From dddd72d82a7edc13491c05206c0ea28686a7e09b Mon Sep 17 00:00:00 2001 From: ver4a Date: Fri, 13 Feb 2026 18:41:53 +0100 Subject: [PATCH] build: move kde-onc image build logic to bash This makes the build significantly faster, as podman/buildah has a large processing overhead for commiting each layer, even though I squash them in the end. --- containers/Dockerfile.kde | 43 +++---------------------------- containers/build-scripts/kde.bash | 36 ++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 39 deletions(-) create mode 100644 containers/build-scripts/kde.bash diff --git a/containers/Dockerfile.kde b/containers/Dockerfile.kde index 586c098..e61bf11 100644 --- a/containers/Dockerfile.kde +++ b/containers/Dockerfile.kde @@ -35,48 +35,13 @@ COPY --from=scx-build /build/scx/services/scx.service /usr/lib/systemd/system/sc # dnf configuration has to be in effect during build COPY etc/dnf /etc/dnf -# Add rpmfusion repositories -RUN dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm - -# Install ffmpeg (removing all the -free replacements is required) -RUN dnf5 -y install --allowerasing ffmpeg - -# Install hardware codecs -RUN dnf5 -y install intel-media-driver - -# Install gpu utilities -RUN dnf5 -y install igt-gpu-tools - -# Install openh264 -RUN dnf5 -y swap noopenh264 openh264 && dnf5 -y install mozilla-openh264 - -# Bulk of layered packages -RUN dnf5 -y install vim bat btop pv restic zstd nmap-ncat yt-dlp - -# Set vim as default editor -RUN dnf5 -y swap nano-default-editor vim-default-editor - -# Remove default color prompt (is replaced with a custom one) -RUN dnf5 -y remove bash-color-prompt - -# Load the ntsync kernel module on boot -RUN dnf5 -y install ntsync-autoload - # Apply configuration COPY etc /etc COPY usr /usr -# fix-up kconfig path -RUN sed -i "/SCX_FLAGS=/ s/$/ --kconfig \/usr\/lib\/modules\/$(rpm -qa kernel | sed 's/kernel-//g')\/config/" /etc/default/scx - -# Apply hardened firewall configuration -RUN firewall-offline-cmd --set-default-zone public -RUN firewall-offline-cmd --remove-service ssh - -# Restrict permissions on quadlet directory -RUN chmod 700 /etc/containers/systemd - -# https://github.com/ostreedev/ostree-rs-ext/issues/159 -RUN ostree container commit +# Run build logic +COPY build-scripts/kde.bash /tmp/kde.bash +RUN chmod +x /tmp/kde.bash +RUN /tmp/kde.bash LABEL quay.expires-after="" diff --git a/containers/build-scripts/kde.bash b/containers/build-scripts/kde.bash new file mode 100644 index 0000000..7d87eaf --- /dev/null +++ b/containers/build-scripts/kde.bash @@ -0,0 +1,36 @@ +#!/usr/bin/bash +set -euo pipefail + +# Add rpmfusion repositories +dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm + +# Install ffmpeg (removing all the -free replacements is required) +dnf5 -y install --allowerasing ffmpeg + +PKGS_CODECS="intel-media-driver openh264 mozilla-openh264 ffmpeg" +PKGS_UTILS="igt-gpu-tools" +PKGS_GENERAL="vim bat btop pv restic zstd nmap-ncat yt-dlp" +# Set vim as default editor +PKGS_DEFAULT_EDITOR="vim-default-editor" +# Load the ntsync kernel module on boot +PKGS_NTSYNC="ntsync-autoload" + +# Add packages +dnf5 -y install --allowerasing ${PKGS_CODECS} ${PKGS_UTILS} ${PKGS_GENERAL} ${PKGS_DEFAULT_EDITOR} ${PKGS_NTSYNC} + +# Remove default color prompt (is replaced with a custom one) +dnf5 -y remove bash-color-prompt + +# Apply configuration +# fix-up kconfig path +sed -i "/SCX_FLAGS=/ s/$/ --kconfig \/usr\/lib\/modules\/$(rpm -qa kernel | sed 's/kernel-//g')\/config/" /etc/default/scx + +# Apply hardened firewall configuration +firewall-offline-cmd --set-default-zone public +firewall-offline-cmd --remove-service ssh + +# Restrict permissions on quadlet directory +chmod 700 /etc/containers/systemd + +# https://github.com/ostreedev/ostree-rs-ext/issues/159 +ostree container commit