Stack of 10
1/10To-upstream: Symlink in /etc/mkosi-manifest+1
2/10Enable greeters, starting after first-boot-complete.target+4 -2
3/10To-upstream: fixes for KDE profile+12
4/10To-upstream: general fixes and improvements+36
5/10To-upstream: fixes for Fedora+12
6/10To-upstream: fixes for desktop profile+1
7/10Enable SELinux (WIP)+65
8/10Miscellaneous tweaks that I don't plan to upstream+15
9/10Custom readme for my personal fork+53 -158
10/10My customized ParticleOS configuration+339 -3

patchstack/customized main

jcgl

main v10 v9 v8 v7 v6 v5 v4 v3 v2 v1
...
v26 (latest)v25 v24 v23 v22 v21 v20 v19 v18 v17 v16 v15 v14 v13 v12 v11 v10 v9 v8
Reset To Latest

local customizations

Patch does not have a description.
25 files changed+339 -3
  .editorconfig
3
  .gitignore
2
+ .ignore
1
+ makefile
54
  mkosi.conf
1
  mkosi.local.conf
36
  systemd
2
+ .obs/workflows.yml
13
+ mkosi.conf.d/debian/mkosi.postinst.chroot
9
  mkosi.profiles/desktop/mkosi.conf
2
+ mkosi.profiles/custom/mkosi.postinst.d/wireshark.chroot
4
  mkosi.extra/usr/lib/tmpfiles.d/etc.conf
9
  mkosi.profiles/gnome/mkosi.conf.d/debian/mkosi.conf
3
  mkosi.profiles/gnome/mkosi.conf.d/fedora/mkosi.conf
4
  mkosi.extra/usr/lib/systemd/system-preset/10-particleos.preset
5
- mkosi.conf.d/debian/mkosi.extra/usr/lib/system-preset/20-particleos-debian.preset
4
+ mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-debian-13-particleos-obs-current.conf
3
- mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-debian-particleos-obs-current.conf
3
+ mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-debian-testing-particleos-obs-current.conf
3
- mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-fedora-41-particleos-obs-current.conf
3
+ mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-fedora-42-particleos-obs-current.conf
3
  mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-fedora-rawhide-particleos-obs-current.conf
2
+ mkosi.profiles/custom/mkosi.extra/etc/firewalld/services/hugo.xml
6
+ mkosi.conf.d/debian/mkosi.extra/usr/lib/systemd/system-preset/20-particleos-debian.preset
4
+ mkosi.profiles/gnome/mkosi.extra/usr/lib/systemd/system/homed-accounts-workaround.service
14
.editorconfig+3 
             @@ -10,3 +10,6 @@    10     10[*.conf]    11     11indent_style = space    12     12indent_size = 4           13           14[mkosi.passphrase]           15insert_final_newline = false
.gitignore+2 
             @@ -11,3 +11,5 @@    11     11.mkosi-private    12     12mkosi.packages/    13     13keys/           14mkosi.profiles/custom/mkosi.extra/usr/local/bin/           15versions/
.ignore+1 
             @@ -0,0 +1,1 @@            1systemd/**
makefile+54 
             @@ -0,0 +1,54 @@            1BIN_DIR := mkosi.profiles/custom/mkosi.extra/usr/local/bin            2PACKAGES_DIR := mkosi.profiles/custom/mkosi.packages            3btdu := $(BIN_DIR)/btdu            4opensnitch := $(PACKAGES_DIR)/opensnitch.rpm            5opensnitch_ui := $(PACKAGES_DIR)/opensnitch_ui.rpm            6ALL := $(btdu) $(opensnitch) $(opensnitch_ui)            7CURRENT_VERSION = $(shell mkosi summary --json | jq -r '.Images[] | select(.Image == "main") | .ImageVersion')            8            9.PHONY: deps           10deps: $(PACKAGES_DIR) $(BIN_DIR) $(ALL)           11           12.PHONY: clean           13clean:           14	rm -fv $(ALL)           15           16$(BIN_DIR) $(PACKAGES_DIR):           17	mkdir -p $@           18           19$(btdu): $(MAKE_TMPDIR)/btdu           20	echo 35b9bb752e6aa902b8281e92a5411b2f1cfb9fa251089adf909dc95efc011c48 $(MAKE_TMPDIR)/btdu | sha256sum --check           21	cp $(MAKE_TMPDIR)/btdu $@           22           23$(MAKE_TMPDIR)/btdu:           24	wget https://github.com/CyberShadow/btdu/releases/download/v0.6.0/btdu-static-x86_64 -O $(MAKE_TMPDIR)/btdu           25           26$(opensnitch): $(MAKE_TMPDIR)/opensnitch.rpm           27	echo 2caf4e13ffd1b7af48306a2e9e979042f526823720b42bee4c00194f140d64dd $(MAKE_TMPDIR)/opensnitch.rpm | sha256sum --check           28	cp $(MAKE_TMPDIR)/opensnitch.rpm $@           29           30$(MAKE_TMPDIR)/opensnitch.rpm:           31		wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-1.7.2-1.x86_64.rpm -O $(MAKE_TMPDIR)/opensnitch.rpm           32           33$(opensnitch_ui): $(MAKE_TMPDIR)/opensnitch_ui.rpm           34	echo b26029cbc83880ebc92170035d50237c13b17ffc0b3cf52b89fa1348edfdfb43 $(MAKE_TMPDIR)/opensnitch_ui.rpm | sha256sum --check           35	cp $(MAKE_TMPDIR)/opensnitch_ui.rpm $@           36           37$(MAKE_TMPDIR)/opensnitch_ui.rpm:           38	wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-ui-1.7.2-1.noarch.rpm -O $(MAKE_TMPDIR)/opensnitch_ui.rpm           39           40mkosi.crt:           41	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.pem mkosi.crt           42           43mkosi.key:           44	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.key mkosi.key           45           46.PHONY: build           47	mkosi build --auto-bump           48           49.PHONY: sysupdate           50sysupdate:           51	mkosi sysupdate -- update           52	mkdir -p versions           53	cat mkosi.output/ParticleOS_$(CURRENT_VERSION)_x86-64.manifest | gzip > versions/$(CURRENT_VERSION).manifest.gz           54	cat mkosi.output/ParticleOS_$(CURRENT_VERSION)_x86-64.changelog | gzip > versions/$(CURRENT_VERSION).changelog.gz
mkosi.conf-1
             @@ -107,7 +107,6 @@   107    107RAM=4G   108    108CPUs=4   109    109Ephemeral=yes   110       RuntimeScratch=no   111    110Credentials=   112    111        passwd.plaintext-password.root=particleos   113    112        tty.serial.hvc0.agetty.autologin=particleos
mkosi.local.conf+21 -15
             @@ -1,18 +1,21 @@     1      1[Distribution]     2      2Distribution=fedora     3       Release=42            3Release=43     4      4     5      5[Build]     6      6ToolsTree=default     7      7ToolsTreeDistribution=fedora     8      8ToolsTreeProfiles=misc,runtime,gui     9       ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~42~x86-64/            9ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~43~x86-64/    10     10    11     11[Config]    12       Profiles=desktop,kde           12Profiles=desktop,kde,custom           13           14[Output]           15ManifestFormat=changelog    13     16    14     17[Content]    15       VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~42~x86-64/           18VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~43~x86-64/    16     19Packages=    17     20        ansible    18     21        awk             @@ -29,14 +32,18 @@    29     32        debian-keyring    30     33        dictd    31     34        du-dust           35        duf           36        d2    32     37        emacs    33     38        entr    34     39        exfatprogs           40        exiftool    35     41        fastfetch    36     42        fcitx5-mozc    37     43        fcitx5-configtool    38     44        fcitx5-gtk    39     45        fcitx5-qt           46        firejail    40     47        fontawesome-fonts-all    41     48        kcm-fcitx5    42     49        fd-find             @@ -83,13 +90,14 @@    83     90        # include mkosi just for shell completion and man pages    84     91        mkosi    85     92        mokutil           93        mpv    86     94        ncdu           95        neovim    87     96        ninja    88     97        okular    89     98        osc    90     99        # needed for bell fish function    91    100        oxygen-sounds    92               neovim    93    101        pre-commit    94    102        python3-neovim    95    103        nmap             @@ -96,6 +104,9 @@    96    104        nmap-ncat    97    105        # for coc.nvim    98    106        npm          107        # needed for clatd on F43 apparently          108        perl-IPC-Cmd          109        perl-JSON    99    110        pipewire-utils   100    111        plasma-disks   101    112        plasma-vault             @@ -102,6 +113,7 @@   102    113        pnpm   103    114        powertop   104    115        proxychains-ng          116        pv   105    117        python3-netaddr   106    118        ripgrep   107    119        rubygem-asciidoctor             @@ -113,6 +125,7 @@   113    125        sqlite   114    126        stgit   115    127        tcpdump          128        # not yet available for fedora 43   116    129        terraform-ls   117    130        tmux   118    131        toolbox             @@ -129,15 +142,8 @@   129    142        wireshark   130    143        yubikey-manager   131    144        kernel   132               repository/opensnitch-ui-1.7.1-1.noarch.rpm   133               repository/opensnitch-1.7.1-1.x86_64.rpm          145        # repository directory comes from mkosi.packages          146        repository/opensnitch_ui.rpm          147        repository/opensnitch.rpm   134    148        python3-grpcio+protobuf   135    149        python3-slugify   136          137       [Validation]   138       SecureBootKey=./keys/sbctl/var/keys/db/db.key   139       SecureBootCertificate=./keys/sbctl/var/keys/db/db.pem   140       SignExpectedPcrKey=./keys/sbctl/var/keys/db/db.key   141       SignExpectedPcrCertificate=./keys/sbctl/var/keys/db/db.pem   142       VerityKey=./keys/sbctl/var/keys/db/db.key   143       VerityCertificate=./keys/sbctl/var/keys/db/db.pem
systemd+1 -1
             @@ -1,1 +1,1 @@     1       c2678480a79ad1fcab0b5c9a4c3195dbe0c490d1            115bd1496c9b59c1ec8ee05e78c65eeb3f148c898
.obs/workflows.yml+13 
             @@ -0,0 +1,13 @@            1rebuild:            2  steps:            3    - trigger_services:            4        project: system:systemd            5        package: particleos-debian            6    - trigger_services:            7        project: system:systemd            8        package: particleos-fedora            9  filters:           10    event: push           11    branches:           12      only:           13        - obs
mkosi.conf.d/debian/mkosi.postinst.chroot+9 
             @@ -0,0 +1,9 @@            1#!/bin/bash            2# SPDX-License-Identifier: LGPL-2.1-or-later            3set -e            4            5# Debian/Ubuntu PAM patches break /usr/lib/pam.d/ so copy to factory            6# TODO: drop after https://salsa.debian.org/vorlon/pam/-/merge_requests/26 is merged            7if [[ -f /usr/lib/tmpfiles.d/debian.conf ]]; then            8    sed -i '/\/etc\/pam.d/d' /usr/lib/tmpfiles.d/debian.conf            9fi
mkosi.profiles/desktop/mkosi.conf+2 
             @@ -2,6 +2,7 @@     2      2     3      3[Content]     4      4Packages=            5        bluez     5      6        bolt     6      7        desktop-file-utils     7      8        pax-utils             @@ -8,6 +9,7 @@     8      9        pgpdump     9     10        pipewire    10     11        pipewire-alsa           12        qemu-guest-agent    11     13        wireless-regdb    12     14        xdg-desktop-portal    13     15
mkosi.profiles/custom/mkosi.postinst.d/wireshark.chroot+4 
             @@ -0,0 +1,4 @@            1#!/usr/bin/sh            2            3chmod 755 /usr/bin/dumpcap            4setcap -r /usr/bin/dumpcap
mkosi.extra/usr/lib/tmpfiles.d/etc.conf+8 -1
             @@ -63,6 +63,8 @@    63     63# PackageKit does not run without /etc/PackageKit/ and GNOME stalls    64     64# logout/reboot if it doesn't run.    65     65L? /etc/PackageKit           66# ModemManager needds its dbus policy file           67L? /etc/dbus1/systemd.d/org.freedesktop.ModemManager1.conf    66     68# Required by man-db-cache-update.service    67     69L? /etc/sysconfig/man-db    68     70# sddm breaks otherwise, at least with homed?             @@ -75,8 +77,8 @@    75     77    76     78#firewalld    77     79# this stuff from the `setup` package in Fedora is just kinda funny...           80C+ /etc/firewalld    78     81L? /etc/protocols    79       L? /etc/firewalld    80     82L? /etc/logrotate.d/firewalld    81     83L? /etc/modprobe.d/firewalld-sysctls.conf    82     84L? /etc/sysconfig/firewalld             @@ -87,6 +89,10 @@    87     89# cups    88     90L? /etc/cups    89     91           92# firejail           93L? /etc/firejail           94L? /etc/login.defs           95    90     96# abrtd    91     97L? /etc/libreport    92     98             @@ -98,3 +104,4 @@    98    104    99    105# miscellaneous legacy file   100    106L? /etc/shells          107L? /etc/hosts
mkosi.profiles/gnome/mkosi.conf.d/debian/mkosi.conf+1 -2
             @@ -7,8 +7,7 @@     7      7Packages=     8      8        gnome-browser-connector     9      9        gnome-core    10               # TODO: enable when it integrates with homed    11               # gnome-initial-setup           10        gnome-initial-setup    12     11        gnome-keyring-pkcs11    13     12        gnome-session-xsession    14     13        gnome-software-plugin-flatpak
mkosi.profiles/gnome/mkosi.conf.d/fedora/mkosi.conf+4 
             @@ -5,4 +5,8 @@     5      5     6      6[Content]     7      7Packages=            8        adwaita-fonts-all     8      9        gdm           10        rsms-inter-fonts           11        rsms-inter-vf-fonts           12        default-fonts-core-emoji
mkosi.extra/usr/lib/systemd/system-preset/10-particleos.preset+5 
             @@ -40,3 +40,8 @@    40     40    41     41# Maybe man db    42     42enable man-db-cache-update.service           43           44# Fedora 43 introduces a new authselect service in place of package scriptlets.           45# It fails and (I believe) shouldn't be needed           46# https://bugzilla.redhat.com/show_bug.cgi?id=2397255           47disable authselect-apply-changes.service
mkosi.conf.d/debian/mkosi.extra/usr/lib/system-preset/20-particleos-debian.preset-4
             @@ -1,4 +0,0 @@     1       # apt gets pulled in, but with /usr read-only doesn't make sense to run updates     2       disable apt-daily.timer     3       disable apt-daily-upgrade.timer     4       disable apt-listchanges.timer
mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-debian-13-particleos-obs-current.conf+3 
             @@ -0,0 +1,3 @@            1title Debian 13 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_13_images/ParticleOS_x86-64.efi
mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-debian-particleos-obs-current.conf-3
             @@ -1,3 +0,0 @@     1       title Debian Testing ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Debian_Testing_images/ParticleOS-x86-64.efi
mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-debian-testing-particleos-obs-current.conf+3 
             @@ -0,0 +1,3 @@            1title Debian Testing ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_14_images/ParticleOS_x86-64.efi
mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-fedora-41-particleos-obs-current.conf-3
             @@ -1,3 +0,0 @@     1       title Fedora 41 ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_41_images/ParticleOS-x86-64.efi
mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-fedora-42-particleos-obs-current.conf+3 
             @@ -0,0 +1,3 @@            1title Fedora 42 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_42_images/ParticleOS_x86-64.efi
mkosi.images/netesp/mkosi.extra/efi/loader/entries/90-fedora-rawhide-particleos-obs-current.conf+1 -1
             @@ -1,3 +1,3 @@     1      1title Fedora Rawhide ParticleOS Current from OBS (Network Boot)     2      2architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_Rawhide_images/ParticleOS-x86-64.efi            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_44_images/ParticleOS_x86-64.efi
mkosi.profiles/custom/mkosi.extra/etc/firewalld/services/hugo.xml+6 
             @@ -0,0 +1,6 @@            1<?xml version="1.0" encoding="utf-8"?>            2<service>            3  <short>Hugo</short>            4  <description>Used for running Hugo's development server</description>            5  <port protocol="tcp" port="1313"/>            6</service>
mkosi.conf.d/debian/mkosi.extra/usr/lib/systemd/system-preset/20-particleos-debian.preset+4 
             @@ -0,0 +1,4 @@            1# apt gets pulled in, but with /usr read-only doesn't make sense to run updates            2disable apt-daily.timer            3disable apt-daily-upgrade.timer            4disable apt-listchanges.timer
mkosi.profiles/gnome/mkosi.extra/usr/lib/systemd/system/homed-accounts-workaround.service+14 
             @@ -0,0 +1,14 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2# TODO: drop once https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/89 is fixed            3            4[Unit]            5Description=Tell the accounts service about homed users            6After=systemd-homed.service accounts-daemon.service            7Before=systemd-user-sessions.service            8            9[Service]           10Type=oneshot           11ExecStart=/bin/bash -c "for n in $$(busctl call org.freedesktop.home1 /org/freedesktop/home1 org.freedesktop.home1.Manager ListHomes --json=pretty | jq -r '.data.[].[].[0]'); do busctl call org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts CacheUser s $$n; done"           12           13[Install]           14WantedBy=multi-user.target
jcgl updated patch to version 26
jcgl updated patch to version 25
jcgl updated patch to version 24
jcgl updated patch to version 23
jcgl updated patch to version 22
jcgl updated patch to version 21
jcgl updated patch to version 20
jcgl updated patch to version 19
jcgl updated patch to version 18
jcgl updated patch to version 17
jcgl updated patch to version 16
jcgl updated patch to version 15
jcgl updated patch to version 14
jcgl updated patch to version 13
jcgl updated patch to version 12
jcgl updated patch to version 11
jcgl updated patch to version 10
jcgl updated patch to version 9
jcgl updated patch to version 8
jcgl updated patch to version 7
jcgl updated patch to version 6
jcgl updated patch to version 5
jcgl updated patch to version 4
jcgl updated patch to version 3
jcgl updated patch to version 2
jcgl created patch version 1