There are various different ways to contribute to winesapOS:
- Open up new GitHub issues for feature requests or bugs to be addressed.
- Help create documentation, create new features, or fix bugs.
-
Extra attention and help is needed on these issues.
-
For code contributions, first copy of the pre-commit script to ensure the code passes these tests:
$ cp git/hooks/pre-commit .git/hooks/pre-commit
-
This guide focuses on the technical architecture and workflows for winesapOS development.
winesapOS supports both GRUB and systemd-boot. GRUB is used by default due to more features being supported.
General comparison:
GRUB | systemd-boot | |
---|---|---|
Supported BIOS type | Legacy BIOS and UEFI | UEFI only |
Supported file systems | Any | FAT32 only |
Mounts | /boot/ (GRUB) and /boot/efi/ (EFI) | /boot/ (systemd-boot and EFI) |
Requires EFI variables for UEFI support | No | Yes |
winesapOS feature comparison:
GRUB | systemd-boot | |
---|---|---|
Supported build system | Container and VM | VM only |
Btrfs snapshot menu | Yes (grub-btrfs) | No |
Dual-boot support | Yes (os-prober) | No |
LUKS encryption | Yes | No |
Performance Image
Partition | Label | File System | Size | Description |
---|---|---|---|---|
1 | None | None | 2 MiB | BIOS boot backwards compatibility. |
2 | wos-drive | exFAT | 16 GiB | Cross-platform flash drive storage. |
3 | WOS-EFI | FAT32 | 500 MiB | UEFI boot firmware. |
4 | winesapos-boot | ext4 | 1 GiB | GRUB boot loader and Linux kernel. |
5 | winesapos-root | Btrfs | 100% | The root and home file systems. |
Secure Image
Partition | Label | File System | Size | Description |
---|---|---|---|---|
1 | None | None | 2 MiB | BIOS boot backwards compatibility. |
2 | wos-drive | exFAT | 16 GiB | Cross-platform flash drive storage. |
3 | WOS-EFI | FAT32 | 500 MiB | UEFI boot firmware. |
4 | winesapos-boot | ext4 | 1 GiB | GRUB boot loader and Linux kernel. |
5 | winesapos-luks | LUKS | 100% | The encrypted root and home file systems. |
/dev/mapper/cryptroot | winesapos-root | Btrfs | 100% | The root and home file systems. |
Minimal Image
Partition | Label | File System | Size | Description |
---|---|---|---|---|
1 | None | None | 2 MiB | BIOS boot backwards compatibility. |
2 | WOS-EFI | FAT32 | 500 MiB | UEFI boot firmware. |
3 | winesapos-boot | ext4 | 1 GiB | GRUB boot loader and Linux kernel. |
4 | winesapos-root | Btrfs | 100% | The root and home file systems. |
These are custom files and scripts that are installed as part of winesapOS. Unless otherwise stated, the source file can be found at the related path in the rootfs
directory.
/etc/modprobe.d/winesapos-broadcom-wifi.conf
= If Broadcom Wi-Fi hardare is detected and there is no Internet connection, the proprietary driver is configured./etc/modprobe.d/winesapos-controllers.conf
= Configure Xbox controller support.- Source:
scripts/winesapos-setup.sh
- Source:
/etc/modprobe.d/winesapos-framework-als-deactivate.conf
= If a Framework laptop is detected, the ambient light sensor is disabled to fix input from special keys on the keyboard.- Source:
scripts/winesapos-setup.sh
- Source:
/etc/modprobe.d/winesapos-mac.conf
= Configure Mac support.- Source:
scripts/winesapos-setup.sh
- Source:
/etc/modprobe.d/winesapos-nvidia.conf
= Configure support for the NVIDIA open kernel module.- Source:
scripts/winesapos-setup.sh
- Source:
/etc/modprobe.d/winesapos-nvidia-hibernate.conf
= Configure NVIDIA hibernation support.- Source:
scripts/winesapos-setup.sh
- Source:
/etc/NetworkManager/conf.d/wifi_backend.conf
= Configures NetworkManger to use the IWD backend.- Source:
scripts/winesapos-install.sh
- Source:
/etc/snapper/configs/{root,home}
= The Snapper configuration for Btrfs backups.- Source:
rootfs/etc/snapper/configs/root
- Source:
/usr/local/bin/winesapos-mute.sh
= The script for the winesapos-mute.service./var/winesapos/graphics
= The graphics type that was selected during the setup process: amd, intel, nvidia-new, nvidia-old, virtualbox, or vmware.- Source:
scripts/winesapos-setup.sh
- Source:
/var/winesapos/IMAGE_TYPE
= The image type that was set during the build process.- Source:
scripts/winesapos-install.sh
- Source:
/home/winesap/.winesapos/winesapos-dual-boot.desktop
= A desktop shortcut for the winesapOS Dual-Boot Installer. There is also a symlink from '/home/winesap/Desktop/winesapos-dual-boot.desktop' to this file./home/winesap/.winesapos/winesapos-ngfn.desktop
= A desktop shortcut for the NVIDIA GeForce Now game streaming. There is also a symlink from '/home/winesap/Desktop/winesapos-ngfn.desktop' to this file./home/winesap/.winesapos/winesapos-setup.desktop
= A desktop shortcut for the winesapOS First-Time Setup wizard. There is also a symlink from '/home/winesap/Desktop/winesapos-setup.desktop' to this file./home/winesap/.winesapos/winesapos-upgrade.desktop
= A desktop shortcut for the winesapOS Upgrade wizard. There is also a symlink from '/home/winesap/Desktop/winesapos-upgrade.desktop' to this file./home/winesap/.winesapos/winesapos-xcloud.desktop
= A desktop shortcut for the Xbox Cloud Gaming streaming. There is also a symlink from '/home/winesap/Desktop/winesapos-xcloud.desktop' to this file./usr/local/bin/winesapos-resize-root-file-system.sh
= The script used for the winesapos-resize-root-file-system.service./home/winesap/.winesapos/winesapos-setup.sh
= The script used for the winesapOS First-Time Setup wizard.- Source:
scripts/winesapos-setup.sh
- Source:
/home/winesap/.winesapos/winesapos_logo_icon.png
= The winesapOS logo as a 96x96 icon for the winesapOS First-Time Setup and winesapOS Upgrade desktop shortcuts./home/winesap/.winesapos/winesapos-upgrade-remote-stable.sh
= The script used for the winesapOS Upgrade wizard. It pulls the latest upgrade script from the "stable" branch of winesapOS./usr/local/bin/winesapos-sddm-health-check.sh
= Check the status of SDDM and invoke a recovery console if it fails./etc/sysctl.d/50-winesapos-ram-write-cache.conf
= Configure caching writes into RAM.- Source:
scripts/winesapos-install.sh
- Source:
/etc/sysctl.d/99-vm-zram-parameters.conf
= Configure optimized zram settings used by Pop!_OS.- Source:
scripts/winesapos-setup.sh
- Source:
/etc/systemd/zram-generator.conf
= Configure zram to compress half of the available RAM.- Source:
scripts/winesapos-setup.sh
- Source:
/usr/lib/modprobe.d/winesapos-amd.conf
= Enable the AMDGPU driver for older graphics cards and apply various driver workarounds for known issues.- Source:
scripts/winesapos-install.sh
- Source:
/usr/lib/modprobe.d/winesapos-mac.conf
= Enable the Touch Bar driver (apple-touchbar) and disable the Ethernet over USB drivers which T2 Macs do not support.- Source:
scripts/winesapos-install.sh
- Source:
scripts/winesapos-setup.sh
- Source:
/usr/lib/modules-load.d/winesapos-mac.conf
= Enable the T2 driver (apple-bce).- Source:
scripts/winesapos-install.sh
- Source:
/usr/lib/os-release-winesapos
= The version and variant information for winesapOS. There is also a symlink from '/etc/os-release-winesapos' to this file./usr/lib/sysctl.d/50-winesapos-open-files.conf
= Configures an increased open files and memory mapping limit.- Source:
scripts/winesapos-install.sh
- Source:
/usr/lib/systemd/system/pacman-mirrors.service
= On Manjaro builds, this provides a service to find and configure the fastest mirrors for Pacman. This is not needed on Arch Linux builds as it has a Reflector service that comes with a service file./usr/lib/systemd/system/winesapos-resize-root-file-system.service
= A service that runs a script to resize the root file system upon first boot./usr/lib/systemd/system/winesapos-sddm-health-check.service
= Run the SDDM health check script for the first 5 minutes./usr/lib/systemd/user/winesapos-mute.service
= A user (not system) service for muting all audio. This is required for some newer Macs that have in-development hardware drivers that are extremely loud by default./usr/lib/systemd/user.conf.d/20-file-limits.conf
= Configure a higher open files limit.- Source:
scripts/winesapos-install.sh
- Source:
/usr/local/bin/winesapos-dual-boot.sh
= The script used for installing winesapOS in a dual-boot scenario./usr/local/bin/winesapos-ventoy-bootstrap.sh
= The script used to install Ventoy support./usr/share/libalpm/hooks/winesapos-etc-grub.d-10_linux.hook
= A Pacman hook to configure GRUB to use the winesapos-root label for booting in/etc/grub.d/10_linux
./usr/share/libalpm/hooks/winesapos-usr-share-grub-grub-mkconfig_lib.hook
= A Pacman hook to configure GRUB to use the winesapos-root label for booting in/usr/share/grub/grub-mkconfig_lib.hook
.
winesapOS supports builds using Arch Linux or Manjaro.
Feature | Arch Linux | Manjaro | Description |
---|---|---|---|
Pin package versions | Yes | No | Manjaro does not have an equivalent to the Arch Linux Archive (ALA). |
Stability | Low | High | Based on real-world testing and reported bugs, Manjaro builds are usually more stable than Arch Linux. |
AUR compatibility | High | Low | AUR packages target Arch Linux and sometimes have build and/or runtime issues on Manjaro. |
Arch Linux is used by default due to the compatibility with the large amount of AUR packages. However, developers have the option to create builds with Manjaro which provides an overall more stable experience.
Use a container build for:
- Local development builds. Run a single command to build a new winesapOS image.
- CI/CD builds. Quickly test and publish new changes.
- Release builds. This ensures consistency with what is being built and tested in CI.
Use a virtual machine build for:
- GPU passthrough. Applications and games that require GPU acceleration can be thoroughly tested.
- Desktop testing. Reboot directly into a virtual machine to see and manually test new changes that require user interaction.
Depending on which Arch Linux distribution you want to build, download the related installer. Both Arch Linux and Manjaro provide ISOs for a live CD environment.
A virtual machine is used to build winesapOS in a safe and isolated manner. The disks on the hypervisor will not be touched. It is assumed that QEMU/KVM will be used although other hypervisors can be used.
Requirements:
- UEFI boot
- 2 vCPUs
- 12 GB RAM
- Storage
- Minimal image = 8 GiB storage (to fit on a 16 GB flash drive)
- Performance or secure image = 25 GiB storage (to fit on a 32 GB flash drive)
-
Create the virtual storage device.
-
Minimal image:
sudo qemu-img create -f raw -o size=8G /var/lib/libvirt/images/winesapos.img
-
Performance or secure image:
sudo qemu-img create -f raw -o size=25G /var/lib/libvirt/images/winesapos.img
-
-
Create the virtual machine to use for installing winesapOS.
-
Arch Linux and Manjaro use an installer ISO image.
sudo virt-install --name winesapos --boot loader=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd,loader.readonly=yes,loader.secure='no',loader.type=pflash --vcpus 2 --memory 12288 --disk path=/var/lib/libvirt/images/winesapos.img,bus=virtio,cache=none --cdrom=/var/lib/libvirt/images/<INSTALLER_ISO>
-
Arch Linux and Manjaro:
- Virtual Machine Manager (virt-manager)
- File
- New Virtual Machine
- Local install media (ISO image or CDROM)
- Forward
- Choose ISO or CDROM install media: <INSTALLER_ISO>
- Forward
- Memory: 12288
- CPUs: 2
- Forward
- Enable storage for this virtual machine: yes
- Create a disk image for the virtual machine:
- Minimal image = 8.0 GiB
- Performance or secure image = 25.0 GiB
- Forward
- Name: winesapOS
- Customize configuration before install: yes
- Finish
- Overview
- Firmware: UEFI x86_64: /usr/share/edk2-ovmf/x64/OVMF_CODE.fd
- Apply
- Begin Installation
GNOME Boxes can be installed on any Linux distribution using Flatpak: flatpak install org.gnome.Boxes
.
-
+
-
Download and operating system
-
(Select the three dots to show all available operating systems)
-
(Search for and select "Arch Linux x86_64 (Live)")
-
Review and Create
-
Memory: 12.0 GiB
-
Storage limit:
- Minimal image = 8.0 GiB
- Performance or secure image = 25.0 GiB
-
Enable EFI: Yes
-
-
Create
The created QCOW2 image will be stored as a file here: ~/.var/app/org.gnome.Boxes/data/gnome-boxes/images/archlinux
. The downloaded ISO is stored as a file here: ~/Downloads/archlinux-x86_64.iso
.
For specialized builds, use environment variables to modify the installation settings.
$ export <KEY>=<VALUE>
Key | Values | Performance Value (Default) | Secure Value | Minimal Value | Description |
---|---|---|---|---|---|
WINESAPOS_DEBUG_INSTALL | true or false | true | true | true | Use set -x for debug shell logging during the installation. |
WINESAPOS_DEBUG_TESTS | true or false | false | false | false | Use set -x for debug shell logging during the tests. |
WINESAPOS_ENABLE_TESTING_REPO | true or false | false | false | false | Use the [winesapos-testing] repository instead of the stable [winesapos] repository during the installation. |
WINESAPOS_BUILD_IN_VM_ONLY | true or false | true | true | true | If the build should fail and exit if it is not in a virtual machine. Set to false for a bare-metal installation. |
WINESAPOS_CREATE_DEVICE | true or false | false | false | false | If the build should create and use an image file instead of using an existing block device. |
WINESAPOS_CREATE_DEVICE_SIZE | integer for GiB | (None) | (None) | (None) | Manually override the default values for the device size (8 GiB with no cross-platform storage and 25 GiB with). |
WINESAPOS_DEVICE | vda | vda | vda | If WINESAPOS_CREATE=false, then use the existing /dev/${WINESAPOS_DEVICE} block device to install winesapOS onto. |
|
WINESAPOS_PARTITION_TABLE | gpt | gpt | gpt | Create a gpt (GPT for UEFI and legacy BIOS support) or msdos (MBR for only legacy BIOS support) partition table. |
|
WINESAPOS_ENABLE_PORTABLE_STORAGE | true | true | false | If the 16 GiB exFAT flash drive storage should be enabled. | |
WINESAPOS_BUILD_CHROOT_ONLY | false | false | false | If partitioning and GRUB should be skipped for a chroot installation. | |
WINESAPOS_INSTALL_DIR | /winesapos | /winesapos | /winesapos | The chroot directory where winesapOS will be installed into. | |
WINESAPOS_DISTRO | arch or manjaro | arch | arch | arch | The Linux distribution to install with. |
WINESAPOS_HTTP_PROXY | (None) | (None) | (None) | ||
WINESAPOS_HTTP_PROXY_CA | (None) | (None) | (None) | ||
WINESAPOS_DE | i3, cinnamon, cosmic, gnome, plasma, plasma-mobile, or sway | plasma | plasma | plasma | The desktop environment to install. |
WINESAPOS_USER_NAME | winesap | winesap | winesap | The name of the user to create. | |
WINESAPOS_ENCRYPT | true or false | false | true | false | If the root partition should be encrypted with LUKS. |
WINESAPOS_ENCRYPT_PASSWORD | password | password | password | The default password for the encrypted root partition. | |
WINESAPOS_LOCALE | en_US.UTF-8 UTF-8 |
en_US.UTF-8 UTF-8 |
en_US.UTF-8 UTF-8 |
The locale to use for /etc/locale.gen . |
|
WINESAPOS_APPARMOR | true or false | false | true | false | If Apparmor should be installed and enabled. |
WINESAPOS_PASSWD_EXPIRE | true or false | false | true | false | If the root user password will be forced to be changed after first login. |
WINESAPOS_SUDO_NO_PASSWORD | true or false | true | false | true | If the user can run sudo without entering a password. |
WINESAPOS_FIREWALL | true or false | false | true | false | If a firewall (firewalld ) will be installed. |
WINESAPOS_CPU_MITIGATIONS | true or false | false | true | false | If processor mitigations should be enabled in the Linux kernel. |
WINESAPOS_DISABLE_KERNEL_UPDATES | true or false | false | false | false | If the Linux kernels should be excluded from being upgraded by Pacman. |
WINESAPOS_DISABLE_KWALLET | true or false | true | false | true | If Kwallet should be enabled for securing various passwords. |
WINESAPOS_ENABLE_KLIPPER | true or false | true | false | true | If Klipper should be disabled (as much as it can be) for storing copied text. |
WINESAPOS_INSTALL_GAMING_TOOLS | true or false | true | true | false | Install all gaming tools and launchers. |
WINESAPOS_INSTALL_PRODUCTIVITY_TOOLS | true or false | true | true | false | Install all productivity tools. |
WINESAPOS_IMAGE_TYPE | minimal, performance, or secure | performance | secure | minimal | The image type to set in the file /var/winesapos/IMAGE_TYPE . |
WINESAPOS_CUSTOM_SCRIPT | (None) | (None) | (None) | A custom script to run before the installation does a cleanup. | |
WINESAPOS_SINGLE_MIRROR | true or false | false | false | false | If a single mirror or a list of mirrors will be used. |
WINESAPOS_SINGLE_MIRROR_URL | http://ohioix.mm.fcix.net/archlinux |
http://ohioix.mm.fcix.net/archlinux |
http://ohioix.mm.fcix.net/archlinux |
http://ohioix.mm.fcix.net/archlinux |
If a single mirror or a list of mirrors will be used. It is assumed that ``${WINESAPOS_SINGLE_MIRROR_URL}/[archlinux |
WINESAPOS_BOOTLOADER | grub or systemd-boot | grub | grub | grub | The bootloader to use. |
WINESAPOS_ENV_FILE | (None) | (None) | (None) | The scripts/env/${WINESAPOS_ENV_FILE} to load during a container build. |
Once the virtual machine is running, a distribution of Arch Linux for winesapOS can be installed after the mirrors have been updated.
-
Arch Linux:
$ sudo journalctl -u reflector -f MMM DD HH:MM:SS archiso systemd[1]: reflector.service: Deactivated successfully.
-
Manjaro:
$ sudo journalctl -u mirrors-live -f MMM DD HH:MM:SS manjaro systemd[1]: mirrors-live.service: Deactivated successfully.
An automated script is provided to fully install the operating system. This script will only work in a virtual machine. Clone the entire project repository. This will provide additional files and scripts that will be copied into the virtual machine image.
Arch Linux requires installing the required git
dependency.
$ sudo pacman -S -y
$ sudo pacman -S git
Clone the GitHub repository:
$ git clone https://github.com/winesapos/winesapos.git
$ cd winesapos/scripts/
Before running the installation script, optionally set environment variables to configure the build. Use sudo -E
to load the environment variables.
-
Performance-focused image build:
-
Arch Linux (default):
# export WINESAPOS_DISTRO=arch # bash ./winesapos-install.sh
-
Manjaro:
$ export WINESAPOS_DISTRO=manjaro $ sudo -E bash ./winesapos-install.sh
-
-
Security-focused image build requires first sourcing the environment variables:
-
Arch Linux:
# export WINESAPOS_DISTRO=arch # . ./env/winesapos-env-secure.sh # bash ./winesapos-install.sh
-
Manjaro:
$ export WINESAPOS_DISTRO=manjaro $ . ./env/winesapos-env-secure.sh $ sudo -E bash ./winesapos-install.sh
-
-
Minimal storage-focused image build requires first sourcing the environment variables:
-
Arch Linux:
# export WINESAPOS_DISTRO=arch # . ./env/winesapos-env-minimal.sh # bash ./winesapos-install.sh
-
Manjaro:
$ export WINESAPOS_DISTRO=manjaro $ . ./env/winesapos-env-minimal.sh $ sudo -E bash ./winesapos-install.sh
-
When complete, shutdown the virtual machine (do NOT restart).
Cleanup the image before use.
$ sudo virt-sysprep --operations defaults,-customize -a /var/lib/libvirt/images/winesapos.img
The .github/workflows/main.yml
GitHub Actions workflow has the steps needed to automatically build an image using a container. These can be run manually.
If using a distribution that has SELinux in enforcing mode, set it to permissive first.
sudo setenforce 0
Both docker
and podman
are supported for builds.
Arch Linux build:
mkdir output && chmod 777 output
sudo docker build --pull --no-cache -t winesapos-img-builder build/.
sudo docker run --rm -v $(pwd):/workdir -v /dev:/dev --privileged=true winesapos-img-builder:latest /bin/bash -x /workdir/scripts/winesapos-build.sh
Manjaro build:
mkdir output && chmod 777 output
sed -i s'/archlinux:latest/manjarolinux\/base:latest/'g build/Dockerfile
sudo docker build --pull --no-cache -t winesapos-img-builder:manjaro build/.
sudo docker run --rm -v $(pwd):/workdir -v /dev:/dev --env WINESAPOS_DISTRO=manjaro --privileged=true winesapos-img-builder:manjaro /bin/bash -x /workdir/scripts/winesapos-build.sh
By default, the performance image is built. Use --env WINESAPOS_ENV_FILE=winesapos-env-minimal.sh
or --env WINESAPOS_ENV_FILE=winesapos-env-secure.sh
to build a different image type. Use the winesapOS testing repository with the argument --env WINESAPOS_ENABLE_TESTING_REPO=true
.
Optionally do a build using the Arch Linux Archive (ALA) by using --env WINESAPOS_SINGLE_MIRROR=true --env WINESAPOS_SINGLE_MIRROR_URL=https://archive.archlinux.org/repos/2024/08/12
. Manjaro does not have an ALA equivalent.
After the build, these files will be created:
output/
winesapos.img
= The raw image that was built.winesapos-install.log
= The install log.winesapos-install-rc.txt
= The return code from the tests indicating how many failed.winesapos-packages.txt
= The list of packages installed.
Run the tests to ensure that everything was setup correctly. These are automatically ran and logged as part of the install script. The tests must be run with Bash.
$ sudo bash ./winesapos-tests.sh
On the hypervisor, clean up the virtual machine image. This will ensure that the image will generated unique values for additional security and stability. The customize
operation is disabled because the operation will set a new machine-id which is not what we want. Our image already has a blank /etc/machine-id
file which will be automatically re-generated on first boot.
$ sudo virt-sysprep --operations defaults,-customize -a /var/lib/libvirt/images/winesapos.img
Optionally flash the image onto an external storage device for testing hardware. Otherwise, run manual tests using a virtual machine.
$ sudo dd if=/var/lib/libvirt/images/winesapos.img of=/dev/<DEVICE>
Manual tests:
- Accept every first-time setup option to install and configure the system.
- Open and use every program on the desktop.
- Package Managers
- Discover
- Install a Flatpak package:
org.gnome.BreakTimer
- Install a Flatpak package:
- bauh
- Install a Pacman package:
nginx
- Install a Flatpak package:
org.gabmus.gfeeds
- Install an AUR package:
cmatrix-git
- Install a Snap package:
lxd
- Install a Pacman package:
- AppImagePool
- Install an AppImage:
GitNote
- Install an AppImage:
- Discover
- Reboot and then use the display manager to launch Gamescope sessions for:
- Open Gamepad UI
- Steam
By default, the winesapOS upgrade script will update all upgrade files and exit if there are changes detected. For testing on a branch that is not stable
(such as staging
), set an environment variable to skip updating upgrade files as these are pulled from the stable
branch.
export WINESAPOS_UPGRADE_FILES=false
export WINESAPOS_UPGRADE_TESTING_REPO=true
export WINESAPOS_UPGRADE_VERSION_CHECK=false
curl https://raw.githubusercontent.com/winesapOS/winesapOS/staging/scripts/winesapos-upgrade.sh | sudo -E bash
For new contributors:
- Fork the
main
branch of the winesapOS/winesapOS git repository. - All shell scripts are written in Bash.
- Check for syntax errors by using the command
bash -n ${SCRIPT_FILE}
.
- Check for syntax errors by using the command
If adding a new application to winesapOS, these are all of the places it needs to be updated:
README.md
needs to mention that application under the "Usability" or "Gaming support" sections under the "Features" header.CHANGELOG.md
needs to mention that the application has has beenAdd
ed,Change
d, orRemove
d.src/winesapos-install.sh
- The installer copies shortcut files for GUI applications to the desktop.
src/winesapos-tests.sh
needs updated tests to at least check for the existence of the package and desktop shortcut (if applicable).
winesapOS ships two Linux kernels:
- Linux T2 = The latest stable Linux kernel with additional patches to support Intel Macs with the Apple T2 Security Chip.
- Linux LTS = The latest upstream Linux LTS kernel.
- A new version of this kernel is released every year around December.
- For Arch Linux builds,
linux-lts
is already used. For Manjaro builds, thelinux<MAJOR_VERSION><MINOR_VERSION>
package needs to be updated. - The Mac drivers need to build cleanly against this kernel.
- For Arch Linux builds,
- A new version of this kernel is released every year around December.
A container and script are provided to pre-build important AUR packages for winesapOS. If using a distribution that has SELinux in enforcing mode, set it to permissive first.
sudo setenforce 0
cd scripts/repo/
sudo docker build --pull --no-cache --tag ekultails/winesapos-build-repo:latest .
mkdir /tmp/winesapos-build-repo
chmod 777 /tmp/winesapos-build-repo
sudo docker run --name winesapos-build-repo --rm --volume /tmp/winesapos-build-repo:/output ekultails/winesapos-build-repo:latest &> /tmp/winesapos-build-repo_$(date --iso-8601=seconds).log
Check the amount of packages that failed to build (if any):
cat /tmp/winesapos-build-repo/winesapos-build-repo_exit-code.txt
Check to see what packages succeeded or failed to be built:
grep -P "PASSED|FAILED" /tmp/winesapos-build-repo_*.log
Those packages are then hosted on a Kubernetes cluster with the following requirements:
Apply all of the Kubernetes manifests to create NGINX containers on the Kubernetes cluster.
kubectl apply -f scripts/repo/k8s/
For copying new packages over, temporarily set deployment.spec.template.spec.containers.volumeMounts[0].readOnly
to false
.
kubectl --namespace winesapos-repo edit deployment deploy-winesapos-repo
Then copy the new files into one of the containers. A single persistent volume claim is shared among all of the containers.
kubectl --namespace winesapos-repo cp <PACKAGE_FILE> deploy-winesapos-repo-<UUID>:/usr/share/nginx/html/
For specialized repository builds, use environment variables to determine what packages will be built.
sudo docker run --name winesapos-build-repo --rm --env WINESAPOS_REPO_BUILD_TESTING=true --env WINESAPOS_REPO_BUILD_LINUX_GIT=true --env WINESAPOS_REPO_BUILD_MESA_GIT=true --volume /tmp/winesapos-build-repo:/output ekultails/winesapos-build-repo:latest &> /tmp/winesapos-build-repo_$(date --iso-8601=seconds).log
Key | Values | Default | Description |
---|---|---|---|
WINESAPOS_REPO_BUILD_TESTING | true or false | false | Name the Pacman repository database as "winesapos-testing" instead of "winesapos". |
WINESAPOS_REPO_BUILD_LINUX_GIT | true or false | false | Build linux-git . |
WINESAPOS_REPO_BUILD_MESA_GIT | true or false | false | Build mesa-git and lib32-mesa-git . |
As of winesapOS 3.4.0, all packages and the metadata database are signed using a GPG key.
- Sign all of the packages:
for pkg in $(ls -1 | grep "\.pkg\.tar"); do echo "${pkg}"; gpg --detach-sign --no-armor ${pkg}; done
- Update and sign the database:
repo-add --verify --sign winesapos.db.tar.gz ./*.pkg.tar.xz ./*.pkg.tar.zst
The winesapOS testing repository packages are automatically built and published on the 15th of every month. That GitHub Actions workflow can also be manually triggered at any time.
winesapOS supports running custom scripts before the installation finishes.
Specify the script to run before running winesapos-install.sh
:
$ export WINESAPOS_CUSTOM_SCRIPT=/path/to/script.sh
Hints for writing a custom script:
- Source the
scripts/env/winesapos-env-defaults.sh
environment variables to load useful functions. - Use one of the provided functions to install an application:
${CMD_FLATPAK_INSTALL[@]}
${CMD_PACMAN_INSTALL[@]}
${CMD_YAY_INSTALL[@]}
- Use
${WINESAPOS_INSTALL_DIR}
to reference the chroot directory used as part of the installation.
On the server that hosts the winesapOS repository, run these commands to automatically backup all of the files to the Wayback Machine (Internet Archive):
$ export WINESAPOS_VERSION=3.3.0
$ cd /data/winesapos-repo/repo/winesapos-${WINESAPOS_VERSION}
$ curl -v https://web.archive.org/save/https://winesapos.lukeshort.cloud/repo/${WINESAPOS_VERSION}
$ find . -exec curl -v https://web.archive.org/save/https://winesapos.lukeshort.cloud/repo/${WINESAPOS_VERSION}/{} \;
It is also possible for a community member to do a backup by downloading the a mirror of the repository to their computer first:
$ wget -m https://winesapos.lukeshort.cloud/repo/
$ cd winesapos.lukeshort.cloud
$ find . -name "*.html" -exec curl -v "https://web.archive.org/save/https://{}" ';'
These are tasks the need to happen before publishing a stable release.
-
Rebuild all AUR packages.
- First publish them to the
[winesapos-testing]
repository and test them via a new build. - For the stable build and release, sign and then move these packages to the
[winesapos]
repository.
- First publish them to the
-
Update the versions for these programs by changing these variables:
- rootfs/usr/local/bin/winesapos-ventoy-bootstrap.sh
VENTOY_VER
- scripts/winesapos-install.sh
ETCHER_VER
YAY_VER
- scripts/winesapos-setup.sh
PROTON_GE_VERSION
PROTON_SAREK_VERSION
- scripts/winesapos-upgrade.sh
CURL_STATIC_VER
ETCHER_VER
- scripts/repo/winesapos-build-repo.sh
YAY_VER
- rootfs/usr/local/bin/winesapos-ventoy-bootstrap.sh
-
Delete old git branches:
git branch -D <BRANCH> git push --delete origin <BRANCH>
-
Test upgrades from every old stable version to the new stable version.
-
Add upgrade notes to the
UPGRADES.md
file. -
For a new release, update the
rootfs/usr/lib/os-release-winesapos
file in the git repository with the newVERSION
andVERSION_ID
before building an image. -
Before building an alpha or beta build, enable the
[winesapos-testing]
repository withexport WINESAPOS_ENABLE_TESTING_REPO=true
. -
Create a "minimal" and "performance" release image (not "secure") using a container build.
- Due to the "secure" image having a common LUKS container encryption key that would be shared, users are encouraged to do their own custom build of winesapOS to generate a unique key instead.
-
Make sure that no tests failed by checking the exit/return code of the installation script. It should be zero. If not, that is how many tests have failed. Review the installation log for more details.
$ cat ./output/winesapos-install-rc.txt 0 $ less ./output/winesapos-install.log
-
Sanitize the image.
$ sudo cp ./output/winesapos.img /var/lib/libvirt/images/ $ sudo virt-sysprep --operations defaults,-customize -a /var/lib/libvirt/images/winesapos.img
-
Copy the packages list over for it to be checksummed.
$ sudo cp ./output/winesapos-packages.txt /var/lib/libvirt/images/winesapos-<VERSION>-[performance|minimal].packages.txt
-
Create a release by using the universal
zip
compression utility. Do this for the build of the "performance" (default) and "minimal" images.$ cd /var/lib/libvirt/images/ $ sudo mv winesapos.img winesapos-<VERSION>-[performance|minimal].img $ sudo zip winesapos-<VERSION>-[performance|minimal].img.zip winesapos-<VERSION>-[performance|minimal].img $ ls -1 | grep winesapos winesapos-<VERSION>-[performance|minimal].img winesapos-<VERSION>-[performance|minimal].img.zip
-
Create SHA512 checkums separately for the "performance" and "minimal" images and their related archive files. Users can then use those files to check for corruption or tampering.
$ sha512sum winesapos-<VERSION>-[performance|minimal]* > winesapos-<VERSION>-[performance|minimal].sha512sum.txt $ sha512sum --check winesapos-<VERSION>-[performance|minimal].sha512sum.txt
-
Create a tarball of the root file system from the minimal image.
$ export WINESAPOS_VERSION="4.1.0" $ sudo -E guestmount --add winesapos-${WINESAPOS_VERSION}-minimal.img --mount /dev/sda4 --ro /mnt $ sudo -E guestmount --add winesapos-${WINESAPOS_VERSION}-minimal.img --mount /dev/sda3 --ro /mnt/boot $ sudo -E guestmount --add winesapos-${WINESAPOS_VERSION}-minimal.img --mount /dev/sda2 --ro /mnt/boot/efi $ sudo -E tar --create --preserve-permissions --zstd --directory /mnt --file winesapos-${WINESAPOS_VERSION}-minimal-rootfs.tar.zst . $ sha512sum winesapos-${WINESAPOS_VERSION}-minimal-rootfs.tar.zst | sudo -E tee winesapos-${WINESAPOS_VERSION}-minimal-rootfs.sha512sum.txt
-
Take a screenshot of the desktop for the "performance" image.
- Set the desktop resolution to 1280x768.
- Use Squoosh to compress the image.
- Rename the image to
winesapos-desktop.jpg
and commit it to the git repository.
-
Create a git tag and push it.
$ git tag X.Y.Z $ git push origin X.Y.Z
-
Sync the stable branch with the latest tag. This is required for the upgrade script. Old versions of winesapOS will pull the latest upgrade script from the stable branch.
$ git checkout stable $ git rebase X.Y.Z $ git push origin stable
-
Upload the images to be hosted at
https://winesapos.lukeshort.cloud/repo/iso/winesapos-${WINESAPOS_VERSION}/
and also on the Internet Archive.$ cd /usr/local/bin/ $ sudo url -LOs https://archive.org/download/ia-pex/ia $ sudo chmod +x /usr/local/bin/ia $ ia configure $ export WINESAPOS_VERSION=4.1.0 $ export WINESAPOS_VERSION_NO_PERIODS=410 $ cd /data/winesapos-repo/repo/iso/winesapos-${WINESAPOS_VERSION}/ $ ia upload \ winesapos-${WINESAPOS_VERSION_NO_PERIODS} \ winesapos-${WINESAPOS_VERSION}-minimal.img.zip \ winesapos-${WINESAPOS_VERSION}-minimal.packages.txt \ winesapos-${WINESAPOS_VERSION}-minimal.sha512sum.txt \ winesapos-${WINESAPOS_VERSION}-performance.img.zip \ winesapos-${WINESAPOS_VERSION}-performance.packages.txt \ winesapos-${WINESAPOS_VERSION}-performance.sha512sum.txt \ winesapos-${WINESAPOS_VERSION}-minimal-rootfs.tar.zst \ winesapos-${WINESAPOS_VERSION}-minimal-rootfs.sha512sum.txt \ --metadata="mediatype:data" \ --metadata="title:winesapOS ${WINESAPOS_VERSION}" \ --metadata="creator:Luke Short" \ --metadata="summary:https://github.com/winesapOS/winesapOS/releases/tag/${WINESAPOS_VERSION}"