blue-build · xynydev · Aug 11, 2024 · Aug 8, 2024 · Aug 8, 2024 · Aug 10, 2024
@@ -9,16 +9,14 @@ set -euo pipefail
 
 DESIRED_SOFT_LIMIT=4096
 DESIRED_HARD_LIMIT=524288
-BREW_LIMITS_D_CONFIG="/usr/etc/security/limits.d/zz1-brew-limits.conf"
+BREW_LIMITS_D_CONFIG="/etc/security/limits.d/zz1-brew-limits.conf"
 BREW_SYSTEMD_SYSTEM_CONFIG="/usr/lib/systemd/system.conf.d/zz1-brew-limits.conf"
 BREW_SYSTEMD_USER_CONFIG="/usr/lib/systemd/user.conf.d/zz1-brew-limits.conf"
 
 # SSH/TTY nofile limit (security ulimit config)
 
 # From least to most preferred
 SSH_TTY_LIMIT_ORDER=(
-"/usr/etc/security/limits.conf"
-"/usr/etc/security/limits.d/"
 "/etc/security/limits.conf"
 "/etc/security/limits.d/"
 )
@@ -54,8 +52,6 @@ fi
 SYSTEMD_SYSTEM_LIMIT_ORDER=(
 "/usr/lib/systemd/system.conf"
 "/usr/lib/systemd/system.conf.d/"
-"/usr/etc/systemd/system.conf"
-"/usr/etc/systemd/system.conf.d/"
 "/etc/systemd/system.conf"
 "/etc/systemd/system.conf.d/"
 )
@@ -87,8 +83,6 @@ fi
 SYSTEMD_USER_LIMIT_ORDER=(
 "/usr/lib/systemd/user.conf"
 "/usr/lib/systemd/user.conf.d/"
-"/usr/etc/systemd/user.conf"
-"/usr/etc/systemd/user.conf.d/"
 "/etc/systemd/user.conf"
 "/etc/systemd/user.conf.d/"
 )
@@ -140,8 +134,8 @@ echo "SystemD user hard nofile limit: $(check_and_print ${CURRENT_SYSTEMD_USER_H
 
 # Write SSH/TTY nolimit values
 if [[ "${CURRENT_SSH_TTY_SOFT_VALUE}" -lt "${DESIRED_SOFT_LIMIT}" ]] || [[ "${CURRENT_SSH_TTY_HARD_VALUE}" -lt "${DESIRED_HARD_LIMIT}" ]]; then
-  if [[ ! -d "/usr/etc/security/limits.d/" ]]; then
-    mkdir -p "/usr/etc/security/limits.d/"
+  if [[ ! -d "/etc/security/limits.d/" ]]; then
+    mkdir -p "/etc/security/limits.d/"
   fi
   echo "# This file sets the resource limits for users logged in via PAM,
 # more specifically, users logged in via SSH or tty (console).

@@ -188,19 +188,19 @@ EOF
 # Fish already includes this fix in brew-fish-completions.sh
 # By default Brew applies the shell environment changes globally, which causes path conflicts between system & brew installed programs with same name.
 # Universal Blue images include this same fix
-if [[ ! -d "/usr/etc/profile.d/" ]]; then
-  mkdir -p "/usr/etc/profile.d/"
+if [[ ! -d "/etc/profile.d/" ]]; then
+  mkdir -p "/etc/profile.d/"
 fi
-if [[ ! -f "/usr/etc/profile.d/brew.sh" ]]; then
+if [[ ! -f "/etc/profile.d/brew.sh" ]]; then
   echo "Apply brew path export fix, to solve path conflicts between system & brew programs with same name"
   echo "#!/usr/bin/env bash
-[[ -d /home/linuxbrew/.linuxbrew && $- == *i* ]] && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"" > "/usr/etc/profile.d/brew.sh"
+[[ -d /home/linuxbrew/.linuxbrew && $- == *i* ]] && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"" > "/etc/profile.d/brew.sh"
 fi
 
 # Copy shell configuration files
 echo "Copying Brew bash & fish shell completions"
 cp -r "${MODULE_DIRECTORY}"/brew/brew-fish-completions.fish /usr/share/fish/vendor_conf.d/brew-fish-completions.fish
-cp -r "${MODULE_DIRECTORY}"/brew/brew-bash-completions.sh /usr/etc/profile.d/brew-bash-completions.sh
+cp -r "${MODULE_DIRECTORY}"/brew/brew-bash-completions.sh /etc/profile.d/brew-bash-completions.sh
 
 # Register path symlink
 # We do this via tmpfiles.d so that it is created by the live system.
@@ -240,24 +240,24 @@ fi
 # Disable homebrew analytics if the flag is set to false
 # like secureblue: https://github.com/secureblue/secureblue/blob/live/config/scripts/homebrewanalyticsoptout.sh
 if [[ "${BREW_ANALYTICS}" == false ]]; then
-  if [[ ! -f "/usr/etc/environment" ]]; then
-    echo "" > "/usr/etc/environment" # touch fails for some reason, probably a bug with it
+  if [[ ! -f "/etc/environment" ]]; then
+    echo "" > "/etc/environment" # touch fails for some reason, probably a bug with it
   fi
-  CURRENT_ENVIRONMENT=$(cat "/usr/etc/environment")
-  CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/usr/etc/environment")
+  CURRENT_ENVIRONMENT=$(cat "/etc/environment")
+  CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/etc/environment")
   if [[ -n "${CURRENT_ENVIRONMENT}" ]]; then
     if [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=0" ]]; then
       echo "Disabling Brew analytics"  
-      sed -i 's/HOMEBREW_NO_ANALYTICS=0/HOMEBREW_NO_ANALYTICS=1/' "/usr/etc/environment"
+      sed -i 's/HOMEBREW_NO_ANALYTICS=0/HOMEBREW_NO_ANALYTICS=1/' "/etc/environment"
     elif [[ -z "${CURRENT_HOMEBREW_CONFIG}" ]]; then
       echo "Disabling Brew analytics"
-      echo "HOMEBREW_NO_ANALYTICS=1" >> "/usr/etc/environment"
+      echo "HOMEBREW_NO_ANALYTICS=1" >> "/etc/environment"
     elif [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=1" ]]; then
       echo "Brew analytics are already disabled!"
     fi
   elif [[ -z "${CURRENT_ENVIRONMENT}" ]]; then
     echo "Disabling Brew analytics"
-    echo "HOMEBREW_NO_ANALYTICS=1" > "/usr/etc/environment"
+    echo "HOMEBREW_NO_ANALYTICS=1" > "/etc/environment"
   fi
 fi
 

diff --git a/modules/default-flatpaks/default-flatpaks.sh b/modules/default-flatpaks/default-flatpaks.sh
@@ -145,7 +145,7 @@ check_flatpak_id_validity_from_flathub () {
 
 echo "Enabling flatpaks module"
 mkdir -p /usr/share/bluebuild/default-flatpaks/{system,user}
-mkdir -p /usr/etc/bluebuild/default-flatpaks/{system,user}
+mkdir -p /etc/bluebuild/default-flatpaks/{system,user}
 systemctl enable -f system-flatpak-setup.service
 systemctl enable -f --global user-flatpak-setup.service
 
@@ -185,8 +185,8 @@ echo "$NOTIFICATIONS" >> "$CONFIG_NOTIFICATIONS"
 
 echo "Copying user modification template files"
 
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/install /usr/etc/bluebuild/default-flatpaks/system/install
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/remove /usr/etc/bluebuild/default-flatpaks/system/remove
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/install /usr/etc/bluebuild/default-flatpaks/user/install
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/remove /usr/etc/bluebuild/default-flatpaks/user/remove
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/notifications /usr/etc/bluebuild/default-flatpaks/notifications
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/install /etc/bluebuild/default-flatpaks/system/install
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/remove /etc/bluebuild/default-flatpaks/system/remove
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/install /etc/bluebuild/default-flatpaks/user/install
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/remove /etc/bluebuild/default-flatpaks/user/remove
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/notifications /etc/bluebuild/default-flatpaks/notifications
@@ -1,27 +1,25 @@
 # `files`
 
 The `files` module can be used to copy directories from `files/` to
-any location in your image at build time, as long as the location exists at
-build time (e.g. you can't put files in `/home/<username>/`, because users
+any location in your image at build-time, as long as the location exists at
+build-time (e.g. you can't put files in `/home/<username>/`, because users
 haven't been created yet prior to first boot).
 
 :::note
-If you want to place files into `/etc/`, there are two ways to do it:
+Don't copy files directly to `/usr/etc/` in build-time, but copy those to `/etc/` instead,
+due to the nature of how `ostree` handles `/usr/etc/` & `/etc/` relationship.
 
-1. copying a directory in `files/` directly to `/etc` to add all of its
-   files at build time, or
-2. putting the files you want there in `/usr/etc/` as part of copying things
-   over to `/usr/`, which `rpm-ostree` will then copy to `/etc/` at runtime/boot.
+`/usr/etc/` is empty in build-time, while `/etc/` is populated from the base image & changes that you do to it afterwards.
+`/etc/` is then automatically merged to `/usr/etc/` in build-time by `ostree`.
 
-Typically, you will want to use the latter option (putting files in `/usr/etc/`)
-in almost all cases, since that is the proper directory for "system"
+So this means that copying files to `/etc/` in build-time is actually copying it to `/usr/etc/` as an end result.
+
+While copying files to `/usr/etc/` directly in build-time didn't cause any harm,
+the mentioned way above is the more correct one.
+
+In run-time, `/usr/etc/` is the directory for "system"
 configuration templates on atomic Fedora distros, whereas `/etc/` is meant for
-manual overrides and editing by the machine's admin *after* installation (see
-issue https://github.com/blue-build/legacy-template/issues/28). However, if you
-really need something to be in `/etc/` *at build time* --- for instance, if you
-for some reason need to place a repo file in `/etc/yum.repos.d/` in such a way
-that it is used by a `rpm-ostree` module later on --- then the former option
-will be necessary.
+manual overrides and editing by the machine's admin *after* installation.
 :::
 
 :::caution

@@ -3,7 +3,7 @@
 # Tell build process to exit if there are any errors.
 set -euo pipefail
 
-CONTAINER_DIR="/usr/etc/containers"
+CONTAINER_DIR="/etc/containers"
 MODULE_DIRECTORY="${MODULE_DIRECTORY:-"/tmp/modules"}"
 IMAGE_NAME_FILE="${IMAGE_NAME//\//_}"
 
@@ -18,16 +18,16 @@ if ! [ -d $CONTAINER_DIR/registries.d ]; then
    mkdir -p "$CONTAINER_DIR/registries.d"
 fi
 
-if ! [ -d "/usr/etc/pki/containers" ]; then
-    mkdir -p "/usr/etc/pki/containers"
+if ! [ -d "/etc/pki/containers" ]; then
+    mkdir -p "/etc/pki/containers"
 fi
 
 if ! [ -f "$CONTAINER_DIR/policy.json" ]; then
     cp "$MODULE_DIRECTORY/signing/policy.json" "$CONTAINER_DIR/policy.json"
 fi
 
-if ! [ -f "/usr/etc/pki/containers/$IMAGE_NAME_FILE.pub" ]; then
-    cp "/usr/share/ublue-os/cosign.pub" "/usr/etc/pki/containers/$IMAGE_NAME_FILE.pub"
+if ! [ -f "/etc/pki/containers/$IMAGE_NAME_FILE.pub" ]; then
+    cp "/usr/share/ublue-os/cosign.pub" "/etc/pki/containers/$IMAGE_NAME_FILE.pub"
 fi
 
 POLICY_FILE="$CONTAINER_DIR/policy.json"

@@ -14,7 +14,7 @@ cp -n "$MODULE_DIRECTORY/yafti/yafti.yml" "$FIRSTBOOT_DATA/yafti.yml" || true
 cp -r "$MODULE_DIRECTORY/yafti/launcher/" "$FIRSTBOOT_DATA"
 
 FIRSTBOOT_SCRIPT="${FIRSTBOOT_DATA}/launcher/login-profile.sh"
-PROFILED_DIR="/usr/etc/profile.d"
+PROFILED_DIR="/etc/profile.d"
 FIRSTBOOT_LINK="${PROFILED_DIR}/ublue-firstboot.sh"
 
 echo "Installing python3-pip and libadwaita"