refactor: migrate Homebrew to build-time installation

Author: ahmedadan

Containerfile

@@ -32,6 +32,36 @@ RUN --mount=type=cache,dst=/var/cache/libdnf5 \
     --mount=type=secret,id=GITHUB_TOKEN \
     /ctx/build_files/shared/build.sh
 
+# Install Homebrew
+RUN --mount=type=cache,dst=/var/cache/homebrew,uid=1000,gid=1000 \
+    set -eoux pipefail && \
+    # Create linuxbrew user with fixed UID/GID for compatibility with first user \
+    useradd -u 1000 -m -s /bin/bash -c "Homebrew Build User" linuxbrew && \
+    # Create Homebrew directory structure in /var/home (persists across ostree) \
+    mkdir -p /var/home/linuxbrew/.linuxbrew && \
+    chown -R 1000:1000 /var/home/linuxbrew && \
+    # Create cache directories \
+    mkdir -p /var/cache/homebrew /var/lib/homebrew && \
+    chown -R 1000:1000 /var/cache/homebrew /var/lib/homebrew && \
+    # Download and run Homebrew installer as linuxbrew user \
+    su - linuxbrew -c "bash -c ' \
+        export NONINTERACTIVE=1 && \
+        export HOMEBREW_BREW_GIT_REMOTE=https://github.com/Homebrew/brew && \
+        export HOMEBREW_CORE_GIT_REMOTE=https://github.com/Homebrew/homebrew-core && \
+        export HOMEBREW_NO_AUTO_UPDATE=1 && \
+        curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash \
+    '" && \
+    # Disable git auto-gc to prevent background processes \
+    su - linuxbrew -c "git config --global gc.auto 0" && \
+    # Verify installation \
+    test -x /var/home/linuxbrew/.linuxbrew/bin/brew && \
+    /var/home/linuxbrew/.linuxbrew/bin/brew --version && \
+    test -d /var/home/linuxbrew/.linuxbrew/Homebrew && \
+    # Clean up linuxbrew user (ownership preserved via UID/GID 1000) \
+    userdel linuxbrew && \
+    # Cleanup cache \
+    dnf clean all
+
 # Makes `/opt` writeable by default
 # Needs to be here to make the main image build strict (no /opt there)
 # This is for downstream images/stuff like k0s

build_files/base/04-packages.sh

@@ -29,6 +29,7 @@ FEDORA_PACKAGES=(
     ddcutil
     evtest
     fastfetch
+    file
     firewall-config
     fish
     foo2zjs

build_files/base/06-install-homebrew.sh

@@ -77,16 +77,22 @@ for unit in "${IMPORTANT_UNITS[@]}"; do
     fi
 done
 
-# Test Homebrew installation files
-echo "Testing Homebrew installation files..."
+# Test Homebrew build-time installation
+echo "Testing Homebrew build-time installation..."
 
-# Test that the homebrew installer script exists and is executable
-test -f /usr/share/ublue-os/homebrew-install.sh || { echo "Missing homebrew installer script"; exit 1; }
-test -x /usr/share/ublue-os/homebrew-install.sh || { echo "Homebrew installer script is not executable"; exit 1; }
+# Test that Homebrew is actually installed
+test -x /var/home/linuxbrew/.linuxbrew/bin/brew || { echo "Homebrew binary not found or not executable"; exit 1; }
+/var/home/linuxbrew/.linuxbrew/bin/brew --version || { echo "Homebrew --version failed"; exit 1; }
+
+# Verify /home -> /var/home symlink works (ostree system feature)
+test -d /home/linuxbrew/.linuxbrew || { echo "/home/linuxbrew not accessible (ostree /home symlink issue)"; exit 1; }
+
+# Test directory ownership (should be UID/GID 1000)
+stat -c "%u:%g" /var/home/linuxbrew/.linuxbrew | grep -q "1000:1000" || { echo "Homebrew directory has wrong ownership"; exit 1; }
 
 # Test that all systemd service files exist
+# Homebrew now installed at build-time
 HOMEBREW_SYSTEMD_FILES=(
-    /usr/lib/systemd/system/brew-setup.service
     /usr/lib/systemd/system/brew-update.service
     /usr/lib/systemd/system/brew-update.timer
     /usr/lib/systemd/system/brew-upgrade.service

build_files/base/20-tests.sh

@@ -34,9 +34,6 @@ echo "::endgroup::"
 # Install Overrides and Fetch Install
 /ctx/build_files/base/05-override-install.sh
 
-# Install Homebrew
-/ctx/build_files/base/06-install-homebrew.sh
-
 # Build GNOME Extensions from Git Submodules
 /ctx/build_files/shared/build-gnome-extensions.sh
 

build_files/shared/build.sh

@@ -1,3 +1,2 @@
-enable brew-setup.service
 enable brew-update.timer
 enable brew-upgrade.timer

system_files/shared/usr/lib/systemd/system-preset/01-homebrew.preset

@@ -2,7 +2,8 @@
 Description=Auto update brew for mutable brew installs
 After=local-fs.target
 After=network-online.target
-ConditionPathIsSymbolicLink=/home/linuxbrew/.linuxbrew/bin/brew
+ConditionPathExists=/home/linuxbrew/.linuxbrew/bin/brew
+ConditionPathIsExecutable=/home/linuxbrew/.linuxbrew/bin/brew
 
 [Service]
 User=1000

system_files/shared/usr/lib/systemd/system/brew-setup.service

@@ -2,7 +2,8 @@
 Description=Upgrade Brew packages
 After=local-fs.target
 After=network-online.target
-ConditionPathIsSymbolicLink=/home/linuxbrew/.linuxbrew/bin/brew
+ConditionPathExists=/home/linuxbrew/.linuxbrew/bin/brew
+ConditionPathIsExecutable=/home/linuxbrew/.linuxbrew/bin/brew
 
 [Service]
 User=1000

system_files/shared/usr/lib/systemd/system/brew-update.service

@@ -1,3 +1,5 @@
+# Homebrew is installed at build-time to /var/home/linuxbrew
+# These directives ensure proper ownership for first user (UID 1000) at runtime
 d /var/lib/homebrew 0755 1000 1000 - -
 d /var/cache/homebrew 0755 1000 1000 - -
 d /var/home/linuxbrew 0755 1000 1000 - -