Upgrade to Trixie

.gitea/workflows/ci.yml

@@ -0,0 +1,62 @@
+# this workflow will not work in containers, only on VMs/bare-metal hosts sue to limitation of
+# container-based environments (filesystems mounted with nodev/noexec). Since parts of the build
+# process require root access/the following should be configured in /etc/sudoers.d/debian-live-config:
+# act-runner ALL=NOPASSWD: /usr/bin/apt -y install live-build make build-essential wget git unzip colordiff apt-transport-https rename ovmf rsync python3-venv gnupg
+# act-runner ALL=NOPASSWD: /usr/bin/lb
+
+# To publish the resulting ISO to GItea's generic package, registry, a personal
+# access token must be created from /user/settings/applications with permissions
+# to read/write from packge registry, and the value of the token must be added
+# as a repository secret from $REPOSITORY/settings/actions/secrets, with the
+# name PACKAGE_REGISTRY_API_TOKEN
+
+name: CI
+on:
+  push:
+
+concurrency:
+  group: ${{ gitea.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: host
+    steps:
+    - name: checkout repo
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0 # full history must be fetched for git tag detection mechanism in Makefile to work
+    - name: restore cache
+      uses: actions/cache/restore@v3
+      with:
+        path: cache/packages*
+        key: packages-cache
+    - name: run build
+      run: make
+    # - name: compute and sign checksums
+    #   run: make checksums
+    - name: publish ISO file to generic package registry
+      run: |
+        set -o errexit; \
+        package_registry_url="$GITHUB_SERVER_URL/api/packages/$GITHUB_REPOSITORY_OWNER/generic/debian-live-config/$GITHUB_REF"; \
+        package_registry_user="$GITHUB_REPOSITORY_OWNER:${{ secrets.PACKAGE_REGISTRY_API_TOKEN }}"; \
+        last_tag=(git describe --tags --abbrev=0); \
+        echo "[INFO] deleting previous .iso file"; \
+        curl --verbose --user "$package_registry_user" -X DELETE "$package_registry_url/debian-live-config-debian-bookworm.iso" || true; \
+        echo "[INFO] deleting previous .SHA512SUMS file"; \
+        curl --verbose --user "$package_registry_user" -X DELETE "$package_registry_url/SHA512SUMS.txt" || true; \
+        echo "[INFO] uploading .iso file"; \
+        curl --verbose --user "$package_registry_user" --upload-file ./iso/*.iso "$package_registry_url/debian-live-config-debian-bookworm.iso"; \
+        echo "[INFO] uploading SHA512SUMS file"; \
+        curl --verbose --user "$package_registry_user" --upload-file ./iso/SHA512SUMS "$package_registry_url/SHA512SUMS"; \
+    - name: save cache
+      uses: actions/cache/save@v3
+      with:
+        path: cache/packages*
+        key: packages-cache
+    # files generated by the build process must be explicitely cleaned, else the builtin post-build action will not be able to remove files ownerd by root created by sudo lb build
+    - name: clean build artifacts
+      if: always()
+      run: make clean_purge
+    - name: debug
+      run: git status --untracked-files

.gitignore

@@ -14,3 +14,35 @@ config/chroot
 config/common
 *.duc-index
 iso/
+binary.modified_timestamps
+config/hooks/live/
+config/hooks/normal/1000-create-mtab-symlink.hook.chroot
+config/hooks/normal/1010-enable-cryptsetup.hook.chroot
+config/hooks/normal/1020-create-locales-files.hook.chroot
+config/hooks/normal/5000-update-apt-file-cache.hook.chroot
+config/hooks/normal/5010-update-apt-xapian-index.hook.chroot
+config/hooks/normal/5020-update-glx-alternative.hook.chroot
+config/hooks/normal/5030-update-plocate-database.hook.chroot
+config/hooks/normal/5040-update-nvidia-alternative.hook.chroot
+config/hooks/normal/5050-dracut.hook.chroot
+config/hooks/normal/8000-remove-adjtime-configuration.hook.chroot
+config/hooks/normal/8010-remove-backup-files.hook.chroot
+config/hooks/normal/8020-remove-dbus-machine-id.hook.chroot
+config/hooks/normal/8030-truncate-log-files.hook.chroot
+config/hooks/normal/8040-remove-mdadm-configuration.hook.chroot
+config/hooks/normal/8050-remove-openssh-server-host-keys.hook.chroot
+config/hooks/normal/8060-remove-systemd-machine-id.hook.chroot
+config/hooks/normal/8070-remove-temporary-files.hook.chroot
+config/hooks/normal/8080-reproducible-glibc.hook.chroot
+config/hooks/normal/8090-remove-ssl-cert-snakeoil.hook.chroot
+config/hooks/normal/8100-remove-udev-persistent-cd-rules.hook.chroot
+config/hooks/normal/8110-remove-udev-persistent-net-rules.hook.chroot
+config/hooks/normal/9000-remove-gnome-icon-cache.hook.chroot
+config/hooks/normal/9010-remove-python-pyc.hook.chroot
+config/hooks/normal/9020-remove-man-cache.hook.chroot
+config/package-lists/live.list.chroot
+config/source
+live-image-amd64.contents
+live-image-amd64.files
+live-image-amd64.hybrid.iso
+live-image-amd64.packages

CHANGELOG.md

@@ -7,29 +7,41 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
 ### Added
 
+* packages: system: add support for [flatpak](https://flathub.org/) software installation method
 * firmware: add out-of-the-box support for some Broadcom wireless cards
 
 ### Changed
 
+* system: replace [gnome-packagekit](https://packages.debian.org/trixie/gnome-packagekit) with [gnome-software](https://packages.debian.org/trixie/gnome-software) as main graphical package management/update tool
+* utility: replace [file-roller](https://packages.debian.org/trixie/file-roller) with [engrampa](https://packages.debian.org/trixie/engrampa) as archive manager
 * power management: replace [laptop-mode-tools](https://packages.debian.org/bookworm/laptop-mode-tools) with [tlp](https://packages.debian.org/bookworm/tlp)
+* desktop/xfwm4: disable zooming with Alt+mouse wheel by default
+* desktop/xfce4-panel: panel height to 32 px and enable the dark theme
 * extras: update user.js to v0.13.0
   * Don't expire cookies when the browser is closed
   * Enable Global Privacy Control preference
   * Disable preloading of autocomplete URLs
   * No longer disable the built-in PDF viewer by default
   * Fix infinite loop on Cloudflare proection pages (turnstile)
 * desktop: switch default theme to Yaru-blue
+* desktop: use new "Ceratopsian" theme background by default
+* build tools improvements
 
 ### Fixed
 
-* fix sshd failing to start
-* fix gnome-calculator failing to start (disable currency rates download)
+* fix ssh daemon startup failures
+* fix gnome-calculator startup failures by disabling currency rates download
+* desktop/xfwm4: fix/enable automatic tiling of windows when moved to the edge of the screen
+* installer: fix question about `/etc/default/grub` interrupting unattended installation
 
 ### Removed
 
-* audio/video: remove libdvd-pkg (DVD-Video playing library)
-* desktop/xfwm4: fix/enable automatic tiling of windows when moved to the edge of the screen
-* utility: remove gcolor3 color picker (does not work)
+* packages: system: remove [localepurge](https://packages.debian.org/trixie/localepurge
+* packages: system: remove [debsecan](https://packages.debian.org/trixie/debsecan)
+* packages: system: remove [synaptic](https://packages.debian.org/trixie/synaptic)
+* packages: audio/video: remove [libdvd-pkg](https://packages.debian.org/trixie/libdvd-pkg)
+* packages: utility: remove [gcolor3](https://packages.debian.org/trixie/gcolor3) color picker (does not work)
+* drop incomplete support for 32-bit builds
 
 ---------------------
 

Makefile

@@ -14,13 +14,12 @@ download_extra:
 
 .PHONY: install_buildenv # install packages required to build the image
 install_buildenv:
-	mkdir -p config/packages.chroot
+	mkdir config/packages.chroot/
 	sudo apt -y install live-build make build-essential wget git unzip colordiff apt-transport-https rename ovmf rsync python3-venv gnupg
-
 ##############################
 
 .PHONY: clean # clear all caches, only required when changing the mirrors/architecture config
-clean:
+clean: clean_kvm
 	sudo lb clean --all
 	make -f Makefile.extra clean
 	rm -rf .venv
@@ -45,7 +44,7 @@ checksums:
 	@mkdir -p iso/
 	mv *.iso iso/
 	cd iso/; \
-	rename "s/live-image/debian-live-config-$(LAST_TAG)-debian-bookworm/" *; \
+	rename "s/live-image/debian-live-config-$(LAST_TAG)-debian-trixie/" *; \
 	rename "s/.hybrid.iso/.iso/" *; \
 	sha512sum *.iso  > SHA512SUMS; \
 
@@ -88,23 +87,22 @@ debug_imagesize:
 	#duc gui /mnt/debian-live-config-squashfs -d debian-live-config-squashfs.duc-index
 	duc gui /mnt/debian-live-config-iso -d debian-live-config-iso.duc-index
 
+.PHONY: clean_kvm # remove files generated by test_kvm_bios/test_kvm_uefi
+clean_kvm:
+	-virsh destroy dlc-test
+	-virsh undefine dlc-test --nvram --storage vda
+
 # requirements: iso image must be downloaded from the build machine beforehand
 # rsync -avzP $BUILD_HOST:/var/debian-live-config/iso ./
 # cp iso/*.iso /var/lib/libvirt/images/
 .PHONY: test_kvm_bios # test resulting live image in libvirt VM with legacy BIOS
-test_kvm_bios:
-	virt-install --name dlc-test --osinfo debian11 --boot cdrom --video virtio --disk path=$(LIBVIRT_STORAGE_PATH)/dlc-test-disk0.qcow2,format=qcow2,size=20,device=disk,bus=virtio,cache=none --cdrom "$(LIBVIRT_STORAGE_PATH)debian-live-config-$(LAST_TAG)-debian-bookworm-amd64.iso" --memory 3048 --vcpu 2
-	virsh destroy dlc-test
-	virsh undefine dlc-test
-	rm -f $$PWD/dlc-test-disk0.qcow2
+test_kvm_bios: clean_kvm
+	virt-install --name dlc-test --osinfo debian11 --boot cdrom --video virtio --disk path=$(LIBVIRT_STORAGE_PATH)/dlc-test-disk0.qcow2,format=qcow2,size=20,device=disk,bus=virtio,cache=none --cdrom "$(LIBVIRT_STORAGE_PATH)debian-live-config-$(LAST_TAG)-debian-trixie-amd64.iso" --memory 3048 --vcpu 2
 
 # UEFI support must be enabled in QEMU config for EFI install tests https://wiki.archlinux.org/index.php/Libvirt#UEFI_Support (/usr/share/OVMF/*.fd)
 .PHONY: test_kvm_uefi # test resulting live image in libvirt VM with UEFI
-test_kvm_uefi:
-	virt-install --name dlc-test --osinfo debian11 --boot loader=/usr/share/OVMF/OVMF_CODE.fd --video virtio --disk path=$(LIBVIRT_STORAGE_PATH)/dlc-test-disk0.qcow2,format=qcow2,size=20,device=disk,bus=virtio,cache=none --cdrom "$(LIBVIRT_STORAGE_PATH)debian-live-config-$(LAST_TAG)-debian-bookworm-amd64.iso" --memory 3048 --vcpu 2
-	virsh destroy dlc-test
-	virsh undefine dlc-test
-	rm -f $$PWD/dlc-test-disk0.qcow2
+test_kvm_uefi: clean_kvm
+	virt-install --name dlc-test --osinfo debian11 --boot uefi --video virtio --disk path=$(LIBVIRT_STORAGE_PATH)/dlc-test-disk0.qcow2,format=qcow2,size=20,device=disk,bus=virtio,cache=none --cdrom "$(LIBVIRT_STORAGE_PATH)debian-live-config-$(LAST_TAG)-debian-trixie-amd64.iso" --memory 3048 --vcpu 2
 
 ##### DOCUMENTATION #####
 # requirements: sudo apt install git jq

Makefile.extra

@@ -23,14 +23,6 @@ download_extra: clean
 	$(WGET) https://nodiscc.gitlab.io/toolbox/pool/main/b/bleachbit-cleanerml/bleachbit-cleanerml_0.0.1~git0+5bc2961_all.deb
 	cp cache/downloads/bleachbit-cleanerml_0.0.1~git0+5bc2961_all.deb config/packages.chroot/
 
-	# DISABLED https://github.com/yt-dlp/yt-dlp (available in stable-backports)
-	#$(WGET) https://nodiscc.gitlab.io/toolbox/pool/main/y/yt-dlp/yt-dlp_2022.01.21_amd64.deb
-	#cp cache/downloads/yt-dlp_2022.01.21_amd64.deb config/packages.chroot/
-
-	# DISABLED https://github.com/EionRobb/pidgin-opensteamworks/
-	#$(WGET) https://nodiscc.gitlab.io/toolbox/pool/main/p/pidgin-opensteamworks/pidgin-opensteamworks_1.7-1_amd64.deb
-	#cp cache/downloads/pidgin-opensteamworks_1.7-1_amd64.deb config/packages.chroot/
-
 	# DISABLED https://github.com/axcore/tartube
 	#$(WGET) https://nodiscc.gitlab.io/toolbox/pool/main/t/tartube/python3-tartube_2.4.260.deb
 	#cp cache/downloads/python3-tartube_2.4.260.deb config/packages.chroot/
@@ -45,9 +37,9 @@ download_extra: clean
 	# EXTRA https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
 	$(WGET) https://addons.mozilla.org/firefox/downloads/file/3711829/cookie_autodelete-3.6.0-an+fx.xpi -O config/includes.chroot/usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/CookieAutoDelete@kennydo.com.xpi
 
-	# EXTRA https://addons.thunderbird.net/thunderbird/addon/gmail-conversation-view/
-	mkdir -p config/includes.chroot/usr/lib/thunderbird/extensions/
-	$(WGET) https://addons.thunderbird.net/thunderbird/downloads/latest/gmail-conversation-view/addon-54035-latest.xpi -O config/includes.chroot/usr/lib/thunderbird/extensions/gconversation@xulforum.org.xpi
+	# EXTRA https://addons.thunderbird.net/thunderbird/addon/gmail-conversation-view/ (disabled, HTTP 403)
+	#mkdir -p config/includes.chroot/usr/lib/thunderbird/extensions/
+	#$(WGET) https://addons.thunderbird.net/thunderbird/downloads/latest/gmail-conversation-view/addon-54035-latest.xpi -O config/includes.chroot/usr/lib/thunderbird/extensions/gconversation@xulforum.org.xpi
 
 	# DISABLED https://signal.org/
 	# RFP https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943

README.md

@@ -4,7 +4,8 @@
 The documentation on configuring this project can be found here: https://debian-live-config.readthedocs.io/en/latest/custom.html
 ## Building from source
 --------------------------
-To build from source you need to have the debian installed and the root privilages. After getting everything you need, run:<br/>
+To build from source you need to have the debian installed,root privilages and cosmic-epoch debian package installed in `config/packages.chroot`.The package can be found [here](https://gofile.io/d/ABXzTl). After getting everything you need, run:<br/>
+`dpkg-name config/packages.chroot/cosmic-epoch-1.0.2.deb`<br/>
 `sudo apt install -y make`<br/>
 `sudo make install_buildenv`<br/>
 `sudo lb config`<br/>

auto/build

@@ -1,4 +1,5 @@
 #!/bin/sh
 set -e
 
-lb build noauto "${@}" 2>&1 | tee build.log
+lb build noauto "${@}" 2>&1 | tee build.log
+chmod a+r live-image*.iso

auto/config

@@ -17,18 +17,17 @@ lb config noauto \
 --clean \
 --debconf-frontend noninteractive \
 --debian-installer live \
---debian-installer-distribution bookworm \
+--debian-installer-distribution trixie \
 --debian-installer-gui true \
 --debootstrap-options "--include=apt-transport-https,ca-certificates,openssl" \
---distribution bookworm \
+--distribution trixie \
 --firmware-binary true \
 --firmware-chroot true \
 --initramfs live-boot \
 --iso-publisher debian-live-config \
 --iso-volume debian-live-config-4.2.1 \
 --linux-packages "linux-image linux-headers" \
 --bootappend-live "boot=live config splash" \
---memtest memtest86+ \
---win32-loader true
+--memtest memtest86+
 
 "${@}"

config/archives/debian-updates-security-backports.list.binary

@@ -1,5 +1,5 @@
-deb https://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
-deb https://deb.debian.org/debian/ bookworm-proposed-updates main contrib non-free non-free-firmware
-deb https://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
-deb https://deb.debian.org/debian/ bookworm-backports main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie-proposed-updates main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware

config/archives/debian-updates-security-backports.list.chroot

@@ -1,5 +1,5 @@
-deb https://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
-deb https://deb.debian.org/debian/ bookworm-proposed-updates main contrib non-free non-free-firmware
-deb https://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
-deb https://deb.debian.org/debian/ bookworm-backports main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie-proposed-updates main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware

config/bootloaders/isolinux/live.cfg.in

@@ -11,12 +11,12 @@ label live-@FLAVOUR@-english
         initrd @INITRD@
         append @APPEND_LIVE@ locales=en_US.UTF-8
 
-#label live-@FLAVOUR@-french
-#       menu label ^Live (@FLAVOUR@) (French)
-#      menu default
-#        linux @LINUX@
-#        initrd @INITRD@
-#        append @APPEND_LIVE@ locales=fr_FR.UTF-8
+label live-@FLAVOUR@-french
+        menu label ^Live (@FLAVOUR@) (French)
+        menu default
+        linux @LINUX@
+        initrd @INITRD@
+        append @APPEND_LIVE@ locales=fr_FR.UTF-8
 
 label installgui
     menu label ^Install

config/hooks/normal/0350-update-default-services-status.hook.chroot

@@ -1,8 +1,8 @@
 #!/bin/bash
 echo "I: running $0"
 
-disabled_services="avahi-daemon.service openvpn.service rsync.service ssh.service nmbd.service smbd.service libvirtd.service libvirt-guests.service"
-enabled_services="bumblebeed.service cups-browsed.service bluetooth.service cups.service fancontrol.service laptop-mode.service ntp.service plymouth.service preload.service smartmontools.service rsyslog.service lm-sensors.service hddtemp.service haveged.service"
+disabled_services="openvpn.service rsync.service ssh.service"
+#enabled_services="bumblebeed.service cups-browsed.service bluetooth.service cups.service fancontrol.service laptop-mode.service ntp.service plymouth.service preload.service smartmontools.service rsyslog.service lm-sensors.service hddtemp.service haveged.service"
 
 for service in $disabled_services; do
 	echo "Disabling $service"
@@ -15,5 +15,3 @@ for service in $enabled_services; do
 	systemctl enable "$service".service || true
 	systemctl start "$service".service || true
 done
-
-

config/hooks/normal/0425-update-session-manager-alternative.hook.chroot

@@ -1,3 +1,3 @@
 #!/bin/bash
 echo "I: running $0"
-#update-alternatives --set x-session-manager /usr/bin/xfce4-session
+#update-alternatives --set x-session-manager /usr/local/bin/cosmic-session

config/hooks/normal/0800-remove-large-firmware.hook.chroot

@@ -1,2 +1,2 @@
 #!/bin/bash
-apt-get -y purge firmware-netronome firmware-qcom-soc firmware-nvidia-gsp nvidia-tesla-470-kernel-support firmware-nvidia-tesla-gsp firmware-nvidia-graphics firmware-amd-graphics firmware-sof-signed firmware-atheros firmware-libertas raspi-firmware
+apt-get -y purge firmware-netronome firmware-qcom-soc firmware-nvidia-gsp nvidia-tesla-470-kernel-support firmware-nvidia-graphics firmware-amd-graphics firmware-sof-signed firmware-atheros firmware-libertas raspi-firmware

config/hooks/normal/0900-fix-permissions-on root.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# without this, live-build sets the mode of / to 770 leading to failures during boot
+chmod 0775 /