From 4ea2088d996d641c029beb9963e59a1e9d5ebcaf Mon Sep 17 00:00:00 2001
From: Kyle Gospodnetich <me@kylegospodneti.ch>
Date: Thu, 28 Mar 2024 14:47:40 -0700
Subject: [PATCH 1/3] feat: Use new https://github.com/ublue-os/hwe Nvidia
 install script

---
 Containerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Containerfile b/Containerfile
index 4a11d9c83d..39b28bd649 100644
--- a/Containerfile
+++ b/Containerfile
@@ -807,10 +807,9 @@ RUN rpm-ostree override remove \
     ; fi
 
 # Install NVIDIA driver
-RUN wget https://raw.githubusercontent.com/ublue-os/nvidia/main/install.sh -O /tmp/nvidia-install.sh && \
-    wget https://raw.githubusercontent.com/ublue-os/nvidia/main/post-install.sh -O /tmp/nvidia-post-install.sh && \
-    chmod +x /tmp/nvidia-install.sh && IMAGE_NAME="${BASE_IMAGE_NAME}" RPMFUSION_MIRROR="" /tmp/nvidia-install.sh && \
-    chmod +x /tmp/nvidia-post-install.sh && IMAGE_NAME="${BASE_IMAGE_NAME}" RPMFUSION_MIRROR="" /tmp/nvidia-post-install.sh
+RUN wget https://raw.githubusercontent.com/ublue-os/hwe/main/nvidia-install.sh && \
+    chmod +x /tmp/nvidia-install.sh && \
+    IMAGE_NAME="${BASE_IMAGE_NAME}" RPMFUSION_MIRROR="" /tmp/nvidia-install.sh
 
 # Install Explicit Sync Patches
 RUN wget https://copr.fedorainfracloud.org/coprs/gloriouseggroll/nvidia-explicit-sync/repo/fedora-"${FEDORA_MAJOR_VERSION}"/gloriouseggroll-nvidia-explicit-sync-fedora-"${FEDORA_MAJOR_VERSION}".repo?arch=x86_64 -O /etc/yum.repos.d/_copr_gloriouseggroll-nvidia-explicit-sync.repo && \

From 93e2a4ad14da0c359b5f7d5d21d09d50f9ef6ef3 Mon Sep 17 00:00:00 2001
From: Benjamin Sherman <benjamin@holyarmy.org>
Date: Thu, 28 Mar 2024 17:20:39 -0500
Subject: [PATCH 2/3] chore: benjamin custom

* use stock kernel
* simplify builds to only kinoite
---
 .github/workflows/build.yml | 70 +++++++------------------------------
 Containerfile               | 30 ++++++++--------
 2 files changed, 27 insertions(+), 73 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 61caae991f..1a842765c2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,32 +1,7 @@
 name: Build Bazzite
 on:
   schedule:
-    - cron: '40 16 * * 2,5' # 16:40 utc tues thurs
-  pull_request:
-    branches:
-      - testing
-      - unstable
-    paths-ignore:
-      - '**.md'
-      - '**.txt'
-      - 'repo_content/**'
-      - 'spec_files/**'
-      - 'post_install_files/**'
-      - 'press_kit/**'
-      - '.github/workflows/build_iso.yml'
-  push:
-    branches:
-      - testing
-      - unstable
-    paths-ignore:
-      - '**.md'
-      - '**.txt'
-      - 'repo_content/**'
-      - 'spec_files/**'
-      - 'post_install_files/**'
-      - 'press_kit/**'
-      - '.github/workflows/build_iso.yml'
-  merge_group:
+    - cron: '40 17 * * *'
   workflow_dispatch:
 env:
   IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
@@ -46,25 +21,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        base_image_flavor: [main, asus, framework, surface]
-        base_name: [bazzite, bazzite-deck, bazzite-nvidia]
-        base_image_name: [kinoite, silverblue]
+        base_image_flavor: [main]
+        base_name: [bazzite]
+        base_image_name: [kinoite]
         major_version: [39]
         include:
           - major_version: 39
             is_latest_version: true
             is_stable_version: true
-        exclude:
-          - base_name: bazzite-deck
-            base_image_flavor: nvidia
-          - base_name: bazzite-deck
-            base_image_flavor: asus-nvidia
-          - base_name: bazzite-deck
-            base_image_flavor: surface
-          - base_name: bazzite-deck
-            base_image_flavor: surface-nvidia
-          - base_name: bazzite-nvidia
-            base_image_flavor: framework
     steps:
       - name: Verify base image
         uses: EyeCantCU/cosign-action/verify@v0.2.2
@@ -84,7 +48,7 @@ jobs:
 
       - name: Matrix Variables
         run: |
-          echo "AKMODS_FLAVOR=6.7.9-207.fsync" >> $GITHUB_ENV
+          echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV
           echo "BASE_IMAGE_NAME=${{ matrix.base_image_name }}" >> $GITHUB_ENV
 
           if [[ "${{ matrix.base_image_flavor }}" == "framework" ]]; then
@@ -235,14 +199,6 @@ jobs:
           extra-args: |
             --target=${{ matrix.base_name }}
 
-      - name: Sign kernel
-        uses: EyeCantCU/kernel-signer@v0.1.3
-        with:
-          image: ${{ steps.build_image.outputs.image }}
-          privkey: ${{ secrets.AKMOD_PRIVKEY_20230518 }}
-          pubkey: /etc/pki/akmods/certs/akmods-ublue.der
-          tags: ${{ steps.build_image.outputs.tags }}
-
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
       - name: Lowercase Registry
@@ -268,14 +224,14 @@ jobs:
           extra-args: |
             --disable-content-trust
 
-      - name: Sign container image
-        uses: EyeCantCU/cosign-action/sign@v0.2.2
-        if: github.event_name != 'pull_request'
-        with:
-          containers: ${{ env.IMAGE_NAME }}
-          registry-token: ${{ secrets.GITHUB_TOKEN }}
-          signing-secret: ${{ secrets.SIGNING_SECRET }}
-          tags: ${{ steps.push.outputs.digest }}
+      #- name: Sign container image
+      #  uses: EyeCantCU/cosign-action/sign@v0.2.2
+      #  if: github.event_name != 'pull_request'
+      #  with:
+      #    containers: ${{ env.IMAGE_NAME }}
+      #    registry-token: ${{ secrets.GITHUB_TOKEN }}
+      #    signing-secret: ${{ secrets.SIGNING_SECRET }}
+      #    tags: ${{ steps.push.outputs.digest }}
 
       - name: Echo outputs
         if: github.event_name != 'pull_request'
diff --git a/Containerfile b/Containerfile
index 39b28bd649..6ea11fa7ce 100644
--- a/Containerfile
+++ b/Containerfile
@@ -12,7 +12,7 @@ FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS bazzite
 ARG IMAGE_NAME="${IMAGE_NAME:-bazzite}"
 ARG IMAGE_VENDOR="${IMAGE_VENDOR:-ublue-os}"
 ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-main}"
-ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-fsync}"
+ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-main}"
 ARG IMAGE_BRANCH="${IMAGE_BRANCH:-main}"
 ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME:-kinoite}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
@@ -42,20 +42,18 @@ RUN wget https://copr.fedorainfracloud.org/coprs/kylegospo/bazzite/repo/fedora-"
     wget https://pkgs.tailscale.com/stable/fedora/tailscale.repo -O /etc/yum.repos.d/tailscale.repo && \
     sed -i 's@gpgcheck=1@gpgcheck=0@g' /etc/yum.repos.d/tailscale.repo
 
-# Install kernel-fsync
-RUN wget https://copr.fedorainfracloud.org/coprs/sentry/kernel-fsync/repo/fedora-"${FEDORA_MAJOR_VERSION}"/sentry-kernel-fsync-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/_copr_sentry-kernel-fsync.repo && \
-    rpm-ostree cliwrap install-to-root / && \
-    rpm-ostree override replace \
-    --experimental \
-    --from repo=copr:copr.fedorainfracloud.org:sentry:kernel-fsync \
-        kernel-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-core-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-modules-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-modules-core-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-modules-extra-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-uki-virt-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-headers-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
-        kernel-devel-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64
+# # Install kernel-fsync
+# RUN wget https://copr.fedorainfracloud.org/coprs/sentry/kernel-fsync/repo/fedora-"${FEDORA_MAJOR_VERSION}"/sentry-kernel-fsync-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/_copr_sentry-kernel-fsync.repo && \
+#     rpm-ostree cliwrap install-to-root / && \
+#     rpm-ostree override replace \
+#     --experimental \
+#     --from repo=copr:copr.fedorainfracloud.org:sentry:kernel-fsync \
+#         kernel-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
+#         kernel-core-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
+#         kernel-modules-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
+#         kernel-modules-core-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
+#         kernel-modules-extra-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64 \
+#         kernel-uki-virt-"${AKMODS_FLAVOR}".fc"${FEDORA_MAJOR_VERSION}".x86_64
 
 # Setup firmware and asusctl for ASUS devices
 RUN if [[ "${IMAGE_FLAVOR}" =~ "asus" ]]; then \
@@ -786,7 +784,7 @@ FROM bazzite as bazzite-nvidia
 ARG IMAGE_NAME="${IMAGE_NAME:-bazzite-nvidia}"
 ARG IMAGE_VENDOR="${IMAGE_VENDOR:-ublue-os}"
 ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-nvidia}"
-ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-fsync}"
+ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-main}"
 ARG IMAGE_BRANCH="${IMAGE_BRANCH:-main}"
 ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME:-kinoite}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"

From 3b0b9706332f7bbb6945ec5facef0e41669f1d66 Mon Sep 17 00:00:00 2001
From: Benjamin Sherman <benjamin@holyarmy.org>
Date: Thu, 28 Mar 2024 17:40:07 -0500
Subject: [PATCH 3/3] feat: try F40

---
 .github/workflows/build.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1a842765c2..abedff436b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -24,11 +24,14 @@ jobs:
         base_image_flavor: [main]
         base_name: [bazzite]
         base_image_name: [kinoite]
-        major_version: [39]
+        major_version: [39, 40]
         include:
           - major_version: 39
             is_latest_version: true
             is_stable_version: true
+          - major_version: 40
+            is_latest_version: false
+            is_stable_version: false
     steps:
       - name: Verify base image
         uses: EyeCantCU/cosign-action/verify@v0.2.2