Merge pull request #9 from ublue-os/main

[pull] main from ublue-os:main

.github/workflows/build.yml

@@ -70,7 +70,7 @@ jobs:
             is_latest_version: true
             is_stable_version: true
             kernel_flavor: bazzite # must match a kernel_flavor from akmods repo
-            kernel_version: 6.11.6-303.bazzite.fc41.x86_64 # must match a cached version of the above flavor
+            kernel_version: 6.11.8-305.bazzite.fc41.x86_64 # must match a cached version of the above flavor
         exclude:
           - base_name: bazzite
             target_nvidia_flavor: nvidia
@@ -172,7 +172,7 @@ jobs:
             sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods-${{ matrix.target_nvidia_flavor }}:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}-${{ matrix.kernel_version }}
 
             # Add rechunk as well to remove this source of failure
-            sudo podman pull ghcr.io/hhd-dev/rechunk:v0.8.3
+            sudo podman pull ghcr.io/hhd-dev/rechunk:v1.0.1
 
       - name: Get source versions
         id: labels
@@ -268,16 +268,35 @@ jobs:
           echo "Generated the following:"
           cat $GITHUB_OUTPUT
 
+      - name: Check Secureboot
+        shell: bash
+        run: |
+          set -x
+          if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then
+            sudo apt update
+            sudo apt install sbsigntool curl openssl
+          fi
+          TMP=$(sudo podman create raw-img bash)
+          sudo podman cp $TMP:/usr/lib/modules/${{ matrix.kernel_version }}/vmlinuz .
+          sudo podman rm $TMP
+          sudo chmod 666 vmlinuz # might not be needed
+          sbverify --list vmlinuz
+          curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der
+          curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der
+          openssl x509 -in kernel-sign.der -out kernel-sign.crt
+          openssl x509 -in akmods.der -out akmods.crt
+          sbverify --cert kernel-sign.crt vmlinuz || exit 1
+          sbverify --cert akmods.crt vmlinuz || exit 1
+
       # Reprocess raw-img using rechunker which will delete it
       - name: Run Rechunker
         id: rechunk
         uses: hhd-dev/rechunk@v1.0.1
         with:
-          rechunk: 'ghcr.io/hhd-dev/rechunk:v0.8.3'
+          rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1'
           ref: 'raw-img'
           prev-ref: '${{ steps.generate-prev-ref.outputs.ref }}'
           version: '${{ steps.generate-version.outputs.tag }}'
-          skip_compression: 1
           labels: |
             io.artifacthub.package.logo-url=https://raw.githubusercontent.com/ublue-os/bazzite/main/repo_content/logo.png
             io.artifacthub.package.readme-url=https://docs.bazzite.gg
@@ -352,36 +371,6 @@ jobs:
           done
           echo "alias_tags=${BUILD_TAGS[*]}" >> $GITHUB_OUTPUT
 
-      # Pull oci-dir image, remove oci dir to make space, and then tag appropriately
-      - name: Load in podman and tag
-        run: |
-          IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
-          sudo rm -rf ${{ steps.rechunk.outputs.output }}
-          for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
-            podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
-          done
-          # keep for secureboot check
-          podman tag $IMAGE rechunked-img
-
-      - name: Check Secureboot
-        shell: bash
-        run: |
-          set -x
-          if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then
-            sudo apt update
-            sudo apt install sbsigntool curl openssl
-          fi
-          TMP=$(podman create rechunked-img bash)
-          podman cp $TMP:/usr/lib/modules/${{ matrix.kernel_version }}/vmlinuz .
-          podman rm $TMP
-          sbverify --list vmlinuz
-          curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der
-          curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der
-          openssl x509 -in kernel-sign.der -out kernel-sign.crt
-          openssl x509 -in akmods.der -out akmods.crt
-          sbverify --cert kernel-sign.crt vmlinuz || exit 1
-          sbverify --cert akmods.crt vmlinuz || exit 1
-
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
       - name: Lowercase Registry
@@ -395,21 +384,22 @@ jobs:
         uses: Wandalen/wretry.action@v3.7.2
         id: push
         if: github.event_name != 'pull_request'
-        env:
-          REGISTRY_USER: ${{ github.actor }}
-          REGISTRY_PASSWORD: ${{ github.token }}
         with:
-          action: redhat-actions/push-to-registry@v2
           attempt_limit: 3
           attempt_delay: 15000
-          with: |
-            image: ${{ env.IMAGE_NAME }}
-            tags: ${{ steps.generate-tags.outputs.alias_tags }}
-            registry: ${{ steps.registry_case.outputs.lowercase }}
-            username: ${{ env.REGISTRY_USER }}
-            password: ${{ env.REGISTRY_PASSWORD }}
-            extra-args: |
-              --compression-format=zstd:chunked
+          command: |
+            echo "${{ secrets.GITHUB_TOKEN }}" | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin
+            for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
+              sudo skopeo copy ${{ steps.rechunk.outputs.ref }} docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:$tag
+            done
+
+      - name: Get Image Digest
+        id: digest
+        run: |
+          # Get digest for signing
+          DIGEST=$(sudo skopeo inspect --format '{{.Digest}}' ${{ steps.rechunk.outputs.ref }})
+          echo "Digest is: $DIGEST"
+          echo "digest=${DIGEST}" >> $GITHUB_OUTPUT
 
       - name: Sign container image
         uses: EyeCantCU/cosign-action/sign@v0.3.0
@@ -418,12 +408,7 @@ jobs:
           containers: ${{ env.IMAGE_NAME }}
           registry-token: ${{ secrets.GITHUB_TOKEN }}
           signing-secret: ${{ secrets.SIGNING_SECRET }}
-          tags: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
-
-      - name: Echo outputs
-        if: github.event_name != 'pull_request'
-        run: |
-          echo "${{ toJSON(steps.push.outputs) }}"
+          tags: ${{ steps.digest.outputs.digest }}
 
   generate_release:
     name: Generate Release

.github/workflows/build_iso.yml

@@ -35,7 +35,7 @@ jobs:
           - bazzite-gnome-asus-nvidia
           - bazzite-asus-nvidia-open
           - bazzite-gnome-asus-nvidia-open
-        major_version: [40]
+        major_version: [41]
     steps:
 
       - name: Free Disk Space (Ubuntu)

.github/workflows/changelog.py

@@ -131,17 +131,24 @@ def get_manifests(target: str):
 def get_tags(target: str, manifests: dict[str, Any]):
     tags = set()
 
+    # Select random manifest to get reference tags from
+    first = next(iter(manifests.values()))
+    for tag in first["RepoTags"]:
+        # Tags ending with .0 should not exist
+        if tag.endswith(".0"):
+            continue
+        if target != "stable":
+            if re.match(OTHER_START_PATTERN(target), tag):
+                tags.add(tag)
+        else:
+            if re.match(STABLE_START_PATTERN, tag):
+                tags.add(tag)
+
+    # Remove tags not present in all images
     for manifest in manifests.values():
-        for tag in manifest["RepoTags"]:
-            # Tags ending with .0 should not exist
-            if tag.endswith(".0"):
-                continue
-            if target != "stable":
-                if re.match(OTHER_START_PATTERN(target), tag):
-                    tags.add(tag)
-            else:
-                if re.match(STABLE_START_PATTERN, tag):
-                    tags.add(tag)
+        for tag in list(tags):
+            if tag not in manifest["RepoTags"]:
+                tags.remove(tag)
 
     tags = list(sorted(tags))
     assert len(tags) > 2, "No current and previous tags found"

Containerfile

@@ -326,9 +326,24 @@ RUN --mount=type=cache,dst=/var/cache/rpm-ostree \
     /usr/libexec/containerbuild/cleanup.sh && \
     ostree container commit
 
-# Install Valve's patched Mesa, Pipewire, Bluez, and Xwayland
+# Install Valve's patched Mesa, Pipewire, Bluez, and Xwayland#
 # Install patched switcheroo control with proper discrete GPU support
+# Tempporary fix for GPU Encoding
 RUN --mount=type=cache,dst=/var/cache/rpm-ostree \
+    rpm-ostree install \
+        mesa-dri-drivers.i686 && \
+    mkdir -p /tmp/mesa-fix64/dri && \
+    cp /usr/lib64/libgallium-*.so /tmp/mesa-fix64/ && \
+    cp /usr/lib64/dri/kms_swrast_dri.so /tmp/mesa-fix64/dri/ && \
+    cp /usr/lib64/dri/libdril_dri.so /tmp/mesa-fix64/dri/ && \
+    cp /usr/lib64/dri/swrast_dri.so /tmp/mesa-fix64/dri/ && \
+    cp /usr/lib64/dri/virtio_gpu_dri.so /tmp/mesa-fix64/dri/ && \
+    mkdir -p /tmp/mesa-fix32/dri && \
+    cp /usr/lib/libgallium-*.so /tmp/mesa-fix32/ && \
+    cp /usr/lib/dri/kms_swrast_dri.so /tmp/mesa-fix32/dri/ && \
+    cp /usr/lib/dri/libdril_dri.so /tmp/mesa-fix32/dri/ && \
+    cp /usr/lib/dri/swrast_dri.so /tmp/mesa-fix32/dri/ && \
+    cp /usr/lib/dri/virtio_gpu_dri.so /tmp/mesa-fix32/dri/ && \
     rpm-ostree override replace \
     --experimental \
     --from repo=copr:copr.fedorainfracloud.org:kylegospo:bazzite-multilib \
@@ -353,6 +368,10 @@ RUN --mount=type=cache,dst=/var/cache/rpm-ostree \
         bluez-cups \
         bluez-libs \
         xorg-x11-server-Xwayland && \
+    rsync -a /tmp/mesa-fix64/ /usr/lib64/ && \
+    rsync -a /tmp/mesa-fix32/ /usr/lib/ && \
+    rm -rf /tmp/mesa-fix64 && \
+    rm -rf /tmp/mesa-fix32 && \
     sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/rpmfusion-*.repo && \
     rpm-ostree install \
         libaacs \
@@ -677,6 +696,7 @@ RUN rm -f /etc/profile.d/toolbox.sh && \
     echo "import \"/usr/share/ublue-os/just/83-bazzite-audio.just\"" >> /usr/share/ublue-os/justfile && \
     echo "import \"/usr/share/ublue-os/just/84-bazzite-virt.just\"" >> /usr/share/ublue-os/justfile && \
     echo "import \"/usr/share/ublue-os/just/85-bazzite-image.just\"" >> /usr/share/ublue-os/justfile && \
+    echo "import \"/usr/share/ublue-os/just/86-bazzite-windows.just\"" >> /usr/share/ublue-os/justfile && \
     echo "import \"/usr/share/ublue-os/just/90-bazzite-de.just\"" >> /usr/share/ublue-os/justfile && \
     if grep -q "kinoite" <<< "${BASE_IMAGE_NAME}"; then \
       mkdir -p "/usr/share/ublue-os/dconfs/desktop-kinoite/" && \
@@ -737,6 +757,7 @@ RUN rm -f /etc/profile.d/toolbox.sh && \
     systemctl enable ublue-update.timer && \
     systemctl enable incus-workaround.service && \
     systemctl enable bazzite-hardware-setup.service && \
+    systemctl enable usr-share-sddm-themes.mount && \
     systemctl disable tailscaled.service && \
     systemctl enable dev-hugepages1G.mount && \
     systemctl enable bazzite-snapper-setup && \

spec_files/gamescope/gamescope-legacy.spec

@@ -5,7 +5,7 @@
 
 Name:           gamescope-legacy
 Version:        3.14.2
-Release:        4.bazzite
+Release:        5.bazzite
 Summary:        Legacy builds of gamescope, a micro-compositor for video games on Wayland
 
 License:        BSD

spec_files/gamescope/gamescope.spec

@@ -6,7 +6,7 @@
 
 Name:           gamescope
 Version:        100.%{gamescope_tag}
-Release:        11.bazzite
+Release:        14.bazzite
 Summary:        Micro-compositor for video games on Wayland
 
 License:        BSD
@@ -99,6 +99,7 @@ Summary:	libs for %{name}
 # git clone --depth 1 --branch %%{gamescope_tag} %%{url}.git
 git clone --depth 1 --branch master %{url}.git
 cd gamescope
+git checkout 7dd1bcd9102a17e039970ccd9a324a9fe8365d6d
 git submodule update --init --recursive
 mkdir -p pkgconfig
 cp %{SOURCE0} pkgconfig/stb.pc