fedora-bootc/build_files/gnome/cleanup.sh

#!/bin/bash

set -ouex pipefail

# Delete 1Password and Tailscale repos once packages are installed
# so they don't end up in the final image, and don't raise an error if any of
# these files does not exist when attempting to delete them.
rm \
  /etc/yum.repos.d/1password.repo \
  /etc/yum.repos.d/tailscale.repo \
  /etc/pki/rpm-gpg/1password.asc \
  /etc/pki/rpm-gpg/tailscale.gpg \
  2>&1

# Or just disable:
# dnf5 config-manager setopt 1password.enabled=0 tailscale-stable.enabled=0
# sed -i 's/enabled=1/enabled=0/' \
#   /etc/yum.repos.d/1password.repo \
#   /etc/yum.repos.d/tailscale.repo \

# Fedora Flatpak service is a part of the flatpak package, ensure it's overridden by moving to replace it at the end of the build.
mv -f /usr/lib/systemd/system/flatpak-add-flathub-repos.service /usr/lib/systemd/system/flatpak-add-fedora-repos.service

# Re-install all pre-installed (GNOME) applications from Flathub
#flatpak install --reinstall flathub "$(flatpak list --app-runtime=org.fedoraproject.Platform --columns=application | tail -n +1 )"

# ...and remove  the fedora flatpak remotes
#flatpak remote-delete --force fedora
#flatpak remote-delete --force fedora-testing

# TODO: Add flathub remove, enable, and remove filter
# TODO: Install core GNOME Flatpak apps
# TODO: Install my own commonly used Flatpak apps
# IDEA: Can I set certain dconf settings, like Ptyxis config, temperature settings, etc?
# IDEA: Can I set certain Flatpak system defaults (ie. no read/write anywhere by default)

# Remove dnf5 versionlocks
dnf5 versionlock clear

# Remove tmp files and everything in dirs that make bootc unhappy
rm -rf /tmp/* || true
rm -rf /usr/etc
rm -rf /boot && mkdir /boot
# Preserve cache mounts
find /var/* -maxdepth 0 -type d \! -name cache \! -name log -exec rm -rf {} \;
find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 -exec rm -rf {} \;

# Make sure /var/tmp is properly created
mkdir -p /var/tmp
chmod -R 1777 /var/tmp

## Handle files that rpm-ostree would normally remove
## Adapted from: https://github.com/hhd-dev/rechunk/blob/master/1_prune.sh#L33

# if [ -f /etc/passwd ]; then
#   out="$(grep -v 'root' /etc/passwd)"
#
#   if [[ ! -z "$out" ]]; then
#     echo
#     echo Appending the following passwd users to /usr/lib/passwd
#     echo "${out}"
#     echo "$out" >>/usr/lib/passwd
#   fi
# fi

if [ -f /etc/group ]; then
  out="$(grep -v 'root\|wheel' /etc/group)"

  if [[ ! -z "$out" ]]; then
    echo
    echo Appending the following group entries to /usr/lib/group
    echo "$out"
    echo "$out" >>/usr/lib/group
  fi
fi

if [ -f /etc/passwd ] || [ -f /etc/group ]; then
  echo
  echo "Warning: Make sure processed users and groups are from installed programs!"
fi

# # Create defaults for /etc/passwd, /etc/group
# cat <<EOT >/etc/passwd
# root:x:0:0:root:/root:/bin/bash
# EOT
# cat <<EOT >/etc/group
# root:x:0:
# wheel:x:10:
# EOT

# Extra lock files created by container processes that might cause issues
rm -rf \
  /etc/.pwd.lock \
  /etc/passwd- \
  /etc/group- \
  /etc/shadow- \
  /etc/gshadow- \
  /etc/subuid- \
  /etc/subgid- \
  /.dockerenv

# # Merge /usr/etc to /etc
# # OSTree will error out if both dirs exist
# # And rpm-ostree will be confused and use only one of them
# if [ -d /usr/etc ]; then
#   echo
#   echo WARNING: FOUND /usr/etc. MERGING TO ETC FOR COMPATIBILITY
#   echo EXPECT PERMISSIONS ISSUES ON THE MERGED PATHS
#   echo The following files from /usr/etc will be merged to /etc:
#   tree /usr/etc
#
#   echo
#   rsync -aAX --numeric-ids --checksum --links /usr/etc/ /etc
#   rm -rf /usr/etc
# fi
#
# # Move /etc to /usr/etc
# mv /etc /usr/

# ...normal ublue-inspired steps continue.