mkm1971
/
kamos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix /ctx path, install plymouth-plugin-script, make signing optional

This commit is contained in:
Khalaf 2026-05-10 02:10:05 +04:00
parent d00c99a01c
commit 42998d3510
3 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Containerfile
View File

@ -29,8 +29,10 @@ LABEL io.artifacthub.package.readme-url="https://cgi.medsys.cloud/mkm1971/kamos/
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# Stage 1: copy our customisations into the build context # Stage 1: copy our customisations into the build context
# Note: build_files goes to /ctx (NOT /tmp) because the RUN below mounts a
# tmpfs over /tmp which would hide anything we put there.
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
COPY build_files/ /tmp/build_files/ COPY build_files/ /ctx/
COPY system_files/ / COPY system_files/ /
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
@ -42,7 +44,8 @@ COPY system_files/ /
RUN --mount=type=cache,dst=/var/cache \ RUN --mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \ --mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \ --mount=type=tmpfs,dst=/tmp \
/tmp/build_files/build.sh && \ chmod +x /ctx/build.sh && \
bash /ctx/build.sh && \
ostree container commit ostree container commit
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------

12
build_files/build.sh Normal file → Executable file
View File

@ -105,16 +105,24 @@ fi
# Files (provided by us in system_files/): # Files (provided by us in system_files/):
# /usr/share/plymouth/themes/kamos/kamos.plymouth # /usr/share/plymouth/themes/kamos/kamos.plymouth
# /usr/share/plymouth/themes/kamos/kamos.script # /usr/share/plymouth/themes/kamos/kamos.script
# /usr/share/plymouth/themes/kamos/kamos-logo.png (drop your PNG here) # /usr/share/plymouth/themes/kamos/kamos-logo.png
#
# The kamos theme uses ModuleName=script which needs the
# plymouth-plugin-script package - Bazzite doesn't ship it by default.
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
if [ -f /usr/share/plymouth/themes/kamos/kamos.plymouth ]; then if [ -f /usr/share/plymouth/themes/kamos/kamos.plymouth ]; then
echo "==> Installing plymouth script plugin"
if dnf -y install plymouth-plugin-script; then
echo "==> Setting KAMOS as default plymouth theme" echo "==> Setting KAMOS as default plymouth theme"
plymouth-set-default-theme kamos plymouth-set-default-theme kamos
# Rebuild the initramfs so the splash is actually used at next boot. # Rebuild the initramfs so the splash is actually used at next boot.
# Bazzite uses dracut.
if command -v dracut >/dev/null 2>&1; then if command -v dracut >/dev/null 2>&1; then
echo "==> Regenerating initramfs (dracut)"
dracut --force --regenerate-all || true dracut --force --regenerate-all || true
fi fi
else
echo "!! plymouth-plugin-script unavailable, leaving default Bazzite theme"
fi
fi fi
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------

32
kamos-build.sh
View File

@ -95,23 +95,37 @@ for t in "${TAGS[@]}"; do
podman push "${IMAGE_REF}:${t}" podman push "${IMAGE_REF}:${t}"
done done
# ---- sign ----------------------------------------------------------------- # ---- sign (optional, best-effort) -----------------------------------------
if [ -f cosign.key ]; then # Cosign on macOS sometimes can't find podman's auth credentials (they're at
log "Sign image with cosign" # ~/.config/containers/auth.json instead of ~/.docker/config.json). We point
for t in "${TAGS[@]}"; do # it at podman's auth file and don't fail the script if signing breaks - the
digest=$(podman image inspect "${IMAGE_REF}:${t}" --format '{{.Digest}}' 2>/dev/null || true) # image is already pushed, signing is just a verification add-on.
if [ -z "$digest" ]; then if [ -f cosign.key ] && [ "${SKIP_SIGN:-0}" != "1" ]; then
digest=$(skopeo inspect --format '{{.Digest}}' "docker://${IMAGE_REF}:${t}" 2>/dev/null || true) log "Sign image with cosign (best-effort)"
# Tell cosign where podman stored credentials.
PODMAN_AUTH="${HOME}/.config/containers/auth.json"
if [ -f "${PODMAN_AUTH}" ]; then
export DOCKER_CONFIG="${HOME}/.config/containers"
fi fi
for t in "${TAGS[@]}"; do
digest=$(skopeo inspect \
--authfile "${PODMAN_AUTH}" \
--format '{{.Digest}}' \
"docker://${IMAGE_REF}:${t}" 2>/dev/null || true)
if [ -n "$digest" ]; then if [ -n "$digest" ]; then
log " signing ${IMAGE_REF}@${digest}" log " signing ${IMAGE_REF}@${digest}"
COSIGN_PASSWORD="" cosign sign --yes --key cosign.key "${IMAGE_REF}@${digest}" COSIGN_PASSWORD="" cosign sign --yes \
--key cosign.key \
"${IMAGE_REF}@${digest}" \
|| warn "Sign failed for tag ${t} (image still pushed and usable)"
else else
warn "Could not get digest for tag ${t} - skipping sign" warn "Could not get digest for tag ${t} - skipping sign"
fi fi
done done
else else
warn "cosign.key not found in repo - skipping image signing" warn "Skipping image signing (set SKIP_SIGN=0 with cosign.key present to enable)"
fi fi
# ---- done ----------------------------------------------------------------- # ---- done -----------------------------------------------------------------