fedora containers

.github/workflows/fedora-toolbox-general.yml

@@ -0,0 +1,133 @@
+name: fedora-toolbox-general
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '0 6 * * 6'  # 6 am on Saturdays
+  push:
+    paths:
+        - 'containers/fedora-toolbox/general/Dockerfile'
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository_owner }}/containers/fedora-toolbox/general
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: AdityaGarg8/remove-unwanted-software@v1
+        with:
+          remove-dotnet: 'true'
+          remove-android: 'true'
+          remove-haskell: 'true'
+
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y%m%d')"
+
+      - name: Test with environment variables
+        run: echo $DATE
+        env:
+          DATE: ${{ steps.date.outputs.date }}
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          containerfiles: |
+            ./containers/fedora-toolbox/general/Dockerfile
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}.${{ steps.date.outputs.date }}
+          oci: false
+          layers: false
+
+      # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
+      # https://github.com/macbre/push-to-ghcr/issues/12
+      - name: Lowercase Registry
+        id: registry_case
+        uses: ASzc/change-string-case-action@v5
+        with:
+          string: ${{ env.IMAGE_REGISTRY }}
+
+      # Push the image to GHCR (Image Registry)
+      - name: Push To GHCR
+        uses: redhat-actions/push-to-registry@v2
+        id: push
+        if: github.event_name != 'pull_request'
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ github.token }}
+        with:
+          image: ${{ steps.build_image.outputs.image }}
+          tags: ${{ steps.build_image.outputs.tags }}
+          registry: ${{ steps.registry_case.outputs.lowercase }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          extra-args: |
+            --disable-content-trust
+
+
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.github/workflows/fedora-toolbox.yml

@@ -0,0 +1,133 @@
+name: fedora-toolbox
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '0 6 * * 5'  # 5 am on Saturdays
+  push:
+    paths:
+        - 'containers/fedora-toolbox/base-gui.Dockerfile'
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository_owner }}/containers/fedora-toolbox/base-gui
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: AdityaGarg8/remove-unwanted-software@v1
+        with:
+          remove-dotnet: 'true'
+          remove-android: 'true'
+          remove-haskell: 'true'
+
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y%m%d')"
+
+      - name: Test with environment variables
+        run: echo $DATE
+        env:
+          DATE: ${{ steps.date.outputs.date }}
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          containerfiles: |
+            ./containers/fedora-toolbox/base-gui.Dockerfile
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}.${{ steps.date.outputs.date }}
+          oci: false
+          layers: false
+
+      # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
+      # https://github.com/macbre/push-to-ghcr/issues/12
+      - name: Lowercase Registry
+        id: registry_case
+        uses: ASzc/change-string-case-action@v5
+        with:
+          string: ${{ env.IMAGE_REGISTRY }}
+
+      # Push the image to GHCR (Image Registry)
+      - name: Push To GHCR
+        uses: redhat-actions/push-to-registry@v2
+        id: push
+        if: github.event_name != 'pull_request'
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ github.token }}
+        with:
+          image: ${{ steps.build_image.outputs.image }}
+          tags: ${{ steps.build_image.outputs.tags }}
+          registry: ${{ steps.registry_case.outputs.lowercase }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          extra-args: |
+            --disable-content-trust
+
+
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

containers/fedora-toolbox/base-gui.Dockerfile

@@ -0,0 +1,20 @@
+FROM registry.fedoraproject.org/fedora-toolbox:39
+
+RUN dnf update -y
+RUN dnf install -y fish htop nano firejail
+RUN dnf install -y libnotify nss
+RUN dnf install -y --allowerasing bash bc curl diffutils dnf-plugins-core findutils gnupg2 less lsof ncurses passwd pinentry procps-ng shadow-utils sudo time util-linux wget vte-profile
+RUN dnf install -y at-spi2-core gtk3 libXScrnSaver libXtst xdg-utils
+RUN dnf install -y libglvnd-gles
+RUN dnf install -y mesa-dri-drivers mesa-vulkan-drivers vulkan
+RUN dnf install -y libva ibus ibus-gtk3 ibus-libs ibus-m17n ibus-setup libmpc libxkbcommon-x11 libxkbfile m17n-db m17n-lib python3-cairo python3-gobject python3-gobject-base python3-gobject-base-noarch setxkbmap xcb-util xcb-util-image xcb-util-keysyms xcb-util-renderutil xcb-util-wm xhost xmodmap xorg-x11-xinit xrdb cpp
+RUN dnf install -y gcr3-base gcr3 gnome-keyring
+RUN dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+&& dnf install -y https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
+RUN dnf install -y libva-intel-driver gstreamer1-plugin-openh264 ffmpeg libva-utils mesa-va-drivers-freeworld libavcodec-freeworld nvidia-vaapi-driver nvidia-persistenced opencl-filesystem
+RUN dnf install -y \
+    xorg-x11-drv-nvidia{,-cuda,-devel,-kmodsrc} \
+    xorg-x11-drv-nvidia-libs.i686
+RUN dnf install -y dbus-glib pciutils-libs
+RUN dnf -y install fuse
+RUN dnf install -y firefox

containers/fedora-toolbox/build.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+podman build -t andersrh/fedora-toolbox/base-gui -f base-gui.Dockerfile .
+podman tag localhost/andersrh/fedora-toolbox/base-gui:latest localhost/andersrh/fedora-toolbox/base-gui:39
+# podman build -t andersrh/fedora-toolbox/gui -f gui.Dockerfile .

containers/fedora-toolbox/general/Dockerfile

@@ -0,0 +1,14 @@
+FROM ghcr.io/andersrh/containers/fedora-toolbox/base-gui:main
+
+WORKDIR /app
+
+RUN dnf install -y xwininfo yt-dlp neofetch dnstop fedmod flatpak-module-tools fedpkg net-tools x2goclient qt-creator
+
+COPY bin/* /usr/local/bin/
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/flatpak
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/podman
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/rpm-ostree
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/nvtop
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/distrobox
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/uksmdstats
+RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/kerver

containers/fedora-toolbox/general/build.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+APPNAME="general"
+
+podman build -t andersrh/fedora-toolbox/$APPNAME -f fedora.Dockerfile .
+#toolbox create --image andersrh/fedora-toolbox/$APPNAME $APPNAME
+distrobox create --image andersrh/fedora-toolbox/$APPNAME --home ~/containers/$APPNAME/ $APPNAME
+distrobox create --image andersrh/fedora-toolbox/$APPNAME --init --home ~/containers/$APPNAME/ $APPNAME-systemd
+
+distrobox enter $APPNAME -- distrobox-export --app x2goclient
+distrobox enter $APPNAME -- distrobox-export --app qtcreator
+
+distrobox create --image andersrh/fedora-toolbox/$APPNAME $APPNAME-defaulthome
+distrobox enter $APPNAME-defaulthome -- distrobox-export --app gnome-tweaks

containers/fedora-toolbox/ledgerlive/Dockerfile

@@ -0,0 +1,9 @@
+FROM ghcr.io/andersrh/containers/fedora-toolbox/base-gui:main
+
+WORKDIR /app
+
+RUN wget https://download.live.ledger.com/latest/linux -O ledgerlive \
+&& chmod +x ledgerlive
+COPY ledgerlive.desktop /usr/share/applications/
+COPY ledgerlive.png /usr/share/icons/
+RUN ln -s /app/ledgerlive /usr/bin/ledgerlive

containers/fedora-toolbox/ledgerlive/build.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+APPNAME="ledgerlive"
+
+podman build -t andersrh/fedora-toolbox/$APPNAME -f Dockerfile .
+podman rm -f $APPNAME
+distrobox create --image andersrh/fedora-toolbox/$APPNAME --home ~/containers/$APPNAME/ $APPNAME
+distrobox enter $APPNAME -- distrobox-export --bin /app/$APPNAME --export-path ~/.local/bin --extra-flags "--enable-features=WaylandWindowDecorations --ozone-platform=wayland"
+
+podman rm -f $APPNAME
+
+podman create --hostname "ledgerlive.anders-fedora" --ipc host --name "ledgerlive" --network host --privileged --security-opt label=disable --user root:root --pid host --label "manager=distrobox" --env "SHELL=/bin/bash" --env "HOME=/var/home/anders" --volume /:/run/host:rslave --volume /dev:/dev:rslave --volume /sys:/sys:rslave --volume /tmp:/tmp:rslave --volume "/usr/bin/distrobox-init":/usr/bin/entrypoint:ro --volume "/usr/bin/distrobox-export":/usr/bin/distrobox-export:ro --volume "/usr/bin/distrobox-host-exec":/usr/bin/distrobox-host-exec:ro --volume "/var/home/anders/containers/$APPNAME":"/var/home/anders":rslave --volume /sys/fs/selinux --volume /var/log/journal --volume /run/user/1000:/run/user/1000:rslave --volume /etc/hosts:/etc/hosts:ro --volume /etc/localtime:/etc/localtime:ro --volume /etc/resolv.conf:/etc/resolv.conf:ro --ulimit host --annotation run.oci.keep_original_groups=1 --mount type=devpts,destination=/dev/pts --userns keep-id --entrypoint /usr/bin/entrypoint andersrh/fedora-toolbox/ledgerlive -v --name "anders" --user 1000 --group 1000 --home "/var/home/anders" --init "0" --pre-init-hooks "" -- ''
+
+cp ledgerlive.png ~/.local/share/icons/
+cp ledgerlive.desktop ~/.local/share/applications/

containers/fedora-toolbox/ledgerlive/ledgerlive.desktop

@@ -0,0 +1,8 @@
+[Desktop Entry]
+Type = Application
+Version = 1.0
+Name = Ledger Live
+Comment = Ledger Live
+Icon = ledgerlive
+Exec = ledgerlive --enable-features=WaylandWindowDecorations --ozone-platform=wayland
+Terminal = false

etc/distrobox.ini

@@ -9,6 +9,16 @@ root=false
 replace=false
 home="~/containers/general"
 
+[general]
+image=ghcr.io/andersrh/containers/fedora-toolbox/general:main
+#additional_packages=" "
+init=false
+nvidia=true
+pull=true
+root=false
+replace=false
+home="~/containers/general"
+
 [tradingview]
 image=ghcr.io/andersrh/containers/cachyos/tradingview:main
 #additional_packages=" "

usr/bin/update-distroboxes

@@ -6,3 +6,5 @@ podman rm -f tradingview
 distrobox assemble create --file /etc/distrobox.ini
 
 distrobox enter tradingview -- distrobox-export --app tradingview --extra-flags "--enable-features=WaylandWindowDecorations --ozone-platform=wayland"
+distrobox enter general -- distrobox-export --app x2goclient
+distrobox enter general -- distrobox-export --app qtcreator