Fix apt-cacher-ng not proxying correctly

See: https://github.com/ibus/ibus/issues/2387

Makefile

@@ -55,7 +55,7 @@ kernel-test: ## Boot kernel with Qemu ('ctrl-a x' to exit qemu)
 	@scripts/qemu-boot kernel
 
 install-build-deps:
-	sudo apt install --no-install-recommends build-essential python bzip2 cpio chrpath diffstat file texinfo inkscape libgmp-dev libmpc-dev libelf-dev gawk wget debootstrap
+	sudo apt install --no-install-recommends build-essential python3-full bzip2 cpio chrpath diffstat file texinfo inkscape libgmp-dev libmpc-dev libelf-dev gawk wget debootstrap lz4 zstd
 
 $(REALMFS_IMAGE):
 	@mkdir -p build/realmfs

docs/.gitignore

@@ -0,0 +1 @@
+pages/

docs/Makefile

@@ -0,0 +1,25 @@
+
+DUCKFILES= $(notdir $(wildcard duck/*.duck))
+PAGES= $(addprefix pages/, $(DUCKFILES:.duck=.page))
+OUTDIR= pages
+RECIPE_PAGES_DIR= ../meta-citadel/recipes-citadel/citadel-documentation/files/pages
+
+.PHONY: directories clean
+
+all: directories $(PAGES)
+
+install: directories $(PAGES)
+	rm -f ${RECIPE_PAGES_DIR}/*.page
+	cp $(PAGES) ${RECIPE_PAGES_DIR}
+
+
+clean:
+	rm $(PAGES)
+
+directories: ${OUTDIR}
+
+${OUTDIR}:
+	mkdir -p ${OUTDIR}
+
+pages/%.page: duck/%.duck
+	ducktype -o $@ $<

docs/README.md

@@ -0,0 +1,26 @@
+
+## Writing documentation
+
+http://projectmallard.org/ducktype/1.0/index.html
+
+## Building documentation
+
+Building the documentation requires the 'ducktype' utility. The makefile will use this
+command to generate a directory of .page files from the .duck files in the /duck directory.
+
+    $ sudo apt install ducktype
+    $ make
+
+## Reading documentation
+
+After generating the documentation it can be previewed by running yelp on the /pages directory:
+
+    $ yelp pages
+
+## Installing documentation
+
+After making changes to the documentation, run 'make install' to update the set
+of .page files in the citadel-documentation recipe.
+
+    $ make install
+

docs/duck/boot.duck

@@ -0,0 +1,84 @@
+
+= Booting Citadel 
+  [topic]
+@link[guide >index#internals]
+
+== Disk Layout
+
+When Citadel is installed two disk partitions are created on the target disk.
+
+  [screen]
+    sda                     8:0    0   477G  0 disk
+    ├─sda1                  8:1    0   511M  0 part
+    └─sda2                  8:2    0 476.5G  0 part
+
+The first partition is an EFI boot partition and the second partition is LUKS encrypted
+and contains multiple LVM volumes when decrypted.
+
+  [screen]
+    [[[
+
+         /dev/sda1                               /dev/sda2
+
+    [EFI ESP Boot partition] [ LUKS encrypted partition filling remainder of disk ]
+                             .                                                    .
+                             .                                                    .
+                             .                       |                            .
+                             .                       |                            .
+                             .                       V                            .
+                             .                                                    .
+                               [  rootfsA  ] [  rootfsB  ] [   citadel-storage   ]
+    ]]]
+
+
+There are three logical volumes. Two root filesystem partitions so that one partition
+can be updated while the other one is in use, and the remaining space is contained
+in a volume called 'storage'.
+
+  [screen sh]
+    # lvs
+    LV      VG      Attr       LSize
+    rootfsA citadel -wi-a-----   2.00g
+    rootfsB citadel -wi-ao----   2.00g
+    storage citadel -wi-ao---- 472.43g
+
+=== Bootloader
+
+==== LUKS
+
+The kernel initramfs has an /etc/crypttab file which guides the discovery of the LUKS partition.
+The UUID of the LUKS partition is hardcoded to the value listed below. If citadel is installed
+on more than one device on the system, the intended LUKS partition may not be chosen correctly.
+This problem can be addressed by changing the UUID of other citadel LUKS partitions and passing
+the UUID on kernel commandline to override /etc/crypttab.  See systemd-cryptsetup-generator(8).
+
+  [screen sh]
+    # cat /etc/crypttab
+    luks UUID=683a17fc-4457-42cc-a946-cde67195a101 - discard
+
+==== Mounting rootfs
+
+The initramfs boot stage is orchestrated by various systemd unit files which can be found
+in the citadel source tree at:
+
+  [screen]
+        citadel/meta-citadel/recipes-initrd/citadel-initramfs
+
+The same kernel and initramfs is used for the installer image. One task of these unit files
+is to set up a live mode boot when a certain kernel command line option is set. For a regular
+boot, a pair of unit files will attempt to mount the root filesystem partition when it becomes
+available:
+
+  [screen]
+    citadel-rootfs-mount.path
+    citadel-rootfs-mount.service
+
+The .path unit triggers every time /dev/mapper changes and the corresponding .service unit is
+activated only when all of the LVM volumes inside
+
+  [screen]
+    ConditionPathExists=/dev/mapper/citadel-rootfsA
+    ConditionPathExists=/dev/mapper/citadel-rootfsB
+    ConditionPathExists=/dev/mapper/citadel-storage
+
+

docs/duck/citadel.duck

@@ -0,0 +1,61 @@
+
+= Subgraph Citadel
+  [topic]
+
+@link[guide >index]
+@desc Introduction to Subgraph Citadel
+
+== What is Citadel?
+
+Citadel is the core operating system of the new version of Subgraph OS.
+
+Citadel includes the GNOME desktop session and a few basic system services and
+nothing else. It is built and distributed as a single static disk image
+rather than as a collection of software packages like a traditional Linux
+distribution such as Ubuntu or Fedora. Citadel disk images are built entirely
+from the source code of the individual software components. This gives us
+complete control over what is included and how each component is configured.
+
+[note .advanced]
+  Citadel is a modern desktop operating system based on the GNOME desktop, but if you
+  prefer we also include an tiling window manager called Sway as an alternative.
+
+Since the Citadel root filesystem is immutable it is not possible to install
+applications such as a web browser or text editor directly into Citadel.
+Instead applications are run in a separate isolated environment called a Realm.
+
+When Citadel is first installed a single primary Realm is created and while running
+a single realm the system resembles and behaves similar to any other desktop Linux
+system.  The separation between Citadel and the realm in which user applications are
+launched is mostly transparent to the user. However, a user may create as many new
+realms as they like and each new realm behaves like a freshly installed Debian Linux
+environment where the user may install packages and store files.
+
+Realms are implemented in Subgraph OS as either containers or as virtual machines
+running in a custom KVM hypervisor. Both approaches have advantages so the user is
+free to choose either option for each realm they create.
+
+[note .advanced]
+  Hypervisor isolation is stronger and more secure, but container isolation uses
+  less system resources and makes it possible to access hardware devices and other
+  system features directly. A Citadel user can decide which configuration makes
+  more sense for each Realm they create.
+
+=== Stateless Foundation
+
+In the architecture of Citadel the building blocks of the system are 
+immutable filesystem images rather than packages. These images are mounted
+read-only and this property is enforced with a Linux kernel feature (dm-verity)
+which efficiently guarantees each block loaded from disk has a valid
+cryptographic checksum. This means that Citadel always loads exactly the
+operating system software prepared by Subgraph and rebooting the system will
+always brings the computer into a known consistent state.
+
+When Citadel is updated an entirely new image is loaded rather than applying
+a set of changes on top of an existing filesystem. By atomically updating the 
+entire system from one version to the next there is only ever a single software
+configuration to consider and the system can never end up in an inconsistent state.
+System upgrades cannot break your computer in mysterious ways and even if an 
+upgrade fails to boot for some reason, the system simply reverts to the
+previously working version.
+

docs/duck/developer.duck

@@ -0,0 +1,26 @@
+= Developer Guide
+  [topic]
+@link[guide >index#internals]
+
+== Make Root Filesystem Writable
+
+Sometimes it can be useful to make changes directly to the citadel root filesystem to
+experiment with changes or to debug a problem.
+
+First $code(citadel.noverity) must be added to the kernel commandline. After booting with
+this command line option verify that dm-verity has been disabled with the $code(dmsetup)
+command.
+
+  [screen]
+  # dmsetup status rootfs
+  0 4194304 linear
+
+If the output displays $code(verity) instead of $code(linear) then dm-verity is enabled
+and the disk cannot be safely written to.
+
+Next remount the root filesystem with read-write flag.
+
+  [screen]
+  # mount -oremount,rw,noatime /
+
+== Debugging GNOME startup

docs/duck/disk-layout.duck

@@ -0,0 +1,198 @@
+= Disk Layout
+  [topic]
+  @link[guide >index#internals]
+  @desc A Hands-on guide the Citadel Disk and Filesystem Layout
+
+== Partitions
+
+During installation, two partitions are created on the disk chosen as
+the target of the install.
+
+For example, if the installation disk is $code(/dev/sda):
+
+[terms]
+- $code(/dev/sda1)
+* 512MB EFI System Partition
+- $code(/dev/sda2)
+* Remainder of the disk
+
+The partition layout of a running system can be viewed by running the $code(lsblk) command.
+
+[screen]
+    citadel:~ # lsblk /dev/sda
+    NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
+    sda                     8:0    0   477G  0 disk
+    ├─sda1                  8:1    0   511M  0 part
+    └─sda2                  8:2    0 476.5G  0 part
+      └─luks              252:0    0 476.4G  0 crypt
+        ├─citadel-rootfsA 252:1    0     2G  0 lvm
+        │ └─rootfs        252:4    0   354M  1 crypt /
+        ├─citadel-rootfsB 252:2    0     2G  0 lvm
+        └─citadel-storage 252:3    0 472.4G  0 lvm   /storage
+
+Several further block devices are created during boot when the main disk partition
+is decrypted.
+
+[screen]
+    sda
+    ├─sda1                  (a)  /boot partition
+    └─sda2                  (b)  LUKS encrypted partition
+      └─citadel             (c)  LVM volume group
+        ├─citadel-rootfsA   (d1) rootfs partition A  (Read Only)
+        │ └─rootfs          (e)  The dm-verity device created for rootfsA
+        ├─citadel-rootfsB   (d2) rootfs partition B  (Read Only)
+        └─citadel-storage   (f)  mounted as /storage (Read/Write)
+
+
+[terms]
+- $code((a) /boot partition)
+* EFI boot partition
+- $code((b) LUKS encrypted partition)
+* Remainder of disk is an encrypted volume
+- $code((c) LVM volume group)
+* Main partition contains several LVM volumes
+- $code((d) citadel-rootfs(A/B))
+* Two root partitions so one can be updated while other is in use.
+- $code((e) /dev/mapper/rootfs)
+* verity mapper device for mounted root partion
+- $code((f) /dev/mapper/citadel-storage)
+* The writable filesystem
+
+== Citadel Filesystem Layout
+
+[code]
+    /
+    ├─ /run/citadel/images/
+    │  │
+    │  ├─ modules.mountpoint/   (modules image mounted here)
+    │  └─ extra.mountpoint/     (extra image mounted here)
+    │
+    └─ /storage
+       │
+       ├─ resources/dev         (resource images for channel 'dev')
+       │  │
+       │  ├─base-realmfs.img
+       │  └─main-realmfs.img
+       │
+       ├─ /realms               (/realms is a bind mount of /storage/realms)
+       │   ├─skel/
+       │   └─config
+       │
+       ├─ /realms/realmfs-images
+       │  │
+       │  ├─citadel-kernel-5.7-dev-001.img
+       │  └─citadel-extra-dev-001.img
+       │
+       └─ /realms/realm-main
+          ├─ home
+          └─ config
+
+== Resource Image Mounts
+
+
+Resource images are mounted into the system by creating loop devices. These devices can be
+viewed by running the 'losetup' command inside Citadel.
+
+[screen]
+    citadel:~ # losetup -ONAME,OFFSET,RO,BACK-FILE
+    NAME       OFFSET RO BACK-FILE
+    /dev/loop1   4096  1 /storage/resources/dev/citadel-extra-dev-001.img
+    /dev/loop2   4096  1 /storage/realms/realmfs-images/main-realmfs.img
+    /dev/loop0   4096  1 /storage/resources/dev/citadel-kernel-5.0.6-dev-000.img
+
+Resource image files are protected against accidental changes or malicious tampering by
+using dm-verity so that the kernel verifies a cryptographic checksum of each block loaded 
+from the image.
+
+You can view the verity device mapper node associated with each loop device with
+the $code(lsblk) command.
+
+[screen]
+    citadel:~ # lsblk /dev/loop0 /dev/loop1 /dev/loop4
+    NAME                           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
+    loop0                            7:0    0 116.9M  1 loop  
+    └─verity-kernel                252:5    0   116M  1 crypt /run/citadel/images/kernel.mountpoint
+    loop1                            7:1    0 938.9M  1 loop  
+    └─verity-extra                 252:6    0 931.5M  1 crypt /run/citadel/images/extra.mountpoint
+    loop2                            7:2    0     4G  1 loop  
+    └─verity-realmfs-main-11922f31 252:9    0     4G  1 crypt /run/citadel/realmfs/realmfs-main-11922f31.mountpoint
+
+Parameters of each dm-verity instance can be viewed with the veritysetup command.
+
+[screen]
+    citadel:~ # veritysetup status verity-kernel
+    /dev/mapper/verity-kernel is active and is in use.
+      type:        VERITY
+      status:      verified
+      hash type:   1
+      data block:  4096
+      hash block:  4096
+      hash name:   sha256
+      salt:        fa430cb7887de60dca6fd1974868036ea39cf5017eb55f02e3a76f82a12a0431
+      data device: /dev/loop0
+      data loop:   /storage/resources/dev/citadel-kernel-5.0.6-dev-000.img
+      size:        237536 sectors
+      mode:        readonly
+      hash device: /dev/loop0
+      hash loop:   /storage/resources/dev/citadel-kernel-5.0.6-dev-000.img
+      hash offset: 237544 sectors
+
+When a resource image file is mounted, a file in the root directory called 'manifest' lists
+bind mounts to perform to integrate the image into the Citadel root filesystem.
+
+Each line of this file is a directory to bind mount from the mounted image to the root
+filesystem. If a directory should be mounted to a location which is different than
+the source directory the source and target directories are both listed on a single
+line and separated by the ':' character. In the 'extra' image below, the directory
+/usr/share from the resource image is mounted to /opt/share on the Citadel filesystem.
+
+
+[screen]
+    citadel:~ # cat /run/citadel/images/kernel.mountpoint/manifest
+    /usr/lib/modules
+
+    citadel:~ # cat /run/citadel/images/extra.mountpoint/manifest
+    /usr/lib/firmware
+    /usr/share:/opt/share
+
+
+The citadel-image utility can be used to view the metainfo variables stored in the header
+section of a resource image file.
+
+[screen]
+    citadel:~ # citadel-image metainfo /storage/resources/dev/citadel-extra-dev-001.img
+    image-type = "extra"
+    channel = "dev"
+    version = 1
+    timestamp = "20190331172025"
+    nblocks = 195924
+    shasum = "04e6f58afa6f608aff2d6cbb47cbe704f8ab0995f4dfe8e1c03655dc9bb6635a"
+    verity-salt = "7bf3eec3c51ffd2e82329a9fc6fe42915743874d7c5af43589e589c037ae81e5"
+    verity-root = "b94eb3431c4fb95e5b9bd62b4505d089414ae660d75eee0fce54b8483d3f9571"
+
+    citadel:~ # citadel-image metainfo /storage/resources/dev/citadel-kernel-5.0.6-dev-000.img 
+    image-type = "kernel"
+    kernel-version = "5.0.6"
+    kernel-id = "36b7a960dcd51d1649f83a7361f9eb5c2af5741ce6cc53689b411347aa1298b6"
+    channel = "dev"
+    version = 1
+    timestamp = "20190407002748"
+    nblocks = 29692
+    shasum = "c988bd7d468c409eb6cd3af8fa9e17b0a75a72d6ad765ad1749d15628a9096be"
+    verity-salt = "fa430cb7887de60dca6fd1974868036ea39cf5017eb55f02e3a76f82a12a0431"
+    verity-root = "f4c4fbaebb59d348bd44cfb1cdef54a813728aabc5acc439c2e739b63c1b8370"
+
+
+RealmFS images also have a resource image header with a slightly different set of
+metainfo variables.
+
+[screen]
+    citadel:~ # citadel-image metainfo /storage/realms/realmfs-images/main-realmfs.img
+    image-type = "realmfs"
+    realmfs-name = "main"
+    nblocks = 1048575
+    channel = "realmfs-user"
+    verity-salt = "ad254e6dd385c0392ed8a6a41b849cfd4ef98ec3643e186feb011d5aa4f1d194"
+    verity-root = "11922f311b5a9141d65b7ef82e1c9159d75e413d1b420a7e3302ec8ec0ad8593"
+
+

docs/duck/index.duck

@@ -0,0 +1,11 @@
+
+
+= Citadel Help
+  [guide]
+
+== User Guide
+  [#user .2column]
+
+== Citadel Internals
+  [#internals .2column]
+

docs/duck/kernel-cmdline.duck

@@ -0,0 +1,13 @@
+= Kernel Command Line Options
+  [topic]
+  @link[guide >index#internals]
+
+* citadel.noverity
+* citadel.nosignatures
+* citadel.install
+* citadel.overlay
+* citadel.channel
+* citadel.verbose
+* citadel.debug
+* citadel.sway
+

docs/duck/realm-config.duck

@@ -0,0 +1,88 @@
+= Configuring Realms
+  [topic]
+  @link[guide >index#user]
+  @desc Realm configuration file reference
+
+
+Realms are usually configured with the tools for managing realms, but the configuration
+is stored in a TOML file in the realm directory and can also be edited by hand.
+
+
+== Options
+
+[terms]
+- $code(use-wayland)
+* If 'true' access to Wayland display will be permitted in realm by
+  adding wayland socket /run/user/1000/wayland-0
+
+- $code(use-x11)
+* If 'true' access to X11 server will be added to realm by bind mounting directory
+  /tmp/.X11-unix
+
+- $code(use-sound)
+* If 'true' allows the use of sound inside realm. The following items will 
+  be added to realm:
+  * /dev/snd
+  * /dev/shm
+  * /run/user/1000/pulse
+
+- $code(use-kvm)
+* If enabled, /dev/kvm will be added to the realm.
+  This option is only available for nspawn realms.
+
+- $code(use-shared-dir)
+* If enabled the directory /realms/Shared will be bind mounted into the home directory of the realm.
+  This directory is shared between all running realms that have this option enabled as a
+  convenient way to move files between realms.
+
+- $code(use-ephemeral-home)
+* If 'true' the home directory of this realm will be set up in ephemeral mode.
+  The ephemeral home directory is set up with the following steps
+  [steps]
+    * Home directory is mounted as tmpfs
+    * Any files in /realms/skel are copied into home directory
+    * Any files in /realms/realm-${name}/skel are copied into home directory
+    * Any directories listed in $code(ephemeral-persistent-dirs) are bind mounted
+      from /realms/realm-${name}/home into ephemeral home directory.
+
+- $code(ephemeral-persistent-dirs) default: ["Documents"]
+* A list of subdirectories of /realms/realm-${name}/home to bind mount into realm
+  home directory when $code(ephemeral-home) is enabled.
+
+- $code(use-network)
+* network
+
+- $code(network-zone) default: "clear"
+* network zone
+
+- $code(use-gpu)
+* Enables hardware graphics acceleration in relam.
+  if 'true' render node device /dev/dri/renderD128 will be added to realm.
+
+- $code(use-gpu-card0)
+* If 'true' and $code(use-gpu) is also enabled, privileged device /dev/dri/card0
+  will be added to realm.
+
+- $code(realmfs) default: "base"
+* name of realmfs image
+
+- $code(overlay) default: "storage"
+* type of overlay to use
+
+- $code(terminal-scheme)
+* terminal color scheme
+
+- $code(extra-bindmounts)
+* bind mounts
+
+- $code(extra-bindmounts-ro)
+* read-only bind mounts
+
+
+- $code(system-realm) default: false
+* system realm
+
+- $code(autostart) default: false
+* autostart realm
+
+

docs/duck/realmfs.duck

@@ -0,0 +1,139 @@
+
+= RealmFS Images
+  [topic]
+@link[guide >index#user]
+@desc Realm root filesystem images
+
+A RealmFS image contains a root filesystem for one or more realm instances.
+Similar to resource images, RealmFS images are signed and mounted with dm-verity
+to prevent tampering with the data on the root filesystem such as the
+installation of malware or backdoors. The keys used to sign RealmFS images are
+controlled by the user which makes it possible to upgrade software and install
+new packages on the image.
+
+RealmFS images are always mounted as read-only and this property is enforced
+with dm-verity. Since RealmFS images are immutable a single image can be shared
+between multiple running realm instances. By default, when a realm is launched a
+temporary overlay is added to the root filesystem so that changes can be
+performed that will last only until the realm is stopped or restarted. This
+allows experimenting with the system configuration or installing new software
+temporarily. The root filesystem can then be reverted to the original state by
+simply restarting the realm.
+
+== Updates
+
+Since the root filesystem of realms are stored on read-only disk images,
+packages cannot be permanently installed or upgraded in the usual way. Changes
+to the root filesystem will succeed inside a realm, but these changes will be
+lost as soon as the realm is stopped or restarted.
+
+To make persistent changes to a RealmFS image, the image is first copied, then
+changes are applied to the copy. After applying changes a new dm-verity hash
+tree is generated for the image and the RealmFS image header is updated and
+signed.
+
+[note .advanced]
+  The process of generating a signature and a dm-verity hash tree for a RealmFS image
+  after applying some changes such as updating packages is called $em[.strong](Sealing)
+  the image.
+
+=== Apt-Cacher NG Realm
+
+Upon booting a system utility realm is started which runs an Apt-Cacher NG
+instance. Each realm is configured to use this realm as a proxy for package
+installation.
+
+[code]
+  /etc/apt/apt.conf.d/000apt-cacher-ng-proxy
+
+  Acquire::http::Proxy "http://172.17.0.213:3142/";
+
+The apt source lines use the special Apt-Cacher NG syntax.
+
+[code]
+  /etc/apt/sources.list
+
+  deb http://HTTPS///deb.debian.org/debian bullseye main contrib non-free
+
+Using a package cache avoids downloading and storing packages multiple times
+when updating multiple RealmFS images. It also makes it possible to download and
+cache packages while connected to a network before booting the system into a
+safe mode without enabling the network to perform upgrades of realm packages.
+
+=== Updates (Container method)
+
+First the RealmFS image is copied to a temporary file. On a filesystem such as
+btrfs, the image file will be cloned as a reflink rather than copying the file.
+The copy of the RealmFS will then be mounted as writable so that changes can be
+made. A systemd-nspawn container is launched and a root shell opened so that the
+user can update packages, install new software, or perform any other
+modifications to the root filesystem.
+
+Once the shell is exited a prompt asks the user if they would like to save the
+current changes or discard them.  If the user chooses to save the changes, the
+copied image is then sealed by generating a dm-verity hash tree and the header
+of the image is signed with the user RealmFS sealing key.
+
+=== Updates with pH Hypervisor
+
+When a realm is launched with pH, the overlay is managed by the emulated disk
+device of the hypervisor which tracks changes to blocks of the disk and stores
+the changed blocks in memory. Since the hypervisor is tracking all of the
+changes to the disk, it can also transparently apply the changes and generate a
+new sealed RealmFS image and then discard the changed blocks and start directly
+using the new image.
+
+This process is initiated by the user when they decide they would like to commit
+any changes they have made to the root filesystem in the running realm
+permanently to the underlying RealmFS image.
+
+[steps]
+* The user makes changes to the root filesystem of the realm and pH tracks the blocks that have changed.
+* A user request is made to pH to apply the changes to the RealmFS image.
+* pH opens a prompt on the desktop to ask the user to confirm that they really did make this request.
+* A copy (or reflink) of the current RealmFS is made, and pH applies the changed blocks to this copy.
+* The copy is then sealed with the RealmFS key of the user.
+* Now pH can quietly swap in the new version of the RealmFS image and discard all of the tracked block changes.
+
+== Signing RealmFS Images
+
+A secret key for signing RealmFS images is generated during installation and
+stored on disk in an encrypted file called the User Keyring. During boot
+when the user enters a passphrase to decrypt the disk, this passphrase is also
+used to decrypt the keyring file and the public and secret key pair is
+loaded into the kernel key storage.
+
+The risk exists that an attacker who is able to compromise the kernel may
+recover this secret key. This would allow the attacker to modify sealed RealmFS
+images and install backdoors or other malware into realm root filesystems. Even
+without obtaining the signing key an attacker who has compromised Citadel could
+wait for the user to perform an update and make malicious changes at the same
+time which the user will then sign.
+
+For these reasons, it is also possible to configure the system so that only
+the public key is retained in the kernel upon boot and the user must boot
+into a special mode so that the private key is available to perform updates.
+
+=== Safe Mode
+
+If upgrades are performed in normal operating mode, an attacker who has
+compromised citadel can persistently backdoor the upgraded realmfs images. 
+Safe mode is a way to boot citadel without starting any realms or enabling the
+network device. Since the integrity of the Citadel root filesystem is enforced
+by dm-verity and no realms are running, even if the system had become compromised
+at some point in the past it is assumed to now be in a safe state for performing
+updates and signing them with the user sealing keys.
+
+Since the network is not available in safe mode, the packages to be installed or
+upgraded must be stored somewhere. By either performing the packge updates with
+the $code(--download-only) flag or installing them to the temporary overlay of a realm
+the user will cause them to be stored on the Apt-Cache NG service realm so that
+they are available for install in safe mode.
+
+== Base RealmFS image
+
+Citadel ships with a RealmFS image called $code(base-realmfs.img). There is nothing
+special about this image other than that it is initially signed by Subgraph until
+the user modifies or updates it. During installation, a copy of this RealmFS is
+created with the name $code(main-realmfs.img) and sealed with the newly generated
+user keys.

docs/duck/realms.duck

@@ -0,0 +1,56 @@
+
+= Citadel Realms
+  [topic]
+@link[guide >index#user]
+
+Citadel contains only the base operating system and the GNOME desktop, it does not
+include any applications. To be able to install and run applications Citadel can
+create spaces which are called Realms.
+
+A Realm is a container similar to a Docker or LXC container in which any Linux
+distribution could be installed.  We use a Debian based image but it would not be
+difficult to create an image for another Linux distribution.
+
+The realm containers are launched with systemd-nspawn but this is a detail of
+how they are implemented and not something it is necessary to learn about in 
+order to use them.
+
+== The $em(current) realm
+
+Multiple realms may be launched at once but the GNOME Desktop is only associated with
+one of the running realms.  This realm is called the `current` realm.
+
+When displaying applications available to launch from the desktop, GNOME will only
+be aware of applications that are installed in the realm which is set as `current`
+and any application launched from the desktop will run inside this current realm.
+
+Setting another realm as current does not affect any applications that are already running.
+Changing the current realm only means that any further applications which are launched
+will now run in the newly chosen realm.
+
+== Realm directory layout
+
+The realms base directory is stored on the storage partition at `/storage/realms` and is bind mounted to `/realms` on the root filesystem for convenience.
+
+[screen]
+    /realms
+        config
+        /Shared
+        /skel
+        /default.realm -> realm-main
+        /realm-main
+        /realm-project
+        /realm-testing
+
+=== /realms/config
+
+This is the global realm configuration file. Options set in this file apply to every realm
+unless the same option has been overridden with a different value in the config file for
+a realm.
+
+=== /realms/Shared
+
+This directory is bind mounted to `/home/user/Shared` of each running realm that has
+the option `use-shared-dir` enabled.  It's a convenient way to move files between
+different realms and between citadel and realms.
+

docs/duck/resource-image.duck

@@ -0,0 +1,242 @@
+
+= Citadel Resource Images
+  [topic]
+@link[guide >index#internals]
+
+Resource images are disk image files that are mounted read-only to create
+the citadel filesystem.  The first block (4096 bytes) of the image file
+contains a header and immediately following the header is the raw disk
+image contents.
+
+The header contains information about the image including parameters for
+configuring dm-verity to enforce the immutability of the image.  The header
+also contains a public key signature over the image information so that
+the authenticity of the header information can be verified.
+
+The root filesystem of citadel is also distributed as a resource image, and
+this image will be installed to a disk partition for normal operation.
+
+Resource images other than the root filesystem are mounted by creating loop
+devices on the image file. Prior to mounting the image dm-verity is configured
+on the loop device or the rootfs partition.
+
+== Resource Image Types
+
+Currently the following image types are defined for use in Citadel:
+
+=== 1) Base Root Filesystem ("rootfs")
+
+The base rootfs image is the only image type which is installed to a
+partition.  It is mounted as the root of the Citadel filesystem.  When an
+image is installed on a partition the 4906 byte header block is stored in
+the last block (8 sectors) of the partition.
+
+Citadel uses two partitions (A & B) for the root filesystem. This allows
+updating one partition while the other one is being used. Then the system
+can be rebooted into the updated rootfs partition. If the system fails to
+boot after updating it will be reverted to use the working partition.
+
+=== 2) Kernel Image ("kernel")
+
+The kernel modules for the running kernel are stored in a resource image
+so that the root filesystem is independent from the running kernel.
+
+During boot, this image is mounted and the kernel modules and a bind mount
+is created over /usr/lib/modules on the Citadel root filesystem.
+
+=== 3) Extra Resource Image ("extra")
+
+This image type contains additional directories of files which are mounted
+during boot on the Citadel root filesystem. It contains files such as
+firmware files and desktop icons which occupy substantial space but do not
+need to be updated frequently.
+
+By placing these files into a separate image the size of the root filesystem
+image is reduced. This makes the more frequently updated rootfs image
+smaller.
+
+=== 4) Realm Filesystem Image ("realmfs")
+
+This type of image contains the entire root filesystem for running a realm
+container or VM. Unlike the other types of resource images, these images can
+be modified and then signed with keys controlled by the user. This allows
+updates and installation of software while still preserving the read-only
+property.
+
+=== Image Layout
+
+Each resource image file reserves an initial 4096 byte block where a header is
+stored. This is the maximum length of the header, which is generally much
+smaller than this size.
+
+Following the header is a raw disk filesystem image which may optionally be
+compressed with xz compression algorithm. The disk image filesystem is ext4,
+but this is an implementation detail which may change in the future. A header
+flag (FLAG_DATA_COMPRESSED) indicates if an image is compressed and if so the
+image must be decompressed before being used. Image updates are distributed in
+compressed form and are decompressed once during installation.
+
+When dm-verity is used a hash tree must be generated for the image. When an
+image is installed it is first decompressed and then the dm-verity hash data
+is generated. This hash data is stored in the image file immediately following
+the image data and the flag FLAG_HASH_TREE is set to indicate this data is
+present.
+
+Image file:
+[code]
+[[[
+    [ Header ][ Ext4 Disk Image ][ dm-verity hash data ]
+]]]
+
+Partition:
+
+[code]
+[[[
+    [ Ext4 Disk Image ][ dm-verity hash data ][ unused space ][ Header ]
+]]]
+
+== Image Header
+
+The image header contains the following fields.
+
+[table]
+[tr]
+- Field
+- Size
+- Content
+[tr]
+* MAGIC
+* 4 bytes
+* ('S', 'G', 'O', 'S')
+[tr]
+* status
+* 1 byte
+* Used by images installed to partition
+[tr]
+* flags
+* 1 byte
+* Various flag values
+[tr]
+* metainfo-len
+* 2 bytes
+* 16 bit big-endian length
+[tr]
+* metainfo
+* (metainfo-len) bytes
+* TOML document containing key-value pairs
+[tr]
+* signature
+* 64 bytes
+* ed25519 signature over metainfo field
+
+
+=== Header Fields
+
+==== MAGIC
+
+The initial 4 bytes are always set to the ascii bytes 'SGOS' so that a
+valid image file can easily be identified.
+
+==== status
+
+The `status` field is used only on base rootfs image installed on a partition.
+It must be set to 0 for all other images. The field is used to make decisions
+about which parition to attempt to boot.
+
+The status value is stored in the low nibble (4 bits) of this field and the
+high nibble is reserved for counting boot attempts in `STATUS_TRY_BOOT` state.
+
+The defined status values are:
+
+[table]
+[tr]
+- status
+- value
+- description
+[tr]
+* STATUS_INVALID
+* 0
+* Partition does not contain a valid image
+[tr]
+* STATUS_NEW
+* 1
+* Newly written partition which has not yet been booted
+[tr]
+* STATUS_TRY_BOOT
+* 2
+* Set when booting a partition for the first time
+[tr]
+* STATUS_GOOD
+* 3
+* Partition has been successfully booted at least once
+[tr]
+* STATUS_FAILED
+* 4
+* Partition has failed to boot
+[tr]
+* STATUS_BAD_SIG
+* 5
+* Signature verification on metainfo failed
+[tr]
+* STATUS_BAD_META
+* 6
+* Parsing metainfo field failed
+
+==== flags
+
+[table]
+[tr]
+- flag
+- value
+- description
+[tr]
+* FLAG_PREFERRED_BOOT
+* 0x01
+* Override boot choice to boot from this partition
+[tr]
+* FLAG_HASH_TREE
+* 0x02
+* Image contains an appended dm-verity hash tree
+[tr]
+* FLAG_DATA_COMPRESSED
+* 0x04
+* Image is compressed with xz
+
+==== metainfo-len
+
+Length in bytes of the `metainfo` field.
+
+Since header page has a fixed size of one block (4096 bytes), and all other 
+header fields have fixed sizes the maximum length of the `metainfo` field is
+4096 - (4 + 2 + 2 + 64) = 4024 bytes
+
+==== metainfo
+
+==== signature
+
+When the rootfs partition is chosen to mount, an attempt will be made to verify
+the signature before configuring dm-verity. If this signature verification
+fails, the partition status will be changed to `STATUS_BAD_SIG`
+
+
+=== Booting
+
+During boot of Citadel, the initramfs sets up the Citadel root filesystem. The
+filesystem is built by locating and mounting three components:
+
+  * Base root filesystem
+  * Kernel modules
+  * Extra resources
+
+The base root filesystem is stored on a partition unless running in certain
+special modes such as installer and live disk. During installation the same
+base root filesystem image is mounted from a loop mounted image file. This same
+file will eventually be written to a partition during installation.
+
+Kernel modules and extra resources are stored in file images which are
+loop mounted during boot.
+
+An additional type of resource image called a sealed application image exists
+for the creation of immutable application image filesystems.
+
+Resource images can optionally have dm-verity enabled when mounted.

docs/realms.md

@@ -1,247 +0,0 @@
-Citadel Realms
---------------
-
-Citadel contains only the base operating system and the Gnome desktop, it does not
-include any applications. To be able to install and run applications Citadel can
-create spaces which are called Realms.
-
-A Realm is a container similar to a Docker or LXC container in which any Linux
-distribution could be installed.  We use a Debian based image but it would not be
-difficult to create an image for another Linux distribution.
-
-The realm containers are launched with systemd-nspawn but this is a detail of
-how they are implemented and not something it is necessary to learn about in order to use them.
-
-Citadel provides a command-line tool `realms` for creating, managing, and launching Realm instances.
-
-### The `default` realm
-
-One realm is always selected to be the `default` realm.  This realm
-starts automatically when the system boots.  The `realms` utility can be used
-to change which realm is the default realm. Switching the default realm changes
-the symlink `/realm/default.realm` to point to a different realm instance directory.
-
-    citadel:~# realms default
-    Default Realm: main
-
-    citadel:~# realms default project
-    [+] default realm changed from 'main' to 'project'
-
-    citadel:~# realms default
-    Default Realm: project
-
-### The `current` realm
-
-Multiple realms may be launched at once but the Gnome Desktop is only associated with
-one of the running realms.  This realm is called the `current` realm.
-
-When displaying applications available to launch from the desktop, Gnome will only
-be aware of applications that are installed in the realm which is set as `current`
-and any application launched from the desktop will run inside this current realm.
-
-Setting another realm as current does not affect any applications that are already running.
-Changing the current realm only means that any further applications which are launched
-will now run in the newly chosen realm.
-
-Changing or querying the current realm is done with the `realms current` command, and
-if you choose a realm which is not currently running it will be automatically started.
-
-    citadel:~# realms current
-    Current Realm: main
-
-    citadel:~ # realms current project
-    [+]: Started realm 'project'
-    [+]: Realm 'project' set as current realm
-
-    citadel:~ # realms current
-    Current Realm: project
-
-Underneath the hood, this command just changes the symlink `/run/realms/current.realm` to
-point to a new realm.  This directory is monitored for changes with `inotify` and when
-the symlink changes a new set of `.desktop` files is swapped into a temporary directory
-where Gnome will look for metadata about which applications are installed.
-
-### Creating a new realm
-
-New realms are created with the command `realms new <realm name>`
-
-When a new realm is created a btrfs snapshot of some application image is created at
-`/realms/realm-$name/rootfs`.  By default it is the base image (`base.appimg`) which
-is cloned as a snapshot.  Application images are described in detail in a later section.
-
-    citadel:~ # realms new project
-    [+]: Populating realm home directory with files from /realms/skel
-    Create a snapshot of '/storage/appimg/base.appimg' in '/realms/realm-project/rootfs'
-
-A new empty home directory is also created for the realm instance.  Any file which are placed
-into the `/realm/skel` directory will be copied into any newly created realm home directory.
-
-
-### Realms configuration file
-
-All of the curretly supported configuration options are listed below with their default values assigned.
-
-    use-shared-dir = true
-    use-sound = true
-    use-x11 = true
-    use-wayland = true
-    use-gpu = false
-    use-kvm = false
-    use-network = true
-    network-zone = "clear"
-
-If you wish to change any of these options to something other than what is listed above add the
-corresponding line to the file `/realms/realm-$name/config`
-
-    citadel:~ # echo "use-gpu = true" > /realms/realm-main/config
-
-#### Option `use-shared-dir`
-
-Set to `false` to disable mounting the shared directory `/realms/Shared` into this realm at
-`/home/user/Shared`.
-
-#### Option `use-sound`
-
-Set to `false` to prevent mounting pulse audio socket and sound device into this realm.
-
-#### Option `use-x11`
-
-Set to `false` to prevent mounting `/tmp/.X11-unix` into the realm. This is the socket for communicating
-with the `XWayland` X11 compatibility daemon.
-
-#### Option `use-wayland`
-
-Set to `false` to prevent mounting the wayland display server socket `/run/user/1000/wayland-0`
- into the realm.
-
-#### Option `use-gpu`
-
-Set to `true` to mount the device `/dev/dri/renderD128` into the realm. Adding this
-device will make hardware graphics acceleration available to applications running
-in the realm.
-
-#### Option `use-kvm`
-
-Set to `true` to mount the device `/dev/kvm` into the realm.  This will make it
-possible to run Qemu and other KVM based tools with hardware virtualization
-inside the realm.
-
-#### Option `use-network`
-
-Set to `false` to disable configuring the realm with access to the internet.  The
-realm instance will only have a localhost network interface.
-
-#### Option `network-zone`
-
-Setting a name here will create bridge device in citadel with the name vz-$name if
-it doesn't already exist and attach this realm instance to that bridge.
-
-### Realms base directory layout
-
-The realms base directory is stored on the storage partition at `/storage/realms` and is bind mounted to `/realms` on the root filesystem for convenience.
-
-    /realms
-        config
-        /Shared
-        /skel
-        /default.realm -> realm-main
-        /realm-main
-        /realm-project
-        /realm-testing
-
-#### File `/realms/config`
-
-This file is a template of the configuration file for individual realms. When a new
-realm is created this file in copied into the new realm instance directory. By
-modifying this file, the default configuration for new realm instances can be changed.
-
-#### Directory `/realms/Shared`
-
-This directory is bind mounted to `/home/user/Shared` of each running realm that has
-the option `use-shared-dir` enabled.  It's a convenient way to move files between
-different realms and between citadel and realms.
-
-#### Directory `/realms/skel`
-
-Files which are added to this directory will be copied into the home directory of
-any newly created realm.  The directory is copied as a tree of files and may contain
-subdirectories.
-
-#### Symlink `/realms/default.realm`
-
-A symlink which points to a realm instance directory of the default realm.  The
-default realm is the realm which starts when the system is booted.
-
-#### Directory `/realms/realm-$name`
-
-This is a realm instance directory, for a realm with $name as the realm name.
-
-    /realm-main
-        config
-        /home
-        /rootfs
-
- ##### `config`
-
-Configuration file for the realm instance copied from `/realms/config` or
-created by the user.
-
-##### `/home`
-
-Home directory for this realm. It will be mounted to `/home/user` in
-the realm instance.
-
-##### `/rootfs`
-
-The root filesystem of this realm. It is cloned from (a btrfs subvolume snapshot of)
-some application image.
-
-### Application Images
-
-(Not to be confused with the [AppImage](https://appimage.org) packaging system)
-
-The root filesystem for realms are called Application Images but we often use
-the shorter name *appimg*.
-
-We have created [a framework](https://github.com/subgraph/citadel/tree/master/appimg-builder)
-for building a Debian based images and we use this to build the default appimg that we ship.
-
-We also encourage users to experiment with building their own custom images.
-
-
-**Tree Application Images** are the only type of application image which are currently implemented for realms.
-
-The rootfs is a tree of files on the filesystem, and it is also a btrfs subvolume
-which is cloned at zero cost (internally with `btrfs subvolume snapshot`) to use
-as the root filesystem of newly created realms.
-
-
-#### Block Application Images (and also Sealed Application Images)
-
-In the future we will add another type of application image called a **Block
-Application Image**. This type of image will be stored as a disk volume image file
-and will be mounted with a loop device rather than existing as a tree of files on the
-filesystem.
-
-This will make it possible to enforce [dm-verity](https://www.kernel.org/doc/Documentation/device-mapper/verity.txt)
-verification over the image and ensure that no malicous or unintended modifications
-can be made to any of the the files on the root filesystem. Signature verification
-over the dm-verity root hash is done from the citadel rootfs image which is also
-secured with dm-verity.  When enforcement of boot integrity is also implemented this
-will create a chain of cryptographic assurances that no component of the system has
-been tampered with.
-
-Block images with signatures and dm-verify verification enabled are called **Sealed Application Images**
-
-### Updating an Application Image
-
-To modify or update an application image run the `realms update-appimg` command.
-A container will be created for updating the image and a root shell session will
-open. From this session regular package management commands can be run.  Any changes
-made will only affect future realms created from this appimg.
-
-    citadel:~ # realms update-appimg
-    [+]: Entering root shell on base appimg
-    root@base-appimg-update:/# apt update
-
-    [...]

meta-citadel/classes/citadel-image.bbclass

@@ -1,8 +1,8 @@
 
-DEPENDS_append = " citadel-tools-native mtools-native cryptsetup-native coreutils-native"
+DEPENDS:append = " citadel-tools-native mtools-native cryptsetup-native coreutils-native"
 
 # Block size must be 4096 or dm-verity won't work
-EXTRA_IMAGECMD_ext4 = "-i 4096 -b 4096"
+EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096"
 IMAGE_FSTYPES = "ext4"
 IMAGE_OVERHEAD_FACTOR = "1.2"
 
@@ -24,7 +24,7 @@ EOF
     ver=$(printf "%03d" ${CITADEL_IMAGE_VERSION})
 
     if [ "${CITADEL_IMAGE_TYPE}" = "kernel" ]; then
-        KERNEL_ID=$(cat ${DEPLOY_DIR_IMAGE}/kernel.id)
+        KERNEL_ID=$(generate_kernel_id)
         echo "kernel-version = \"${CITADEL_KERNEL_VERSION}\"" >> ${B}/mkimage.conf
         echo "kernel-id = \"${KERNEL_ID}\"" >> ${B}/mkimage.conf
         fname="citadel-kernel-${CITADEL_KERNEL_VERSION}-${CITADEL_IMAGE_CHANNEL}-${ver}.img"
@@ -41,7 +41,9 @@ do_citadel_mkimage[vardepsexclude] = "DATETIME"
 
 IMAGE_POSTPROCESS_COMMAND += " generate_shasum_buildhistory ;"
 
+BUILDHISTORY_CURRENT_IMAGE_DIR = "${TOPDIR}/buildhistory/images/${MACHINE_ARCH}/${TCLIBC}/${IMAGE_BASENAME}"
+
 generate_shasum_buildhistory() {
-    mkdir -p ${BUILDHISTORY_DIR_IMAGE}
-    ( cd ${IMAGE_ROOTFS} && find . -type f -exec sha1sum '{}' \; | sort -k2 > ${BUILDHISTORY_DIR_IMAGE}/image-shasums.txt )
+    mkdir -p ${BUILDHISTORY_CURRENT_IMAGE_DIR}
+    ( cd ${IMAGE_ROOTFS} && find . -type f -exec sha1sum '{}' \; | sort -k2 > ${BUILDHISTORY_CURRENT_IMAGE_DIR}/image-shasums.txt )
 }

meta-citadel/classes/external-tree.bbclass

@@ -0,0 +1,33 @@
+
+S = "${WORKDIR}${@source_path(d)}"
+SRC_URI = "${@source_uri(d)}"
+
+
+def source_path(d):
+    var = d.getVar("EXTERNAL_TREE_VAR")
+    tree_path = d.getVar(var)
+
+    if tree_path:
+        return tree_path
+    else:
+        return "/git"
+
+def source_uri(d):
+    var = d.getVar("EXTERNAL_TREE_VAR")
+    tree_path = d.getVar(var)
+
+    if tree_path:
+        return "file://" + tree_path
+    else:
+        return d.getVar("GIT_URI")
+
+# Set debug build if $EXTERNAL_TREE_VAR is set for faster builds
+DEBUG_BUILD = "${@debug_build(d)}"
+
+def debug_build(d):
+    var = d.getVar("EXTERNAL_TREE_VAR")
+    tree_path = d.getVar(var)
+    if tree_path:
+        return "1"
+    else:
+        return "0"

meta-citadel/conf/distro/citadel-distro.conf

@@ -2,9 +2,14 @@ DISTRO = "citadel-distro"
 DISTRO_NAME = "Subgraph OS Citadel"
 DISTRO_VERSION = "1.0"
 
-CITADEL_DEFAULT_DISTRO_FEATURES = "acl alsa argp bluetooth ext2 largefile systemd usbhost wifi xattr pci x11 usrmerge wayland opengl pam"
+CITADEL_DEFAULT_DISTRO_FEATURES = "acl alsa argp bluetooth ext2 largefile systemd usbhost wifi xattr pci x11 usrmerge wayland opengl pam polkit seccomp"
 DISTRO_FEATURES ?= "${DISTRO_FEATURES_LIBC} ${CITADEL_DEFAULT_DISTRO_FEATURES}"
 
+PREMIRRORS:prepend = "\
+    git://.*/.* https://mirror.subgraph.com/ \
+    ftp://.*/.* https://mirror.subgraph.com/ \
+    http://.*/.* https://mirror.subgraph.com/ \
+    https://.*/.* https://mirror.subgraph.com/"
 
 HOSTTOOLS_NONFATAL += "inkscape"
 #
@@ -35,17 +40,9 @@ IMAGE_LINGUAS = "en-us"
 
 BUILD_REPRODUCIBLE_BINARIES = "1"
 
-INHERIT += "reproducible_build"
+INHERIT += "buildhistory"
 
-# Override meta-rust dependencies.
-#
-# Instead of bringing in all of openembedded, we imported the two recipes
-# meta-rust depends on:
-#
-#        meta-citadel/recipes-support/libgit2/
-#        meta-citadel/recipes-support/libssh2/
-#
-LAYERDEPENDS_rust-layer = "core"
+
+PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native"
 
 require conf/distro/include/security_flags.inc
-

meta-citadel/conf/layer.conf

@@ -5,14 +5,16 @@ BBPATH =. "${LAYERDIR}:"
 BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
             ${LAYERDIR}/recipes-*/*/*.bbappend"
 
-BBMASK += "meta-intel/dynamic-layers/clang-layer/recipes-devtools/clang/llvm-project-source.bbappend"
 LICENSE_PATH += "${LAYERDIR}/licenses"
 
+# see https://patches.openembedded.org/patch/164502/
+PREFERRED_RPROVIDER_libdevmapper = "lvm2"
+
 BBFILE_COLLECTIONS += "citadel"
 BBFILE_PATTERN_citadel = "^${LAYERDIR}/"
 BBFILE_PRIORITY_citadel = "5"
 
-LAYERSERIES_COMPAT_citadel = "thud warrior zeus"
+LAYERSERIES_COMPAT_citadel = "scarthgap"
 
 # This should only be incremented on significant changes that will
 # cause compatibility issues with other layers

meta-citadel/conf/templates/default/bblayers.conf.sample

@@ -8,8 +8,6 @@ BBFILES ?= ""
 BBLAYERS ?= " \
   ##OEROOT##/meta \
   ##OEROOT##/../meta-intel \
-  ##OEROOT##/../meta-rust \
   ##OEROOT##/../meta-citadel \
   ##OEROOT##/../meta-gnome \
-  ##OEROOT##/../meta-clang \
   "

meta-citadel/conf/templates/default/local.conf.sample

@@ -2,32 +2,45 @@
 # This file is your local configuration file and is where all local user settings
 # are placed. The comments in this file give some guide to the options a new user
 # to the system might want to change but pretty much any configuration option can
-# be set in this file. More adventurous users can look at local.conf.extended
-# which contains other examples of configuration which can be placed in this file
-# but new users likely won't need any of them initially.
+# be set in this file. More adventurous users can look at
+# local.conf.sample.extended which contains other examples of configuration which
+# can be placed in this file but new users likely won't need any of them
+# initially.
 #
 # Lines starting with the '#' character are commented out and in some cases the
 # default values are provided as comments to show people example syntax. Enabling
 # the option is a question of removing the # character and making any change to the
 # variable as required.
 
-# Distro configuration:
 #
-#  meta-citadel-distro/conf/distro/citadel-distro.conf
+# Machine Selection
 #
-
-DISTRO ?= "citadel-distro"
-
-# Machine configuration:
+# You need to select a specific machine to target the build with. There are a selection
+# of emulated machines available which can boot and run in the QEMU emulator:
 #
-#   meta-intel/conf/machine/intel-corei7-64.conf
+#MACHINE ?= "qemuarm"
+#MACHINE ?= "qemuarm64"
+#MACHINE ?= "qemumips"
+#MACHINE ?= "qemumips64"
+#MACHINE ?= "qemuppc"
+#MACHINE ?= "qemux86"
+#MACHINE ?= "qemux86-64"
 #
-
+# There are also the following hardware board target machines included for 
+# demonstration purposes:
+#
+#MACHINE ?= "beaglebone-yocto"
+#MACHINE ?= "genericx86"
+#MACHINE ?= "genericx86-64"
+#MACHINE ?= "edgerouter"
+#
+# This sets the default machine to be qemux86-64 if no other machine is selected:
+#MACHINE ??= "qemux86-64"
 MACHINE ?= "intel-corei7-64"
 
 DEFAULT_TIMEZONE = "America/New_York"
 DEPLOY_DIR_IMAGE = "${TOPDIR}/images"
-#
+
 #
 # Where to place downloads
 #
@@ -69,6 +82,34 @@ DEPLOY_DIR_IMAGE = "${TOPDIR}/images"
 #
 #TMPDIR = "${TOPDIR}/tmp"
 
+#
+# Default policy config
+#
+# The distribution setting controls which policy settings are used as defaults.
+# The default value is fine for general Yocto project use, at least initially.
+# Ultimately when creating custom policy, people will likely end up subclassing 
+# these defaults.
+#
+DISTRO ?= "citadel-distro"
+# As an example of a subclass there is a "bleeding" edge policy configuration
+# where many versions are set to the absolute latest code from the upstream 
+# source control systems. This is just mentioned here as an example, its not
+# useful to most new users.
+# DISTRO ?= "poky-bleeding"
+
+#
+# Package Management configuration
+#
+# This variable lists which packaging formats to enable. Multiple package backends
+# can be enabled at once and the first item listed in the variable will be used
+# to generate the root filesystems.
+# Options are:
+#  - 'package_deb' for debian style deb files
+#  - 'package_ipk' for ipk files are used by opkg (a debian style embedded package manager)
+#  - 'package_rpm' for rpm style packages
+# E.g.: PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk"
+# We default to rpm:
+PACKAGE_CLASSES ?= "package_deb"
 
 #
 # SDK target architecture
@@ -76,7 +117,7 @@ DEPLOY_DIR_IMAGE = "${TOPDIR}/images"
 # This variable specifies the architecture to build SDK items for and means
 # you can build the SDK packages for architectures other than the machine you are
 # running the build on (i.e. building i686 packages on an x86_64 host).
-# Supported values are i686 and x86_64
+# Supported values are i686, x86_64, aarch64
 #SDKMACHINE ?= "i686"
 
 #
@@ -87,6 +128,8 @@ DEPLOY_DIR_IMAGE = "${TOPDIR}/images"
 # variable can contain the following options:
 #  "dbg-pkgs"       - add -dbg packages for all installed packages
 #                     (adds symbol information for debugging/profiling)
+#  "src-pkgs"       - add -src packages for all installed packages
+#                     (adds source code for debugging)
 #  "dev-pkgs"       - add -dev packages for all installed packages
 #                     (useful if you want to develop against libs in the image)
 #  "ptest-pkgs"     - add -ptest packages for all ptest-enabled packages
@@ -110,20 +153,18 @@ EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
 # enable extra features. Some available options which can be included in this variable
 # are:
 #   - 'buildstats' collect build statistics
-#   - 'image-mklibs' to reduce shared library files size for an image
-#   - 'image-prelink' in order to prelink the filesystem image
-# NOTE: if listing mklibs & prelink both, then make sure mklibs is before prelink
-# NOTE: mklibs also needs to be explicitly enabled for a given image, see local.conf.extended
 USER_CLASSES ?= "buildstats"
 
 #
 # Runtime testing of images
 #
 # The build system can test booting virtual machine images under qemu (an emulator)
-# after any root filesystems are created and run tests against those images. To
-# enable this uncomment this line. See classes/testimage(-auto).bbclass for
-# further details.
-#TEST_IMAGE = "1"
+# after any root filesystems are created and run tests against those images. It can also
+# run tests against any SDK that are built. To enable this uncomment these lines.
+# See classes/test{image,sdk}.bbclass for further details.
+#IMAGE_CLASSES += "testimage testsdk"
+#TESTIMAGE_AUTO:qemuall = "1"
+
 #
 # Interactive shell configuration
 #
@@ -148,29 +189,29 @@ PATCHRESOLVE = "noop"
 #
 # Monitor the disk space during the build. If there is less that 1GB of space or less
 # than 100K inodes in any key build location (TMPDIR, DL_DIR, SSTATE_DIR), gracefully
-# shutdown the build. If there is less that 100MB or 1K inodes, perform a hard abort
+# shutdown the build. If there is less than 100MB or 1K inodes, perform a hard halt
 # of the build. The reason for this is that running completely out of space can corrupt
 # files and damages the build in ways which may not be easily recoverable.
-# It's necesary to monitor /tmp, if there is no space left the build will fail
+# It's necessary to monitor /tmp, if there is no space left the build will fail
 # with very exotic errors.
-BB_DISKMON_DIRS = "\
+BB_DISKMON_DIRS ??= "\
     STOPTASKS,${TMPDIR},1G,100K \
     STOPTASKS,${DL_DIR},1G,100K \
     STOPTASKS,${SSTATE_DIR},1G,100K \
     STOPTASKS,/tmp,100M,100K \
-    ABORT,${TMPDIR},100M,1K \
-    ABORT,${DL_DIR},100M,1K \
-    ABORT,${SSTATE_DIR},100M,1K \
-    ABORT,/tmp,10M,1K"
+    HALT,${TMPDIR},100M,1K \
+    HALT,${DL_DIR},100M,1K \
+    HALT,${SSTATE_DIR},100M,1K \
+    HALT,/tmp,10M,1K"
 
 #
 # Shared-state files from other locations
 #
-# As mentioned above, shared state files are prebuilt cache data objects which can
+# As mentioned above, shared state files are prebuilt cache data objects which can be
 # used to accelerate build time. This variable can be used to configure the system
 # to search other mirror locations for these objects before it builds the data itself.
 #
-# This can be a filesystem directory, or a remote url such as http or ftp. These
+# This can be a filesystem directory, or a remote url such as https or ftp. These
 # would contain the sstate-cache results from previous builds (possibly from other
 # machines). This variable works like fetcher MIRRORS/PREMIRRORS and points to the
 # cache locations to check for the shared objects.
@@ -178,33 +219,65 @@ BB_DISKMON_DIRS = "\
 # at the end as shown in the examples below. This will be substituted with the
 # correct path within the directory structure.
 #SSTATE_MIRRORS ?= "\
-#file://.* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \
+#file://.* https://someserver.tld/share/sstate/PATH;downloadfilename=PATH \
 #file://.* file:///some/local/dir/sstate/PATH"
 
+#
+# Yocto Project SState Mirror
+#
+# The Yocto Project has prebuilt artefacts available for its releases, you can enable
+# use of these by uncommenting the following lines. This will mean the build uses
+# the network to check for artefacts at the start of builds, which does slow it down
+# equally, it will also speed up the builds by not having to build things if they are
+# present in the cache. It assumes you can download something faster than you can build it
+# which will depend on your network.
+# Note: For this to work you also need hash-equivalence passthrough to the matching server
+#
+#BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687"
+#SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/4.0/PATH;downloadfilename=PATH"
 
 #
 # Qemu configuration
 #
-# By default qemu will build with a builtin VNC server where graphical output can be
-# seen. The two lines below enable the SDL backend too. By default libsdl-native will
-# be built, if you want to use your host's libSDL instead of the minimal libsdl built
-# by libsdl-native then uncomment the ASSUME_PROVIDED line below.
-PACKAGECONFIG_append_pn-qemu-native = " sdl"
-PACKAGECONFIG_append_pn-nativesdk-qemu = " sdl"
-#ASSUME_PROVIDED += "libsdl-native"
+# By default native qemu will build with a builtin VNC server where graphical output can be
+# seen. The line below enables the SDL UI frontend too.
+PACKAGECONFIG:append:pn-qemu-system-native = " sdl"
+# By default libsdl2-native will be built, if you want to use your host's libSDL instead of 
+# the minimal libsdl built by libsdl2-native then uncomment the ASSUME_PROVIDED line below.
+#ASSUME_PROVIDED += "libsdl2-native"
+
+# You can also enable the Gtk UI frontend, which takes somewhat longer to build, but adds
+# a handy set of menus for controlling the emulator.
+#PACKAGECONFIG:append:pn-qemu-system-native = " gtk+"
+
+#
+# Hash Equivalence
+#
+# Enable support for automatically running a local hash equivalence server and
+# instruct bitbake to use a hash equivalence aware signature generator. Hash
+# equivalence improves reuse of sstate by detecting when a given sstate
+# artifact can be reused as equivalent, even if the current task hash doesn't
+# match the one that generated the artifact.
+#
+# A shared hash equivalent server can be set with "<HOSTNAME>:<PORT>" format
+#
+#BB_HASHSERVE = "auto"
+#BB_SIGNATURE_HANDLER = "OEEquivHash"
+
+#
+# Memory Resident Bitbake
+#
+# Bitbake's server component can stay in memory after the UI for the current command
+# has completed. This means subsequent commands can run faster since there is no need
+# for bitbake to reload cache files and so on. Number is in seconds, after which the
+# server will shut down.
+#
+#BB_SERVER_TIMEOUT = "60"
 
 # CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to
 # track the version of this file when it was generated. This can safely be ignored if
 # this doesn't mean anything to you.
-CONF_VERSION = "1"
-INHERIT+="toaster buildhistory"
-
-#
-# Enable to build a custom kernel with options set so that powertop can be used, and
-# will also build citadel-image with powertop package installed
-#
-# DISTROOVERRIDES = "citadel-powertop"
-
+CONF_VERSION = "2"
 
 #
 # Set to build citadel-tools recipes from a local copy on the filesystem rather than
@@ -215,3 +288,7 @@ INHERIT+="toaster buildhistory"
 #
 # CITADEL_TOOLS_PATH = "/home/user/citadel-tools"
 #
+# Same as above for GNOME Shell and Mutter:
+#
+# CITADEL_GNOME_SHELL_PATH = "/home/user/citadel-gnome/gnome-shell"
+# CITADEL_MUTTER_PATH = "/home/user/citadel-gnome/mutter"

meta-citadel/recipes-citadel/bbappends/base-files_%.bbappend

@@ -1,15 +1,15 @@
 hostname="subgraph"
 
-dirs1777_remove = "${localstatedir}/volatile/tmp"
+dirs1777:remove = "${localstatedir}/volatile/tmp"
 
 dirs755="/boot /dev /usr/bin /usr/sbin /usr/lib /etc /etc/default /etc/skel /usr/lib /mnt /proc /home/root /run /usr /usr/bin /usr/share/doc/base-files-3.0.14 /usr/include /usr/lib /usr/sbin /usr/share /usr/share/common-licenses /usr/share/info /usr/share/man /usr/share/misc /var /sys /home /media"
 
 volatiles = ""
 
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/base-files:"
 SRC_URI += "file://profile"
 
-do_install_append () {
+do_install:append () {
     rm ${D}${sysconfdir}/fstab
     rm ${D}${sysconfdir}/skel/.bashrc
     rm ${D}${sysconfdir}/skel/.profile

meta-citadel/recipes-citadel/bbappends/bluez5_%.bbappend

@@ -0,0 +1,11 @@
+PACKAGECONFIG = "\
+    readline \
+    systemd \
+    a2dp-profiles \
+    avrcp-profiles \
+    hid-profiles \
+    hog-profiles \
+    tools \
+    deprecated \
+    udev \
+"

meta-citadel/recipes-citadel/bbappends/btrfs-tools_%.bbappend

@@ -1,4 +1,4 @@
 # Put python library into a separate package and avoid dragging in python as RDEPENDS
 PACKAGES =+ "${PN}-python"
-FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
-RDEPENDS_${PN}_remove = "${PYTHON_PN}-core"
+FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+RDEPENDS:${PN}:remove = "${PYTHON_PN}-core"

meta-citadel/recipes-citadel/bbappends/dbus_%.bbappend

@@ -0,0 +1 @@
+PACKAGECONFIG:append = " user-session"

meta-citadel/recipes-citadel/bbappends/gdm_%.bbappend

@@ -0,0 +1,20 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/gdm:"
+
+INSANE_SKIP:${PN}-src = "buildpaths"
+
+SRC_URI += "file://gdm.conf"
+DEPENDS += "plymouth"
+
+do_install:append() {
+    install -d ${D}${sysconfdir}/default/volatiles
+    echo "d gdm gdm 755 ${localstatedir}/run/gdm/greeter none" > ${D}${sysconfdir}/default/volatiles/99_gdm
+    rm ${D}${sysconfdir}/gdm/custom.conf
+    rm ${D}${libdir}/udev/rules.d/61-gdm.rules
+    install -m 644 ${WORKDIR}/gdm.conf ${D}${sysconfdir}/gdm/custom.conf
+}
+
+EXTRA_OEMESON = " \
+    -Dplymouth=enabled \
+    -Ddefault-pam-config=openembedded \
+    -Dpam-mod-dir=${base_libdir}/security \
+"

meta-citadel/recipes-citadel/bbappends/geoclue_%.bbappend

@@ -0,0 +1 @@
+PACKAGECONFIG = "lib"

meta-citadel/recipes-citadel/bbappends/gnome-control-center_%.bbappend

@@ -0,0 +1 @@
+INSANE_SKIP:${PN}-src = "buildpaths"

meta-citadel/recipes-citadel/bbappends/gnome-disk-utility_%.bbappend

@@ -0,0 +1 @@
+INSANE_SKIP:${PN}-src = "buildpaths"

meta-citadel/recipes-citadel/bbappends/gnome-settings-daemon_%.bbappend

@@ -0,0 +1,2 @@
+PACKAGECONFIG = "nm alsa gudev wayland"
+EXTRA_OEMESON += " -Dwwan=false"

meta-citadel/recipes-citadel/bbappends/gnome-system-monitor_%.bbappend

@@ -0,0 +1 @@
+RRECOMMENDS:${PN}:remove = "adwaita-icon-theme"

meta-citadel/recipes-citadel/bbappends/gnome-terminal_%.bbappend

@@ -1,4 +1,6 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/gnome-terminal:"
+
+INSANE_SKIP:${PN}-src = "buildpaths"
 
 SRC_URI += "\
     file://gnome-terminal-citadel.service \
@@ -7,15 +9,12 @@ SRC_URI += "\
     file://50_gnome-terminal.gschema.override \
 "
 
-DEPENDS += "paxctl-native"
-
-do_install_append() {
+do_install:append() {
     install -m 644 ${WORKDIR}/50_gnome-terminal.gschema.override ${D}${datadir}/glib-2.0/schemas
     install -m 644 ${WORKDIR}/org.gnome.TerminalCitadel.desktop ${D}${datadir}/applications
     install -m 644 ${WORKDIR}/org.gnome.TerminalCitadel.service ${D}${datadir}/dbus-1/services
     install -m 644 ${WORKDIR}/gnome-terminal-citadel.service ${D}${systemd_user_unitdir}
     rm ${D}${datadir}/applications/org.gnome.Terminal.desktop
-    paxctl -cm ${D}${libexecdir}/gnome-terminal-server
 }
 
 

meta-citadel/recipes-citadel/bbappends/gobject-introspection_%.bbappend

@@ -1,5 +1,5 @@
 PACKAGES =+ "libgirepository"
-FILES_libgirepository = "\
+FILES:libgirepository = "\
     ${libdir}/libgirepository-1.0${SOLIBS} \
     ${libdir}/girepository-1.0 \
 "

meta-citadel/recipes-citadel/bbappends/gstreamer1.0-plugins-good_%.bbappend

@@ -0,0 +1 @@
+PACKAGECONFIG="orc soup3 x11 asm bz2 cairo flac gdk-pixbuf gudev jpeg lame libpng mpg123 speex taglib v4l2 vpx"

meta-citadel/recipes-citadel/bbappends/gtk+3_%.bbappend

@@ -1,2 +1,2 @@
 # Remove this dependency so it doesn't get dragged in with gtk.  These icons are in citadel-extra-image now
-GTKBASE_RRECOMMENDS_remove = "adwaita-icon-theme-symbolic"
+GTKBASE_RRECOMMENDS:remove = "adwaita-icon-theme-symbolic"

meta-citadel/recipes-citadel/bbappends/gtk4_%.bbappend

@@ -0,0 +1,2 @@
+# Remove this dependency so it doesn't get dragged in with gtk.  These icons are in citadel-extra-image now
+GTKBASE_RRECOMMENDS:remove = "adwaita-icon-theme-symbolic"

meta-citadel/recipes-citadel/bbappends/gvfs_%.bbappend

@@ -0,0 +1,3 @@
+
+PACKAGECONFIG:remove = "libgphoto2"
+EXTRA_OEMESON:append = " -Dlibusb=false"

meta-citadel/recipes-citadel/bbappends/iptables/iptables.rules

@@ -0,0 +1,9 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT DROP [0:0]
+-A INPUT -m state --state ESTABLISHED -j ACCEPT
+-A OUTPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT
+-A OUTPUT -p udp -m owner --uid-owner systemd-timesync -j ACCEPT
+-A OUTPUT -j LOG --log-uid --log-prefix 'iptables'
+COMMIT

meta-citadel/recipes-citadel/bbappends/iptables/iptables.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=IPv4 Packet Filtering Framework
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+
+ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
+ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
+
+ExecStopPost=-/sbin/iptables -P INPUT ACCEPT
+ExecStopPost=-/sbin/iptables -P OUTPUT ACCEPT
+ExecStopPost=/sbin/iptables -F
+
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

meta-citadel/recipes-citadel/bbappends/iptables_%.bbappend

@@ -0,0 +1 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/iptables:"

meta-citadel/recipes-citadel/bbappends/libblockdev_%.bbappend

@@ -0,0 +1,3 @@
+
+PACKAGECONFIG = "fs crypto parted mdraid tools"
+DEPENDS += "systemd"

meta-citadel/recipes-citadel/bbappends/libbytesize_%.bbappend

@@ -0,0 +1 @@
+#PACKAGECONFIG = ""

meta-citadel/recipes-citadel/bbappends/libcanberra_%.bbappend

@@ -0,0 +1 @@
+PACKAGECONFIG = "pulseaudio gtk3"

meta-citadel/recipes-citadel/bbappends/libdevmapper_%.bbappend

@@ -0,0 +1 @@
+PACKAGECONFIG = "odirect"

meta-citadel/recipes-citadel/bbappends/libpam_%.bbappend

@@ -0,0 +1,3 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/libpam:"
+
+SRC_URI += "file://pam.d/common-auth"

meta-citadel/recipes-citadel/bbappends/lvm2/lvm.conf

@@ -0,0 +1,326 @@
+# This is an example configuration file for the LVM2 system.
+# It contains the default settings that would be used if there was no
+# /etc/lvm/lvm.conf file.
+#
+# Refer to 'man lvm.conf' for further information including the file layout.
+#
+# To put this file in a different directory and override /etc/lvm set
+# the environment variable LVM_SYSTEM_DIR before running the tools.
+
+
+# This section allows you to configure which block devices should
+# be used by the LVM system.
+devices {
+
+    # Where do you want your volume groups to appear ?
+    dir = "/dev"
+
+    # An array of directories that contain the device nodes you wish
+    # to use with LVM2.
+    scan = [ "/dev" ]
+
+    # A filter that tells LVM2 to only use a restricted set of devices.
+    # The filter consists of an array of regular expressions.  These
+    # expressions can be delimited by a character of your choice, and
+    # prefixed with either an 'a' (for accept) or 'r' (for reject).
+    # The first expression found to match a device name determines if
+    # the device will be accepted or rejected (ignored).  Devices that
+    # don't match any patterns are accepted.
+
+    # Be careful if there there are symbolic links or multiple filesystem 
+    # entries for the same device as each name is checked separately against
+    # the list of patterns.  The effect is that if any name matches any 'a'
+    # pattern, the device is accepted; otherwise if any name matches any 'r'
+    # pattern it is rejected; otherwise it is accepted.
+
+    # Don't have more than one filter line active at once: only one gets used.
+
+    # Run vgscan after you change this parameter to ensure that
+    # the cache file gets regenerated (see below).
+    # If it doesn't do what you expect, check the output of 'vgscan -vvvv'.
+
+
+    # By default we accept every block device:
+    filter = [ "a/.*/" ]
+
+    # Exclude the cdrom drive
+    # filter = [ "r|/dev/cdrom|" ]
+
+    # When testing I like to work with just loopback devices:
+    # filter = [ "a/loop/", "r/.*/" ]
+
+    # Or maybe all loops and ide drives except hdc:
+    # filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ]
+
+    # Use anchors if you want to be really specific
+    # filter = [ "a|^/dev/hda8$|", "r/.*/" ]
+
+    # The results of the filtering are cached on disk to avoid
+    # rescanning dud devices (which can take a very long time).  By
+    # default this cache file is hidden in the /etc/lvm directory.
+    # It is safe to delete this file: the tools regenerate it.
+    cache = "/etc/lvm/.cache"
+
+    # You can turn off writing this cache file by setting this to 0.
+    write_cache_state = 0
+
+    # Advanced settings.
+
+    # List of pairs of additional acceptable block device types found 
+    # in /proc/devices with maximum (non-zero) number of partitions.
+    # types = [ "fd", 16 ]
+
+    # If sysfs is mounted (2.6 kernels) restrict device scanning to 
+    # the block devices it believes are valid.
+    # 1 enables; 0 disables.
+    sysfs_scan = 1	
+
+    # By default, LVM2 will ignore devices used as components of
+    # software RAID (md) devices by looking for md superblocks.
+    # 1 enables; 0 disables.
+    md_component_detection = 1
+}
+
+# This section that allows you to configure the nature of the
+# information that LVM2 reports.
+log {
+
+    # Controls the messages sent to stdout or stderr.
+    # There are three levels of verbosity, 3 being the most verbose.
+    verbose = 0
+
+    # Should we send log messages through syslog?
+    # 1 is yes; 0 is no.
+    syslog = 1
+
+    # Should we log error and debug messages to a file?
+    # By default there is no log file.
+    #file = "/var/log/lvm2.log"
+
+    # Should we overwrite the log file each time the program is run?
+    # By default we append.
+    overwrite = 0
+
+    # What level of log messages should we send to the log file and/or syslog?
+    # There are 6 syslog-like log levels currently in use - 2 to 7 inclusive.
+    # 7 is the most verbose (LOG_DEBUG).
+    level = 0
+    
+    # Format of output messages
+    # Whether or not (1 or 0) to indent messages according to their severity
+    indent = 1
+
+    # Whether or not (1 or 0) to display the command name on each line output
+    command_names = 0
+
+    # A prefix to use before the message text (but after the command name,
+    # if selected).  Default is two spaces, so you can see/grep the severity
+    # of each message.
+    prefix = "  "
+
+    # To make the messages look similar to the original LVM tools use:
+    #   indent = 0
+    #   command_names = 1
+    #   prefix = " -- "
+
+    # Set this if you want log messages during activation.
+    # Don't use this in low memory situations (can deadlock).
+    # activation = 0
+}
+
+# Configuration of metadata backups and archiving.  In LVM2 when we
+# talk about a 'backup' we mean making a copy of the metadata for the
+# *current* system.  The 'archive' contains old metadata configurations.
+# Backups are stored in a human readeable text format.
+backup {
+
+    # Should we maintain a backup of the current metadata configuration ?
+    # Use 1 for Yes; 0 for No.
+    # Think very hard before turning this off!
+    backup = 0
+
+    # Where shall we keep it ?
+    # Remember to back up this directory regularly!
+    backup_dir = "/etc/lvm/backup"
+
+    # Should we maintain an archive of old metadata configurations.
+    # Use 1 for Yes; 0 for No.
+    # On by default.  Think very hard before turning this off.
+    archive = 0
+
+    # Where should archived files go ?
+    # Remember to back up this directory regularly!
+    archive_dir = "/etc/lvm/archive"
+    
+    # What is the minimum number of archive files you wish to keep ?
+    retain_min = 10
+
+    # What is the minimum time you wish to keep an archive file for ?
+    retain_days = 30
+}
+
+# Settings for the running LVM2 in shell (readline) mode.
+shell {
+
+    # Number of lines of history to store in ~/.lvm_history
+    history_size = 100
+}
+
+
+# Miscellaneous global LVM2 settings
+global {
+    
+    # The file creation mask for any files and directories created.
+    # Interpreted as octal if the first digit is zero.
+    umask = 077
+
+    # Allow other users to read the files
+    #umask = 022
+
+    # Enabling test mode means that no changes to the on disk metadata
+    # will be made.  Equivalent to having the -t option on every
+    # command.  Defaults to off.
+    test = 0
+
+    # Whether or not to communicate with the kernel device-mapper.
+    # Set to 0 if you want to use the tools to manipulate LVM metadata 
+    # without activating any logical volumes.
+    # If the device-mapper kernel driver is not present in your kernel
+    # setting this to 0 should suppress the error messages.
+    activation = 1
+
+    # If we can't communicate with device-mapper, should we try running 
+    # the LVM1 tools?
+    # This option only applies to 2.4 kernels and is provided to help you
+    # switch between device-mapper kernels and LVM1 kernels.
+    # The LVM1 tools need to be installed with .lvm1 suffices
+    # e.g. vgscan.lvm1 and they will stop working after you start using
+    # the new lvm2 on-disk metadata format.
+    # The default value is set when the tools are built.
+    # fallback_to_lvm1 = 0
+
+    # The default metadata format that commands should use - "lvm1" or "lvm2".
+    # The command line override is -M1 or -M2.
+    # Defaults to "lvm1" if compiled in, else "lvm2".
+    # format = "lvm1"
+
+    # Location of proc filesystem
+    proc = "/proc"
+
+    # Type of locking to use. Defaults to file-based locking (1).
+    # Turn locking off by setting to 0 (dangerous: risks metadata corruption
+    # if LVM2 commands get run concurrently).
+    locking_type = 1
+
+    # Local non-LV directory that holds file-based locks while commands are
+    # in progress.  A directory like /tmp that may get wiped on reboot is OK.
+    locking_dir = "/tmp/lock/lvm"
+
+    # Other entries can go here to allow you to load shared libraries
+    # e.g. if support for LVM1 metadata was compiled as a shared library use
+    #   format_libraries = "liblvm2format1.so" 
+    # Full pathnames can be given.
+
+    # Search this directory first for shared libraries.
+    #   library_dir = "/lib"
+}
+
+activation {
+    # Device used in place of missing stripes if activating incomplete volume.
+    # For now, you need to set this up yourself first (e.g. with 'dmsetup')
+    # For example, you could make it return I/O errors using the 'error' 
+    # target or make it return zeros.
+    missing_stripe_filler = "/dev/ioerror"
+
+    # Size (in KB) of each copy operation when mirroring
+    mirror_region_size = 512
+
+    # How much stack (in KB) to reserve for use while devices suspended
+    reserved_stack = 256
+
+    # How much memory (in KB) to reserve for use while devices suspended
+    reserved_memory = 8192
+
+    # Nice value used while devices suspended
+    process_priority = -18
+
+    # If volume_list is defined, each LV is only activated if there is a
+    # match against the list.
+    #   "vgname" and "vgname/lvname" are matched exactly.
+    #   "@tag" matches any tag set in the LV or VG.
+    #   "@*" matches if any tag defined on the host is also set in the LV or VG
+    #
+    # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]
+}
+
+
+####################
+# Advanced section #
+####################
+
+# Metadata settings
+#
+# metadata {
+    # Default number of copies of metadata to hold on each PV.  0, 1 or 2.
+    # You might want to override it from the command line with 0 
+    # when running pvcreate on new PVs which are to be added to large VGs.
+
+    # pvmetadatacopies = 1
+
+    # Approximate default size of on-disk metadata areas in sectors.
+    # You should increase this if you have large volume groups or
+    # you want to retain a large on-disk history of your metadata changes.
+
+    # pvmetadatasize = 255
+
+    # List of directories holding live copies of text format metadata.
+    # These directories must not be on logical volumes!
+    # It's possible to use LVM2 with a couple of directories here,
+    # preferably on different (non-LV) filesystems, and with no other 
+    # on-disk metadata (pvmetadatacopies = 0). Or this can be in
+    # addition to on-disk metadata areas.
+    # The feature was originally added to simplify testing and is not
+    # supported under low memory situations - the machine could lock up.
+    #
+    # Never edit any files in these directories by hand unless you
+    # you are absolutely sure you know what you are doing! Use
+    # the supplied toolset to make changes (e.g. vgcfgrestore).
+
+    # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ]
+#}
+
+# Event daemon
+#
+dmeventd {
+    # mirror_library is the library used when monitoring a mirror device.
+    #
+    # "libdevmapper-event-lvm2mirror.so" attempts to recover from
+    # failures.  It removes failed devices from a volume group and
+    # reconfigures a mirror as necessary. If no mirror library is
+    # provided, mirrors are not monitored through dmeventd.
+
+    mirror_library = "@libdir@/device-mapper/libdevmapper-event-lvm2mirror.so"
+
+    # snapshot_library is the library used when monitoring a snapshot device.
+    #
+    # "libdevmapper-event-lvm2snapshot.so" monitors the filling of
+    # snapshots and emits a warning through syslog when the use of
+    # the snapshot exceeds 80%. The warning is repeated when 85%, 90% and
+    # 95% of the snapshot is filled.
+
+    snapshot_library = "@libdir@/device-mapper/libdevmapper-event-lvm2snapshot.so"
+
+    # thin_library is the library used when monitoring a thin device.
+    #
+    # "libdevmapper-event-lvm2thin.so" monitors the filling of
+    # pool and emits a warning through syslog when the use of
+    # the pool exceeds 80%. The warning is repeated when 85%, 90% and
+    # 95% of the pool is filled.
+
+    thin_library = "@libdir@/device-mapper/libdevmapper-event-lvm2thin.so"
+
+    # Full path of the dmeventd binary.
+    #
+    # executable = "@DMEVENTD_PATH@"
+}
+

meta-citadel/recipes-citadel/bbappends/lvm2_%.bbappend

@@ -0,0 +1,2 @@
+# files/lvm.conf is customized to prevent writing to /etc
+FILESEXTRAPATHS:prepend := "${THISDIR}/lvm2:"

meta-citadel/recipes-citadel/bbappends/modemmanager_%.bbappend

@@ -0,0 +1,4 @@
+
+PACKAGECONFIG = "polkit systemd"
+INSANE_SKIP:${PN}-src = "buildpaths"
+INSANE_SKIP:${PN}-dev = "buildpaths"

meta-citadel/recipes-citadel/bbappends/mozjs-115_%.bbappend

@@ -0,0 +1 @@
+INSANE_SKIP:${PN}-src = "buildpaths"

meta-citadel/recipes-citadel/bbappends/mutter_%.bbappend

@@ -0,0 +1 @@
+INSANE_SKIP:${PN}-src = "buildpaths"

meta-citadel/recipes-citadel/bbappends/networkmanager/watch-resolvconf.path

@@ -2,7 +2,6 @@
 Description=Watch /run/NetworkManager
 
 [Path]
-PathExists=/run/NetworkManager/resolv.conf
 PathChanged=/run/NetworkManager
 MakeDirectory=true
 

meta-citadel/recipes-citadel/bbappends/networkmanager_%.bbappend

@@ -0,0 +1,18 @@
+# Append recipe from meta-openembedded/meta-networking
+FILESEXTRAPATHS:prepend := "${THISDIR}/networkmanager:"
+
+SRC_URI += "\
+    file://NetworkManager.conf \
+    file://watch-resolvconf.path \
+    file://watch-resolvconf.service \
+"
+
+SYSTEMD_SERVICE:${PN} += "watch-resolvconf.path"
+
+do_install:append() {
+    install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager/
+    install -m 644 ${WORKDIR}/watch-resolvconf.path ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/watch-resolvconf.service ${D}${systemd_system_unitdir}
+}
+PACKAGECONFIG = "nss systemd polkit wifi iwd vala nmcli bluez5"
+NETWORKMANAGER_FIREWALL_DEFAULT = "iptables"

meta-citadel/recipes-citadel/bbappends/pipewire_%.bbappend

@@ -0,0 +1,42 @@
+PACKAGECONFIG:remove = "avahi jack libcamera webrtc-echo-cancelling libusb systemd-system-service v4l2"
+
+FILES:${PN} += "\
+    ${sysconfdir}/systemd/user/default.target.wants/filter-chain.service \
+    ${sysconfdir}/systemd/user/default.target.wants/pipewire.service \
+    ${sysconfdir}/systemd/user/sockets.target.wants/pipewire.socket \
+"
+
+FILES:${PN}-pulse += "\
+    ${sysconfdir}/systemd/user/default.target.wants/pipewire-pulse.service \
+    ${sysconfdir}/systemd/user/sockets.target.wants/pipewire-pulse.socket \
+"
+
+do_install:append() {
+    install -d ${D}${sysconfdir}/systemd/user/default.target.wants
+    install -d ${D}${sysconfdir}/systemd/user/sockets.target.wants
+
+    # filter-chain.service
+    # [Install]
+    # WantedBy=default.target
+    ln -sf ${systemd_user_unitdir}/filter-chain.service ${D}${sysconfdir}/systemd/user/default.target.wants/filter-chain.service
+
+    # pipewire.socket
+    # [Install]
+    # WantedBy=sockets.target
+    ln -sf ${systemd_user_unitdir}/pipewire.socket ${D}${sysconfdir}/systemd/user/sockets.target.wants/pipewire.socket
+
+    # pipewire.service
+    # [Install]
+    # WantedBy=default.target
+    ln -sf ${systemd_user_unitdir}/pipewire.service ${D}${sysconfdir}/systemd/user/default.target.wants/pipewire.service
+
+    # pipewire-pulse.socket
+    # [Install]
+    # WantedBy=sockets.target
+    ln -sf ${systemd_user_unitdir}/pipewire-pulse.socket ${D}${sysconfdir}/systemd/user/sockets.target.wants/pipewire-pulse.socket
+
+    # pipewire-pulse.service
+    # [Install]
+    # WantedBy=default.target
+    ln -sf ${systemd_user_unitdir}/pipewire-pulse.service ${D}${sysconfdir}/systemd/user/default.target.wants/pipewire-pulse.service
+}

meta-citadel/recipes-citadel/bbappends/plymouth.bbappend

@@ -0,0 +1,2 @@
+PACKAGECONFIG = "pango drm gtk"
+

meta-citadel/recipes-citadel/bbappends/pulseaudio_17.%.bbappend

@@ -0,0 +1,6 @@
+RDEPENDS:pulseaudio-server:remove = "pulseaudio-module-console-kit"
+RDEPENDS:remove = "pulseaudio-module-x11-cork-request \
+                pulseaudio-module-x11-publish \
+                pulseaudio-module-x11-xsmp \
+"
+PACKAGECONFIG:remove = "x11"

meta-citadel/recipes-citadel/bbappends/readline_%.bbappend

@@ -0,0 +1,5 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/readline:"
+
+SRC_URI += "\
+    file://inputrc \
+"

meta-citadel/recipes-citadel/bbappends/systemd-conf_%.bbappend

@@ -1,6 +1,6 @@
-CONFFILES_${PN} += "${sysconfdir}/machine-id"
+FILES:${PN} += "${sysconfdir}/machine-id"
 
-do_install_append() {
+do_install:append() {
     install -d ${D}${sysconfdir}
     echo "a4e415feff81466c925aab34b0c35a3c" > ${D}${sysconfdir}/machine-id
 }

meta-citadel/recipes-citadel/bbappends/systemd_%.bbappend

@@ -0,0 +1,18 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+RDEPENDS:${PN}:remove = "systemd-serialgetty"
+RDEPENDS:${PN}:remove = "volatile-binds"
+RDEPENDS:${PN}:remove = "update-rc.d"
+
+ALTERNATIVE:${PN}:remove = "resolv-conf"
+
+GROUPADD_PARAM:${PN} += "-r wheel; -r kvm; -r render"
+PACKAGECONFIG = "\
+    efi acl ldconfig pam usrmerge rfkill backlight binfmt hostnamed localed logind machined myhostname \
+    nss polkit randomseed seccomp timedated utmp timesyncd kmod sysusers gshadow cryptsetup cgroupv2 \
+"
+
+do_install:append() {
+    rm -f ${D}${sysconfdir}/tmpfiles.d/00-create-volatile.conf
+    ln -s rescue.target ${D}${systemd_unitdir}/system/kbrequest.target
+}

meta-citadel/recipes-citadel/bbappends/util-linux_%.bbappend

@@ -0,0 +1 @@
+EXTRA_OECONF:append = " --disable-raw"

meta-citadel/recipes-citadel/bbappends/wireplumber_%.bbappend

@@ -0,0 +1,14 @@
+PACKAGECONFIG:remove = "systemd-system-service"
+
+do_install:append() {
+    install -d ${D}${sysconfdir}/systemd/user/pipewire.service.wants
+
+    # wireplumber.service
+
+    # [Install]
+    # WantedBy=pipewire.service
+    ln -sf ${systemd_user_unitdir}/wireplumber.service ${D}${sysconfdir}/systemd/user/pipewire.service.wants/wireplumber.service
+    # Alias=pipewire-session-manager.service
+    ln -sf ${systemd_user_unitdir}/wireplumber.service ${D}${sysconfdir}/systemd/user/pipewire-session-manager.service
+
+}

meta-citadel/recipes-citadel/citadel-config/citadel-config-gnome.bb

@@ -9,23 +9,30 @@ S = "${WORKDIR}"
 
 SRC_URI = "\
     file://gsettings/90_citadel.gschema.override \
-    file://dconf/build.d/initial-realm-dconf.conf \
+    file://gsettings/com.subgraph.RealmConfig.gschema.xml \
+    file://dconf/build.d/realms.d/initial-realm-dconf.conf \
+    file://dconf/build.d/citadel.d/citadel-dconf.conf \
 "
 
 inherit allarch gsettings
 
-# Build the binary dconf database which is installed by default into each new realm
 do_compile() {
     mkdir -p ${WORKDIR}/dconf-output
-    dconf compile ${WORKDIR}/dconf-output/user ${S}/dconf/build.d
+    # Build the binary dconf database which is installed by default into each new realm
+    dconf compile ${WORKDIR}/dconf-output/user ${S}/dconf/build.d/realms.d/
+    # Build the binary dconf database which is installed by default into /home/citadel
+    dconf compile ${WORKDIR}/dconf-output/citadel ${S}/dconf/build.d/citadel.d/
 }
 
 do_install() {
     install -d ${D}${datadir}/glib-2.0/schemas
     install -d ${D}${sysconfdir}/skel/.config/dconf
+    install -m 0755 -d ${D}${datadir}/factory/storage/citadel-state/citadel-dconf
 
     install -m 644 ${S}/gsettings/90_citadel.gschema.override ${D}${datadir}/glib-2.0/schemas
+    install -m 644 ${S}/gsettings/com.subgraph.RealmConfig.gschema.xml ${D}${datadir}/glib-2.0/schemas
     install -m 644 ${WORKDIR}/dconf-output/user ${D}${sysconfdir}/skel/.config/dconf
+    install -m 644 ${WORKDIR}/dconf-output/citadel ${D}${datadir}/factory/storage/citadel-state/citadel-dconf/user
 }
 
-FILES_${PN} = "/"
+FILES:${PN} = "/"

meta-citadel/recipes-citadel/citadel-config/citadel-config.bb

@@ -8,10 +8,8 @@ DEPENDS = ""
 S = "${WORKDIR}"
 
 DEFAULT_REALM_UNITS = "\
-    file://systemd/launch-default-realm.path \
-    file://systemd/launch-default-realm.service \
-    file://systemd/watch-run-user.path \
-    file://systemd/watch-run-user.service \
+    file://systemd/citadel-launch-default-realm.path \
+    file://systemd/citadel-launch-default-realm.service \
 "
 
 MODPROBE_CONFIG = "\
@@ -25,12 +23,11 @@ SYSCTL_CONFIG = "\
 UDEV_RULES = "\
     file://udev/citadel-network.rules \
     file://udev/pci-pm.rules \
-    file://udev/scsi-alpm.rules \
+    file://udev/udisks2-hide.rules \
 "
-
-IPTABLES_RULES = "\
-    file://iptables/empty-filter.rules \
-    file://iptables/iptables.rules \
+DEFAULT_PASSWORD = "\
+    file://citadel-setpassword.sh \
+    file://systemd/citadel-setpassword.service \
 "
 
 SRC_URI = "\
@@ -39,41 +36,45 @@ SRC_URI = "\
     file://fstab \
     file://sudo-citadel \
     file://citadel-ifconfig.sh \
-    file://citadel-setpassword.sh \
     file://00-storage-tmpfiles.conf \
-    file://NetworkManager.conf \
     file://share/dot.bashrc \
     file://share/dot.profile \
     file://share/dot.vimrc \
     file://polkit/citadel.rules \
-    file://iptables-flush.sh \
+    file://citadel-installer.session \
+    file://citadel-installer.json \
+    file://citadel-installer.desktop \
+    file://citadel-installer-ui.desktop \
     file://systemd/zram-swap.service \
-    file://systemd/iptables.service \
-    file://systemd/sway-session-switcher.service \
     file://systemd/x11-session-switcher.service \
-    file://systemd/citadel-setpassword.service \
+    file://systemd/citadel-installer-backend.service \
+    file://systemd/installer-session-switcher.service \
+    file://systemd/user/gnome-session@citadel-installer.target.d/session.conf \
     file://skel/profile \
     file://skel/bashrc \
     file://skel/vimrc \
+    file://skel/init.vim \
     file://apt-cacher-ng/acng.conf \
     file://apt-cacher-ng/security.conf \
+    file://iwd/main.conf \
+    file://pulse/cookie \
     ${DEFAULT_REALM_UNITS} \
     ${MODPROBE_CONFIG} \
     ${SYSCTL_CONFIG} \
     ${UDEV_RULES} \
-    ${IPTABLES_RULES} \
+    ${DEFAULT_PASSWORD} \
 "
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} = "-m -u 1000 -s /bin/bash citadel"
+USERADD_PARAM:${PN} = "-m -u 1000 -s /bin/bash citadel"
 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 
-# for citadel-ifconfig.sh citadel-setpassword.sh
-RDEPENDS_${PN} = "bash wireless-regdb-static"
+# for citadel-ifconfig.sh
+RDEPENDS:${PN} = "bash"
 
 inherit allarch systemd useradd
 
-SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service sway-session-switcher.service x11-session-switcher.service citadel-setpassword.service"
+SYSTEMD_SERVICE:${PN} = "zram-swap.service citadel-launch-default-realm.path x11-session-switcher.service citadel-installer-backend.service installer-session-switcher.service citadel-setpassword.service"
 
 do_install() {
     install -m 0755 -d ${D}/storage
@@ -81,65 +82,92 @@ do_install() {
     install -d ${D}${libdir}/sysctl.d
     install -m 0755 -d ${D}${libexecdir}
     install -m 0755 -d ${D}${sysconfdir}/profile.d
-    install -m 0755 -d ${D}${sysconfdir}/skel
+    install -m 0755 -d ${d}${sysconfdir}/skel
+    install -m 0755 -d ${D}${sysconfdir}/skel/.config
+    install -m 0755 -d ${D}${sysconfdir}/skel/.config/nvim
     install -m 0755 -d ${D}${sysconfdir}/tmpfiles.d
     install -m 0755 -d ${D}${sysconfdir}/udev/rules.d
-    install -m 0755 -d ${D}${sysconfdir}/NetworkManager
     install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d
     install -m 0755 -d ${D}${sysconfdir}/modprobe.d
     install -m 0755 -d ${D}${sysconfdir}/sudoers.d
-    install -m 0755 -d ${D}${datadir}/iptables
-    install -m 0755 -d ${D}${datadir}/factory/skel
+    install -m 0755 -d ${D}${sysconfdir}/iwd
+    install -m 0755 -d ${D}${datadir}/factory/home/root
+    install -m 0755 -d ${D}${datadir}/factory/home/citadel
+    install -m 0755 -d ${D}${datadir}/factory/home/citadel/.local/share/applications
+    install -m 0755 -d ${D}${datadir}/factory/home/citadel/.config/pulse
     install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager
     install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections
     install -m 0755 -d ${D}${datadir}/citadel
+    install -m 0755 -d ${D}${datadir}/gnome-session/sessions
+    install -m 0755 -d ${D}${datadir}/gnome-shell/modes
+    install -m 0755 -d ${D}${datadir}/applications
+    install -m 0755 -d ${D}${datadir}/wayland-sessions
 
     install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
     install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
     install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
     install -m 0440 ${WORKDIR}/sudo-citadel ${D}${sysconfdir}/sudoers.d/citadel
     install -m 0644 ${WORKDIR}/00-storage-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d
-    install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager
+    #install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager
 
     install -d ${D}${systemd_system_unitdir}
+
     install -m 644 ${WORKDIR}/systemd/zram-swap.service ${D}${systemd_system_unitdir}
-    install -m 644 ${WORKDIR}/systemd/iptables.service ${D}${systemd_system_unitdir}
 
-    install -m 644 ${WORKDIR}/systemd/sway-session-switcher.service ${D}${systemd_system_unitdir}
     install -m 644 ${WORKDIR}/systemd/x11-session-switcher.service ${D}${systemd_system_unitdir}
-    install -m 644 ${WORKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/systemd/citadel-installer-backend.service ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/systemd/installer-session-switcher.service ${D}${systemd_system_unitdir}
 
-    install -m 644 ${WORKDIR}/systemd/watch-run-user.path ${D}${systemd_system_unitdir}
-    install -m 644 ${WORKDIR}/systemd/watch-run-user.service ${D}${systemd_system_unitdir}
-    install -m 644 ${WORKDIR}/systemd/launch-default-realm.path ${D}${systemd_system_unitdir}
-    install -m 644 ${WORKDIR}/systemd/launch-default-realm.service ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
+    install -m 0754 ${WORKDIR}/citadel-setpassword.sh ${D}${libexecdir}
+    install -d ${D}${systemd_user_unitdir}/gnome-session@citadel-installer.target.d
+    install -m 644 ${WORKDIR}/systemd/user/gnome-session@citadel-installer.target.d/session.conf ${D}${systemd_user_unitdir}/gnome-session@citadel-installer.target.d
+
+    install -m 644 ${WORKDIR}/systemd/citadel-launch-default-realm.path ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/systemd/citadel-launch-default-realm.service ${D}${systemd_system_unitdir}
 
     # skel files for new realms
     install -m 644 -T ${WORKDIR}/skel/profile ${D}${sysconfdir}/skel/.profile
     install -m 644 -T ${WORKDIR}/skel/bashrc ${D}${sysconfdir}/skel/.bashrc
     install -m 644 -T ${WORKDIR}/skel/vimrc ${D}${sysconfdir}/skel/.vimrc
+    install -m 644 -T ${WORKDIR}/skel/init.vim ${D}${sysconfdir}/skel/.config/nvim/init.vim
 
     install -m 0644 ${WORKDIR}/sysctl/90-citadel-sysctl.conf ${D}${libdir}/sysctl.d/
 
     install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/
     install -m 0755 ${WORKDIR}/citadel-ifconfig.sh ${D}${libexecdir}
-    install -m 0754 ${WORKDIR}/citadel-setpassword.sh ${D}${libexecdir}
 
     install -m 0644 ${WORKDIR}/udev/pci-pm.rules ${D}${sysconfdir}/udev/rules.d/
-    install -m 0644 ${WORKDIR}/udev/scsi-alpm.rules ${D}${sysconfdir}/udev/rules.d/
+    install -m 0644 ${WORKDIR}/udev/udisks2-hide.rules ${D}${sysconfdir}/udev/rules.d/
 
-    install -m 0644 ${WORKDIR}/iptables/iptables.rules ${D}${datadir}/iptables/
-    install -m 0644 ${WORKDIR}/iptables/empty-filter.rules ${D}${datadir}/iptables/
-    install -m 0644 ${WORKDIR}/iptables-flush.sh ${D}${datadir}/iptables/
+    install -m 0644 ${WORKDIR}/citadel-installer.session ${D}${datadir}/gnome-session/sessions/
+    install -m 0644 ${WORKDIR}/citadel-installer.json ${D}${datadir}/gnome-shell/modes/
+    install -m 0644 ${WORKDIR}/citadel-installer-ui.desktop ${D}${datadir}/applications/
+    install -m 0644 ${WORKDIR}/citadel-installer.desktop ${D}${datadir}/wayland-sessions/
+
+    install -m 0644 ${WORKDIR}/share/dot.bashrc ${D}${datadir}/factory/home/root/.bashrc
+    install -m 0644 ${WORKDIR}/share/dot.profile ${D}${datadir}/factory/home/root/.profile
+    install -m 0644 ${WORKDIR}/share/dot.vimrc ${D}${datadir}/factory/home/root/.vimrc
+
+    install -m 0644 ${WORKDIR}/share/dot.bashrc ${D}${datadir}/factory/home/citadel/.bashrc
+    install -m 0644 ${WORKDIR}/share/dot.profile ${D}${datadir}/factory/home/citadel/.profile
+    install -m 0644 ${WORKDIR}/share/dot.vimrc ${D}${datadir}/factory/home/citadel/.vimrc
+
+
+    # To avoid these warnings:
+    #
+    #     [pulseaudio] authkey.c: Failed to open cookie file '/home/citadel/.config/pulse/cookie': No such file or directory
+    #
+
+    install -m 0600 ${WORKDIR}/pulse/cookie ${D}${datadir}/factory/home/citadel/.config/pulse/cookie
 
-    install -m 0644 ${WORKDIR}/share/dot.bashrc ${D}${datadir}/factory/skel/.bashrc
-    install -m 0644 ${WORKDIR}/share/dot.profile ${D}${datadir}/factory/skel/.profile
-    install -m 0644 ${WORKDIR}/share/dot.vimrc ${D}${datadir}/factory/skel/.vimrc
 
     install -m 0644 ${WORKDIR}/polkit/citadel.rules ${D}${sysconfdir}/polkit-1/rules.d/
 
     install -m 0644 ${WORKDIR}/modprobe.d/audio_powersave.conf ${D}${sysconfdir}/modprobe.d/
 
+    install -m 0644 ${WORKDIR}/iwd/main.conf ${D}${sysconfdir}/iwd/
+
     install -d ${D}${datadir}/apt-cacher-ng/conf
     install -m 0644 ${WORKDIR}/apt-cacher-ng/acng.conf ${D}${datadir}/apt-cacher-ng/conf/
     install -m 0644 ${WORKDIR}/apt-cacher-ng/security.conf ${D}${datadir}/apt-cacher-ng/conf/
@@ -160,4 +188,4 @@ do_install() {
     install -d ${D}/opt/share
 }
 
-FILES_${PN} = "/"
+FILES:${PN} = "/"

meta-citadel/recipes-citadel/citadel-config/files/00-storage-tmpfiles.conf

@@ -1,19 +1,14 @@
-C /var/cache - - - -
-C /var/lib/AccountsService - - - -
-C /var/lib/NetworkManager - - - -
-C /var/lib/colord - - - -
-C /var/lib/dbus - - - -
-C /var/lib/dhcp - - - -
-C /var/lib/gdm - - - -
-C /var/lib/plymouth - - - -
-C /var/lib/upower - - - -
-C /var/log - - - -
-C /var/spool - - - -
-C /home - - - -
-C /home/citadel - - - -
-C /home/root - - - -
-d /storage/citadel-state/citadel-dconf 0755 citadel citadel
-d /home/citadel/.config 0755 citadel citadel
-L /home/citadel/.config/dconf - - - - /storage/citadel-state/citadel-dconf
-f /storage/citadel-state/resolv.conf 0644 root root
+C /var/lib/AccountsService
+C /var/lib/NetworkManager
+C /var/lib/plymouth
+C /var/lib/upower
+
+d /storage/citadel-state 0755 root root
+f /storage/citadel-state/resolv.conf 0644 root root
+C /storage/citadel-state/citadel-dconf
+Z /storage/citadel-state/citadel-dconf - citadel citadel
+
+C /home
+L /home/citadel/.config/dconf - - - - /storage/citadel-state/citadel-dconf
+Z /home/citadel - citadel citadel
 

meta-citadel/recipes-citadel/citadel-config/files/apt-cacher-ng/acng.conf

@@ -387,7 +387,7 @@ LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
 # This restriction can be disabled by specifying a list of allowed ports or 0
 # for any port.
 #
-# AllowUserPorts: 80
+AllowUserPorts: 80 443
 
 # Normally the HTTP redirection responses are forwarded to the original caller
 # (i.e. APT) which starts a new download attempt from the new URL. This

meta-citadel/recipes-citadel/citadel-config/files/citadel-installer-ui.desktop

@@ -0,0 +1,8 @@
+[Desktop Entry]
+Name=Citadel Installer
+Comment=This session logs you into the Citadel Installer 
+Exec=/usr/libexec/citadel-installer-ui
+TryExec=/usr/libexec/citadel-installer-ui
+Icon=
+Type=Application
+

meta-citadel/recipes-citadel/citadel-config/files/citadel-installer.desktop

@@ -0,0 +1,6 @@
+[Desktop Entry]
+Encoding=UTF-8
+Type=Application
+Name=Citadel Installer sessions
+Comment=Session for the Citadel Installer
+Exec=gnome-session --session=citadel-installer

meta-citadel/recipes-citadel/citadel-config/files/citadel-installer.json

@@ -0,0 +1,9 @@
+{
+    "hasWindows": true,
+    "components": ["networkAgent"],
+    "panel": { "left": [],
+               "center": [],
+               "right": ["a11yGreeter", "keyboard", "aggregateMenu"]
+    }
+}
+

meta-citadel/recipes-citadel/citadel-config/files/citadel-installer.session

@@ -0,0 +1,7 @@
+# /usr/share/gnome-session/sessions/citadel-installer.session
+[GNOME Session]
+Name=Citadel Installer
+RequiredComponents=citadel-installer-ui;org.gnome.Shell;org.gnome.SettingsDaemon.A11ySettings;org.gnome.SettingsDaemon.Color;org.gnome.SettingsDaemon.Datetime;org.gnome.SettingsDaemon.Housekeeping;org.gnome.SettingsDaemon.Keyboard;org.gnome.SettingsDaemon.MediaKeys;org.gnome.SettingsDaemon.Power;org.gnome.SettingsDaemon.PrintNotifications;org.gnome.SettingsDaemon.Rfkill;org.gnome.SettingsDaemon.ScreensaverProxy;org.gnome.SettingsDaemon.Smartcard;org.gnome.SettingsDaemon.Sound;org.gnome.SettingsDaemon.Wacom;org.gnome.SettingsDaemon.XSettings;
+
+
+

meta-citadel/recipes-citadel/citadel-config/files/citadel-setpassword.sh

@@ -1,36 +1,5 @@
 #!/bin/bash
 
-PF="/storage/citadel-state/passwd"
-if [ -e "${PF}" ]; then
-	exit 0
+if [ ! -f /storage/citadel-state/passwd ]; then
+    /usr/bin/echo -n "citadel:aadg8rGtZzOY6" > /storage/citadel-state/passwd
 fi
-
-success=
-for ((I = 0; I < 3; I++)); do
-	P1=
-	P2=
-	/usr/bin/plymouth display-message --text='Set new user password...'
-	/usr/bin/plymouth pause-progress
-	P1="$(/usr/bin/plymouth ask-for-password --prompt='Password')"
-	/usr/bin/plymouth unpause-progress
-	/usr/bin/plymouth pause-progress
-	P2="$(/usr/bin/plymouth ask-for-password --prompt='Confirm')"
-
-	if [ -n "${P1}" -a "${P1}" == "${P2}" ]; then
-		/usr/bin/plymouth unpause-progress
-		success=true
-		break;
-	fi
-	/usr/bin/plymouth display-message --text='Passwords do not match, try again...'
-	/usr/bin/plymouth unpause-progress
-	sleep 3
-done
-if [ -n "${success}" ]; then
-	crypt=$(echo -n "${P1}" | /usr/bin/mkpasswd -s -m sha-512)
-	echo "citadel:${crypt}" > ${PF}
-	chmod 444 "${PF}"
-	/usr/bin/plymouth display-message --text='Password set succesfully...'
-else
-	/usr/bin/plymouth display-message --text='Failed to set password...'
-fi
-exit 0;

meta-citadel/recipes-citadel/citadel-config/files/dconf/build.d/citadel.d/citadel-dconf.conf

@@ -0,0 +1,16 @@
+[org/gnome/desktop/interface]
+cursor-theme='Paper'
+
+[org/gnome/settings-daemon/plugins/xsettings]
+antialiasing='rgba'
+
+[org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9]
+scrollbar-policy='never'
+use-theme-colors=false
+bold-color-same-as-fg=true
+use-system-font=false
+font='DejaVu Sans Mono 13'
+
+[org/gnome/terminal/legacy]
+theme-variant='dark'
+default-show-menubar=false

meta-citadel/recipes-citadel/citadel-config/files/dconf/build.d/realms.d/initial-realm-dconf.conf

@@ -0,0 +1,16 @@
+[org/gnome/desktop/interface]
+cursor-theme='Paper'
+
+[org/gnome/settings-daemon/plugins/xsettings]
+antialiasing='rgba'
+
+[org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9]
+scrollbar-policy='never'
+use-theme-colors=false
+bold-color-same-as-fg=true
+use-system-font=false
+font='DejaVu Sans Mono 13'
+
+[org/gnome/terminal/legacy]
+theme-variant='dark'
+default-show-menubar=false

meta-citadel/recipes-citadel/citadel-config/files/gsettings/90_citadel.gschema.override

@@ -3,7 +3,8 @@ natural-scroll=true
 tap-to-click=true
 
 [org.gnome.desktop.background]
-picture-uri='file:///usr/share/backgrounds/gnome/Icescape.jpg'
+picture-uri='file:///usr/share/backgrounds/gnome/truchet-l.jpg'
+picture-uri-dark='file:///usr/share/backgrounds/gnome/truchet-d.jpg'
 
 [org.gnome.desktop.screensaver]
 picture-uri='file:////usr/share/gnome-control-center/pixmaps/noise-texture-light.png'
@@ -18,17 +19,21 @@ autorun-x-content-start-app=[]
 
 [org.gnome.desktop.lockdown]
 disable-user-switching=true
-
+disable-log-out=true
 
 [org.gnome.desktop.interface]
 cursor-theme='Paper'
 icon-theme='Paper'
 gtk-enable-primary-paste=false
 clock-format='12h'
+color-scheme='prefer-dark'
 
 [org.gnome.shell]
 enabled-extensions=['dash-to-panel@jderose9.github.com']
 
+[org.gnome.settings-daemon.plugins.media-keys]
+custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/']
+
 [org.gnome.settings-daemon.plugins.xsettings]
 antialiasing='rgba'
 
@@ -38,7 +43,6 @@ antialiasing='rgba'
 [org.gnome.settings-daemon.plugins.power]
 sleep-inactive-ac-timeout=0
 
-
 [org.gnome.desktop.input-sources]
 xkb-options=['ctrl:nocaps']
 

meta-citadel/recipes-citadel/citadel-config/files/gsettings/com.subgraph.RealmConfig.gschema.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schemalist>
+    <schema id="com.subgraph.citadel" path="/com/subgraph/citadel/">
+        <key name="label-color-list" type="as">
+            <default>[
+                'rgb(153,193,241)',
+                'rgb(143,240,164)',
+                'rgb(249,240,107)',
+                'rgb(255,190,111)',
+                'rgb(246,97,81)',
+                'rgb(220,138,221)',
+                'rgb(205,171,143)'
+                ]</default>
+            <summary />
+        </key>
+
+        <key name="realm-label-colors" type="as">
+            <default>['main:rgb(153,193,241)']</default>
+        </key>
+        <key name="realm-label-show-citadel" type="b">
+            <default>true</default>
+            <summary>Show label on Citadel windows</summary>
+        </key>
+        <key name="realm-label-show-all" type="b">
+            <default>false</default>
+            <summary>Show labels on all windows including windows belonging to current realm context</summary>
+        </key>
+        <key name="realm-label-show-app-icons" type="b">
+            <default>true</default>
+            <summary>Display labels above application icons in overview</summary>
+        </key>
+    </schema>
+</schemalist>

meta-citadel/recipes-citadel/citadel-config/files/iptables-flush.sh

@@ -1,19 +0,0 @@
-#!/bin/bash
-#
-# Usage: iptables-flush [6]
-#
-
-iptables=ip$1tables
-if ! type -p "$iptables" &>/dev/null; then
-  echo "error: invalid argument"
-  exit 1
-fi
-
-while read -r table; do
-  tables+=("/usr/share/iptables/empty-$table.rules")
-done <"/proc/net/ip$1_tables_names"
-
-if (( ${#tables[*]} )); then
-  cat "${tables[@]}" | "$iptables-restore"
-fi
-

meta-citadel/recipes-citadel/citadel-config/files/iptables/empty-filter.rules

@@ -1,6 +0,0 @@
-# Empty iptables rule file
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT

meta-citadel/recipes-citadel/citadel-config/files/iptables/iptables.rules

@@ -1,9 +0,0 @@
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -j DROP
--A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
--A FORWARD -j ACCEPT
--A OUTPUT -j DROP
-COMMIT

meta-citadel/recipes-citadel/citadel-config/files/skel/init.vim

@@ -0,0 +1,30 @@
+syntax on
+set hidden
+
+"
+" Settings
+"
+
+set noswapfile                  " Don't use swapfile
+set splitright                  " Split vertical windows right to the current windows
+set splitbelow                  " Split horizontal windows below to the current windows
+set encoding=utf-8              " Set default encoding to UTF-8
+set autowrite                   " Automatically save before :next, :make etc.
+set autoread                    " Automatically reread changed files without asking me anything
+
+set lazyredraw                  " Wait to redraw 
+set ignorecase                  " Search case insensitive...
+set smartcase                   " ... but not when search pattern contains upper case characters
+set ttyfast
+
+set termguicolors
+
+let &t_8f = "\<Esc>[38;2;%lu;%lu;%lum"
+let &t_8b = "\<Esc>[48;2;%lu;%lu;%lum"
+
+set rtp+=/opt/share/vim
+
+if filereadable(expand("~/.base16vim"))
+  let base16colorspace=256
+  source ~/.base16vim
+endif

meta-citadel/recipes-citadel/citadel-config/files/systemd/citadel-installer-backend.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Citadel Installer Backend
+
+ConditionKernelCommandLine=citadel.install
+
+[Service]
+
+ExecStart=/usr/libexec/citadel-install-backend
+
+[Install]
+WantedBy=graphical.target
+

meta-citadel/recipes-citadel/citadel-config/files/systemd/citadel-launch-default-realm.path

@@ -0,0 +1,11 @@
+[Unit]
+Description=Wait for creation of PA and Wayland sockets before launching first realm.
+Wants=run-user-1000.mount
+After=run-user-1000.mount
+
+[Path]
+PathChanged=/run/user/1000/pulse/native
+PathChanged=/run/user/1000/wayland-0
+
+[Install]
+WantedBy=graphical.target

meta-citadel/recipes-citadel/citadel-config/files/systemd/citadel-launch-default-realm.service

@@ -1,10 +1,14 @@
 [Unit]
 Description=Launch default realm
+
 ConditionPathExists=!/run/realms
 ConditionPathExists=/realms/default.realm
+ConditionPathExists=/run/user/1000/pulse/native
+ConditionPathExists=/run/user/1000/wayland-0
 
 
 [Service]
 ExecStart=/usr/libexec/citadel-boot start-realms
 Type=oneshot
 RemainAfterExit=yes
+

meta-citadel/recipes-citadel/citadel-config/files/systemd/citadel-setpassword.service

@@ -2,7 +2,9 @@
 Description=Citadel Set Password
 After=storage.mount
 Requires=storage.mount
-Before=gdm.service
+After=gdm.service
+ConditionPathExists=!/storage/citadel-state/passwd
+ConditionKernelCommandLine=citadel.install
 
 [Service]
 Type=oneshot

meta-citadel/recipes-citadel/citadel-config/files/systemd/installer-session-switcher.service

@@ -1,16 +1,15 @@
 [Unit]
-Description=Sway Session Switcher
+Description=Citadel Installer Session Switcher
 After=accounts-daemon.service
 Wants=accounts-daemon.service
 
-ConditionKernelCommandLine=|citadel.sway
+ConditionKernelCommandLine=citadel.install
 
 [Service]
 Type=oneshot
 RemainAfterExit=no
 
-ExecStartPre=-/usr/bin/plymouth message --text="Setting session to sway"
-ExecStart=/usr/bin/busctl call org.freedesktop.Accounts /org/freedesktop/Accounts/User1000 org.freedesktop.Accounts.User SetXSession s "sway"
+ExecStart=/usr/bin/busctl call org.freedesktop.Accounts /org/freedesktop/Accounts/User1000 org.freedesktop.Accounts.User SetXSession s "citadel-installer"
 
 [Install]
 WantedBy=graphical.target

meta-citadel/recipes-citadel/citadel-config/files/systemd/iptables.service

@@ -1,15 +0,0 @@
-[Unit]
-Description=IPv4 Packet Filtering Framework
-Before=network-pre.target
-Wants=network-pre.target
-
-[Service]
-Type=oneshot
-ExecStart=/sbin/iptables-restore /usr/share/iptables/iptables.rules
-ExecReload=/sbin/iptables-restore /usr/share/iptables/iptables.rules
-ExecStop=/bin/bash /usr/share/iptables/iptables-flush.sh
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
-

meta-citadel/recipes-citadel/citadel-config/files/systemd/launch-default-realm.path

@@ -1,5 +0,0 @@
-[Unit]
-Description=Wait for creation of /run/user/1000/pulse/native
-
-[Path]
-PathExists=/run/user/1000/pulse/native

meta-citadel/recipes-citadel/citadel-config/files/systemd/user/gnome-session@citadel-installer.target.d/session.conf

@@ -0,0 +1,20 @@
+[Unit]
+
+# Must be in sync with citadel-installer.session
+
+Wants=org.gnome.SettingsDaemon.A11ySettings.target
+Wants=org.gnome.SettingsDaemon.Color.target
+Wants=org.gnome.SettingsDaemon.Datetime.target
+Wants=org.gnome.SettingsDaemon.Housekeeping.target
+Wants=org.gnome.SettingsDaemon.Keyboard.target
+Wants=org.gnome.SettingsDaemon.MediaKeys.target
+Wants=org.gnome.SettingsDaemon.Power.target
+Wants=org.gnome.SettingsDaemon.PrintNotifications.target
+Wants=org.gnome.SettingsDaemon.Rfkill.target
+Wants=org.gnome.SettingsDaemon.ScreensaverProxy.target
+Wants=org.gnome.SettingsDaemon.Smartcard.target
+Wants=org.gnome.SettingsDaemon.Sound.target
+Wants=org.gnome.SettingsDaemon.Wacom.target
+Wants=org.gnome.SettingsDaemon.XSettings.target
+
+Requires=org.gnome.Shell.target