diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..7429e23c --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,44 @@ +name: build + +on: + pull_request: + branches: [ main ] + workflow_dispatch: + workflow_call: + outputs: + installer_ver: + description: asahi-installer built version string + value: ${{ jobs.build.outputs.installer_ver }} + +jobs: + build: + runs-on: ubuntu-latest + outputs: + installer_ver: ${{ steps.compile.outputs.installer_ver }} + + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + fetch-tags: true + submodules: recursive + + - name: Install build dependencies + run: | + sudo apt-get update + sudo apt-get install --no-install-recommends -y gcc-aarch64-linux-gnu + sudo apt-get install --no-install-recommends -y 7zip jq + rustup target install aarch64-unknown-none-softfloat + + - name: Build asahi-installer + id: compile + run: | + ./build.sh + echo "installer_ver=$(cat releases/latest).tar.gz" >> $GITHUB_OUTPUT + + - name: Upload artefact + uses: actions/upload-artifact@v4 + with: + name: installer-build + path: | + releases/* diff --git a/.github/workflows/release-dev.yaml b/.github/workflows/release-dev.yaml new file mode 100644 index 00000000..55235bce --- /dev/null +++ b/.github/workflows/release-dev.yaml @@ -0,0 +1,12 @@ +name: release-dev + +on: + push: + branches: [ main ] + workflow_dispatch: + +jobs: + release-dev: + uses: ./.github/workflows/release.yaml + with: + upload-type: installer-dev diff --git a/.github/workflows/release-prod.yaml b/.github/workflows/release-prod.yaml new file mode 100644 index 00000000..b9734bcc --- /dev/null +++ b/.github/workflows/release-prod.yaml @@ -0,0 +1,13 @@ +name: release-prod + +on: + push: + tags: + - v* + workflow_dispatch: + +jobs: + release-prod: + uses: ./.github/workflows/release.yaml + with: + upload-type: installer diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..3388ecba --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,46 @@ +name: release + +on: + workflow_call: + inputs: + upload-type: + required: true + type: string + workflow_dispatch: + + +jobs: + build: + uses: ./.github/workflows/build.yaml + + upload-artefact: + needs: build + runs-on: ubuntu-latest + steps: + - name: Download artefact + uses: actions/download-artifact@v4 + with: + name: installer-build + path: releases/. + + - name: Push to Bunny + env: + PKG_URL: "https://storage.bunnycdn.com/asahilinux/${{ inputs.upload-type }}" + PKG_VER: "installer-${{ needs.build.outputs.installer_ver }}" + run: | + if [ ! -e "releases/${PKG_VER}" ]; then + echo "Package not found!" + exit 1 + fi + + upload() { + curl -# --fail --request PUT \ + --url "${2}" \ + -H "AccessKey: ${{ secrets.BUNNY_TOKEN }}" \ + -H "Content-Type: ${3}" \ + -H "Accept: application/json" \ + --data-binary @${1} + } + + upload "releases/${PKG_VER}" "${PKG_URL}/${PKG_VER}" "application/octet-stream" + upload "releases/latest" "${PKG_URL}/latest" "text/plain" diff --git a/README.md b/README.md index d21ad85b..ba44bca7 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,54 @@ # Asahi Linux installer +The Asahi Linux installer provides a way to install [Asahi Linux](https://asahilinux.org) +on Apple Silicon Macs. These systems have a bespoke [boot process](https://asahilinux.org/docs/platform/introduction/) +that requires special considerations to support [alternative operating systems](https://asahilinux.org/docs/platform/open-os-interop/). +The Asahi Installer takes care of preparing the system for the installation, +downloading an image of the distribution to install and laying it on disk. -The Asahi Linux installer provides a way to install [Asahi Linux](https://asahilinux.org) on Apple Silicon Macs. These systems have a bespoke [boot process](https://asahilinux.org/docs/platform/introduction/) that requires special considerations to support [alternative operating systems](https://asahilinux.org/docs/platform/open-os-interop/). The Asahi Installer takes care of preparing the system for the installation, downloading an image of the distribution to install and laying it on disk. - -This repository provides the installer itself, supporting scripts, and the `asahi_firmware` Python module (which is also used by [asahi-scripts](https://github.com/AsahiLinux/asahi-scripts)). +This repository provides the installer itself, supporting scripts, and the +`asahi_firmware` Python module (which is also used by [asahi-scripts](https://github.com/AsahiLinux/asahi-scripts)). ## Building - -Run `./build.sh`, which will produce an installer tree under `releases/`. By default this will build m1n1 with chainloading support. You can optionally set `M1N1_STAGE1` to a prebuilt m1n1 stage 1 binary, and `LOGO` to a logo in icns format. These are mostly useful for downstream distributions that would like to customize or brand the installer. By default, the build will fetch required dependencies from the Internet and cache them under `dl/`. If this isn't desired, place the required files there before running the build. +Run `./build.sh`, which will produce an installer tree under `releases/`. By +default this will build m1n1 with chainloading support. You can optionally set +`M1N1_STAGE1` to a prebuilt m1n1 stage 1 binary, and `LOGO` to a logo in icns format. +These are mostly useful for downstream distributions that would like to customize +or brand the installer. By default, the build will fetch required dependencies from +the Internet and cache them under `dl/`. If this isn't desired, place the required +files there before running the build. + +The reference installer at https://alx.sh is deployed from the latest tag of this +repo by `.github/workflows/release-prod.yaml`. The dev installer at https://alx.sh/dev +is deployed from the latest push to `main` by `.github/workflows/release-dev.yaml`. ## Bootstrapping and branding - -The installer is meant to be executed via a bootstrap script. We provide reference implementations for [local development](scripts/bootstrap.sh) and for alx.sh ([prod](scripts/bootstrap-prod.sh), [dev](scripts/bootstrap-dev.sh)). Following our [distribution guidelines](https://asahilinux.org/docs/alt/policy/), downstream distributions are encouraged to host their own modified copy of these, alongside their downstream build of the installer and their installation images. Downstreams will also want to customize the variable definitions at the beginning of the script, as those will be consumed by the installer and used for its branding. These include: +The installer is meant to be executed via a bootstrap script. We provide reference +implementations for [local development](scripts/bootstrap.sh) and for alx.sh +([prod](scripts/bootstrap-prod.sh), [dev](scripts/bootstrap-dev.sh)). Following +our [distribution guidelines](https://asahilinux.org/docs/alt/policy/), downstream +distributions are encouraged to host their own modified copy of these, alongside +their downstream build of the installer and their installation images. Downstreams +will also want to customize the variable definitions at the beginning of the script, +as those will be consumed by the installer and used for its branding. These include: * `VERSION_FLAG`: a URI pointing to the `latest` file within the installer tree * `INSTALLER_BASE`: a URL pointing to your installer tree -* `INSTALLER_DATA`: a URI pointing to your installer medatata file (see [asahi-installer-data](https://github.com/AsahiLinux/asahi-installer) for the one we're using for alx.sh) -* `INSTALLER_DATA_ALT`: optionally, a URI pointing to an alternative location for your installer metadata file; this can be useful in locations where the primary location might be blocked by local network policies -* `REPO_BASE`: a URI pointing to your OS images root (meaning, the parent folder of the relative paths referenced inside the metadata file) +* `INSTALLER_DATA`: a URI pointing to your installer medatata file (see + [asahi-installer-data](https://github.com/AsahiLinux/asahi-installer) for + the one we're using for alx.sh) +* `INSTALLER_DATA_ALT`: optionally, a URI pointing to an alternative location for + your installer metadata file; this can be useful in locations where the + primary location might be blocked by local network policies +* `REPO_BASE`: a URI pointing to your OS images root (meaning, the parent folder + of the relative paths referenced inside the metadata file) * `REPORT`: a URI pointing to the stats server for installation metrics collection * `REPORT_TAG`: a string used to identify your distribution for metrics collection ## License - Copyright The Asahi Linux Contributors -The Asahi Linux installer is distributed under the MIT license. See LICENSE for the license text. +The Asahi Linux installer is distributed under the MIT license. See LICENSE for the +license text. -This installer vendors [python-asn1](https://github.com/andrivet/python-asn1), which is distributed under the same license. +This installer vendors [python-asn1](https://github.com/andrivet/python-asn1), which +is distributed under the same license. diff --git a/build.sh b/build.sh index 93530b6d..5eb25945 100755 --- a/build.sh +++ b/build.sh @@ -5,14 +5,14 @@ set -e cd "$(dirname "$0")" -PYTHON_VER=3.9.6 +PYTHON_VER=3.13.9 PYTHON_PKG=python-$PYTHON_VER-macos11.pkg PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG" -LIBFFI_VER=3.4.6 +LIBFFI_VER=3.5.2 LIBFFI_MANIFEST_URI="https://ghcr.io/v2/homebrew/core/libffi/manifests/$LIBFFI_VER" LIBFFI_BASE_URI="https://ghcr.io/v2/homebrew/core/libffi/blobs" -LIBFFI_TARGET_OS="macOS 12.6" +LIBFFI_TARGET_OS="macOS 26" LIBFFI_PKG="libffi-$LIBFFI_VER-macos.tar.gz" M1N1="$PWD/m1n1" diff --git a/m1n1 b/m1n1 index 277e8e71..e266c09e 160000 --- a/m1n1 +++ b/m1n1 @@ -1 +1 @@ -Subproject commit 277e8e71de92dbb2ff0dba9d49b2b27a97e23a08 +Subproject commit e266c09ee50971828c6a7ba02bb7f36a24a7692e diff --git a/push.sh b/push.sh deleted file mode 100755 index 85a35c58..00000000 --- a/push.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -set -e - -cd "$(dirname "$0")" - -SECRET_FILE=~/.secrets/asahilinux-storage -BASEPATH=https://storage.bunnycdn.com/asahilinux -SRC=releases - -case "$1" in - prod) DIR=installer;; - dev) DIR=installer-dev;; - *) echo "Usage: $0 [prod|dev]" 1>&2; exit 1;; -esac - -if [ ! -e "$SECRET_FILE" ]; then - echo "Missing storage bucket secret. Please place the secret in $SECRET_FILE." 1>&2 - exit 1 -fi - -SECRET="$(cat "$SECRET_FILE")" - -put() { - curl -# --fail --request PUT \ - --url "$1" \ - --header "AccessKey: $SECRET" \ - --header "Content-Type: $2" \ - --header 'accept: application/json' \ - --data-binary @$3 >/tmp/ret - ret=$? - cat /tmp/ret; echo; echo - return $ret -} - -VERSION="$(cat $SRC/latest)" -FILE="installer-${VERSION}.tar.gz" -SRCFILE="$SRC/$FILE" -TARGETFILE="$BASEPATH/$DIR/$FILE" - -if [ ! -e "$SRCFILE" ]; then - echo "$SRCFILE does not exist" 1>&2 - exit 1 -fi - -echo "About to push version $VERSION from $SRCFILE to $TARGETFILE." -echo "Press enter to confirm." - -read - -put "$TARGETFILE" "application/octet-stream" "$SRCFILE" - -echo "Updating latest flag..." - -put "$BASEPATH/$DIR/latest" "text/plain" "$SRC/latest" - -echo "Done!" diff --git a/src/install.sh b/src/install.sh index a053848f..880551e3 100755 --- a/src/install.sh +++ b/src/install.sh @@ -12,7 +12,7 @@ export LANG=en_US.UTF-8 export DYLD_LIBRARY_PATH=$PWD/Frameworks/Python.framework/Versions/Current/lib export DYLD_FRAMEWORK_PATH=$PWD/Frameworks -python=Frameworks/Python.framework/Versions/3.9/bin/python3.9 +python=Frameworks/Python.framework/Versions/3.13/bin/python3.13 export SSL_CERT_FILE=$PWD/Frameworks/Python.framework/Versions/Current/etc/openssl/cert.pem # Bootstrap does part of this, but install.sh can be run standalone # so do it again for good measure.