From adb5e2c5428efde4157ac6cdb2fb192a07283849 Mon Sep 17 00:00:00 2001 From: Anders Rytter Hansen Date: Sun, 5 Nov 2023 17:37:56 +0100 Subject: [PATCH] fedora containers --- .github/workflows/fedora-toolbox-general.yml | 133 ++++++++++++++++++ .github/workflows/fedora-toolbox.yml | 133 ++++++++++++++++++ containers/fedora-toolbox/base-gui.Dockerfile | 20 +++ containers/fedora-toolbox/build.sh | 5 + containers/fedora-toolbox/general/Dockerfile | 14 ++ containers/fedora-toolbox/general/build.sh | 14 ++ .../fedora-toolbox/ledgerlive/Dockerfile | 9 ++ containers/fedora-toolbox/ledgerlive/build.sh | 15 ++ .../ledgerlive/ledgerlive.desktop | 8 ++ .../fedora-toolbox/ledgerlive/ledgerlive.png | Bin 0 -> 2546 bytes etc/distrobox.ini | 10 ++ usr/bin/update-distroboxes | 2 + 12 files changed, 363 insertions(+) create mode 100644 .github/workflows/fedora-toolbox-general.yml create mode 100644 .github/workflows/fedora-toolbox.yml create mode 100644 containers/fedora-toolbox/base-gui.Dockerfile create mode 100755 containers/fedora-toolbox/build.sh create mode 100644 containers/fedora-toolbox/general/Dockerfile create mode 100755 containers/fedora-toolbox/general/build.sh create mode 100644 containers/fedora-toolbox/ledgerlive/Dockerfile create mode 100755 containers/fedora-toolbox/ledgerlive/build.sh create mode 100644 containers/fedora-toolbox/ledgerlive/ledgerlive.desktop create mode 100644 containers/fedora-toolbox/ledgerlive/ledgerlive.png diff --git a/.github/workflows/fedora-toolbox-general.yml b/.github/workflows/fedora-toolbox-general.yml new file mode 100644 index 0000000..73ffe5c --- /dev/null +++ b/.github/workflows/fedora-toolbox-general.yml @@ -0,0 +1,133 @@ +name: fedora-toolbox-general + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '0 6 * * 6' # 6 am on Saturdays + push: + paths: + - 'containers/fedora-toolbox/general/Dockerfile' + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository_owner }}/containers/fedora-toolbox/general + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Maximize build space + uses: AdityaGarg8/remove-unwanted-software@v1 + with: + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + + - name: Get current date + id: date + run: echo "::set-output name=date::$(date +'%Y%m%d')" + + - name: Test with environment variables + run: echo $DATE + env: + DATE: ${{ steps.date.outputs.date }} + + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 + with: + cosign-release: 'v2.1.1' + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./containers/fedora-toolbox/general/Dockerfile + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}.${{ steps.date.outputs.date }} + oci: false + layers: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + if: github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} diff --git a/.github/workflows/fedora-toolbox.yml b/.github/workflows/fedora-toolbox.yml new file mode 100644 index 0000000..1527670 --- /dev/null +++ b/.github/workflows/fedora-toolbox.yml @@ -0,0 +1,133 @@ +name: fedora-toolbox + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '0 6 * * 5' # 5 am on Saturdays + push: + paths: + - 'containers/fedora-toolbox/base-gui.Dockerfile' + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository_owner }}/containers/fedora-toolbox/base-gui + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Maximize build space + uses: AdityaGarg8/remove-unwanted-software@v1 + with: + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + + - name: Get current date + id: date + run: echo "::set-output name=date::$(date +'%Y%m%d')" + + - name: Test with environment variables + run: echo $DATE + env: + DATE: ${{ steps.date.outputs.date }} + + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 + with: + cosign-release: 'v2.1.1' + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./containers/fedora-toolbox/base-gui.Dockerfile + image: ${{ env.IMAGE_NAME }} + tags: ${{ steps.meta.outputs.tags }} ${{ steps.meta.outputs.tags }}.${{ steps.date.outputs.date }} + oci: false + layers: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + if: github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} diff --git a/containers/fedora-toolbox/base-gui.Dockerfile b/containers/fedora-toolbox/base-gui.Dockerfile new file mode 100644 index 0000000..9a8b704 --- /dev/null +++ b/containers/fedora-toolbox/base-gui.Dockerfile @@ -0,0 +1,20 @@ +FROM registry.fedoraproject.org/fedora-toolbox:39 + +RUN dnf update -y +RUN dnf install -y fish htop nano firejail +RUN dnf install -y libnotify nss +RUN dnf install -y --allowerasing bash bc curl diffutils dnf-plugins-core findutils gnupg2 less lsof ncurses passwd pinentry procps-ng shadow-utils sudo time util-linux wget vte-profile +RUN dnf install -y at-spi2-core gtk3 libXScrnSaver libXtst xdg-utils +RUN dnf install -y libglvnd-gles +RUN dnf install -y mesa-dri-drivers mesa-vulkan-drivers vulkan +RUN dnf install -y libva ibus ibus-gtk3 ibus-libs ibus-m17n ibus-setup libmpc libxkbcommon-x11 libxkbfile m17n-db m17n-lib python3-cairo python3-gobject python3-gobject-base python3-gobject-base-noarch setxkbmap xcb-util xcb-util-image xcb-util-keysyms xcb-util-renderutil xcb-util-wm xhost xmodmap xorg-x11-xinit xrdb cpp +RUN dnf install -y gcr3-base gcr3 gnome-keyring +RUN dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ +&& dnf install -y https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm +RUN dnf install -y libva-intel-driver gstreamer1-plugin-openh264 ffmpeg libva-utils mesa-va-drivers-freeworld libavcodec-freeworld nvidia-vaapi-driver nvidia-persistenced opencl-filesystem +RUN dnf install -y \ + xorg-x11-drv-nvidia{,-cuda,-devel,-kmodsrc} \ + xorg-x11-drv-nvidia-libs.i686 +RUN dnf install -y dbus-glib pciutils-libs +RUN dnf -y install fuse +RUN dnf install -y firefox diff --git a/containers/fedora-toolbox/build.sh b/containers/fedora-toolbox/build.sh new file mode 100755 index 0000000..ec3e748 --- /dev/null +++ b/containers/fedora-toolbox/build.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +podman build -t andersrh/fedora-toolbox/base-gui -f base-gui.Dockerfile . +podman tag localhost/andersrh/fedora-toolbox/base-gui:latest localhost/andersrh/fedora-toolbox/base-gui:39 +# podman build -t andersrh/fedora-toolbox/gui -f gui.Dockerfile . diff --git a/containers/fedora-toolbox/general/Dockerfile b/containers/fedora-toolbox/general/Dockerfile new file mode 100644 index 0000000..cde0f3d --- /dev/null +++ b/containers/fedora-toolbox/general/Dockerfile @@ -0,0 +1,14 @@ +FROM ghcr.io/andersrh/containers/fedora-toolbox/base-gui:main + +WORKDIR /app + +RUN dnf install -y xwininfo yt-dlp neofetch dnstop fedmod flatpak-module-tools fedpkg net-tools x2goclient qt-creator + +COPY bin/* /usr/local/bin/ +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/flatpak +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/podman +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/rpm-ostree +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/nvtop +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/distrobox +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/uksmdstats +RUN ln -s /usr/bin/distrobox-host-exec /usr/local/bin/kerver diff --git a/containers/fedora-toolbox/general/build.sh b/containers/fedora-toolbox/general/build.sh new file mode 100755 index 0000000..c2c04f4 --- /dev/null +++ b/containers/fedora-toolbox/general/build.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +APPNAME="general" + +podman build -t andersrh/fedora-toolbox/$APPNAME -f fedora.Dockerfile . +#toolbox create --image andersrh/fedora-toolbox/$APPNAME $APPNAME +distrobox create --image andersrh/fedora-toolbox/$APPNAME --home ~/containers/$APPNAME/ $APPNAME +distrobox create --image andersrh/fedora-toolbox/$APPNAME --init --home ~/containers/$APPNAME/ $APPNAME-systemd + +distrobox enter $APPNAME -- distrobox-export --app x2goclient +distrobox enter $APPNAME -- distrobox-export --app qtcreator + +distrobox create --image andersrh/fedora-toolbox/$APPNAME $APPNAME-defaulthome +distrobox enter $APPNAME-defaulthome -- distrobox-export --app gnome-tweaks diff --git a/containers/fedora-toolbox/ledgerlive/Dockerfile b/containers/fedora-toolbox/ledgerlive/Dockerfile new file mode 100644 index 0000000..54f8ec5 --- /dev/null +++ b/containers/fedora-toolbox/ledgerlive/Dockerfile @@ -0,0 +1,9 @@ +FROM ghcr.io/andersrh/containers/fedora-toolbox/base-gui:main + +WORKDIR /app + +RUN wget https://download.live.ledger.com/latest/linux -O ledgerlive \ +&& chmod +x ledgerlive +COPY ledgerlive.desktop /usr/share/applications/ +COPY ledgerlive.png /usr/share/icons/ +RUN ln -s /app/ledgerlive /usr/bin/ledgerlive diff --git a/containers/fedora-toolbox/ledgerlive/build.sh b/containers/fedora-toolbox/ledgerlive/build.sh new file mode 100755 index 0000000..2b095fc --- /dev/null +++ b/containers/fedora-toolbox/ledgerlive/build.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +APPNAME="ledgerlive" + +podman build -t andersrh/fedora-toolbox/$APPNAME -f Dockerfile . +podman rm -f $APPNAME +distrobox create --image andersrh/fedora-toolbox/$APPNAME --home ~/containers/$APPNAME/ $APPNAME +distrobox enter $APPNAME -- distrobox-export --bin /app/$APPNAME --export-path ~/.local/bin --extra-flags "--enable-features=WaylandWindowDecorations --ozone-platform=wayland" + +podman rm -f $APPNAME + +podman create --hostname "ledgerlive.anders-fedora" --ipc host --name "ledgerlive" --network host --privileged --security-opt label=disable --user root:root --pid host --label "manager=distrobox" --env "SHELL=/bin/bash" --env "HOME=/var/home/anders" --volume /:/run/host:rslave --volume /dev:/dev:rslave --volume /sys:/sys:rslave --volume /tmp:/tmp:rslave --volume "/usr/bin/distrobox-init":/usr/bin/entrypoint:ro --volume "/usr/bin/distrobox-export":/usr/bin/distrobox-export:ro --volume "/usr/bin/distrobox-host-exec":/usr/bin/distrobox-host-exec:ro --volume "/var/home/anders/containers/$APPNAME":"/var/home/anders":rslave --volume /sys/fs/selinux --volume /var/log/journal --volume /run/user/1000:/run/user/1000:rslave --volume /etc/hosts:/etc/hosts:ro --volume /etc/localtime:/etc/localtime:ro --volume /etc/resolv.conf:/etc/resolv.conf:ro --ulimit host --annotation run.oci.keep_original_groups=1 --mount type=devpts,destination=/dev/pts --userns keep-id --entrypoint /usr/bin/entrypoint andersrh/fedora-toolbox/ledgerlive -v --name "anders" --user 1000 --group 1000 --home "/var/home/anders" --init "0" --pre-init-hooks "" -- '' + +cp ledgerlive.png ~/.local/share/icons/ +cp ledgerlive.desktop ~/.local/share/applications/ diff --git a/containers/fedora-toolbox/ledgerlive/ledgerlive.desktop b/containers/fedora-toolbox/ledgerlive/ledgerlive.desktop new file mode 100644 index 0000000..e5e6ea6 --- /dev/null +++ b/containers/fedora-toolbox/ledgerlive/ledgerlive.desktop @@ -0,0 +1,8 @@ +[Desktop Entry] +Type = Application +Version = 1.0 +Name = Ledger Live +Comment = Ledger Live +Icon = ledgerlive +Exec = ledgerlive --enable-features=WaylandWindowDecorations --ozone-platform=wayland +Terminal = false \ No newline at end of file diff --git a/containers/fedora-toolbox/ledgerlive/ledgerlive.png b/containers/fedora-toolbox/ledgerlive/ledgerlive.png new file mode 100644 index 0000000000000000000000000000000000000000..96341da37f4614647992393952f4297673ae3526 GIT binary patch literal 2546 zcmeAS@N?(olHy`uVBq!ia0y~yU;;9k7&zE~)R&4Yzkn2Hfk$L90|U1(2s1Lwnj--e zWGoJHcVbv~PUa<$!;&U>cv7h@-A}dfsyQhm|NCo5Dn+JWhBSl;dXOWMJSB8dZQl9JU=^9-}wC@%y*mf9LouPqaO~>CDFp znTq_)H+kfr^HV((GpuW@`}_MpfB9na$LIOy%82W)&G+u!EnT;4_3G6>e}8}f;cv{F z$G^F@Z{KeJN_xi3zxU(rZ(09g^1g%RbAagzzh8!Tq%U~;L38=#%xmBN{IOx!fAsb2 zZ=(6C^EX%C1ZD;ib=sx%+l*nQ7BXquZ=andCog}WZG#vigZA#7J7=awrsXm*L`)vx z@iIKhoCRl3>oKo+R$+5)lg{R4pMU<@w(9arlk3;7Gp|XvKCpfJ?YH-UF;CrOmSKHh zm7JU$Flq6=ww!;Sc}@1`O{Wb0EK%w-=X|ngWaD!{+M0s z_W8W+vkyNs_~WxaU+Vt(XQ|U49@Z0|-~a#C`|rh8bKAb^oHjcCxbVT=vuVaPG$^<; lAPME)Xths;=Fb=XwF@2`kyhim4Q!$@c)I$ztaD0e0s#2XuHgUx literal 0 HcmV?d00001 diff --git a/etc/distrobox.ini b/etc/distrobox.ini index cc6ab89..a058d7b 100644 --- a/etc/distrobox.ini +++ b/etc/distrobox.ini @@ -9,6 +9,16 @@ root=false replace=false home="~/containers/general" +[general] +image=ghcr.io/andersrh/containers/fedora-toolbox/general:main +#additional_packages=" " +init=false +nvidia=true +pull=true +root=false +replace=false +home="~/containers/general" + [tradingview] image=ghcr.io/andersrh/containers/cachyos/tradingview:main #additional_packages=" " diff --git a/usr/bin/update-distroboxes b/usr/bin/update-distroboxes index 6e8339d..3cc791d 100755 --- a/usr/bin/update-distroboxes +++ b/usr/bin/update-distroboxes @@ -6,3 +6,5 @@ podman rm -f tradingview distrobox assemble create --file /etc/distrobox.ini distrobox enter tradingview -- distrobox-export --app tradingview --extra-flags "--enable-features=WaylandWindowDecorations --ozone-platform=wayland" +distrobox enter general -- distrobox-export --app x2goclient +distrobox enter general -- distrobox-export --app qtcreator