fedora: Default to the minimal authselect profile if authselect is installed

diff --git a/mkosi/distributions/fedora.py b/mkosi/distributions/fedora.py
index bd0452b3bbcb7b63560a5621ddc50ab6d362510e..06bcd8a9320339a8a1c244571e1be66a504b5e1c 100644 (file)
--- a/mkosi/distributions/fedora.py
+++ b/mkosi/distributions/fedora.py
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1+
 
 import shutil
+import subprocess
 import urllib.parse
 import urllib.request
 from collections.abc import Iterable, Mapping, Sequence
@@ -18,7 +19,7 @@ from mkosi.backend import (
 from mkosi.distributions import DistributionInstaller
 from mkosi.log import MkosiPrinter, complete_step, warn
 from mkosi.remove import unlink_try_hard
-from mkosi.run import run_with_apivfs
+from mkosi.run import run_with_apivfs, run_workspace_command
 
 FEDORA_KEYS_MAP = {
     "36": "53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4",
@@ -110,6 +111,16 @@ def install_fedora(state: MkosiState) -> None:
 
     invoke_dnf(state, "install", packages)
 
+    # Fedora defaults to sssd authselect profile, let's override it with the minimal profile if it exists and
+    # extend it with the with-homed feature if we can find it.
+    if state.root.joinpath("usr/share/authselect/default/minimal").exists():
+        run_workspace_command(state, ["authselect", "select", "minimal"])
+
+        features = run_workspace_command(state, ["authselect", "list-features", "minimal"],
+                                         stdout=subprocess.PIPE).stdout.split()
+        if "with-homed" in features:
+            run_workspace_command(state, ["authselect", "enable-feature", "with-homed"])
+
 
 def url_exists(url: str) -> bool:
     req = urllib.request.Request(url, method="HEAD")