diff --git a/Justfile b/Justfile index e288a86f803..04744c3139b 100644 --- a/Justfile +++ b/Justfile @@ -25,6 +25,9 @@ tags := '( [latest]=latest [beta]=beta )' +export SUDO_DISPLAY := if `if [ -n "${DISPLAY:-}" ] || [ -n "${WAYLAND_DISPLAY:-}" ]; then echo true; fi` == "true" { "true" } else { "false" } +export SUDOIF := if `id -u` == "0" { "" } else { if SUDO_DISPLAY == "true" { "sudo --askpass" } else { "sudo" } } +export PODMAN := if path_exists("/usr/bin/podman") == "true" { env("PODMAN", "/usr/bin/podman") } else { if path_exists("/usr/bin/docker") == "true" { env("PODMAN", "docker") } else { env("PODMAN", "exit 1 ; ") } } [private] default: @@ -63,12 +66,6 @@ clean: rm -f changelog.md rm -f output.env -# Sudo Clean Repo -[group('Utility')] -[private] -sudo-clean: - just sudoif just clean - # Check if valid combo [group('Utility')] [private] @@ -106,28 +103,12 @@ validate $image $tag $flavor: exit 1 fi -# sudoif bash function -[group('Utility')] -[private] -sudoif command *args: - #!/usr/bin/bash - function sudoif(){ - if [[ "${UID}" -eq 0 ]]; then - "$@" - elif [[ "$(command -v sudo)" && -n "${SSH_ASKPASS:-}" ]] && [[ -n "${DISPLAY:-}" || -n "${WAYLAND_DISPLAY:-}" ]]; then - /usr/bin/sudo --askpass "$@" || exit 1 - elif [[ "$(command -v sudo)" ]]; then - /usr/bin/sudo "$@" || exit 1 - else - exit 1 - fi - } - sudoif {{ command }} {{ args }} - # Build Image [group('Image')] build $image="bluefin" $tag="latest" $flavor="main" rechunk="0" ghcr="0" pipeline="0" $kernel_pin="": #!/usr/bin/bash + + echo "::group:: Build Prep" set -eoux pipefail # Validate @@ -191,6 +172,17 @@ build $image="bluefin" $tag="latest" $flavor="main" rechunk="0" ghcr="0" pipelin else ver="${tag}-${fedora_version}.$(date +%Y%m%d)" fi + skopeo list-tags docker://ghcr.io/{{ repo_organization }}/${image_name} > /tmp/repotags.json + if [[ $(jq "any(.Tags[]; contains(\"$ver\"))" < /tmp/repotags.json) == "true" ]]; then + POINT="1" + while $(jq -e "any(.Tags[]; contains(\"$ver.$POINT\"))" < /tmp/repotags.json) + do + (( POINT++ )) + done + fi + if [[ -n "${POINT:-}" ]]; then + ver="${ver}.$POINT" + fi # Build Arguments BUILD_ARGS=() @@ -204,6 +196,9 @@ build $image="bluefin" $tag="latest" $flavor="main" rechunk="0" ghcr="0" pipelin BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=$(git rev-parse --short HEAD)") fi BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${tag}") + if [[ "${PODMAN}" =~ docker && "${TERM}" == "dumb" ]]; then + BUILD_ARGS+=("--progress" "plain") + fi # Labels LABELS=() @@ -213,14 +208,28 @@ build $image="bluefin" $tag="latest" $flavor="main" rechunk="0" ghcr="0" pipelin LABELS+=("--label" "io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/README.md") LABELS+=("--label" "io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4") LABELS+=("--label" "org.opencontainers.image.description=An interpretation of the Ubuntu spirit built on Fedora technology") + LABELS+=("--label" "containers.bootc=1") + LABELS+=("--label" "org.opencontainers.image.created=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)") + LABELS+=("--label" "org.opencontainers.image.source=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/Containerfile") + LABELS+=("--label" "org.opencontainers.image.url=https://projectbluefin.io") + LABELS+=("--label" "org.opencontainers.image.vendor={{ repo_organization }}") + LABELS+=("--label" "io.artifacthub.package.category=bootc-images") + LABELS+=("--label" "io.artifacthub.package.deprecated=false") + LABELS+=("--label" "io.artifacthub.package.keywords=bootc,fedora,bluefin,ublue,universal-blue") + LABELS+=("--label" "io.artifacthub.package.maintainers=[{\"name\": \"castrojo\", \"email\": \"jorge.castro@gmail.com\"}]") + + echo "::endgroup::" + echo "::group:: Build Container" # Build Image - podman build \ + ${PODMAN} build \ "${BUILD_ARGS[@]}" \ "${LABELS[@]}" \ --target "${target}" \ --tag "${image_name}:${tag}" \ + --file Containerfile \ . + echo "::endgroup::" # Rechunk if [[ "{{ rechunk }}" == "1" && "{{ ghcr }}" == "1" && "{{ pipeline }}" == "1" ]]; then @@ -250,17 +259,15 @@ build-ghcr image="bluefin" tag="latest" flavor="main" kernel_pin="": [group('Image')] build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": #!/usr/bin/bash - if [[ "${UID}" -gt "0" ]]; then - echo "Must Run with sudo or as root..." - exit 1 - fi - just build {{ image }} {{ tag }} {{ flavor }} 1 1 1 {{ kernel_pin }} + ${SUDOIF} just build {{ image }} {{ tag }} {{ flavor }} 1 1 1 {{ kernel_pin }} # Rechunk Image [group('Image')] [private] rechunk $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": #!/usr/bin/bash + + echo "::group:: Rechunk Prep" set -eoux pipefail # Validate @@ -270,52 +277,75 @@ rechunk $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Check if image is already built - ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + ID=$(${PODMAN} images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then just build "${image}" "${tag}" "${flavor}" fi # Load into Rootful Podman - ID=$(just sudoif podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") - if [[ -z "$ID" ]]; then + ID=$(${SUDOIF} ${PODMAN} images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + if [[ -z "$ID" && ! ${PODMAN} =~ docker ]]; then COPYTMP=$(mktemp -p "${PWD}" -d -t podman_scp.XXXXXXXXXX) - just sudoif TMPDIR=${COPYTMP} podman image scp ${UID}@localhost::localhost/"${image_name}":"${tag}" root@localhost::localhost/"${image_name}":"${tag}" + ${SUDOIF} TMPDIR=${COPYTMP} ${PODMAN} image scp ${UID}@localhost::localhost/"${image_name}":"${tag}" root@localhost::localhost/"${image_name}":"${tag}" rm -rf "${COPYTMP}" fi # Prep Container - CREF=$(just sudoif podman create localhost/"${image_name}":"${tag}" bash) - OLD_IMAGE=$(just sudoif podman inspect $CREF | jq -r '.[].Image') + CREF=$(${SUDOIF} ${PODMAN} create localhost/"${image_name}":"${tag}" bash) + OLD_IMAGE=$(${SUDOIF} ${PODMAN} inspect $CREF | jq -r '.[].Image') OUT_NAME="${image_name}_build" - MOUNT=$(just sudoif podman mount "${CREF}") + MOUNT=$(${SUDOIF} ${PODMAN} mount "${CREF}") # Fedora Version - fedora_version=$(just sudoif podman inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fedora_version=$(${SUDOIF} ${PODMAN} inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') # Label Version - if [[ "{{ tag }}" =~ stable ]]; then - VERSION="${fedora_version}.$(date +%Y%m%d)" - else - VERSION="${tag}-${fedora_version}.$(date +%Y%m%d)" + VERSION=$(${SUDOIF} ${PODMAN} inspect $CREF | jq -r '.[].Config.Labels["org.opencontainers.image.version"]') + + # Git SHA + SHA="dedbeef" + if [[ -z "$(git status -s)" ]]; then + SHA=$(git rev-parse HEAD) fi + # Rest of Labels + LABELS=" + io.artifacthub.package.category=bootc-images + io.artifacthub.package.deprecated=false + io.artifacthub.package.keywords=bootc,fedora,bluefin,ublue,universal-blue + io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 + io.artifacthub.package.maintainers=[{\"name\": \"castrojo\", \"email\": \"jorge.castro@gmail.com\"}] + io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/README.md + org.opencontainers.image.created=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z) + org.opencontainers.image.license=Apache-2.0 + org.opencontainers.image.source=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/Containerfile + org.opencontainers.image.title=${image_name} + org.opencontainers.image.url=https://projectbluefin.io + org.opencontainers.image.vendor={{ repo_organization }} + ostree.linux=$(${SUDOIF} ${PODMAN} inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]') + containers.bootc=1 + " + # Cleanup Space during Github Action if [[ "{{ ghcr }}" == "1" ]]; then base_image_name=silverblue-main if [[ "${tag}" =~ stable ]]; then tag="stable-daily" fi - ID=$(just sudoif podman images --filter reference=ghcr.io/ublue-os/"${base_image_name}":${fedora_version} --format "'{{ '{{.ID}}' }}'") + ID=$(${SUDOIF} ${PODMAN} images --filter reference=ghcr.io/{{ repo_organization }}/"${base_image_name}":${fedora_version} --format "{{ '{{.ID}}' }}") if [[ -n "$ID" ]]; then - podman rmi "$ID" + ${PODMAN} rmi "$ID" fi fi # Rechunk Container rechunker="{{ rechunker_image }}" + echo "::endgroup::" + echo "::group:: Prune" + # Run Rechunker's Prune - just sudoif podman run --rm \ + ${SUDOIF} ${PODMAN} run --rm \ --pull=newer \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ @@ -324,8 +354,11 @@ rechunk $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": "${rechunker}" \ /sources/rechunk/1_prune.sh + echo "::endgroup::" + echo "::group:: Create ostree tree" + # Run Rechunker's Create - just sudoif podman run --rm \ + ${SUDOIF} ${PODMAN} run --rm \ --security-opt label=disable \ --volume "$MOUNT":/var/tree \ --volume "cache_ostree:/var/ostree" \ @@ -337,16 +370,15 @@ rechunk $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": /sources/rechunk/2_create.sh # Cleanup Temp Container Reference - just sudoif podman unmount "$CREF" - just sudoif podman rm "$CREF" - just sudoif podman rmi "$OLD_IMAGE" + ${SUDOIF} ${PODMAN} unmount "$CREF" + ${SUDOIF} ${PODMAN} rm "$CREF" + ${SUDOIF} ${PODMAN} rmi "$OLD_IMAGE" + + echo "::endgroup::" + echo "::group:: Rechunker" - SHA="dedbeef" - if [[ -z "$(git status -s)" ]]; then - SHA=$(git rev-parse HEAD) - fi # Run Rechunker - just sudoif podman run --rm \ + ${SUDOIF} ${PODMAN} run --rm \ --pull=newer \ --security-opt label=disable \ --volume "$PWD:/workspace" \ @@ -355,7 +387,7 @@ rechunk $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": --env REPO=/var/ostree/repo \ --env PREV_REF=ghcr.io/ublue-os/"${image_name}":"${tag}" \ --env OUT_NAME="$OUT_NAME" \ - --env LABELS="org.opencontainers.image.title=${image_name}$'\n''io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/README.md'$'\n''io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4'$'\n'" \ + --env LABELS="${LABELS}" \ --env "DESCRIPTION='An interpretation of the Ubuntu spirit built on Fedora technology'" \ --env "VERSION=${VERSION}" \ --env VERSION_FN=/workspace/version.txt \ @@ -367,17 +399,19 @@ rechunk $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": /sources/rechunk/3_chunk.sh # Fix Permissions of OCI + ${SUDOIF} find ${OUT_NAME} -type d -exec chmod 0755 {} \; || true + ${SUDOIF} find ${OUT_NAME}* -type f -exec chmod 0644 {} \; || true + if [[ "${UID}" -gt "0" ]]; then - just sudoif chown "${UID}:${GROUPS}" -R "${PWD}" + ${SUDOIF} chown "${UID}:${GROUPS}" -R "${PWD}" elif [[ -n "${SUDO_UID:-}" ]]; then chown "${SUDO_UID}":"${SUDO_GID}" -R "${PWD}" fi # Remove cache_ostree - just sudoif podman volume rm cache_ostree + ${SUDOIF} ${PODMAN} volume rm cache_ostree - # Show OCI Labels - just sudoif skopeo inspect oci:"${PWD}"/"${OUT_NAME}" | jq -r '.Labels' + echo "::endgroup::" # Pipeline Checks if [[ {{ pipeline }} == "1" && -n "${SUDO_USER:-}" ]]; then @@ -399,12 +433,12 @@ load-rechunk image="bluefin" tag="latest" flavor="main": # Load Image OUT_NAME="${image_name}_build" - IMAGE=$(podman pull oci:"${PWD}"/"${OUT_NAME}") - podman tag ${IMAGE} localhost/"${image_name}":{{ tag }} + IMAGE=$(${PODMAN} pull oci:"${PWD}"/"${OUT_NAME}") + ${PODMAN} tag ${IMAGE} localhost/"${image_name}":{{ tag }} # Cleanup - just sudoif "rm -rf ${OUT_NAME}*" - just sudoif "rm -f previous.manifest.json" + rm -rf "${OUT_NAME}*" + rm -f previous.manifest.json # Run Container [group('Image')] @@ -419,13 +453,13 @@ run $image="bluefin" $tag="latest" $flavor="main": image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Check if image exists - ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + ID=$(${PODMAN} images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then just build "$image" "$tag" "$flavor" fi # Run Container - podman run -it --rm localhost/"${image_name}":"${tag}" bash + ${PODMAN} run -it --rm localhost/"${image_name}":"${tag}" bash # Build ISO [group('ISO')] @@ -451,23 +485,23 @@ build-iso $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": if [[ "{{ ghcr }}" == "1" ]]; then IMAGE_FULL=ghcr.io/ublue-os/"${image_name}":"${tag}" IMAGE_REPO=ghcr.io/ublue-os - podman pull "${IMAGE_FULL}" + ${PODMAN} pull "${IMAGE_FULL}" else IMAGE_FULL=localhost/"${image_name}":"${tag}" IMAGE_REPO=localhost - ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + ID=$(${PODMAN} images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") if [[ -z "$ID" ]]; then just build "$image" "$tag" "$flavor" fi fi # Fedora Version - FEDORA_VERSION=$(podman inspect ${IMAGE_FULL} | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + FEDORA_VERSION=$(${PODMAN} inspect ${IMAGE_FULL} | jq -r '.[]["Config"]["Labels"]["ostree.linux"]' | grep -oP 'fc\K[0-9]+') # Load Image into rootful podman - if [[ "${UID}" -gt 0 && {{ ghcr }} == "0" ]]; then + if [[ "${UID}" -gt 0 && {{ ghcr }} == "0" && ! "${PODMAN}" =~ docker ]]; then COPYTMP=$(mktemp -p "${PWD}" -d -t podman_scp.XXXXXXXXXX) - just sudoif TMPDIR=${COPYTMP} podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" + ${SUDOIF} TMPDIR=${COPYTMP} ${PODMAN} image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" rm -rf "${COPYTMP}" fi @@ -511,13 +545,13 @@ build-iso $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": flatpak_list_args+=("${IMAGE_FULL}" /temp_flatpak_install_dir/install-flatpaks.sh) if [[ ! -f "${build_dir}/flatpaks-with-deps" ]]; then - podman run "${flatpak_list_args[@]}" + ${PODMAN} run "${flatpak_list_args[@]}" else echo "WARNING - Reusing previous determined flatpaks-with-deps" fi if [[ "{{ pipeline }}" == "1" ]]; then - podman rmi ${IMAGE_FULL} + ${PODMAN} rmi ${IMAGE_FULL} fi # List Flatpaks with Dependencies @@ -547,10 +581,10 @@ build-iso $image="bluefin" $tag="latest" $flavor="main" ghcr="0" pipeline="0": iso_build_args+=(VERSION="${FEDORA_VERSION}") iso_build_args+=(WEB_UI="false") - just sudoif podman run "${iso_build_args[@]}" + ${SUDOIF} ${PODMAN} run "${iso_build_args[@]}" if [[ "${UID}" -gt "0" ]]; then - just sudoif chown "${UID}:${GROUPS}" -R "${PWD}" + ${SUDOIF} chown "${UID}:${GROUPS}" -R "${PWD}" elif [[ -n "${SUDO_UID:-}" ]]; then chown "${SUDO_UID}":"${SUDO_GID}" -R "${PWD}" fi @@ -597,9 +631,9 @@ run-iso $image="bluefin" $tag="latest" $flavor="main": run_args+=(--device=/dev/kvm) run_args+=(--volume "${PWD}/${image_name}_build/${image_name}-${tag}.iso":"/boot.iso") run_args+=(docker.io/qemux/qemu-docker) - podman run "${run_args[@]}" & + ${PODMAN} run "${run_args[@]}" & xdg-open http://localhost:${port} - fg "%podman" + fg "%podman" || fg "%docker" # Test Changelogs [group('Changelogs')] @@ -612,13 +646,13 @@ changelogs branch="stable" handwritten="": [group('Utility')] verify-container container="" registry="ghcr.io/ublue-os" key="": #!/usr/bin/bash - set -eoux pipefail + set -eou pipefail # Get Cosign if Needed if [[ ! $(command -v cosign) ]]; then - COSIGN_CONTAINER_ID=$(just sudoif podman create cgr.dev/chainguard/cosign:latest bash) - just sudoif podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign - just sudoif podman rm -f "${COSIGN_CONTAINER_ID}" + COSIGN_CONTAINER_ID=$(${SUDOIF} ${PODMAN} create cgr.dev/chainguard/cosign:latest bash) + ${SUDOIF} ${PODMAN} cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign + ${SUDOIF} ${PODMAN} rm -f "${COSIGN_CONTAINER_ID}" fi # Verify Cosign Image Signatures if needed @@ -645,7 +679,7 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": [group('Utility')] secureboot $image="bluefin" $tag="latest" $flavor="main": #!/usr/bin/bash - set -eoux pipefail + set -eou pipefail # Validate just validate "${image}" "${tag}" "${flavor}" @@ -654,10 +688,10 @@ secureboot $image="bluefin" $tag="latest" $flavor="main": image_name=$(just image_name ${image} ${tag} ${flavor}) # Get the vmlinuz to check - kernel_release=$(podman inspect "${image_name}":"${tag}" | jq -r '.[].Config.Labels["ostree.linux"]') - TMP=$(podman create "${image_name}":"${tag}" bash) - podman cp "$TMP":/usr/lib/modules/"${kernel_release}"/vmlinuz /tmp/vmlinuz - podman rm "$TMP" + kernel_release=$(${PODMAN} inspect "${image_name}":"${tag}" | jq -r '.[].Config.Labels["ostree.linux"]') + TMP=$(${PODMAN} create "${image_name}":"${tag}" bash) + ${PODMAN} cp "$TMP":/usr/lib/modules/"${kernel_release}"/vmlinuz /tmp/vmlinuz + ${PODMAN} rm "$TMP" # Get the Public Certificates curl --retry 3 -Lo /tmp/kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der @@ -669,15 +703,15 @@ secureboot $image="bluefin" $tag="latest" $flavor="main": CMD="$(command -v sbverify)" if [[ -z "${CMD:-}" ]]; then temp_name="sbverify-${RANDOM}" - podman run -dt \ + ${PODMAN} run -dt \ --entrypoint /bin/sh \ --volume /tmp/vmlinuz:/tmp/vmlinuz:z \ --volume /tmp/kernel-sign.crt:/tmp/kernel-sign.crt:z \ --volume /tmp/akmods.crt:/tmp/akmods.crt:z \ --name ${temp_name} \ alpine:edge - podman exec ${temp_name} apk add sbsigntool - CMD="podman exec ${temp_name} /usr/bin/sbverify" + ${PODMAN} exec ${temp_name} apk add sbsigntool + CMD="${PODMAN} exec ${temp_name} /usr/bin/sbverify" fi # Confirm that Signatures Are Good @@ -688,7 +722,7 @@ secureboot $image="bluefin" $tag="latest" $flavor="main": returncode=1 fi if [[ -n "${temp_name:-}" ]]; then - podman rm -f "${temp_name}" + ${PODMAN} rm -f "${temp_name}" fi exit "$returncode" @@ -810,12 +844,12 @@ tag-images image_name="" default_tag="" tags="": set -eou pipefail # Get Image, and untag - IMAGE=$(podman inspect localhost/{{ image_name }}:{{ default_tag }} | jq -r .[].Id) - podman untag localhost/{{ image_name }}:{{ default_tag }} + IMAGE=$(${PODMAN} inspect localhost/{{ image_name }}:{{ default_tag }} | jq -r .[].Id) + ${PODMAN} untag localhost/{{ image_name }}:{{ default_tag }} # Tag Image for tag in {{ tags }}; do - podman tag $IMAGE {{ image_name }}:${tag} + ${PODMAN} tag $IMAGE {{ image_name }}:${tag} done # HWE Tagging @@ -826,10 +860,10 @@ tag-images image_name="" default_tag="" tags="": surface_name="${image_name/hwe/surface}" for tag in {{ tags }}; do - podman tag "${IMAGE}" "${asus_name}":${tag} - podman tag "${IMAGE}" "${surface_name}":${tag} + ${PODMAN} tag "${IMAGE}" "${asus_name}":${tag} + ${PODMAN} tag "${IMAGE}" "${surface_name}":${tag} done fi # Show Images - podman images + ${PODMAN} images diff --git a/build_files/base/00-image-info.sh b/build_files/base/00-image-info.sh index a88e5b7421e..aa57d92d28c 100755 --- a/build_files/base/00-image-info.sh +++ b/build_files/base/00-image-info.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +echo "::group:: ===$(basename "$0")===" + set -ouex pipefail IMAGE_PRETTY_NAME="Bluefin" @@ -51,3 +53,5 @@ fi # Fix issues caused by ID no longer being fedora sed -i "s/^EFIDIR=.*/EFIDIR=\"fedora\"/" /usr/sbin/grub2-switch-to-blscfg + +echo "::endgroup::" diff --git a/build_files/base/01-build-fix.sh b/build_files/base/01-build-fix.sh index 694aa92a3c8..a9bec6980f9 100755 --- a/build_files/base/01-build-fix.sh +++ b/build_files/base/01-build-fix.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail # This script provides fixes to packages known to have caused build skew. @@ -50,3 +52,5 @@ rpm-ostree override replace \ rpm-ostree override remove \ glibc32 \ || true + +echo "::endgroup::" diff --git a/build_files/base/02-install-copr-repos.sh b/build_files/base/02-install-copr-repos.sh index b115a66b682..16ec01485a1 100755 --- a/build_files/base/02-install-copr-repos.sh +++ b/build_files/base/02-install-copr-repos.sh @@ -1,6 +1,7 @@ - #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail # Add Staging repo @@ -13,3 +14,5 @@ curl --retry 3 -Lo /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.rep # Add Nerd Fonts Repo curl --retry 3 -Lo /etc/yum.repos.d/_copr_che-nerd-fonts-"$(rpm -E %fedora)".repo https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"$(rpm -E %fedora)"/che-nerd-fonts-fedora-"$(rpm -E %fedora)".repo + +echo "::endgroup::" diff --git a/build_files/base/03-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh index a0fad0db84c..66d67b23415 100755 --- a/build_files/base/03-install-kernel-akmods.sh +++ b/build_files/base/03-install-kernel-akmods.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail # Remove Existing Kernel @@ -89,3 +91,5 @@ if [[ ${AKMODS_FLAVOR} =~ coreos ]]; then depmod -a -v "${KERNEL}" echo "zfs" > /usr/lib/modules-load.d/zfs.conf fi + +echo "::endgroup::" diff --git a/build_files/base/04-packages.sh b/build_files/base/04-packages.sh index 6c453e33cb8..48e13ca4cbc 100755 --- a/build_files/base/04-packages.sh +++ b/build_files/base/04-packages.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -ouex pipefail # build list of all packages requested for inclusion @@ -49,3 +51,5 @@ if [[ "${#INSTALLED_EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then rpm-ostree override remove \ ${INSTALLED_EXCLUDED_PACKAGES[@]} fi + +echo "::endgroup::" diff --git a/build_files/base/05-override-install.sh b/build_files/base/05-override-install.sh index c35008708f4..2ba223664ac 100755 --- a/build_files/base/05-override-install.sh +++ b/build_files/base/05-override-install.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail # Patched shells @@ -56,3 +58,5 @@ mv -f /tmp/ublue-update.toml /usr/etc/ublue-update/ublue-update.toml # Register Fonts fc-cache -f /usr/share/fonts/ubuntu fc-cache -f /usr/share/fonts/inter + +echo "::endgroup::" diff --git a/build_files/base/07-base-image-changes.sh b/build_files/base/07-base-image-changes.sh index 10ff6ce9bd4..ec3e63e1fbd 100755 --- a/build_files/base/07-base-image-changes.sh +++ b/build_files/base/07-base-image-changes.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -ouex pipefail # Remove desktop entries @@ -51,3 +53,5 @@ glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null # Watermark for Plymouth cp /usr/share/plymouth/themes/spinner/{silverblue-,}watermark.png + +echo "::endgroup::" diff --git a/build_files/base/08-firmware.sh b/build_files/base/08-firmware.sh index 0bf5f77695a..4a3abd92f8c 100755 --- a/build_files/base/08-firmware.sh +++ b/build_files/base/08-firmware.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail mkdir -p /tmp/mediatek-firmware @@ -9,3 +11,5 @@ xz --check=crc32 /tmp/mediatek-firmware/WIFI_MT7922_patch_mcu_1_1_hdr.bin xz --check=crc32 /tmp/mediatek-firmware/WIFI_RAM_CODE_MT7922_1.bin mv -vf /tmp/mediatek-firmware/* /usr/lib/firmware/mediatek/ rm -rf /tmp/mediatek-firmware + +echo "::endgroup::" diff --git a/build_files/base/09-hwe-additions.sh b/build_files/base/09-hwe-additions.sh index fe5ea4437bc..17d76df64c8 100755 --- a/build_files/base/09-hwe-additions.sh +++ b/build_files/base/09-hwe-additions.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail if [[ "${IMAGE_NAME}" =~ hwe ]]; then @@ -74,3 +76,4 @@ pinctrl_alderlake pinctrl_meteorlake EOF +echo "::endgroup::" diff --git a/build_files/base/10-brew.sh b/build_files/base/10-brew.sh index f8264b5a4c6..e78f4efceef 100755 --- a/build_files/base/10-brew.sh +++ b/build_files/base/10-brew.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -xeou pipefail # Convince the installer we are in CI @@ -14,3 +16,5 @@ curl --retry 3 -Lo /tmp/brew-install https://raw.githubusercontent.com/Homebrew/ chmod +x /tmp/brew-install /tmp/brew-install tar --zstd -cvf /usr/share/homebrew.tar.zst /home/linuxbrew/.linuxbrew + +echo "::endgroup::" diff --git a/build_files/base/16-bootc.sh b/build_files/base/16-bootc.sh index 55c971b6448..47b1fa70699 100755 --- a/build_files/base/16-bootc.sh +++ b/build_files/base/16-bootc.sh @@ -1,5 +1,9 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + if [ "$FEDORA_MAJOR_VERSION" -eq "40" ]; then /usr/bin/bootupctl backend generate-update-metadata fi + +echo "::endgroup::" diff --git a/build_files/base/17-cleanup.sh b/build_files/base/17-cleanup.sh index aa9df2cc75d..ec43fce1f45 100755 --- a/build_files/base/17-cleanup.sh +++ b/build_files/base/17-cleanup.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail # Setup Systemd @@ -40,3 +42,5 @@ done if [ -f /etc/yum.repos.d/fedora-coreos-pool.repo ]; then sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-coreos-pool.repo fi + +echo "::endgroup::" diff --git a/build_files/base/18-workarounds.sh b/build_files/base/18-workarounds.sh index 995b8fb056b..9e7fd3f4c9e 100755 --- a/build_files/base/18-workarounds.sh +++ b/build_files/base/18-workarounds.sh @@ -1,19 +1,22 @@ -#!/bin/sh +#!/usr/bin/bash + +echo "::group:: ===$(basename "$0")===" set -eoux pipefail # alternatives cannot create symlinks on its own during a container build -if [[ -f /usr/bin/ld.bfd ]]; then +if [[ -f "/usr/bin/ld.bfd" ]]; then ln -sf /usr/bin/ld.bfd /etc/alternatives/ld && ln -sf /etc/alternatives/ld /usr/bin/ld fi - ## Pins and Overrides ## Use this section to pin packages in order to avoid regressions -# Remember to leave a note with rationale/link to issue for each pin! +# Remember to leave a note with rationale/link to issue for each pin! # # Example: #if [ "$FEDORA_MAJOR_VERSION" -eq "41" ]; then # Workaround pkcs11-provider regression, see issue #1943 -# rpm-ostree override replace https://bodhi.fedoraproject.org/updates/FEDORA-2024-dd2e9fb225 +# rpm-ostree override replace https://bodhi.fedoraproject.org/updates/FEDORA-2024-dd2e9fb225 #fi + +echo "::endgroup::" diff --git a/build_files/base/19-initramfs.sh b/build_files/base/19-initramfs.sh index f2897cb9280..459e364ebce 100755 --- a/build_files/base/19-initramfs.sh +++ b/build_files/base/19-initramfs.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -oue pipefail if [[ "${AKMODS_FLAVOR}" == "surface" ]]; then @@ -11,3 +13,5 @@ fi QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')" /usr/libexec/rpm-ostree/wrapped/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" + +echo "::endgroup::" diff --git a/build_files/dx/01-install-copr-repos-dx.sh b/build_files/dx/01-install-copr-repos-dx.sh index ac0b230989d..690f5742379 100755 --- a/build_files/dx/01-install-copr-repos-dx.sh +++ b/build_files/dx/01-install-copr-repos-dx.sh @@ -1,5 +1,7 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -eoux pipefail #incus, lxc, lxd @@ -31,3 +33,5 @@ curl --retry 3 -Lo /etc/yum.repos.d/hikariknight-looking-glass-kvmfr-fedora-"${F # Podman-bootc curl --retry 3 -Lo /etc/yum.repos.d/gmaglione-podman-bootc-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/gmaglione/podman-bootc/repo/fedora-"${FEDORA_MAJOR_VERSION}"/gmaglione-podman-bootc-fedora-"${FEDORA_MAJOR_VERSION}".repo + +echo "::endgroup::" diff --git a/build_files/dx/02-install-kernel-akmods-dx.sh b/build_files/dx/02-install-kernel-akmods-dx.sh index 85913705302..67f1e9a8ebb 100755 --- a/build_files/dx/02-install-kernel-akmods-dx.sh +++ b/build_files/dx/02-install-kernel-akmods-dx.sh @@ -1,24 +1,28 @@ #!/usr/bin/bash +echo "::group:: ===$(basename "$0")===" + set -ouex pipefail sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo # Fetch Kernel RPMS skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms -KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut -d : -f 2) +KERNEL_TARGZ=$(jq -r '.layers[].digest'