diff --git a/.forgejo/workflows/release-iso.yml b/.forgejo/workflows/release-iso.yml new file mode 100644 index 0000000..aff0bef --- /dev/null +++ b/.forgejo/workflows/release-iso.yml @@ -0,0 +1,207 @@ +name: Build and release ISO + +# Builds the BOS ISO on the hestia self-hosted runner (native Arch container), +# downloads all bakery ecosystem binaries from their GitHub releases, compiles +# bread-theme from source, and uploads the resulting ISO to a Forgejo pre-release. +# A matching GitHub release is created that points to Forgejo for the download +# (GitHub releases cannot host files larger than 2 GB). +# +# Required secrets: +# RELEASE_TOKEN — Forgejo API token with write:repository scope +# MIRROR_TOKEN — GitHub personal access token with repo scope (already used by mirror.yml) + +on: + push: + tags: ['v*'] + workflow_dispatch: + inputs: + tag: + description: 'Git tag to build (e.g. v0.4.0)' + required: true + +jobs: + release-iso: + runs-on: [self-hosted, hestia] + container: + image: archlinux:latest + # --privileged: mkarchiso needs CAP_SYS_ADMIN for loop mounts + mknod + # --network=host: gives localhost:3002 access to Forgejo (avoids the + # public git.breadway.dev → Aegis → Tailscale round-trip for pacman) + options: --privileged --network=host + + steps: + - name: Install build dependencies + run: | + pacman -Syu --noconfirm archiso curl python git rust + + - name: Determine tag and version + id: vars + run: | + if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + TAG="${{ github.event.inputs.tag }}" + else + TAG="${{ github.ref_name }}" + fi + echo "tag=$TAG" >> "$GITHUB_OUTPUT" + echo "version=${TAG#v}" >> "$GITHUB_OUTPUT" + + - name: Clone repository at tag + run: | + git clone --branch "${{ steps.vars.outputs.tag }}" --depth 1 \ + "https://git.breadway.dev/${GITHUB_REPOSITORY}.git" /bos + + - name: Download bakery ecosystem binaries + run: | + set -euo pipefail + mkdir -p /build-home/.local/bin \ + /build-home/.local/state/bakery \ + /build-home/.cache/bakery + + # Fetch the canonical bakery index + curl -fsSL "https://dl.breadway.dev/index.json" \ + -o /build-home/.cache/bakery/index.json + + # Download each binary from dl.breadway.dev (canonical source; github_url + # is not always published for dev/patch releases) and generate the + # installed.json that bakery expects in ~/.local/state. + python3 << 'PYEOF' + import json, urllib.request, os + + with open('/build-home/.cache/bakery/index.json') as f: + idx = json.load(f) + + BIN_DIR = '/build-home/.local/bin' + installed = {} + + for pkg_name, pkg in idx['packages'].items(): + bins = [] + for b in pkg['binaries']: + dest_name = b['name'].removesuffix('-x86_64') + dest = os.path.join(BIN_DIR, dest_name) + url = b['dl_url'] + print(f' {dest_name} <- {url}', flush=True) + urllib.request.urlretrieve(url, dest) + os.chmod(dest, 0o755) + bins.append(dest_name) + + # installed.json services field is a flat list of unit-name strings + services = [ + (s['unit'] if isinstance(s, dict) else s) + for s in pkg.get('services', []) + ] + installed[pkg_name] = { + 'name': pkg_name, + 'version': pkg['version'], + 'binaries': bins, + 'services': services, + 'installed_at': '2024-01-01T00:00:00+00:00', + } + + with open('/build-home/.local/state/bakery/installed.json', 'w') as f: + json.dump({'packages': installed}, f, indent=2) + print('installed.json written', flush=True) + PYEOF + + - name: Build bread-theme from source + run: | + set -euo pipefail + # bread-theme is not in the bakery index; build it at the tag pinned + # in bos-settings/Cargo.toml so the CLI matches the library version. + THEME_TAG=$(grep 'bread-theme.*tag' /bos/bos-settings/Cargo.toml \ + | grep -oP '"v[^"]+"' | tr -d '"') + echo "Building bread-theme @ $THEME_TAG" + git clone --branch "$THEME_TAG" --depth 1 \ + https://github.com/Breadway/bread-ecosystem /bread-ecosystem + cd /bread-ecosystem + cargo build --release -p bread-theme + install -m 755 target/release/bread-theme /build-home/.local/bin/bread-theme + echo "bread-theme built OK" + + - name: Build ISO + run: | + set -euo pipefail + mkdir -p /bos-work /bos-out + cd /bos + LAPTOP_HOME=/build-home \ + WORK=/bos-work \ + OUT=/bos-out \ + CI_BUILD=1 \ + bash build-local.sh + ls -lh /bos-out/*.iso + + - name: Create Forgejo release and upload ISO + env: + FORGEJO_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + set -euo pipefail + TAG="${{ steps.vars.outputs.tag }}" + VERSION="${{ steps.vars.outputs.version }}" + ISO=$(ls /bos-out/*.iso | head -1) + ISO_NAME="bos-${VERSION}-x86_64.iso" + + # Use an existing release for this tag if one exists (e.g. created + # manually or by a prior re-run), otherwise create a fresh one. + EXISTING=$(curl -sf \ + -H "Authorization: token ${FORGEJO_TOKEN}" \ + "http://localhost:3002/api/v1/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG}" \ + 2>/dev/null || true) + RELEASE_ID=$(echo "${EXISTING}" | python3 -c \ + "import json,sys; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true) + + if [ -z "${RELEASE_ID}" ]; then + RELEASE=$(curl -fsS -X POST \ + -H "Authorization: token ${FORGEJO_TOKEN}" \ + -H "Content-Type: application/json" \ + "http://localhost:3002/api/v1/repos/${GITHUB_REPOSITORY}/releases" \ + -d "{ + \"tag_name\": \"${TAG}\", + \"name\": \"BOS ${TAG}\", + \"prerelease\": false, + \"body\": \"ISO image attached below.\\n\\nSee the [README](https://github.com/Breadway/bos#testing-in-a-vm) for VM testing instructions.\" + }") + RELEASE_ID=$(echo "${RELEASE}" | python3 -c "import json,sys; print(json.load(sys.stdin)['id'])") + fi + echo "Using release ID: ${RELEASE_ID}" + + # Remove any existing asset with the same name before uploading + ASSET_ID=$(curl -sf \ + -H "Authorization: token ${FORGEJO_TOKEN}" \ + "http://localhost:3002/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets" \ + | python3 -c " + import json,sys + assets=json.load(sys.stdin) + match=[a['id'] for a in assets if a['name']=='${ISO_NAME}'] + print(match[0] if match else '') + " 2>/dev/null || true) + + if [ -n "${ASSET_ID}" ]; then + curl -fsS -X DELETE \ + -H "Authorization: token ${FORGEJO_TOKEN}" \ + "http://localhost:3002/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets/${ASSET_ID}" + echo "Removed existing ${ISO_NAME} asset" + fi + + curl -fsS -X POST \ + -H "Authorization: token ${FORGEJO_TOKEN}" \ + -F "attachment=@${ISO};filename=${ISO_NAME}" \ + "http://localhost:3002/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets" + echo "Uploaded: ${ISO_NAME}" + + - name: Create GitHub release + env: + GH_TOKEN: ${{ secrets.MIRROR_TOKEN }} + run: | + set -euo pipefail + TAG="${{ steps.vars.outputs.tag }}" + VERSION="${{ steps.vars.outputs.version }}" + FORGEJO_URL="https://git.breadway.dev/${GITHUB_REPOSITORY}/releases/tag/${TAG}" + + printf '**Download ISO:** %s\n\nGitHub releases cannot host files >2 GB; the `bos-%s-x86_64.iso` (~2.5 GB) is on Forgejo.\n\nSee the [README](https://github.com/Breadway/bos#testing-in-a-vm) for VM testing instructions.' \ + "${FORGEJO_URL}" "${VERSION}" > /tmp/gh-release-notes.md + + gh release create "${TAG}" \ + --repo "Breadway/bos" \ + --title "BOS ${TAG}" \ + \ + --notes-file /tmp/gh-release-notes.md \ + 2>/dev/null || echo "GitHub release already exists — skipping" diff --git a/.gitignore b/.gitignore index 693a6d1..25b3b3b 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ secrets/ # archiso build artifacts (these are large and reproducible) /iso-build/ /iso-out/ +/out/ *.iso *.img diff --git a/Cargo.lock b/Cargo.lock index 9199452..f29bbea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -28,7 +28,7 @@ checksum = "b4388bee8683e3d04af747c73422af53102d2bd24d9eadb6cbc100baef4b43f8" [[package]] name = "bos-settings" -version = "0.3.1" +version = "0.4.0" dependencies = [ "async-channel", "bread-theme", diff --git a/assets/Icon 1024x1024.png b/assets/Icon 1024x1024.png new file mode 100644 index 0000000..e383c6b Binary files /dev/null and b/assets/Icon 1024x1024.png differ diff --git a/assets/Icon 256x256.png b/assets/Icon 256x256.png new file mode 100644 index 0000000..a9a693e Binary files /dev/null and b/assets/Icon 256x256.png differ diff --git a/assets/Icon 512x512.png b/assets/Icon 512x512.png new file mode 100644 index 0000000..7ccbb59 Binary files /dev/null and b/assets/Icon 512x512.png differ diff --git a/bread_white.svg b/assets/bread_white.svg similarity index 100% rename from bread_white.svg rename to assets/bread_white.svg diff --git a/bos-settings/Cargo.toml b/bos-settings/Cargo.toml index cb30ac3..c6e37ac 100644 --- a/bos-settings/Cargo.toml +++ b/bos-settings/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "bos-settings" -version = "0.3.1" +version = "0.4.0" edition = "2021" [dependencies] diff --git a/bos-settings/src/ui/views/breadbar.rs b/bos-settings/src/ui/views/breadbar.rs index dd49a52..355890a 100644 --- a/bos-settings/src/ui/views/breadbar.rs +++ b/bos-settings/src/ui/views/breadbar.rs @@ -6,7 +6,6 @@ fn css_path() -> PathBuf { crate::config::config_dir().join("breadbar/style.css") } - pub fn build() -> GBox { let path = css_path(); let existing_css = std::fs::read_to_string(&path).unwrap_or_default(); diff --git a/bos-settings/src/ui/views/packages.rs b/bos-settings/src/ui/views/packages.rs index 1281c44..feee584 100644 --- a/bos-settings/src/ui/views/packages.rs +++ b/bos-settings/src/ui/views/packages.rs @@ -50,9 +50,10 @@ fn stream_command(args: &[&str], log_buf: gtk4::TextBuffer) { } }; - // Merge stderr into the channel too - let stdout = child.stdout.take().unwrap(); - let stderr = child.stderr.take().unwrap(); + // Merge stderr into the channel too. + // Both are Some because we spawned with Stdio::piped() above. + let stdout = child.stdout.take().expect("stdout piped"); + let stderr = child.stderr.take().expect("stderr piped"); let tx2 = sender.clone(); std::thread::spawn(move || { diff --git a/build-local.sh b/build-local.sh index 3e39da8..28b9e4d 100755 --- a/build-local.sh +++ b/build-local.sh @@ -25,10 +25,15 @@ OUT="${OUT:-$REPO/out}" STAGE=/tmp/bos-iso-stage rm -rf "$STAGE" && cp -a "$REPO/iso" "$STAGE" -# The public git.breadway.dev URL is flaky/unreachable from hermes; Forgejo is -# directly reachable over Tailscale (hestia 100.66.238.26:3002). Only rewrites -# the staged copy, never the committed pacman.conf. -sed -i 's#https://git.breadway.dev/api/packages/Breadway/arch/os#http://100.66.238.26:3002/api/packages/Breadway/arch/os#' "$STAGE/pacman.conf" +# Rewrite the [breadway] pacman repo URL to the fastest reachable address. +# CI_BUILD=1 — container runs on hestia with --network=host; localhost:3002 is direct +# default — building on hermes; git.breadway.dev is flaky from there, use Tailscale +# Only ever rewrites the staged copy, never the committed pacman.conf. +if [ "${CI_BUILD:-0}" = "1" ]; then + sed -i 's#https://git.breadway.dev/api/packages/Breadway/arch/os#http://localhost:3002/api/packages/Breadway/arch/os#' "$STAGE/pacman.conf" +else + sed -i 's#https://git.breadway.dev/api/packages/Breadway/arch/os#http://100.66.238.26:3002/api/packages/Breadway/arch/os#' "$STAGE/pacman.conf" +fi if [ "${FAST_BUILD:-0}" = "1" ]; then echo "=== FAST_BUILD: squashfs -> zstd level 6 ===" @@ -44,7 +49,7 @@ grep airootfs_image_tool_options "$STAGE/profiledef.sh" # created from skel (the live user and the installed user) then gets the same # versions `bakery list` reports here, fully offline. Copied at build time so the # binaries never bloat the git repo and always track the current bakery state. -BREAD_BINS=(bakery bread breadd breadman breadbar breadbox breadbox-sync breadcrumbs breadpad bread-theme) +BREAD_BINS=(bakery bread breadd breadman breadbar breadbox breadbox-sync breadcrumbs breadpad breadpaper bread-theme) LAPTOP_HOME="${LAPTOP_HOME:-$(getent passwd "${SUDO_USER:-$USER}" | cut -d: -f6)}" BAKERY_BIN="$LAPTOP_HOME/.local/bin" BAKERY_STATE="$LAPTOP_HOME/.local/state/bakery" diff --git a/iso/airootfs/etc/calamares/branding/bos/logo.png b/iso/airootfs/etc/calamares/branding/bos/logo.png index 30bee39..e383c6b 100644 Binary files a/iso/airootfs/etc/calamares/branding/bos/logo.png and b/iso/airootfs/etc/calamares/branding/bos/logo.png differ diff --git a/iso/airootfs/etc/calamares/post-install.sh b/iso/airootfs/etc/calamares/post-install.sh index e318ed1..ebfb24a 100644 --- a/iso/airootfs/etc/calamares/post-install.sh +++ b/iso/airootfs/etc/calamares/post-install.sh @@ -24,23 +24,46 @@ userdel -r liveuser 2>/dev/null || true passwd -l root || true # --------------------------------------------------------------------------- -# Boot splash (Plymouth) — BOS logo + spinner instead of kernel text. Done -# BEFORE grub so grub.cfg picks up the new cmdline and the rebuilt initramfs. -# All best-effort: if anything here fails the system still boots (just without -# the splash) — the initramfs the initcpio module already built stays valid. +# Pacman keyring. The live medium's /etc/pacman.d/gnupg doesn't reliably carry +# over to the target (unpackfs may skip it / perms differ), leaving the installed +# system unable to verify package signatures — the first `pacman -Syu` then dies +# with "keyring is not writable / required key missing". Initialise it here so a +# fresh install can update out of the box. archlinux-keyring is already present; +# [breadway] is SigLevel=Never so it needs no key. +# --------------------------------------------------------------------------- +if command -v pacman-key &>/dev/null; then + pacman-key --init || echo "WARN: pacman-key --init failed" + pacman-key --populate archlinux || echo "WARN: pacman-key --populate failed" +fi + +# --------------------------------------------------------------------------- +# Initramfs HOOKS: microcode + plymouth. Edit HOOKS first, rebuild once below. +# microcode — embeds the (autodetect-pruned) CPU microcode into the initramfs +# so it loads at early boot. The live ISO embeds ucode the same way, so the +# ISO /boot carries no separate ucode image and bos-copy-kernel stages none +# onto the target — the installed initramfs must therefore carry it itself. +# Must sit AFTER `autodetect` so it's pruned to the running CPU's microcode. +# plymouth — the BOS boot splash. Only the udev `plymouth` hook exists (there +# is NO `sd-plymouth`), so always insert it after `udev`. +# All best-effort: a failure here still leaves a bootable initramfs. +# --------------------------------------------------------------------------- +if [[ -f /etc/mkinitcpio.conf ]]; then + if ! grep -qE '^HOOKS=.*\bmicrocode\b' /etc/mkinitcpio.conf; then + sed -i 's/^\(HOOKS=.*\bautodetect\b\)/\1 microcode/' /etc/mkinitcpio.conf \ + || echo "WARN: adding microcode hook failed" + fi + if command -v plymouth-set-default-theme &>/dev/null \ + && ! grep -qE '^HOOKS=.*\bplymouth\b' /etc/mkinitcpio.conf; then + sed -i 's/^\(HOOKS=.*\budev\b\)/\1 plymouth/' /etc/mkinitcpio.conf \ + || echo "WARN: adding plymouth hook failed" + fi +fi + +# --------------------------------------------------------------------------- +# Boot splash (Plymouth) — BOS logo + spinner instead of kernel text. Set the +# theme + cmdline BEFORE grub so grub.cfg picks up the new cmdline. # --------------------------------------------------------------------------- if command -v plymouth-set-default-theme &>/dev/null; then - # Ensure the plymouth hook is in HOOKS (plymouthcfg/initcpiocfg usually add it; - # this is the belt). Handle both the udev and systemd initramfs styles. - if ! grep -q 'plymouth' /etc/mkinitcpio.conf 2>/dev/null; then - if grep -qE '^HOOKS=.*\bsystemd\b' /etc/mkinitcpio.conf; then - sed -i 's/^\(HOOKS=.*\bsystemd\b\)/\1 sd-plymouth/' /etc/mkinitcpio.conf \ - || echo "WARN: adding sd-plymouth hook failed" - else - sed -i 's/^\(HOOKS=.*\budev\b\)/\1 plymouth/' /etc/mkinitcpio.conf \ - || echo "WARN: adding plymouth hook failed" - fi - fi # Clean boot: splash activates plymouth; hiding systemd status removes the # "[ OK ] Started ..." text (what looked like kernel output) even if the # splash itself doesn't grab the display (e.g. in some VMs). @@ -48,10 +71,13 @@ if command -v plymouth-set-default-theme &>/dev/null; then sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT="\)/\1splash quiet vt.global_cursor_default=0 systemd.show_status=false rd.systemd.show_status=false rd.udev.log_level=3 /' \ /etc/default/grub || echo "WARN: adding splash cmdline failed" fi - # Set the BOS theme and rebuild the initramfs (-R) with the plymouth hook. - plymouth-set-default-theme -R bos || echo "WARN: plymouth-set-default-theme failed" + plymouth-set-default-theme bos || echo "WARN: plymouth-set-default-theme failed" fi +# Rebuild every preset (default + fallback that bos-copy-kernel wrote) so the +# microcode + plymouth HOOKS above are actually baked into the initramfs. +mkinitcpio -P || echo "WARN: mkinitcpio -P failed" + # --------------------------------------------------------------------------- # Install GRUB (UEFI). /boot now has the kernel + initramfs, and the mount # module has bind-mounted /proc /sys /dev /run + efivars into this chroot, so diff --git a/iso/airootfs/etc/default/useradd b/iso/airootfs/etc/default/useradd new file mode 100644 index 0000000..f16b7d8 --- /dev/null +++ b/iso/airootfs/etc/default/useradd @@ -0,0 +1,7 @@ +SHELL=/usr/bin/zsh +GROUP=users +HOME=/home +INACTIVE=-1 +EXPIRE= +SKEL=/etc/skel +CREATE_MAIL_SPOOL=no diff --git a/iso/airootfs/etc/pacman.conf b/iso/airootfs/etc/pacman.conf index 90e4517..20c5242 100644 --- a/iso/airootfs/etc/pacman.conf +++ b/iso/airootfs/etc/pacman.conf @@ -35,7 +35,8 @@ Include = /etc/pacman.d/mirrorlist # # Forgejo signs the repo db with a key pacman can't look up, so TrustAll # fails. SigLevel = Never skips verification (acceptable for this private -# repo over TLS). TODO: import Forgejo's signing key + SigLevel = Required. +# repo over TLS). Future improvement: import Forgejo's signing key and +# switch to SigLevel = Required for full package verification. # ----------------------------------------------------------------------- # The section name must match Forgejo's served db filename # ({owner}.{group}.{domain}.db) — pacman fetches "
.db" from Server. diff --git a/iso/airootfs/etc/skel/.config/hypr/hyprland.lua b/iso/airootfs/etc/skel/.config/hypr/hyprland.lua index c7ce981..d9a6eb8 100644 --- a/iso/airootfs/etc/skel/.config/hypr/hyprland.lua +++ b/iso/airootfs/etc/skel/.config/hypr/hyprland.lua @@ -90,6 +90,7 @@ end -- --------------------------------------------------------------------------- hl.window_rule({ name = "bos-keybinds", match = { class = "^(bos-keybinds)$" }, float = true, size = { 760, 720 } }) hl.window_rule({ name = "bos-welcome", match = { class = "^(bos-welcome)$" }, float = true, size = { 700, 560 } }) +hl.window_rule({ name = "bos-netsetup", match = { class = "^(bos-netsetup)$" }, float = true, size = { 700, 560 } }) -- --------------------------------------------------------------------------- -- Environment (vendor-neutral; no GPU-specific vars so it works on Intel/AMD). @@ -203,7 +204,12 @@ hl.on("hyprland.start", function() "awww-daemon", -- set the default wallpaper once the daemon is up (retry until ready) [[bash -c 'until awww img /usr/share/backgrounds/bos/bread-background.png 2>/dev/null; do sleep 0.3; done']], - "breadd", + -- breadd runs as a systemd user service (~/.config/systemd/user/breadd.service, + -- enabled in skel). It autostarts at login but before Hyprland exists, so + -- push the compositor's Wayland env into the user manager and restart breadd + -- to pick it up — that's how it gets HYPRLAND_INSTANCE_SIGNATURE to talk to Hyprland. + "dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP HYPRLAND_INSTANCE_SIGNATURE", + "systemctl --user restart breadd", "breadbar", "breadbox-sync", "hypridle", diff --git a/iso/airootfs/etc/skel/.config/systemd/user/breadd.service b/iso/airootfs/etc/skel/.config/systemd/user/breadd.service new file mode 100644 index 0000000..49d6741 --- /dev/null +++ b/iso/airootfs/etc/skel/.config/systemd/user/breadd.service @@ -0,0 +1,21 @@ +[Unit] +Description=Bread Runtime Daemon + +[Service] +Type=simple +# %h = the user's home — works for any account created from this skel. +ExecStart=%h/.local/bin/breadd +Restart=on-failure +RestartSec=2 +UMask=0077 +RuntimeDirectory=bread +RuntimeDirectoryMode=0700 +# Keep /run/user//bread across restarts so the shared theme.css that +# bread-theme writes there (and the daemon socket) survive a `restart breadd`. +RuntimeDirectoryPreserve=yes +KillSignal=SIGTERM +TimeoutStopSec=5 +Environment=RUST_LOG=info + +[Install] +WantedBy=default.target diff --git a/iso/airootfs/etc/skel/.config/systemd/user/default.target.wants/breadd.service b/iso/airootfs/etc/skel/.config/systemd/user/default.target.wants/breadd.service new file mode 120000 index 0000000..c858aeb --- /dev/null +++ b/iso/airootfs/etc/skel/.config/systemd/user/default.target.wants/breadd.service @@ -0,0 +1 @@ +../breadd.service \ No newline at end of file diff --git a/iso/airootfs/usr/local/bin/bos-live-setup b/iso/airootfs/usr/local/bin/bos-live-setup index 0fbe5bd..32a83f6 100644 --- a/iso/airootfs/usr/local/bin/bos-live-setup +++ b/iso/airootfs/usr/local/bin/bos-live-setup @@ -11,7 +11,7 @@ set -e # (breadd + breadbar + breadbox + keybinds) — proper live-media functionality, # not an installer kiosk. if ! id liveuser &>/dev/null; then - useradd -m -s /bin/bash liveuser + useradd -m -s /usr/bin/zsh liveuser for g in wheel video input audio storage power; do getent group "$g" >/dev/null 2>&1 && gpasswd -a liveuser "$g" >/dev/null || true done diff --git a/iso/airootfs/usr/local/bin/bos-welcome b/iso/airootfs/usr/local/bin/bos-welcome index 413256b..ef0c2ed 100644 --- a/iso/airootfs/usr/local/bin/bos-welcome +++ b/iso/airootfs/usr/local/bin/bos-welcome @@ -10,6 +10,25 @@ set -u marker="${XDG_CONFIG_HOME:-$HOME/.config}/bos/.welcomed" [[ -f "$marker" ]] && exit 0 mkdir -p "$(dirname "$marker")" + +# First-run network check. A fresh install usually boots with no connection +# (Wi-Fi isn't configured during install), and the first `bos-update`/pacman run +# then fails with confusing DNS/"could not resolve host" errors. If +# NetworkManager reports we're not fully online, open nmtui so the user can join +# a network before anything else. Best-effort: missing nmcli/nmtui/kitty, or the +# user quitting nmtui, must never block the welcome below. +if command -v nmcli &>/dev/null; then + conn="$(nmcli networking connectivity check 2>/dev/null)" + if [[ "$conn" != "full" ]]; then + notify-send -u normal "BOS" "No internet yet — opening network setup so updates work." 2>/dev/null || true + if command -v nmtui &>/dev/null; then + kitty --class bos-netsetup --title "Connect to a network" -- nmtui connect 2>/dev/null || true + fi + fi +fi + +# Mark welcomed only now, so an interrupted/aborted network step still re-prompts +# next login rather than being suppressed forever. touch "$marker" exec kitty --class bos-welcome --title "Welcome to BOS" -- less -R /usr/share/bos/welcome.txt diff --git a/iso/airootfs/usr/share/plymouth/themes/bos/logo.png b/iso/airootfs/usr/share/plymouth/themes/bos/logo.png index fb96675..e383c6b 100644 Binary files a/iso/airootfs/usr/share/plymouth/themes/bos/logo.png and b/iso/airootfs/usr/share/plymouth/themes/bos/logo.png differ diff --git a/iso/packages.x86_64 b/iso/packages.x86_64 index aa033d2..ab0d1e4 100644 --- a/iso/packages.x86_64 +++ b/iso/packages.x86_64 @@ -139,10 +139,13 @@ file-roller # GUI applications a general desktop is expected to have out of the box. # gnome-text-editor: graphical editor (terminal editors aside); gnome-calculator: -# calculator; loupe: Wayland-native image viewer (default for image files). +# calculator; loupe: Wayland-native image viewer (default for image files); +# zathura(+pdf-mupdf): lightweight Wayland PDF viewer (BOS had no PDF reader). gnome-text-editor gnome-calculator loupe +zathura +zathura-pdf-mupdf # Media player — BOS ships gstreamer codecs but otherwise has no player app. vlc # Web browser (served from the [Breadway] repo; AUR zen-browser-bin republished @@ -190,6 +193,12 @@ plymouth gst-plugins-good gst-plugins-bad gst-plugins-ugly +# Hardware video acceleration (VA-API) — lets the AMD/Intel GPU decode H.264/HEVC/ +# VP9 in mpv, VLC, and browsers instead of the CPU (cooler, longer battery on +# video). The open Mesa VA-API backend (radeonsi_drv_video.so etc.) now ships in +# the `mesa` package itself (pulled in already), so only libva (deps) + the +# `vainfo` verification tool need listing here. +libva-utils # GUI audio mixer — useful when output device needs manual switching. pavucontrol diff --git a/iso/pacman.conf b/iso/pacman.conf index 90e4517..20c5242 100644 --- a/iso/pacman.conf +++ b/iso/pacman.conf @@ -35,7 +35,8 @@ Include = /etc/pacman.d/mirrorlist # # Forgejo signs the repo db with a key pacman can't look up, so TrustAll # fails. SigLevel = Never skips verification (acceptable for this private -# repo over TLS). TODO: import Forgejo's signing key + SigLevel = Required. +# repo over TLS). Future improvement: import Forgejo's signing key and +# switch to SigLevel = Required for full package verification. # ----------------------------------------------------------------------- # The section name must match Forgejo's served db filename # ({owner}.{group}.{domain}.db) — pacman fetches "
.db" from Server.