This document provides an introduction to the ublue-os/packages repository, which serves as the central RPM package management system for Universal Blue projects. The repository maintains RPM specifications, orchestrates automated builds through containerized infrastructure, and distributes packages via COPR repositories to various Universal Blue distributions including Bluefin, Aurora, and Bazzite.
This overview covers the high-level architecture, repository organization, and package lifecycle. For details on specific subsystems, see:
Sources: README.md1-90
The ublue-os/packages repository fulfills three primary functions:
.spec files and patches for RPM packages specific to Universal Blue distributionsublue-builder) with mock-wrapper orchestrationThe repository produces packages that are consumed by rpm-ostree-based Universal Blue images, extending the base Fedora/CentOS ecosystem with Universal Blue-specific functionality and hardware support.
Sources: README.md1-8
Sources: README.md1-90 Diagram 1 from high-level architecture
The repository is organized into four primary directories:
| Directory | Purpose | Examples |
|---|---|---|
akmods/ | Kernel module packages with automatic kmod building | xone-kmod, scx-scheds |
packages/ | Universal Blue-specific packages | ublue-os-just, ublue-bling, ublue-brew |
staging/ | Temporary patches for upstream packages | gnome-shell, mutter, bazaar, flatpak |
ublue-builder/ | Build container definition and tooling | Containerfile, entrypoint.sh |
Additional top-level directories include distribution-specific packages (bazzite/, bluefin/, ucore/) and configuration files for automation (.github/, Justfile).
Sources: README.md1-90 .github/CODEOWNERS1-18
The package lifecycle follows this workflow:
safe-to-run label from maintainers to prevent malicious code execution README.md77-82ublue-builder container which uses mock-wrapper to orchestrate buildsrpmlint and spec format checks ensure package qualitySources: README.md27-86 Diagram 4 from high-level architecture
| Component | Location | Function |
|---|---|---|
| ublue-builder | ublue-builder/ | Container image with mock, rpkg, rpmlint, spectool |
| mock-wrapper | ublue-builder/entrypoint.sh | Orchestrates spec processing, source fetching, and mock builds |
| Justfile | Justfile | Developer CLI with just build, just overlay commands |
| GitHub Actions | .github/workflows/build-package.yml .github/workflows/builder.yml | CI/CD pipeline for automated builds and container image creation |
For detailed documentation on build system components, see Build System and CI/CD.
| Component | Location | Function |
|---|---|---|
| Renovate | .github/renovate.json5 | Automated dependency updates with custom regex managers for spec files |
| safe-to-run label | GitHub PR labels | Security gate preventing untrusted code execution README.md79-82 |
| rpmlint | Run via mock-wrapper | Package quality validation enforcing Fedora guidelines README.md32 |
Renovate uses custom macros to parse version strings from spec files and creates automated PRs when upstream versions change. See Dependency Management with Renovate for details.
The repository feeds multiple COPR repositories, each with distinct purposes:
Once packages are manually added to a COPR (a one-time operation), COPR automatically rebuilds them when the GitHub repository is updated. See COPR Distribution Strategy for details.
Sources: README.md7-8 README.md36-37
Packages are categorized by functionality:
ublue-os-just, ublue-bling, ublue-brew) - see User Tools and CLI EnhancementsSources: .github/CODEOWNERS1-18 Diagram 3 from high-level architecture
Developers can build packages locally using the just build command, which launches the same ublue-builder container used in CI:
The just build command mounts the mock/ directory locally, allowing inspection of build logs, chroots, and resulting RPMs/SRPMs README.md10-25
For detailed local development documentation, see Local Development with Just.
When updating packages, the appropriate field must be incremented:
| Scenario | Field to Bump | Tool | Example |
|---|---|---|---|
| Upstream version update | Version: | Manual edit | Version: 1.2.3 → Version: 1.2.4 |
| Packaging changes only | Release: | rpmdev-bumpspec | Release: 1%{?dist} → Release: 2%{?dist} |
| Version bump | Release: | Reset | Release: 5%{?dist} → Release: 1%{?dist} |
The rpmdev-bumpspec command automatically updates the Release field and adds a changelog entry README.md41-75
Sources: README.md13-25 README.md41-75
All pull requests undergo a security review before CI execution:
safe-to-run label to approve PRThis prevents malicious code execution in the CI environment while allowing automated dependency updates from trusted sources like Renovate.
All packages must meet these criteria:
rpmlint validation (except rpkg-based packages)For contribution workflow details, see Contributing and Package Lifecycle.
Sources: README.md27-44 README.md77-82
The repository supports both x86_64 (amd64) and aarch64 (arm64) architectures:
GitHub Actions builds packages on native runners for each architecture, producing architecture-specific RPMs. The ublue-builder container image itself is built as a multi-platform manifest supporting both architectures.
For details on multi-architecture builds, see Multi-Architecture Build Support.
Sources: README.md23-24 Diagram 2 from high-level architecture
Developers can create an identical testing environment to CI:
This ensures packages build correctly before submitting PRs README.md84-85
The repository includes automated validation:
.github/renovate.json5 syntax and regex managersFor automation pipeline details, see GitHub Actions CI/CD Pipeline.
Sources: README.md84-86 Diagram 4 from high-level architecture
The packages repository serves as the foundation for multiple Universal Blue distributions:
| Distribution | Primary COPRs Used | Notable Packages |
|---|---|---|
| Bluefin | ublue-os/main | ublue-os-just, ublue-bling, bazaar, gnome-shell |
| Aurora | ublue-os/main, ublue-os/staging | Same as Bluefin + staging packages |
| Bazzite | ublue-os/main, ublue-os/akmods | Gaming packages + xone-kmod, scx-scheds |
| uCore | ublue-os/main | Server-focused packages |
Each distribution selects which COPR repositories to enable, allowing staging of experimental features in Aurora before promotion to Bluefin's stable channel.
Sources: README.md5-8 .github/CODEOWNERS1-18 Diagram 1 from high-level architecture
The repository is licensed under Apache License 2.0, allowing free use, modification, and distribution with proper attribution.
Sources: LICENSE1-202 cosign.pub1-5
Refresh this wiki
This wiki was recently refreshed. Please wait 5 days to refresh again.