My customized ParticleOS configuration

             @@ -10,3 +10,6 @@    10     10[*.conf]    11     11indent_style = space    12     12indent_size = 4           13           14[mkosi.passphrase]           15insert_final_newline = false

             @@ -1,6 +1,4 @@     1      1# SPDX-License-Identifier: LGPL-2.1-or-later     2       mkosi.local/     3       mkosi.local.conf     4      2mkosi.output/     5      3mkosi.cache/     6      4mkosi.tools/             @@ -10,4 +8,5 @@    10      8mkosi.version    11      9.mkosi-private    12     10mkosi.packages/    13       keys/           11mkosi.profiles/custom/mkosi.extra/usr/local/bin/           12versions/

             @@ -0,0 +1,3 @@            1[submodule "systemd"]            2	path = systemd            3	url = https://github.com/systemd/systemd

             @@ -0,0 +1,1 @@            1/systemd/**

             @@ -1,157 +1,53 @@     1      1# ParticleOS     2      2     3       ParticleOS is a fully customizable immutable distribution implementing the     4       concepts described in     5       [Fitting Everything Together](https://0pointer.net/blog/fitting-everything-together.html).     6            7       The crucial difference that makes ParticleOS unique compared to other immutable     8       distributions is that users build the ParticleOS image themselves and sign it     9       with their own keys instead of installing vendor signed images. This allows    10       configuring the image to your liking by having full control over which    11       distribution is used as the base and which packages are installed into the    12       image.    13           14       The ParticleOS image is built using [mkosi](https://github.com/systemd/mkosi).    15       You will need to install the current main branch of mkosi to build current     16       ParticleOS images.    17           18       First, configure the variant you'd like to build in `mkosi.local.conf`. For a    19       desktop system, you'll want the `desktop` profile and either the `gnome` or the    20       `kde` profile.    21           22       ```conf    23       [Distribution]    24       Distribution=arch    25           26       [Config]    27       Profiles=desktop,kde    28       ```    29           30       To build the image, run `mkosi -B -f` from the ParticleOS repository. Currently    31       `arch`, `fedora` and `debian` are supported distributions. Implementing support for a    32       new distribution (that's already supported in mkosi) is as simple as writing the    33       necessary config files to install the required packages for that distribution.    34           35       To update the system after installation, you clone the ParticleOS repository    36       or your fork of it, make sure `mkosi.local.conf` is configured to your liking and    37       run `mkosi -B -ff sysupdate -- update --reboot` which will update the system using    38       `systemd-sysupdate` and then reboot.    39           40       ## Using the OBS profile to fetch a newer systemd    41           42       Sometimes ParticleOS adopts systemd features as soon as they get merged into    43       systemd without waiting for an official release. That's why we recommend    44       enabling the `obs` profile to enable the systemd repositories on OBS    45       (https://software.opensuse.org//download.html?project=system%3Asystemd&package=systemd)    46       containing systemd packages which are built every day from systemd's git main    47       branch.    48           49       To enable the `obs` profile, add the following to `mkosi.local.conf`:    50           51       ```conf    52       [Config]    53       Profiles=obs    54       ```    55           56       ## Building systemd from source    57           58       As an alternative to using the `obs` profile, you can build systemd from source:    59           60       ```sh    61       git clone https://github.com/systemd/systemd    62       cd systemd    63       mkosi -f sandbox -- meson setup build    64       mkosi -f sandbox -- meson compile -C build    65       mkosi -t none -f    66       ```    67           68       Then write the following to `mkosi.local.conf` in the ParticleOS repository to    69       use the artifacts from the systemd repository built by mkosi in ParticleOS:    70           71       ```conf    72       [Content]    73       VolatilePackageDirectories=../systemd/build/mkosi.builddir/<distribution>~<release>~<arch>    74           75       [Build]    76       ExtraSearchPaths=../systemd/build    77       ```    78           79       Make sure the distribution and release in `mkosi.local.conf` are identical in the    80       systemd checkout and the particleos checkout.    81           82       To build a newer systemd, run `git pull` in the systemd repository followed by    83        `mkosi -f sandbox -- meson compile -C build` and `mkosi -t none`.    84           85       ## Signing keys    86           87       ParticleOS images are signed for Secure Boot with the user's keys. To generate a new key,    88       run `mkosi genkey`. The key must be stored safely, it will be required to sign updates.    89           90       The key can be stored in a smartcard. Then you have to set the key in `mkosi.local.conf`:    91           92       ```    93       [Validation]    94       SecureBootKey=pkcs11:object=Private key 1;type=private    95       SecureBootKeySource=provider:pkcs11    96       SignExpectedPcrKey=pkcs11:object=Private key 1;type=private    97       SignExpectedPcrKeySource=provider:pkcs11    98       VerityKey=pkcs11:object=Private key 1;type=private    99       VerityKeySource=provider:pkcs11   100       ```   101          102       ## Installation   103          104       Before installing ParticleOS, make sure that Secure Boot is in setup mode on the   105       target system. The Secure Boot mode can be configured in the UEFI firmware   106       interface of the target system. If there's an existing Linux installation on the   107       target system already, run `systemctl reboot --firmware-setup` to reboot into   108       the UEFI firmware interface. At the same time, make sure the UEFI firmware   109       interface is password protected so an attacker cannot just disable Secure Boot   110       again.   111          112       To install ParticleOS with a USB drive, first build the image on an existing   113       Linux system as described above. Then, burn it to the USB drive with   114       `mkosi burn /dev/<usb>`. Once burned to the USB drive, plug the USB drive into   115       the system onto which you'd like to install ParticleOS and boot into the USB   116       drive via the firmware. Then, boot into the "Installer" UKI profile. When you   117       end up in the root shell, run   118       `systemd-repart --dry-run=no --empty=force --defer-partitions=swap,root,home /dev/<drive>`   119       to install ParticleOS to the system's drive. Finally, reboot into the target   120       drive (not the USB) and the regular profile (not the installer one) to complete   121       the installation.   122          123       ## LUKS recovery key   124          125       systemd doesn't support adding a recovery key to a partition enrolled with a token   126       only (tpm/fido2). It is possible to use cryptenroll to add a recovery password   127       to the root partition: `cryptsetup luksAddKey --token-type systemd-tpm2 /dev/<id>`   128          129       ## Firmwares   130          131       Only firmwares that are dependencies of a kernel module are included, but some   132       modules don't declare their dependencies properly. Dependencies of a module can be   133       found with `modinfo`. If you experience missing firmwares, you should report   134       this to the module maintainer. `FirmwareInclude=` can be added in `mkosi.local.conf`   135       to include the firmware regardless of whether a module depends on it.   136          137       ## Configuring systemd-homed after installation   138          139       After installing ParticleOS and logging into your systemd-homed managed user,   140       run the following to configure systemd-homed for the best experience:   141          142       ```sh   143       homectl update \   144           --auto-resize-mode=off \   145           --disk-size=max \   146           --luks-discard=on"   147       ```   148          149       Disabling the auto resize mode avoids slow system boot and shutdown. Enabling   150       LUKS discard makes sure the home directory doesn't become inaccessible because   151       systemd-homed is unable to resize the home directory.   152          153       ## Default root password and user when booting in a virtual machine   154          155       If you boot ParticleOS in a virtual machine using `mkosi vm`, the root password   156       is automatically set to `particleos` and a default user `particleos` with password   157       `particleos` is created as well.            3[ParticleOS](https://github.com/systemd/particleos) is an extremely cool            4meta-distribution from the systemd project. It's my favorite thing in software            5since I discovered IPv6. Concretely, it's a configuration for systemd's            6[`mkosi` tool](https://mkosi.systemd.io/) that you use to build your own            7ParticleOS images. As described in the readme:            8            9> ParticleOS is a fully customizable immutable distribution implementing the           10concepts described in [Fitting Everything           11Together](https://0pointer.net/blog/fitting-everything-together.html).           12           13Among other things, it has the following characteristics:           14           15- OS versions are delivered as immutable `/usr` partitions           16  - A/B partitions for worry-free upgrades and rollbacks           17  - Block-level integrity provided by           18    [dm-verity](https://wiki.archlinux.org/title/Dm-verity)           19  - Authenticity provided by a signature on the dm-verity data, done with           20    your own keys           21- Is easily hacked on, just like traditional mutable OSes           22  - Essentially *is* a traditional OS (one of Arch, Debian, or Fedora), built           23    fully from regular distro packages           24  - Hacking on `/usr` is done at image build-time, rather than during OS           25    runtime           26- Is signed with your own SecureBoot keys           27- LUKS-encrypted root partition with TPM-stored key for automatic unlocking           28- LUKS-encrypted home directory managed by           29  [`systemd-homed`](https://systemd.io/HOME_DIRECTORY/)           30           31This here is my own customized version/soft fork of ParticleOS. It's the Fedora           32variant.           33           34## Notable files/directories           35           36- [makefile](makefile)—contains most important commands. `build` and           37  `sysupdate` targets are the main ones. is also responsible for downloading           38  miscellaneous unpackaged binaries.           39- [mkosi.local.conf](mkosi.local.conf)—the linchpin that holds the custom           40  configuration together.           41- [mkosi.profiles/custom](mkosi.profiles/custom)—the custom `mkosi` profile           42  where most of my customizations live.           43  - [mkosi.conf](mkosi.profiles/custom/mkosi.conf)—contains the           44    packages I want installed.           45  - [mkosi.extra](mkosi.profiles/custom/mkosi.extra)—additional files that           46    get included in the built images.           47           48## Other changes           49           50In addition to the above customizations, there are a number of other small           51tweaks I've made, mostly to get Fedora+KDE Plasma working together. Some of them           52should probably be upstreamed to the ParticleOS project. The overall patchset           53can be seen [here on Gitpatch](https://gitpatch.com/jcgl/particleos/patch/5).

             @@ -0,0 +1,77 @@            1BIN_DIR := mkosi.profiles/custom/mkosi.extra/usr/local/bin            2PACKAGES_DIR := mkosi.profiles/custom/mkosi.packages            3btdu := $(BIN_DIR)/btdu            4jj := $(BIN_DIR)/jj            5opensnitch := $(PACKAGES_DIR)/opensnitch.rpm            6opensnitch_ui := $(PACKAGES_DIR)/opensnitch_ui.rpm            7ALL := $(btdu) $(jj) $(opensnitch) $(opensnitch_ui)            8LATEST_VERSION = $(shell mkosi summary --json | jq -r '.Images[] | select(.Image == "main") | .ImageVersion')            9INSTALLED_VERSION = $(shell grep IMAGE_VERSION /etc/os-release | cut -d= -f2 | tr -d \")           10           11.PHONY: deps           12deps: $(PACKAGES_DIR) $(BIN_DIR) $(ALL)           13           14.PHONY: clean           15clean:           16	rm -fv $(ALL)           17           18$(BIN_DIR) $(PACKAGES_DIR):           19	mkdir -p $@           20           21$(jj): $(MAKE_TMPDIR)/jj.tar.gz           22	echo 9967a240e3294a0bce4444c55d40a35b70af44c69b558689aced95e4e497cef2 $(MAKE_TMPDIR)/jj.tar.gz | sha256sum --check           23	tar -xzf $(MAKE_TMPDIR)/jj.tar.gz -C $(MAKE_TMPDIR) --one-top-level=jj_out --overwrite           24	cp $(MAKE_TMPDIR)/jj_out/jj $@           25           26$(MAKE_TMPDIR)/jj.tar.gz:           27	wget https://github.com/jj-vcs/jj/releases/download/v0.35.0/jj-v0.35.0-x86_64-unknown-linux-musl.tar.gz -O $(MAKE_TMPDIR)/jj.tar.gz           28           29$(btdu): $(MAKE_TMPDIR)/btdu           30	echo 35b9bb752e6aa902b8281e92a5411b2f1cfb9fa251089adf909dc95efc011c48 $(MAKE_TMPDIR)/btdu | sha256sum --check           31	cp $(MAKE_TMPDIR)/btdu $@           32	chmod +x $@           33           34$(MAKE_TMPDIR)/btdu:           35	wget https://github.com/CyberShadow/btdu/releases/download/v0.6.0/btdu-static-x86_64 -O $(MAKE_TMPDIR)/btdu           36           37$(opensnitch): $(MAKE_TMPDIR)/opensnitch.rpm           38	echo 2caf4e13ffd1b7af48306a2e9e979042f526823720b42bee4c00194f140d64dd $(MAKE_TMPDIR)/opensnitch.rpm | sha256sum --check           39	cp $(MAKE_TMPDIR)/opensnitch.rpm $@           40           41$(MAKE_TMPDIR)/opensnitch.rpm:           42		wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-1.7.2-1.x86_64.rpm -O $(MAKE_TMPDIR)/opensnitch.rpm           43           44$(opensnitch_ui): $(MAKE_TMPDIR)/opensnitch_ui.rpm           45	echo b26029cbc83880ebc92170035d50237c13b17ffc0b3cf52b89fa1348edfdfb43 $(MAKE_TMPDIR)/opensnitch_ui.rpm | sha256sum --check           46	cp $(MAKE_TMPDIR)/opensnitch_ui.rpm $@           47           48$(MAKE_TMPDIR)/opensnitch_ui.rpm:           49	wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-ui-1.7.2-1.noarch.rpm -O $(MAKE_TMPDIR)/opensnitch_ui.rpm           50           51mkosi.crt:           52	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.pem mkosi.crt           53           54mkosi.key:           55	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.key mkosi.key           56           57.PHONY: build           58build: deps           59	mkosi build --auto-bump --cache-only never           60           61.PHONY: systemd           62systemd:           63	sh -c 'cd systemd && mkosi -t none -f --distribution=fedora --release=43'           64           65.PHONY: sysupdate           66sysupdate:           67	mkosi sysupdate -- update           68	mkdir -p versions           69	cat mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.changelog | gzip > versions/$(LATEST_VERSION).changelog.gz           70           71.PHONY: diff_changelog           72diff_changelog:           73	sh -c 'diff --color=always -u <(gzip --decompress --to-stdout versions/$(INSTALLED_VERSION).changelog.gz) mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.changelog; test $$? -le 1'           74           75.PHONY: diff_manifest           76diff_manifest:           77	sh -c 'diff --color=always -u /etc/mkosi-manifest mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.manifest; test $$? -le 1'

             @@ -5,6 +5,7 @@     5      5     6      6[Build]     7      7ToolsTree=default            8ToolsTreeProfiles=misc,runtime,gui     8      9History=yes     9     10CacheDirectory=mkosi.cache    10     11Incremental=yes             @@ -42,7 +43,11 @@    42     43        diffutils    43     44        dmidecode    44     45        dosfstools           46        e2fsprogs           47        efibootmgr    45     48        erofs-utils           49        exfatprogs           50        file    46     51        findutils    47     52        fish    48     53        fwupd             @@ -52,6 +57,7 @@    52     57        gzip    53     58        jq    54     59        kbd           60        kexec-tools    55     61        kmod    56     62        less    57     63        man             @@ -61,6 +67,7 @@    61     67        nvme-cli    62     68        opensc    63     69        openssl           70        patch    64     71        p11-kit    65     72        pciutils    66     73        pkcs11-provider             @@ -80,6 +87,7 @@    80     87        wireguard-tools    81     88        xxd    82     89        yubikey-manager           90        zip    83     91        zstd    84     92    85     93VolatilePackages=             @@ -99,7 +107,6 @@    99    107RAM=4G   100    108CPUs=4   101    109Ephemeral=yes   102       RuntimeScratch=no   103    110Credentials=   104    111        passwd.plaintext-password.root=particleos   105    112        tty.serial.hvc0.agetty.autologin=particleos

             @@ -1,120 +1,15 @@     1      1[Distribution]     2      2Distribution=fedora     3       Release=42            3Release=43     4      4     5      5[Build]     6       ToolsTree=default     7       ToolsTreeDistribution=fedora     8       ToolsTreeRelease=42     9       ExtraSearchPaths=../systemd/build/mkosi.builddir/fedora~42~x86-64/            6ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~43~x86-64/    10      7    11      8[Config]    12       Profiles=desktop,kde            9Profiles=desktop,kde,custom    13     10    14     11[Output]    15       Format=disk           12ManifestFormat=changelog    16     13    17     14[Content]    18       VolatilePackageDirectories=../systemd/build/mkosi.builddir/fedora~42~x86-64/    19       Hostname=foobar    20       Packages=    21               ansible    22               awk    23               bash    24               bash-completion    25               binutils    26               bind-utils    27               bat    28               clatd    29               cowsay    30               cmatrix    31               curl    32               dictd    33               du-dust    34               emacs    35               exfatprogs    36               fastfetch    37               fd-find    38               file    39               fish    40               flatpak    41               fprintd-pam    42               fortune    43               # needed for appimage    44               fuse-libs    45               fzf    46               gcc    47               git    48               git-absorb    49               git-delta    50               glances    51               golang    52               htop    53               iio-sensor-proxy    54               iperf3    55               @kde-desktop    56               kde-connect    57               kde-partitionmanager    58               kitty    59               kitty-shell-integration    60               kitty-terminfo    61               krfb    62               libfprint-tod    63               libfprint-2-tod1-broadcom    64               libfprint-tod-selinux    65               lm_sensors    66               lolcat    67               lshw    68               man    69               # include mkosi just for shell completion and man pages    70               mkosi    71               mokutil    72               ncdu    73               okular    74               # needed for bell fish function    75               oxygen-sounds    76               neovim    77               python3-neovim    78               nmap-ncat    79               # for coc.nvim    80               npm    81               pipewire-utils    82               plasma-disks    83               plasma-vault    84               pnpm    85               powertop    86               proxychains-ng    87               ripgrep    88               rustup    89               rsync    90               sbctl    91               setroubleshoot    92               stgit    93               sbsigntools    94               tcpdump    95               tmux    96               toolbox    97               translate-shell    98               trash-cli    99               ttyplot   100               units   101               unrar-free   102               libvirt-daemon   103               @virtualization   104               wget   105               whois   106               wireshark   107               yubikey-manager   108               kernel   109               repository/opensnitch-ui-1.7.1-1.noarch.rpm   110               repository/opensnitch-1.7.1-1.x86_64.rpm   111               python3-grpcio+protobuf   112               python3-slugify   113          114       [Validation]   115       SecureBootKey=./keys/sbctl/var/keys/db/db.key   116       SecureBootCertificate=./keys/sbctl/var/keys/db/db.pem   117       SignExpectedPcrKey=./keys/sbctl/var/keys/db/db.key   118       SignExpectedPcrCertificate=./keys/sbctl/var/keys/db/db.pem   119       VerityKey=./keys/sbctl/var/keys/db/db.key   120       VerityCertificate=./keys/sbctl/var/keys/db/db.pem           15VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~43~x86-64/

             @@ -0,0 +1,1 @@            12e5f717545e2664ce2ed6b2dd84744b3789156b1

             @@ -0,0 +1,13 @@            1rebuild:            2  steps:            3    - trigger_services:            4        project: system:systemd            5        package: particleos-debian            6    - trigger_services:            7        project: system:systemd            8        package: particleos-fedora            9  filters:           10    event: push           11    branches:           12      only:           13        - obs

             @@ -18,6 +18,7 @@    18     18        libfido2    19     19        linux    20     20        man-db           21        man-pages    21     22        openssh    22     23        pacman    23     24        pcsclite             @@ -27,6 +28,7 @@    27     28        psmisc    28     29        python3    29     30        qrencode           31        sbsigntools    30     32        shadow    31     33        systemd-ukify    32     34        tgt             @@ -33,6 +35,8 @@    33     35        tpm2-tools    34     36        tpm2-tss    35     37        vim-minimal           38        wget           39        xz    36     40        zram-generator    37     41    38     42VolatilePackages=

             @@ -9,6 +9,7 @@     9      9    10     10[Content]    11     11Packages=           12        apparmor    12     13        apt    13     14        bpftool    14     15        ca-certificates             @@ -28,7 +29,9 @@    28     29        libqrencode4    29     30        linux-image-generic    30     31        linux-perf           32        linux-sysctl-defaults    31     33        login           34        manpages    32     35        openssh-client    33     36        openssh-server    34     37        passwd             @@ -37,7 +40,10 @@    37     40        polkitd    38     41        procps    39     42        python3    40               systemd-boot           43        sbsigntool           44        systemd-boot           45        systemd-boot-efi           46        systemd-boot-efi-signed    41     47        systemd-container    42     48        systemd-coredump    43     49        systemd-cryptsetup             @@ -49,6 +55,9 @@    49     55        systemd-ukify    50     56        systemd-zram-generator    51     57        tpm2-tools           58        util-linux-extra           59        wget           60        xz-utils    52     61    53     62VolatilePackages=    54     63        libnss-myhostname             @@ -56,12 +65,18 @@    56     65        libnss-systemd    57     66        libpam-systemd    58     67        systemd-boot    59               systemd-container    60               systemd-coredump    61               systemd-cryptsetup    62               systemd-homed    63               systemd-resolved    64               systemd-repart    65               systemd-sysv    66               systemd-timesyncd    67               systemd-ukify           68        systemd-boot-efi           69        systemd-boot-efi-signed           70        systemd-container           71        systemd-coredump           72        systemd-cryptsetup           73        systemd-homed           74        systemd-resolved           75        systemd-repart           76        systemd-sysv           77        systemd-timesyncd           78        systemd-ukify           79           80InitrdVolatilePackages=           81        systemd-container           82        systemd-resolved

             @@ -0,0 +1,9 @@            1#!/bin/bash            2# SPDX-License-Identifier: LGPL-2.1-or-later            3set -e            4            5# Debian/Ubuntu PAM patches break /usr/lib/pam.d/ so copy to factory            6# TODO: drop after https://salsa.debian.org/vorlon/pam/-/merge_requests/26 is merged            7if [[ -f /usr/lib/tmpfiles.d/debian.conf ]]; then            8    sed -i '/\/etc\/pam.d/d' /usr/lib/tmpfiles.d/debian.conf            9fi

             @@ -10,6 +10,9 @@    10     10Packages=    11     11        bash-color-prompt    12     12        bpftool           13        # cryptsetup luksAddKey --token-type systemd-tpm2 /dev/<device> fails           14        # for me otherwise           15        cracklib-dicts    13     16        cryptsetup    14     17        distribution-gpg-keys    15     18        dnf5             @@ -24,6 +27,7 @@    24     27        libcap-ng-utils    25     28        libfido2    26     29        man-db           30        man-pages    27     31        openssh    28     32        openssh-clients    29     33        openssh-server             @@ -36,6 +40,7 @@    36     40        procps-ng    37     41        python3    38     42        rpm           43        sbsigntools    39     44        systemd-boot    40     45        systemd-container    41     46        systemd-networkd             @@ -47,6 +52,8 @@    47     52        tpm2-tss    48     53        veritysetup    49     54        vim-minimal           55        wget2           56        xz    50     57        zram-generator-defaults    51     58    52     59VolatilePackages=

             @@ -7,7 +7,8 @@     7      7Format=esp     8      8# UEFI insists on the .img suffix for disk images to boot from, hence let's combine our usual suffix with UEFI's     9      9OutputExtension=raw.img           10Output=netesp_%a    10     11ImageVersion=    11     12    12     13[Content]    13       Bootable=yes           14Bootable=no

             @@ -0,0 +1,149 @@            1[Content]            2Packages=            3        # keyrings for building other distro images            4        archlinux-keyring            5        debian-keyring            6        ansible            7        ansible-collection-ansible-posix            8        ansible-collection-community-postgresql            9        ansible-collection-community-general           10        ansible-collection-community-crypto           11        python3-ansible-lint           12        asciiquarium           13        awk           14        bash           15        bash-completion           16        bat           17        binutils           18        bind-utils           19        bridge-utils           20        clatd           21        clang-devel           22        cowsay           23        cmatrix           24        curl           25        dictd           26        diffoscope           27        du-dust           28        duf           29        d2           30        emacs           31        entr           32        exfatprogs           33        exiftool           34        fastfetch           35        fcitx5-mozc           36        fcitx5-configtool           37        fcitx5-gtk           38        fcitx5-qt           39        firejail           40        kcm-fcitx5           41        fd-find           42        file           43        fish           44        flatpak           45        fprintd-pam           46        fortune           47        # needed for appimage           48        fuse-libs           49        fzf           50        gcc           51        git           52        git-absorb           53        git-delta           54        git-lfs           55        glances           56        # needed for geoclue?           57        glib-networking           58        guestfs-tools           59        golang           60        graphviz           61        htop           62        iio-sensor-proxy           63        ImageMagick           64        iperf3           65        java-latest-openjdk           66        katago-opencl           67        intel-opencl           68        OpenCL-ICD-Loader           69        @kde-desktop           70        kde-connect           71        kde-partitionmanager           72        kitty           73        kitty-shell-integration           74        kitty-terminfo           75        krfb           76        libfprint-tod           77        libfprint-2-tod1-broadcom           78        libfprint-tod-selinux           79        litecli           80        lm_sensors           81        lolcat           82        lshw           83        lsof           84        man           85        # include mkosi just for shell completion and man pages           86        mkosi           87        mokutil           88        mpv           89        ncdu           90        neovim           91        ninja           92        okular           93        opentofu           94        osc           95        # needed for bell fish function           96        ocean-sound-theme           97        pre-commit           98        python3-neovim           99        nmap          100        nmap-ncat          101        # for coc.nvim          102        npm          103        # needed for clatd on F43 apparently          104        perl-IPC-Cmd          105        perl-JSON          106        pipewire-utils          107        plasma-disks          108        plasma-vault          109        pnpm          110        powertop          111        progress          112        proxychains-ng          113        pv          114        python3-netaddr          115        restic          116        autorestic          117        ripgrep          118        rubygem-asciidoctor          119        rustup          120        rsync          121        sbctl          122        setroubleshoot          123        sbsigntools          124        sqlite          125        stgit          126        tcpdump          127        # not yet available for fedora 43          128        terraform-ls          129        tmux          130        toolbox          131        tor          132        translate-shell          133        trash-cli          134        ttyplot          135        units          136        unrar-free          137        @virtualization          138        wget          139        whois          140        wl-clipboard          141        wireshark          142        yubikey-manager          143        gnupg2-scdaemon          144        kernel          145        # repository directory comes from mkosi.packages          146        repository/opensnitch_ui.rpm          147        repository/opensnitch.rpm          148        python3-grpcio+protobuf          149        python3-slugify

             @@ -2,9 +2,15 @@     2      2     3      3[Content]     4      4Packages=            5        bluez            6        bolt     5      7        desktop-file-utils            8        pax-utils            9        pgpdump     6     10        pipewire     7     11        pipewire-alsa           12        qemu-guest-agent           13        wireless-regdb     8     14        xdg-desktop-portal     9     15    10     16# NetworkManager is used in the desktop profiles

             @@ -9,6 +9,7 @@     9      9        bluedevil    10     10        breeze-gtk    11     11        gwenview           12        qt6-qtimageformats    12     13        kde-gtk-config    13     14        kdeplasma-addons    14     15        kgamma

             @@ -8,3 +8,4 @@     8      8[Content]     9      9Packages=    10     10        systemd-boot-efi           11        systemd-boot-efi-signed

             @@ -1,10 +0,0 @@     1       [copr:copr.fedorainfracloud.org:chenxiaolong:sbctl]     2       name=Copr repo for sbctl owned by chenxiaolong     3       baseurl=https://download.copr.fedorainfracloud.org/results/chenxiaolong/sbctl/fedora-$releasever-$basearch/     4       type=rpm-md     5       skip_if_unavailable=True     6       gpgcheck=1     7       gpgkey=https://download.copr.fedorainfracloud.org/results/chenxiaolong/sbctl/pubkey.gpg     8       repo_gpgcheck=0     9       enabled=1    10       enabled_metadata=1

             @@ -1,10 +0,0 @@     1       [copr:copr.fedorainfracloud.org:grahamwhiteuk:libfprint-tod]     2       name=Copr repo for libfprint-tod owned by grahamwhiteuk     3       baseurl=https://download.copr.fedorainfracloud.org/results/grahamwhiteuk/libfprint-tod/fedora-$releasever-$basearch/     4       type=rpm-md     5       skip_if_unavailable=True     6       gpgcheck=1     7       gpgkey=https://download.copr.fedorainfracloud.org/results/grahamwhiteuk/libfprint-tod/pubkey.gpg     8       repo_gpgcheck=0     9       enabled=1    10       enabled_metadata=1

             @@ -3,6 +3,7 @@     3      3# This overrides the same file from systemd since we want to symlink everything     4      4# into /etc instead of copying so updates to /usr propagate properly.     5      5L /etc/os-release - - - - ../usr/lib/os-release            6L /etc/mkosi-manifest - - - - ../usr/lib/mkosi-manifest     6      7L+ /etc/mtab - - - - ../proc/self/mounts     7      8# Contains the default systemd locale     8      9L /etc/locale.conf             @@ -15,6 +16,9 @@    15     16L? /etc/bashrc    16     17L? /etc/bash.bashrc    17     18L? /etc/bash.bash_logout           19# TODO: drop once https://github.com/scop/bash-completion/pull/1399 is merged,           20# needed for shell completion of sd-run/run0           21L? /etc/bash_completion.d    18     22# Canonical location to look for certificates    19     23L? /etc/ca-certificates    20     24L? /etc/crypto-policies             @@ -45,6 +49,8 @@    45     49L? /etc/tuned    46     50# Required by gdm    47     51L? /etc/gdm           52# Required by sdm           53L? /etc/sddm    48     54# Required by geoclue    49     55L? /etc/geoclue    50     56# Required by fwupd             @@ -51,12 +57,25 @@    51     57L /etc/fwupd    52     58# Required by gnome    53     59L? /etc/dconf    54       # Required by a bunch of binary symlinks in fedora           60L? /etc/skel           61# CUPS is pulled in by GNOME, and fails if the configs are not there           62L? /etc/cups           63# On some distributions various binaries in /usr/bin are managed via           64# /etc/alternatives.    55     65L? /etc/alternatives           66# PackageKit does not run without /etc/PackageKit/ and GNOME stalls           67# logout/reboot if it doesn't run.           68L? /etc/PackageKit           69# ModemManager needds its dbus policy file           70L? /etc/dbus1/systemd.d/org.freedesktop.ModemManager1.conf           71# man fails without this in /etc/           72L? /etc/manpath.config    56     73# Required by man-db-cache-update.service    57     74L? /etc/sysconfig/man-db    58       # sddm breaks otherwise, at least with homed?    59       L? /etc/sddm           75# some programs still rely on logrotate           76L? /etc/logrotate.conf           77L? /etc/logrotate.d           78    60     79    61     80## custom    62     81C /etc/opensnitchd             @@ -65,8 +84,8 @@    65     84    66     85#firewalld    67     86# this stuff from the `setup` package in Fedora is just kinda funny...           87C+ /etc/firewalld    68     88L? /etc/protocols    69       L? /etc/firewalld    70     89L? /etc/logrotate.d/firewalld    71     90L? /etc/modprobe.d/firewalld-sysctls.conf    72     91L? /etc/sysconfig/firewalld             @@ -77,5 +96,22 @@    77     96# cups    78     97L? /etc/cups    79     98           99# firejail          100L? /etc/firejail          101L? /etc/login.defs          102          103# OpenCL          104L? /etc/OpenCL          105    80    106# abrtd    81    107L? /etc/libreport          108          109# guestfs-tools (virt-builder)          110C+ /etc/virt-builder          111          112# libvirt needs all          113C+ /etc/libvirt          114          115# miscellaneous legacy file          116L? /etc/shells          117L? /etc/hosts

             @@ -10,6 +10,7 @@    10     10        linux-firmware    11     11        intel-media-driver    12     12        mesa           13        modemmanager    13     14        networkmanager    14     15        noto-fonts    15     16        pipewire-pulse             @@ -18,3 +19,4 @@    18     19        vulkan-intel    19     20        vulkan-nouveau    20     21        vulkan-radeon           22        wpa_supplicant

             @@ -4,7 +4,6 @@     4      4Distribution=debian     5      5     6      6[Content]     7       Splash=/usr/share/pixmaps/debian-logo.png     8      7Packages=     9      8        debconf    10      9        desktop-base             @@ -15,12 +14,22 @@    15     14        fonts-adobe-sourcesans3    16     15        fonts-noto-color-emoji    17     16        fonts-noto-mono           17        gstreamer1.0-libav           18        gstreamer1.0-plugins-ugly    18     19        kbd           20        libsecret-tools           21        libyubikey-udev    19     22        mesa-vulkan-drivers           23        modemmanager    20     24        network-manager    21     25        pipewire-pulse    22     26        plymouth-themes    23               task-desktop           27        steam-devices    24     28        tuned-ppd    25     29        va-driver-all    26     30        vdpau-driver-all           31        wpasupplicant           32           33InitrdVolatilePackages=           34        systemd-container           35        systemd-resolved

             @@ -16,10 +16,13 @@    16     16        linux-firmware    17     17        mesa-dri-drivers    18     18        mesa-vulkan-drivers           19        ModemManager    19     20        nvidia-gpu-firmware    20     21        NetworkManager    21     22        NetworkManager-wifi    22     23        pipewire-pulseaudio           24        steam-devices    23     25        tuned-ppd    24     26        google-noto-fonts-all    25     27        google-noto-color-emoji-fonts           28        wpa_supplicant

             @@ -5,7 +5,9 @@     5      5     6      6[Content]     7      7Packages=     8               gdm3     9               gnome-session-xsession            8        gnome-browser-connector            9        gnome-core           10        gnome-initial-setup           11        gnome-keyring-pkcs11    10     12        gnome-software-plugin-flatpak    11     13        gnome-software-plugin-fwupd

             @@ -5,4 +5,8 @@     5      5     6      6[Content]     7      7Packages=            8        adwaita-fonts-all     8      9        gdm           10        rsms-inter-fonts           11        rsms-inter-vf-fonts           12        default-fonts-core-emoji

             @@ -1,2 +0,0 @@     1       enable opensnitch.service     2       enable fprintd.service

             @@ -40,3 +40,8 @@    40     40    41     41# Maybe man db    42     42enable man-db-cache-update.service           43           44# Fedora 43 introduces a new authselect service in place of package scriptlets.           45# It fails and (I believe) shouldn't be needed           46# https://bugzilla.redhat.com/show_bug.cgi?id=2397255           47disable authselect-apply-changes.service

             @@ -0,0 +1,10 @@            1[copr:copr.fedorainfracloud.org:chenxiaolong:sbctl]            2name=Copr repo for sbctl owned by chenxiaolong            3baseurl=https://download.copr.fedorainfracloud.org/results/chenxiaolong/sbctl/fedora-$releasever-$basearch/            4type=rpm-md            5skip_if_unavailable=True            6gpgcheck=1            7gpgkey=https://download.copr.fedorainfracloud.org/results/chenxiaolong/sbctl/pubkey.gpg            8repo_gpgcheck=0            9enabled=1           10enabled_metadata=1

             @@ -0,0 +1,10 @@            1[copr:copr.fedorainfracloud.org:grahamwhiteuk:libfprint-tod]            2name=Copr repo for libfprint-tod owned by grahamwhiteuk            3baseurl=https://download.copr.fedorainfracloud.org/results/grahamwhiteuk/libfprint-tod/fedora-$releasever-$basearch/            4type=rpm-md            5skip_if_unavailable=True            6gpgcheck=1            7gpgkey=https://download.copr.fedorainfracloud.org/results/grahamwhiteuk/libfprint-tod/pubkey.gpg            8repo_gpgcheck=0            9enabled=1           10enabled_metadata=1

             @@ -0,0 +1,13 @@            1[hashicorp]            2name=Hashicorp Stable - $basearch            3baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/stable            4enabled=1            5gpgcheck=1            6gpgkey=https://rpm.releases.hashicorp.com/gpg            7            8[hashicorp-test]            9name=Hashicorp Test - $basearch           10baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/test           11enabled=0           12gpgcheck=1           13gpgkey=https://rpm.releases.hashicorp.com/gpg

             @@ -0,0 +1,13 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2            3[TriggerMatch]            4Distribution=debian            5Release=trixie            6            7[TriggerMatch]            8Distribution=ubuntu            9Release=|oracular           10Release=|plucky           11           12[Content]           13Packages=gnome-session-xsession

             @@ -0,0 +1,2 @@            1SELINUX=permissive            2SELINUXTYPE=targeted

             @@ -0,0 +1,60 @@            1# Authors: Jason Tang <jtang@tresys.com>            2#            3# Copyright (C) 2004-2005 Tresys Technology, LLC            4#            5#  This library is free software; you can redistribute it and/or            6#  modify it under the terms of the GNU Lesser General Public            7#  License as published by the Free Software Foundation; either            8#  version 2.1 of the License, or (at your option) any later version.            9#           10#  This library is distributed in the hope that it will be useful,           11#  but WITHOUT ANY WARRANTY; without even the implied warranty of           12#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU           13#  Lesser General Public License for more details.           14#           15#  You should have received a copy of the GNU Lesser General Public           16#  License along with this library; if not, write to the Free Software           17#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA           18#           19# Specify how libsemanage will interact with a SELinux policy manager.           20# The four options are:           21#           22#  "source"     - libsemanage manipulates a source SELinux policy           23#  "direct"     - libsemanage will write directly to a module store.           24#  /foo/bar     - Write by way of a policy management server, whose           25#                 named socket is at /foo/bar.  The path must begin           26#                 with a '/'.           27#  foo.com:4242 - Establish a TCP connection to a remote policy           28#                 management server at foo.com.  If there is a colon           29#                 then the remainder is interpreted as a port number;           30#                 otherwise default to port 4242.           31module-store = direct           32           33# When generating the final linked and expanded policy, by default           34# semanage will set the policy version to POLICYDB_VERSION_MAX, as           35# given in <sepol/policydb.h>.  Change this setting if a different           36# version is necessary.           37#policy-version = 19           38           39# expand-check check neverallow rules when executing all semanage           40# commands. There might be a penalty in execution time if this           41# option is enabled.           42expand-check=0           43           44# usepasswd check tells semanage to scan all pass word records for home directories           45# and setup the labeling correctly. If this is turned off, SELinux will label only /home           46# and home directories of users with SELinux login mappings defined, see           47# semanage login -l for the list of such users.           48# If you want to use a different home directory, you will need to use semanage fcontext command.           49# For example, if you had home dirs in /althome directory you would have to execute           50# semanage fcontext -a -e /home /althome           51usepasswd=False           52bzip-small=true           53bzip-blocksize=5           54ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var           55optimize-policy=true           56           57[sefcontext_compile]           58path = /usr/sbin/sefcontext_compile           59args = -r $@           60[end]

             @@ -0,0 +1,2 @@            1# TODO: drop after https://salsa.debian.org/printing-team/cups/-/merge_requests/11 is merged            2g lpadmin

             @@ -0,0 +1,2 @@            1# TODO: drop after https://gitlab.freedesktop.org/geoclue/geoclue/-/merge_requests/202 is merged            2u geoclue - - /var/lib/geoclue

             @@ -0,0 +1,3 @@            1# TODO: drop after https://salsa.debian.org/tts-team/speech-dispatcher/-/merge_requests/6 is merged            2u speech-dispatcher - "Speech Dispatcher" /run/speech-dispatcher /bin/false            3m speech-dispatcher audio

             @@ -0,0 +1,2 @@            1# TODO: drop after https://salsa.debian.org/debian/wpa/-/merge_requests/18 is merged            2g netdev

             @@ -8,3 +8,7 @@     8      8     9      9# On Debian/Ubuntu the nftable service fails if this config is not present    10     10L? /etc/nftables.conf           11           12# These can be dropped once https://bugs.debian.org/1108017 is fixed           13L? /etc/adduser.conf           14L? /etc/deluser.conf

             @@ -0,0 +1,3 @@            1title Debian 13 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_13_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Debian Testing ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Debian_Testing_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Debian Testing ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_14_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Fedora 41 ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_41_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Fedora 42 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_42_images/ParticleOS_x86-64.efi

             @@ -1,3 +1,3 @@     1      1title Fedora Rawhide ParticleOS Current from OBS (Network Boot)     2      2architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_Rawhide_images/ParticleOS-x86-64.efi            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_44_images/ParticleOS_x86-64.efi

             @@ -0,0 +1,6 @@            1<?xml version="1.0" encoding="utf-8"?>            2<service>            3  <short>Hugo</short>            4  <description>Used for running Hugo's development server</description>            5  <port protocol="tcp" port="1313"/>            6</service>

             @@ -0,0 +1,3 @@            1L? /etc/selinux/targeted            2C /etc/selinux/config          -    -    -     -   /usr/share/factory/etc/selinux/config            3C /etc/selinux/semanage.conf   -    -    -     -   /usr/share/factory/etc/selinux/semanage.conf

             @@ -0,0 +1,4 @@            1# apt gets pulled in, but with /usr read-only doesn't make sense to run updates            2disable apt-daily.timer            3disable apt-daily-upgrade.timer            4disable apt-listchanges.timer

             @@ -0,0 +1,8 @@            1[Flatpak Repo]            2Title=Flathub            3Url=https://dl.flathub.org/repo/            4Homepage=https://flathub.org/            5Comment=Central repository of Flatpak applications            6Description=Central repository of Flatpak applications            7Icon=https://dl.flathub.org/repo/logo.svg            8GPGKey=mQINBFlD2sABEADsiUZUOYBg1UdDaWkEdJYkTSZD68214m8Q1fbrP5AptaUfCl8KYKFMNoAJRBXn9FbE6q6VBzghHXj/rSnA8WPnkbaEWR7xltOqzB1yHpCQ1l8xSfH5N02DMUBSRtD/rOYsBKbaJcOgW0K21sX+BecMY/AI2yADvCJEjhVKrjR9yfRX+NQEhDcbXUFRGt9ZT+TI5yT4xcwbvvTu7aFUR/dH7+wjrQ7lzoGlZGFFrQXSs2WI0WaYHWDeCwymtohXryF8lcWQkhH8UhfNJVBJFgCY8Q6UHkZG0FxMu8xnIDBMjBmSZKwKQn0nwzwM2afskZEnmNPYDI8nuNsSZBZSAw+ThhkdCZHZZRwzmjzyRuLLVFpOj3XryXwZcSefNMPDkZAuWWzPYjxS80cm2hG1WfqrG0Gl8+iX69cbQchb7gbEb0RtqNskTo9DDmO0bNKNnMbzmIJ3/rTbSahKSwtewklqSP/01o0WKZiy+n/RAkUKOFBprjJtWOZkc8SPXV/rnoS2dWsJWQZhuPPtv3tefdDiEyp7ePrfgfKxuHpZES0IZRiFI4J/nAUP5bix+srcIxOVqAam68CbAlPvWTivRUMRVbKjJiGXIOJ78wAMjqPg3QIC0GQ0EPAWwAOzzpdgbnG7TCQetaVV8rSYCuirlPYN+bJIwBtkOC9SWLoPMVZTwQARAQABtC5GbGF0aHViIFJlcG8gU2lnbmluZyBLZXkgPGZsYXRodWJAZmxhdGh1Yi5vcmc+iQJUBBMBCAA+FiEEblwF2XnHba+TwIE1QYTdTZB6fK4FAllD2sACGwMFCRLMAwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQQYTdTZB6fK5RJQ/+Ptd4sWxaiAW91FFk7+wmYOkEe1NY2UDNJjEEz34PNP/1RoxveHDt43kYJQ23OWaPJuZAbu+fWtjRYcMBzOsMCaFcRSHFiDIC9aTp4ux/mo+IEeyarYt/oyKb5t5lta6xaAqg7rwt65jW5/aQjnS4h7eFZ+dAKta7Y/fljNrOznUp81/SMcx4QA5G2Pw0hs4Xrxg59oONOTFGBgA6FF8WQghrpR7SnEe0FSEOVsAjwQ13Cfkfa7b70omXSWp7GWfUzgBKyoWxKTqzMN3RQHjjhPJcsQnrqH5enUu4Pcb2LcMFpzimHnUgb9ft72DP5wxfzHGAWOUiUXHbAekfq5iFks8cha/RST6wkxG3Rf44Zn09aOxh1btMcGL+5xb1G0BuCQnA0fP/kDYIPwh9z22EqwRQOspIcvGeLVkFeIfubxpcMdOfQqQnZtHMCabV5Q/Rk9K1ZGc8M2hlg8gHbXMFch2xJ0Wu72eXbA/UY5MskEeBgawTQnQOK/vNm7t0AJMpWK26Qg6178UmRghmeZDj9uNRc3EI1nSbgvmGlpDmCxaAGqaGL1zW4KPW5yN25/qeqXcgCvUjZLI9PNq3Kvizp1lUrbx7heRiSoazCucvHQ1VHUzcPVLUKKTkoTP8okThnRRRsBcZ1+jI4yMWIDLOCT7IW3FePr+3xyuy5eEo9a25Ag0EWUPa7AEQALT/CmSyZ8LWlRYQZKYw417p7Z2hxqd6TjwkwM3IQ1irumkWcTZBZIbBgrSOg6CcXD2oWydCQHWi9qaxhuhEl2bJL5LskmBcMxVdQeD0LLHd8QUnbnnIby8ocvWN1alPfvJFjCUTrmD22U1ycOzRw2lIe4kiQONbOZtdWrVImQQSndjFlisitbmlWHvHm2lOOYy8+GJB7YffVV193hmnBSJffCy4bvkuLxsI+n1DhOzc7MPV3z6HGk4HiEcF0yyt9tCYhpsxHFdBoq2h771HfAcS0s98EVAqYMFnf9em+4cnYpdI6mhIfS1FQiKl6DBAYA8tT3ggla00DurPo0JwX/zN+PaO5h/6O9aCZwV7G6rbkgMuqMergXaf8oP38gr0z+MqWnkfM63Bodq68GP4l4hd02BoFBbDf38TMuGQB14+twJMdfbAxo2MbgluvQgfwHfZ2ca6gyEY+9s/YD1gugLjV+S6CB51WkFNe1z4tAPgJZNxUcKCbeaHNbthl8Hks/pY9RCEseX/EdfzF18epbSjJMPh4DPQXbUoFwmyuYcoBOPmvZHNl9hK7B/1RP8w1ZrXk8qdupC0SNbafX7270B7lMMVImzZetGsM9ypXJ6llhp3FwW09iseNyGJGPsr/dvTMGDXqOPfU/9SAS1LSTY4K9PbRtdrBE318YX8mIk5ABEBAAGJBHIEGAEIACYWIQRuXAXZecdtr5PAgTVBhN1NkHp8rgUCWUPa7AIbAgUJEswDAAJACRBBhN1NkHp8rsF0IAQZAQgAHRYhBFSmzd2JGfsgQgDYrFYnAunj7X7oBQJZQ9rsAAoJEFYnAunj7X7oR6AP/0KYmiAFeqx14Z43/6s2gt3VhxlSd8bmcVV7oJFbMhdHBIeWBp2BvsUf00I0Zl14ZkwCKfLwbbORC2eIxvzJ+QWjGfPhDmS4XUSmhlXxWnYEveSek5Tde+fmu6lqKM8CHg5BNx4GWIX/vdLi1wWJZyhrUwwICAxkuhKxuP2Z1An48930eslTD2GGcjByc27+9cIZjHKa07I/aLffo04V+oMT9/tgzoquzgpVV4jwekADo2MJjhkkPveSNI420bgT+Q7Fi1l0X1aFUniBvQMsaBa27PngWm6xE2ZYvh7nWCdd5g0c0eLIHxWwzV1lZ4Ryx4ITO/VL25ItECcjhTRdYa64sA62MYSaB0x3eR+SihpgP3wSNPFu3MJo6FKTFdi4CBAEmpWHFW7FcRmd+cQXeFrHLN3iNVWryy0HK/CUEJmiZEmpNiXecl4vPIIuyF0zgSCztQtKoMr+injpmQGC/rF/ELBVZTUSLNB350S0Ztvw0FKWDAJSxFmoxt3xycqvvt47rxTrhi78nkk6jATKGyvP55sO+K7Q7Wh0DXA69hvPrYW2eu8jGCdVGxi6HX7L1qcfEd0378S71dZ3g9o6KKl1OsDWWQ6MJ6FGBZedl/ibRfs8p5+sbCX3lQSjEFy3rx6n0rUrXx8U2qb+RCLzJlmC5MNBOTDJwHPcX6gKsUcXZrEQALmRHoo3SrewO41RCr+5nUlqiqV3AohBMhnQbGzyHf2+drutIaoh7Rj80XRh2bkkuPLwlNPf+bTXwNVGse4bej7B3oV6Ae1N7lTNVF4Qh+1OowtGjmfJPWo0z1s6HFJVxoIof9z58Msvgao0zrKGqaMWaNQ6LUeC9g9Aj/9Uqjbo8X54aLiYs8Z1WNc06jKP+gv8AWLtv6CR+l2kLez1YMDucjm7v6iuCMVAmZdmxhg5I/X2+OM3vBsqPDdQpr2TPDLX3rCrSBiS0gOQ6DwN5N5QeTkxmY/7QO8bgLo/Wzu1iilH4vMKW6LBKCaRx5UEJxKpL4wkgITsYKneIt3NTHo5EOuaYk+y2+Dvt6EQFiuMsdbfUjs3seIHsghX/cbPJa4YUqZAL8C4OtVHaijwGo0ymt9MWvS9yNKMyT0JhN2/BdeOVWrHk7wXXJn/ZjpXilicXKPx4udCF76meE+6N2u/T+RYZ7fP1QMEtNZNmYDOfA6sViuPDfQSHLNbauJBo/n1sRYAsL5mcG22UDchJrlKvmK3EOADCQg+myrm8006LltubNB4wWNzHDJ0Ls2JGzQZCd/xGyVmUiidCBUrD537WdknOYE4FD7P0cHaM9brKJ/M8LkEH0zUlo73bY4XagbnCqve6PvQb5G2Z55qhWphd6f4B6DGed86zJEa/RhS

             @@ -0,0 +1,14 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2# TODO: drop once https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/89 is fixed            3            4[Unit]            5Description=Tell the accounts service about homed users            6After=systemd-homed.service accounts-daemon.service            7Before=systemd-user-sessions.service            8            9[Service]           10Type=oneshot           11ExecStart=/bin/bash -c "for n in $$(busctl call org.freedesktop.home1 /org/freedesktop/home1 org.freedesktop.home1.Manager ListHomes --json=pretty | jq -r '.data.[].[].[0]'); do busctl call org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts CacheUser s $$n; done"           12           13[Install]           14WantedBy=multi-user.target

             @@ -0,0 +1,3 @@            1enable opensnitch.service            2enable fprintd.service            3enable units_cur.timer

             @@ -0,0 +1,8 @@            1[Unit]            2Description=Update GNU Units currencies            3After=network-online.target            4Requires=network-online.target            5            6[Service]            7StateDirectory=units            8ExecStart=/usr/bin/units_cur

             @@ -0,0 +1,9 @@            1[Unit]            2Description=Update GNU Units currencies            3            4[Timer]            5OnCalendar=weekly            6Persistent=yes            7            8[Install]            9WantedBy=timers.target

             @@ -0,0 +1,7 @@            1[Unit]            2Description=Autorestic Backups Service            3            4[Service]            5ExecStart=/usr/bin/autorestic --ci cron            6ExecStartPost=/usr/bin/autorestic --ci forget            7Type=oneshot

             @@ -0,0 +1,9 @@            1[Unit]            2Description=Autorestic Backups Timer            3            4[Timer]            5OnCalendar=daily            6Persistent=yes            7            8[Install]            9WantedBy=timers.target

             @@ -0,0 +1,2 @@            1[Service]            2StateDirectory=logrotate

             @@ -0,0 +1,3 @@            1# Disabled by default in the package            2disable speech-dispatcherd.service            3

             @@ -1,3 +0,0 @@     1       # TODO: drop once https://bugs.debian.org/1025349 is fixed     2       [Install]     3       Alias=display-manager.service

             @@ -0,0 +1,3 @@            1# TODO: drop once https://bugs.debian.org/1025349 is fixed            2[Install]            3Alias=display-manager.service