QubesOS-Scripts/fedora-gnome/fedora-gnome.sh

#!/bin/sh

# Copyright (C) 2022-2024 Thien Tran
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.

set -eu -o pipefail

unpriv(){
  sudo -u nobody "${@}"
}

download() {
  unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
}

# Compliance
sudo systemctl mask debug-shell.service
sudo systemctl mask kdump.service

# Setting umask to 077
umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc

# Make home directory private
sudo chmod 700 /home/*

# Harden SSH
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf /etc/ssh/ssh_config.d/10-custom.conf
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf

# Security kernel settings
download https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/etc/modprobe.d/blacklist.conf /etc/modprobe.d/workstation-blacklist.conf
sudo chmod 644 /etc/modprobe.d/workstation-blacklist.conf
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf /etc/sysctl.d/99-workstation.conf
sudo chmod 644 /etc/sysctl.d/99-workstation.conf
# Dracut doesn't seem to work - need to investigate
# dracut -f
sudo sysctl -p

# Disable coredump
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf /etc/security/limits.d/30-disable-coredump.conf
sudo chmod 644 /etc/security/limits.d/30-disable-coredump.conf
sudo mkdir -p /etc/systemd/coredump.conf.d
sudo chmod 755 /etc/systemd/coredump.conf.d
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf /etc/systemd/coredump.conf.d/disable.conf
sudo chmod 644 /etc/systemd/coredump.conf.d/disable.conf

# Setup dconf
umask 022
mkdir -p /etc/dconf/db/local.d/locks

download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/automount-disable /etc/dconf/db/local.d/locks/automount-disable
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/privacy /etc/dconf/db/local.d/locks/privacy

download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/adw-gtk3-dark /etc/dconf/db/local.d/adw-gtk3-dark
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/automount-disable /etc/dconf/db/local.d/automount-disable
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/prefer-dark /etc/dconf/db/local.d/prefer-dark
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/privacy /etc/dconf/db/local.d/privacy

sudo dconf update
umask 077

# Setup ZRAM
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf

# Flatpak update service
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.timer /etc/systemd/user/update-user-flatpaks.timer

# Setup networking
# We don't need the usual mac address randomization and stuff here, because this template is not used for sys-net

sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
download https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf /etc/systemd/system/NetworkManager.service.d/99-brace.conf
sudo sed -i 's@ReadOnlyPaths=/etc/NetworkManager@#ReadOnlyPaths=/etc/NetworkManager@' /etc/systemd/system/NetworkManager.service.d/99-brace.conf
sudo sed -i 's@ReadWritePaths=-/etc/NetworkManager/system-connections@#ReadWritePaths=-/etc/NetworkManager/system-connections@' /etc/systemd/system/NetworkManager.service.d/99-brace.conf

# Disable GJS and WebkitGTK JIT
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/environment /etc/environment

# Fix GNOME environment variable
echo '
XDG_CURRENT_DESKTOP=GNOME' | sudo tee -a /etc/environment

# Moving DNF handling to the bottom as the Qubes template just breaks when repos are changed and needs a reboot to fix

# Remove unwanted groups
sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'

# Remove unnecessary stuff from the Qubes template
sudo dnf -y remove gnome-software gnome-system-monitor amd-ucode-firmware '*gpu*' httpd keepassxc thunderbird

# Remove unnecessary stuff from the Fedora-41 template (will be split into whats in the qubes template and whats upstream later)
sudo dnf -y remove c-ares hiredis

# Remove firefox packages
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem

# Remove Network + hardware tools packages
sudo dnf -y remove avahi cifs* '*cups' dmidecode dnsmasq geolite2* mtr net-snmp-libs net-tools nfs-utils nmap-ncat nmap-ncat opensc openssh-server rsync rygel sgpio tcpdump teamd traceroute usb_modeswitch

# Remove support for some languages and spelling
sudo dnf -y remove '*anthy*' '*hangul*' ibus-typing-booster '*m17n*' '*pinyin*' '*speech*' texlive-libs words '*zhuyin*'

# Remove codec + image + printers
sudo dnf -y remove openh264 ImageMagick* sane* simple-scan

# Remove Active Directory + Sysadmin + reporting tools
sudo dnf -y remove 'sssd*' realmd cyrus-sasl-gssapi quota* dos2unix kpartx sos samba-client gvfs-smb

# Remove NetworkManager
sudo dnf -y remove NetworkManager-pptp-gnome NetworkManager-ssh-gnome NetworkManager-openconnect-gnome NetworkManager-openvpn-gnome NetworkManager-vpnc-gnome ppp* ModemManager

# Remove Gnome apps
sudo dnf remove -y baobab chrome-gnome-shell eog gnome-boxes gnome-calculator gnome-calendar gnome-characters gnome-classic* gnome-clocks gnome-color-manager gnome-connections \
    gnome-contacts gnome-disk-utility gnome-font-viewer gnome-logs gnome-maps gnome-photos gnome-remote-desktop gnome-screenshot gnome-shell-extension-apps-menu \
    gnome-shell-extension-background-logo gnome-shell-extension-launch-new-instance gnome-shell-extension-places-menu gnome-shell-extension-window-list gnome-text-editor \
    gnome-themes-extra gnome-tour gnome-user* gnome-weather loupe snapshot totem

# Remove apps
sudo dnf remove -y abrt* cheese evince file-roller* libreoffice* mediawriter rhythmbox yelp

# Remove other packages
# We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration.
sudo dnf remove -y lvm2 rng-tools thermald '*perl*'

# Disable openh264 repo
sudo dnf config-manager --set-disabled fedora-cisco-openh264

# Install custom packages
# gnome-shell is needed for theming to work
sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses gnome-shell

# Setup hardened_malloc
sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y
sudo dnf install -y hardened_malloc
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
sudo chmod 644 /etc/ld.so.preload

# Enable hardened_malloc for Flatpak
sudo flatpak override --system --filesystem=host-os:ro --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so
flatpak override --user --filesystem=host-os:ro --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so

# Setup DNF
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf /etc/dnf/dnf.conf
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
POSIX compliance Signed-off-by: Tommy <contact@tommytran.io> 2024-06-26 02:42:21 -04:00			`#!/bin/sh`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
			`# Copyright (C) 2022-2024 Thien Tran`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License"); you may not`
			`# use this file except in compliance with the License. You may obtain a copy of`
			`# the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`# License for the specific language governing permissions and limitations under`
			`# the License.`

jackwagon: fix fedora scripts (#3) * fix: fix fedora scripts * refactor: remove utils.sh 2024-09-11 21:29:51 -04:00			`set -eu -o pipefail`
Use SecureBlue HMalloc and suppress curl output Signed-off-by: Tommy <contact@tommytran.io> 2024-07-03 05:19:13 -04:00
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`unpriv(){`
jackwagon: fix fedora scripts (#3) * fix: fix fedora scripts * refactor: remove utils.sh 2024-09-11 21:29:51 -04:00			`sudo -u nobody "${@}"`
			`}`

Use download command everywhere 2024-11-11 18:54:18 -05:00			`download() {`
jackwagon: fix fedora scripts (#3) * fix: fix fedora scripts * refactor: remove utils.sh 2024-09-11 21:29:51 -04:00			`unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" \| sudo tee "${2}" > /dev/null`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`}`

			`# Compliance`
			`sudo systemctl mask debug-shell.service`
			`sudo systemctl mask kdump.service`

			`# Setting umask to 077`
			`umask 077`
Better umask handling Signed-off-by: Tommy <contact@tommytran.io> 2024-05-29 15:49:37 -04:00			`sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs`
			`sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc`

			`# Make home directory private`
			`sudo chmod 700 /home/*`

			`# Harden SSH`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf /etc/ssh/ssh_config.d/10-custom.conf`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf`

			`# Security kernel settings`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/etc/modprobe.d/blacklist.conf /etc/modprobe.d/workstation-blacklist.conf`
Use SecureBlue HMalloc and suppress curl output Signed-off-by: Tommy <contact@tommytran.io> 2024-07-03 05:19:13 -04:00			`sudo chmod 644 /etc/modprobe.d/workstation-blacklist.conf`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf /etc/sysctl.d/99-workstation.conf`
Typo Fix Signed-off-by: Tommy <contact@tommytran.io> 2024-08-08 08:44:00 -04:00			`sudo chmod 644 /etc/sysctl.d/99-workstation.conf`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`# Dracut doesn't seem to work - need to investigate`
			`# dracut -f`
			`sudo sysctl -p`

			`# Disable coredump`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf /etc/security/limits.d/30-disable-coredump.conf`
Use SecureBlue HMalloc and suppress curl output Signed-off-by: Tommy <contact@tommytran.io> 2024-07-03 05:19:13 -04:00			`sudo chmod 644 /etc/security/limits.d/30-disable-coredump.conf`
			`sudo mkdir -p /etc/systemd/coredump.conf.d`
			`sudo chmod 755 /etc/systemd/coredump.conf.d`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf /etc/systemd/coredump.conf.d/disable.conf`
Use SecureBlue HMalloc and suppress curl output Signed-off-by: Tommy <contact@tommytran.io> 2024-07-03 05:19:13 -04:00			`sudo chmod 644 /etc/systemd/coredump.conf.d/disable.conf`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
			`# Setup dconf`
			`umask 022`
			`mkdir -p /etc/dconf/db/local.d/locks`

Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/automount-disable /etc/dconf/db/local.d/locks/automount-disable`
			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/privacy /etc/dconf/db/local.d/locks/privacy`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/adw-gtk3-dark /etc/dconf/db/local.d/adw-gtk3-dark`
			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/automount-disable /etc/dconf/db/local.d/automount-disable`
			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/prefer-dark /etc/dconf/db/local.d/prefer-dark`
			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/privacy /etc/dconf/db/local.d/privacy`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
			`sudo dconf update`
			`umask 077`

Add ZRAM config Signed-off-by: Tommy <contact@tommytran.io> 2024-05-17 01:36:29 -04:00			`# Setup ZRAM`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf`
Add ZRAM config Signed-off-by: Tommy <contact@tommytran.io> 2024-05-17 01:36:29 -04:00
Move DNF down 2024-05-17 09:41:42 -04:00			`# Flatpak update service`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service`
			`download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.timer /etc/systemd/user/update-user-flatpaks.timer`
Move DNF down 2024-05-17 09:41:42 -04:00
			`# Setup networking`
			`# We don't need the usual mac address randomization and stuff here, because this template is not used for sys-net`

Fedora GNOME 41 & remove gnome-system-monitor 2024-12-25 04:44:15 -05:00			`sudo mkdir -p /etc/systemd/system/NetworkManager.service.d`
			`download https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf /etc/systemd/system/NetworkManager.service.d/99-brace.conf`
Fix NetworkManager hardening 2024-12-25 07:24:11 -05:00			`sudo sed -i 's@ReadOnlyPaths=/etc/NetworkManager@#ReadOnlyPaths=/etc/NetworkManager@' /etc/systemd/system/NetworkManager.service.d/99-brace.conf`
			`sudo sed -i 's@ReadWritePaths=-/etc/NetworkManager/system-connections@#ReadWritePaths=-/etc/NetworkManager/system-connections@' /etc/systemd/system/NetworkManager.service.d/99-brace.conf`
Move DNF down 2024-05-17 09:41:42 -04:00
Disable GJS and WebkitGTK JIT on Fedora 2024-11-12 02:42:06 -05:00			`# Disable GJS and WebkitGTK JIT`
			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/environment /etc/environment`

Move DNF down 2024-05-17 09:41:42 -04:00			`# Fix GNOME environment variable`
Add missing new line 2024-11-12 02:53:59 -05:00			`echo '`
			`XDG_CURRENT_DESKTOP=GNOME' \| sudo tee -a /etc/environment`
Move DNF down 2024-05-17 09:41:42 -04:00
Fedora GNOME 41 & remove gnome-system-monitor 2024-12-25 04:44:15 -05:00			`# Moving DNF handling to the bottom as the Qubes template just breaks when repos are changed and needs a reboot to fix`
Remove gnome-software Signed-off-by: Tommy <contact@tommytran.io> 2024-05-10 18:40:07 -04:00
Remove unwanted groups Signed-off-by: Tommy <contact@tommytran.io> 2024-07-06 00:33:48 -04:00			`# Remove unwanted groups`
			`sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'`

Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`# Remove unnecessary stuff from the Qubes template`
Fix Shellcheck 2024-12-25 04:45:45 -05:00			`sudo dnf -y remove gnome-software gnome-system-monitor amd-ucode-firmware 'gpu' httpd keepassxc thunderbird`
Fedora GNOME 41 & remove gnome-system-monitor 2024-12-25 04:44:15 -05:00
			`# Remove unnecessary stuff from the Fedora-41 template (will be split into whats in the qubes template and whats upstream later)`
			`sudo dnf -y remove c-ares hiredis`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
			`# Remove firefox packages`
			`sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem`

			`# Remove Network + hardware tools packages`
Remove more packages Signed-off-by: Tommy <contact@tommytran.io> 2024-05-22 02:08:11 -04:00			`sudo dnf -y remove avahi cifs* 'cups' dmidecode dnsmasq geolite2 mtr net-snmp-libs net-tools nfs-utils nmap-ncat nmap-ncat opensc openssh-server rsync rygel sgpio tcpdump teamd traceroute usb_modeswitch`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove support for some languages and spelling`
Remove more packages Signed-off-by: Tommy <contact@tommytran.io> 2024-05-22 02:08:11 -04:00			`sudo dnf -y remove 'anthy' 'hangul' ibus-typing-booster 'm17n' 'pinyin' 'speech' texlive-libs words 'zhuyin'`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove codec + image + printers`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`sudo dnf -y remove openh264 ImageMagick* sane* simple-scan`

Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove Active Directory + Sysadmin + reporting tools`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`sudo dnf -y remove 'sssd' realmd cyrus-sasl-gssapi quota dos2unix kpartx sos samba-client gvfs-smb`

Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove NetworkManager`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00			`sudo dnf -y remove NetworkManager-pptp-gnome NetworkManager-ssh-gnome NetworkManager-openconnect-gnome NetworkManager-openvpn-gnome NetworkManager-vpnc-gnome ppp* ModemManager`

Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove Gnome apps`
Sort gnome packages alphabetically Signed-off-by: Tommy <contact@tommytran.io> 2024-05-22 02:19:43 -04:00			`sudo dnf remove -y baobab chrome-gnome-shell eog gnome-boxes gnome-calculator gnome-calendar gnome-characters gnome-classic* gnome-clocks gnome-color-manager gnome-connections \`
			`gnome-contacts gnome-disk-utility gnome-font-viewer gnome-logs gnome-maps gnome-photos gnome-remote-desktop gnome-screenshot gnome-shell-extension-apps-menu \`
			`gnome-shell-extension-background-logo gnome-shell-extension-launch-new-instance gnome-shell-extension-places-menu gnome-shell-extension-window-list gnome-text-editor \`
			`gnome-themes-extra gnome-tour gnome-user* gnome-weather loupe snapshot totem`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove apps`
Wildcard removal of abrt 2024-06-05 19:25:31 -04:00			`sudo dnf remove -y abrt* cheese evince file-roller* libreoffice* mediawriter rhythmbox yelp`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
Do not remove yajl Signed-off-by: Tommy <contact@tommytran.io> 2024-04-29 00:20:59 -04:00			`# Remove other packages`
			`# We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration.`
			`sudo dnf remove -y lvm2 rng-tools thermald 'perl'`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
			`# Disable openh264 repo`
			`sudo dnf config-manager --set-disabled fedora-cisco-openh264`

			`# Install custom packages`
Move dnf up Signed-off-by: Tommy <contact@tommytran.io> 2024-05-11 23:53:29 -04:00			`# gnome-shell is needed for theming to work`
Fedora GNOME 41 & remove gnome-system-monitor 2024-12-25 04:44:15 -05:00			`sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses gnome-shell`
Keep everything consistent with Linux-Setup-Scripts Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 16:57:34 -04:00
Add hardened_malloc to Fedora Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 17:16:43 -04:00			`# Setup hardened_malloc`
jackwagon: fix fedora scripts (#3) * fix: fix fedora scripts * refactor: remove utils.sh 2024-09-11 21:29:51 -04:00			`sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y`
Use SecureBlue HMalloc and suppress curl output Signed-off-by: Tommy <contact@tommytran.io> 2024-07-03 05:19:13 -04:00			`sudo dnf install -y hardened_malloc`
Setup dnf last Signed-off-by: Tommy <contact@tommytran.io> 2024-05-10 08:26:11 -04:00			`echo 'libhardened_malloc.so' \| sudo tee /etc/ld.so.preload`
Use SecureBlue HMalloc and suppress curl output Signed-off-by: Tommy <contact@tommytran.io> 2024-07-03 05:19:13 -04:00			`sudo chmod 644 /etc/ld.so.preload`
Add hardened_malloc to Fedora Signed-off-by: Tommy <contact@tommytran.io> 2024-04-28 17:16:43 -04:00
Enable hardened_malloc for Flatpak on Fedora 2024-11-12 01:11:26 -05:00			`# Enable hardened_malloc for Flatpak`
			`sudo flatpak override --system --filesystem=host-os:ro --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so`
			`flatpak override --user --filesystem=host-os:ro --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so`

Move DNF down 2024-05-17 09:41:42 -04:00			`# Setup DNF`
Use download command everywhere 2024-11-11 18:54:18 -05:00			`download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf /etc/dnf/dnf.conf`
Move DNF down 2024-05-17 09:41:42 -04:00			`sudo sed -i 's/^metalink=./&\&protocol=https/g' /etc/yum.repos.d/`