chore: Put files in /etc/ instead in /usr/etc (#315)

* docs(files): Recommend to put files in `/etc/` instead in `

This also modifies build-time part of modules to work with `/etc/` instead of `/usr/etc/`

* docs(files): Revert the `/usr/etc/` & `/etc/` docs

* chore: Revert `signing` module transition due to upstream issue

* docs: Clarify note better regarding /etc

modules/brew/brew-nofile-limits-logic.sh

@@ -9,16 +9,14 @@ set -euo pipefail
 
 DESIRED_SOFT_LIMIT=4096
 DESIRED_HARD_LIMIT=524288
-BREW_LIMITS_D_CONFIG="/usr/etc/security/limits.d/zz1-brew-limits.conf"
+BREW_LIMITS_D_CONFIG="/etc/security/limits.d/zz1-brew-limits.conf"
 BREW_SYSTEMD_SYSTEM_CONFIG="/usr/lib/systemd/system.conf.d/zz1-brew-limits.conf"
 BREW_SYSTEMD_USER_CONFIG="/usr/lib/systemd/user.conf.d/zz1-brew-limits.conf"
 
 # SSH/TTY nofile limit (security ulimit config)
 
 # From least to most preferred
 SSH_TTY_LIMIT_ORDER=(
-"/usr/etc/security/limits.conf"
-"/usr/etc/security/limits.d/"
 "/etc/security/limits.conf"
 "/etc/security/limits.d/"
 )
@@ -54,8 +52,6 @@ fi
 SYSTEMD_SYSTEM_LIMIT_ORDER=(
 "/usr/lib/systemd/system.conf"
 "/usr/lib/systemd/system.conf.d/"
-"/usr/etc/systemd/system.conf"
-"/usr/etc/systemd/system.conf.d/"
 "/etc/systemd/system.conf"
 "/etc/systemd/system.conf.d/"
 )
@@ -87,8 +83,6 @@ fi
 SYSTEMD_USER_LIMIT_ORDER=(
 "/usr/lib/systemd/user.conf"
 "/usr/lib/systemd/user.conf.d/"
-"/usr/etc/systemd/user.conf"
-"/usr/etc/systemd/user.conf.d/"
 "/etc/systemd/user.conf"
 "/etc/systemd/user.conf.d/"
 )
@@ -140,8 +134,8 @@ echo "SystemD user hard nofile limit: $(check_and_print ${CURRENT_SYSTEMD_USER_H
 
 # Write SSH/TTY nolimit values
 if [[ "${CURRENT_SSH_TTY_SOFT_VALUE}" -lt "${DESIRED_SOFT_LIMIT}" ]] || [[ "${CURRENT_SSH_TTY_HARD_VALUE}" -lt "${DESIRED_HARD_LIMIT}" ]]; then
-  if [[ ! -d "/usr/etc/security/limits.d/" ]]; then
-    mkdir -p "/usr/etc/security/limits.d/"
+  if [[ ! -d "/etc/security/limits.d/" ]]; then
+    mkdir -p "/etc/security/limits.d/"
   fi
   echo "# This file sets the resource limits for users logged in via PAM,
 # more specifically, users logged in via SSH or tty (console).

modules/brew/brew.sh

@@ -188,19 +188,19 @@ EOF
 # Fish already includes this fix in brew-fish-completions.sh
 # By default Brew applies the shell environment changes globally, which causes path conflicts between system & brew installed programs with same name.
 # Universal Blue images include this same fix
-if [[ ! -d "/usr/etc/profile.d/" ]]; then
-  mkdir -p "/usr/etc/profile.d/"
+if [[ ! -d "/etc/profile.d/" ]]; then
+  mkdir -p "/etc/profile.d/"
 fi
-if [[ ! -f "/usr/etc/profile.d/brew.sh" ]]; then
+if [[ ! -f "/etc/profile.d/brew.sh" ]]; then
   echo "Apply brew path export fix, to solve path conflicts between system & brew programs with same name"
   echo "#!/usr/bin/env bash
-[[ -d /home/linuxbrew/.linuxbrew && $- == *i* ]] && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"" > "/usr/etc/profile.d/brew.sh"
+[[ -d /home/linuxbrew/.linuxbrew && $- == *i* ]] && eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"" > "/etc/profile.d/brew.sh"
 fi
 
 # Copy shell configuration files
 echo "Copying Brew bash & fish shell completions"
 cp -r "${MODULE_DIRECTORY}"/brew/brew-fish-completions.fish /usr/share/fish/vendor_conf.d/brew-fish-completions.fish
-cp -r "${MODULE_DIRECTORY}"/brew/brew-bash-completions.sh /usr/etc/profile.d/brew-bash-completions.sh
+cp -r "${MODULE_DIRECTORY}"/brew/brew-bash-completions.sh /etc/profile.d/brew-bash-completions.sh
 
 # Register path symlink
 # We do this via tmpfiles.d so that it is created by the live system.
@@ -240,24 +240,24 @@ fi
 # Disable homebrew analytics if the flag is set to false
 # like secureblue: https://github.com/secureblue/secureblue/blob/live/config/scripts/homebrewanalyticsoptout.sh
 if [[ "${BREW_ANALYTICS}" == false ]]; then
-  if [[ ! -f "/usr/etc/environment" ]]; then
-    echo "" > "/usr/etc/environment" # touch fails for some reason, probably a bug with it
+  if [[ ! -f "/etc/environment" ]]; then
+    echo "" > "/etc/environment" # touch fails for some reason, probably a bug with it
   fi
-  CURRENT_ENVIRONMENT=$(cat "/usr/etc/environment")
-  CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/usr/etc/environment")
+  CURRENT_ENVIRONMENT=$(cat "/etc/environment")
+  CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/etc/environment")
   if [[ -n "${CURRENT_ENVIRONMENT}" ]]; then
     if [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=0" ]]; then
       echo "Disabling Brew analytics"  
-      sed -i 's/HOMEBREW_NO_ANALYTICS=0/HOMEBREW_NO_ANALYTICS=1/' "/usr/etc/environment"
+      sed -i 's/HOMEBREW_NO_ANALYTICS=0/HOMEBREW_NO_ANALYTICS=1/' "/etc/environment"
     elif [[ -z "${CURRENT_HOMEBREW_CONFIG}" ]]; then
       echo "Disabling Brew analytics"
-      echo "HOMEBREW_NO_ANALYTICS=1" >> "/usr/etc/environment"
+      echo "HOMEBREW_NO_ANALYTICS=1" >> "/etc/environment"
     elif [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=1" ]]; then
       echo "Brew analytics are already disabled!"
     fi
   elif [[ -z "${CURRENT_ENVIRONMENT}" ]]; then
     echo "Disabling Brew analytics"
-    echo "HOMEBREW_NO_ANALYTICS=1" > "/usr/etc/environment"
+    echo "HOMEBREW_NO_ANALYTICS=1" > "/etc/environment"
   fi
 fi
 

modules/default-flatpaks/v1/default-flatpaks.sh

@@ -145,7 +145,7 @@ check_flatpak_id_validity_from_flathub () {
 
 echo "Enabling flatpaks module"
 mkdir -p /usr/share/bluebuild/default-flatpaks/{system,user}
-mkdir -p /usr/etc/bluebuild/default-flatpaks/{system,user}
+mkdir -p /etc/bluebuild/default-flatpaks/{system,user}
 systemctl enable -f system-flatpak-setup.service
 systemctl enable -f --global user-flatpak-setup.service
 
@@ -185,8 +185,8 @@ echo "$NOTIFICATIONS" >> "$CONFIG_NOTIFICATIONS"
 
 echo "Copying user modification template files"
 
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/install /usr/etc/bluebuild/default-flatpaks/system/install
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/remove /usr/etc/bluebuild/default-flatpaks/system/remove
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/install /usr/etc/bluebuild/default-flatpaks/user/install
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/remove /usr/etc/bluebuild/default-flatpaks/user/remove
-cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/notifications /usr/etc/bluebuild/default-flatpaks/notifications
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/install /etc/bluebuild/default-flatpaks/system/install
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/system/remove /etc/bluebuild/default-flatpaks/system/remove
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/install /etc/bluebuild/default-flatpaks/user/install
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/user/remove /etc/bluebuild/default-flatpaks/user/remove
+cp -r "$MODULE_DIRECTORY"/default-flatpaks/user-config/notifications /etc/bluebuild/default-flatpaks/notifications

modules/files/README.md

@@ -1,27 +1,19 @@
 # `files`
 
 The `files` module can be used to copy directories from `files/` to
-any location in your image at build time, as long as the location exists at
-build time (e.g. you can't put files in `/home/<username>/`, because users
+any location in your image at build-time, as long as the location exists at
+build-time (e.g. you can't put files in `/home/<username>/`, because users
 haven't been created yet prior to first boot).
 
 :::note
-If you want to place files into `/etc/`, there are two ways to do it:
-
-1. copying a directory in `files/` directly to `/etc` to add all of its
-   files at build time, or
-2. putting the files you want there in `/usr/etc/` as part of copying things
-   over to `/usr/`, which `rpm-ostree` will then copy to `/etc/` at runtime/boot.
-
-Typically, you will want to use the latter option (putting files in `/usr/etc/`)
-in almost all cases, since that is the proper directory for "system"
+In run-time, `/usr/etc/` is the directory for "system"
 configuration templates on atomic Fedora distros, whereas `/etc/` is meant for
-manual overrides and editing by the machine's admin *after* installation (see
-issue https://github.com/blue-build/legacy-template/issues/28). However, if you
-really need something to be in `/etc/` *at build time* --- for instance, if you
-for some reason need to place a repo file in `/etc/yum.repos.d/` in such a way
-that it is used by a `rpm-ostree` module later on --- then the former option
-will be necessary.
+manual overrides and editing by the machine's admin *after* installation.
+
+In build-time, as a custom-image maintainer, you want to copy files to `/etc/`,
+as those are automatically moved to system directory `/usr/etc/` during atomic Fedora image deployment.
+Check out this blog post for more details about this:  
+https://blue-build.org/blog/preferring-system-etc/
 :::
 
 :::caution

modules/signing/signing.sh

@@ -3,6 +3,8 @@
 # Tell build process to exit if there are any errors.
 set -euo pipefail
 
+# Don't migrate this module from utilizing `/usr/etc/` to `/etc/` yet, as Ublue needs to solve this issue
+# https://github.com/ublue-os/config/pull/311
 CONTAINER_DIR="/usr/etc/containers"
 MODULE_DIRECTORY="${MODULE_DIRECTORY:-"/tmp/modules"}"
 IMAGE_NAME_FILE="${IMAGE_NAME//\//_}"

modules/yafti/yafti.sh

@@ -14,7 +14,7 @@ cp -n "$MODULE_DIRECTORY/yafti/yafti.yml" "$FIRSTBOOT_DATA/yafti.yml" || true
 cp -r "$MODULE_DIRECTORY/yafti/launcher/" "$FIRSTBOOT_DATA"
 
 FIRSTBOOT_SCRIPT="${FIRSTBOOT_DATA}/launcher/login-profile.sh"
-PROFILED_DIR="/usr/etc/profile.d"
+PROFILED_DIR="/etc/profile.d"
 FIRSTBOOT_LINK="${PROFILED_DIR}/ublue-firstboot.sh"
 
 echo "Installing python3-pip and libadwaita"