ver4a
e57fbda898
This reverts commit d7b86d3e4a, because I
realized discover uses rpm-ostree (which is unsupported for this image,
because it uses bootc features).
37 lines
1.6 KiB
Text
37 lines
1.6 KiB
Text
ARG REGISTRY_DOMAIN
|
|
|
|
ARG NAMESPACE
|
|
|
|
FROM ${REGISTRY_DOMAIN}/${NAMESPACE}/onc-kde:main-nvidia
|
|
|
|
# Install virtualization tools
|
|
RUN dnf5 -y install libvirt libvirt-daemon-kvm virt-manager openvswitch NetworkManager-ovs
|
|
|
|
# Install general utilities
|
|
RUN dnf5 -y install croc solaar openrgb wireguard-tools
|
|
|
|
# Install general purpose development tools
|
|
RUN dnf5 -y install codium neovim wl-clipboard ansible python3-ansible-lint uv butane coreos-installer java-21-openjdk-devel
|
|
|
|
# Remove unwanted packages
|
|
RUN dnf5 -y remove kde-connect plasma-discover plasma-discover-libs
|
|
|
|
# Remove Firefox rpm (superseded by flatpak Firefox)
|
|
RUN dnf5 -y remove firefox firefox-langpacks
|
|
|
|
# Remove unneeded packages (currently doesn't actually reduce space, but reduces clutter)
|
|
RUN dnf5 -y autoremove
|
|
|
|
# Remove setuid/setgid binaries
|
|
# Except for polkit-agent-helper-1, it's currently required for interactive authentication with polkit.
|
|
RUN find /usr -mindepth 1 -type f -perm /6000 -regextype posix-extended -not -regex '^/usr/lib/polkit-1/polkit-agent-helper-1$|^/usr/s?bin/unix_chkpwd$|^/usr/s?bin/fusermount[0-9]?$' -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \;
|
|
|
|
COPY ./selinux-policies /tmp/selinux-policies
|
|
RUN checkmodule -M -m -o /tmp/selinux-policies/ver4a-selinux.mod /tmp/selinux-policies/ver4a-selinux.te
|
|
RUN semodule_package -m /tmp/selinux-policies/ver4a-selinux.mod -o /tmp/selinux-policies/ver4a-selinux.pp
|
|
RUN semodule -i /tmp/selinux-policies/ver4a-selinux.pp
|
|
|
|
# https://github.com/ostreedev/ostree-rs-ext/issues/159
|
|
RUN ostree container commit
|
|
|
|
LABEL quay.expires-after=""
|