FIX: change nvidia driver integration to ublue-os/main version

Containerfile

@@ -1,6 +1,10 @@
 FROM scratch AS ctx
 COPY build_files /
 
+FROM ghcr.io/ublue-os/akmods:main-43 AS akmods
+
+FROM ghcr.io/ublue-os/akmods-nvidia-open:main-43 AS akmods_nvidia
+
 FROM ghcr.io/ublue-os/base-main:43
 
 RUN rm -r /opt && mkdir /opt
@@ -9,6 +13,9 @@ RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
     --mount=type=tmpfs,dst=/tmp \
+    --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \
+    --mount=type=bind,from=akmods,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+    --mount=type=bind,from=akmods_nvidia,src=/rpms,dst=/tmp/akmods-nv-rpms \
     /ctx/nvidia.sh
 
 RUN --mount=type=bind,from=ctx,source=/,target=/ctx \

README.md

@@ -54,8 +54,12 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 - ffmpeg
 - pandoc
 - ansible
+- sqlite
+- netcat
+- tor & torbrowser-launcher
 - Flatpak (with default repository configured)
 - Chromium
+- Veracrypt
 - VSCode
 - NVIDIA Drivers
 
@@ -84,4 +88,4 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 
 ### Notes
 
-Those also include links that didn't work out in the end for various reasons, the one I use now is based on extracting the relevant parts of the bluefin scripts.
+Those also include links that didn't work out in the end for various reasons, the one I use now is based on ublue-os/main scripts.

build_files/build.sh

@@ -8,7 +8,7 @@ dnf5 update -y --setopt=install_weak_deps=False
 dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de plymouth
 dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control gnome-shell gnome-keyring gnome-keyring-pam gnome-bluetooth gnome-terminal nautilus seahorse evolution totem gstreamer1-plugin-libav gnome-extensions-app gnome-browser-connector gnome-shell-extension-appindicator
 dnf5 install -y gnome-calculator gnome-disk-utility gnome-backgrounds
-dnf5 install -y curl git btop nvtop tmux flatpak pciutils tailscale make fzf direnv xsel chromium 7zip pandoc-common pandoc-pdf texlive-collection-langgerman ansible-core ansible-collection-community-general vlc
+dnf5 install -y curl git btop nvtop tmux flatpak pciutils tailscale make fzf direnv xsel chromium 7zip pandoc-common pandoc-pdf texlive-collection-langgerman ansible-core ansible-collection-community-general vlc sqlite netcat tor torbrowser-launcher
 git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com
 flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
 echo "LANG=de_DE.UTF-8" >> /etc/default/locale
@@ -24,5 +24,9 @@ rm /etc/yum.repos.d/vscode.repo
 dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
                 https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
 dnf5 install -y --allowerasing ffmpeg x265-libs
+
+# Install Veracrypt: https://veracrypt.io/en/Downloads.html
+dnf5 install -y https://launchpad.net/veracrypt/trunk/1.26.24/+download/veracrypt-1.26.24-Fedora-40-x86_64.rpm
+
 dnf5 remove  -y rpmfusion-free-release rpmfusion-nonfree-release
 dnf5 clean all

build_files/initramfs.sh

@@ -1,14 +1,10 @@
 #!/usr/bin/bash
-# https://github.com/ublue-os/bluefin/blob/ba5d621270982b245343abcae47b3393cc5cffb8/build_files/base/19-initramfs.sh
 
-echo "::group:: ===$(basename "$0")==="
+set -eoux pipefail
 
-set -oue pipefail
+KERNEL_VERSION="$(rpm -q --queryformat="%{evr}.%{arch}" kernel-core)"
 
-KERNEL_SUFFIX=""
+# Ensure Initramfs is generated
-QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')"
 export DRACUT_NO_XATTR=1
-/usr/bin/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
+/usr/bin/dracut --no-hostonly --kver "${KERNEL_VERSION}" --reproducible -v --add ostree -f "/lib/modules/${KERNEL_VERSION}/initramfs.img"
-chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
+chmod 0600 "/lib/modules/${KERNEL_VERSION}/initramfs.img"
-
-echo "::endgroup::"

build_files/nvidia.sh

@@ -1,65 +1,103 @@
-#!/usr/bin/bash
+#!/bin/bash
-# based on https://raw.githubusercontent.com/ublue-os/bluefin/ba5d621270982b245343abcae47b3393cc5cffb8/build_files/base/03-install-kernel-akmods.sh
 
-echo "::group:: ===$(basename "$0")==="
+set -ouex pipefail
 
-# Set Variables
+FRELEASE="$(rpm -E %fedora)"
-export AKMODS_FLAVOR=main
+: "${AKMODNV_PATH:=/tmp/akmods-nv-rpms}"
-export KERNEL="6.17.9-300.fc43.x86_64"
-export IMAGE_NAME=""
 
-set -eoux pipefail
 
-# Remove Existing Kernel
+# this is only to aid in human understanding of any issues in CI
-for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra; do
+find "${AKMODNV_PATH}"/
-    rpm --erase $pkg --nodeps
-done
 
-# Fetch Common AKMODS & Kernel RPMS
+if ! command -v dnf5 >/dev/null; then
-skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods
+    echo "Requires dnf5... Exiting"
-AKMODS_TARGZ=$(jq -r '.layers[].digest' </tmp/akmods/manifest.json | cut -d : -f 2)
+    exit 1
-tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/
-mv /tmp/rpms/* /tmp/akmods/
-# NOTE: kernel-rpms should auto-extract into correct location
-
-# Install Kernel
-dnf5 -y install \
-    /tmp/kernel-rpms/kernel-[0-9]*.rpm \
-    /tmp/kernel-rpms/kernel-core-*.rpm \
-    /tmp/kernel-rpms/kernel-modules-*.rpm
-
-# TODO: Figure out why akmods cache is pulling in akmods/kernel-devel
-dnf5 -y install \
-    /tmp/kernel-rpms/kernel-devel-*.rpm
-
-dnf5 versionlock add kernel kernel-devel kernel-devel-matched kernel-core kernel-modules kernel-modules-core kernel-modules-extra
-
-# Everyone
-# NOTE: we won't use dnf5 copr plugin for ublue-os/akmods until our upstream provides the COPR standard naming
-sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo
-
-# Nvidia AKMODS
-
-# Fetch Nvidia RPMs
-skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods-nvidia-open:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms
-NVIDIA_TARGZ=$(jq -r '.layers[].digest' </tmp/akmods-rpms/manifest.json | cut -d : -f 2)
-tar -xvzf /tmp/akmods-rpms/"$NVIDIA_TARGZ" -C /tmp/
-mv /tmp/rpms/* /tmp/akmods-rpms/
-
-# Monkey patch right now...
-if ! grep -q negativo17 <(rpm -qi mesa-dri-drivers); then
-    dnf5 -y swap --repo=updates-testing \
-        mesa-dri-drivers mesa-dri-drivers
 fi
 
-# Install Nvidia RPMs
+# Check if any rpmfusion repos exist before trying to disable them
-curl -sSL "https://raw.githubusercontent.com/ublue-os/main/main/build_files/nvidia-install.sh" -o /tmp/nvidia-install.sh
+if dnf5 repolist --all | grep -q rpmfusion; then
-chmod +x /tmp/nvidia-install.sh
+    dnf5 config-manager setopt "rpmfusion*".enabled=0
-/tmp/nvidia-install.sh
+fi
-rm -f /usr/share/vulkan/icd.d/nouveau_icd.*.json
-ln -sf libnvidia-ml.so.1 /usr/lib64/libnvidia-ml.so
-tee /usr/lib/bootc/kargs.d/00-nvidia.toml <<EOF
-kargs = ["rd.driver.blacklist=nouveau", "modprobe.blacklist=nouveau", "nvidia-drm.modeset=1", "initcall_blacklist=simpledrm_platform_driver_init"]
-EOF
 
-echo "::endgroup::"
+# Always try to disable cisco repo (or add similar check)
+dnf5 config-manager setopt fedora-cisco-openh264.enabled=0
+
+## nvidia install steps
+dnf5 install -y "${AKMODNV_PATH}"/ublue-os/ublue-os-nvidia-addons-*.rpm
+
+# Install MULTILIB packages from negativo17-multimedia prior to disabling repo
+
+MULTILIB=(
+    mesa-dri-drivers.i686
+    mesa-filesystem.i686
+    mesa-libEGL.i686
+    mesa-libGL.i686
+    mesa-libgbm.i686
+    mesa-va-drivers.i686
+    mesa-vulkan-drivers.i686
+)
+
+dnf5 install -y "${MULTILIB[@]}"
+
+# enable repos provided by ublue-os-nvidia-addons (not enabling fedora-nvidia-lts)
+dnf5 config-manager setopt fedora-nvidia.enabled=1 nvidia-container-toolkit.enabled=1
+
+# Disable Multimedia
+NEGATIVO17_MULT_PREV_ENABLED=N
+if dnf5 repolist --enabled | grep -q "fedora-multimedia"; then
+    NEGATIVO17_MULT_PREV_ENABLED=Y
+    echo "disabling negativo17-fedora-multimedia to ensure negativo17-fedora-nvidia is used"
+    dnf5 config-manager setopt fedora-multimedia.enabled=0
+fi
+
+# Enable staging for supergfxctl if repo file exists
+if [[ -f /etc/yum.repos.d/_copr_ublue-os-staging.repo ]]; then
+    sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-staging.repo
+else
+    # Otherwise, retrieve the repo file for staging
+    curl -Lo /etc/yum.repos.d/_copr_ublue-os-staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FRELEASE}"/ublue-os-staging-fedora-"${FRELEASE}".repo
+fi
+
+source "${AKMODNV_PATH}"/kmods/nvidia-vars
+
+dnf5 install -y \
+    libnvidia-fbc \
+    libnvidia-ml.i686 \
+    libva-nvidia-driver \
+    nvidia-driver \
+    nvidia-driver-cuda \
+    nvidia-driver-cuda-libs.i686 \
+    nvidia-driver-libs.i686 \
+    nvidia-settings \
+    nvidia-container-toolkit \
+    "${AKMODNV_PATH}"/kmods/kmod-nvidia-"${KERNEL_VERSION}"-"${NVIDIA_AKMOD_VERSION}"."${DIST_ARCH}".rpm
+
+# Ensure the version of the Nvidia module matches the driver
+KMOD_VERSION="$(rpm -q --queryformat '%{VERSION}' kmod-nvidia)"
+DRIVER_VERSION="$(rpm -q --queryformat '%{VERSION}' nvidia-driver)"
+if [ "$KMOD_VERSION" != "$DRIVER_VERSION" ]; then
+    echo "Error: kmod-nvidia version ($KMOD_VERSION) does not match nvidia-driver version ($DRIVER_VERSION)"
+    exit 1
+fi
+
+## nvidia post-install steps
+# disable repos provided by ublue-os-nvidia-addons
+dnf5 config-manager setopt fedora-nvidia.enabled=0 fedora-nvidia-lts.enabled=0 nvidia-container-toolkit.enabled=0
+
+# Disable staging
+sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/_copr_ublue-os-staging.repo
+
+systemctl enable ublue-nvctk-cdi.service
+semodule --verbose --install /usr/share/selinux/packages/nvidia-container.pp
+
+# Universal Blue specific Initramfs fixes
+cp /etc/modprobe.d/nvidia-modeset.conf /usr/lib/modprobe.d/nvidia-modeset.conf
+# we must force driver load to fix black screen on boot for nvidia desktops
+sed -i 's@omit_drivers@force_drivers@g' /usr/lib/dracut/dracut.conf.d/99-nvidia.conf
+# as we need forced load, also mustpre-load intel/amd iGPU else chromium web browsers fail to use hardware acceleration
+sed -i 's@ nvidia @ i915 amdgpu nvidia @g' /usr/lib/dracut/dracut.conf.d/99-nvidia.conf
+
+# re-enable negativo17-mutlimedia since we disabled it
+if [[ "${NEGATIVO17_MULT_PREV_ENABLED}" = "Y" ]]; then
+    dnf5 config-manager setopt fedora-multimedia.enabled=1
+fi