local customizations

             @@ -10,3 +10,6 @@    10     10[*.conf]    11     11indent_style = space    12     12indent_size = 4           13           14[mkosi.passphrase]           15insert_final_newline = false

             @@ -11,3 +11,5 @@    11     11.mkosi-private    12     12mkosi.packages/    13     13keys/           14mkosi.profiles/custom/mkosi.extra/usr/local/bin/           15versions/

             @@ -0,0 +1,1 @@            1systemd/**

             @@ -0,0 +1,77 @@            1BIN_DIR := mkosi.profiles/custom/mkosi.extra/usr/local/bin            2PACKAGES_DIR := mkosi.profiles/custom/mkosi.packages            3btdu := $(BIN_DIR)/btdu            4jj := $(BIN_DIR)/jj            5opensnitch := $(PACKAGES_DIR)/opensnitch.rpm            6opensnitch_ui := $(PACKAGES_DIR)/opensnitch_ui.rpm            7ALL := $(btdu) $(jj) $(opensnitch) $(opensnitch_ui)            8LATEST_VERSION = $(shell mkosi summary --json | jq -r '.Images[] | select(.Image == "main") | .ImageVersion')            9INSTALLED_VERSION = $(shell grep IMAGE_VERSION /etc/os-release | cut -d= -f2 | tr -d \")           10           11.PHONY: deps           12deps: $(PACKAGES_DIR) $(BIN_DIR) $(ALL)           13           14.PHONY: clean           15clean:           16	rm -fv $(ALL)           17           18$(BIN_DIR) $(PACKAGES_DIR):           19	mkdir -p $@           20           21$(jj): $(MAKE_TMPDIR)/jj.tar.gz           22	echo 9967a240e3294a0bce4444c55d40a35b70af44c69b558689aced95e4e497cef2 $(MAKE_TMPDIR)/jj.tar.gz | sha256sum --check           23	tar -xzf $(MAKE_TMPDIR)/jj.tar.gz -C $(MAKE_TMPDIR)           24	cp $(MAKE_TMPDIR)/jj $@           25           26$(MAKE_TMPDIR)/jj.tar.gz:           27	wget https://github.com/jj-vcs/jj/releases/download/v0.35.0/jj-v0.35.0-x86_64-unknown-linux-musl.tar.gz -O $(MAKE_TMPDIR)/jj.tar.gz           28           29$(btdu): $(MAKE_TMPDIR)/btdu           30	echo 35b9bb752e6aa902b8281e92a5411b2f1cfb9fa251089adf909dc95efc011c48 $(MAKE_TMPDIR)/btdu | sha256sum --check           31	cp $(MAKE_TMPDIR)/btdu $@           32	chmod +x $@           33           34$(MAKE_TMPDIR)/btdu:           35	wget https://github.com/CyberShadow/btdu/releases/download/v0.6.0/btdu-static-x86_64 -O $(MAKE_TMPDIR)/btdu           36           37$(opensnitch): $(MAKE_TMPDIR)/opensnitch.rpm           38	echo 2caf4e13ffd1b7af48306a2e9e979042f526823720b42bee4c00194f140d64dd $(MAKE_TMPDIR)/opensnitch.rpm | sha256sum --check           39	cp $(MAKE_TMPDIR)/opensnitch.rpm $@           40           41$(MAKE_TMPDIR)/opensnitch.rpm:           42		wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-1.7.2-1.x86_64.rpm -O $(MAKE_TMPDIR)/opensnitch.rpm           43           44$(opensnitch_ui): $(MAKE_TMPDIR)/opensnitch_ui.rpm           45	echo b26029cbc83880ebc92170035d50237c13b17ffc0b3cf52b89fa1348edfdfb43 $(MAKE_TMPDIR)/opensnitch_ui.rpm | sha256sum --check           46	cp $(MAKE_TMPDIR)/opensnitch_ui.rpm $@           47           48$(MAKE_TMPDIR)/opensnitch_ui.rpm:           49	wget https://github.com/evilsocket/opensnitch/releases/download/v1.7.2/opensnitch-ui-1.7.2-1.noarch.rpm -O $(MAKE_TMPDIR)/opensnitch_ui.rpm           50           51mkosi.crt:           52	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.pem mkosi.crt           53           54mkosi.key:           55	ln -s ~/Vaults/particleos_keys/sbctl/var/keys/db/db.key mkosi.key           56           57.PHONY: build           58build:           59	mkosi build --auto-bump           60           61.PHONY: systemd           62systemd:           63	sh -c 'cd systemd && mkosi -t none -f --distribution=fedora --release=43'           64           65.PHONY: sysupdate           66sysupdate:           67	mkosi sysupdate -- update           68	mkdir -p versions           69	cat mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.changelog | gzip > versions/$(LATEST_VERSION).changelog.gz           70           71.PHONY: diff_changelog           72diff_changelog:           73	sh -c 'diff --color=always -u <(gzip --decompress --to-stdout versions/$(INSTALLED_VERSION).changelog.gz) mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.changelog; test $$? -le 1'           74           75.PHONY: diff_manifest           76diff_manifest:           77	sh -c 'diff --color=always -u /etc/os-manifest mkosi.output/ParticleOS_$(LATEST_VERSION)_x86-64.manifest; test $$? -le 1'

             @@ -107,7 +107,6 @@   107    107RAM=4G   108    108CPUs=4   109    109Ephemeral=yes   110       RuntimeScratch=no   111    110Credentials=   112    111        passwd.plaintext-password.root=particleos   113    112        tty.serial.hvc0.agetty.autologin=particleos

             @@ -1,20 +1,30 @@     1      1[Distribution]     2      2Distribution=fedora     3       Release=42            3Release=43     4      4     5      5[Build]     6      6ToolsTree=default     7      7ToolsTreeDistribution=fedora     8      8ToolsTreeProfiles=misc,runtime,gui     9       ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~42~x86-64/            9ExtraSearchPaths=./systemd/build/mkosi.builddir/fedora~43~x86-64/    10     10    11     11[Config]    12       Profiles=desktop,kde           12Profiles=desktop,kde,custom           13           14[Output]           15ManifestFormat=changelog    13     16    14     17[Content]    15       VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~42~x86-64/           18VolatilePackageDirectories=./systemd/build/mkosi.builddir/fedora~43~x86-64/    16     19Packages=           20        # keyrings for building other distro images           21        archlinux-keyring           22        debian-keyring    17     23        ansible           24        ansible-collection-ansible-posix           25        ansible-collection-community-postgresql           26        ansible-collection-community-general           27        ansible-collection-community-crypto    18     28        awk    19     29        bash    20     30        bash-completion             @@ -26,17 +36,21 @@    26     36        cowsay    27     37        cmatrix    28     38        curl    29               debian-keyring    30     39        dictd           40        diffoscope    31     41        du-dust           42        duf           43        d2    32     44        emacs    33     45        entr    34     46        exfatprogs           47        exiftool    35     48        fastfetch    36     49        fcitx5-mozc    37     50        fcitx5-configtool    38     51        fcitx5-gtk    39     52        fcitx5-qt           53        firejail    40     54        fontawesome-fonts-all    41     55        kcm-fcitx5    42     56        fd-find             @@ -64,6 +78,9 @@    64     78        ImageMagick    65     79        iperf3    66     80        java-latest-openjdk           81        katago-opencl           82        intel-opencl           83        OpenCL-ICD-Loader    67     84        @kde-desktop    68     85        kde-connect    69     86        kde-partitionmanager             @@ -83,13 +100,15 @@    83    100        # include mkosi just for shell completion and man pages    84    101        mkosi    85    102        mokutil          103        mpv    86    104        ncdu          105        neovim    87    106        ninja    88    107        okular          108        opentofu    89    109        osc    90    110        # needed for bell fish function    91    111        oxygen-sounds    92               neovim    93    112        pre-commit    94    113        python3-neovim    95    114        nmap             @@ -96,12 +115,17 @@    96    115        nmap-ncat    97    116        # for coc.nvim    98    117        npm          118        # needed for clatd on F43 apparently          119        perl-IPC-Cmd          120        perl-JSON    99    121        pipewire-utils   100    122        plasma-disks   101    123        plasma-vault   102    124        pnpm   103    125        powertop          126        progress   104    127        proxychains-ng          128        pv   105    129        python3-netaddr   106    130        ripgrep   107    131        rubygem-asciidoctor             @@ -113,6 +137,7 @@   113    137        sqlite   114    138        stgit   115    139        tcpdump          140        # not yet available for fedora 43   116    141        terraform-ls   117    142        tmux   118    143        toolbox             @@ -129,15 +154,8 @@   129    154        wireshark   130    155        yubikey-manager   131    156        kernel   132               repository/opensnitch-ui-1.7.1-1.noarch.rpm   133               repository/opensnitch-1.7.1-1.x86_64.rpm          157        # repository directory comes from mkosi.packages          158        repository/opensnitch_ui.rpm          159        repository/opensnitch.rpm   134    160        python3-grpcio+protobuf   135    161        python3-slugify   136          137       [Validation]   138       SecureBootKey=./keys/sbctl/var/keys/db/db.key   139       SecureBootCertificate=./keys/sbctl/var/keys/db/db.pem   140       SignExpectedPcrKey=./keys/sbctl/var/keys/db/db.key   141       SignExpectedPcrCertificate=./keys/sbctl/var/keys/db/db.pem   142       VerityKey=./keys/sbctl/var/keys/db/db.key   143       VerityCertificate=./keys/sbctl/var/keys/db/db.pem

             @@ -1,1 +1,1 @@     1       c2678480a79ad1fcab0b5c9a4c3195dbe0c490d1            153405835a2aa6e360863660f1e0e4d9a9688085f

             @@ -0,0 +1,13 @@            1rebuild:            2  steps:            3    - trigger_services:            4        project: system:systemd            5        package: particleos-debian            6    - trigger_services:            7        project: system:systemd            8        package: particleos-fedora            9  filters:           10    event: push           11    branches:           12      only:           13        - obs

             @@ -0,0 +1,9 @@            1#!/bin/bash            2# SPDX-License-Identifier: LGPL-2.1-or-later            3set -e            4            5# Debian/Ubuntu PAM patches break /usr/lib/pam.d/ so copy to factory            6# TODO: drop after https://salsa.debian.org/vorlon/pam/-/merge_requests/26 is merged            7if [[ -f /usr/lib/tmpfiles.d/debian.conf ]]; then            8    sed -i '/\/etc\/pam.d/d' /usr/lib/tmpfiles.d/debian.conf            9fi

             @@ -2,6 +2,7 @@     2      2     3      3[Content]     4      4Packages=            5        bluez     5      6        bolt     6      7        desktop-file-utils     7      8        pax-utils             @@ -8,6 +9,7 @@     8      9        pgpdump     9     10        pipewire    10     11        pipewire-alsa           12        qemu-guest-agent    11     13        wireless-regdb    12     14        xdg-desktop-portal    13     15

             @@ -0,0 +1,4 @@            1#!/usr/bin/sh            2            3chmod 755 /usr/bin/dumpcap            4setcap -r /usr/bin/dumpcap

             @@ -3,6 +3,7 @@     3      3# This overrides the same file from systemd since we want to symlink everything     4      4# into /etc instead of copying so updates to /usr propagate properly.     5      5L /etc/os-release - - - - ../usr/lib/os-release            6L /etc/os-manifest - - - - ../usr/lib/os-manifest     6      7L+ /etc/mtab - - - - ../proc/self/mounts     7      8# Contains the default systemd locale     8      9L /etc/locale.conf             @@ -48,6 +49,8 @@    48     49L? /etc/tuned    49     50# Required by gdm    50     51L? /etc/gdm           52# Required by sdm           53L? /etc/sddm    51     54# Required by geoclue    52     55L? /etc/geoclue    53     56# Required by fwupd             @@ -63,10 +66,12 @@    63     66# PackageKit does not run without /etc/PackageKit/ and GNOME stalls    64     67# logout/reboot if it doesn't run.    65     68L? /etc/PackageKit           69# ModemManager needds its dbus policy file           70L? /etc/dbus1/systemd.d/org.freedesktop.ModemManager1.conf           71# man fails without this in /etc/           72L? /etc/manpath.config    66     73# Required by man-db-cache-update.service    67     74L? /etc/sysconfig/man-db    68       # sddm breaks otherwise, at least with homed?    69       L? /etc/sddm    70     75    71     76## custom    72     77C /etc/opensnitchd             @@ -75,8 +80,8 @@    75     80    76     81#firewalld    77     82# this stuff from the `setup` package in Fedora is just kinda funny...           83C+ /etc/firewalld    78     84L? /etc/protocols    79       L? /etc/firewalld    80     85L? /etc/logrotate.d/firewalld    81     86L? /etc/modprobe.d/firewalld-sysctls.conf    82     87L? /etc/sysconfig/firewalld             @@ -87,6 +92,13 @@    87     92# cups    88     93L? /etc/cups    89     94           95# firejail           96L? /etc/firejail           97L? /etc/login.defs           98           99# OpenCL          100L? /etc/OpenCL          101    90    102# abrtd    91    103L? /etc/libreport    92    104             @@ -98,3 +110,4 @@    98    110    99    111# miscellaneous legacy file   100    112L? /etc/shells          113L? /etc/hosts

             @@ -7,9 +7,7 @@     7      7Packages=     8      8        gnome-browser-connector     9      9        gnome-core    10               # TODO: enable when it integrates with homed    11               # gnome-initial-setup           10        gnome-initial-setup    12     11        gnome-keyring-pkcs11    13               gnome-session-xsession    14     12        gnome-software-plugin-flatpak    15     13        gnome-software-plugin-fwupd

             @@ -5,4 +5,8 @@     5      5     6      6[Content]     7      7Packages=            8        adwaita-fonts-all     8      9        gdm           10        rsms-inter-fonts           11        rsms-inter-vf-fonts           12        default-fonts-core-emoji

             @@ -40,3 +40,8 @@    40     40    41     41# Maybe man db    42     42enable man-db-cache-update.service           43           44# Fedora 43 introduces a new authselect service in place of package scriptlets.           45# It fails and (I believe) shouldn't be needed           46# https://bugzilla.redhat.com/show_bug.cgi?id=2397255           47disable authselect-apply-changes.service

             @@ -0,0 +1,13 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2            3[TriggerMatch]            4Distribution=debian            5Release=trixie            6            7[TriggerMatch]            8Distribution=ubuntu            9Release=|oracular           10Release=|plucky           11           12[Content]           13Packages=gnome-session-xsession

             @@ -1,4 +0,0 @@     1       # apt gets pulled in, but with /usr read-only doesn't make sense to run updates     2       disable apt-daily.timer     3       disable apt-daily-upgrade.timer     4       disable apt-listchanges.timer

             @@ -0,0 +1,3 @@            1title Debian 13 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_13_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Debian Testing ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Debian_Testing_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Debian Testing ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/debian_14_images/ParticleOS_x86-64.efi

             @@ -1,3 +0,0 @@     1       title Fedora 41 ParticleOS Current from OBS (Network Boot)     2       architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_41_images/ParticleOS-x86-64.efi

             @@ -0,0 +1,3 @@            1title Fedora 42 ParticleOS Current from OBS (Network Boot)            2architecture x64            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_42_images/ParticleOS_x86-64.efi

             @@ -1,3 +1,3 @@     1      1title Fedora Rawhide ParticleOS Current from OBS (Network Boot)     2      2architecture x64     3       uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/Fedora_Rawhide_images/ParticleOS-x86-64.efi            3uki-url http://downloadcontentcdn.opensuse.org/repositories/system:/systemd/fedora_44_images/ParticleOS_x86-64.efi

             @@ -0,0 +1,6 @@            1<?xml version="1.0" encoding="utf-8"?>            2<service>            3  <short>Hugo</short>            4  <description>Used for running Hugo's development server</description>            5  <port protocol="tcp" port="1313"/>            6</service>

             @@ -0,0 +1,4 @@            1# apt gets pulled in, but with /usr read-only doesn't make sense to run updates            2disable apt-daily.timer            3disable apt-daily-upgrade.timer            4disable apt-listchanges.timer

             @@ -0,0 +1,14 @@            1# SPDX-License-Identifier: LGPL-2.1-or-later            2# TODO: drop once https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/89 is fixed            3            4[Unit]            5Description=Tell the accounts service about homed users            6After=systemd-homed.service accounts-daemon.service            7Before=systemd-user-sessions.service            8            9[Service]           10Type=oneshot           11ExecStart=/bin/bash -c "for n in $$(busctl call org.freedesktop.home1 /org/freedesktop/home1 org.freedesktop.home1.Manager ListHomes --json=pretty | jq -r '.data.[].[].[0]'); do busctl call org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts CacheUser s $$n; done"           12           13[Install]           14WantedBy=multi-user.target