kde-linux/mkosi.postinst.chroot

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>

set -ex

env

mkdir --mode 0700 /system # for the kdeos-overlay.service
mkdir /snap               # for snapd (will get a subvolume mounted into that snapd then mounts the snaps into)

export SYSTEMD_ESP_PATH="$BOOT_MNT"
mkdir --mode 0700 "$SYSTEMD_ESP_PATH"
bootctl install
echo 'timeout 5' >> "$SYSTEMD_ESP_PATH/loader/loader.conf"
cp /usr/share/edk2-shell/x64/Shell.efi "$SYSTEMD_ESP_PATH/shellx64.efi"

# TODO: validate our sysupdate definitions are correct

# Each time the kde-linux-packages pipeline runs, it will create a new repository
# So we need to query GitLab to get the latest Job ID and artifacts path

pacman --sync --refresh --noconfirm jq

kde_linux_packages_project_id=19668
# Get the latest pipeline ID
latest_pipeline_id=$(
  curl --silent \
    "https://invent.kde.org/api/v4/projects/$kde_linux_packages_project_id/pipelines?ref=master&status=success&per_page=1" |
    jq -r '.[0].id'
)
# Get the latest job in the pipeline
latest_job_id=$(
  curl --silent \
    "https://invent.kde.org/api/v4/projects/$kde_linux_packages_project_id/pipelines/$latest_pipeline_id/jobs?scope[]=success&order_by=id&sort=desc" |
    jq -r '.[0].id'
)

# Now add its artifacts to the pacman.conf
cat <<- EOF >> /etc/pacman.conf
[banana]
# Signature checking is not needed beacuse the packages are served over HTTPS and we have no mirrors
SigLevel = Never
Server = https://invent.kde.org/fernando/kde-linux-packages/-/jobs/$latest_job_id/artifacts/raw/artifacts/banana

[banana-debug]
SigLevel = Never
Server = https://invent.kde.org/fernando/kde-linux-packages/-/jobs/$latest_job_id/artifacts/raw/artifacts/banana-debug
EOF

pacman --sync --refresh

# Install build and runtime dependencies
packages=(
  git base-devel cmake yaml-cpp boost-libs boost dosfstools btrfs-progs glib2-devel
  # NOTE: plasma-workspace depends on phonon (to build integration plugins **for** phonon) but doesn't actually
  #   need a working backend so we build without vlc for now.
  # For discover backend
  fwupd
  # For kio-extras
  smbclient
  # For selenium
  python-atspi
  # For print-manager
  cups cups-browsed system-config-printer
  # For kdenetwork-filesharing
  samba
  # For spectacle
  opencv
  # For fingerprint login
  fprintd
  # For DDC/CI external monitors brightness; https://wiki.archlinux.org/title/backlight
  ddcutil
  # For users KCM
  accountsservice

  # All the KDE we plan to include in the base image
  $(pacman --sync --list --quiet banana)

  # AUR packages
  snapd steam-devices-git systemd-bootchart

  # kde-builder dependencies
  dbus-python python-yaml python-setproctitle

  # for _kdeos-make-debug-archive
  arch-install-scripts
)

# Install in parallel to improve performance
# --noconfirm won't replace conflicts so we use `yes`
yes | pacman --sync --refresh --needed "${packages[@]}"

# KDE Builder
whoami
cd /opt
echo "$PWD"
env

KDE_BUILD_ROOT="$CHROOT_SRCDIR/kde-builder"

export HOME=$KDE_BUILD_ROOT
git clone https://invent.kde.org/sdk/kde-builder.git
cd kde-builder

# Still need this until the following issue is resolved:
# https://invent.kde.org/sysadmin/repo-metadata/-/issues/12
./kde-builder --install-distro-packages --prompt-answer yes

# Meanwhile cleanup a bit
## Unnecessary for us
pacman --remove --noconfirm qt6-doc qt6-examples || true
## Rust gets static compiled anyway. No need to have it in the image
pacman --remove --noconfirm corrosion rust || true

# No packagekit support in discover please! We don't want discover talking about pacman things.
pacman --remove --noconfirm packagekit libpackagekit-glib || true

# Calamares
cd /tmp
git clone --depth 1 https://github.com/calamares/calamares
cmake -S calamares -B calamares/build -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_TESTING=OFF -DWITH_QT6=ON
cmake --build calamares/build "-j$(nproc)"
DESTDIR=/live/ cmake --install calamares/build

cat <<- EOF > /usr/share/icons/default/index.theme
[Icon Theme]
Inherits=breeze_cursors
EOF

# WARNING: only set up os-release after the build otherwise kde-build doesn't know how to handle the system currently
cat <<- EOF > /usr/lib/os-release
NAME="KDE Linux"
PRETTY_NAME="KDE Linux"
ID=kdelinux
VERSION_ID=$IMAGE_VERSION
BUILD_ID=$CI_COMMIT_SHORT_SHA
ANSI_COLOR="38;2;61;174;233"
HOME_URL="https://linux.kde.org/"
DOCUMENTATION_URL="https://userbase.kde.org/KDE_Linux"
SUPPORT_URL="https://kde.org/support/"
BUG_REPORT_URL="https://bugs.kde.org/enter_bug.cgi?product=kde-linux"
PRIVACY_POLICY_URL="https://kde.org/privacypolicy-apps/"
LOGO=kde-symbolic
IMAGE_VERSION=$IMAGE_VERSION
# KDE Linux specific keys.
KDE_LINUX_COMMIT_SHA=$CI_COMMIT_SHA
KDE_LINUX_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA
KDE_LINUX_CI_URL=$CI_PIPELINE_URL
EOF
[ -f /usr/lib/os-release ] || false
cat /usr/lib/os-release

# Generate the debug archive after the os-release so we can easily turn it into a systemd-sysext
cd /
_kdeos-make-debug-archive

mkdir flatpak
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
# Do this separately, when used as part of remote-add it complains about GPG for unknown reasons
flatpak remote-modify --collection-id=org.flathub.Stable flathub

# Only check out en. We don't really support other languages on the live image at this time.
flatpak config --set languages en

flatpak install --noninteractive --assumeyes \
  org.kde.ark \
  org.kde.dolphin \
  org.kde.gwenview \
  org.kde.kate \
  org.kde.konsole \
  org.kde.kwalletmanager5 \
  org.kde.kwrite \
  org.kde.okular \
  org.mozilla.firefox \
  org.videolan.VLC

# And restore default
flatpak config --unset languages

mv /var/lib/flatpak / # we'll extract this and later mount it into place

# Enable samba usershare
cat <<- EOF >> /etc/samba/smb.conf
[global]
  usershare path = /var/lib/samba/usershares
  usershare max shares = 100
  usershare allow guests = yes
  usershare owner only = yes
EOF

plymouth-set-default-theme breeze-bgrt

cd /tmp
/usr/bin/_kdeos-rebuild-efi
mv -v ./*.efi /