2025-11-13 18:54:46 +09:00
4 changed files with 104 additions and 70 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -50,16 +50,6 @@ jobs:
          echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> ${GITHUB_ENV}
          echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}

-          # Pre-create Podman's auth file directory and file, this is somehow needed here.
-          #mkdir -p /tmp/podman-run-0/containers
-          #echo "{}" > /tmp/podman-run-0/containers/auth.json
-
-          # Pre-create docker config file
-          #mkdir -p ~/.docker
-          #echo "{}" > ~/.docker/config.json
-
-          #touch /tmp/podman-run-0/containers/auth.json
-
      # These stage versions are pinned by https://github.com/renovatebot/renovate
      - name: Checkout
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
@@ -83,11 +73,10 @@ jobs:
        with:
          # This generates all the tags for your image, you can add custom tags here too!
          tags: |
-            # set latest tag for main branch
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-            type=raw,value=${{ env.FEDORA_BASE }}
-            type=raw,value=${{ env.FEDORA_BASE }}-{{date 'YYYYMMDD'}}
-            type=sha,enable=${{ github.event_name == 'pull_request' }}
+            type=sha
+            type=raw,value=latest,enable=${{ github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=raw,value=${{ env.FEDORA_BASE }},enable=${{ github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=raw,value=${{ env.FEDORA_BASE }}-{{date 'YYYYMMDD'}},enable=${{ github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
            type=ref,event=pr
          labels: |
            io.artifacthub.package.readme-url=${{ env.README_URL }}
@@ -123,6 +112,7 @@ jobs:
          image: ${{ env.IMAGE_NAME }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
+          #labels: "localhost/${{ env.IMAGE_NAME }}:${{ env.FEDORA_BASE }}"
          extra-args: --isolation=chroot
          oci: false

@@ -132,25 +122,21 @@ jobs:
      # You can enable it by uncommenting the following lines:
      # - name: Run Rechunker
      #   id: rechunk
-      #   uses: hhd-dev/rechunk@f153348d8100c1f504dec435460a0d7baf11a9d2 # v1.1.1
+      #   uses: hhd-dev/rechunk@v1.2.4
      #   with:
-      #     rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1'
-      #     ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
-      #     prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
+      #     rechunk: "ghcr.io/hhd-dev/rechunk:v1.2.4"
+      #     ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.FEDORA_BASE }}"
+      #     prev-ref:
+      #       "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.FEDORA_BASE
+      #       }}"
      #     skip_compression: true
-      #     version: ${{ env.CENTOS_VERSION }}
+      #     version: ${{ env.FEDORA_BASE }}
      #     labels: ${{ steps.metadata.outputs.labels }} # Rechunk strips out all the labels during build, this needs to be reapplied here with newline separator

-      # This is necessary so that the podman socket can find the rechunked image on its storage
-      # - name: Load in podman and tag
-      #   run: |
-      #     IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
-      #     sudo rm -rf ${{ steps.rechunk.outputs.output }}
-      #     for tag in ${{ steps.metadata.outputs.tags }}; do
-      #       podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
-      #     done
-
      - name: Login to Container Registry
+        if:
+          github.event_name != 'pull_request' && github.ref ==
+          format('refs/heads/{0}', github.event.repository.default_branch)
        run: |
          podman login \
            --verbose \
--- a/12
+++ b/12
@@ -3,18 +3,10 @@ ARG FEDORA_BASE=42
 # Allow build scripts to be referenced without being copied into the final image
 FROM scratch AS ctx
 COPY build_files /
+COPY /sys_files /sys_files

 # Base Image
-FROM ghcr.io/ublue-os/silverblue-main:$FEDORA_BASE
-
-## Other possible base images include:
-# FROM ghcr.io/ublue-os/bazzite:latest
-# FROM ghcr.io/ublue-os/bluefin-nvidia:stable
-#
-# ... and so on, here are more base images
-# Universal Blue Images: https://github.com/orgs/ublue-os/packages
-# Fedora base image: quay.io/fedora/fedora-bootc:41
-# CentOS base images: quay.io/centos-bootc/centos-bootc:stream10
+FROM quay.io/fedora-ostree-desktops/silverblue:$FEDORA_BASE

 ### [IM]MUTABLE /opt
 ## Some bootable images, like Fedora, have /opt symlinked to /var/opt, in order to
--- a/build_files/build.sh
+++ b/build_files/build.sh
@@ -2,6 +2,9 @@

 set -ouex pipefail

+# Copy System Files onto root
+rsync -rvK /ctx/sys_files/ /
+
 ### Install packages

 # Packages can be installed from any enabled yum repo on the image.
@@ -9,8 +12,47 @@ set -ouex pipefail
 # List of rpmfusion packages can be found here:
 # https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1

+# Install RPMFusion and enable fedora-multimedia with a higher priority than default
+if ! grep -q fedora-multimedia <(dnf5 repolist); then
+  # Enable or Install Repofile
+  #dnf5 install \
+  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
+
+  # Enable fedora-multimedia
+  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
+    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
+fi
+
+# Set higher priority
+dnf5 config-manager setopt fedora-multimedia.priority=90
+
 # Remove system-installed Firefox as I prefer to use the Flatpak version
-dnf5 remove -y firefox firefox-langpacks
+dnf5 remove -y firefox firefox-langpacks fedora-flathub-remote
+
+# Add Flathub to the image for eventual application
+mkdir -p /etc/flatpak/remotes.d/
+curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo
+
+# use override to replace mesa and others with less crippled versions
+OVERRIDES=(
+  "intel-gmmlib"
+  "intel-mediasdk"
+  "intel-vpl-gpu-rt"
+  "libheif"
+  "libva"
+  "libva-intel-media-driver"
+  "mesa-dri-drivers"
+  "mesa-filesystem"
+  "mesa-libEGL"
+  "mesa-libGL"
+  "mesa-libgbm"
+  "mesa-va-drivers"
+  "mesa-vulkan-drivers"
+)
+
+dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
+dnf5 versionlock add "${OVERRIDES[@]}"

 # Remove additional repositories Fedora comes with out of the box
 rm \
@@ -26,10 +68,10 @@ sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$

 # Add 1Password repo
 #rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
-cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc 
+cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
 sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'

-# Add Tailscale repo 
+# Add Tailscale repo
 #rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
 #dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
 cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
@@ -42,6 +84,10 @@ sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.
 dnf5 install -y \
  gvfs-nfs \
  openssl \
+  wl-clipboard \
+  ffmpeg ffmpeg-libs ffmpegthumbnailer \
+  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
+  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
  gnome-shell-extension-appindicator \
  1password 1password-cli \
  tailscale
@@ -58,34 +104,29 @@ rm \
 # dnf5 config-manager setopt 1password.enabled=0 tailscale-stable.enabled=0
 # sed -i 's/enabled=1/enabled=0/' \
 #   /etc/yum.repos.d/1password.repo \
-#   /etc/yum.repos.d/tailscale.repo
+#   /etc/yum.repos.d/tailscale.repo \

-# Add Flathub
-#flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-#flatpak remote-modify --enable --no-filter flathub
+# Fedora Flatpak service is a part of the flatpak package, ensure it's overridden by moving to replace it at the end of the build.
+mv -f /usr/lib/systemd/system/flatpak-add-flathub-repos.service /usr/lib/systemd/system/flatpak-add-fedora-repos.service

-# Re-install all pre-installed (GNOME) applications from Flathub
-#flatpak install --reinstall flathub "$(flatpak list --app-runtime=org.fedoraproject.Platform --columns=application | tail -n +1 )"
-
-# ...and remove  the fedora flatpak remotes
-#flatpak remote-delete --force fedora
-#flatpak remote-delete --force fedora-testing
-
-
-# TODO: Add flathub remove, enable, and remove filter
-# TODO: Install core GNOME Flatpak apps
-# TODO: Install my own commonly used Flatpak apps
-# IDEA: Can I set certain dconf settings, like Ptyxis config, temperature settings, etc?
-# IDEA: Can I set certain Flatpak system defaults (ie. no read/write anywhere by default)
-
-# Use a COPR Example:
-#
-# dnf5 -y copr enable ublue-os/staging
-# dnf5 -y install package
-# Disable COPRs so they don't end up enabled on the final image:
-# dnf5 -y copr disable ublue-os/staging
-
-#### Example for enabling a System Unit File
-
-# systemctl enable podman.socket
+# Enable Tailscale
 systemctl enable tailscaled
+
+# Cleanup
+
+# Remove dnf5 versionlocks
+dnf5 versionlock clear
+
+# Remove tmp files and everything in dirs that make bootc unhappy
+rm -rf /tmp/* || true
+rm -rf /usr/etc
+rm -rf /boot && mkdir /boot
+# Preserve cache mounts
+find /var/* -maxdepth 0 -type d \! -name cache \! -name log -exec rm -rf {} \;
+find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 -exec rm -rf {} \;
+
+# Make sure /var/tmp is properly created
+mkdir -p /var/tmp
+chmod -R 1777 /var/tmp
+
+echo "Done."
--- a/sys_files/usr/lib/systemd/system/flatpak-add-flathub-repos.service
+++ b/sys_files/usr/lib/systemd/system/flatpak-add-flathub-repos.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Add Flathub flatpak repositories. This replaces a service included by Fedora that normally installs their repo.
+ConditionPathExists=!/var/lib/flatpak/.ublue-initialized
+Before=flatpak-system-helper.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/flatpak remote-add --system --if-not-exists flathub /etc/flatpak/remotes.d/flathub.flatpakrepo
+ExecStart=/usr/bin/flatpak remote-add --system --if-not-exists --disable --title "Fedora Flatpaks" fedora oci+https://registry.fedoraproject.org
+ExecStart=/usr/bin/flatpak remote-add --system --if-not-exists --disable --title "Fedora Flatpaks (testing)" fedora-testing oci+https://registry.fedoraproject.org#testing
+ExecStartPost=/usr/bin/touch /var/lib/flatpak/.ublue-initialized
+
+[Install]
+WantedBy=multi-user.target