diff --git a/.github/workflows/ledgerlive.yml b/.github/workflows/ledgerlive.yml new file mode 100644 index 0000000..7fecce6 --- /dev/null +++ b/.github/workflows/ledgerlive.yml @@ -0,0 +1,133 @@ +name: ledgerlive + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '0 6 * * 6' # 6 am on Saturdays + push: + paths: + - 'containers/cachyos/ledgerlive/Dockerfile' + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository_owner }}/containers/cachyos/ledgerlive + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Maximize build space + uses: AdityaGarg8/remove-unwanted-software@v1 + with: + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + + - name: Get current date + id: date + run: echo "::set-output name=date::$(date +'%Y%m%d')" + + - name: Test with environment variables + run: echo $DATE + env: + DATE: ${{ steps.date.outputs.date }} + + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 + with: + cosign-release: 'v2.1.1' + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./containers/cachyos/ledgerlive/Dockerfile + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}.${{ steps.date.outputs.date }} + oci: false + layers: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + if: github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} diff --git a/containers/cachyos/ledgerlive/Dockerfile b/containers/cachyos/ledgerlive/Dockerfile new file mode 100644 index 0000000..1ce8fbd --- /dev/null +++ b/containers/cachyos/ledgerlive/Dockerfile @@ -0,0 +1,19 @@ +FROM ghcr.io/andersrh/containers/cachyos/base-gui:main + +WORKDIR /app + +COPY containers/cachyos/ledgerlive/ledger-live-bin /app/ledger-live-bin +COPY containers/cachyos/ledgerlive/ledger-udev /app/ledger-udev + +RUN chown -R build /app + +USER build + +RUN cd ledger-udev \ +&& makepkg -si --noconfirm + +RUN cd ledger-live-bin \ +&& makepkg -si --noconfirm \ +&& rm -rf /app/* +USER root + diff --git a/containers/cachyos/ledgerlive/ledger-live-bin/.SRCINFO b/containers/cachyos/ledgerlive/ledger-live-bin/.SRCINFO new file mode 100644 index 0000000..37ac98d --- /dev/null +++ b/containers/cachyos/ledgerlive/ledger-live-bin/.SRCINFO @@ -0,0 +1,17 @@ +pkgbase = ledger-live-bin + pkgdesc = Maintain your Ledger devices + pkgver = 2.69.0 + pkgrel = 1 + url = https://www.ledger.com/ledger-live + arch = x86_64 + license = MIT + depends = ledger-udev + provides = ledger-live + conflicts = ledger-live + options = !strip + source = ledger-live-desktop-2.69.0-linux-x86_64.AppImage::https://download.live.ledger.com/ledger-live-desktop-2.69.0-linux-x86_64.AppImage + source = LICENSE::https://raw.githubusercontent.com/LedgerHQ/ledger-live/%40ledgerhq/live-desktop%402.69.0/apps/ledger-live-desktop/LICENSE + sha512sums = 914a783be7f542113362d7ae45d6d27973447e3f2d04771dd3dc8167f69abebb3a2753e8db7cef6584ff94cc2d65876b2e7c57904024e4415688025274240b40 + sha512sums = 915edd51fe7732af57f5a4ca8f4c61c4f435de6357e34ed0733cac8d950d80b3a9e513deac0a3672a07f38ff871a57032a221b3aa27edae8e42cc00586fe3318 + +pkgname = ledger-live-bin diff --git a/containers/cachyos/ledgerlive/ledger-live-bin/PKGBUILD b/containers/cachyos/ledgerlive/ledger-live-bin/PKGBUILD new file mode 100644 index 0000000..eb2a562 --- /dev/null +++ b/containers/cachyos/ledgerlive/ledger-live-bin/PKGBUILD @@ -0,0 +1,58 @@ +# Maintainer: Serge K +# Contributor: Stephen Argent + +# For Issues, Pull Requests +# https://github.com/phnx47/pkgbuilds + +_pkgbin=ledger-live-desktop +_pkgname=ledger-live +pkgname="${_pkgname}-bin" +pkgdesc='Maintain your Ledger devices' +license=('MIT') +url='https://www.ledger.com/ledger-live' +pkgver=2.69.0 +pkgrel=1 +arch=('x86_64') +depends=('ledger-udev') +options=(!strip) +provides=("${_pkgname}") +conflicts=("${_pkgname}") +_appimg="ledger-live-desktop-${pkgver}-linux-${arch[0]}.AppImage" +source=("${_appimg}::https://download.live.ledger.com/${_appimg}" + "LICENSE::https://raw.githubusercontent.com/LedgerHQ/ledger-live/%40ledgerhq/live-desktop%40${pkgver}/apps/ledger-live-desktop/LICENSE") +sha512sums=('914a783be7f542113362d7ae45d6d27973447e3f2d04771dd3dc8167f69abebb3a2753e8db7cef6584ff94cc2d65876b2e7c57904024e4415688025274240b40' + '915edd51fe7732af57f5a4ca8f4c61c4f435de6357e34ed0733cac8d950d80b3a9e513deac0a3672a07f38ff871a57032a221b3aa27edae8e42cc00586fe3318') + +prepare() { + # Extract files + chmod +x "${_appimg}" + "./${_appimg}" --appimage-extract + + cd squashfs-root + # Correct .desktop + sed -e "s/AppRun --no-sandbox/${_pkgbin}/g" -i "${_pkgbin}.desktop" + sed -e "/X-AppImage-Version/d" -i "${_pkgbin}.desktop" + + # Remove unnecessary files + rm "AppRun" "resources/app-update.yml" +} + +package() { + install -d "${pkgdir}/opt/${_pkgname}" + cp -a "squashfs-root/." "${pkgdir}/opt/${_pkgname}/" + + install -d "${pkgdir}/usr/bin" + ln -s "/opt/${_pkgname}/${_pkgbin}" "${pkgdir}/usr/bin/${_pkgbin}" + + install -d "${pkgdir}/usr/share/applications" + ln -s "/opt/${_pkgname}/${_pkgbin}.desktop" "${pkgdir}/usr/share/applications/${_pkgbin}.desktop" + + for i in 128 256 512 1024; do + install -d "${pkgdir}/usr/share/icons/hicolor/${i}x${i}/apps" + ln -s "/opt/${_pkgname}/usr/share/icons/hicolor/${i}x${i}/apps/${_pkgbin}.png" "${pkgdir}/usr/share/icons/hicolor/${i}x${i}/apps/${_pkgbin}.png" + done + + find "${pkgdir}" -type d -exec chmod 755 {} + + + install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} diff --git a/containers/cachyos/ledgerlive/ledger-udev/.SRCINFO b/containers/cachyos/ledgerlive/ledger-udev/.SRCINFO new file mode 100644 index 0000000..78372e2 --- /dev/null +++ b/containers/cachyos/ledgerlive/ledger-udev/.SRCINFO @@ -0,0 +1,13 @@ +pkgbase = ledger-udev + pkgdesc = Udev rules to connect a ledger wallet to your linux box + pkgver = 1 + pkgrel = 8 + url = https://www.ledgerwallet.com + install = ledger-udev.install + arch = any + license = Apache + depends = udev + source = https://raw.githubusercontent.com/LedgerHQ/udev-rules/master/20-hw1.rules + sha256sums = e6d262beeb5ce40804ad90ce99716617e3fe046afa85a7b8c24e83362b653221 + +pkgname = ledger-udev diff --git a/containers/cachyos/ledgerlive/ledger-udev/PKGBUILD b/containers/cachyos/ledgerlive/ledger-udev/PKGBUILD new file mode 100644 index 0000000..ba6c18b --- /dev/null +++ b/containers/cachyos/ledgerlive/ledger-udev/PKGBUILD @@ -0,0 +1,18 @@ +# Maintainer: Josh Ellithorpe + +pkgname=ledger-udev +pkgver=1 +pkgrel=8 +pkgdesc='Udev rules to connect a ledger wallet to your linux box' +arch=(any) +url='https://www.ledgerwallet.com' +license=(Apache) +depends=(udev) +install='ledger-udev.install' + +source=(https://raw.githubusercontent.com/LedgerHQ/udev-rules/master/20-hw1.rules) +sha256sums=('e6d262beeb5ce40804ad90ce99716617e3fe046afa85a7b8c24e83362b653221') + +package() { + install -Dm 644 20-hw1.rules "$pkgdir"/usr/lib/udev/rules.d/20-hw1.rules +} diff --git a/containers/cachyos/ledgerlive/ledger-udev/ledger-udev.install b/containers/cachyos/ledgerlive/ledger-udev/ledger-udev.install new file mode 100644 index 0000000..66d9139 --- /dev/null +++ b/containers/cachyos/ledgerlive/ledger-udev/ledger-udev.install @@ -0,0 +1,12 @@ +post_install() { + udevadm trigger + udevadm control --reload-rules +} + +post_upgrade() { + post_install +} + +post_remove() { + post_install +} diff --git a/etc/distrobox.ini b/etc/distrobox.ini index cc6ab89..4e52dc4 100644 --- a/etc/distrobox.ini +++ b/etc/distrobox.ini @@ -19,3 +19,14 @@ pull=true root=false replace=false home="~/containers/tradingview" + +[ledgerlive] +image=ghcr.io/andersrh/containers/cachyos/ledgerlive:main +#additional_packages=" " +#export="app tradingview" +init=false +nvidia=true +pull=true +root=false +replace=false +home="~/containers/ledgerlive" diff --git a/usr/bin/update-distroboxes b/usr/bin/update-distroboxes index b5dbfe2..1d51b7f 100755 --- a/usr/bin/update-distroboxes +++ b/usr/bin/update-distroboxes @@ -3,6 +3,7 @@ podman rm -f general-cachyos podman rm -f tradingview podman rm -f general +podman rm -f ledgerlive distrobox assemble create --file /etc/distrobox.ini @@ -10,5 +11,6 @@ podman pull ghcr.io/andersrh/containers/fedora-toolbox/general:main distrobox create -i ghcr.io/andersrh/containers/fedora-toolbox/general:main --nvidia --home ~/containers/general -n general distrobox enter tradingview -- distrobox-export --app tradingview --extra-flags "--enable-features=WaylandWindowDecorations --ozone-platform=wayland" +distrobox enter ledgerlive -- distrobox-export --app ledger-live-desktop --extra-flags "--enable-features=WaylandWindowDecorations --ozone-platform=wayland" distrobox enter general -- distrobox-export --app x2goclient distrobox enter general -- distrobox-export --app qtcreator