diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 696681b..e1268f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,7 +4,7 @@ on: pull_request: merge_group: schedule: - - cron: '0 15 * * *' # 3pm UTC everyday (timed against official fedora container pushes) + - cron: "0 15 * * *" # 3pm UTC everyday (timed against official fedora container pushes) workflow_dispatch: env: @@ -12,7 +12,7 @@ env: jobs: build: - name: Build + name: Build runs-on: ubuntu-22.04 permissions: contents: read @@ -21,9 +21,27 @@ jobs: strategy: fail-fast: false matrix: - arch: [amd64] - version: [39, 40, rawhide] - flavor: [base, silverblue, kinoite] + arch: + - amd64 + version: + - 39 + - 40 + - rawhide + flavor: + - base + - base-nvidia + - silverblue + - silverblue-nvidia + - kinoite + - kinoite-nvidia + exclude: + - version: rawhide + flavor: base-nvidia + - version: rawhide + flavor: silverblue-nvidia + - version: rawhide + flavor: kinoite-nvidia + steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action @@ -50,7 +68,7 @@ jobs: BUILD_TAGS+=("${TIMESTAMP}") BUILD_TAGS+=("latest-${{ matrix.arch }}") fi - + alias_tags=("${BUILD_TAGS[@]}") echo "Generated the following build tags: " for TAG in "${BUILD_TAGS[@]}"; do @@ -72,17 +90,16 @@ jobs: io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/cosmic/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - name: Install qemu dependency - run: | - sudo apt-get update - sudo apt-get install -y qemu-user-static - # Create Variables. Use UBlue images for amd64, fedora-ostree desktop for arm64 - name: matrix-variables run: | if [[ ${{ matrix.arch }} = "amd64" && ${{ matrix.version }} != "rawhide" ]]; then echo "SOURCE_ORG=ghcr.io/ublue-os" >> $GITHUB_ENV - echo "SOURCE_IMAGE=${{ matrix.flavor }}-main" >> $GITHUB_ENV + if [[ "${{ matrix.flavor }}" =~ "nvidia" ]]; then + echo "SOURCE_IMAGE=${{ matrix.flavor }}" >> $GITHUB_ENV + else + echo "SOURCE_IMAGE=${{ matrix.flavor }}-main" >> $GITHUB_ENV + fi else echo "SOURCE_ORG=quay.io/fedora-ostree-desktops" >> $GITHUB_ENV echo "SOURCE_IMAGE=${{ matrix.flavor }}" >> $GITHUB_ENV diff --git a/Containerfile b/Containerfile index 307ee02..2f4a597 100644 --- a/Containerfile +++ b/Containerfile @@ -4,21 +4,24 @@ ARG BASE_IMAGE="${SOURCE_ORG}/${SOURCE_IMAGE}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -# Setup Copr repo -RUN wget https://copr.fedorainfracloud.org/coprs/ryanabx/cosmic-epoch/repo/fedora-40/ryanabx-cosmic-epoch-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_ryanabx-cosmic.repo - -# Install cosmic desktop environment -RUN rpm-ostree install cosmic-desktop - -# Install extras (currently just a power manager and a libsecret manager) -RUN rpm-ostree install \ - tuned \ - gnome-keyring - -# Set up display manager -RUN rm -f /etc/systemd/system/display-manager.service && \ - ln -s /usr/lib/systemd/system/cosmic-greeter.service /etc/systemd/system/display-manager.service +COPY greetd-workaround.service /usr/lib/systemd/system/greetd-workaround.service -RUN ostree container commit && \ +# Build in one step +RUN bash -c "if [[ ${FEDORA_MAJOR_VERSION} == "rawhide" ]]; then \ + curl -Lo /etc/yum.repos.d/_copr_ryanabx-cosmic.repo \ + https://copr.fedorainfracloud.org/coprs/ryanabx/cosmic-epoch/repo/fedora-rawhide/ryanabx-cosmic-epoch-fedora-rawhide.repo \ + ;else curl -Lo /etc/yum.repos.d/_copr_ryanabx-cosmic.repo \ + https://copr.fedorainfracloud.org/coprs/ryanabx/cosmic-epoch/repo/fedora-$(rpm -E %fedora)/ryanabx-cosmic-epoch-fedora-$(rpm -E %fedora).repo \ + ; fi" && \ + rpm-ostree install \ + cosmic-desktop && \ + rpm-ostree install \ + tuned \ + gnome-keyring && \ + rm -f /etc/systemd/system/display-manager.service && \ + ln -s /usr/lib/systemd/system/cosmic-greeter.service /etc/systemd/system/display-manager.service && \ + ln -s /usr/lib/systemd/system/greetd-workaround.service /etc/systemd/system/multi-user.target.wants/greetd-workaround.service && \ + ostree container commit && \ mkdir -p /var/tmp && chmod -R 1777 /var/tmp diff --git a/cosign.pub b/cosign.pub index f9482c4..bd5b192 100644 --- a/cosign.pub +++ b/cosign.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA -cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHLRpBfPRYiMl9wb7s6fx47PzzNWu +3zyJgXhWEvxoOgwv9CpwjbvUwR9qHxNMWkJhuGE6cjDA2hpy1I6NbA+24Q== -----END PUBLIC KEY----- diff --git a/greetd-workaround.service b/greetd-workaround.service new file mode 100644 index 0000000..0eed5a4 --- /dev/null +++ b/greetd-workaround.service @@ -0,0 +1,21 @@ +[Unit] +Description=Workaround for SELinux issues for greetd +ConditionFileIsExecutable=/usr/bin/greetd +After=local-fs.target + +[Service] +Type=oneshot +# Copy if it doesn't exist +ExecStartPre=/usr/bin/mkdir -p /usr/local/bin/overrides +ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/overrides/greetd ] || /usr/bin/cp /usr/bin/greetd /usr/local/bin/overrides/greetd" +# This is faster than using .mount unit. Also allows for the previous line/cleanup +ExecStartPre=/usr/bin/bash -c "/usr/bin/mount --bind /usr/local/bin/overrides/greetd /usr/bin/greetd" +# Fix caps +ExecStart=/usr/bin/bash -c "/usr/sbin/restorecon -rv /usr/bin/greetd" +# Clean-up after ourselves +ExecStop=/usr/bin/umount /usr/bin/greetd +ExecStop=/usr/bin/rm /usr/local/bin/overrides/greetd +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target