From df988733b9a3590e151436f50ebc52c108ed654a Mon Sep 17 00:00:00 2001 From: gerblesh <101901964+gerblesh@users.noreply.github.com> Date: Fri, 29 Nov 2024 09:32:27 -0800 Subject: [PATCH] update --- .github/dependabot.yml | 11 +++ .github/workflows/build-test.yml | 48 +++++++++ .github/workflows/build.yml | 141 +++++++++++++++++++++++++++ .github/workflows/release-please.yml | 72 ++++++++++++++ .gitignore | 1 + Containerfile | 66 +++++++++++++ Containerfile.builder | 18 ++++ README.md | 78 +++++++++++++++ cmd/hw-check.go | 2 +- cmd/imageOutdated.go | 2 +- cmd/update.go | 10 +- cmd/updateCheck.go | 2 +- cmd/wait.go | 2 +- containers.conf | 12 +++ demo.tape | 7 ++ drv/bootc.go | 1 - drv/brew.go | 2 +- go.mod | 2 +- justfile | 72 ++++++++++++++ main.go | 2 +- podman-containers.conf | 5 + ublue-upd.rules | 7 ++ ublue-upd.service | 6 ++ ublue-upd.spec | 58 +++++++++++ ublue-upd.timer | 11 +++ 25 files changed, 625 insertions(+), 13 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/build-test.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/release-please.yml create mode 100644 Containerfile create mode 100644 Containerfile.builder create mode 100644 README.md create mode 100644 containers.conf create mode 100644 demo.tape create mode 100644 justfile create mode 100644 podman-containers.conf create mode 100644 ublue-upd.rules create mode 100644 ublue-upd.service create mode 100644 ublue-upd.spec create mode 100644 ublue-upd.timer diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..90e05c4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml new file mode 100644 index 0000000..ad3d2a2 --- /dev/null +++ b/.github/workflows/build-test.yml @@ -0,0 +1,48 @@ +name: integration testing +on: + pull_request: + merge_group: + push: + branches: + - main + workflow_dispatch: + +jobs: + push-ghcr: + name: Build and test image + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + id-token: write + strategy: + fail-fast: false + matrix: + major_version: [40, 41] + include: + - major_version: 40 + is_latest_version: false + is_stable_version: true + - major_version: 41 + is_latest_version: true + is_stable_version: false + steps: + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v4 + + - name: Install Deps + run: | + sudo apt-get install just podman + + - name: Build Image + id: build_image + env: + FEDORA_MAJOR_VERSION: ${{ matrix.major_version }} + run: | + just container-build + + - name: Test Image + id: test_image + run: | + just container-test diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..853f34f --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,141 @@ +name: build development package +on: + pull_request: + merge_group: + push: + branches: + - main + workflow_dispatch: +env: + IMAGE_NAME: ublue-update + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + +jobs: + push-ghcr: + name: Build and push image + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + id-token: write + strategy: + fail-fast: false + matrix: + major_version: [40, 41] + include: + - major_version: 40 + is_latest_version: true + is_stable_version: false + - major_version: 41 + is_latest_version: false + is_stable_version: false + steps: + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v4 + + - name: Generate tags + id: generate-tags + shell: bash + run: | + # Generate a timestamp for creating an image version history + TIMESTAMP="$(date +%Y%m%d)" + MAJOR_VERSION="${{ matrix.major_version }}" + COMMIT_TAGS=() + BUILD_TAGS=() + # Have tags for tracking builds during pull request + SHA_SHORT="${GITHUB_SHA::7}" + COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}-${MAJOR_VERSION}") + COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}") + if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ + [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}") + COMMIT_TAGS+=("${SHA_SHORT}") + fi + + BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") + + if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ + [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + BUILD_TAGS+=("latest") + fi + + if [[ "${{ github.event_name }}" == "pull_request" ]]; then + echo "Generated the following commit tags: " + for TAG in "${COMMIT_TAGS[@]}"; do + echo "${TAG}" + done + alias_tags=("${COMMIT_TAGS[@]}") + else + alias_tags=("${BUILD_TAGS[@]}") + fi + echo "Generated the following build tags: " + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done + echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./Containerfile.builder + image: ${{ env.IMAGE_NAME }} + tags: | + ${{ steps.generate-tags.outputs.alias_tags }} + build-args: | + FEDORA_MAJOR_VERSION=${{ matrix.major_version }} + oci: true + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + if: github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Sign container + - uses: sigstore/cosign-installer@v3.7.0 + if: github.event_name != 'pull_request' + + - name: Sign container image + if: github.event_name != 'pull_request' + run: | + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + + - name: Echo outputs + if: github.event_name != 'pull_request' + run: | + echo "${{ toJSON(steps.push.outputs) }}" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 0000000..900ab31 --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,72 @@ +name: build release package +on: + merge_group: + branches: + - main + workflow_dispatch: +env: + IMAGE_NAME: ublue-update + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + +jobs: + release-please: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + outputs: + releases_created: ${{ steps.release-please.outputs.releases_created }} + tag: ${{ steps.release-please.outputs.tag_name }} + upload_url: ${{ steps.release-please.outputs.upload_url }} + steps: + - uses: googleapis/release-please-action@v4 + id: release-please + with: + release-type: simple + package-name: release-please-action + + build-release: + name: Build and push rpm package + runs-on: ubuntu-24.04 + permissions: + contents: write + packages: write + id-token: write + needs: release-please + if: needs.release-please.outputs.releases_created + steps: + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v4 + + # Build image using Buildah action + - name: Build package using containerized build environment + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./Containerfile.builder + image: ${{ env.IMAGE_NAME }} + tags: | + ${{ needs.release-please.outputs.tag }} + oci: true + extra-args: | + -v ${{ github.workspace }}:/app + --target rpm + + - name: upload output artifacts as release artifact + uses: actions/upload-artifact@v4 + with: + name: ublue-updater-rpms + path: output/ + + - name: upload rpm packages + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + find output/ -type f -name '*.rpm' -print0 | \ + xargs -0 -tI{} gh release upload \ + ${{ needs.release-please.outputs.tag }} \ + {} \ + --repo ${{ github.repository_owner }}/${{ github.event.repository.name }} \ + --clobber diff --git a/.gitignore b/.gitignore index 3f3f572..61f8c07 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ go.work.sum # env file .env ublue-upd +output/* diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..da0b440 --- /dev/null +++ b/Containerfile @@ -0,0 +1,66 @@ +ARG TEST_IMAGE="${TEST_IMAGE:-ghcr.io/ublue-os/base-main:41}" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-41}" + +FROM registry.fedoraproject.org/fedora:${FEDORA_MAJOR_VERSION} AS builder + +ENV UBLUE_ROOT=/app/output + +WORKDIR /app + +ADD . /app + +RUN dnf install -y just + +RUN just container-rpm-build + +FROM ${TEST_IMAGE} + +ENV UBLUE_ROOT=/app/output + + +COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /tmp/rpms +RUN dnf install /tmp/rpms/ublue-upd.rpm + +# FROM: https://github.com/containers/image_build/blob/main/podman/Containerfile, sets up podman to work in the container +RUN useradd -G wheel podman && \ + echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid && \ + echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid && \ + echo "podman:" | chpasswd + +ADD ./containers.conf /etc/containers/containers.conf +ADD ./podman-containers.conf /home/podman/.config/containers/containers.conf + +RUN mkdir -p /home/podman/.local/share/containers && \ + chown podman:podman -R /home/podman && \ + chmod 644 /etc/containers/containers.conf + +# Copy & modify the defaults to provide reference if runtime changes needed. +# Changes here are required for running with fuse-overlay storage inside container. +RUN sed -e 's|^#mount_program|mount_program|g' \ + -e '/additionalimage.*/a "/var/lib/shared",' \ + -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ + /usr/share/containers/storage.conf \ + > /etc/containers/storage.conf + +# Setup internal Podman to pass subscriptions down from host to internal container +RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf + +# Note VOLUME options must always happen after the chown call above +# RUN commands can not modify existing volumes +VOLUME /var/lib/containers +VOLUME /home/podman/.local/share/containers + +RUN mkdir -p /var/lib/shared/overlay-images \ + /var/lib/shared/overlay-layers \ + /var/lib/shared/vfs-images \ + /var/lib/shared/vfs-layers && \ + touch /var/lib/shared/overlay-images/images.lock && \ + touch /var/lib/shared/overlay-layers/layers.lock && \ + touch /var/lib/shared/vfs-images/images.lock && \ + touch /var/lib/shared/vfs-layers/layers.lock + +ENV _CONTAINERS_USERNS_CONFIGURED="" \ + BUILDAH_ISOLATION=chroot +# RUN useradd -m -G wheel user && echo "user:" | chpasswd + +CMD [ "/sbin/init" ] diff --git a/Containerfile.builder b/Containerfile.builder new file mode 100644 index 0000000..e0ac169 --- /dev/null +++ b/Containerfile.builder @@ -0,0 +1,18 @@ +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-41}" + +FROM registry.fedoraproject.org/fedora:${FEDORA_MAJOR_VERSION} AS builder + +ENV UBLUE_ROOT=/app/output + +WORKDIR /app + +ADD . /app + +RUN dnf install -y just git + +RUN just container-rpm-build + +FROM scratch + +ENV UBLUE_ROOT=/app/output +COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /tmp/rpms diff --git a/README.md b/README.md new file mode 100644 index 0000000..1d41874 --- /dev/null +++ b/README.md @@ -0,0 +1,78 @@ +# Universal Blue Upd(ate) + +Small update program written in golang intended for use in Universal Blue, updates flatpak apps, distrobox, brew, bootc and rpm-ostree (as a fallback) + +Includes systemd timers and services for auto update + +# Usage + +## Installation + +You can add this to your image by simply pulling down and installing the rpm: + +``` +COPY --from=ghcr.io/ublue-os/ublue-update:latest /rpms/ublue-upd.rpm /tmp/rpms/ +RUN rpm-ostree install /tmp/rpms/ublue-upd.rpm +``` + +If you are on an image derived from uBlue main: + +``` +COPY --from=ghcr.io/ublue-os/ublue-update:latest /rpms/ublue-upd.rpm /tmp/rpms/ +RUN rpm-ostree override remove ublue-os-update-services && rpm-ostree install /tmp/rpms/ublue-upd.rpm +``` + +> **Note** +> If you are on an image derived from uBlue main, you will need to remove or disable automatic updates with rpm-ostreed, to do this, you need to remove or change this line in the config file: `AutomaticUpdatePolicy=stage` (set to `none` if you don't want to remove the line) + + +## Command Line + +To run a complete system update, it's recommended to use systemd: + +``` +$ systemctl start ublue-upd.service +``` + +This allows for passwordless system updates (user must be in `wheel` group) + + +### Run updates from command line (not recommended) + +Only run user updates (rootless): +``` +$ ublue-upd +``` + +``` +ublue-upd is the successor to ublue-update, built for bootc + +Usage: + ublue-upd [flags] + ublue-upd [command] + +Available Commands: + completion Generate the autocompletion script for the specified shell + help Help about any command + hw-check Run hardware checks + is-img-outdated Print 'true' or 'false' based on if the current booted image is over 1 month old + update-check Check for updates to the booted image + wait Waits for ostree sysroot to unlock + +Flags: + -h, --help help for ublue-upd + -c, --hw-check run hardware check before running updates + +Use "ublue-upd [command] --help" for more information about a command.``` + +## Troubleshooting + +You can check the ublue-update logs by running this command: +``` +$ journalctl -exu 'ublue-upd.service' +``` + +## How do I build this? + +1. `just build` will build this project and place the binary in `output/ublue-upd` +1. `sudo ./output/ublue-upd` will run a system update diff --git a/cmd/hw-check.go b/cmd/hw-check.go index 2b8d28e..f4b970a 100644 --- a/cmd/hw-check.go +++ b/cmd/hw-check.go @@ -1,7 +1,7 @@ package cmd import ( - "github.com/gerblesh/update-next/checks" + "github.com/gerblesh/ublue-upd/checks" "github.com/spf13/cobra" "log" ) diff --git a/cmd/imageOutdated.go b/cmd/imageOutdated.go index 7220564..b62610e 100644 --- a/cmd/imageOutdated.go +++ b/cmd/imageOutdated.go @@ -3,7 +3,7 @@ package cmd import ( "log" - "github.com/gerblesh/update-next/drv" + "github.com/gerblesh/ublue-upd/drv" "github.com/spf13/cobra" ) diff --git a/cmd/update.go b/cmd/update.go index eba5695..87e8347 100644 --- a/cmd/update.go +++ b/cmd/update.go @@ -6,9 +6,9 @@ import ( "os/exec" "strings" - "github.com/gerblesh/update-next/checks" - "github.com/gerblesh/update-next/drv" - "github.com/gerblesh/update-next/lib" + "github.com/gerblesh/ublue-upd/checks" + "github.com/gerblesh/ublue-upd/drv" + "github.com/gerblesh/ublue-upd/lib" "github.com/spf13/cobra" ) @@ -23,7 +23,7 @@ func Update(cmd *cobra.Command, args []string) { log.Fatalf("Unable to determine if image is outdated: %v", err) } if outdated { - lib.Notify("System Warning", "Your current image is over 1 month old, run `ujust update`") + lib.Notify("System Warning", "Your current image is over 1 month old, is this image still maintained?") } hwCheck, err := cmd.Flags().GetBool("hw-check") @@ -113,8 +113,8 @@ func Update(cmd *cobra.Command, args []string) { } // Run distrobox updates - log.Printf("[%d/%d] Updating System Distroboxes", currentUpdate, totalUpdates) currentUpdate++ + log.Printf("[%d/%d] Updating System Distroboxes", currentUpdate, totalUpdates) // distrobox doesn't support sudo, run with systemd-run out, err = lib.RunUID(0, []string{"/usr/bin/distrobox", "upgrade", "-a"}, nil) if err != nil { diff --git a/cmd/updateCheck.go b/cmd/updateCheck.go index 019e69a..c63c2e6 100644 --- a/cmd/updateCheck.go +++ b/cmd/updateCheck.go @@ -1,7 +1,7 @@ package cmd import ( - "github.com/gerblesh/update-next/drv" + "github.com/gerblesh/ublue-upd/drv" "github.com/spf13/cobra" "log" ) diff --git a/cmd/wait.go b/cmd/wait.go index 831cc90..9f0fdb4 100644 --- a/cmd/wait.go +++ b/cmd/wait.go @@ -5,7 +5,7 @@ import ( "os" "time" - "github.com/gerblesh/update-next/lib" + "github.com/gerblesh/ublue-upd/lib" "github.com/spf13/cobra" ) diff --git a/containers.conf b/containers.conf new file mode 100644 index 0000000..220c1f8 --- /dev/null +++ b/containers.conf @@ -0,0 +1,12 @@ +[containers] +netns="host" +userns="host" +ipcns="host" +utsns="host" +cgroupns="host" +cgroups="disabled" +log_driver = "k8s-file" +[engine] +cgroup_manager = "cgroupfs" +events_logger="file" +runtime="crun" diff --git a/demo.tape b/demo.tape new file mode 100644 index 0000000..27c61b1 --- /dev/null +++ b/demo.tape @@ -0,0 +1,7 @@ +# Where should we write the GIF? +Output demo.gif + +# Set up a 1200x600 terminal with 46px font. +Set FontSize 46 +Set Width 1200 +Set Height 600 diff --git a/drv/bootc.go b/drv/bootc.go index 2eeb1f1..4f04bad 100644 --- a/drv/bootc.go +++ b/drv/bootc.go @@ -2,7 +2,6 @@ package drv import ( "encoding/json" - "log" "os/exec" "strings" "time" diff --git a/drv/brew.go b/drv/brew.go index 52dfd51..699e863 100644 --- a/drv/brew.go +++ b/drv/brew.go @@ -2,7 +2,7 @@ package drv import ( "fmt" - "github.com/gerblesh/update-next/lib" + "github.com/gerblesh/ublue-upd/lib" "log" "os" "syscall" diff --git a/go.mod b/go.mod index 5f1f781..36a191f 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/gerblesh/update-next +module github.com/gerblesh/ublue-upd go 1.23.3 diff --git a/justfile b/justfile new file mode 100644 index 0000000..9d26da3 --- /dev/null +++ b/justfile @@ -0,0 +1,72 @@ +set shell := ["bash", "-uc"] +export UBLUE_ROOT := env_var_or_default("UBLUE_ROOT", "/app/output") +export TARGET := "ublue-upd" +export SOURCE_DIR := UBLUE_ROOT + "/" + TARGET +export RPMBUILD := UBLUE_ROOT + "/rpmbuild" + +default: + just --list + +build: + go build -o output/ublue-upd + +run: build + sudo ./output/ublue-upd + +spec: output + rpkg spec --outdir "$PWD/output" + +build-rpm: + rpkg local --outdir "$PWD/output" + +builddep: + dnf builddep -y output/ublue-upd.spec + +container-install-deps: + #!/usr/bin/env bash + set -eou pipefail + dnf install \ + --disablerepo='*' \ + --enablerepo='fedora,updates' \ + --setopt install_weak_deps=0 \ + --nodocs \ + --assumeyes \ + 'dnf-command(builddep)' \ + rpkg \ + rpm-build \ + git + +# Used internally by build containers +container-rpm-build: container-install-deps spec builddep build-rpm + #!/usr/bin/env bash + set -eou pipefail + + # clean up files + for RPM in ${UBLUE_ROOT}/*/*.rpm; do + NAME="$(rpm -q $RPM --queryformat='%{NAME}')" + mkdir -p "${UBLUE_ROOT}/ublue-os/rpms/" + cp "${RPM}" "${UBLUE_ROOT}/ublue-os/rpms/$(rpm -q "${RPM}" --queryformat='%{NAME}.rpm')" + done + +output: + mkdir -p output + +dnf-install: + dnf install -y "output/noarch/*.rpm" + +container-build: + podman build . -t test-container -f Containerfile + +container-test: + #!/usr/bin/env bash + set -eou pipefail + + podman run -d --replace --name ublue-upd-test --security-opt label=disable --device /dev/fuse:rw --privileged --systemd true test-container + while [[ "$(podman exec ublue-upd-test systemctl is-system-running)" != "running" && "$(podman exec ublue-upd-test systemctl is-system-running)" != "degraded" ]]; do + echo "Waiting for systemd to finish booting..." + sleep 1 + done + podman exec -t ublue-upd-test systemd-run --machine 0@ --pipe --quiet /usr/bin/ublue-upd --dry-run + podman rm -f ublue-upd-test +clean: + rm -rf "$UBLUE_ROOT" diff --git a/main.go b/main.go index 40c5ee0..f807ecb 100644 --- a/main.go +++ b/main.go @@ -1,7 +1,7 @@ package main import ( - "github.com/gerblesh/update-next/cmd" + "github.com/gerblesh/ublue-upd/cmd" "log" "os/user" ) diff --git a/podman-containers.conf b/podman-containers.conf new file mode 100644 index 0000000..2bdd95a --- /dev/null +++ b/podman-containers.conf @@ -0,0 +1,5 @@ +[containers] +volumes = [ + "/proc:/proc", +] +default_sysctls = [] diff --git a/ublue-upd.rules b/ublue-upd.rules new file mode 100644 index 0000000..6843fc2 --- /dev/null +++ b/ublue-upd.rules @@ -0,0 +1,7 @@ +polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "ublue-update.service") + { + return polkit.Result.YES; + } +}) diff --git a/ublue-upd.service b/ublue-upd.service new file mode 100644 index 0000000..04bf208 --- /dev/null +++ b/ublue-upd.service @@ -0,0 +1,6 @@ +[Unit] +Description=Universal Blue Update Oneshot Service + +[Service] +Type=oneshot +ExecStart=/usr/bin/ublue-update diff --git a/ublue-upd.spec b/ublue-upd.spec new file mode 100644 index 0000000..fc074bc --- /dev/null +++ b/ublue-upd.spec @@ -0,0 +1,58 @@ +Name: ublue-upd +Version: 1.0 +Release: 1%{?dist} +Summary: Centralized update service/checker made for Universal Blue +Vendor: ublue-os +URL: https://github.com/%{vendor}/%{name} +# Detailed information about the source Git repository and the source commit +# for the created rpm package +VCS: {{{ git_dir_vcs }}} +# git_dir_pack macro places the repository content (the source files) into a tarball +# and returns its filename. The tarball will be used to build the rpm. +Source: {{{ git_dir_pack }}} +License: Apache-2.0 + +BuildRequires: golang +BuildRequires: systemd-rpm-macros +Requires: bootc +Requires: distrobox +Requires: flatpak +Requires: libnotify +Requires: systemd +Provides: %{name} = %{version} + +%description +A simple updater for Universal Blue systems + +%global debug_package %{nil} + +%prep +{{{ git_dir_setup_macro }}} + +%build +go build -v -o %{name} + +%install +install -Dpm 0755 %{name} %{buildroot}%{_bindir}/%{name} +install -Dpm 644 %{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -Dpm 644 %{name}.timer %{buildroot}%{_unitdir}/%{name}.timer +install -Dpm 644 %{name}.rules %{buildroot}%{_sysconfdir}/polkit-1/rules.d/%{name}.rules + +%check +# go test should be here if you have tests, e.g. +# go test -v ./... + +%post +%systemd_post %{name}.timer + +%preun +%systemd_preun %{name}.timer + +%files +%{_bindir}/%{name} +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}.timer +%config(noreplace) %{_sysconfdir}/polkit-1/rules.d/%{name}.rules + +%changelog +%autochangelog diff --git a/ublue-upd.timer b/ublue-upd.timer new file mode 100644 index 0000000..6eabc5a --- /dev/null +++ b/ublue-upd.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Auto Update System Timer For Universal Blue +Wants=network-online.target + +[Timer] +OnBootSec=20min +OnUnitInactiveSec=6h +Persistent=true + +[Install] +WantedBy=timers.target