chore: proposal refactor

Containerfile

@@ -19,21 +19,16 @@ ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}"
 
-COPY sys_files/usr /usr
+COPY system_files/usr /usr
 
 RUN --mount=type=cache,dst=/var/cache/rpm-ostree \
-    --mount=type=bind,from=ctx,src=/,dst=/ctx \
+    --mount=type=bind,rw=true,from=ctx,src=/,dst=/ctx \
     --mount=type=bind,from=config,src=/rpms,dst=/tmp/rpms \
     --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \
     --mount=type=bind,from=kernel,src=/tmp/rpms,dst=/tmp/kernel-rpms \
-    rm -f /usr/bin/chsh && \
-    rm -f /usr/bin/lchsh && \
-    mkdir -p /var/lib/alternatives && \
-    /ctx/install.sh && \
-    /ctx/post-install.sh && \
-    mv /var/lib/alternatives /staged-alternatives && \
-    /ctx/cleanup.sh && \
-    ostree container commit && \
-    mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \
-    mkdir -p /var/tmp && \
-    chmod -R 1777 /var/tmp
+    chmod +x /ctx/build_scripts/*.sh && \
+    for script in /ctx/build_scripts/*.sh; do $script; done \
+    && \
+    rpm-ostree cleanup -m && \
+    rm -rf /tmp/* /var/* && \
+    ostree container commit

build_scripts/000-setup.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+
+set -ouex pipefail
+
+mkdir -p /var/lib/alternatives

build_scripts/001-install-kmods.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/bash
+
+set -ouex pipefail
+
+RELEASE="$(rpm -E %fedora)"
+KERNEL_SUFFIX=""
+QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')"
+
+curl -Lo /etc/yum.repos.d/_copr_ublue-os_staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${RELEASE}"/ublue-os-staging-fedora-"${RELEASE}".repo
+curl -Lo /etc/yum.repos.d/_copr_kylegospo_oversteer.repo https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-"${RELEASE}"/kylegospo-oversteer-fedora-"${RELEASE}".repo
+
+rpm-ostree install \
+    /tmp/rpms/*.rpm \
+    /tmp/akmods-rpms/*.rpm \
+    fedora-repos-archive
+
+# Handle Kernel Skew with override replace
+rpm-ostree cliwrap install-to-root /
+if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then
+    echo "Installing signed kernel from kernel-cache."
+    cd /tmp
+    rpm2cpio /tmp/kernel-rpms/kernel-core-*.rpm | cpio -idmv
+    cp ./lib/modules/*/vmlinuz /usr/lib/modules/*/vmlinuz
+    cd /
+else
+    echo "Install kernel version ${KERNEL_VERSION} from kernel-cache."
+    rpm-ostree override replace \
+        --experimental \
+        --install=zstd \
+        /tmp/kernel-rpms/kernel-[0-9]*.rpm \
+        /tmp/kernel-rpms/kernel-core-*.rpm \
+        /tmp/kernel-rpms/kernel-modules-*.rpm
+fi

build_scripts/002-package-overrides.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/bash
+
+set -eoux pipefail
+
+# use negativo17 for 3rd party packages with higher priority than default
+curl -Lo /etc/yum.repos.d/negativo17-fedora-multimedia.repo https://negativo17.org/repos/fedora-multimedia.repo
+sed -i '0,/enabled=1/{s/enabled=1/enabled=1\npriority=90/}' /etc/yum.repos.d/negativo17-fedora-multimedia.repo
+
+# use override to replace mesa and others with less crippled versions
+rpm-ostree override replace \
+  --experimental \
+  --from repo='fedora-multimedia' \
+    libheif \
+    libva \
+    libva-intel-media-driver \
+    mesa-dri-drivers \
+    mesa-filesystem \
+    mesa-libEGL \
+    mesa-libGL \
+    mesa-libgbm \
+    mesa-libglapi \
+    mesa-libxatracker \
+    mesa-va-drivers \
+    mesa-vulkan-drivers
+
+if [[ "$FEDORA_MAJOR_VERSION" -ne "41" ]]; then
+    rpm-ostree override replace \
+        --experimental \
+        --from repo='fedora-multimedia' \
+        libvdpau
+fi

build_scripts/003-packages.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -ouex pipefail
+
+# Helper function to parse packages
+get_packages() {
+  local type="$1"
+  jq -r "[(.all.${type} | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \
+           (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".${type} | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \
+           | sort | unique[]" /ctx/packages.json
+}
+
+# Get package lists
+INCLUDED_PACKAGES=($(get_packages "include"))
+EXCLUDED_PACKAGES=($(get_packages "exclude"))
+
+# Filter out only installed packages from the exclusion list
+if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
+    EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]}))
+fi
+
+# Run rpm-ostree with necessary installs and removals
+if [[ "${#INCLUDED_PACKAGES[@]}" -gt 0 || "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
+    rpm-ostree override remove \
+        ${EXCLUDED_PACKAGES[@]} \
+        $(printf -- "--install=%s " ${INCLUDED_PACKAGES[@]})
+else
+    echo "No packages to install or remove."
+fi
+
+# Check if excluded packages are still present due to dependencies
+EXCLUDED_PACKAGES=($(get_packages "exclude"))
+if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
+    EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]}))
+fi
+
+# Remove any remaining excluded packages
+if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then
+    rpm-ostree override remove \
+        ${EXCLUDED_PACKAGES[@]}
+fi

build_scripts/004-initramfs.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+
+set -eoux pipefail
+
+KERNEL_SUFFIX=""
+QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')"
+
+if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then
+    QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(\d+\.\d+\.\d+)' | sed -E 's/kernel-//')"
+    /usr/libexec/rpm-ostree/wrapped/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
+    chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
+fi

build_scripts/005-coreos-sulogin.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+set -eoux pipefail
+
+# use CoreOS' generator for emergency/rescue boot
+# see detail: https://github.com/ublue-os/main/issues/653
+CSFG=/usr/lib/systemd/system-generators/coreos-sulogin-force-generator
+curl -sSLo ${CSFG} https://raw.githubusercontent.com/coreos/fedora-coreos-config/refs/heads/stable/overlay.d/05core/usr/lib/systemd/system-generators/coreos-sulogin-force-generator
+chmod +x ${CSFG}

build_scripts/006-remove-footguns.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/bash
+
+set -eoux pipefail
+
+rm -f /usr/bin/chsh
+rm -f /usr/bin/lchsh
+
+# prevent gnome software from warning about dkms secureboot as these warnings
+# would duplicate warnings provided by ublue already. we don't want confusion
+rm -f /usr/libexec/gnome-software-dkms-helper

post-install.sh → build_scripts/998-post-install.sh

@@ -13,7 +13,7 @@ systemctl --global enable flatpak-user-update.timer
 
 cp /usr/share/ublue-os/update-services/etc/rpm-ostreed.conf /etc/rpm-ostreed.conf
 
-ln -s "/usr/share/fonts/google-noto-sans-cjk-fonts" "/usr/share/fonts/noto-cjk" 
+ln -s "/usr/share/fonts/google-noto-sans-cjk-fonts" "/usr/share/fonts/noto-cjk"
 
 rm -f /etc/yum.repos.d/_copr_ublue-os_staging.repo
 rm -f /etc/yum.repos.d/_copr_kylegospo_oversteer.repo