From 63fec95a2cb3fc2b625a071da6c250574584a647 Mon Sep 17 00:00:00 2001
From: Jordan Pryde <jordan@pryde.me>
Date: Thu, 18 Apr 2024 17:20:52 -0700
Subject: [PATCH] Install duperemove and fix inconsistencies

- We move users/groups from /etc to /usr/lib
- We use rpm-ostree cliwrap for kernel-install instead of
regen-initramfs.sh
- We prepare to write a custom libdnf5 script to do upgrades with
rpm-ostree.
---
 .github/workflows/snapshot-rawhide.yml |  2 --
 config/scripts/regen-initramfs.sh      |  2 +-
 recipes/fedora-kinoite-laptop.yml      | 41 ++++++++++++++++----------
 3 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/snapshot-rawhide.yml b/.github/workflows/snapshot-rawhide.yml
index 387f615..6d02c28 100644
--- a/.github/workflows/snapshot-rawhide.yml
+++ b/.github/workflows/snapshot-rawhide.yml
@@ -1,7 +1,5 @@
 name: snapshot-rawhide
 on:
-  schedule:
-    - cron: "00 14 * * 1"
   workflow_dispatch: # allow manually triggering builds
 jobs:
   snapshot-rawhide:
diff --git a/config/scripts/regen-initramfs.sh b/config/scripts/regen-initramfs.sh
index 2f5eda6..2f4b9da 100644
--- a/config/scripts/regen-initramfs.sh
+++ b/config/scripts/regen-initramfs.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -oue pipefail
 
-KVER="$(rpm -q kernel | sed -rn 's/^kernel-(.*)$/\1/p')"
+KVER="$(rpm -q kernel-core --qf '%{version}-%{release}.%{arch}' | head -n1)"
 ls -1 --zero /usr/lib/modules | grep -vz "^$KVER$" \
     | sed -z 's/[[:space:]]*$//' \
     | xargs -r -0 -- printf "/usr/lib/modules/%s\0" \
diff --git a/recipes/fedora-kinoite-laptop.yml b/recipes/fedora-kinoite-laptop.yml
index 38e1501..8f937ef 100644
--- a/recipes/fedora-kinoite-laptop.yml
+++ b/recipes/fedora-kinoite-laptop.yml
@@ -41,11 +41,12 @@ modules:
   # We use a stable kernel instead of the one from rawhide
   - type: script
     snippets:
+      - rpm-ostree cliwrap install-to-root /
       - rpm-ostree override replace kernel-modules-core kernel-modules-extra kernel-core kernel-modules kernel-headers kernel --experimental --from repo=fedora-40-kernel
-      - rm -f /usr/lib/modules/*/initramfs.img
-      - /tmp/config/scripts/regen-initramfs.sh
-      - rm -rf /boot
-      - mkdir -m 755 /boot
+      #- rm -f /usr/lib/modules/*/initramfs.img
+      #- /tmp/config/scripts/regen-initramfs.sh
+      #- rm -rf /boot
+      #- mkdir -m 755 /boot
 
   # Package management
   - type: rpm-ostree
@@ -60,7 +61,7 @@ modules:
   - type: script
     snippets:
       - createrepo /usr/share/local-rpm-repo
-      - dnf5 '--exclude=kernel*' upgrade -y
+      #- dnf5 '--exclude=kernel*' upgrade -y
 
   # Virtualization
   - type: rpm-ostree
@@ -104,8 +105,8 @@ modules:
     snippets:
       # WORKAROUND: Create the group for 1Password with the a consistent GID
       # Also, 1Password requires the GID to be > 1000
-      - groupadd -g 5001 "onepassword"
-      - groupadd -g 5002 "onepassword-cli"
+      - echo "onepassword:x:5001:" >> /usr/lib/group
+      - echo "onepassword-cli:x:5002:" >> /usr/lib/group
 
   # Proprietary
   - type: rpm-ostree
@@ -126,6 +127,7 @@ modules:
   # CLI Utils
   - type: rpm-ostree
     install:
+      - duperemove
       - htop
       - mosh
       - ncdu
@@ -164,20 +166,29 @@ modules:
   # BUST LAYER CACHE IF THERE ARE UPDATES
   # We still download packages from whatever repo is suggested by Fedora's metalink
   # But we trust UWaterloo to be somewhat quickly up to date.
-  - type: containerfile
-    snippets:
-      - ADD https://mirror.csclub.uwaterloo.ca/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/repomd.xml /tmp/mirror-cache-bust
+  #- type: containerfile
+  #  snippets:
+  #    - ADD https://mirror.csclub.uwaterloo.ca/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/repomd.xml /tmp/mirror-cache-bust
 
   # Upgrade all in one layer if there are any new packages
-  - type: script
-    snippets:
-      - dnf5 '--exclude=kernel*' upgrade -y
+  #- type: script
+  #  snippets:
+  #    - dnf5 '--exclude=kernel*' upgrade -y
+
+  - type: rpm-ostree
+    install:
       # WORKAROUND: do last because my RPM depends on 1Password not ever being upgraded
-      - rpm-ostree install 1password-ostree-workaround
+      - 1password-ostree-workaround
 
-  # WORKAROUND: Put back /opt and merge /usr/etc into /etc
   - type: script
     snippets:
+      # WORKAROUND: Ensure all accounts are moved to altfiles
+      - grep -Ev "(^root:)" /etc/passwd >> /usr/lib/passwd
+      - grep -Ev "(^root:)|(^wheel:)" /etc/group >> /usr/lib/group
+      - echo "root:x:0:0:root:/root:/bin/bash" > /etc/passwd
+      - echo "root:x:0:" > /etc/group
+      - echo "wheel:x:10:" >> /etc/group
+      #   Put back /opt and merge /usr/etc into /etc
       - rm /opt
       - ln -s var/opt /opt
       - cp -fal /usr/etc /