Merge branch 'main' into dnf-module

gmpinder · web-flow · commit 6659dc3ea735 · 2025-04-06T13:15:04.000-04:00
diff --git a/.github/workflows/build-individual.yml b/.github/workflows/build-individual.yml
@@ -13,14 +13,14 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: hustcer/setup-nu@0000000ae6a4e242e802c943f465373b70b07469 # v3.17
+      - uses: hustcer/setup-nu@9859855d6c1dfcd6d53ee7480b8e86c8c45298cb # v3.19
         with:
           version: v0.93
 
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
diff --git a/.github/workflows/build-unified.yml b/.github/workflows/build-unified.yml
@@ -13,14 +13,14 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: hustcer/setup-nu@0000000ae6a4e242e802c943f465373b70b07469 # v3.17
+      - uses: hustcer/setup-nu@9859855d6c1dfcd6d53ee7480b8e86c8c45298cb # v3.19
         with:
           version: v0.93
 
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -9,7 +9,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: shellcheck
-        uses: reviewdog/action-shellcheck@6e0e63d1750d02d761b3df0f2c5ba9f9ac4a9ed7 # v1.29.0
+        uses: reviewdog/action-shellcheck@5ebd09ddbe2ebb471646ce234c6c8dd18663ca7c # v1.30.0
         with:
           github_token: ${{ github.token }}
           reporter: github-pr-review
diff --git a/modules/brew/README.md b/modules/brew/README.md
@@ -3,35 +3,30 @@
 The brew module installs [Homebrew / Linuxbrew](https://brew.sh/) on your system and ensures the package manager remains updated and maintained. This module also sets up systemd services to periodically update the installed Brew packages.
 
 ## Features
-- Installs Brew at build-time.
+- Downloads Brew in build-time & installs it in run-time.
 - Sets up systemd services to automatically update Brew to the latest version.
 - Sets up systemd services to automatically upgrade Brew packages.
 - Sets up bash and fish completions for Brew.
 
 ## How it works
 
-### Directory paths glossary:
-- `/home/` is a symlink to `/var/home/`  
-- `/root/` is a symlink to `/var/roothome/`
-
 ### Build-time:
 
-- Necessary Brew package dependency `gcc` is installed if not present in the base image
-- Directories `/home/` & `/root/` are created
-- Empty `.dockerenv` file is created in the root of the image-builder, to convince official Brew installation script that we are **not** running as root
-- Official brew installation script is downloaded & executed
-- Brew is extracted to `/home/linuxbrew/` by the official script (`/root/` is needed, since image-builds are running as root)
-- Brew in `/home/linuxbrew/` is compressed in tar, copied to `/usr/share/homebrew/` & permissions to it are set to default user (UID 1000)
-- `brew-update` & `brew-upgrade` SystemD service timers are enabled (by default)
+- Necessary Brew package dependency `gcc` & `zstd` is installed if not present in the base image.
+- Brew tarball is downloaded from [Universal Blue 'packages' GitHub releases](https://github.com/ublue-os/packages/releases).
+- Brew tarball is extracted to `/usr/share/homebrew/`.
+- `/usr/share/homebrew/` permissions are set to the default user (UID/GID 1000).
+- `brew-update` & `brew-upgrade` SystemD service timers are enabled (by default).
 - A fix for path conflicts between system & brew packages with the same name is applied by adding Brew to path only in interactive shells, unlike what Brew does by default.
-- Brew bash & fish shell completions are copied to `/etc/profile.d/brew-bash-completions.sh` & `/usr/share/fish/vendor_conf.d/brew-fish-completions.fish`
+- Set option that Brew's shell environment can't be ran as root, respecting Homebrew's recommendation that only user with UID/GID 1000 can manage Brew.
+- Brew bash & fish shell completions are copied to `/etc/profile.d/brew-bash-completions.sh` & `/usr/share/fish/vendor_conf.d/brew-fish-completions.fish`.
 - `tmpfiles.d` configuration `homebrew.conf` is written with these directory locations:
   - `/var/lib/homebrew/`
   - `/var/cache/homebrew/`
   - `/home/linuxbrew/`
-- `brew-setup` service is enabled
+- `brew-setup` service is enabled.
 
-### Boot-time:
+### Run-time:
 
 **`tmpfiles.d homebrew.conf`:**
 - This configuration is telling SystemD to: automatically create these necessary directories on every system boot if not available & to give them permissions of the default user (UID 1000):
@@ -40,16 +35,16 @@ The brew module installs [Homebrew / Linuxbrew](https://brew.sh/) on your system
   - `/home/linuxbrew/`
 
 **`brew-setup`:**
-- `brew-setup` SystemD service checks if main directory used by Brew exists (`/home/linuxbrew/.linuxbrew/`)  
-  & if `brew-setup` state file exists (`/etc/.linuxbrew`)
-- If one of those paths don't exist, then Homebrew tar is extracted from `/usr/share/homebrew/homebrew.tar.zst` to `/tmp/homebrew/`
-- Extracted Homebrew is then copied from `/tmp/homebrew/` to `/home/linuxbrew/` & permissions to it are set to default user (UID 1000)
-- Temporary directory `/tmp/homebrew/` is removed
-- Empty file `/etc/.linuxbrew` is created, which indicates that brew-setup (installation) is successful & which allows setup to run again on next boot when removed
+- `brew-setup` installs `brew` in runtime.  
+  SystemD service checks if main directory used by Brew exists (`/home/linuxbrew/.linuxbrew/`) & if `brew-setup` state file exists (`/etc/.linuxbrew`).
+- If one of those paths don't exist, then extracted Brew tarball is copied from `/usr/share/homebrew/` to `/home/linuxbrew/`.
+- Permissions to `/home/linuxbrew/` are set to the default user (UID/GID 1000).
+- Empty file `/etc/.linuxbrew` is created, which indicates that brew-setup (installation) is successful & which allows setup to run again on next boot when removed.
 
 **Rest of the setup:**
-- `brew-update` runs at the specified time to update Brew to the latest version
-- `brew-upgrade` runs at the specified time to upgrade Brew packages
+- `brew-update` runs at the specified time to update Brew to the latest version.
+- `brew-upgrade` runs at the specified time to upgrade Brew packages.  
+  It additionally unlinks conflicting Brew dependencies if installed, like systemd & dbus, to prevent crucial system programs being preferred by Brew.
 
 ## Development
 Setting `DEBUG=true` inside `brew.sh` will enable additional output for debugging purposes during development.
diff --git a/modules/brew/brew.sh b/modules/brew/brew.sh
@@ -85,24 +85,18 @@ if [[ -z "${BREW_ANALYTICS}" || "${BREW_ANALYTICS}" == "null" ]]; then
     BREW_ANALYTICS=true
 fi
 
-# Create necessary directories
-mkdir -p /var/home
-mkdir -p /var/roothome
-
-# Convince the installer that we are in CI
-touch /.dockerenv
-
-# Always install Brew
-echo "Downloading and installing Brew..."
-curl -fLs --create-dirs https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh -o /tmp/brew-install
-echo "Downloaded Brew install script"
-chmod +x /tmp/brew-install
-/tmp/brew-install
-
-# Move Brew installation and set ownership to default user (UID 1000)
-tar --zstd -cvf /usr/share/homebrew.tar.zst /home/linuxbrew/.linuxbrew
-cp -R /home/linuxbrew /usr/share/homebrew
-chown -R 1000:1000 /usr/share/homebrew
+# Download Brew
+BREW_TARBALL_LINK="$(curl -fLs https://api.github.com/repos/ublue-os/packages/releases | jq -r '.[] | .assets[] | select(.name? | match("homebrew-x86_64.tar.zst")) | .browser_download_url' | head -n 1)"
+echo "Downloading Brew tarball..."
+curl -fLs --create-dirs "${BREW_TARBALL_LINK}" -o "/tmp/homebrew-tarball.tar.zst"
+echo "Downloaded Brew tarball"
+
+# Extract Brew tarball to /usr/share/homebrew/ and set ownership to default user (UID 1000)
+echo "Extracting Brew tarball to '/usr/share/homebrew/'"
+mkdir -p "/usr/share/homebrew/"
+tar -I zstd --preserve-permissions -xf "/tmp/homebrew-tarball.tar.zst" -C "/usr/share/homebrew/"
+echo "Setting '/usr/share/homebrew/' permissions to UID/GID 1000"
+chown -R 1000:1000 "/usr/share/homebrew/"
 
 # Write systemd service files dynamically
 echo "Writing brew-setup service"
@@ -116,11 +110,8 @@ ConditionPathExists=!/var/home/linuxbrew/.linuxbrew
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/mkdir -p /tmp/homebrew
-ExecStart=/usr/bin/tar --zstd -xvf /usr/share/homebrew.tar.zst -C /tmp/homebrew
-ExecStart=/usr/bin/cp -R -n /tmp/homebrew/home/linuxbrew/.linuxbrew /var/home/linuxbrew
+ExecStart=/usr/bin/cp -R --update=none /usr/share/homebrew/home/linuxbrew/.linuxbrew /var/home/linuxbrew
 ExecStart=/usr/bin/chown -R 1000:1000 /var/home/linuxbrew
-ExecStart=/usr/bin/rm -rf /tmp/homebrew
 ExecStart=/usr/bin/touch /etc/.linuxbrew
 
 [Install]
@@ -159,6 +150,7 @@ Environment=HOMEBREW_CELLAR=/home/linuxbrew/.linuxbrew/Cellar
 Environment=HOMEBREW_PREFIX=/home/linuxbrew/.linuxbrew
 Environment=HOMEBREW_REPOSITORY=/home/linuxbrew/.linuxbrew/Homebrew
 ExecStart=/usr/bin/bash -c "/home/linuxbrew/.linuxbrew/bin/brew upgrade"
+ExecStartPost=/usr/bin/bash -c "/home/linuxbrew/.linuxbrew/bin/brew unlink systemd dbus || true"
 EOF
 
 # Write systemd timer files dynamically
@@ -236,7 +228,7 @@ d /var/home/linuxbrew 0755 1000 1000 - -
 EOF
 
 # Enable the setup service
-echo "Enabling brew-setup service"
+echo "Enabling brew-setup service to install Brew in run-time"
 systemctl enable brew-setup.service
 
 # Always enable or disable update and upgrade services for consistency
diff --git a/modules/gnome-extensions/gnome-extensions.sh b/modules/gnome-extensions/gnome-extensions.sh
@@ -115,10 +115,13 @@ if [[ ${#INSTALL[@]} -gt 0 ]]; then
       # Locale is not crucial for extensions to work, as they will fallback to gschema.xml
       # Some of them might not have any locale at the moment
       # So that's why I made a check for directory
+      # I made an additional check if language files are available, in case if extension is packaged with an empty folder, like with Default Workspace extension
       if [[ -d "${TMP_DIR}/locale" ]]; then
-        echo "Installing language extension files"
-        install -d -m 0755 "/usr/share/locale/"
-        cp -r "${TMP_DIR}/locale"/* "/usr/share/locale/"
+          if ls "${TMP_DIR}/locale/"*.mo 1> /dev/null 2>&1; then
+            echo "Installing language extension files"
+            install -d -m 0755 "/usr/share/locale/"
+            cp -r "${TMP_DIR}/locale"/* "/usr/share/locale/"
+          fi  
       fi  
       # Delete the temporary directory
       echo "Cleaning up the temporary directory"
@@ -221,10 +224,13 @@ if [[ ${#INSTALL[@]} -gt 0 ]] && ! "${LEGACY}"; then
       # Locale is not crucial for extensions to work, as they will fallback to gschema.xml
       # Some of them might not have any locale at the moment
       # So that's why I made a check for directory
+      # I made an additional check if language files are available, in case if extension is packaged with an empty folder, like with Default Workspace extension
       if [[ -d "${TMP_DIR}/locale" ]]; then
-        echo "Installing language extension files"
-        install -d -m 0755 "/usr/share/locale/"
-        cp -r "${TMP_DIR}/locale"/* "/usr/share/locale/"
+        if ls "${TMP_DIR}/locale/"*.mo 1> /dev/null 2>&1; then
+          echo "Installing language extension files"
+          install -d -m 0755 "/usr/share/locale/"
+          cp -r "${TMP_DIR}/locale"/* "/usr/share/locale/"
+        fi
       fi  
       # Delete the temporary directory
       echo "Cleaning up the temporary directory"
diff --git a/modules/yafti/README.md b/modules/yafti/README.md
@@ -7,3 +7,12 @@ Also Yafti's dependencies, `python3-pip` and `libadwaita` are installed.
 Optionally, a list of Flatpak names and IDs can be included under `custom-flatpaks:`. These will be enabled by default under their own section on the Flatpak installation screen of `yafti`.
 
 A default version of the `yafti` configuration file, `yafti.yml`, is supplied by this module. To make your own, create the file at `/usr/share/ublue-os/firstboot/yafti.yml`. The default version of the file can be found [here](https://github.com/blue-build/modules/blob/main/modules/yafti/yafti.yml).
+
+## Known issues
+
+Yafti autostart doesn't work on WMs (Window Managers) like Sway or Hyprland due to them not implementing XDG-Autostart specification.
+
+https://github.com/swaywm/sway/issues/1423  
+https://github.com/hyprwm/Hyprland/issues/5169
+
+Usage of [dex](https://github.com/jceb/dex) in the affected WMs can be considered to mitigate this issue.
diff --git a/modules/yafti/yafti.sh b/modules/yafti/yafti.sh
@@ -9,8 +9,8 @@ FIRSTBOOT_DATA="/usr/share/ublue-os/firstboot"
 
 mkdir -p "$FIRSTBOOT_DATA/launcher/"
 
-# doesn't overwrite user's yafti.yml (ignores error)
-cp -n "$MODULE_DIRECTORY/yafti/yafti.yml" "$FIRSTBOOT_DATA/yafti.yml" || true
+# doesn't overwrite user's yafti.yml
+cp --update=none "$MODULE_DIRECTORY/yafti/yafti.yml" "$FIRSTBOOT_DATA/yafti.yml"
 cp -r "$MODULE_DIRECTORY/yafti/launcher/" "$FIRSTBOOT_DATA"
 
 FIRSTBOOT_SCRIPT="${FIRSTBOOT_DATA}/launcher/login-profile.sh"
