-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
New readme, add experimental standalone image
- Loading branch information
1 parent
1fd70ed
commit 3bbf39e
Showing
23 changed files
with
761 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
name: Build standalone container image (experimental) | ||
|
||
on: | ||
schedule: | ||
- cron: "15 14 * * *" | ||
push: | ||
branches: ["main"] | ||
pull_request: | ||
branches: ["main"] | ||
workflow_dispatch: | ||
|
||
env: | ||
# Use docker.io for Docker Hub if empty | ||
REGISTRY: ghcr.io | ||
# github.repository as <account>/<repo> | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
build: | ||
name: Build standalone container image | ||
runs-on: ubuntu-latest | ||
container: | ||
image: ghcr.io/terrapkg/builder:f40 | ||
options: --privileged --device=/dev/fuse | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Login to ghcr.io | ||
uses: redhat-actions/podman-login@v1 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build container image | ||
id: build-image | ||
uses: redhat-actions/buildah-build@v2 | ||
with: | ||
image: ghcr.io/ultramarine-linux/base-standalone-bootc | ||
tags: 41 latest | ||
context: base-standalone | ||
layers: true | ||
extra-args: | | ||
--security-opt=label=disable | ||
--cap-add=all | ||
--device=/dev/fuse | ||
- name: Push To ghcr.io | ||
uses: redhat-actions/push-to-registry@v2 | ||
with: | ||
image: ${{ steps.build-image.outputs.image }} | ||
tags: ${{ steps.build-image.outputs.tags }} | ||
registry: ghcr.io/ultramarine-linux | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
test/ | ||
output/ | ||
output/ | ||
/.cache/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,9 @@ | ||
currently just an experiment on a container based atomic Ultramarine system, that is as user friendly as the mutable version | ||
# Ultramarine Linux - atomic bootc experiment | ||
|
||
we'll see how it goes | ||
> [!NOTE] | ||
> This is an experimental version of Ultramarine Linux, based on the new [bootc](https://github.com/containers/bootc) project. | ||
> Do not expect it to be stable or usable for anything other than testing. You have been warned. | ||
> | ||
> Supercedes [Ultramarine-Linux/ostree](https://github.com/Ultramarine-linux/ostree). | ||
Experimental version of Ultramarine Linux, based on bootc. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
*.tar* | ||
*.ociarchive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
/out | ||
/ostree-repo | ||
/cache | ||
*.tar | ||
*.auth.json | ||
images/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
FROM ghcr.io/terrapkg/builder:f40 AS builder | ||
|
||
WORKDIR /work | ||
|
||
RUN \ | ||
--mount=type=cache,target=/var/cache \ | ||
sudo dnf5 install -y podman moby-engine rpm-ostree melody just python3-pip pkg-config wget ostree ostree-devel rpm-ostree git hfsplus-tools flatpak dbus dbus-daemon rpmdevtools make mock selinux-policy python3-pip jq @development-tools gcc cairo-devel python3-devel 'pkgconfig(gobject-introspection-1.0)' 'pkgconfig(cairo-gobject)' 'dnf-command(config-manager)' | ||
|
||
RUN pip install yq | ||
|
||
COPY . . | ||
|
||
RUN --mount=type=cache,target=/var/cache \ | ||
melody compile ultramarine/base.yaml out/base | ||
|
||
RUN \ | ||
--mount=type=cache,target=/cache \ | ||
--mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \ | ||
rpm-ostree compose image \ | ||
--cachedir=/cache \ | ||
--format=ociarchive \ | ||
--initialize \ | ||
out/base/0.yaml /buildcontext/out.ociarchive | ||
|
||
|
||
FROM oci-archive:./out.ociarchive | ||
# Need to reference builder here to force ordering. But since we have to run | ||
# something anyway, we might as well cleanup after ourselves. | ||
RUN --mount=type=bind,from=builder,src=.,target=/var/tmp --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rm /buildcontext/out.ociarchive | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Experimental standalone bootc layer for Ultramarine Linux | ||
|
||
probably not gonna be used for now, but it's here for reference |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
boot-location: modules | ||
selinux: true | ||
cliwrap: true | ||
readonly-executables: true | ||
tmp-is-dir: true | ||
|
||
etc-group-members: | ||
- wheel | ||
ignore-removed-users: | ||
- root | ||
ignore-removed-groups: | ||
- root | ||
check-passwd: | ||
type: file | ||
filename: passwd | ||
check-groups: | ||
type: file | ||
filename: group | ||
default_target: graphical.target | ||
groups: | ||
- id: core | ||
blacklist: | ||
- dnf | ||
- dnf-plugins-core | ||
- yum | ||
- grubby | ||
- grubby-deprecated | ||
- initial-setup | ||
- dracut-config-rescue | ||
- grub2-efi-aa64 | ||
- grub2-efi-ia32 | ||
- grub2-efi-x64 | ||
- grub2-ppc64le | ||
- s390utils-base | ||
- lsvpd | ||
- powerpc-utils | ||
|
||
- id: standard | ||
blacklist: | ||
- abrt-cli | ||
- crontabs | ||
- at | ||
- deltarpm | ||
- psacct | ||
# TODO: See hardware.yaml | ||
- mcelog | ||
- microcode_ctl | ||
- id: cloud-bootloader-tools | ||
blacklist: | ||
- grub2-pc | ||
- grub2-tools-efi | ||
- grub2-efi-aa64 | ||
- grub2-efi-ia32 | ||
- grub2-efi-x64 | ||
- grub2-ppc64le | ||
- s390utils | ||
- s390utils-base | ||
- shim-aa64 | ||
- shim-ia32 | ||
- shim-x64 | ||
- id: workstation-ostree-support | ||
- id: guest-agents | ||
- id: printing | ||
# There are some junk packages (printing related CLIs, and a GUI) in the optional packages for this group. | ||
blacklist: | ||
- a2ps | ||
- enscript | ||
- system-config-printer | ||
- cups-bjnp | ||
|
||
packages: | ||
# Linux | ||
- kernel | ||
- kernel-modules | ||
- kernel-modules-extra | ||
# Utilities | ||
- lvm2 | ||
- podman | ||
- git | ||
- vim # Let's install VIM anyway | ||
- nano | ||
- nano-default-editor | ||
# Boot (TODO: Switch to systemd-boot) | ||
#systemd-boot may be a bit tricky -jr | ||
- bootupd | ||
- grub2 | ||
- shim | ||
- rpmfusion-free-release | ||
- rpmfusion-nonfree-release | ||
- plocate | ||
- ostree-grub2 | ||
|
||
packages-x86_64: | ||
- mcelog | ||
- microcode_ctl | ||
- cmospwd | ||
- intel-media-driver | ||
- libva-intel-driver | ||
# For some reason, adding in this kmod causes the build to fail with rpmdb corruption | ||
# - broadcom-wl | ||
- grub2-pc | ||
- grub2-efi-x64 | ||
- grub2-tools-efi | ||
- shim-ia32 | ||
- shim-x64 | ||
|
||
packages-aarch64: | ||
- bcm283x-firmware | ||
|
||
exclude-packages: | ||
- fedora-release | ||
- fedora-release-identity-basic | ||
- fedora-release-common | ||
- fedora-release-identity-workstation | ||
- generic-release | ||
- grub2-ppc64le | ||
- vim-default-editor # Because we use nano-default-editor, GNU nano is the default editor | ||
|
||
postprocess: | ||
- | | ||
#!/usr/bin/env bash | ||
set -xeuo pipefail | ||
# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295 | ||
# From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf | ||
install -dm0755 /usr/lib/systemd/journald.conf.d/ | ||
echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf | ||
# See: https://src.fedoraproject.org/rpms/glibc/pull-request/4 | ||
# Basically that program handles deleting old shared library directories | ||
# mid-transaction, which never applies to rpm-ostree. This is structured as a | ||
# loop/glob to avoid hardcoding (or trying to match) the architecture. | ||
for x in /usr/sbin/glibc_post_upgrade.*; do | ||
if test -f ${x}; then | ||
ln -srf /usr/bin/true ${x} | ||
fi | ||
done | ||
# Remove loader directory causing issues in Anaconda in unified core mode | ||
# Will be obsolete once we start using bootupd | ||
rm -rf /usr/lib/ostree-boot/loader | ||
# # Undo RPM scripts enabling units; we want the presets to be canonical | ||
# # https://github.com/projectatomic/rpm-ostree/issues/1803 | ||
# rm -rf /etc/systemd/system/* | ||
# systemctl preset-all | ||
# rm -rf /etc/systemd/user/* | ||
# systemctl --user --global preset-all | ||
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2218006 | ||
systemctl enable nfs-client.target | ||
postprocess-script: "postprocess.sh" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# Basically an extension of graphical with tools and utilities that would be useful for desktop users, for both UM and tau | ||
packages: | ||
- distrobox | ||
- moby-engine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
groups: | ||
- id: guest-desktop-agents | ||
blacklist: | ||
- virtualbox-guest-additions | ||
- id: fonts | ||
optional: false | ||
blacklist: | ||
- google-noto-sans-cjk-ttc-fonts | ||
- id: base-x | ||
# TODO: see hardware.yaml | ||
blacklist: | ||
- xorg-x11-drv-armsoc | ||
- xorg-x11-drv-intel | ||
- xorg-x11-drv-openchrome | ||
- xorg-x11-drv-vesa | ||
- xorg-x11-drv-vmware | ||
- id: multimedia | ||
blacklist: | ||
- gstreamer1-plugin-openh264 | ||
- gimp-heif-plugin | ||
- PackageKit-gstreamer-plugin | ||
|
||
packages: | ||
- glibc-all-langpacks | ||
# Some symbols are missing in the default set of fonts, so we need to install these | ||
- dejavu-sans-fonts | ||
- dejavu-sans-mono-fonts | ||
- dejavu-serif-fonts | ||
- twitter-twemoji-fonts | ||
# - appimagelauncher # Just for that extra bit of polish | ||
|
||
packages-aarch64: | ||
- xorg-x11-drv-armsoc | ||
|
||
packages-x86_64: | ||
- xorg-x11-drv-intel | ||
- xorg-x11-drv-openchrome | ||
- xorg-x11-drv-vesa | ||
- xorg-x11-drv-vmware | ||
- thermald | ||
- virtualbox-guest-additions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
root:x:0: | ||
bin:x:1: | ||
daemon:x:2: | ||
sys:x:3: | ||
adm:x:4: | ||
tty:x:5: | ||
disk:x:6: | ||
lp:x:7: | ||
mem:x:8: | ||
kmem:x:9: | ||
wheel:x:10: | ||
cdrom:x:11: | ||
mail:x:12: | ||
man:x:15: | ||
dialout:x:18: | ||
floppy:x:19: | ||
games:x:20: | ||
tape:x:33: | ||
video:x:39: | ||
ftp:x:50: | ||
lock:x:54: | ||
audio:x:63: | ||
nobody:x:99: | ||
users:x:100: | ||
utmp:x:22: | ||
utempter:x:35: | ||
ssh_keys:x:999: | ||
systemd-journal:x:190: | ||
dbus:x:81: | ||
polkitd:x:998: | ||
etcd:x:997: | ||
dip:x:40: | ||
cgred:x:996: | ||
tss:x:59: | ||
avahi-autoipd:x:170: | ||
rpc:x:32: | ||
sssd:x:993: | ||
dockerroot:x:986: | ||
rpcuser:x:29: | ||
nfsnobody:x:65534: | ||
kube:x:994: | ||
sshd:x:74: | ||
chrony:x:992: | ||
tcpdump:x:72: | ||
input:x:104: | ||
systemd-timesync:x:991: | ||
systemd-network:x:990: | ||
systemd-resolve:x:989: | ||
systemd-bus-proxy:x:988: | ||
cockpit-ws:x:987: |
Oops, something went wrong.