FIX: nvidia driver

.github/workflows/build.yml

@@ -2,15 +2,12 @@
 name: Build container image
 on:
   pull_request:
-    branches:
-      - main
   schedule:
     - cron: '30 1 * * *'
   push:
-    branches:
+    paths:
-      - main
+      - "Containerfile"
-    paths-ignore:
+      - "build_files/**"
-      - '**/README.md'
   workflow_dispatch:
 
 env:
@@ -21,7 +18,7 @@ env:
   DEFAULT_TAG: "latest"
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }}
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name }}-${{ inputs.stream_name }}
   cancel-in-progress: true
 
 jobs:
@@ -50,7 +47,7 @@ jobs:
       - name: Mount BTRFS for podman storage
         id: container-storage-action
         uses: ublue-os/container-storage-action@911baca08baf30c8654933e9e9723cb399892140
-        continue-on-error: true 
+        continue-on-error: true
         with:
           target-dir: /var/lib/containers
           mount-opts: compress-force=zstd:2
@@ -65,9 +62,8 @@ jobs:
         id: metadata
         with:
           tags: |
-            type=raw,value=${{ env.DEFAULT_TAG }}
+            type=raw,value=${{ github.ref_name }}.${{ env.DEFAULT_TAG }}
-            type=raw,value=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD-HHmm'}}
+            type=raw,value=${{ github.ref_name }}.{{date 'YYYYMMDD-HHmm'}}
-            type=raw,value={{date 'YYYYMMDD-HHmm'}}
             type=sha,enable=${{ github.event_name == 'pull_request' }}
             type=ref,event=pr
           labels: |
@@ -79,7 +75,7 @@ jobs:
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
             org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
             org.opencontainers.image.vendor=${{ github.repository_owner }}
-            org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD-HHmm'}}
+            org.opencontainers.image.version=${{ github.ref_name }}.{{date 'YYYYMMDD-HHmm'}}
             io.artifacthub.package.deprecated=false
             io.artifacthub.package.keywords=${{ env.IMAGE_KEYWORDS }}
             io.artifacthub.package.license=Apache-2.0
@@ -102,7 +98,7 @@ jobs:
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
-        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -110,7 +106,7 @@ jobs:
 
       - name: Push To GHCR
         uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
-        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        if: github.event_name != 'pull_request'
         id: push
         env:
           REGISTRY_USER: ${{ github.actor }}

Containerfile

@@ -1,19 +1,26 @@
 FROM scratch AS ctx
 COPY build_files /
 
-FROM ghcr.io/ublue-os/akmods-nvidia-open:main-43 AS nvidia-kernel
+FROM ghcr.io/ublue-os/base-main:42
-FROM ghcr.io/bazzite-org/nvidia-drivers:latest-f43-x86_64 AS nvidia-packages
-
-FROM quay.io/fedora/fedora-bootc:43
 
 RUN rm -r /opt && mkdir /opt
 
 RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
-    --mount=type=bind,from=nvidia-kernel,source=/,target=/nvidia-kernel \
+    --mount=type=cache,dst=/var/cache \
-    --mount=type=bind,from=nvidia-packages,src=/,dst=/nvidia-packages \
+    --mount=type=cache,dst=/var/log \
+    --mount=type=tmpfs,dst=/tmp \
+    /ctx/nvidia.sh
+
+RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
     --mount=type=tmpfs,dst=/tmp \
     /ctx/build.sh
 
+RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
+    --mount=type=cache,dst=/var/cache \
+    --mount=type=cache,dst=/var/log \
+    --mount=type=tmpfs,dst=/tmp \
+    /ctx/initramfs.sh
+
 RUN bootc container lint

Makefile

@@ -1,6 +1,7 @@
 clean:
 	sudo rm -fr flathub output output-repo
 	sudo podman system prune
+	for container in $$(sudo podman container list --external --format "{{.ID}}"); do sudo podman rm $$container; done
 
 oci:
 	sudo podman build --network=host -t podman-image .

README.md

@@ -52,7 +52,40 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 - direnv
 - xsel
 - ffmpeg
+- pandoc
+- ansible
+- sqlite
+- netcat
+- tor & torbrowser-launcher
 - Flatpak (with default repository configured)
 - Chromium
+- Veracrypt
 - VSCode
 - NVIDIA Drivers
+
+## Referenced Sources for NVIDIA Driver Installation
+
+### NVIDIA
+
+- https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
+- https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#handle-uninstallation
+- https://developer.nvidia.com/cuda-downloads
+
+### ublue-os
+
+- https://github.com/ublue-os/main
+- https://github.com/ublue-os/akmods
+- https://github.com/ublue-os/hwe/pkgs/container/akmods-nvidia
+
+### RPM Fusion
+
+- https://rpmfusion.org/Howto/NVIDIA
+
+### Bluefin
+
+- https://github.com/ublue-os/bluefin/blob/main/build_files/base/03-install-kernel-akmods.sh
+- https://github.com/ublue-os/bluefin/blob/main/build_files/base/19-initramfs.sh
+
+### Notes
+
+Those also include links that didn't work out in the end for various reasons, the one I use now is based on extracting the relevant parts of the bluefin scripts.

build_files/build.sh

@@ -4,11 +4,11 @@ set -ouex pipefail
 cp /ctx/bootc-fetch-apply-updates.service /usr/lib/systemd/system/bootc-fetch-apply-updates.service
 cp /ctx/os-release /usr/lib/os-release
 
-dnf5 update -y
+dnf5 update -y --setopt=install_weak_deps=False
 dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de plymouth
 dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control gnome-shell gnome-keyring gnome-keyring-pam gnome-bluetooth gnome-terminal nautilus seahorse evolution totem gstreamer1-plugin-libav gnome-extensions-app gnome-browser-connector gnome-shell-extension-appindicator
 dnf5 install -y gnome-calculator gnome-disk-utility gnome-backgrounds
-dnf5 install -y curl git btop nvtop tmux flatpak pciutils tailscale make fzf direnv xsel chromium 7zip
+dnf5 install -y curl git btop nvtop tmux flatpak pciutils tailscale make fzf direnv xsel chromium pandoc-common pandoc-pdf texlive-collection-langgerman ansible-core ansible-collection-community-general vlc sqlite netcat tor torbrowser-launcher
 git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com
 flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
 echo "LANG=de_DE.UTF-8" >> /etc/default/locale
@@ -21,22 +21,7 @@ curl -fsSLo /etc/yum.repos.d/vscode.repo https://packages.microsoft.com/yumrepos
 rpm-ostree install code
 rm /etc/yum.repos.d/vscode.repo
 
-dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+# Install Veracrypt: https://veracrypt.io/en/Downloads.html
-                https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
+curl -fsSLo /tmp/veracrypt.rpm "https://launchpad.net/veracrypt/trunk/1.26.24/+download/veracrypt-1.26.24-Fedora-40-x86_64.rpm"
-dnf5 install -y --allowerasing ffmpeg x265-libs
+rpm-ostree install -y /tmp/veracrypt.rpm
-
+rm /tmp/veracrypt.rpm
-# https://rpmfusion.org/Howto/NVIDIA
-# https://www.tecmint.com/install-nvidia-drivers-in-linux
-# https://github.com/ublue-os/akmods
-# https://github.com/ublue-os/bazzite
-# https://github.com/Comprehensive-Wall28/Nvidia-Fedora-Guide
-# this is a combination of bazzite & ublue-os nvidia installation
-# there is probably a better way to do it, but this works (I hope)
-dnf install -y \
-    /nvidia-kernel/rpms/ublue-os/ublue-os-nvidia*.rpm \
-    /nvidia-kernel/rpms/kmods/kmod-nvidia*.rpm \
-    /nvidia-packages/nvidia-kmod-common-* \
-    /nvidia-packages/nvidia-modprobe-5*
-
-dnf5 remove  -y rpmfusion-free-release rpmfusion-nonfree-release
-dnf5 clean all

build_files/initramfs.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/bash
+# https://github.com/ublue-os/bluefin/blob/ba5d621270982b245343abcae47b3393cc5cffb8/build_files/base/19-initramfs.sh
+
+echo "::group:: ===$(basename "$0")==="
+
+set -oue pipefail
+
+KERNEL_SUFFIX=""
+QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')"
+export DRACUT_NO_XATTR=1
+/usr/bin/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
+chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
+
+echo "::endgroup::"

build_files/nvidia.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/bash
+# based on https://raw.githubusercontent.com/ublue-os/bluefin/ba5d621270982b245343abcae47b3393cc5cffb8/build_files/base/03-install-kernel-akmods.sh
+
+echo "::group:: ===$(basename "$0")==="
+
+# Set Variables
+export AKMODS_FLAVOR=main
+export KERNEL="6.17.9-200.fc42.x86_64"
+export IMAGE_NAME=""
+
+set -eoux pipefail
+
+# Remove Existing Kernel
+for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra; do
+    rpm --erase $pkg --nodeps
+done
+
+# Fetch Common AKMODS & Kernel RPMS
+skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods
+AKMODS_TARGZ=$(jq -r '.layers[].digest' </tmp/akmods/manifest.json | cut -d : -f 2)
+tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/
+mv /tmp/rpms/* /tmp/akmods/
+# NOTE: kernel-rpms should auto-extract into correct location
+
+# Install Kernel
+dnf5 -y install \
+    /tmp/kernel-rpms/kernel-[0-9]*.rpm \
+    /tmp/kernel-rpms/kernel-core-*.rpm \
+    /tmp/kernel-rpms/kernel-modules-*.rpm
+
+# TODO: Figure out why akmods cache is pulling in akmods/kernel-devel
+dnf5 -y install \
+    /tmp/kernel-rpms/kernel-devel-*.rpm
+
+dnf5 versionlock add kernel kernel-devel kernel-devel-matched kernel-core kernel-modules kernel-modules-core kernel-modules-extra
+
+# Everyone
+# NOTE: we won't use dnf5 copr plugin for ublue-os/akmods until our upstream provides the COPR standard naming
+sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo
+
+# Nvidia AKMODS
+
+# Fetch Nvidia RPMs
+skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods-nvidia-open:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms
+NVIDIA_TARGZ=$(jq -r '.layers[].digest' </tmp/akmods-rpms/manifest.json | cut -d : -f 2)
+tar -xvzf /tmp/akmods-rpms/"$NVIDIA_TARGZ" -C /tmp/
+mv /tmp/rpms/* /tmp/akmods-rpms/
+
+# Monkey patch right now...
+if ! grep -q negativo17 <(rpm -qi mesa-dri-drivers); then
+    dnf5 -y swap --repo=updates-testing \
+        mesa-dri-drivers mesa-dri-drivers
+fi
+
+# Install Nvidia RPMs
+curl -sSL "https://raw.githubusercontent.com/ublue-os/main/0454e5857ac43c47e8d0b365a1c6a3912a5f9859/build_files/nvidia-install.sh" -o /tmp/nvidia-install.sh
+chmod +x /tmp/nvidia-install.sh
+/tmp/nvidia-install.sh
+rm -f /usr/share/vulkan/icd.d/nouveau_icd.*.json
+ln -sf libnvidia-ml.so.1 /usr/lib64/libnvidia-ml.so
+tee /usr/lib/bootc/kargs.d/00-nvidia.toml <<EOF
+kargs = ["rd.driver.blacklist=nouveau", "modprobe.blacklist=nouveau", "nvidia-drm.modeset=1", "initcall_blacklist=simpledrm_platform_driver_init"]
+EOF
+
+echo "::endgroup::"

build_files/os-release

@@ -2,4 +2,4 @@ NAME="ManInDark bootc Linux"
 ID=manindark-linux
 PRETTY_NAME="ManInDark's bootc Linux"
 VARIANT_ID=desktop
-VERSION_ID=43
+VERSION_ID=42