Overriding individual files

Hi, I’d love to try out Silverblue on my Surface Go but the linux-firmware package ships with a broken firmware for the wifi-card. There’s no fix upstream yet but it’s possible to manually replace a couple of files installed by linux-firmware to get the wifi card working, described in the following reddit post (I’m currently doing this on regular Fedora Workstation).

Since /usr is handled by ostree, I tried creating an RPM that replaces the file that I could overlay with rpm-ostree but RPM’s don’t let you override other packages’ files like this.

Is it possible to create your own ostree layer that just replaces the files until there’s an upstream fix or might there be another way to solve this?

Generally for replacing base system files you would use the rpm-ostree override replace command. If it comes in an RPM, rpm-ostree install can be used as you would dnf install to layer rpm packages onto the base OStree. After layering it is essential to do a systemctl reboot before doing any more work on the ostree. Also it is a good habit to get into using rpm-ostree cleanup -m before trying to modify the ostree. So for clarity, layering won’t solve what you’re trying to fix since the package is already part of the ostree commit. You will have to use rpm-override replace for your purpose.

In addition, maybe a post-install script could do this? Off the top of my head, I think they’re run on the final composed deployment.

The small RPM that I created doesn’t contain all the firmware in linux-firmware so I’m hesitant to run
rpm-ostree replace. The man page says Replace a package in the base tree.. Does it remove the entire linux-fimware package or just the conflicting files?

Since fedpkg won’t let me build an RPM with an empty %files field, I’ll try making one that manages a dummy file and replaces the actual files in %post like refi64 suggested. Another way would maybe be to build a patched linux-firmware and run the rpm-ostree override replace

It worked fine to replace files in the %post section of the .spec file for the RPM package. I’m now a happy user of Silverblue! I think it would be nice to be able to create an ostree layer with arbitrary files since this workaround is a little bit ugly.

Hello @zappka
Would you mind sharing the rpm you created ? I’m in the same boat, trying to setup silverblue on my surface go.

Sure! It might not be pretty since I just stitched it together but it works for me.

Here’s the RPM: https://standersson.se/index.php/s/5mdbLZEbJPzteso

And here’s the spec and board.bin files that I created the RPM from:
https://github.com/MrSAndersson/NiceThings/tree/master/Packaging/stefan-surface-wifi

Hope it’s of some use!

Sure! It might not be pretty since I just stitched it together but it works for me.

Works for me as well. Thanks

If you don’t mind me asking, do you have any feedback on the surface go + silverblue combo ?
I’m trying to figure out how to install the jakeday kernel but without much luck.

Well, I really like the Surface Go. Specifically about the combo of Silverblue and the Surface I’d say that at times the touchpad doesn’t register when first starting up or resuming from suspension but I’m not sure if that’s only on Silverblue. The Wifi needs fixing and none of the cameras have drivers. I keep a dual boot of Windows around since there’s an easy way of updating the BIOS in it.

Since it’s a very mobile device with a relatively small battery, I’ve overridden the default suspend behavior with suspend-then-hibernate:

ln -s /usr/lib/systemd/system/systemd-suspend-then-hibernate.service /etc/systemd/system/systemd-suspend.service

And set a pretty low value for HibernateDelaySec in /etc/systemd/sleep.conf

Specifically on Silverblue I didn’t get automatically unlocking of LUKS with keys stored in TPM. There’s a nice description of it here: https://techrevelations.de/2019/02/04/tpm-encryption-in-fedora-linux/

My generated initramfs didn’t pull in ‘nc’ for some reason but I didn’t dig deeper than that.

I haven’t used any non-default kernels though. It feels like it should be possible but I shouldn’t speculate on how since I’m probably wrong :stuck_out_tongue:

Specifically on Silverblue I didn’t get automatically unlocking of LUKS with keys stored in TPM

Work on mine. I had to regenerate the initramfs with rpm-ostree initramfs --enable. The password prompt is still displayed by plymouth but after a short bit it unlock automatically.

Since it’s a very mobile device with a relatively small battery, I’ve overridden the default suspend behavior with suspend-then-hibernate

Interesting, but that would require me to disable secure-boot. That’s probably a bad idea if I use the TPM for unlocking.

Oh, nice! I tried it on the surface and my work laptop during the spring but always got something like “command nc not found” from clevis-dracut. Maybe something got fixed since then.

Yes, that’s probably a pretty bad idea