diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 484ab7b1ef..8271da4983 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -70,7 +70,7 @@ jobs: is_latest_version: true is_stable_version: true kernel_flavor: bazzite # must match a kernel_flavor from akmods repo - kernel_version: 6.11.5-307.bazzite.fc41.x86_64 # must match a cached version of the above flavor + kernel_version: 6.11.5-310.bazzite.fc41.x86_64 # must match a cached version of the above flavor exclude: - base_name: bazzite target_nvidia_flavor: nvidia @@ -172,7 +172,7 @@ jobs: sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods-${{ matrix.target_nvidia_flavor }}:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}-${{ matrix.kernel_version }} # Add rechunk as well to remove this source of failure - sudo podman pull ghcr.io/hhd-dev/rechunk:v0.8.3 + sudo podman pull ghcr.io/hhd-dev/rechunk:v1.0.1 - name: Get source versions id: labels @@ -268,16 +268,35 @@ jobs: echo "Generated the following:" cat $GITHUB_OUTPUT + - name: Check Secureboot + shell: bash + run: | + set -x + if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then + sudo apt update + sudo apt install sbsigntool curl openssl + fi + TMP=$(sudo podman create raw-img bash) + sudo podman cp $TMP:/usr/lib/modules/${{ matrix.kernel_version }}/vmlinuz . + sudo podman rm $TMP + sudo chmod 666 vmlinuz # might not be needed + sbverify --list vmlinuz + curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + openssl x509 -in kernel-sign.der -out kernel-sign.crt + openssl x509 -in akmods.der -out akmods.crt + sbverify --cert kernel-sign.crt vmlinuz || exit 1 + sbverify --cert akmods.crt vmlinuz || exit 1 + # Reprocess raw-img using rechunker which will delete it - name: Run Rechunker id: rechunk - uses: hhd-dev/rechunk@v0.8.6 + uses: hhd-dev/rechunk@v1.0.1 with: - rechunk: 'ghcr.io/hhd-dev/rechunk:v0.8.3' + rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1' ref: 'raw-img' prev-ref: '${{ steps.generate-prev-ref.outputs.ref }}' version: '${{ steps.generate-version.outputs.tag }}' - skip_compression: 1 labels: | io.artifacthub.package.logo-url=https://raw.githubusercontent.com/ublue-os/bazzite/main/repo_content/logo.png io.artifacthub.package.readme-url=https://docs.bazzite.gg @@ -352,36 +371,6 @@ jobs: done echo "alias_tags=${BUILD_TAGS[*]}" >> $GITHUB_OUTPUT - # Pull oci-dir image, remove oci dir to make space, and then tag appropriately - - name: Load in podman and tag - run: | - IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }}) - sudo rm -rf ${{ steps.rechunk.outputs.output }} - for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do - podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag - done - # keep for secureboot check - podman tag $IMAGE rechunked-img - - - name: Check Secureboot - shell: bash - run: | - set -x - if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then - sudo apt update - sudo apt install sbsigntool curl openssl - fi - TMP=$(podman create rechunked-img bash) - podman cp $TMP:/usr/lib/modules/${{ matrix.kernel_version }}/vmlinuz . - podman rm $TMP - sbverify --list vmlinuz - curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der - curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der - openssl x509 -in kernel-sign.der -out kernel-sign.crt - openssl x509 -in akmods.der -out akmods.crt - sbverify --cert kernel-sign.crt vmlinuz || exit 1 - sbverify --cert akmods.crt vmlinuz || exit 1 - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 - name: Lowercase Registry @@ -395,21 +384,22 @@ jobs: uses: Wandalen/wretry.action@v3.5.0 id: push if: github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} with: - action: redhat-actions/push-to-registry@v2 attempt_limit: 3 attempt_delay: 15000 - with: | - image: ${{ env.IMAGE_NAME }} - tags: ${{ steps.generate-tags.outputs.alias_tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --compression-format=zstd:chunked + command: | + echo "${{ secrets.GITHUB_TOKEN }}" | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin + for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do + sudo skopeo copy ${{ steps.rechunk.outputs.ref }} docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:$tag + done + + - name: Get Image Digest + id: digest + run: | + # Get digest for signing + DIGEST=$(sudo skopeo inspect --format '{{.Digest}}' ${{ steps.rechunk.outputs.ref }}) + echo "Digest is: $DIGEST" + echo "digest=${DIGEST}" >> $GITHUB_OUTPUT - name: Sign container image uses: EyeCantCU/cosign-action/sign@v0.3.0 @@ -418,12 +408,7 @@ jobs: containers: ${{ env.IMAGE_NAME }} registry-token: ${{ secrets.GITHUB_TOKEN }} signing-secret: ${{ secrets.SIGNING_SECRET }} - tags: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} - - - name: Echo outputs - if: github.event_name != 'pull_request' - run: | - echo "${{ toJSON(steps.push.outputs) }}" + tags: ${{ steps.digest.outputs.digest }} generate_release: name: Generate Release diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 964ff97056..7668ed7089 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -35,7 +35,7 @@ jobs: - bazzite-gnome-asus-nvidia - bazzite-asus-nvidia-open - bazzite-gnome-asus-nvidia-open - major_version: [40] + major_version: [41] steps: - name: Free Disk Space (Ubuntu) @@ -111,7 +111,7 @@ jobs: curl -Lo ${{ github.workspace }}/bazzite.repo https://copr.fedorainfracloud.org/coprs/kylegospo/bazzite/repo/fedora-${{ matrix.major_version }}/kylegospo-bazzite-fedora-${{ matrix.major_version }}.repo - name: Build ISOs - uses: jasonn3/build-container-installer@v1.2.2 + uses: jasonn3/build-container-installer@v1.2.3 id: build with: arch: x86_64 diff --git a/spec_files/steamdeck-dsp/bazzite.patch b/spec_files/steamdeck-dsp/bazzite.patch index 9f10c1e7f2..8234137045 100644 --- a/spec_files/steamdeck-dsp/bazzite.patch +++ b/spec_files/steamdeck-dsp/bazzite.patch @@ -26,7 +26,7 @@ index ac7adb6..d46bb14 100755 for cffile in "$prpath"/"$confd"/*.conf do - [ -f "$cffile" ] && cp -av "$cffile" $runconf/"$confd" -+ [ -f "$cffile" ] && /usr/bin/cp -avf "$cffile" $confdir/"$confd" ++ [ -f "$cffile" ] && /usr/bin/cp -avf "$cffile" $confdir/"$confd" || true done fi done @@ -90,14 +90,14 @@ index 3f03354..1e43489 100755 for cffile in "$prpath"/"$confd"/*.lua do - [ -f "$cffile" ] && cp -av "$cffile" $runconf/"$confd" -+ [ -f "$cffile" ] && /usr/bin/cp -avf "$cffile" $confdir/"$confd" ++ [ -f "$cffile" ] && /usr/bin/cp -avf "$cffile" $confdir/"$confd" || true done ;; *.conf.d) for cffile in "$prpath"/"$confd"/*.conf do - [ -f "$cffile" ] && cp -av "$cffile" $runconf/"$confd" -+ [ -f "$cffile" ] && /usr/bin/cp -avf "$cffile" $confdir/"$confd" ++ [ -f "$cffile" ] && /usr/bin/cp -avf "$cffile" $confdir/"$confd" || true done ;; esac diff --git a/system_files/deck/shared/usr/share/ublue-os/just/85-bazzite-image.just b/system_files/deck/shared/usr/share/ublue-os/just/85-bazzite-image.just index eeabed965b..7ed0898643 100644 --- a/system_files/deck/shared/usr/share/ublue-os/just/85-bazzite-image.just +++ b/system_files/deck/shared/usr/share/ublue-os/just/85-bazzite-image.just @@ -89,26 +89,6 @@ enable-ryzenadj-max-performance: sudo udevadm control --reload-rules echo 'installation complete. Reboot to take effect' -# toggles password prompt feedback in terminal, where sudo password prompts will display asterisks when enabled -toggle-password-feedback ACTION="": - #!/usr/bin/bash - PWFEEDBACK_FILE="/etc/sudoers.d/enable-pwfeedback" - OPTION={{ ACTION }} - - if [ "$OPTION" = "on" ]; then - echo 'Defaults pwfeedback' | sudo tee $PWFEEDBACK_FILE - echo "enabled, restart terminal to see changes" - elif [ "$OPTION" = "off" ]; then - sudo rm -f $PWFEEDBACK_FILE - echo "disabled pwfeedback. restart your terminal to see changes" - elif sudo test -f $PWFEEDBACK_FILE; then - sudo rm -f $PWFEEDBACK_FILE - echo "disabled pwfeedback. restart your terminal to see changes" - else - echo 'Defaults pwfeedback' | sudo tee $PWFEEDBACK_FILE - echo "enabled, restart terminal to see changes" - fi - # disables ryzenadj --max-performance on AC power disable-ryzenadj-max-performance: #/bin/bash diff --git a/system_files/desktop/shared/usr/share/ublue-os/firstboot/yafti.yml b/system_files/desktop/shared/usr/share/ublue-os/firstboot/yafti.yml index 3f81f78d4e..cff3104f80 100644 --- a/system_files/desktop/shared/usr/share/ublue-os/firstboot/yafti.yml +++ b/system_files/desktop/shared/usr/share/ublue-os/firstboot/yafti.yml @@ -9,19 +9,14 @@ screens: title: "Welcome to Bazzite" icon: "/usr/share/ublue-os/bazzite/logo.svg" description: | - Configure your system to get started. This utility can be re-opened at any time, so don't feel like you have to get it perfect your first go-through. - configure-bazzite: + Install additional applications. + applications: source: yafti.screen.package values: title: Setting up Bazzite show_terminal: true package_manager: yafti.plugin.run groups: - Add input group to current user: - description: Adds the input group to your current user. Required by certain controller drivers. - default: true - packages: - - Set input group: sudo -A ujust add-user-to-input-group Sunshine: description: A self-hosted game stream host for Moonlight default: false @@ -33,31 +28,6 @@ screens: default: false packages: - Retrieve EmuDeck: ujust install-emudeck - OpenRazer: - description: Enables additional capabilities for Razer Hardware - default: false - packages: - - Install OpenRazer: ujust install-openrazer - OpenRGB: - description: Open source RGB lighting control that doesn't depend on manufacturer software - default: false - packages: - - Install OpenRGB: ujust install-openrgb - OpenTabletDriver: - description: Open source, cross-platform, user-mode tablet driver - default: false - packages: - - Install OpenTabletDriver: ujust install-opentabletdriver - Oversteer: - description: Application to control supported steering wheels - default: false - packages: - - Install Oversteer: ujust install-oversteer - Wootility: - description: A configurator for Wooting keyboards - default: false - packages: - - Retrieve Wootility: ujust install-wootility Resilio Sync: description: A file synchronization utility powered by BitTorrent default: false @@ -88,135 +58,53 @@ screens: package_manager: yafti.plugin.run packages: - Supergfxctl (Hybrid GPU Switching): ujust enable-supergfxctl - applications: + configure-bazzite: source: yafti.screen.package values: - title: Application Installation + title: System Configuration show_terminal: true - package_manager: yafti.plugin.flatpak - package_manager_defaults: - user: true - system: false + package_manager: yafti.plugin.run groups: - Web Browsers: - description: Additional browsers to complement Firefox - default: false - packages: - - Brave: com.brave.Browser - - Google Chrome: com.google.Chrome - - LibreWolf: io.gitlab.librewolf-community - - Microsoft Edge: com.microsoft.Edge - - Opera: com.opera.Opera - - Vivaldi: com.vivaldi.Vivaldi - Gaming: - description: "Rock and Stone!" - default: false + Add input group to current user: + description: Adds the input group to your current user. Required by certain controller drivers. + default: true packages: - - BoilR: io.github.philipk.boilr - - Bottles: com.usebottles.bottles - - Chiaki (PlayStation Remote Play): re.chiaki.Chiaki - - Discord: com.discordapp.Discord - - DOSBox Staging: io.github.dosbox-staging - - GeForce NOW Electron: io.github.hmlendea.geforcenow-electron - - Greenlight: io.github.unknownskl.greenlight - - Heroic Games Launcher (GOG & Epic): com.heroicgameslauncher.hgl - - itch: io.itch.itch - - ludusavi (Game Save Backup): com.github.mtkennerly.ludusavi - - Minecraft (Prism Launcher): org.prismlauncher.PrismLauncher - - Minecraft Bedrock Launcher: io.mrarm.mcpelauncher - - Moonlight: com.moonlight_stream.Moonlight - - Mumble: info.mumble.Mumble - - OpenMW: org.openmw.OpenMW - - osu: sh.ppy.osu - - Space Cadet Pinball: com.github.k4zmu2a.spacecadetpinball - - Sonic Robo Blast 2: org.srb2.SRB2 - - Sonic Robo Blast 2 Kart: org.srb2.SRB2Kart - - Steam Link: com.valvesoftware.SteamLink - - SuperTux: org.supertuxproject.SuperTux - - SuperTuxKart: net.supertuxkart.SuperTuxKart - - TeamSpeak: com.teamspeak.TeamSpeak - - XIV Launcher (Final Fantasy XIV): dev.goats.xivlauncher - Emulation: - description: Play games like it's 1972 + - Set input group: sudo -A ujust add-user-to-input-group + Visible Password Aestriks: + description: Toggles pwfeedback on. + default: true + packages: + - Enable pwfeedback: sudo -A ujust toggle-password-feedback on + OpenRazer: + description: Enables additional capabilities for Razer Hardware default: false packages: - - Cemu: info.cemu.Cemu - - Dolphin: org.DolphinEmu.dolphin-emu - - DuckStation: org.duckstation.DuckStation - - MAME: org.mamedev.MAME - - melonDS: net.kuribo64.melonDS - - mGBA: io.mgba.mGBA - - PCSX2: net.pcsx2.PCSX2 - - Parallel Launcher: ca.parallel_launcher.ParallelLauncher - - Pegasus: org.pegasus_frontend.Pegasus - - PPSSPP: org.ppsspp.PPSSPP - - RetroArch: org.libretro.RetroArch - - RetroDECK: net.retrodeck.retrodeck - - Rosalie's Mupen GUI: com.github.Rosalie241.RMG - - RPCS3: net.rpcs3.RPCS3 - - Ryujinx: org.ryujinx.Ryujinx - - ScummVM: org.scummvm.ScummVM - - Snes9x: com.snes9x.Snes9x - - Stella: io.github.stella_emu.Stella - - xemu: app.xemu.xemu - Streaming: - description: Stream to the Internet + - Install OpenRazer: ujust install-openrazer + OpenRGB: + description: Open source RGB lighting control that doesn't depend on manufacturer software default: false packages: - - OBS Studio: com.obsproject.Studio - - Boatswain for Streamdeck: com.feaneron.Boatswain - Music: - description: "Rock and Roll!" + - Install OpenRGB: ujust install-openrgb + OpenTabletDriver: + description: Open source, cross-platform, user-mode tablet driver default: false packages: - - Cider (Apple Music Client): sh.cider.Cider - - Spotify: com.spotify.Client - - Strawberry Music Player: org.strawberrymusicplayer.strawberry - - Tidal-hifi: com.mastermindzh.tidal-hifi - Office and Productivity: - description: Bow to Capitalism + - Install OpenTabletDriver: ujust install-opentabletdriver + Oversteer: + description: Application to control supported steering wheels default: false packages: - - Ardour: org.ardour.Ardour - - Blender: org.blender.Blender - - darktable: org.darktable.Darktable - - GIMP: org.gimp.GIMP - - Inkscape: org.inkscape.Inkscape - - Joplin: net.cozic.joplin_desktop - - Kdenlive: org.kde.kdenlive - - Krita: org.kde.krita - - LibreOffice: org.libreoffice.LibreOffice - - Obsidian: md.obsidian.Obsidian - - OnlyOffice: org.onlyoffice.desktopeditors - - Planify: io.github.alainm23.planify - - Slack: com.slack.Slack - - Standard Notes: org.standardnotes.standardnotes - - Tenacity: org.tenacityaudio.Tenacity - - Thunderbird Email: org.mozilla.Thunderbird - - Xournal++: com.github.xournalpp.xournalpp - Utilities and System Tools: - description: Helpful tools + - Install Oversteer: ujust install-oversteer + CoolerControl: + description: A GUI for viewing all your system's sensors and for creating custom fan and pump profiles + default: false + packages: + - Install CoolerControl: ujust install-coolercontrol + Wootility: + description: A configurator for Wooting keyboards default: false packages: - - AppImage Pool: io.github.prateekmedia.appimagepool - - Barrier: com.github.debauchee.barrier - - Bitwarden: com.bitwarden.desktop - - Calibre: com.calibre_ebook.calibre - - DejaDup: org.gnome.DejaDup - - Easy Effects: com.github.wwmm.easyeffects - - Fedora Media Writer: org.fedoraproject.MediaWriter - - Gradience: com.github.GradienceTeam.Gradience - - JamesDSP: me.timschneeberger.jdsp4linux - - KeePassXC: org.keepassxc.KeePassXC - - Main Menu: page.codeberg.libre_menu_editor.LibreMenuEditor - - Metadata Cleaner: fr.romainvigier.MetadataCleaner - - Pika Backup: org.gnome.World.PikaBackup - - qBittorrent: org.qbittorrent.qBittorrent - - Resources: net.nokyan.Resources - - SaveDesktop: io.github.vikdevelop.SaveDesktop - - Solaar: io.github.pwr_solaar.solaar - - Syncthing: com.github.zocker_160.SyncThingy - - VLC: org.videolan.VLC + - Retrieve Wootility: ujust install-wootility final-screen: source: yafti.screen.title values: @@ -234,4 +122,4 @@ screens: - "Reboot now": run: systemctl reboot description: | - Thank you for trying Bazzite. Please reboot to apply changes made by this setup utility. + Please reboot to apply changes made by this setup utility. diff --git a/system_files/desktop/shared/usr/share/ublue-os/just/80-bazzite.just b/system_files/desktop/shared/usr/share/ublue-os/just/80-bazzite.just index be6dfe7415..1e7e82e9ca 100644 --- a/system_files/desktop/shared/usr/share/ublue-os/just/80-bazzite.just +++ b/system_files/desktop/shared/usr/share/ublue-os/just/80-bazzite.just @@ -351,6 +351,26 @@ benchmark: echo 'Running a 1 minute benchmark ...' cd /tmp && stress-ng --matrix 0 -t 1m --times +# toggles password prompt feedback in terminal, where sudo password prompts will display asterisks when enabled +toggle-password-feedback ACTION="": + #!/usr/bin/bash + PWFEEDBACK_FILE="/etc/sudoers.d/enable-pwfeedback" + OPTION={{ ACTION }} + + if [ "$OPTION" = "on" ]; then + echo 'Defaults pwfeedback' | sudo tee $PWFEEDBACK_FILE + echo "enabled, restart terminal to see changes" + elif [ "$OPTION" = "off" ]; then + sudo rm -f $PWFEEDBACK_FILE + echo "disabled pwfeedback. restart your terminal to see changes" + elif sudo test -f $PWFEEDBACK_FILE; then + sudo rm -f $PWFEEDBACK_FILE + echo "disabled pwfeedback. restart your terminal to see changes" + else + echo 'Defaults pwfeedback' | sudo tee $PWFEEDBACK_FILE + echo "enabled, restart terminal to see changes" + fi + post-gamescope-logs: #!/usr/bin/bash OUTPUT_FILE="/tmp/gathered_info.txt"