From d6806f9327c84406d4f63c3d7c533b55c858e589 Mon Sep 17 00:00:00 2001 From: xyny <60004820+xynydev@users.noreply.github.com> Date: Wed, 27 Dec 2023 10:20:53 +0000 Subject: [PATCH 01/10] chore: migrate justfile to import https://github.com/ublue-os/config/issues/178 --- config/files/usr/share/ublue-os/just/60-custom.just | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/files/usr/share/ublue-os/just/60-custom.just b/config/files/usr/share/ublue-os/just/60-custom.just index bd38c97020..b077bd3224 100644 --- a/config/files/usr/share/ublue-os/just/60-custom.just +++ b/config/files/usr/share/ublue-os/just/60-custom.just @@ -1,2 +1,2 @@ -!include 100-bling.just +import 100-bling.just # Include some of your custom scripts here! From f35d3c25445c4963e99c35b043d154a68998f971 Mon Sep 17 00:00:00 2001 From: xyny <60004820+xynydev@users.noreply.github.com> Date: Sun, 31 Dec 2023 10:39:17 +0000 Subject: [PATCH 02/10] fix: add single quotes for paths --- config/files/usr/share/ublue-os/just/60-custom.just | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/files/usr/share/ublue-os/just/60-custom.just b/config/files/usr/share/ublue-os/just/60-custom.just index b077bd3224..9fbf49282e 100644 --- a/config/files/usr/share/ublue-os/just/60-custom.just +++ b/config/files/usr/share/ublue-os/just/60-custom.just @@ -1,2 +1,2 @@ -import 100-bling.just +import '100-bling.just' # Include some of your custom scripts here! From 52e6a456ad47d52ccd45b10a5164e8d6359b725a Mon Sep 17 00:00:00 2001 From: RJ Trujillo Date: Sun, 31 Dec 2023 03:41:45 -0700 Subject: [PATCH 03/10] feat(ci): Verify base image with cosign before building (#211) * feat(ci): Verify base image with cosign before building Validates the integrity of the base image being built from via cosign before continuing to build. Ensures we only build with signed images * fix(ci): Extract base image name from base image URL for verification --- .github/workflows/build.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2f961cf1f4..34638af9d7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,13 +43,6 @@ jobs: # !!! steps: - - name: Maximize build space - uses: AdityaGarg8/remove-unwanted-software@v1 - with: - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action uses: actions/checkout@v4 @@ -84,7 +77,14 @@ jobs: echo "IMAGE_NAME=$(yq '.name' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV echo "IMAGE_DESCRIPTION=$(yq '.description' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV - echo "BASE_IMAGE_URL=$(yq '.base-image' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV + BASE_IMAGE=$(yq '.base-image' ./config/${{ matrix.recipe }}) + echo "BASE_IMAGE_URL=$BASE_IMAGE" >> $GITHUB_ENV + echo "BASE_IMAGE_NAME=$(echo $BASE_IMAGE | sed 's/.*\/.*\///')" >> $GITHUB_ENV + + - name: Verify base image + uses: EyeCantCU/cosign-action/verify@v0.2.1 + with: + containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} - name: Get current version id: labels @@ -158,6 +158,13 @@ jobs: with: string: ${{ env.IMAGE_NAME }} + - name: Maximize build space + uses: AdityaGarg8/remove-unwanted-software@v1 + with: + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + # Build image using Buildah action - name: Build Image id: build_image From 4963395cd11a91753ae5c356f35a4614da4cf9d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 18:25:34 +0000 Subject: [PATCH 04/10] build(deps): bump EyeCantCU/cosign-action from 0.2.1 to 0.2.2 (#220) Bumps [EyeCantCU/cosign-action](https://github.com/eyecantcu/cosign-action) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/eyecantcu/cosign-action/releases) - [Changelog](https://github.com/EyeCantCU/cosign-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/eyecantcu/cosign-action/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: EyeCantCU/cosign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 34638af9d7..e8f2c16368 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -82,7 +82,7 @@ jobs: echo "BASE_IMAGE_NAME=$(echo $BASE_IMAGE | sed 's/.*\/.*\///')" >> $GITHUB_ENV - name: Verify base image - uses: EyeCantCU/cosign-action/verify@v0.2.1 + uses: EyeCantCU/cosign-action/verify@v0.2.2 with: containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} From 6b2584ff0cc73b82984bbc3b5ed7ce2cd5f5add6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 18:32:57 +0000 Subject: [PATCH 05/10] build(deps): bump AdityaGarg8/remove-unwanted-software from 1 to 2 (#219) Bumps [AdityaGarg8/remove-unwanted-software](https://github.com/adityagarg8/remove-unwanted-software) from 1 to 2. - [Release notes](https://github.com/adityagarg8/remove-unwanted-software/releases) - [Commits](https://github.com/adityagarg8/remove-unwanted-software/compare/v1...v2) --- updated-dependencies: - dependency-name: AdityaGarg8/remove-unwanted-software dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e8f2c16368..74d86e1419 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -159,7 +159,7 @@ jobs: string: ${{ env.IMAGE_NAME }} - name: Maximize build space - uses: AdityaGarg8/remove-unwanted-software@v1 + uses: AdityaGarg8/remove-unwanted-software@v2 with: remove-dotnet: 'true' remove-android: 'true' From 80b3ac0ffdf8624086ea95ce7a1181a1bc5f08ce Mon Sep 17 00:00:00 2001 From: fiftydinar <65243233+fiftydinar@users.noreply.github.com> Date: Fri, 12 Jan 2024 12:23:15 +0100 Subject: [PATCH 06/10] feat: Bump ISO generator to v2.3.0 (#221) Installs secure boot/akmod key on all images --- .github/workflows/release-iso.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-iso.yml b/.github/workflows/release-iso.yml index 90afd21cf5..4ad0a4fbf9 100644 --- a/.github/workflows/release-iso.yml +++ b/.github/workflows/release-iso.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Generate ISO - uses: ublue-os/isogenerator@v2.2.0 + uses: ublue-os/isogenerator@v2.3.0 id: isogenerator with: image-name: ${{ github.event.repository.name }} From df4f3301ae1f8ef7da1a8970895680b64e014866 Mon Sep 17 00:00:00 2001 From: fiftydinar <65243233+fiftydinar@users.noreply.github.com> Date: Sun, 14 Jan 2024 18:24:03 +0100 Subject: [PATCH 07/10] feat: Add akmods module (#212) * feat: Add kmods installer module Credits: @C0dePlayer This is not ideal as it does not support custom kernels & it involves editing Containerfile. I believe there is no other way but to make users edit Containerfile for those files to be even pulled of. I would like this to be through the recipe only, so I will put this as a draft until some better ideas come. * Update Containerfile Related to this: https://github.com/ublue-os/bling/blob/d76cca4f3abc7e0730c45e3d820d36b236194c89/modules/akmods/README.md * Clarify change of akmod version better Part of adding support for Surface & Asus images. --- Containerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containerfile b/Containerfile index 735aa5d1e1..645cfab205 100644 --- a/Containerfile +++ b/Containerfile @@ -42,6 +42,9 @@ COPY modules /tmp/modules/ # It is copied from the official container image since it's not available as an RPM. COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq +# Change this if you want different version/tag of akmods. +COPY --from=ghcr.io/ublue-os/akmods:main-39 /rpms /tmp/rpms + # Run the build script, then clean up temp files and finalize container build. RUN chmod +x /tmp/build.sh && /tmp/build.sh && \ rm -rf /tmp/* /var/* && ostree container commit From 5cf7429540ffe2fe3fae5d712c70e03f93cfc00b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 16:04:37 +0000 Subject: [PATCH 08/10] build(deps): bump ublue-os/isogenerator from 2.3.0 to 2.3.1 (#227) Bumps [ublue-os/isogenerator](https://github.com/ublue-os/isogenerator) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/ublue-os/isogenerator/releases) - [Changelog](https://github.com/ublue-os/isogenerator/blob/main/CHANGELOG.md) - [Commits](https://github.com/ublue-os/isogenerator/compare/v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: ublue-os/isogenerator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release-iso.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-iso.yml b/.github/workflows/release-iso.yml index 4ad0a4fbf9..899f934cfe 100644 --- a/.github/workflows/release-iso.yml +++ b/.github/workflows/release-iso.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Generate ISO - uses: ublue-os/isogenerator@v2.3.0 + uses: ublue-os/isogenerator@v2.3.1 id: isogenerator with: image-name: ${{ github.event.repository.name }} From dfb6abffa168d0dd227dc9d3a5a8bd9274f63c57 Mon Sep 17 00:00:00 2001 From: xyny <60004820+xynydev@users.noreply.github.com> Date: Wed, 24 Jan 2024 17:10:17 +0000 Subject: [PATCH 09/10] docs: improve modules section in config readme (#209) (#217) --- config/README.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/config/README.md b/config/README.md index 946c73f133..53892ed462 100644 --- a/config/README.md +++ b/config/README.md @@ -22,7 +22,7 @@ This repository fetches some useful default modules from [`ublue-os/bling`](http For a comprehensive list of modules, their in-depth documentation and example configuration, check out [the Modules page on the website](https://universal-blue.org/tinker/modules/). -### Building multiple images and including module configuration from other files and +### Building multiple images and including module configuration from other files To build multiple images, you need to create another recipe.yml file, which you should name based on what kind of image you want it to build. Then, edit the [`build.yml`](../.github/workflows/build.yml) file. Inside the file, under `jobs: strategy: matrix:`, there's a list of recipe files to build images, which you need to add your new recipe file to. These should be paths to files inside the `config` directory. @@ -39,4 +39,18 @@ install: - dunst - rofi - kitty -``` \ No newline at end of file +``` +An external module can also include multiple modules. +```yaml +# config/common.yml +modules: + - type: files + files: + - usr: /usr + - type: rpm-ostree + install: + - i3 + - dunst + - rofi + - kitty +``` From 535ed937abfa47a47d3c0198792906cae7a60fbb Mon Sep 17 00:00:00 2001 From: xyny <60004820+xynydev@users.noreply.github.com> Date: Wed, 24 Jan 2024 17:14:18 +0000 Subject: [PATCH 10/10] docs: change outdated info about minor module envvar (#216) --- modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index 9aac8899e1..40a8bc8f73 100644 --- a/modules/README.md +++ b/modules/README.md @@ -6,7 +6,7 @@ Each module intended for public usage should include a `README.md` file inside i Modules get only the configuration options given to them in the recipe.yml, not the configuration of other modules or any top-level keys. The configuration is given as the first argument as a single-line json string. You can check out the default modules for examples on how to parse such string using `yq` or `jq`. -Additionally, each module has access to four environment variables, `CONFIG_DIRECTORY` pointing to the Startingpoint directory in `/usr/share/ublue-os/`, `IMAGE_NAME` being the name of the image as declared in the recipe, `BASE_IMAGE` being the URL of the container image used as the base (FROM) in the image, and `OS_VERSION` being the `VERSION_ID` from `/usr/lib/os-release`. +Additionally, each module has access to four environment variables, `CONFIG_DIRECTORY` pointing to the directory containing the confiuration files for the build (`/tmp/config`), `IMAGE_NAME` being the name of the image as declared in the recipe, `BASE_IMAGE` being the URL of the container image used as the base (FROM) in the image, and `OS_VERSION` being the `VERSION_ID` from `/usr/lib/os-release`. When running modules, the working directory is the `CONFIG_DIRECTORY`.