From 996b6b40a756bfa71d05976ce1c9bac1682aa7bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Igor=20Pe=C4=8Dovnik?=
 <igorpecovnik@users.noreply.github.com>
Date: Fri, 11 Nov 2022 12:19:20 +0100
Subject: [PATCH] Move all PPAs to desktop to enhance security of CLI images
 (#4414)

* Move PPAs to desktop

* Remove script that is in by mistake

* Fix
---
 .../bullseye/debootstrap/config_desktop/packages    |   1 +
 .../config_desktop}/sources/apt/nala.gpg            | Bin
 .../config_desktop}/sources/apt/nala.source         |   0
 config/cli/bullseye/main/packages                   |   1 -
 .../sources/apt/chromium-browser.gpg                | Bin
 .../sources/apt/chromium-browser.source             |   0
 .../sources/apt/mozilla-team.gpg                    | Bin
 .../sources/apt/mozilla-team.source                 |   0
 config/cli/focal/main/sources/apt/zfs.source        |   1 -
 config/cli/jammy/main/config_desktop/packages       |   1 +
 .../sources/apt/chromium-browser.gpg                | Bin
 .../sources/apt/chromium-browser.source             |   0
 .../sources/apt/mozilla-team.gpg                    | Bin
 .../sources/apt/mozilla-team.source                 |   0
 .../main/{ => config_desktop}/sources/apt/nala.gpg  | Bin
 .../{ => config_desktop}/sources/apt/nala.source    |   0
 .../kinetic/main/sources/apt/chromium-browser.gpg   |   1 -
 .../main/sources/apt/chromium-browser.source        |   1 -
 .../cli/kinetic/main/sources/apt/mozilla-team.gpg   |   1 -
 .../kinetic/main/sources/apt/mozilla-team.source    |   1 -
 config/cli/kinetic/main/sources/apt/nala.gpg        |   1 -
 config/cli/kinetic/main/sources/apt/nala.source     |   1 -
 .../programming}/sources/apt/githubcli.gpg          | Bin
 .../programming}/sources/apt/githubcli.source       |   0
 .../_config/cli/_all_distributions/main/packages    |   1 -
 .../desktop/_all_distributions/main/packages        |   1 +
 .../_all_distributions/main/sources/apt/box64.gpg   | Bin
 .../main/sources/apt/box64.source                   |   0
 .../_config/cli/_all_distributions/main/packages    |   1 -
 .../desktop/_all_distributions/main/packages        |   1 +
 .../_all_distributions/main/sources/apt/box86.gpg   | Bin
 .../main/sources/apt/box86.source                   |   0
 32 files changed, 4 insertions(+), 10 deletions(-)
 rename config/cli/bullseye/{main => debootstrap/config_desktop}/sources/apt/nala.gpg (100%)
 rename config/cli/bullseye/{main => debootstrap/config_desktop}/sources/apt/nala.source (100%)
 rename config/cli/focal/main/{ => config_desktop}/sources/apt/chromium-browser.gpg (100%)
 rename config/cli/focal/main/{ => config_desktop}/sources/apt/chromium-browser.source (100%)
 rename config/cli/focal/main/{ => config_desktop}/sources/apt/mozilla-team.gpg (100%)
 rename config/cli/focal/main/{ => config_desktop}/sources/apt/mozilla-team.source (100%)
 rename config/cli/jammy/main/{ => config_desktop}/sources/apt/chromium-browser.gpg (100%)
 rename config/cli/jammy/main/{ => config_desktop}/sources/apt/chromium-browser.source (100%)
 rename config/cli/jammy/main/{ => config_desktop}/sources/apt/mozilla-team.gpg (100%)
 rename config/cli/jammy/main/{ => config_desktop}/sources/apt/mozilla-team.source (100%)
 rename config/cli/jammy/main/{ => config_desktop}/sources/apt/nala.gpg (100%)
 rename config/cli/jammy/main/{ => config_desktop}/sources/apt/nala.source (100%)
 delete mode 120000 config/cli/kinetic/main/sources/apt/chromium-browser.gpg
 delete mode 120000 config/cli/kinetic/main/sources/apt/chromium-browser.source
 delete mode 120000 config/cli/kinetic/main/sources/apt/mozilla-team.gpg
 delete mode 100644 config/cli/kinetic/main/sources/apt/mozilla-team.source
 delete mode 120000 config/cli/kinetic/main/sources/apt/nala.gpg
 delete mode 120000 config/cli/kinetic/main/sources/apt/nala.source
 rename config/desktop/_all_distributions/{environments/_all_environments => appgroups/programming}/sources/apt/githubcli.gpg (100%)
 rename config/desktop/_all_distributions/{environments/_all_environments => appgroups/programming}/sources/apt/githubcli.source (100%)
 create mode 100644 config/optional/architectures/arm64/_config/desktop/_all_distributions/main/packages
 rename config/optional/architectures/arm64/_config/{cli => desktop}/_all_distributions/main/sources/apt/box64.gpg (100%)
 rename config/optional/architectures/arm64/_config/{cli => desktop}/_all_distributions/main/sources/apt/box64.source (100%)
 create mode 100644 config/optional/architectures/armhf/_config/desktop/_all_distributions/main/packages
 rename config/optional/architectures/armhf/_config/{cli => desktop}/_all_distributions/main/sources/apt/box86.gpg (100%)
 rename config/optional/architectures/armhf/_config/{cli => desktop}/_all_distributions/main/sources/apt/box86.source (100%)

diff --git a/config/cli/bullseye/debootstrap/config_desktop/packages b/config/cli/bullseye/debootstrap/config_desktop/packages
index 20dfb58611..cf9a81b363 100644
--- a/config/cli/bullseye/debootstrap/config_desktop/packages
+++ b/config/cli/bullseye/debootstrap/config_desktop/packages
@@ -1,3 +1,4 @@
 dconf-cli
 libglib2.0-dev
 libgtk2.0-bin
+nala
diff --git a/config/cli/bullseye/main/sources/apt/nala.gpg b/config/cli/bullseye/debootstrap/config_desktop/sources/apt/nala.gpg
similarity index 100%
rename from config/cli/bullseye/main/sources/apt/nala.gpg
rename to config/cli/bullseye/debootstrap/config_desktop/sources/apt/nala.gpg
diff --git a/config/cli/bullseye/main/sources/apt/nala.source b/config/cli/bullseye/debootstrap/config_desktop/sources/apt/nala.source
similarity index 100%
rename from config/cli/bullseye/main/sources/apt/nala.source
rename to config/cli/bullseye/debootstrap/config_desktop/sources/apt/nala.source
diff --git a/config/cli/bullseye/main/packages b/config/cli/bullseye/main/packages
index 608021e363..c03d917d15 100644
--- a/config/cli/bullseye/main/packages
+++ b/config/cli/bullseye/main/packages
@@ -6,7 +6,6 @@ dialog
 fake-hwclock
 figlet
 fping
-nala
 ncurses-term
 openssh-server
 parted
diff --git a/config/cli/focal/main/sources/apt/chromium-browser.gpg b/config/cli/focal/main/config_desktop/sources/apt/chromium-browser.gpg
similarity index 100%
rename from config/cli/focal/main/sources/apt/chromium-browser.gpg
rename to config/cli/focal/main/config_desktop/sources/apt/chromium-browser.gpg
diff --git a/config/cli/focal/main/sources/apt/chromium-browser.source b/config/cli/focal/main/config_desktop/sources/apt/chromium-browser.source
similarity index 100%
rename from config/cli/focal/main/sources/apt/chromium-browser.source
rename to config/cli/focal/main/config_desktop/sources/apt/chromium-browser.source
diff --git a/config/cli/focal/main/sources/apt/mozilla-team.gpg b/config/cli/focal/main/config_desktop/sources/apt/mozilla-team.gpg
similarity index 100%
rename from config/cli/focal/main/sources/apt/mozilla-team.gpg
rename to config/cli/focal/main/config_desktop/sources/apt/mozilla-team.gpg
diff --git a/config/cli/focal/main/sources/apt/mozilla-team.source b/config/cli/focal/main/config_desktop/sources/apt/mozilla-team.source
similarity index 100%
rename from config/cli/focal/main/sources/apt/mozilla-team.source
rename to config/cli/focal/main/config_desktop/sources/apt/mozilla-team.source
diff --git a/config/cli/focal/main/sources/apt/zfs.source b/config/cli/focal/main/sources/apt/zfs.source
index d01a235460..31f52a9130 100644
--- a/config/cli/focal/main/sources/apt/zfs.source
+++ b/config/cli/focal/main/sources/apt/zfs.source
@@ -1,2 +1 @@
 deb [signed-by=/usr/share/keyrings/zfs.gpg] https://ppa.launchpadcontent.net/jonathonf/zfs/ubuntu/ focal main
-# deb-src https://ppa.launchpadcontent.net/jonathonf/zfs/ubuntu/ focal main
diff --git a/config/cli/jammy/main/config_desktop/packages b/config/cli/jammy/main/config_desktop/packages
index b3aced6c64..00339f27df 100644
--- a/config/cli/jammy/main/config_desktop/packages
+++ b/config/cli/jammy/main/config_desktop/packages
@@ -18,6 +18,7 @@ libnl-genl-3-dev
 libssl-dev
 libwrap0-dev
 linux-base
+nala
 sudo
 unattended-upgrades
 unicode-data
diff --git a/config/cli/jammy/main/sources/apt/chromium-browser.gpg b/config/cli/jammy/main/config_desktop/sources/apt/chromium-browser.gpg
similarity index 100%
rename from config/cli/jammy/main/sources/apt/chromium-browser.gpg
rename to config/cli/jammy/main/config_desktop/sources/apt/chromium-browser.gpg
diff --git a/config/cli/jammy/main/sources/apt/chromium-browser.source b/config/cli/jammy/main/config_desktop/sources/apt/chromium-browser.source
similarity index 100%
rename from config/cli/jammy/main/sources/apt/chromium-browser.source
rename to config/cli/jammy/main/config_desktop/sources/apt/chromium-browser.source
diff --git a/config/cli/jammy/main/sources/apt/mozilla-team.gpg b/config/cli/jammy/main/config_desktop/sources/apt/mozilla-team.gpg
similarity index 100%
rename from config/cli/jammy/main/sources/apt/mozilla-team.gpg
rename to config/cli/jammy/main/config_desktop/sources/apt/mozilla-team.gpg
diff --git a/config/cli/jammy/main/sources/apt/mozilla-team.source b/config/cli/jammy/main/config_desktop/sources/apt/mozilla-team.source
similarity index 100%
rename from config/cli/jammy/main/sources/apt/mozilla-team.source
rename to config/cli/jammy/main/config_desktop/sources/apt/mozilla-team.source
diff --git a/config/cli/jammy/main/sources/apt/nala.gpg b/config/cli/jammy/main/config_desktop/sources/apt/nala.gpg
similarity index 100%
rename from config/cli/jammy/main/sources/apt/nala.gpg
rename to config/cli/jammy/main/config_desktop/sources/apt/nala.gpg
diff --git a/config/cli/jammy/main/sources/apt/nala.source b/config/cli/jammy/main/config_desktop/sources/apt/nala.source
similarity index 100%
rename from config/cli/jammy/main/sources/apt/nala.source
rename to config/cli/jammy/main/config_desktop/sources/apt/nala.source
diff --git a/config/cli/kinetic/main/sources/apt/chromium-browser.gpg b/config/cli/kinetic/main/sources/apt/chromium-browser.gpg
deleted file mode 120000
index 52abbbad5f..0000000000
--- a/config/cli/kinetic/main/sources/apt/chromium-browser.gpg
+++ /dev/null
@@ -1 +0,0 @@
-../../../../jammy/main/sources/apt/chromium-browser.gpg
\ No newline at end of file
diff --git a/config/cli/kinetic/main/sources/apt/chromium-browser.source b/config/cli/kinetic/main/sources/apt/chromium-browser.source
deleted file mode 120000
index 42854cbc98..0000000000
--- a/config/cli/kinetic/main/sources/apt/chromium-browser.source
+++ /dev/null
@@ -1 +0,0 @@
-../../../../jammy/main/sources/apt/chromium-browser.source
\ No newline at end of file
diff --git a/config/cli/kinetic/main/sources/apt/mozilla-team.gpg b/config/cli/kinetic/main/sources/apt/mozilla-team.gpg
deleted file mode 120000
index ef5e9507d9..0000000000
--- a/config/cli/kinetic/main/sources/apt/mozilla-team.gpg
+++ /dev/null
@@ -1 +0,0 @@
-../../../../jammy/main/sources/apt/mozilla-team.gpg
\ No newline at end of file
diff --git a/config/cli/kinetic/main/sources/apt/mozilla-team.source b/config/cli/kinetic/main/sources/apt/mozilla-team.source
deleted file mode 100644
index d3f7355ca1..0000000000
--- a/config/cli/kinetic/main/sources/apt/mozilla-team.source
+++ /dev/null
@@ -1 +0,0 @@
-deb [signed-by=/usr/share/keyrings/mozilla-team.gpg] http://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/ kinetic main
diff --git a/config/cli/kinetic/main/sources/apt/nala.gpg b/config/cli/kinetic/main/sources/apt/nala.gpg
deleted file mode 120000
index 6274a9365b..0000000000
--- a/config/cli/kinetic/main/sources/apt/nala.gpg
+++ /dev/null
@@ -1 +0,0 @@
-../../../../jammy/main/sources/apt/nala.gpg
\ No newline at end of file
diff --git a/config/cli/kinetic/main/sources/apt/nala.source b/config/cli/kinetic/main/sources/apt/nala.source
deleted file mode 120000
index b191dc3f16..0000000000
--- a/config/cli/kinetic/main/sources/apt/nala.source
+++ /dev/null
@@ -1 +0,0 @@
-../../../../jammy/main/sources/apt/nala.source
\ No newline at end of file
diff --git a/config/desktop/_all_distributions/environments/_all_environments/sources/apt/githubcli.gpg b/config/desktop/_all_distributions/appgroups/programming/sources/apt/githubcli.gpg
similarity index 100%
rename from config/desktop/_all_distributions/environments/_all_environments/sources/apt/githubcli.gpg
rename to config/desktop/_all_distributions/appgroups/programming/sources/apt/githubcli.gpg
diff --git a/config/desktop/_all_distributions/environments/_all_environments/sources/apt/githubcli.source b/config/desktop/_all_distributions/appgroups/programming/sources/apt/githubcli.source
similarity index 100%
rename from config/desktop/_all_distributions/environments/_all_environments/sources/apt/githubcli.source
rename to config/desktop/_all_distributions/appgroups/programming/sources/apt/githubcli.source
diff --git a/config/optional/architectures/arm64/_config/cli/_all_distributions/main/packages b/config/optional/architectures/arm64/_config/cli/_all_distributions/main/packages
index f4b90b6727..d4a25a8941 100644
--- a/config/optional/architectures/arm64/_config/cli/_all_distributions/main/packages
+++ b/config/optional/architectures/arm64/_config/cli/_all_distributions/main/packages
@@ -1,4 +1,3 @@
-box64
 gpiod
 cpufrequtils
 nocache
diff --git a/config/optional/architectures/arm64/_config/desktop/_all_distributions/main/packages b/config/optional/architectures/arm64/_config/desktop/_all_distributions/main/packages
new file mode 100644
index 0000000000..d248784d68
--- /dev/null
+++ b/config/optional/architectures/arm64/_config/desktop/_all_distributions/main/packages
@@ -0,0 +1 @@
+box64
diff --git a/config/optional/architectures/arm64/_config/cli/_all_distributions/main/sources/apt/box64.gpg b/config/optional/architectures/arm64/_config/desktop/_all_distributions/main/sources/apt/box64.gpg
similarity index 100%
rename from config/optional/architectures/arm64/_config/cli/_all_distributions/main/sources/apt/box64.gpg
rename to config/optional/architectures/arm64/_config/desktop/_all_distributions/main/sources/apt/box64.gpg
diff --git a/config/optional/architectures/arm64/_config/cli/_all_distributions/main/sources/apt/box64.source b/config/optional/architectures/arm64/_config/desktop/_all_distributions/main/sources/apt/box64.source
similarity index 100%
rename from config/optional/architectures/arm64/_config/cli/_all_distributions/main/sources/apt/box64.source
rename to config/optional/architectures/arm64/_config/desktop/_all_distributions/main/sources/apt/box64.source
diff --git a/config/optional/architectures/armhf/_config/cli/_all_distributions/main/packages b/config/optional/architectures/armhf/_config/cli/_all_distributions/main/packages
index 919d5e17e9..d4a25a8941 100644
--- a/config/optional/architectures/armhf/_config/cli/_all_distributions/main/packages
+++ b/config/optional/architectures/armhf/_config/cli/_all_distributions/main/packages
@@ -1,4 +1,3 @@
-box86
 gpiod
 cpufrequtils
 nocache
diff --git a/config/optional/architectures/armhf/_config/desktop/_all_distributions/main/packages b/config/optional/architectures/armhf/_config/desktop/_all_distributions/main/packages
new file mode 100644
index 0000000000..66947a018c
--- /dev/null
+++ b/config/optional/architectures/armhf/_config/desktop/_all_distributions/main/packages
@@ -0,0 +1 @@
+box86
diff --git a/config/optional/architectures/armhf/_config/cli/_all_distributions/main/sources/apt/box86.gpg b/config/optional/architectures/armhf/_config/desktop/_all_distributions/main/sources/apt/box86.gpg
similarity index 100%
rename from config/optional/architectures/armhf/_config/cli/_all_distributions/main/sources/apt/box86.gpg
rename to config/optional/architectures/armhf/_config/desktop/_all_distributions/main/sources/apt/box86.gpg
diff --git a/config/optional/architectures/armhf/_config/cli/_all_distributions/main/sources/apt/box86.source b/config/optional/architectures/armhf/_config/desktop/_all_distributions/main/sources/apt/box86.source
similarity index 100%
rename from config/optional/architectures/armhf/_config/cli/_all_distributions/main/sources/apt/box86.source
rename to config/optional/architectures/armhf/_config/desktop/_all_distributions/main/sources/apt/box86.source