Consolidating

.github/workflows/microshift.yaml

@@ -39,7 +39,7 @@ jobs:
           layers: true
           tags: ${{ matrix.variant }}-custom ${{ matrix.variant }}-custom-${{ steps.versioned-tag.outputs.VERSIONED_TAG }}
           containerfiles: |
-            ./microshift.Containerfile
+            ./os_microshift.Containerfile
       - name: Push to registry
         uses: redhat-actions/push-to-registry@v2
         with:

.github/workflows/os-content.yaml

@@ -42,7 +42,7 @@ jobs:
           layers: true
           tags: ${{ matrix.variant }}-custom ${{ matrix.variant }}-custom-${{ steps.versioned-tag.outputs.VERSIONED_TAG }}
           containerfiles: |
-            ./Containerfile
+            ./os_desktop.Containerfile
           build-args: |
             BASE_REPO=${{ env.IMAGE_REGISTRY }}/${{ env.REGISTRY_USER }}/${{ env.IMAGE_NAME }}
             BASE_TAG=${{ matrix.variant }}-rawhide

.github/workflows/toolbox-image.yaml

@@ -34,7 +34,7 @@ jobs:
           layers: true
           tags: toolbox toolbox-custom-${{ steps.versioned-tag.outputs.VERSIONED_TAG }}
           containerfiles: |
-            ./toolbox.Containerfile
+            ./os_toolbox.Containerfile
           build-args: |
             BASE_REPO=registry.fedoraproject.org/fedora-toolbox
             BASE_TAG=testing

os_desktop.Containerfile

@@ -0,0 +1,71 @@
+ARG BASE_REPO=quay.io/aleskandrox/fedora
+ARG BASE_TAG=kinoite-rawhide
+FROM ${BASE_REPO}:${BASE_TAG}
+
+ARG TOOLBOX_IMAGE=quay.io/aleskandrox/fedora:toolbox
+ENTRYPOINT ["/bin/bash"]
+
+RUN set -x; arch=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/'); cat /etc/os-release \
+    && rpm-ostree install \
+        https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+        https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
+    && ostree container commit
+
+COPY *.list /tmp
+RUN set -x; cat /etc/os-release; rpm-ostree --version; ostree --version; \
+    rpm-ostree install $(</tmp/packages.list) $(</tmp/packages.virt.list) $(</tmp/packages.desktop.list) \
+    && ln -sf /usr/bin/ld.bfd /usr/bin/ld \
+    && ln -sf /usr/bin/netcat /usr/bin/nc \
+    && ostree container commit
+
+# FIXME: Remove the replacement for releasever once fedora-cisco-openh264 provides builds for fedora 40.
+RUN set -x; sed -i "s/\$releasever/39/g" /etc/yum.repos.d/fedora-cisco-openh264.repo; \
+    rpm-ostree override remove mesa-va-drivers libavcodec-free \
+      libavfilter-free libavformat-free libavutil-free libpostproc-free libswresample-free libswscale-free \
+      --install ffmpeg --install mesa-va-drivers-freeworld
+
+RUN set -x; if rpm -qa | grep -q gnome-desktop; then \
+    PACKAGES_INSTALL="gnome-tweaks tilix gnome-extensions-app gedit evince evolution"; \
+    rpm-ostree install $PACKAGES_INSTALL && ostree container commit; fi
+
+RUN set -x; if rpm -qa | grep -q plasma-desktop; then \
+      PACKAGES_INSTALL="kdepim okular gwenview"; \
+      rpm-ostree install $PACKAGES_INSTALL && ostree container commit; fi
+
+# The repositories for docker-ce are currently pinned to Fedora 39.
+RUN set -x; \
+    source /etc/os-release; \
+    curl -L https://download.docker.com/linux/fedora/docker-ce.repo | releasever=39 envsubst '$releasever' \
+        | tee /etc/yum.repos.d/docker-ce.repo \
+    && rpm-ostree install docker-ce docker-ce-cli && ostree container commit
+
+COPY overlay.d/01-common/ /
+COPY overlay.d/05-systemd/ /
+COPY overlay.d/10-desktop/ /
+
+RUN set -x; sed -i \
+      's/AutomaticUpdatePolicy=.*/AutomaticUpdatePolicy=stage/' \
+      /etc/rpm-ostreed.conf \
+    && systemctl preset-all \
+    && ostree container commit
+
+RUN HOME=/tmp RUNZSH=no CHSH=no ZSH=/usr/lib/ohmyzsh \
+    sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" \
+    && set -x \
+    && wget -qO /usr/lib/ohmyzsh/custom/kube-ps1.plugin.zsh \
+        https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/plugins/kube-ps1/kube-ps1.plugin.zsh \
+    && mv /usr/share/zsh/*.zsh /usr/lib/ohmyzsh/custom/ \
+    && git clone https://github.com/zsh-users/zsh-history-substring-search \
+     /usr/lib/ohmyzsh/custom/plugins/zsh-history-subscring-search \
+    && git clone https://github.com/zsh-users/zsh-syntax-highlighting.git \
+     /usr/lib/ohmyzsh/custom/plugins/zsh-syntax-highlighting \
+    && chsh -s /bin/zsh root \
+    && echo 'PATH=~/bin:~/.bin:~/.opt/bin:$PATH' >> /etc/zshenv \
+    && sed -i 's|^SHELL=.*|SHELL=/usr/bin/zsh|' /etc/default/useradd \
+    # ${VARIANT_ID^} is not posix compliant and is not parsed correctly by zsh \
+    && sed -i 's/VARIANT_ID^/VARIANT_ID/' /etc/profile.d/toolbox.sh \
+    && ostree container commit
+
+RUN set -x; update-crypto-policies --set legacy --no-reload \
+    && echo "image = \"${TOOLBOX_IMAGE}\"" >> /etc/containers/toolbox.conf \
+    && ostree container commit

microshift.Containerfile → os_microshift.Containerfile

@@ -5,7 +5,7 @@ FROM quay.io/fedora/fedora-minimal:latest as artifacts
 COPY overlay.d/00-temp/ /
 
 RUN microdnf install --setopt=install_weak_deps=False \
-                     -y rpmbuild && chmod +x /usr/bin/fakerpm.sh \
+        -y rpmbuild && chmod +x /usr/bin/fakerpm.sh \
     && mkdir -p /srv/fakerpms/ && pushd /srv/fakerpms/ \
     && /usr/bin/fakerpm.sh openvswitch3.1 \
     # See https://github.com/openshift/microshift/pull/967
@@ -22,15 +22,12 @@ RUN set -x; arch=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/'); cat /etc/
         https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
     && ostree container commit
 
-RUN cat /etc/os-release; rpm-ostree --version; ostree --version; \
-    set -x; PACKAGES_INSTALL="bridge-utils conntrack-tools curl firewalld fping iftop iputils iproute mtr nethogs \
-    socat net-tools bind-utils iperf iperf3 iputils mtr ethtool tftp wget ipmitool gawk htop ncdu procps \
-    strace iotop subversion git git-lfs gnupg2 openssl openvpn rsync tcpdump nmap nmap-ncat krb5-workstation \
-    qemu-kvm qemu-user-static libvirt virt-manager virt-install sudo screen unzip util-linux-user ignition \
-    libcurl-devel zsh nmap-ncat netcat socat python3-pip skopeo jq vim neovim make gcc dhcp-client inotify-tools"; \
-    rpm-ostree install $PACKAGES_INSTALL \
+COPY *.list /tmp/
+RUN set -x; cat /etc/os-release; rpm-ostree --version; ostree --version; \
+    rpm-ostree install $(</tmp/packages.list) \
+    && ln -sf /usr/bin/netcat /usr/bin/nc \
     && rm -rf /var/lib/{unbound,gssproxy,nfs} \
-    && ln -s /usr/bin/netcat /usr/bin/nc \
+    && rm -rf /tmp/*.list \
     && ostree container commit
 
 COPY overlay.d/01-common/ /

toolbox.Containerfile → os_toolbox.Containerfile

@@ -2,25 +2,18 @@ ARG BASE_REPO=registry.fedoraproject.org/fedora-toolbox
 ARG BASE_TAG=testing
 FROM ${BASE_REPO}:${BASE_TAG}
 
-ARG PACKAGES_INSTALL="bridge-utils conntrack-tools curl fping iftop iotop iputils iproute mtr nethogs socat \
-    net-tools bind-utils iperf iperf3 iputils mtr ethtool tftp wget ipmitool \
-    gnupg2 openssl openvpn rsync tcpdump nmap nmap-ncat crypto-policies \
-    gawk htop ncdu procps strace subversion git git-lfs \
-    sudo screen unzip util-linux-user ignition inotify-tools \
-    zsh python3-pip skopeo jq vim neovim wine"
-
 ARG PACKAGES_INSTALL_ADDITIONAL=""
 
+COPY *.list /tmp/
 RUN set -x; arch=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/'); cat /etc/os-release \
     && dnf install -y \
-        https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+       https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
         https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
-    && dnf install -y ${PACKAGES_INSTALL} ${PACKAGES_INSTALL_ADDITIONAL} \
-    && dnf clean all
+    && dnf install -y $(</tmp/packages.list) ${PACKAGES_INSTALL_ADDITIONAL} \
+    && dnf clean all && rm -rf /tmp/*.list
 
 RUN dnf -y groupinstall "Development Tools" && dnf clean all
 
-
 COPY overlay.d/01-common/ /
 
 RUN HOME=/tmp RUNZSH=no CHSH=no ZSH=/usr/lib/ohmyzsh \

overlay.d/05-systemd/usr/lib/systemd/system-preset/85-common.preset

@@ -0,0 +1,3 @@
+enable kargs-mitigations.service
+enable rpm-ostreed-automatic.timer
+enable lower-priority.slice

overlay.d/10-desktop/usr/lib/systemd/system-preset/90-fedora-custom.preset

@@ -0,0 +1,3 @@
+enable ensure-flatpak.service
+enable ensure-flatpak-flathub.service
+enable docker.service

overlay.d/10-desktop/usr/lib/systemd/system/ensure-flatpak-flathub.service

@@ -8,6 +8,7 @@ RemainAfterExit=true
 ExecStart=flatpak remote-add --if-not-exists -v flathub https://dl.flathub.org/repo/flathub.flatpakrepo
 Restart=on-failure
 RestartSec=30
+Slice=lower-priority.slice
 
 [Install]
 WantedBy=multi-user.target

overlay.d/10-desktop/usr/lib/systemd/system/ensure-flatpak.service

@@ -1,14 +1,14 @@
 [Unit]
-Description="Ensure a list of Flatpak applications is installed"
+Description=Ensure a list of Flatpak applications is installed
 After=ensure-flatpak-flathub.service network-online.target
-Slice=lower-priority.slice
 
 [Service]
 Type=oneshot
 RemainAfterExit=true
 ExecStart=/usr/bin/bash -c '/usr/bin/flatpak install --or-update --noninteractive --assumeyes $(</usr/share/ensure-flatpak/applications.list)'
 Restart=on-failure
 RestartSec=30
+Slice=lower-priority.slice
 
 [Install]
 WantedBy=multi-user.target

overlay.d/10-fcos/usr/lib/systemd/system-preset/43-manifest-rhcos.preset → overlay.d/10-fcos/usr/lib/systemd/system-preset/90-from-okd-machine-os.preset

@@ -2,3 +2,4 @@ enable rhcos-usrlocal-selinux-fixup.service
 enable rhcos-selinux-policy-upgrade.service
 enable auditd.service
 enable nmstate.service
+enable okd-selinux.service

overlay.d/10-fcos/usr/lib/systemd/system/ovsdb-server.service.d/99-okd-permission-fix.conf

@@ -1,5 +1,4 @@
 [Service]
-Restart=always
 ExecStartPre=-/bin/sh -c '/usr/bin/chown -R ${OVS_USER_ID} /var/lib/openvswitch'
 ExecStartPre=-/bin/sh -c '/usr/bin/chown -R ${OVS_USER_ID} /etc/openvswitch'
 ExecStartPre=-/bin/sh -c '/usr/bin/chown -R ${OVS_USER_ID} /run/openvswitch'

overlay.d/15-microshift/usr/lib/systemd/system-preset/95-microshift.preset

@@ -0,0 +1,7 @@
+disable systemd-resolved.service
+enable crio.service
+enable firewalld.service
+enable fix-resolvconf.service
+enable openvswitch.service
+enable microshift-firewall.service
+enable microshift.service

packages.desktop.list

@@ -0,0 +1,3 @@
+firewall-config
+pulseaudio-utils
+virt-manager