unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases 4 Wiki Activity
Files
26741feada08cd1171a7288e3343720ca6b43101
punktfunk/packaging/rpm/README.md
T
enricobuehler 06346e5037
ci / web (push) Failing after 40s
Details
ci / rust (push) Successful in 1m8s
Details
apple / swift (push) Successful in 1m17s
Details
ci / docs-site (push) Failing after 48s
Details
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 6s
Details
deb / build-publish (push) Failing after 2m21s
Details
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m25s
Details
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 4s
Details
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m24s
Details
docker / deploy-docs (push) Successful in 17s
Details
rpm / build-publish (push) Successful in 3m45s
Details
docs(rpm): use repo_gpgcheck for the unsigned Gitea RPMs 
Gitea GPG-signs the repo metadata but not the individual packages, while its
auto-served bazzite.repo sets gpgcheck=1 — so `rpm-ostree install` fails with
"could not be verified" on our unsigned RPMs. Document writing the repo
explicitly with gpgcheck=0 + repo_gpgcheck=1 (verify the signed metadata, which
carries each package checksum) instead of curling the served .repo. Note the
TLS-only fallback and that per-package signing is future hardening.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-12 22:07:42 +00:00

80 lines
3.5 KiB
Markdown
Raw Blame History

# punktfunk-host — RPM (Bazzite / Fedora Atomic) via the Gitea registry
`punktfunk-host` is published as an RPM to **Gitea's RPM package registry** in the public `unom`
org (group `bazzite`), so Bazzite / Fedora Atomic hosts layer and update it with `rpm-ostree`.
CI (`.gitea/workflows/rpm.yml`) builds and publishes on every push to `main` (a rolling
`0.0.1-0.ciN.<sha>` build) and on `v*` tags (a clean `X.Y.Z-1`). The RPM is built in the
Fedora 43 image (`ci/fedora-rpm.Dockerfile`) so its auto-generated library Requires
(`libavcodec.so.NN`, …) match Bazzite's sonames; the NVIDIA driver lib (`libcuda.so.1`) is
excluded — NVENC/EGL come from whatever NVIDIA stack the host runs (a weak Recommends).
This is the same package as the [COPR](../copr/README.md) / [bootc](../bootc/Containerfile)
paths — same spec (`punktfunk.spec`) — just self-hosted in Gitea instead of COPR, mirroring the
[Debian/apt](../debian/README.md) setup.
## Install on a Bazzite host (one-time)
```sh
# Add the repo. Our RPMs are unsigned, but Gitea GPG-signs the repo METADATA — so verify that
# (repo_gpgcheck=1) and skip the per-package signature check (gpgcheck=0). The signed metadata
# carries each package's SHA256, so authenticity still holds. (Don't just curl Gitea's served
# bazzite.repo — it sets gpgcheck=1, which fails on unsigned packages.)
sudo tee /etc/yum.repos.d/punktfunk.repo >/dev/null <<'REPO'
[gitea-unom-bazzite]
name=punktfunk (unom, Bazzite)
baseurl=https://git.unom.io/api/packages/unom/rpm/bazzite
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://git.unom.io/api/packages/unom/rpm/repository.key
REPO
# Layer the package, then reboot into the new deployment.
rpm-ostree install punktfunk
systemctl reboot
```
> If `rpm-ostree` can't complete the metadata GPG check non-interactively, set `repo_gpgcheck=0`
> (TLS-only trust to the self-hosted registry). Proper per-package signing (`gpgcheck=1`) would
> need a CI signing key + `rpm --addsign` — future hardening, not wired up.
After reboot, as the desktop user:
```sh
ujust add-user-to-input-group # virtual gamepads need /dev/uinput (re-login).
# Bazzite is atomic — use ujust, NOT `usermod -aG input`.
mkdir -p ~/.config/punktfunk
cp /usr/share/punktfunk/host.env.bazzite ~/.config/punktfunk/host.env # gamescope defaults
systemctl --user enable --now punktfunk-host
```
(See [`../bazzite/README.md`](../bazzite/README.md) for the full appliance walkthrough —
udev/group, `host.env`, the Steam session unit, firewall, verify.)
## Updates
```sh
rpm-ostree upgrade # pulls the newest punktfunk with the system update
systemctl reboot # rpm-ostree changes apply on reboot
```
Layered packages are re-resolved against their repos on every `rpm-ostree upgrade`, so the box
tracks new builds automatically (Bazzite's auto-update timer does this for you). To pin or stop
tracking: `rpm-ostree override` / `rpm-ostree uninstall punktfunk`.
## Build an RPM locally
```sh
PF_VERSION=0.0.1 bash packaging/rpm/build-rpm.sh # -> dist/punktfunk-0.0.1-1.fcNN.x86_64.rpm
```
Run it inside the Fedora 43 builder image so the deps resolve and match Bazzite:
```sh
docker build -f ci/fedora-rpm.Dockerfile -t punktfunk-fedora-rpm ci
docker run --rm -v "$PWD:/src" -w /src punktfunk-fedora-rpm \
bash -lc 'git config --global --add safe.directory /src && PF_VERSION=0.0.1 bash packaging/rpm/build-rpm.sh'
```
A plain `rpmbuild`/COPR build with no `pf_version`/`pf_release` defines produces `0.0.1-1`.
Reference in New Issue View Git Blame Copy Permalink