local customizations

             @@ -10,3 +10,6 @@    10     10[*.conf]    11     11indent_style = space    12     12indent_size = 4           13           14[mkosi.passphrase]           15insert_final_newline = false

             @@ -11,3 +11,5 @@    11     11.mkosi-private    12     12mkosi.packages/    13     13keys/           14mkosi.profiles/custom/mkosi.extra/usr/local/bin/           15versions/

             @@ -0,0 +1,1 @@            1systemd/**

             @@ -0,0 +1,68 @@            1BIN_DIR := mkosi.profiles/custom/mkosi.extra/usr/local/bin            2PACKAGES_DIR := mkosi.profiles/custom/mkosi.packages            3btdu := $(BIN_DIR)/btdu            4opensnitch := $(PACKAGES_DIR)/opensnitch.rpm            5opensnitch_ui := $(PACKAGES_DIR)/opensnitch_ui.rpm            6ALL := $(btdu) $(opensnitch) $(opensnitch_ui)            7LATEST_VERSION = $(shell mkosi summary --json | jq -r '.Images[] | select(.Image == "main") | .ImageVersion')            8INSTALLED_VERSION = $(shell grep IMAGE_VERSION /etc/os-release | cut -d= -f2 | tr -d \")            9           10.PHONY: deps           11deps: $(PACKAGES_DIR) $(BIN_DIR) $(ALL)           12           13.PHONY: clean           14clean:           15	rm -fv $(ALL)           16           17$(BIN_DIR) $(PACKAGES_DIR):           18	mkdir -p $@           19           20$(btdu): $(MAKE_TMPDIR)/btdu           21	echo 35b9bb752e6aa902b8281e92a5411b2f1cfb9fa251089adf909dc95efc011c48 $(MAKE_TMPDIR)/btdu | sha256sum --check           22	cp $(MAKE_TMPDIR)/btdu $@           23           24$(MAKE_TMPDIR)/btdu:           25	wget https://github.com/CyberShadow/btdu/releases/download/v0.6.0/btdu-static-x86_64 -O $(MAKE_TMPDIR)/btdu           26           27$(opensnitch): $(MAKE_TMPDIR)/opensnitch.rpm           28	echo 2caf4e13ffd1b7af48306a2e9e979042f526823720b42bee4c00194f140d64dd $(MAKE_TMPDIR)/opensnitch.rpm | sha256sum --check           29	cp $(MAKE_TMPDIR)/opensnitch.rpm $@           30           31$(MAKE_TMPDIR)/opensnitch.rpm:           32		wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-1.7.2-1.x86_64.rpm -O $(MAKE_TMPDIR)/opensnitch.rpm           33           34$(opensnitch_ui): $(MAKE_TMPDIR)/opensnitch_ui.rpm           35	echo b26029cbc83880ebc92170035d50237c13b17ffc0b3cf52b89fa1348edfdfb43 $(MAKE_TMPDIR)/opensnitch_ui.rpm | sha256sum --check           36	cp $(MAKE_TMPDIR)/opensnitch_ui.rpm $@           37           38$(MAKE_TMPDIR)/opensnitch_ui.rpm:           39	wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-ui-1.7.2-1.noarch.rpm -O $(MAKE_TMPDIR)/opensnitch_ui.rpm           40           41mkosi.crt:           42	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.pem mkosi.crt           43           44mkosi.key:           45	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.key mkosi.key           46           47.PHONY: build           48build:           49	mkosi build --auto-bump           50           51.PHONY: systemd           52systemd:           53	sh -c 'cd systemd && mkosi -t none -f --distribution=fedora --release=43'           54           55.PHONY: sysupdate           56sysupdate:           57	mkosi sysupdate -- update           58	mkdir -p versions           59	cat mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.manifest | gzip > versions/$(LATEST_VERSION).manifest.gz           60	cat mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.changelog | gzip > versions/$(LATEST_VERSION).changelog.gz           61           62.PHONY: diff_changelog           63diff_changelog:           64	diff --color=always -u <(gzip --decompress --to-stdout versions/$(INSTALLED_VERSION).changelog.gz) mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.changelog           65           66.PHONY: diff_manifest           67diff_manifest:           68	diff --color=always -u <(gzip --decompress --to-stdout versions/$(INSTALLED_VERSION).manifest.gz) mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.manifest

             @@ -107,7 +107,6 @@   107    107RAM=4G   108    108CPUs=4   109    109Ephemeral=yes   110       RuntimeScratch=no   111    110Credentials=   112    111        passwd.plaintext-password.root=particleos   113    112        tty.serial.hvc0.agetty.autologin=particleos

             @@ -1,19 +1,25 @@     1      1[Distribution]     2      2Distribution=fedora     3       Release=42            3Release=43     4      4     5      5[Build]     6      6ToolsTree=default     7      7ToolsTreeDistribution=fedora     8      8ToolsTreeProfiles=misc,runtime,gui     9       ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~42~x86-64/            9ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~43~x86-64/    10     10    11     11[Config]    12       Profiles=desktop,kde           12Profiles=desktop,kde,custom           13           14[Output]           15ManifestFormat=changelog    13     16    14     17[Content]    15       VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~42~x86-64/           18VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~43~x86-64/    16     19Packages=           20        # keyrings for building other distro images           21        archlinux-keyring           22        debian-keyring    17     23        ansible    18     24        awk    19     25        bash             @@ -22,18 +28,27 @@    22     28        bind-utils    23     29        bat    24     30        clatd           31        clang-devel    25     32        cowsay    26     33        cmatrix    27     34        curl           35        debian-keyring    28     36        dictd    29     37        du-dust           38        duf           39        d2    30     40        emacs           41        entr    31     42        exfatprogs           43        exiftool    32     44        fastfetch    33     45        fcitx5-mozc    34     46        fcitx5-configtool    35     47        fcitx5-gtk    36     48        fcitx5-qt           49        firejail           50        fontawesome-fonts-all           51        kcm-fcitx5    37     52        fd-find    38     53        file    39     54        fish             @@ -49,6 +64,8 @@    49     64        git-delta    50     65        git-lfs    51     66        glances           67        # needed for geoclue?           68        glib-networking    52     69        guestfs-tools    53     70        golang    54     71        graphviz             @@ -57,6 +74,9 @@    57     74        ImageMagick    58     75        iperf3    59     76        java-latest-openjdk           77        katago-opencl           78        intel-opencl           79        OpenCL-ICD-Loader    60     80        @kde-desktop    61     81        kde-connect    62     82        kde-partitionmanager             @@ -67,23 +87,32 @@    67     87        libfprint-tod    68     88        libfprint-2-tod1-broadcom    69     89        libfprint-tod-selinux           90        litecli    70     91        lm_sensors    71     92        lolcat    72     93        lshw           94        lsof    73     95        man    74     96        # include mkosi just for shell completion and man pages    75     97        mkosi    76     98        mokutil           99        mpv    77    100        ncdu          101        neovim          102        ninja    78    103        okular          104        osc    79    105        # needed for bell fish function    80    106        oxygen-sounds    81               neovim    82    107        pre-commit    83    108        python3-neovim          109        nmap    84    110        nmap-ncat    85    111        # for coc.nvim    86    112        npm          113        # needed for clatd on F43 apparently          114        perl-IPC-Cmd          115        perl-JSON    87    116        pipewire-utils    88    117        plasma-disks    89    118        plasma-vault             @@ -90,15 +119,19 @@    90    119        pnpm    91    120        powertop    92    121        proxychains-ng          122        pv    93    123        python3-netaddr    94    124        ripgrep          125        rubygem-asciidoctor    95    126        rustup    96    127        rsync    97    128        sbctl    98    129        setroubleshoot    99               stgit   100    130        sbsigntools          131        sqlite          132        stgit   101    133        tcpdump          134        # not yet available for fedora 43   102    135        terraform-ls   103    136        tmux   104    137        toolbox             @@ -115,15 +148,8 @@   115    148        wireshark   116    149        yubikey-manager   117    150        kernel   118               repository/opensnitch-ui-1.7.1-1.noarch.rpm   119               repository/opensnitch-1.7.1-1.x86_64.rpm          151        # repository directory comes from mkosi.packages          152        repository/opensnitch_ui.rpm          153        repository/opensnitch.rpm   120    154        python3-grpcio+protobuf   121    155        python3-slugify   122          123       [Validation]   124       SecureBootKey=./keys/sbctl/var/keys/db/db.key   125       SecureBootCertificate=./keys/sbctl/var/keys/db/db.pem   126       SignExpectedPcrKey=./keys/sbctl/var/keys/db/db.key   127       SignExpectedPcrCertificate=./keys/sbctl/var/keys/db/db.pem   128       VerityKey=./keys/sbctl/var/keys/db/db.key   129       VerityCertificate=./keys/sbctl/var/keys/db/db.pem

             @@ -1,1 +1,1 @@     1       5a8b9fd49f7602c19b56deb8cc0efd23e0aa8e2a            115bd1496c9b59c1ec8ee05e78c65eeb3f148c898

             @@ -0,0 +1,13 @@            1rebuild:            2  steps:            3    - trigger_services:            4        project: system:systemd            5        package: particleos-debian            6    - trigger_services:            7        project: system:systemd            8        package: particleos-fedora            9  filters:           10    event: push           11    branches:           12      only:           13        - obs

             @@ -0,0 +1,9 @@            1#!/bin/bash            2# SPDX-License-Identifier: LGPL-2.1-or-later            3set -e            4            5# Debian/Ubuntu PAM patches break /usr/lib/pam.d/ so copy to factory            6# TODO: drop after https://salsa.debian.org/vorlon/pam/-/merge_requests/26 is merged            7if [[ -f /usr/lib/tmpfiles.d/debian.conf ]]; then            8    sed -i '/\/etc\/pam.d/d' /usr/lib/tmpfiles.d/debian.conf            9fi

             @@ -2,6 +2,7 @@     2      2     3      3[Content]     4      4Packages=            5        bluez     5      6        bolt     6      7        desktop-file-utils     7      8        pax-utils             @@ -8,6 +9,7 @@     8      9        pgpdump     9     10        pipewire    10     11        pipewire-alsa           12        qemu-guest-agent    11     13        wireless-regdb    12     14        xdg-desktop-portal    13     15

             @@ -0,0 +1,4 @@            1#!/usr/bin/sh            2            3chmod 755 /usr/bin/dumpcap            4setcap -r /usr/bin/dumpcap

             @@ -63,6 +63,8 @@    63     63# PackageKit does not run without /etc/PackageKit/ and GNOME stalls    64     64# logout/reboot if it doesn't run.    65     65L? /etc/PackageKit           66# ModemManager needds its dbus policy file           67L? /etc/dbus1/systemd.d/org.freedesktop.ModemManager1.conf    66     68# Required by man-db-cache-update.service    67     69L? /etc/sysconfig/man-db    68     70# sddm breaks otherwise, at least with homed?             @@ -75,8 +77,8 @@    75     77    76     78#firewalld    77     79# this stuff from the `setup` package in Fedora is just kinda funny...           80C+ /etc/firewalld    78     81L? /etc/protocols    79       L? /etc/firewalld    80     82L? /etc/logrotate.d/firewalld    81     83L? /etc/modprobe.d/firewalld-sysctls.conf    82     84L? /etc/sysconfig/firewalld             @@ -87,6 +89,13 @@    87     89# cups    88     90L? /etc/cups    89     91           92# firejail           93L? /etc/firejail           94L? /etc/login.defs           95           96# OpenCL           97L? /etc/OpenCL           98    90     99# abrtd    91    100L? /etc/libreport    92    101             @@ -95,3 +104,7 @@    95    104    96    105# libvirt needs all    97    106C+ /etc/libvirt          107          108# miscellaneous legacy file          109L? /etc/shells          110L? /etc/hosts

             @@ -7,8 +7,7 @@     7      7Packages=     8      8        gnome-browser-connector     9      9        gnome-core    10               # TODO: enable when it integrates with homed    11               # gnome-initial-setup           10        gnome-initial-setup    12     11        gnome-keyring-pkcs11    13     12        gnome-session-xsession    14     13        gnome-software-plugin-flatpak

             @@ -5,4 +5,8 @@     5      5     6      6[Content]     7      7Packages=            8        adwaita-fonts-all     8      9        gdm           10        rsms-inter-fonts           11        rsms-inter-vf-fonts           12        default-fonts-core-emoji

             @@ -40,3 +40,8 @@    40     40    41     41# Maybe man db    42     42enable man-db-cache-update.service           43           44# Fedora 43 introduces a new authselect service in place of package scriptlets.           45# It fails and (I believe) shouldn't be needed           46# https://bugzilla.redhat.com/show_bug.cgi?id=2397255           47disable authselect-apply-changes.service

             @@ -1,4 +0,0 @@     1       # apt gets pulled in, but with /usr read-only doesn't make sense to run updates     2       disable apt-daily.timer     3       disable apt-daily-upgrade.timer     4       disable apt-listchanges.timer

             @@ -0,0 +1,3 @@            1title Debian 13 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_13_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Debian Testing ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Debian_Testing_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Debian Testing ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_14_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Fedora 41 ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_41_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Fedora 42 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_42_images/ParticleOS_x86-64.efi

             @@ -1,3 +1,3 @@     1      1title Fedora Rawhide ParticleOS Current from OBS (Network Boot)     2      2architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_Rawhide_images/ParticleOS-x86-64.efi            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_44_images/ParticleOS_x86-64.efi

             @@ -0,0 +1,6 @@            1<?xml version="1.0" encoding="utf-8"?>            2<service>            3  <short>Hugo</short>            4  <description>Used for running Hugo's development server</description>            5  <port protocol="tcp" port="1313"/>            6</service>

             @@ -0,0 +1,4 @@            1# apt gets pulled in, but with /usr read-only doesn't make sense to run updates            2disable apt-daily.timer            3disable apt-daily-upgrade.timer            4disable apt-listchanges.timer

             @@ -0,0 +1,14 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2# TODO: drop once https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/89 is fixed            3            4[Unit]            5Description=Tell the accounts service about homed users            6After=systemd-homed.service accounts-daemon.service            7Before=systemd-user-sessions.service            8            9[Service]           10Type=oneshot           11ExecStart=/bin/bash -c "for n in $$(busctl call org.freedesktop.home1 /org/freedesktop/home1 org.freedesktop.home1.Manager ListHomes --json=pretty | jq -r '.data.[].[].[0]'); do busctl call org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts CacheUser s $$n; done"           12           13[Install]           14WantedBy=multi-user.target