Merge pull request #202 from ublue-os/sign-images

feat: Sign Bazzite images in yafti
2025-02-21 09:39:49 +00:00 · 2023-08-27 21:47:17 -06:00 · 2023-08-27 21:47:17 -06:00 · 3433a250fa
commit 3433a250fa
parent 3265a68635 038702d525
5 changed files with 34 additions and 5 deletions
--- a/6
+++ b/6
@ -7,6 +7,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-38}"
 FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS bazzite

 ARG IMAGE_NAME="${IMAGE_NAME}"
+ARG IMAGE_VENDOR="ublue-os"
 ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME}"
 ARG IMAGE_FLAVOR="${IMAGE_FLAVOR}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}"
@ -193,7 +194,7 @@ RUN rm /usr/share/applications/shredder.desktop && \
        systemctl disable waydroid-container.service && \
        rm /usr/share/wayland-sessions/weston.desktop \
    ; fi && \
-    echo -e "IMAGE_NAME=${IMAGE_NAME}\nBASE_IMAGE_NAME=${BASE_IMAGE_NAME}\nIMAGE_FLAVOR=${IMAGE_FLAVOR}\nFEDORA_MAJOR_VERSION=${FEDORA_MAJOR_VERSION}" >> /etc/default/bazzite && \
+    echo -e "IMAGE_NAME=${IMAGE_NAME}\nIMAGE_VENDOR=${IMAGE_VENDOR}\nBASE_IMAGE_NAME=${BASE_IMAGE_NAME}\nIMAGE_FLAVOR=${IMAGE_FLAVOR}\nFEDORA_MAJOR_VERSION=${FEDORA_MAJOR_VERSION}" >> /etc/default/bazzite && \
    rm -rf \
        /tmp/* \
        /var/* && \
@ -205,6 +206,7 @@ RUN rm /usr/share/applications/shredder.desktop && \
 FROM bazzite as bazzite-deck

 ARG IMAGE_NAME="${IMAGE_NAME}"
+ARG IMAGE_VENDOR="ublue-os"
 ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME}"
 ARG IMAGE_FLAVOR="${IMAGE_FLAVOR}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}"
@ -352,7 +354,7 @@ RUN rm /usr/share/applications/wine*.desktop && \
    systemctl --global disable ublue-update.timer && \
    rm -f /usr/etc/sddm.conf && \
    rm -f /etc/default/bazzite && \
-    echo -e "IMAGE_NAME=${IMAGE_NAME}\nBASE_IMAGE_NAME=${BASE_IMAGE_NAME}\nIMAGE_FLAVOR=${IMAGE_FLAVOR}\nFEDORA_MAJOR_VERSION=${FEDORA_MAJOR_VERSION}" >> /etc/default/bazzite && \
+    echo -e "IMAGE_NAME=${IMAGE_NAME}\nIMAGE_VENDOR=${IMAGE_VENDOR}\nBASE_IMAGE_NAME=${BASE_IMAGE_NAME}\nIMAGE_FLAVOR=${IMAGE_FLAVOR}\nFEDORA_MAJOR_VERSION=${FEDORA_MAJOR_VERSION}" >> /etc/default/bazzite && \
    rm -rf \
        /tmp/* \
        /var/* && \
--- a/system_files/deck/shared/usr/share/ublue-os/firstboot/yafti.yml
+++ b/system_files/deck/shared/usr/share/ublue-os/firstboot/yafti.yml
@ -10,6 +10,16 @@ screens:
      icon: "/usr/share/ublue-os/bazzite/logo.svg"
      description: |
        Configure your system to get started. Completion of this process is required for Game mode to function.
+  sign-image:
+    source: yafti.screen.consent
+    condition:
+      run: grep -qvz "signed" <<< $(rpm-ostree status)
+    values:
+      title: Sign Bazzite
+      description: |
+        This will sign your current install of Bazzite. Note that this may take awhile.
+      actions:
+        - run: just --unstable sign-image
  configure-bazzite:
    source: yafti.screen.package
    values:
--- a/system_files/deck/shared/usr/share/ublue-os/just/custom.just
+++ b/system_files/deck/shared/usr/share/ublue-os/just/custom.just
@ -31,8 +31,6 @@ configure-waydroid:
  deactivate
  rm -rf ~/waydroid_script

-
-
 get-decky:
  #!/usr/bin/env bash
  export HOME=$(getent passwd ${SUDO_USER:-$USER} | cut -d: -f6)
@ -284,3 +282,8 @@ _toggle_wayland:
  else
    sudo sed -i 's/false/true/g' /etc/default/desktop-wayland
  fi
+
+sign-image:
+  #!/usr/bin/env bash
+  source /etc/default/bazzite
+  rpm-ostree rebase ostree-image-signed:docker://ghcr.io/${IMAGE_VENDOR}/${IMAGE_NAME}:${FEDORA_MAJOR_VERSION}
--- a/system_files/desktop/shared/usr/share/ublue-os/firstboot/yafti.yml
+++ b/system_files/desktop/shared/usr/share/ublue-os/firstboot/yafti.yml
@ -10,6 +10,16 @@ screens:
      icon: "/usr/share/ublue-os/bazzite/logo.svg"
      description: |
        Configure your system to get started
+  sign-image:
+    source: yafti.screen.consent
+    condition:
+      run: grep -qvz "signed" <<< $(rpm-ostree status)
+    values:
+      title: Sign Bazzite
+      description: |
+        This will sign your current install of Bazzite. Note that this may take awhile.
+      actions:
+        - run: just --unstable sign-image
  configure-bazzite-arch:
    source: yafti.screen.package
    values:
--- a/system_files/desktop/shared/usr/share/ublue-os/just/custom.just
+++ b/system_files/desktop/shared/usr/share/ublue-os/just/custom.just
@ -35,7 +35,6 @@ configure-waydroid:
  deactivate
  rm -rf ~/waydroid_script

-
 install-corectrl:
  echo 'Installing CoreCtrl...'
  rpm-ostree install corectrl
@ -192,3 +191,8 @@ unhide-grub:
  else
    sudo grub2-mkconfig -o /boot/grub2/grub.cfg
  fi
+
+sign-image:
+  #!/usr/bin/env bash
+  source /etc/default/bazzite
+  rpm-ostree rebase ostree-image-signed:docker://ghcr.io/${IMAGE_VENDOR}/${IMAGE_NAME}:${FEDORA_MAJOR_VERSION}