From 172131841b9d693e8340698c240a2007e5ca1e2b Mon Sep 17 00:00:00 2001
From: gerblesh <101901964+gerblesh@users.noreply.github.com>
Date: Tue, 6 Aug 2024 14:19:19 -0700
Subject: [PATCH 1/3] feat: rechunk, remove SELinux workarounds

---
 .github/workflows/build.yml | 62 +++++++++++++++++++++++++++----------
 Containerfile               |  8 -----
 greetd-workaround.service   | 21 -------------
 3 files changed, 46 insertions(+), 45 deletions(-)
 delete mode 100644 greetd-workaround.service

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9b9e79a..4250cae 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,7 +17,7 @@ concurrency:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
@@ -47,6 +47,13 @@ jobs:
 
     steps:
       # Checkout push-to-registry action GitHub repository
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@v7
+        with:
+          remove-android: 'true'
+      - name: Checkout
+        uses: actions/checkout@v2
+
       - name: Checkout Push to Registry action
         uses: actions/checkout@v4
 
@@ -93,6 +100,7 @@ jobs:
             io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/cosmic/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
 
+
       # Create Variables. Use UBlue images for amd64, fedora-ostree desktop for arm64
       - name: matrix-variables
         run: |
@@ -108,22 +116,42 @@ jobs:
             echo "SOURCE_IMAGE=${{ matrix.flavor }}" >> $GITHUB_ENV
           fi
 
-      # Build image using Buildah action
       - name: Build Image
         id: build_image
-        uses: redhat-actions/buildah-build@v2
+        run: |
+          sudo buildah build \
+            --arch "${{ matrix.arch }}" \
+            --format "docker" \
+            --build-arg FEDORA_MAJOR_VERSION="${{ matrix.version }}" \
+            --build-arg SOURCE_IMAGE="${{ env.SOURCE_IMAGE }}" \
+            --build-arg SOURCE_ORG="${{ env.SOURCE_ORG }}" \
+            --tag raw-img .
+
+      # Reprocess raw-img using rechunker which will delete it
+      - name: Run Rechunker
+        id: rechunk
+        uses: hhd-dev/rechunk@v0.8.0
         with:
-          containerfiles: |
-            Containerfile
-          image: cosmic-${{ matrix.flavor }}
-          tags: |
-            ${{ steps.generate-tags.outputs.alias_tags }}
-          archs: ${{ matrix.arch }}
-          build-args: |
-            FEDORA_MAJOR_VERSION=${{ matrix.version }}
-            SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
-            SOURCE_ORG=${{ env.SOURCE_ORG }}
-          oci: false
+          rechunk: 'ghcr.io/hhd-dev/rechunk:v0.8.0'
+          ref: 'raw-img'
+          prev-ref: "${{ env.IMAGE_REGISTRY }}/cosmic-${{ matrix.flavor }}:${{ matrix.version }}"
+          prev-ref-fail: true
+          skip_compression: true
+          version: 'version'
+          labels: |
+            org.opencontainers.image.title=cosmic-${{ matrix.flavor }}
+            org.opencontainers.image.version=${{ matrix.version }}
+            org.opencontainers.image.description=${{ env.description }}
+            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/cosmic/main/README.md
+            io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
+
+      - name: Load in podman and tag
+        run: |
+          IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
+          sudo rm -rf ${{ steps.rechunk.outputs.output }}
+          for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
+            podman tag $IMAGE cosmic-${{ matrix.flavor }}:$tag
+          done
 
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
@@ -148,8 +176,10 @@ jobs:
         id: push
         with:
           registry: ${{ steps.registry_case.outputs.lowercase }}
-          image: ${{ steps.build_image.outputs.image }}
-          tags: ${{ steps.build_image.outputs.tags }}
+          image: cosmic-${{ matrix.flavor }}
+          tags: ${{ steps.generate-tags.outputs.alias_tags }}
+          extra-args: |
+            --disable-content-trust
 
       # Sign container
       - uses: sigstore/cosign-installer@v3.5.0
diff --git a/Containerfile b/Containerfile
index 2b5176d..c9e3c50 100644
--- a/Containerfile
+++ b/Containerfile
@@ -6,10 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION}
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 
-COPY greetd-workaround.service /usr/lib/systemd/system/greetd-workaround.service
-
 # Build in one step
-# Install tuned/tuned-ppd if the image is a base one
 RUN if [[ "${FEDORA_MAJOR_VERSION}" == "rawhide" ]]; then \
         curl -Lo /etc/yum.repos.d/_copr_ryanabx-cosmic.repo \
             https://copr.fedorainfracloud.org/coprs/ryanabx/cosmic-epoch/repo/fedora-rawhide/ryanabx-cosmic-epoch-fedora-rawhide.repo \
@@ -18,15 +15,10 @@ RUN if [[ "${FEDORA_MAJOR_VERSION}" == "rawhide" ]]; then \
     ; fi && \
     rpm-ostree install \
         cosmic-desktop && \
-    rpm-ostree override remove \
-        power-profiles-daemon || true && \
-    rpm-ostree install tuned tuned-ppd && \
     rpm-ostree install \
         gnome-keyring && \
-    systemctl enable tuned-ppd && \
     systemctl disable gdm || true && \
     systemctl disable sddm || true && \
     systemctl enable cosmic-greeter && \
-    systemctl enable greetd-workaround && \
     ostree container commit && \
     mkdir -p /var/tmp && chmod -R 1777 /var/tmp
diff --git a/greetd-workaround.service b/greetd-workaround.service
deleted file mode 100644
index 0eed5a4..0000000
--- a/greetd-workaround.service
+++ /dev/null
@@ -1,21 +0,0 @@
-[Unit]
-Description=Workaround for SELinux issues for greetd
-ConditionFileIsExecutable=/usr/bin/greetd
-After=local-fs.target
-
-[Service]
-Type=oneshot
-# Copy if it doesn't exist
-ExecStartPre=/usr/bin/mkdir -p /usr/local/bin/overrides
-ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/overrides/greetd ] || /usr/bin/cp /usr/bin/greetd /usr/local/bin/overrides/greetd"
-# This is faster than using .mount unit. Also allows for the previous line/cleanup
-ExecStartPre=/usr/bin/bash -c "/usr/bin/mount --bind /usr/local/bin/overrides/greetd /usr/bin/greetd"
-# Fix caps
-ExecStart=/usr/bin/bash -c "/usr/sbin/restorecon -rv /usr/bin/greetd"
-# Clean-up after ourselves
-ExecStop=/usr/bin/umount /usr/bin/greetd
-ExecStop=/usr/bin/rm /usr/local/bin/overrides/greetd
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target

From 75c5608afe153b27284ea23def9d9f40d3336d2c Mon Sep 17 00:00:00 2001
From: gerblesh <101901964+gerblesh@users.noreply.github.com>
Date: Tue, 6 Aug 2024 22:00:46 -0700
Subject: [PATCH 2/3] feat: add nmtui as the GUI is not fully featured

---
 Containerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containerfile b/Containerfile
index c9e3c50..86e4636 100644
--- a/Containerfile
+++ b/Containerfile
@@ -16,7 +16,7 @@ RUN if [[ "${FEDORA_MAJOR_VERSION}" == "rawhide" ]]; then \
     rpm-ostree install \
         cosmic-desktop && \
     rpm-ostree install \
-        gnome-keyring && \
+        gnome-keyring NetworkManager-tui && \
     systemctl disable gdm || true && \
     systemctl disable sddm || true && \
     systemctl enable cosmic-greeter && \

From 3002f0b48a95a46e1a760dbcf45f5ed86bffcde1 Mon Sep 17 00:00:00 2001
From: Antheas Kapenekakis <antheas@users.noreply.github.com>
Date: Wed, 7 Aug 2024 19:13:55 +0200
Subject: [PATCH 3/3] fix(rechunk): Fix signing by using the appropriate name
 and change args (#55)

fix(rechunk): Fix signing by using the appropriate name and change rechunk arguments
---
 .github/workflows/build.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4250cae..d98215d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -135,12 +135,10 @@ jobs:
           rechunk: 'ghcr.io/hhd-dev/rechunk:v0.8.0'
           ref: 'raw-img'
           prev-ref: "${{ env.IMAGE_REGISTRY }}/cosmic-${{ matrix.flavor }}:${{ matrix.version }}"
-          prev-ref-fail: true
           skip_compression: true
-          version: 'version'
+          version: ${{ matrix.version }}
           labels: |
             org.opencontainers.image.title=cosmic-${{ matrix.flavor }}
-            org.opencontainers.image.version=${{ matrix.version }}
             org.opencontainers.image.description=${{ env.description }}
             io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/cosmic/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
@@ -188,7 +186,7 @@ jobs:
       - name: Sign container image
         if: github.event_name != 'pull_request'
         run: |
-          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/cosmic-${{ matrix.flavor }}@${TAGS}
         env:
           TAGS: ${{ steps.push.outputs.digest }}
           COSIGN_EXPERIMENTAL: false