From 521028801517a92ffdbf4911ca9d6db67e8de7d3 Mon Sep 17 00:00:00 2001
From: Philip J Freeman <elektron@halo.nu>
Date: Fri, 22 Jul 2005 01:13:13 -0700
Subject: add a gui; initial dev release

---
 .gitignore                                 |  1 -
 Makefile                                   |  9 ++++++--
 README.md                                  |  9 ++++++--
 build-os                                   |  6 ++++-
 commit-os                                  | 11 +++++++--
 config                                     | 14 ++++++++----
 generate-usb-img                           | 22 +++++++++++-------
 hooks/build-os-post/40-ostree-demo-scripts |  1 +
 hooks/build-os-post/90-ostree-path-mangles |  6 ++---
 hooks/build-os/10-apt                      | 10 ++++-----
 hooks/build-os/30-packages                 |  9 +++++++-
 hooks/build-os/50-network                  | 12 +++++-----
 hooks/build-os/70-system-config            | 36 +++++++++++++++++++++++++++---
 hooks/build-os/80-firstboot-repart-growfs  |  4 ++--
 publish-repo                               | 15 +++++++++----
 sync-images                                |  7 ++++++
 16 files changed, 126 insertions(+), 46 deletions(-)
 create mode 100755 sync-images

diff --git a/.gitignore b/.gitignore
index cfaf143..6a31b20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,4 @@
 repo/
 build-repo/
 roots/
-delta-update-file
 halo-*-usb-*
diff --git a/Makefile b/Makefile
index d024955..18c8795 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,17 @@
 scripts := build-os commit-os publish-repo generate-usb-img sync-repo
 hooks := hooks/build-os/* hooks/build-os-post/*
 
+all:
+	sudo ./build-os
+	sudo ./commit-os
+	./publish-repo
+
 check: $(scripts)
 	shellcheck -x $(scripts)
 	shellcheck -x $(hooks)
 
 clean:
-	rm -rf build-repo halo-*-usb-*
+	sudo rm -rf roots build-repo
 
 distclean: clean
-	rm -rf roots repo
+	rm -rf repo
diff --git a/README.md b/README.md
index 3b63f19..f1ee9ef 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# ostree-demo
+# halo-os
 
 ## Intro
 
@@ -27,7 +27,7 @@ filesystem for you.
 
 ### Login
 
-Login as `root` with the password `guest`
+Login as `trent` with the password `reznor`
 
 ### Connect to the internet
 
@@ -50,3 +50,8 @@ Check for and apply system updates from public ostree repo, hosted at
     $ ./publish-repo           # migrate the content to an archive repo
     $ sudo ./generate-usb-img  # build a bootable usb image file
     $ ./sync-repo              # sync the archive repo up to a webserver
+
+# Notes and References
+
+<https://fedoramagazine.org/building-your-own-atomic-bootc-desktop/>
+<https://systemd.io/HOME_DIRECTORY/>
diff --git a/build-os b/build-os
index 17f41bb..01cfaee 100755
--- a/build-os
+++ b/build-os
@@ -22,7 +22,7 @@ function on_exit(){
 }
 trap on_exit EXIT
 
-root="${roots:?}"/"$version"
+root="${roots:?}"/"${branch:?}"/"$version"
 
 mkdir -p "$root"
 
@@ -42,6 +42,10 @@ export osversion
 export osdesc
 export branch
 export remote
+export build
+export buildenv
+export arch
+
 
 run-parts --exit-on-error -- hooks/build-os
 
diff --git a/commit-os b/commit-os
index 5e16a06..3648285 100755
--- a/commit-os
+++ b/commit-os
@@ -2,9 +2,14 @@
 set -o pipefail
 
 . config
+. sh-lib
 
-version="$(find "$roots" -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)"
-root="$roots"/"$version"
+# Check for dependencies:
+package_deps ostree
+
+#TODO: Maybe this script should take branch and version as arguments?
+version="$(cd "${roots:?}"/"${branch:?}"; find ./ -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)"
+root="${roots:?}"/"${branch:?}"/"$version"
 
 if [ ! -d "$root" ]; then
 	echo "Error: root dir not found: $root" >&2
@@ -13,6 +18,8 @@ fi
 
 [ -d "$build_repo" ] && rm -rf "$build_repo"
 
+mkdir -p "$build_repo"
+
 ostree --repo="$build_repo" init --mode=archive
 
 ostree --repo="$build_repo" commit -b "$branch" --tree=dir="$root"
diff --git a/config b/config
index ca263c7..0164380 100644
--- a/config
+++ b/config
@@ -3,16 +3,22 @@ osversion=01
 osdesc="Down In It"
 codename=trixie
 
-branch="$osname"/"$osversion"/x86_64/buildmain/standard
+build=main
+buildenv=dev
+arch="x86_64"
+
+branch="$osname"/"$osversion"/"$build"/"$buildenv"/"$arch"
 
 # local dirs
 roots=roots
-build_repo=build-repo
-repo=repo
+build_repo=build-repo/"$osversion"
+repo=repo/"$osversion"
+images=images
 
 # remote
-remote=repo-dev
+remote="$osname"-"$osversion"
 remote_url="https://os.halo.nu/$remote"
 
 # publish-repo
 publish_remote_repo="ph1l@os.halo.nu:/var/www/os.halo.nu/$remote"
+publish_images="ph1l@os.halo.nu:/var/www/os.halo.nu/images"
diff --git a/generate-usb-img b/generate-usb-img
index 68cf2f7..e219ed4 100755
--- a/generate-usb-img
+++ b/generate-usb-img
@@ -8,16 +8,18 @@ set -o pipefail
 sysroot=/tmp/$$.ostree_usb
 
 version=$(date +%Y%m%d.%H%M%S)
-image="./$osname-$osversion-usb-$version.img"
+image="$osname-$osversion-$build-$buildenv-$arch-usb-$version.img"
 seek_sectors=$(( (8 *1024 *1024 *2) +33 -1 ))
 
 # Check for dependencies:
-package_deps dosfstools ostree parted udev
+package_deps bmaptool dosfstools ostree parted udev xz-utils zerofree
 
-[ -f "$image" ] && rm "$image"
+[ ! -d "${images:?}" ] && mkdir -p "${images:?}"
 
-dd if=/dev/zero of="$image" seek="$seek_sectors" count=1 bs=512
-loopdev=$(losetup -f --show "$image")
+[ -f ${images:?}/"$image" ] && rm ${images:?}/"$image"
+
+dd if=/dev/zero of=${images:?}/"$image" seek="$seek_sectors" count=1 bs=512
+loopdev=$(losetup -f --show ${images:?}/"$image")
 
 function cleanup(){
 	set +e
@@ -36,8 +38,10 @@ function cleanup(){
 	done
 	rmdir "$sysroot"
 	partx -d "$loopdev"p1
+	zerofree -v "$loopdev"p2
 	partx -d "$loopdev"p2
 	losetup -d "$loopdev"
+	set -e
 }
 trap cleanup EXIT
 
@@ -73,7 +77,7 @@ chattr -i "$deployroot"
 touch "$deployroot"/image
 chattr +i "$deployroot"
 
-mount --bind "$image" "$deployroot"/image
+mount --bind ${images:?}/"$image" "$deployroot"/image
 mount --bind "$sysroot"/boot "$deployroot"/boot
 mount --bind "$sysroot"/boot/efi "$deployroot"/boot/efi
 
@@ -83,7 +87,7 @@ done
 
 chroot "$deployroot" /usr/sbin/grub-install --target='x86_64-efi' \
 	--efi-directory=/boot/efi --boot-directory=/boot \
-	--bootloader-id=GRUB --removable "$image"
+	--bootloader-id=GRUB --removable ${images:?}/"$image"
 
 mount --bind "$sysroot" "$deployroot"/sysroot
 chroot "$deployroot" grub-mkconfig -o /boot/grub/grub.cfg
@@ -91,6 +95,8 @@ chroot "$deployroot" grub-mkconfig -o /boot/grub/grub.cfg
 trap - EXIT
 cleanup
 
+pushd ${images:?}
 bmaptool create "$image" > "$image".bmap
 xz "$image"
-sha256sum "$image".xz > "$image".sha256sum
+sha256sum "$image".xz > "$image".xz..sha256sum
+popd
diff --git a/hooks/build-os-post/40-ostree-demo-scripts b/hooks/build-os-post/40-ostree-demo-scripts
index 6ea5627..cb8d693 100755
--- a/hooks/build-os-post/40-ostree-demo-scripts
+++ b/hooks/build-os-post/40-ostree-demo-scripts
@@ -2,6 +2,7 @@
 
 set -o pipefail
 
+#TODO: package this stuff in .debs and put in a reprepro
 cat > "${root:?}"/usr/sbin/halo-upgrade << EOF
 #!/bin/bash -e
 
diff --git a/hooks/build-os-post/90-ostree-path-mangles b/hooks/build-os-post/90-ostree-path-mangles
index b2709f3..8a478b8 100755
--- a/hooks/build-os-post/90-ostree-path-mangles
+++ b/hooks/build-os-post/90-ostree-path-mangles
@@ -1,8 +1,8 @@
 #!/bin/bash -xe
 set -o pipefail
 
-# remove everything from dev and var
-rm -rf "${root:?}"/dev/* "${root:?}"/var/*
+# remove everything from dev
+rm -rvf "${root:?}"/dev/*
 
 # add sysroot mountpoint and ostree link to root
 mkdir -p "${root:?}"/sysroot
@@ -32,7 +32,7 @@ EOF
 
 # move /etc to /usr/etc
 mv "${root:?}"/etc "${root:?}"/usr/etc
-mkdir "${root:?}"/etc # do we need this?
+mkdir "${root:?}"/etc #TODO: do we need this?
 
 # link persistent directories to /var
 for dir in home opt srv mnt tmp; do
diff --git a/hooks/build-os/10-apt b/hooks/build-os/10-apt
index 65c7056..be2059b 100755
--- a/hooks/build-os/10-apt
+++ b/hooks/build-os/10-apt
@@ -3,13 +3,11 @@ set -o pipefail
 
 # Enable additional sources
 cat > "${root:?}"/etc/apt/sources.list << EOF
-deb https://deb.debian.org/debian trixie main contrib non-free non-free-firmware
-
-deb https://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
-
-deb https://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
 EOF
 
 # update/upgrade system
 chroot "${root:?}" apt-get update
-chroot "${root:?}" apt-get upgrade
+chroot "${root:?}" apt-get upgrade --assume-yes
diff --git a/hooks/build-os/30-packages b/hooks/build-os/30-packages
index b131edf..9510c87 100755
--- a/hooks/build-os/30-packages
+++ b/hooks/build-os/30-packages
@@ -7,15 +7,22 @@ packages=(
 		debootstrap
 		dosfstools
 		e2fsprogs
+		flatpak
+		gnome-core
+		gnome-tweaks
 		lvm2
 		nethack-console
+		network-manager
 		ostree
 		parted
 		rsync
+		sudo
 		systemd-container
+		systemd-homed
+		task-english
 		xfsprogs
 	)
 
-chroot "${root:?}" apt-get -y install "${packages[@]}"
+chroot "${root:?}" apt-get -y --no-install-recommends install "${packages[@]}"
 
 echo 'kernel.unprivileged_userns_clone=1' > "${root:?}"/etc/sysctl.d/nspawn.conf
diff --git a/hooks/build-os/50-network b/hooks/build-os/50-network
index c2cb6ee..a7ec432 100755
--- a/hooks/build-os/50-network
+++ b/hooks/build-os/50-network
@@ -1,16 +1,14 @@
 #!/bin/bash -xe
 set -o pipefail
 
-# Append motd
+# Append to motd
 
 cat >> "${root:?}"/etc/motd << EOF
 
-${osname:?}/${osversion:?} (${osdesc:?}) v${version:?}
+${osname:?}/${osversion:?}/${build:?}/${buildenv:?}/${arch:?} (${osdesc:?}) v${version:?}
 EOF
 
 # Set hostname
-echo "${osname:?}-${osversion:?}" > "${root:?}"/etc/hostname
-echo "127.0.1.1 ${osname:?}-${osversion:?}" >> "${root:?}"/etc/hosts
-
-# Install network manager
-chroot "${root:?}" apt-get install -y network-manager
+echo "${osname:?}-${osversion:?}-${build:?}-${buildenv:?}" > "${root:?}"/etc/hostname
+echo "127.0.1.1 ${osname:?}-${osversion:?}-${build:?}-${buildenv:?}" >> "${root:?}"/etc/hosts
+echo "Etc/UTC" > "${root:?}"/etc/localtime
diff --git a/hooks/build-os/70-system-config b/hooks/build-os/70-system-config
index 0fc5bde..38b6f68 100755
--- a/hooks/build-os/70-system-config
+++ b/hooks/build-os/70-system-config
@@ -1,10 +1,40 @@
 #!/bin/bash -xe
 set -o pipefail
 
-# Set a root password
-echo "root:guest" | chroot "${root:?}" chpasswd
+## Set a root password
+echo "root:reznor" | chroot "${root:?}" chpasswd
+
+## add a default regular user with systemd-homed on firstboot
+mkdir -p "${root:?}"/usr/lib/credstore
+cat > "${root:?}"/usr/lib/credstore/home.create.trent << EOF
+{
+	"disposition" : "regular",
+	"memberOf" : [
+		"sudo"
+	],
+	"privileged" : {
+		"hashedPassword" : [
+			"\$y\$j9T\$KiIvlGKRHOAfV600NZhag.\$cKOX95FUr7aSVL3EpU2dlDmf/xmL.UoeYonmI3ZkXXA"
+		]
+	},
+	"secret" : {
+		"password" : [
+			"reznor"
+		]
+	},
+	"userName" : "trent"
+}
+EOF
+
+mkdir "${root:?}"/etc/systemd/system/systemd-homed-firstboot.service.d
+cat > "${root:?}"/etc/systemd/system/systemd-homed-firstboot.service.d/override.conf << EOF
+[Service]
+ExecStart=
+ExecStart=homectl firstboot --enforce-password-policy=no
+EOF
+
 
 # Make console quieter
 cat > "${root:?}"/etc/sysctl.d/printk.conf << EOF
-kernel.printk = 3	4	1	3
+kernel.printk = 3      4       1       3
 EOF
diff --git a/hooks/build-os/80-firstboot-repart-growfs b/hooks/build-os/80-firstboot-repart-growfs
index 78648cc..97aceff 100755
--- a/hooks/build-os/80-firstboot-repart-growfs
+++ b/hooks/build-os/80-firstboot-repart-growfs
@@ -36,7 +36,7 @@ mkdir "${root:?}"/etc/systemd/system/systemd-firstboot.service.d
 cat > "${root:?}"/etc/systemd/system/systemd-firstboot.service.d/install.conf << EOF
 [Service]
 ExecStart=
-ExecStart=/usr/bin/systemd-firstboot --prompt
+ExecStart=/usr/bin/systemd-firstboot
 
 [Install]
 WantedBy=sysinit.target
@@ -44,4 +44,4 @@ EOF
 
 chroot "${root:?}" systemctl enable systemd-firstboot.service
 
-rm "${root:?}"/etc/{machine-id,localtime}
+rm "${root:?}"/etc/machine-id
diff --git a/publish-repo b/publish-repo
index d4ece7c..f1ec88e 100755
--- a/publish-repo
+++ b/publish-repo
@@ -3,10 +3,17 @@
 set -o pipefail
 
 . config
+. sh-lib
 
-version="$(find "$roots" -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)"
+# Check for dependencies:
+package_deps ostree
 
-[ ! -d "$repo" ] && ostree --repo="$repo" init --mode=archive
+version="$(cd "${roots:?}"/"${branch:?}"; find ./ -mindepth 1 -maxdepth 1 -type d | cut -d/ -f2 | sort -rn | head -1)"
+
+if [ ! -d "$repo" ]; then
+	mkdir -p "$repo"
+	ostree --repo="$repo" init --mode=archive
+fi
 
 REF=$(ostree --repo="$build_repo" rev-parse "$branch")
 
@@ -15,9 +22,9 @@ ostree --repo="$repo" pull-local "$build_repo" "$REF"
 ostree --repo="$repo" commit -b "$branch" \
 	-s "$osname/$osversion:($osdesc) $branch $version" \
 	--add-metadata-string=version="$branch":"$version" \
-	--gpg-sign=CE4A0BF21E1C237DD8C400FAA39487B22697143F \
+	--gpg-sign=91BC029A6B3701253B585656C5FE25B2138B1F0F \
 	--tree=ref="$REF"
 
-ostree --repo="$repo" static-delta generate "$branch" || echo "Warning: static-delta generate failed" >&2
+ostree --repo="$repo" static-delta generate "$branch" || echo "Warning: static-delta generate failed, (they grow up so fast...)" >&2
 
 ostree --repo="$repo" summary -u
diff --git a/sync-images b/sync-images
new file mode 100755
index 0000000..1793774
--- /dev/null
+++ b/sync-images
@@ -0,0 +1,7 @@
+#!/bin/bash -xe
+
+set -o pipefail
+
+. config
+
+rsync -av --delete-after images/ "$publish_images"/
-- 
cgit v1.2.3