feat: add Bazaar app store#1796
Merged
RoyalOughtness merged 37 commits intosecureblue:stagingfrom Feb 1, 2026
Merged
Conversation
* Install libvirt, KVM, and QEMU packages into the images at build time. * Also install virt-manager and virt-viewer on desktop images. * Add `ujust set-libvirt-daemons` to enable, disable, or check the status of the various libvirt daemon services and sockets. The interactive mode uses Python's inquirer module to provide an interactive checklist. These units are all preset to be disabled to avoid introducing additional attack surface for users who don't use VMs. The ujust script also disables the monolithic libvirt daemon if it was enabled. * Remove `ujust install-libvirt-packages`.
…ue#1775) The libvirt/qemu/kvm packages increase the size of the server images by more than we want. Also adjust the package list to avoid installing emulators for other architectures (qemu-kvm instead of the full qemu metapackage).
…ureblue#1791) This will free up additional disk space before rechunking.
Need to have `*args` in the ujust signature to properly pass command-line arguments on to the script.
Contributor
|
@alexvojproc Please integrate my PR as well: https://github.com/secureblue/secureblue/pull/1822/files (previously https://github.com/secureblue/secureblue/pull/1821/files) All that need to be done is add |
RoyalOughtness
force-pushed
the
staging
branch
from
aa12e44 to
a49214f
Compare
EsseLowNitro
previously approved these changes
Feb 1, 2026
alexvojproc
commented
Feb 1, 2026
HastD
requested changes
Feb 1, 2026
files/system/desktop/usr/libexec/secureblue/firmwarecheckoutofdate
Outdated
Show resolved
Hide resolved
HastD
previously approved these changes
Feb 1, 2026
Collaborator
Author
|
yeah I think this is good now - sorry about repeat reviews! |
HastD
previously approved these changes
Feb 1, 2026
HastD
approved these changes
Feb 1, 2026
RoyalOughtness
approved these changes
Feb 1, 2026
RoyalOughtness
added a commit
that referenced
this pull request
Feb 3, 2026
* feat: preinstall libvirt/kvm/qemu (#1766) * Install libvirt, KVM, and QEMU packages into the images at build time. * Also install virt-manager and virt-viewer on desktop images. * Add `ujust set-libvirt-daemons` to enable, disable, or check the status of the various libvirt daemon services and sockets. The interactive mode uses Python's inquirer module to provide an interactive checklist. These units are all preset to be disabled to avoid introducing additional attack surface for users who don't use VMs. The ujust script also disables the monolithic libvirt daemon if it was enabled. * Remove `ujust install-libvirt-packages`. * fix: only install virtualization packages on desktop images (#1775) The libvirt/qemu/kvm packages increase the size of the server images by more than we want. Also adjust the package list to avoid installing emulators for other architectures (qemu-kvm instead of the full qemu metapackage). * chore: update BlueBuild CLI to v0.9.30, pass --remove-base-image (#1791) This will free up additional disk space before rechunking. * fix: missing arguments in ujust set-libvirt-daemons (#1792) Need to have `*args` in the ujust signature to properly pass command-line arguments on to the script. * add secureblue/bazaar copr repo * add bazaar to desktop builds * add krunner-bazaar to kinoite builds * remove gnome-software from silverblue builds * remove plasma-discover on kde * check for firmware updates and notify if available * add blocklist * add curated section * remove appstream krunner * start bazaar search provider on login * Update utilities.just * Update removesuid.sh * Update removesuid.sh * Update removesuid.sh * Update removesuid.sh * Update 40-secureblue.preset * Update firmwareoutofdatenotify * Update firmwarecheckoutofdate * Update silverblue-modules.yml * Update curated.yaml * Update blocklist.yaml * Create bazaar.te * Create bazaar.fc * Create bazaar.if * don't remove dependent packages * transition bazaar_t -> flatpak_exec_t -> flatpak_t * mark as userns_privileged_file_type * make firmwarecheckoutofdate more concise * as discussed in #1822 * use flatpak_t for bazaar for now * oepsie doepsie --------- Co-authored-by: Daniel Hast <[email protected]> Co-authored-by: RoyalOughtness <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changelog
Infrastructure
Unclear points