chore: Put files in /etc/ instead in /usr/etc (#315)

* docs(files): Recommend to put files in `/etc/` instead in ` This also modifies build-time part of modules to work with `/etc/` instead of `/usr/etc/` * docs(files): Revert the `/usr/etc/` & `/etc/` docs * chore: Revert `signing` module transition due to upstream issue * docs: Clarify note better regarding /etc
2024-08-11 19:07:55 +02:00 · 2024-08-11 19:07:55 +02:00 · 59c7882785
commit 59c7882785
parent 81fa299d32
6 changed files with 33 additions and 45 deletions
--- a/modules/brew/brew-nofile-limits-logic.sh
+++ b/modules/brew/brew-nofile-limits-logic.sh
@ -9,7 +9,7 @@ set -euo pipefail

 DESIRED_SOFT_LIMIT=4096
 DESIRED_HARD_LIMIT=524288
-BREW_LIMITS_D_CONFIG="/usr/etc/security/limits.d/zz1-brew-limits.conf"
+BREW_LIMITS_D_CONFIG="/etc/security/limits.d/zz1-brew-limits.conf"
 BREW_SYSTEMD_SYSTEM_CONFIG="/usr/lib/systemd/system.conf.d/zz1-brew-limits.conf"
 BREW_SYSTEMD_USER_CONFIG="/usr/lib/systemd/user.conf.d/zz1-brew-limits.conf"

@ -17,8 +17,6 @@ BREW_SYSTEMD_USER_CONFIG="/usr/lib/systemd/user.conf.d/zz1-brew-limits.conf"

 # From least to most preferred
 SSH_TTY_LIMIT_ORDER=(
-"/usr/etc/security/limits.conf"
-"/usr/etc/security/limits.d/"
 "/etc/security/limits.conf"
 "/etc/security/limits.d/"
 )
@ -54,8 +52,6 @@ fi
 SYSTEMD_SYSTEM_LIMIT_ORDER=(
 "/usr/lib/systemd/system.conf"
 "/usr/lib/systemd/system.conf.d/"
-"/usr/etc/systemd/system.conf"
-"/usr/etc/systemd/system.conf.d/"
 "/etc/systemd/system.conf"
 "/etc/systemd/system.conf.d/"
 )
@ -87,8 +83,6 @@ fi
 SYSTEMD_USER_LIMIT_ORDER=(
 "/usr/lib/systemd/user.conf"
 "/usr/lib/systemd/user.conf.d/"
-"/usr/etc/systemd/user.conf"
-"/usr/etc/systemd/user.conf.d/"
 "/etc/systemd/user.conf"
 "/etc/systemd/user.conf.d/"
 )
@ -140,8 +134,8 @@ echo "SystemD user hard nofile limit: $(check_and_print ${CURRENT_SYSTEMD_USER_H

 # Write SSH/TTY nolimit values
 if [[ "${CURRENT_SSH_TTY_SOFT_VALUE}" -lt "${DESIRED_SOFT_LIMIT}" ]] || [[ "${CURRENT_SSH_TTY_HARD_VALUE}" -lt "${DESIRED_HARD_LIMIT}" ]]; then
-  if [[ ! -d "/usr/etc/security/limits.d/" ]]; then
-    mkdir -p "/usr/etc/security/limits.d/"
+  if [[ ! -d "/etc/security/limits.d/" ]]; then
+    mkdir -p "/etc/security/limits.d/"
  fi
  echo "# This file sets the resource limits for users logged in via PAM,
 # more specifically, users logged in via SSH or tty (console).
--- a/modules/brew/brew.sh
+++ b/modules/brew/brew.sh
@ -188,19 +188,19 @@ EOF
 # Fish already includes this fix in brew-fish-completions.sh
 # By default Brew applies the shell environment changes globally, which causes path conflicts between system & brew installed programs with same name.
 # Universal Blue images include this same fix
-if [[ ! -d "/usr/etc/profile.d/" ]]; then
-  mkdir -p "/usr/etc/profile.d/"
+if [[ ! -d "/etc/profile.d/" ]]; then
+  mkdir -p "/etc/profile.d/"
 fi
-if [[ ! -f "/usr/etc/profile.d/brew.sh" ]]; then
+if [[ ! -f "/etc/profile.d/brew.sh" ]]; then
  echo "Apply brew path export fix, to solve path conflicts between system & brew programs with same name"
  echo "#!/usr/bin/env bash
-[[ -d /home/linuxbrew/.linuxbrew && $- == *i* ]] && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"" > "/usr/etc/profile.d/brew.sh"
+[[ -d /home/linuxbrew/.linuxbrew && $- == *i* ]] && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"" > "/etc/profile.d/brew.sh"
 fi

 # Copy shell configuration files
 echo "Copying Brew bash & fish shell completions"
 cp -r "${MODULE_DIRECTORY}"/brew/brew-fish-completions.fish /usr/share/fish/vendor_conf.d/brew-fish-completions.fish
-cp -r "${MODULE_DIRECTORY}"/brew/brew-bash-completions.sh /usr/etc/profile.d/brew-bash-completions.sh
+cp -r "${MODULE_DIRECTORY}"/brew/brew-bash-completions.sh /etc/profile.d/brew-bash-completions.sh

 # Register path symlink
 # We do this via tmpfiles.d so that it is created by the live system.
@ -240,24 +240,24 @@ fi
 # Disable homebrew analytics if the flag is set to false
 # like secureblue: https://github.com/secureblue/secureblue/blob/live/config/scripts/homebrewanalyticsoptout.sh
 if [[ "${BREW_ANALYTICS}" == false ]]; then
-  if [[ ! -f "/usr/etc/environment" ]]; then
-    echo "" > "/usr/etc/environment" # touch fails for some reason, probably a bug with it
+  if [[ ! -f "/etc/environment" ]]; then
+    echo "" > "/etc/environment" # touch fails for some reason, probably a bug with it
  fi
-  CURRENT_ENVIRONMENT=$(cat "/usr/etc/environment")
-  CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/usr/etc/environment")
+  CURRENT_ENVIRONMENT=$(cat "/etc/environment")
+  CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/etc/environment")
  if [[ -n "${CURRENT_ENVIRONMENT}" ]]; then
    if [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=0" ]]; then
      echo "Disabling Brew analytics"  
-      sed -i 's/HOMEBREW_NO_ANALYTICS=0/HOMEBREW_NO_ANALYTICS=1/' "/usr/etc/environment"
+      sed -i 's/HOMEBREW_NO_ANALYTICS=0/HOMEBREW_NO_ANALYTICS=1/' "/etc/environment"
    elif [[ -z "${CURRENT_HOMEBREW_CONFIG}" ]]; then
      echo "Disabling Brew analytics"
-      echo "HOMEBREW_NO_ANALYTICS=1" >> "/usr/etc/environment"
+      echo "HOMEBREW_NO_ANALYTICS=1" >> "/etc/environment"
    elif [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=1" ]]; then
      echo "Brew analytics are already disabled!"
    fi
  elif [[ -z "${CURRENT_ENVIRONMENT}" ]]; then
    echo "Disabling Brew analytics"
-    echo "HOMEBREW_NO_ANALYTICS=1" > "/usr/etc/environment"
+    echo "HOMEBREW_NO_ANALYTICS=1" > "/etc/environment"
  fi
 fi

--- a/modules/default-flatpaks/v1/default-flatpaks.sh
+++ b/modules/default-flatpaks/v1/default-flatpaks.sh
@ -145,7 +145,7 @@ check_flatpak_id_validity_from_flathub () {

 echo "Enabling flatpaks module"
 mkdir -p /usr/share/bluebuild/default-flatpaks/{system,user}
-mkdir -p /usr/etc/bluebuild/default-flatpaks/{system,user}
+mkdir -p /etc/bluebuild/default-flatpaks/{system,user}
 systemctl enable -f system-flatpak-setup.service
 systemctl enable -f --global user-flatpak-setup.service

@ -185,8 +185,8 @@ echo "$NOTIFICATIONS" >> "$CONFIG_NOTIFICATIONS"

 echo "Copying user modification template files"

-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/install /usr/etc/bluebuild/default-flatpaks/system/install
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/remove /usr/etc/bluebuild/default-flatpaks/system/remove
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/install /usr/etc/bluebuild/default-flatpaks/user/install
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/remove /usr/etc/bluebuild/default-flatpaks/user/remove
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/notifications /usr/etc/bluebuild/default-flatpaks/notifications
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/install /etc/bluebuild/default-flatpaks/system/install
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/remove /etc/bluebuild/default-flatpaks/system/remove
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/install /etc/bluebuild/default-flatpaks/user/install
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/remove /etc/bluebuild/default-flatpaks/user/remove
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/notifications /etc/bluebuild/default-flatpaks/notifications
--- a/modules/files/README.md
+++ b/modules/files/README.md
@ -1,27 +1,19 @@
 # `files`

 The `files` module can be used to copy directories from `files/` to
-any location in your image at build time, as long as the location exists at
-build time (e.g. you can't put files in `/home/<username>/`, because users
+any location in your image at build-time, as long as the location exists at
+build-time (e.g. you can't put files in `/home/<username>/`, because users
 haven't been created yet prior to first boot).

 :::note
-If you want to place files into `/etc/`, there are two ways to do it:
-
-1. copying a directory in `files/` directly to `/etc` to add all of its
-   files at build time, or
-2. putting the files you want there in `/usr/etc/` as part of copying things
-   over to `/usr/`, which `rpm-ostree` will then copy to `/etc/` at runtime/boot.
-
-Typically, you will want to use the latter option (putting files in `/usr/etc/`)
-in almost all cases, since that is the proper directory for "system"
+In run-time, `/usr/etc/` is the directory for "system"
 configuration templates on atomic Fedora distros, whereas `/etc/` is meant for
-manual overrides and editing by the machine's admin *after* installation (see
-issue https://github.com/blue-build/legacy-template/issues/28). However, if you
-really need something to be in `/etc/` *at build time* --- for instance, if you
-for some reason need to place a repo file in `/etc/yum.repos.d/` in such a way
-that it is used by a `rpm-ostree` module later on --- then the former option
-will be necessary.
+manual overrides and editing by the machine's admin *after* installation.
+
+In build-time, as a custom-image maintainer, you want to copy files to `/etc/`,
+as those are automatically moved to system directory `/usr/etc/` during atomic Fedora image deployment.
+Check out this blog post for more details about this:  
+https://blue-build.org/blog/preferring-system-etc/
 :::

 :::caution
--- a/modules/signing/signing.sh
+++ b/modules/signing/signing.sh
@ -3,6 +3,8 @@
 # Tell build process to exit if there are any errors.
 set -euo pipefail

+# Don't migrate this module from utilizing `/usr/etc/` to `/etc/` yet, as Ublue needs to solve this issue
+# https://github.com/ublue-os/config/pull/311
 CONTAINER_DIR="/usr/etc/containers"
 MODULE_DIRECTORY="${MODULE_DIRECTORY:-"/tmp/modules"}"
 IMAGE_NAME_FILE="${IMAGE_NAME//\//_}"
--- a/modules/yafti/yafti.sh
+++ b/modules/yafti/yafti.sh
@ -14,7 +14,7 @@ cp -n "$MODULE_DIRECTORY/yafti/yafti.yml" "$FIRSTBOOT_DATA/yafti.yml" || true
 cp -r "$MODULE_DIRECTORY/yafti/launcher/" "$FIRSTBOOT_DATA"

 FIRSTBOOT_SCRIPT="${FIRSTBOOT_DATA}/launcher/login-profile.sh"
-PROFILED_DIR="/usr/etc/profile.d"
+PROFILED_DIR="/etc/profile.d"
 FIRSTBOOT_LINK="${PROFILED_DIR}/ublue-firstboot.sh"

 echo "Installing python3-pip and libadwaita"