diff --git a/2015-RH-IT-Root-CA.pem b/2015-RH-IT-Root-CA.pem new file mode 100644 index 0000000..f306f00 --- /dev/null +++ b/2015-RH-IT-Root-CA.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD +VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp +Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx +GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m +b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx +WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD +VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS +ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG +9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz +bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2 +c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo +GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES +X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK +BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R +4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz +bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e +LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak +oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj +S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf +4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel +RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3 +-----END CERTIFICATE----- diff --git a/README.md b/README.md index 4efe7b2..a2d2166 100644 --- a/README.md +++ b/README.md @@ -1,75 +1,29 @@ -# Manifests for rpm-ostree based Fedora variants +Martin Pitt's desktop +===================== -This is the configuration needed to create -[rpm-ostree](https://coreos.github.io/rpm-ostree/) based variants of Fedora. -Each variant is described in a YAML -[treefile](https://coreos.github.io/rpm-ostree/treefile/) which is then used by -rpm-ostree to compose an ostree commit with the package requested. +This is an [rpm-ostree](https://coreos.github.io/rpm-ostree/) based minimal +[Fedora](https://getfedora.org/) developer desktop with the [sway window manager](https://swaywm.org/) and [podman](https://podman.io/)/[toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) for doing development and running less common graphical applications. -In the Fedora infrastructure, this happens via -[pungi](https://pagure.io/pungi-fedora) with -[Lorax](https://github.com/weldr/lorax) -([templates](https://pagure.io/fedora-lorax-templates)). +It gets [automatically built](.github/workflows/build.yml) every week and [published to my server](https://piware.de/ostree/pitti-workstation/). -## Fedora Silverblue +To use it from an existing OSTree based system like [Fedora CoreOS](https://getfedora.org/coreos) or [Fedora Silverblue](https://docs.fedoraproject.org/en-US/fedora-silverblue/), add my server URL as new remote and rebase your tree to it: -- Website: https://silverblue.fedoraproject.org/ ([sources](https://github.com/fedora-silverblue/silverblue-site)) -- Documentation: https://docs.fedoraproject.org/en-US/fedora-silverblue/ ([sources](https://github.com/fedora-silverblue/silverblue-docs)) -- Issue tracker: https://github.com/fedora-silverblue/issue-tracker/issues - -## Fedora Kinoite - -- Website: https://kinoite.fedoraproject.org/ ([sources](https://pagure.io/fedora-kde/kinoite-site)) -- Documentation: https://docs.fedoraproject.org/en-US/fedora-kinoite/ ([sources](https://pagure.io/fedora-kde/kinoite-docs)) -- Issue tracker: https://pagure.io/fedora-kde/SIG/issues - -## Building - -Instructions to perform a local build of Silverblue: - -``` -# Clone the config -git clone https://pagure.io/workstation-ostree-config && cd workstation-ostree-config - -# Prepare repo & cache -mkdir -p repo cache && ostree --repo=repo init --mode=archive - -# Build (compose) the variant of your choice -sudo rpm-ostree compose tree --repo=repo --cachedir=cache fedora-silverblue.yaml - -# Update summary file -ostree summary --repo=repo --update +```sh +sudo ostree remote add --no-gpg-verify piware https://piware.de/ostree/pitti-workstation/ +sudo rpm-ostree rebase piware:pitti-desktop ``` -## Testing - -Instructions to test the resulting build: - -- First, serve the ostree repo using an HTTP server. -- Then, on an already installed Silverblue system: +After that, you can install weekly updates with ``` -# Add an ostree remote -sudo ostree remote add testremote http:///repo - -# Pin the currently deployed (and probably working) version -sudo ostree admin pin 0 - -# List refs from variant remote -sudo ostree remote refs testremote - -# Switch to your variant -sudo rpm-ostree rebase testremote:fedora/35/x86_64/silverblue +sudo rpm-ostree upgrade ``` -## Historical references +If anything goes wrong, you can go back to the previous version with `sudo rpm-ostree rollback`. -Building and testing instructions: -- https://dustymabe.com/2017/10/05/setting-up-an-atomic-host-build-server/ -- https://dustymabe.com/2017/08/08/how-do-we-create-ostree-repos-and-artifacts-in-fedora/ -- https://www.projectatomic.io/blog/2017/12/compose-custom-ostree/ -- https://www.projectatomic.io/docs/compose-your-own-tree/ +Original README for [workstation-ostree-config](https://pagure.io/workstation-ostree-config) +============================================= For some background, see: diff --git a/compose.sh b/compose.sh new file mode 100755 index 0000000..101da94 --- /dev/null +++ b/compose.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -eu +CACHE=/var/cache/ostree +REPO=/var/tmp/repo + +mkdir -p $CACHE + +if [ ! -d $REPO/objects ]; then + ostree --repo=$REPO init --mode=archive-z2 +fi + +rpm-ostree compose tree --unified-core --cachedir=$CACHE --repo=$REPO pitti-desktop.yaml diff --git a/fedora-34-updates.repo b/fedora-34-updates.repo index 516e164..e107df5 100644 --- a/fedora-34-updates.repo +++ b/fedora-34-updates.repo @@ -4,3 +4,10 @@ mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f34& enabled=0 gpgcheck=1 metadata_expire=1d + +[fedora-34-updates-testing] +name=Fedora 34 $basearch Updates +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f34&arch=$basearch +enabled=0 +gpgcheck=1 +metadata_expire=1d diff --git a/fedora-common-ostree.yaml b/fedora-common-ostree.yaml index 14d4944..930667d 100644 --- a/fedora-common-ostree.yaml +++ b/fedora-common-ostree.yaml @@ -3,8 +3,6 @@ ref: fedora/34/${basearch}/ostree-base automatic_version_prefix: "36" mutate-os-release: "36" -include: fedora-common-ostree-pkgs.yaml - packages: - git-core - rpm-ostree diff --git a/pitti-desktop.yaml b/pitti-desktop.yaml new file mode 100644 index 0000000..5ce1473 --- /dev/null +++ b/pitti-desktop.yaml @@ -0,0 +1,142 @@ +include: fedora-common-ostree.yaml + +ref: pitti-desktop +rojig: + name: pitti-desktop + summary: "Pitti Desktop" + license: MIT + +repos: + - fedora-34 + - fedora-34-updates + - fedora-34-updates-testing + - rpmfusion-free + - rpmfusion-free-updates + +packages: +# hardware/drivers + - kernel + - kernel-modules-extra + - iwl6000g2a-firmware + - iwl7260-firmware + - alsa-sof-firmware + - NetworkManager-wifi + - NetworkManager-openvpn-gnome + - sane-backends + - sane-backends-drivers-scanners + - powertop + - iwd + - udisks2-lvm2 + - opensc +# basic system + - acl + - attr + - basesystem + - cryptsetup + - dnsmasq + - fedora-workstation-backgrounds + - filesystem + - glibc-langpack-de + - glibc-langpack-en + - hostname + - iproute + - kbd + - nss-altfiles + - pciutils + - sudo + - usbutils +# shell tools and development + - bc + - gnupg2 + - fpaste + - lsof + - man-db + - mtr + - tree + - bzip2 + - zip + - unzip + - vim-enhanced + - ranger + - bash-completion + - fish + - qemu-system-x86-core + - qemu-ui-sdl + - qemu-img + - openvpn + - mutt + - nmap-ncat + - isync + - weechat + - duplicity + - openssh-server + - systemd-container + - git + - patchutils + - make + - strace + - wget + - w3m + - cockpit-system + - cockpit-ws + - syncthing + - krb5-workstation + +# desktop plumbing/apps + - dejavu-sans-fonts + - dejavu-serif-fonts + - dejavu-sans-mono-fonts + - fontawesome-fonts + - google-noto-emoji-color-fonts + + - gvfs-mtp + - pulseaudio-utils + - alsa-plugins-pulseaudio + - gstreamer1-plugins-good + - gstreamer1-plugins-ugly + - gstreamer1-libav + # for wf-recorder + - libavdevice + + - pavucontrol + - pcmanfm + - simple-scan + - nm-connection-editor + - eog + - evince + - rhythmbox + - gnome-keyring + - pinentry-gnome3 + - lxpolkit + - lxterminal + - gnome-disk-utility + - gtimelog + +# sway/wayland desktop + - sway + - swayidle + - swaylock + - kanshi + - mako + - waybar + - slurp + - grim + - xorg-x11-server-Xwayland + - firefox-wayland + - wofi + - brightnessctl + - wl-clipboard + +exclude-packages: + # recommended by sway + - alacritty + - brltty + - glibc-all-langpacks + - xdg-desktop-portal-wlr + # recommended by gtimelog + - yelp + +add-files: + - ["2015-RH-IT-Root-CA.pem", "/etc/pki/ca-trust/source/anchors/2015-RH-IT-Root-CA.pem"] + +postprocess-script: pitti-post.sh diff --git a/pitti-post.sh b/pitti-post.sh new file mode 100755 index 0000000..5491324 --- /dev/null +++ b/pitti-post.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +set -xeuo pipefail + +# Enable SysRQ +echo 'kernel.sysrq = 1' > /usr/lib/sysctl.d/90-sysrq.conf + +# power saving +echo 'blacklist e1000e' > /usr/lib/modprobe.d/blacklist-local.conf + +# NetworkManager config +cat < /usr/lib/NetworkManager/conf.d/local.conf +[main] +plugins= + +[device] +wifi.backend=iwd +EOF +ln -sfn ../iwd.service /usr/lib/systemd/system/multi-user.target.wants/iwd.service +ln -sfn /run/NetworkManager/resolv.conf /etc/resolv.conf + +# enable other units +mkdir -p /usr/lib/systemd/system/getty.target.wants +ln -s ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service +ln -s ../systemd-timesyncd.service /usr/lib/systemd/system/sysinit.target.wants/systemd-timesyncd.service +ln -s ../cockpit.socket /usr/lib/systemd/system/sockets.target.wants/cockpit.socket +ln -s ../sshd.socket /usr/lib/systemd/system/sockets.target.wants/sshd.socket + +# disable unwanted services +ln -sfn /dev/null /usr/lib/systemd/user/at-spi-dbus-bus.service + +# move OS systemd unit defaults to /usr +cp -a --verbose /etc/systemd/system /etc/systemd/user /usr/lib/systemd/ +rm -r /etc/systemd/system /etc/systemd/user + +# avoid LVM spew in /etc +sed -i 's/backup = 1/backup = 0/; s/archive = 1/archive = 0/' /etc/lvm/lvm.conf + +# update for Red Hat certificate +ln -s /etc/pki/ca-trust/source/anchors/2015-RH-IT-Root-CA.pem /etc/pki/tls/certs/2015-RH-IT-Root-CA.pem +update-ca-trust diff --git a/rpmfusion.repo b/rpmfusion.repo new file mode 100644 index 0000000..e826798 --- /dev/null +++ b/rpmfusion.repo @@ -0,0 +1,18 @@ +[rpmfusion-free] +name=RPM Fusion for Fedora $releasever - Free +#baseurl=http://download1.rpmfusion.org/free/fedora/releases/$releasever/Everything/$basearch/os/ +metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-34&arch=$basearch +enabled=1 +metadata_expire=14d +type=rpm-md +gpgcheck=0 + +[rpmfusion-free-updates] +name=RPM Fusion for Fedora $releasever - Free - Updates +#baseurl=http://download1.rpmfusion.org/free/fedora/updates/$releasever/$basearch/ +metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-updates-released-34&arch=$basearch +enabled=1 +enabled_metadata=1 +type=rpm-md +gpgcheck=0 +repo_gpgcheck=0