Skip to content

Commit

Permalink
feat: Exclude kmods from Fedora 39 and future images (#375)
Browse files Browse the repository at this point in the history
Co-authored-by: Benjamin Sherman <benjamin@holyarmy.org>
  • Loading branch information
EyeCantCU and bsherman authored Oct 12, 2023
1 parent 4ccbe12 commit 4bec2a4
Show file tree
Hide file tree
Showing 9 changed files with 125 additions and 96 deletions.
70 changes: 28 additions & 42 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ on:
workflow_dispatch:
env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
BASE_FLAVOR: nokmods
MAIN_FLAVOR: main

jobs:
push-ghcr:
Expand All @@ -31,6 +29,7 @@ jobs:
- mate
- vauxite
major_version: [37, 38, 39]
build_target: [nokmods, kmods]
include:
- major_version: 37
is_latest_version: false
Expand All @@ -55,6 +54,11 @@ jobs:
major_version: 38
- image_name: vauxite
major_version: 39
# THE FOLLOWING EXCLUDE IS MESSY BUT TEMPORARY UNTIL F38 IS GONE
# see: https://github.com/ublue-os/main/issues/369
# Fedora 39+ images do not include custom kmods (legacy)
- build_target: kmods
major_version: 39
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
Expand All @@ -64,14 +68,27 @@ jobs:
uses: actions/checkout@v4

- name: Matrix Variables
shell: bash
run: |
if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then
echo "SOURCE_IMAGE=base" >> $GITHUB_ENV
else
echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV
fi
echo "BASE_IMAGE=${{ matrix.image_name }}-${{ env.BASE_FLAVOR }}" >> $GITHUB_ENV
echo "MAIN_IMAGE=${{ matrix.image_name }}-${{ env.MAIN_FLAVOR }}" >> $GITHUB_ENV
# THE FOLLOWING IS MESSY BUT TEMPORARY UNTIL F38 IS GONE
# see: https://github.com/ublue-os/main/issues/369
# Fedora 39+ images do not include custom kmods (legacy)
if [[ "${{ matrix.major_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then
export IMAGE_FLAVOR=main
elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then
export IMAGE_FLAVOR=nokmods
elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then
export IMAGE_FLAVOR=main
else
echo "ERROR: invalid workflow request - ${{ matrix.major_version }} - ${{ matrix.build_target }}"
exit 1
fi
echo "IMAGE_NAME=${{ matrix.image_name }}-${IMAGE_FLAVOR}" >> $GITHUB_ENV
- name: Generate tags
id: generate-tags
Expand Down Expand Up @@ -134,59 +151,28 @@ jobs:
ver=$(skopeo inspect docker://quay.io/fedora-ostree-desktops/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
echo "VERSION=$ver" >> $GITHUB_OUTPUT
# Build metadata
- name: Base Image Metadata
uses: docker/metadata-action@v5
id: meta-base
with:
images: |
${{ env.BASE_IMAGE }}
labels: |
org.opencontainers.image.title=${{ env.BASE_IMAGE }}
org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }}
org.opencontainers.image.description=A base Universal Blue ${{ matrix.image_name }} image with no extra kmod or kernel packages
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
- name: Main Image Metadata
# Generate image metadata
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta-main
with:
images: |
${{ env.MAIN_IMAGE }}
${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=${{ env.MAIN_IMAGE }}
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }}
org.opencontainers.image.description=A base Universal Blue ${{ matrix.image_name }} image with batteries included
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
# Build image using Buildah action
- name: Build Base Image
id: build_image-base
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
image: ${{ env.BASE_IMAGE }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
build-args: |
IMAGE_NAME=${{ matrix.image_name }}
SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
FEDORA_MAJOR_VERSION=${{ matrix.major_version }}
labels: ${{ steps.meta-base.outputs.labels }}
oci: false
extra-args: |
--target=${{ env.BASE_FLAVOR }}
- name: Build Main Image
- name: Build Image
id: build_image-main
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
image: ${{ env.MAIN_IMAGE }}
image: ${{ env.IMAGE_NAME }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
build-args: |
Expand All @@ -196,7 +182,7 @@ jobs:
labels: ${{ steps.meta-main.outputs.labels }}
oci: false
extra-args: |
--target=${{ env.MAIN_FLAVOR }}
--target=${{ matrix.build_target }}
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
Expand Down
35 changes: 20 additions & 15 deletions Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,40 +9,45 @@ ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-38}"

COPY github-release-install.sh \
nokmods-install.sh \
nokmods-post-install.sh \
nokmods-packages.json \
install.sh \
post-install.sh \
packages.sh \
packages.json \
/tmp/

COPY --from=ghcr.io/ublue-os/config:latest /rpms /tmp/rpms
COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms/ublue-os /tmp/rpms

RUN wget https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-$(rpm -E %fedora)/ublue-os-staging-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_ublue-os_staging.repo && \
wget https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-$(rpm -E %fedora)/kylegospo-oversteer-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_kylegospo_oversteer.repo && \
/tmp/nokmods-install.sh && \
/tmp/nokmods-post-install.sh && \
/tmp/install.sh && \
/tmp/post-install.sh && \
## bootc
wget https://copr.fedorainfracloud.org/coprs/rhcontainerbot/bootc/repo/fedora-"${FEDORA_MAJOR_VERSION}"/bootc-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/bootc.repo && \
rpm-ostree install bootc && \
rm -f /etc/yum.repos.d/bootc.repo && \
rm -f /etc/yum.repos.d/_copr_ublue-os_staging.repo && \
rm -f /etc/yum.repos.d/_copr_kylegospo_oversteer.repo && \
rm -rf /tmp/* /var/*

RUN ostree container commit && \
rm -rf /tmp/* /var/* && \
ostree container commit && \
mkdir -p /var/tmp && chmod -R 1777 /var/tmp

FROM nokmods AS main

# !!! WARNING - KMODS IN MAIN IMAGES ARE DEPRECATED !!!

# Only "legacy" (Fedora 38 and older) have custom kmods included in the "main" images.
FROM nokmods AS kmods

ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-38}"

COPY main-install.sh /tmp/main-install.sh
COPY main-sys_files /
COPY kmods-install.sh /tmp/kmods-install.sh
COPY kmods-sys_files /tmp/kmods-files

COPY --from=ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} /rpms /tmp/akmods-rpms

RUN /tmp/main-install.sh && \
rm -rf /tmp/* /var/*

RUN ostree container commit && \
# kmods-install.sh will error if running in Fedora 39 or newer.
RUN /tmp/kmods-install.sh && \
rm -rf /tmp/* /var/* && \
ostree container commit && \
mkdir -p /var/tmp && chmod -R 1777 /var/tmp
30 changes: 30 additions & 0 deletions install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/sh

set -ouex pipefail

RELEASE="$(rpm -E %fedora)"

wget -P /tmp/rpms \
https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm \
https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm

rpm-ostree install \
/tmp/rpms/*.rpm \
fedora-repos-archive

# force use of single rpmfusion mirror
sed -i.bak 's%^metalink=%#metalink=%' /etc/yum.repos.d/rpmfusion-*.repo
sed -i 's%^#baseurl=http://download1.rpmfusion.org%baseurl=http://mirrors.ocf.berkeley.edu/rpmfusion%' /etc/yum.repos.d/rpmfusion-*.repo
# after F39 launches, bump to 40
if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then
sed -i 's%free/fedora/releases%free/fedora/development%' /etc/yum.repos.d/rpmfusion-*.repo
fi

# run common packages script
/tmp/packages.sh

## install packages direct from github
/tmp/github-release-install.sh sigstore/cosign x86_64

# reset forced use of single rpmfusion mirror
rename -v .repo.bak .repo /etc/yum.repos.d/rpmfusion-*repo.bak
37 changes: 24 additions & 13 deletions main-install.sh → kmods-install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,22 @@

set -ouex pipefail

rpm-ostree install /tmp/akmods-rpms/ublue-os/ublue-os-akmods-addons*.rpm
# !!! WARNING - KMODS IN MAIN IMAGES ARE DEPRECATED !!!

echo "DEPRECATED: Universal Blue will not include kmods in *-main images for Fedora 39 and newer."

# Only run if FEDORA_MAJOR_VERSION is less than 39
if [[ ${FEDORA_MAJOR_VERSION} -gt 38 ]]; then \
exit 1
fi

# proceed with rest of script without further version checks


# copy kmods related files into image filesystem
cp -rf /tmp/kmods-files/* /


for REPO in $(rpm -ql ublue-os-akmods-addons|grep ^"/etc"|grep repo$); do
echo "akmods: enable default entry: ${REPO}"
sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' ${REPO}
Expand All @@ -16,18 +31,14 @@ if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then
sed -i 's%free/fedora/releases%free/fedora/development%' /etc/yum.repos.d/rpmfusion-*.repo
fi

# Only run if FEDORA_MAJOR_VERSION is not 39
if grep -qv "39" <<< $FEDORA_MAJOR_VERSION; then
rpm-ostree install \
kernel-devel-matched \
kernel-tools \
/tmp/akmods-rpms/kmods/*xpadneo*.rpm \
/tmp/akmods-rpms/kmods/*xpad-noone*.rpm \
/tmp/akmods-rpms/kmods/*xone*.rpm \
/tmp/akmods-rpms/kmods/*openrazer*.rpm \
/tmp/akmods-rpms/kmods/*v4l2loopback*.rpm \
/tmp/akmods-rpms/kmods/*wl*.rpm
fi
rpm-ostree install \
kernel-devel-matched \
/tmp/akmods-rpms/kmods/*xpadneo*.rpm \
/tmp/akmods-rpms/kmods/*xpad-noone*.rpm \
/tmp/akmods-rpms/kmods/*xone*.rpm \
/tmp/akmods-rpms/kmods/*openrazer*.rpm \
/tmp/akmods-rpms/kmods/*v4l2loopback*.rpm \
/tmp/akmods-rpms/kmods/*wl*.rpm

for REPO in $(rpm -ql ublue-os-akmods-addons|grep ^"/etc"|grep repo$); do
echo "akmods: disable per defaults: ${REPO}"
Expand Down
1 change: 1 addition & 0 deletions nokmods-packages.json → packages.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
"htop",
"intel-media-driver",
"just",
"kernel-tools",
"libheif-tools",
"libratbag-ratbagd",
"libva-intel-driver",
Expand Down
48 changes: 22 additions & 26 deletions nokmods-install.sh → packages.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,42 +4,28 @@ set -ouex pipefail

RELEASE="$(rpm -E %fedora)"

# build list of all packages requested for inclusion
INCLUDED_PACKAGES=($(jq -r "[(.all.include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \
(select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \
| sort | unique[]" /tmp/nokmods-packages.json))
| sort | unique[]" /tmp/packages.json))

# build list of all packages requested for exclusion
EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \
(select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \
| sort | unique[]" /tmp/nokmods-packages.json))
| sort | unique[]" /tmp/packages.json))


# ensure exclusion list only contains packages already present on image
if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]}))
fi

wget -P /tmp/rpms \
https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm \
https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm

rpm-ostree install \
/tmp/rpms/*.rpm \
fedora-repos-archive

# force use of single rpmfusion mirror
sed -i.bak 's%^metalink=%#metalink=%' /etc/yum.repos.d/rpmfusion-*.repo
sed -i 's%^#baseurl=http://download1.rpmfusion.org%baseurl=http://mirrors.ocf.berkeley.edu/rpmfusion%' /etc/yum.repos.d/rpmfusion-*.repo
# after F39 launches, bump to 40
if [[ "${FEDORA_MAJOR_VERSION}" -ge 39 ]]; then
sed -i 's%free/fedora/releases%free/fedora/development%' /etc/yum.repos.d/rpmfusion-*.repo
fi

# simple case to install where no packages need excluding
if [[ "${#INCLUDED_PACKAGES[@]}" -gt 0 && "${#EXCLUDED_PACKAGES[@]}" -eq 0 ]]; then
rpm-ostree install \
${INCLUDED_PACKAGES[@]}

elif [[ "${#INCLUDED_PACKAGES[@]}" -eq 0 && "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
rpm-ostree override remove \
${EXCLUDED_PACKAGES[@]}

# install/excluded packages both at same time
elif [[ "${#INCLUDED_PACKAGES[@]}" -gt 0 && "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
rpm-ostree override remove \
${EXCLUDED_PACKAGES[@]} \
Expand All @@ -50,8 +36,18 @@ else

fi

## install packages direct from github
/tmp/github-release-install.sh sigstore/cosign x86_64
# check if any excluded packages are still present
# (this can happen if an included package pulls in a dependency)
EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \
(select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \
| sort | unique[]" /tmp/packages.json))

if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]}))
fi

# reset forced use of single rpmfusion mirror
rename -v .repo.bak .repo /etc/yum.repos.d/rpmfusion-*repo.bak
# remove any excluded packages which are still present on image
if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
rpm-ostree override remove \
${EXCLUDED_PACKAGES[@]}
fi
File renamed without changes.

0 comments on commit 4bec2a4

Please sign in to comment.