From 09272f5c809d775f7cbab065292b59d36d17755a Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 11:01:19 +1000 Subject: [PATCH 01/10] m1n1: bump to v1.5.2 Signed-off-by: James Calligeros --- m1n1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m1n1 b/m1n1 index 277e8e7..e266c09 160000 --- a/m1n1 +++ b/m1n1 @@ -1 +1 @@ -Subproject commit 277e8e71de92dbb2ff0dba9d49b2b27a97e23a08 +Subproject commit e266c09ee50971828c6a7ba02bb7f36a24a7692e From 35438b032218f9f2b19248ea3c4313391c216efa Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 11:20:20 +1000 Subject: [PATCH 02/10] build: bump python to 3.13.9 Signed-off-by: James Calligeros --- build.sh | 2 +- src/install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 93530b6..7ad253f 100755 --- a/build.sh +++ b/build.sh @@ -5,7 +5,7 @@ set -e cd "$(dirname "$0")" -PYTHON_VER=3.9.6 +PYTHON_VER=3.13.9 PYTHON_PKG=python-$PYTHON_VER-macos11.pkg PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG" diff --git a/src/install.sh b/src/install.sh index a053848..880551e 100755 --- a/src/install.sh +++ b/src/install.sh @@ -12,7 +12,7 @@ export LANG=en_US.UTF-8 export DYLD_LIBRARY_PATH=$PWD/Frameworks/Python.framework/Versions/Current/lib export DYLD_FRAMEWORK_PATH=$PWD/Frameworks -python=Frameworks/Python.framework/Versions/3.9/bin/python3.9 +python=Frameworks/Python.framework/Versions/3.13/bin/python3.13 export SSL_CERT_FILE=$PWD/Frameworks/Python.framework/Versions/Current/etc/openssl/cert.pem # Bootstrap does part of this, but install.sh can be run standalone # so do it again for good measure. From 8f7ebc887c0748ddc18e9a975244452345fc0514 Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 11:32:51 +1000 Subject: [PATCH 03/10] build: bump libffi to 3.5.2 Signed-off-by: James Calligeros --- build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 7ad253f..5eb2594 100755 --- a/build.sh +++ b/build.sh @@ -9,10 +9,10 @@ PYTHON_VER=3.13.9 PYTHON_PKG=python-$PYTHON_VER-macos11.pkg PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG" -LIBFFI_VER=3.4.6 +LIBFFI_VER=3.5.2 LIBFFI_MANIFEST_URI="https://ghcr.io/v2/homebrew/core/libffi/manifests/$LIBFFI_VER" LIBFFI_BASE_URI="https://ghcr.io/v2/homebrew/core/libffi/blobs" -LIBFFI_TARGET_OS="macOS 12.6" +LIBFFI_TARGET_OS="macOS 26" LIBFFI_PKG="libffi-$LIBFFI_VER-macos.tar.gz" M1N1="$PWD/m1n1" From 0c5528aab73279af604f23d2338990e89b4b0ebc Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 12:43:17 +1000 Subject: [PATCH 04/10] workflows: build: add build CI workflow Signed-off-by: James Calligeros --- .github/workflows/build.yaml | 44 ++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..7429e23 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,44 @@ +name: build + +on: + pull_request: + branches: [ main ] + workflow_dispatch: + workflow_call: + outputs: + installer_ver: + description: asahi-installer built version string + value: ${{ jobs.build.outputs.installer_ver }} + +jobs: + build: + runs-on: ubuntu-latest + outputs: + installer_ver: ${{ steps.compile.outputs.installer_ver }} + + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + fetch-tags: true + submodules: recursive + + - name: Install build dependencies + run: | + sudo apt-get update + sudo apt-get install --no-install-recommends -y gcc-aarch64-linux-gnu + sudo apt-get install --no-install-recommends -y 7zip jq + rustup target install aarch64-unknown-none-softfloat + + - name: Build asahi-installer + id: compile + run: | + ./build.sh + echo "installer_ver=$(cat releases/latest).tar.gz" >> $GITHUB_OUTPUT + + - name: Upload artefact + uses: actions/upload-artifact@v4 + with: + name: installer-build + path: | + releases/* From 37d2d7c1882f8061172637c1daec0b45649f9ee8 Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 7 Dec 2025 12:54:48 +1000 Subject: [PATCH 05/10] workflows: add main release workflow This reusable workflow builds the installer then uploads the artefact to the correct endpoint. It is designed to be wrapped and called by workflows with the correct triggers and endpoint specified as an input. Signed-off-by: James Calligeros --- .github/workflows/release.yaml | 46 ++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..3388ecb --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,46 @@ +name: release + +on: + workflow_call: + inputs: + upload-type: + required: true + type: string + workflow_dispatch: + + +jobs: + build: + uses: ./.github/workflows/build.yaml + + upload-artefact: + needs: build + runs-on: ubuntu-latest + steps: + - name: Download artefact + uses: actions/download-artifact@v4 + with: + name: installer-build + path: releases/. + + - name: Push to Bunny + env: + PKG_URL: "https://storage.bunnycdn.com/asahilinux/${{ inputs.upload-type }}" + PKG_VER: "installer-${{ needs.build.outputs.installer_ver }}" + run: | + if [ ! -e "releases/${PKG_VER}" ]; then + echo "Package not found!" + exit 1 + fi + + upload() { + curl -# --fail --request PUT \ + --url "${2}" \ + -H "AccessKey: ${{ secrets.BUNNY_TOKEN }}" \ + -H "Content-Type: ${3}" \ + -H "Accept: application/json" \ + --data-binary @${1} + } + + upload "releases/${PKG_VER}" "${PKG_URL}/${PKG_VER}" "application/octet-stream" + upload "releases/latest" "${PKG_URL}/latest" "text/plain" From 930675d5cceedf30858a8d7ccc43be928870ca21 Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 17:42:22 +1000 Subject: [PATCH 06/10] workflows: release-prod: add prod release workflow This workflow runs on every tagged release and uploads the build to the CDN as the latest production version Signed-off-by: James Calligeros --- .github/workflows/release-prod.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/release-prod.yaml diff --git a/.github/workflows/release-prod.yaml b/.github/workflows/release-prod.yaml new file mode 100644 index 0000000..b9734bc --- /dev/null +++ b/.github/workflows/release-prod.yaml @@ -0,0 +1,13 @@ +name: release-prod + +on: + push: + tags: + - v* + workflow_dispatch: + +jobs: + release-prod: + uses: ./.github/workflows/release.yaml + with: + upload-type: installer From b511abb219e7ee9f3b802192f4e6fac546ab429a Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 17:44:01 +1000 Subject: [PATCH 07/10] workflows: release-dev: add dev release workflow Builds on every push to main and uploads the artefact to the CDN for use as the latest dev installer Signed-off-by: James Calligeros --- .github/workflows/release-dev.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/workflows/release-dev.yaml diff --git a/.github/workflows/release-dev.yaml b/.github/workflows/release-dev.yaml new file mode 100644 index 0000000..55235bc --- /dev/null +++ b/.github/workflows/release-dev.yaml @@ -0,0 +1,12 @@ +name: release-dev + +on: + push: + branches: [ main ] + workflow_dispatch: + +jobs: + release-dev: + uses: ./.github/workflows/release.yaml + with: + upload-type: installer-dev From e4b7e6e7d46658f7983ca5f0d48b9f668d60466b Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Sun, 26 Oct 2025 18:53:58 +1000 Subject: [PATCH 08/10] push.sh: drop Signed-off-by: James Calligeros --- push.sh | 56 -------------------------------------------------------- 1 file changed, 56 deletions(-) delete mode 100755 push.sh diff --git a/push.sh b/push.sh deleted file mode 100755 index 85a35c5..0000000 --- a/push.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -set -e - -cd "$(dirname "$0")" - -SECRET_FILE=~/.secrets/asahilinux-storage -BASEPATH=https://storage.bunnycdn.com/asahilinux -SRC=releases - -case "$1" in - prod) DIR=installer;; - dev) DIR=installer-dev;; - *) echo "Usage: $0 [prod|dev]" 1>&2; exit 1;; -esac - -if [ ! -e "$SECRET_FILE" ]; then - echo "Missing storage bucket secret. Please place the secret in $SECRET_FILE." 1>&2 - exit 1 -fi - -SECRET="$(cat "$SECRET_FILE")" - -put() { - curl -# --fail --request PUT \ - --url "$1" \ - --header "AccessKey: $SECRET" \ - --header "Content-Type: $2" \ - --header 'accept: application/json' \ - --data-binary @$3 >/tmp/ret - ret=$? - cat /tmp/ret; echo; echo - return $ret -} - -VERSION="$(cat $SRC/latest)" -FILE="installer-${VERSION}.tar.gz" -SRCFILE="$SRC/$FILE" -TARGETFILE="$BASEPATH/$DIR/$FILE" - -if [ ! -e "$SRCFILE" ]; then - echo "$SRCFILE does not exist" 1>&2 - exit 1 -fi - -echo "About to push version $VERSION from $SRCFILE to $TARGETFILE." -echo "Press enter to confirm." - -read - -put "$TARGETFILE" "application/octet-stream" "$SRCFILE" - -echo "Updating latest flag..." - -put "$BASEPATH/$DIR/latest" "text/plain" "$SRC/latest" - -echo "Done!" From 537573f9ca2f4ab039e2a5e0643c07220cdc5a3b Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Mon, 27 Oct 2025 22:07:58 +1000 Subject: [PATCH 09/10] README: clean up formatting Signed-off-by: James Calligeros --- README.md | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index d21ad85..6d5df7d 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,50 @@ # Asahi Linux installer +The Asahi Linux installer provides a way to install [Asahi Linux](https://asahilinux.org) +on Apple Silicon Macs. These systems have a bespoke [boot process](https://asahilinux.org/docs/platform/introduction/) +that requires special considerations to support [alternative operating systems](https://asahilinux.org/docs/platform/open-os-interop/). +The Asahi Installer takes care of preparing the system for the installation, +downloading an image of the distribution to install and laying it on disk. -The Asahi Linux installer provides a way to install [Asahi Linux](https://asahilinux.org) on Apple Silicon Macs. These systems have a bespoke [boot process](https://asahilinux.org/docs/platform/introduction/) that requires special considerations to support [alternative operating systems](https://asahilinux.org/docs/platform/open-os-interop/). The Asahi Installer takes care of preparing the system for the installation, downloading an image of the distribution to install and laying it on disk. - -This repository provides the installer itself, supporting scripts, and the `asahi_firmware` Python module (which is also used by [asahi-scripts](https://github.com/AsahiLinux/asahi-scripts)). +This repository provides the installer itself, supporting scripts, and the +`asahi_firmware` Python module (which is also used by [asahi-scripts](https://github.com/AsahiLinux/asahi-scripts)). ## Building - -Run `./build.sh`, which will produce an installer tree under `releases/`. By default this will build m1n1 with chainloading support. You can optionally set `M1N1_STAGE1` to a prebuilt m1n1 stage 1 binary, and `LOGO` to a logo in icns format. These are mostly useful for downstream distributions that would like to customize or brand the installer. By default, the build will fetch required dependencies from the Internet and cache them under `dl/`. If this isn't desired, place the required files there before running the build. +Run `./build.sh`, which will produce an installer tree under `releases/`. By +default this will build m1n1 with chainloading support. You can optionally set +`M1N1_STAGE1` to a prebuilt m1n1 stage 1 binary, and `LOGO` to a logo in icns format. +These are mostly useful for downstream distributions that would like to customize +or brand the installer. By default, the build will fetch required dependencies from +the Internet and cache them under `dl/`. If this isn't desired, place the required +files there before running the build. ## Bootstrapping and branding - -The installer is meant to be executed via a bootstrap script. We provide reference implementations for [local development](scripts/bootstrap.sh) and for alx.sh ([prod](scripts/bootstrap-prod.sh), [dev](scripts/bootstrap-dev.sh)). Following our [distribution guidelines](https://asahilinux.org/docs/alt/policy/), downstream distributions are encouraged to host their own modified copy of these, alongside their downstream build of the installer and their installation images. Downstreams will also want to customize the variable definitions at the beginning of the script, as those will be consumed by the installer and used for its branding. These include: +The installer is meant to be executed via a bootstrap script. We provide reference +implementations for [local development](scripts/bootstrap.sh) and for alx.sh +([prod](scripts/bootstrap-prod.sh), [dev](scripts/bootstrap-dev.sh)). Following +our [distribution guidelines](https://asahilinux.org/docs/alt/policy/), downstream +distributions are encouraged to host their own modified copy of these, alongside +their downstream build of the installer and their installation images. Downstreams +will also want to customize the variable definitions at the beginning of the script, +as those will be consumed by the installer and used for its branding. These include: * `VERSION_FLAG`: a URI pointing to the `latest` file within the installer tree * `INSTALLER_BASE`: a URL pointing to your installer tree -* `INSTALLER_DATA`: a URI pointing to your installer medatata file (see [asahi-installer-data](https://github.com/AsahiLinux/asahi-installer) for the one we're using for alx.sh) -* `INSTALLER_DATA_ALT`: optionally, a URI pointing to an alternative location for your installer metadata file; this can be useful in locations where the primary location might be blocked by local network policies -* `REPO_BASE`: a URI pointing to your OS images root (meaning, the parent folder of the relative paths referenced inside the metadata file) +* `INSTALLER_DATA`: a URI pointing to your installer medatata file (see + [asahi-installer-data](https://github.com/AsahiLinux/asahi-installer) for + the one we're using for alx.sh) +* `INSTALLER_DATA_ALT`: optionally, a URI pointing to an alternative location for + your installer metadata file; this can be useful in locations where the + primary location might be blocked by local network policies +* `REPO_BASE`: a URI pointing to your OS images root (meaning, the parent folder + of the relative paths referenced inside the metadata file) * `REPORT`: a URI pointing to the stats server for installation metrics collection * `REPORT_TAG`: a string used to identify your distribution for metrics collection ## License - Copyright The Asahi Linux Contributors -The Asahi Linux installer is distributed under the MIT license. See LICENSE for the license text. +The Asahi Linux installer is distributed under the MIT license. See LICENSE for the +license text. -This installer vendors [python-asn1](https://github.com/andrivet/python-asn1), which is distributed under the same license. +This installer vendors [python-asn1](https://github.com/andrivet/python-asn1), which +is distributed under the same license. From ea5ba082836c131e6b6cfb72506a69f54343af17 Mon Sep 17 00:00:00 2001 From: James Calligeros Date: Mon, 27 Oct 2025 22:13:00 +1000 Subject: [PATCH 10/10] README: explain CI pipelines Signed-off-by: James Calligeros --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 6d5df7d..ba44bca 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,10 @@ or brand the installer. By default, the build will fetch required dependencies f the Internet and cache them under `dl/`. If this isn't desired, place the required files there before running the build. +The reference installer at https://alx.sh is deployed from the latest tag of this +repo by `.github/workflows/release-prod.yaml`. The dev installer at https://alx.sh/dev +is deployed from the latest push to `main` by `.github/workflows/release-dev.yaml`. + ## Bootstrapping and branding The installer is meant to be executed via a bootstrap script. We provide reference implementations for [local development](scripts/bootstrap.sh) and for alx.sh