Miscellaneous tweaks that I don't plan to upstream

             @@ -10,3 +10,6 @@    10     10[*.conf]    11     11indent_style = space    12     12indent_size = 4           13           14[mkosi.passphrase]           15insert_final_newline = false

             @@ -107,7 +107,6 @@   107    107RAM=4G   108    108CPUs=4   109    109Ephemeral=yes   110       RuntimeScratch=no   111    110Credentials=   112    111        passwd.plaintext-password.root=particleos   113    112        tty.serial.hvc0.agetty.autologin=particleos

             @@ -0,0 +1,13 @@            1rebuild:            2  steps:            3    - trigger_services:            4        project: system:systemd            5        package: particleos-debian            6    - trigger_services:            7        project: system:systemd            8        package: particleos-fedora            9  filters:           10    event: push           11    branches:           12      only:           13        - obs

             @@ -0,0 +1,9 @@            1#!/bin/bash            2# SPDX-License-Identifier: LGPL-2.1-or-later            3set -e            4            5# Debian/Ubuntu PAM patches break /usr/lib/pam.d/ so copy to factory            6# TODO: drop after https://salsa.debian.org/vorlon/pam/-/merge_requests/26 is merged            7if [[ -f /usr/lib/tmpfiles.d/debian.conf ]]; then            8    sed -i '/\/etc\/pam.d/d' /usr/lib/tmpfiles.d/debian.conf            9fi

             @@ -10,6 +10,8 @@    10     10Packages=    11     11        bash-color-prompt    12     12        bpftool           13        # cryptsetup luksAddKey --token-type systemd-tpm2 /dev/<device> fails           14        # for me otherwise    13     15        cracklib-dicts    14     16        cryptsetup    15     17        distribution-gpg-keys

             @@ -2,6 +2,7 @@     2      2     3      3[Content]     4      4Packages=            5        bluez     5      6        bolt     6      7        desktop-file-utils     7      8        pax-utils             @@ -8,6 +9,7 @@     8      9        pgpdump     9     10        pipewire    10     11        pipewire-alsa           12        qemu-guest-agent    11     13        wireless-regdb    12     14        xdg-desktop-portal    13     15

             @@ -3,6 +3,7 @@     3      3# This overrides the same file from systemd since we want to symlink everything     4      4# into /etc instead of copying so updates to /usr propagate properly.     5      5L /etc/os-release - - - - ../usr/lib/os-release            6L /etc/mkosi-manifest - - - - ../usr/lib/mkosi-manifest     6      7L+ /etc/mtab - - - - ../proc/self/mounts     7      8# Contains the default systemd locale     8      9L /etc/locale.conf             @@ -48,6 +49,8 @@    48     49L? /etc/tuned    49     50# Required by gdm    50     51L? /etc/gdm           52# Required by sdm           53L? /etc/sddm    51     54# Required by geoclue    52     55L? /etc/geoclue    53     56# Required by fwupd             @@ -63,10 +66,16 @@    63     66# PackageKit does not run without /etc/PackageKit/ and GNOME stalls    64     67# logout/reboot if it doesn't run.    65     68L? /etc/PackageKit           69# ModemManager needds its dbus policy file           70L? /etc/dbus1/systemd.d/org.freedesktop.ModemManager1.conf           71# man fails without this in /etc/           72L? /etc/manpath.config    66     73# Required by man-db-cache-update.service    67     74L? /etc/sysconfig/man-db    68       # sddm breaks otherwise, at least with homed?    69       L? /etc/sddm           75# some programs still rely on logrotate           76L? /etc/logrotate.conf           77L? /etc/logrotate.d           78    70     79    71     80## custom    72     81C /etc/opensnitchd             @@ -87,5 +96,12 @@    87     96# cups    88     97L? /etc/cups    89     98           99# firejail          100L? /etc/firejail          101L? /etc/login.defs          102          103# OpenCL          104L? /etc/OpenCL          105    90    106# abrtd    91    107L? /etc/libreport

             @@ -7,9 +7,7 @@     7      7Packages=     8      8        gnome-browser-connector     9      9        gnome-core    10               # TODO: enable when it integrates with homed    11               # gnome-initial-setup           10        gnome-initial-setup    12     11        gnome-keyring-pkcs11    13               gnome-session-xsession    14     12        gnome-software-plugin-flatpak    15     13        gnome-software-plugin-fwupd

             @@ -5,4 +5,8 @@     5      5     6      6[Content]     7      7Packages=            8        adwaita-fonts-all     8      9        gdm           10        rsms-inter-fonts           11        rsms-inter-vf-fonts           12        default-fonts-core-emoji

             @@ -40,3 +40,8 @@    40     40    41     41# Maybe man db    42     42enable man-db-cache-update.service           43           44# Fedora 43 introduces a new authselect service in place of package scriptlets.           45# It fails and (I believe) shouldn't be needed           46# https://bugzilla.redhat.com/show_bug.cgi?id=2397255           47disable authselect-apply-changes.service

             @@ -0,0 +1,13 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2            3[TriggerMatch]            4Distribution=debian            5Release=trixie            6            7[TriggerMatch]            8Distribution=ubuntu            9Release=|oracular           10Release=|plucky           11           12[Content]           13Packages=gnome-session-xsession

             @@ -0,0 +1,2 @@            1SELINUX=permissive            2SELINUXTYPE=targeted

             @@ -0,0 +1,60 @@            1# Authors: Jason Tang <jtang@tresys.com>            2#            3# Copyright (C) 2004-2005 Tresys Technology, LLC            4#            5#  This library is free software; you can redistribute it and/or            6#  modify it under the terms of the GNU Lesser General Public            7#  License as published by the Free Software Foundation; either            8#  version 2.1 of the License, or (at your option) any later version.            9#           10#  This library is distributed in the hope that it will be useful,           11#  but WITHOUT ANY WARRANTY; without even the implied warranty of           12#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU           13#  Lesser General Public License for more details.           14#           15#  You should have received a copy of the GNU Lesser General Public           16#  License along with this library; if not, write to the Free Software           17#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA           18#           19# Specify how libsemanage will interact with a SELinux policy manager.           20# The four options are:           21#           22#  "source"     - libsemanage manipulates a source SELinux policy           23#  "direct"     - libsemanage will write directly to a module store.           24#  /foo/bar     - Write by way of a policy management server, whose           25#                 named socket is at /foo/bar.  The path must begin           26#                 with a '/'.           27#  foo.com:4242 - Establish a TCP connection to a remote policy           28#                 management server at foo.com.  If there is a colon           29#                 then the remainder is interpreted as a port number;           30#                 otherwise default to port 4242.           31module-store = direct           32           33# When generating the final linked and expanded policy, by default           34# semanage will set the policy version to POLICYDB_VERSION_MAX, as           35# given in <sepol/policydb.h>.  Change this setting if a different           36# version is necessary.           37#policy-version = 19           38           39# expand-check check neverallow rules when executing all semanage           40# commands. There might be a penalty in execution time if this           41# option is enabled.           42expand-check=0           43           44# usepasswd check tells semanage to scan all pass word records for home directories           45# and setup the labeling correctly. If this is turned off, SELinux will label only /home           46# and home directories of users with SELinux login mappings defined, see           47# semanage login -l for the list of such users.           48# If you want to use a different home directory, you will need to use semanage fcontext command.           49# For example, if you had home dirs in /althome directory you would have to execute           50# semanage fcontext -a -e /home /althome           51usepasswd=False           52bzip-small=true           53bzip-blocksize=5           54ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var           55optimize-policy=true           56           57[sefcontext_compile]           58path = /usr/sbin/sefcontext_compile           59args = -r $@           60[end]

             @@ -1,4 +0,0 @@     1       # apt gets pulled in, but with /usr read-only doesn't make sense to run updates     2       disable apt-daily.timer     3       disable apt-daily-upgrade.timer     4       disable apt-listchanges.timer

             @@ -0,0 +1,3 @@            1title Debian 13 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_13_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Debian Testing ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Debian_Testing_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Debian Testing ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_14_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Fedora 41 ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_41_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Fedora 42 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_42_images/ParticleOS_x86-64.efi

             @@ -1,3 +1,3 @@     1      1title Fedora Rawhide ParticleOS Current from OBS (Network Boot)     2      2architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_Rawhide_images/ParticleOS-x86-64.efi            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_44_images/ParticleOS_x86-64.efi

             @@ -0,0 +1,3 @@            1L? /etc/selinux/targeted            2C /etc/selinux/config          -    -    -     -   /usr/share/factory/etc/selinux/config            3C /etc/selinux/semanage.conf   -    -    -     -   /usr/share/factory/etc/selinux/semanage.conf

             @@ -0,0 +1,4 @@            1# apt gets pulled in, but with /usr read-only doesn't make sense to run updates            2disable apt-daily.timer            3disable apt-daily-upgrade.timer            4disable apt-listchanges.timer

             @@ -0,0 +1,14 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2# TODO: drop once https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/89 is fixed            3            4[Unit]            5Description=Tell the accounts service about homed users            6After=systemd-homed.service accounts-daemon.service            7Before=systemd-user-sessions.service            8            9[Service]           10Type=oneshot           11ExecStart=/bin/bash -c "for n in $$(busctl call org.freedesktop.home1 /org/freedesktop/home1 org.freedesktop.home1.Manager ListHomes --json=pretty | jq -r '.data.[].[].[0]'); do busctl call org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts CacheUser s $$n; done"           12           13[Install]           14WantedBy=multi-user.target