.conf rename to files/system/etc/sysctl.d/hardening.conf diff --git a/files/system/usr/etc/systemd/resolved.conf.d/securedns.conf b/files/system/etc/systemd/resolved.conf.d/securedns.conf similarity index 100% rename from files/system/usr/etc/systemd/resolved.conf.d/securedns.conf rename to files/system/etc/systemd/resolved.conf.d/securedns.conf diff --git a/files/system/usr/etc/systemd/system.conf.d/disable-coredump.conf b/files/system/etc/systemd/system.conf.d/disable-coredump.conf similarity index 100% rename from files/system/usr/etc/systemd/system.conf.d/disable-coredump.conf rename to files/system/etc/systemd/system.conf.d/disable-coredump.conf diff --git a/files/system/usr/etc/systemd/user.conf.d/disable-coredump.conf b/files/system/etc/systemd/user.conf.d/disable-coredump.conf similarity index 100% rename from files/system/usr/etc/systemd/user.conf.d/disable-coredump.conf rename to files/system/etc/systemd/user.conf.d/disable-coredump.conf diff --git a/files/system/usr/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf b/files/system/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf similarity index 100% rename from files/system/usr/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf rename to files/system/etc/systemd/user/org.gnome.Shell@wayland.service.d/override.conf diff --git a/files/system/usr/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf b/files/system/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf similarity index 100% rename from files/system/usr/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf rename to files/system/etc/systemd/user/plasma-kwin_wayland.service.d/override.conf diff --git a/files/system/kinoite/usr/etc/sddm.conf.d/10-wayland.conf b/files/system/kinoite/etc/sddm.conf.d/10-wayland.conf similarity index 100% rename from files/system/kinoite/usr/etc/sddm.conf.d/10-wayland.conf rename to files/system/kinoite/etc/sddm.conf.d/10-wayland.conf diff --git a/files/system/kinoite/usr/etc/xdg/kdeglobals b/files/system/kinoite/etc/xdg/kdeglobals similarity index 100% rename from files/system/kinoite/usr/etc/xdg/kdeglobals rename to files/system/kinoite/etc/xdg/kdeglobals diff --git a/files/system/server/usr/etc/firewalld/zones/FedoraServer.xml b/files/system/server/etc/firewalld/zones/FedoraServer.xml similarity index 100% rename from files/system/server/usr/etc/firewalld/zones/FedoraServer.xml rename to files/system/server/etc/firewalld/zones/FedoraServer.xml diff --git a/files/system/server/usr/etc/ssh/sshd_config.d/30-hardening.conf b/files/system/server/etc/ssh/sshd_config.d/30-hardening.conf similarity index 100% rename from files/system/server/usr/etc/ssh/sshd_config.d/30-hardening.conf rename to files/system/server/etc/ssh/sshd_config.d/30-hardening.conf diff --git a/modules/secureblue-signing/secureblue-signing.sh b/modules/secureblue-signing/secureblue-signing.sh index 1ec9de0..59671fa 100644 --- a/modules/secureblue-signing/secureblue-signing.sh +++ b/modules/secureblue-signing/secureblue-signing.sh @@ -3,7 +3,7 @@ # Tell build process to exit if there are any errors. set -euo pipefail -CONTAINER_DIR="/usr/etc/containers" +CONTAINER_DIR="/etc/containers" MODULE_DIRECTORY="${MODULE_DIRECTORY:-"/tmp/modules"}" IMAGE_NAME_FILE="${IMAGE_NAME//\//_}" IMAGE_REGISTRY_TITLE=$(echo "$IMAGE_REGISTRY" | cut -d'/' -f2-) @@ -19,15 +19,15 @@ if ! [ -d $CONTAINER_DIR/registries.d ]; then mkdir -p "$CONTAINER_DIR/registries.d" fi -if ! [ -d "/usr/etc/pki/containers" ]; then - mkdir -p "/usr/etc/pki/containers" +if ! [ -d "/etc/pki/containers" ]; then + mkdir -p "/etc/pki/containers" fi if ! [ -f "$CONTAINER_DIR/policy.json" ]; then cp "$MODULE_DIRECTORY/signing/policy.json" "$CONTAINER_DIR/policy.json" fi -mv "/usr/etc/pki/containers/$IMAGE_NAME.pub" "/usr/etc/pki/containers/$IMAGE_REGISTRY_TITLE.pub" +mv "/etc/pki/containers/$IMAGE_NAME.pub" "/etc/pki/containers/$IMAGE_REGISTRY_TITLE.pub" POLICY_FILE="$CONTAINER_DIR/policy.json" diff --git a/recipes/common/common-files.yml b/recipes/common/common-files.yml index 59e8aa8..4f9afd1 100644 --- a/recipes/common/common-files.yml +++ b/recipes/common/common-files.yml @@ -1,4 +1,6 @@ type: files files: - source: system/usr - destination: /usr \ No newline at end of file + destination: /usr + - source: system/etc + destination: /etc