diff options
| author | Marius Bakke <marius@gnu.org> | 2020-05-26 22:30:51 +0200 |
|---|---|---|
| committer | Marius Bakke <marius@gnu.org> | 2020-05-26 22:30:51 +0200 |
| commit | 9edb3f66fd807b096b48283debdcddccfea34bad (patch) | |
| tree | cfd86f44ad51df4341a0d48cf4978117e11d7f59 /gnu/build | |
| parent | e5f95fd897ad32c93bb48ceae30021976a917979 (diff) | |
| parent | b6d18fbdf6ab4a8821a58aa16587676e835001f2 (diff) | |
| download | guix-9edb3f66fd807b096b48283debdcddccfea34bad.tar.gz | |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/build')
| -rw-r--r-- | gnu/build/bootloader.scm | 56 | ||||
| -rw-r--r-- | gnu/build/cross-toolchain.scm | 9 | ||||
| -rw-r--r-- | gnu/build/file-systems.scm | 104 | ||||
| -rw-r--r-- | gnu/build/image.scm | 273 | ||||
| -rw-r--r-- | gnu/build/install.scm | 39 | ||||
| -rw-r--r-- | gnu/build/linux-boot.scm | 46 | ||||
| -rw-r--r-- | gnu/build/vm.scm | 226 |
7 files changed, 545 insertions, 208 deletions
diff --git a/gnu/build/bootloader.scm b/gnu/build/bootloader.scm index 9570d6dd18..498022f6db 100644 --- a/gnu/build/bootloader.scm +++ b/gnu/build/bootloader.scm @@ -18,8 +18,12 @@ ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu build bootloader) + #:use-module (guix build utils) + #:use-module (guix utils) #:use-module (ice-9 binary-ports) - #:export (write-file-on-device)) + #:use-module (ice-9 format) + #:export (write-file-on-device + install-efi-loader)) ;;; @@ -36,3 +40,53 @@ (seek output offset SEEK_SET) (put-bytevector output bv)) #:binary #t))))) + + +;;; +;;; EFI bootloader. +;;; + +(define (install-efi grub grub-config esp) + "Write a self-contained GRUB EFI loader to the mounted ESP using GRUB-CONFIG." + (let* ((system %host-type) + ;; Hard code the output location to a well-known path recognized by + ;; compliant firmware. See "3.5.1.1 Removable Media Boot Behaviour": + ;; http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf + (grub-mkstandalone (string-append grub "/bin/grub-mkstandalone")) + (efi-directory (string-append esp "/EFI/BOOT")) + ;; Map grub target names to boot file names. + (efi-targets (cond ((string-prefix? "x86_64" system) + '("x86_64-efi" . "BOOTX64.EFI")) + ((string-prefix? "i686" system) + '("i386-efi" . "BOOTIA32.EFI")) + ((string-prefix? "armhf" system) + '("arm-efi" . "BOOTARM.EFI")) + ((string-prefix? "aarch64" system) + '("arm64-efi" . "BOOTAA64.EFI"))))) + ;; grub-mkstandalone requires a TMPDIR to prepare the firmware image. + (setenv "TMPDIR" esp) + + (mkdir-p efi-directory) + (invoke grub-mkstandalone "-O" (car efi-targets) + "-o" (string-append efi-directory "/" + (cdr efi-targets)) + ;; Graft the configuration file onto the image. + (string-append "boot/grub/grub.cfg=" grub-config)))) + +(define (install-efi-loader grub-efi esp) + "Install in ESP directory the given GRUB-EFI bootloader. Configure it to +load the Grub bootloader located in the 'Guix_image' root partition." + (let ((grub-config "grub.cfg")) + (call-with-output-file grub-config + (lambda (port) + ;; Create a tiny configuration file telling the embedded grub where to + ;; load the real thing. XXX This is quite fragile, and can prevent + ;; the image from booting when there's more than one volume with this + ;; label present. Reproducible almost-UUIDs could reduce the risk + ;; (not eliminate it). + (format port + "insmod part_msdos~@ + search --set=root --label Guix_image~@ + configfile /boot/grub/grub.cfg~%"))) + (install-efi grub-efi grub-config esp) + (delete-file grub-config))) diff --git a/gnu/build/cross-toolchain.scm b/gnu/build/cross-toolchain.scm index 6bdbdd5411..9746be3e50 100644 --- a/gnu/build/cross-toolchain.scm +++ b/gnu/build/cross-toolchain.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com> @@ -38,8 +38,11 @@ (define %gcc-include-paths ;; Environment variables for header search paths. - ;; Note: See <http://bugs.gnu.org/30756> for why not 'C_INCLUDE_PATH' & co. - '("CPATH")) + ;; Note: See <http://bugs.gnu.org/22186> for why not 'CPATH'. + '("C_INCLUDE_PATH" + "CPLUS_INCLUDE_PATH" + "OBJC_INCLUDE_PATH" + "OBJCPLUS_INCLUDE_PATH")) (define %gcc-cross-include-paths ;; Search path for target headers when cross-compiling. diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index 902563b219..b920e8fc62 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -98,6 +98,47 @@ takes a bytevector and returns #t when it's a valid superblock." (define null-terminated-latin1->string (cut latin1->string <> zero?)) +(define (bytevector-utf16-length bv) + "Given a bytevector BV containing a NUL-terminated UTF16-encoded string, +determine where the NUL terminator is and return its index. If there's no +NUL terminator, return the size of the bytevector." + (let ((length (bytevector-length bv))) + (let loop ((index 0)) + (if (< index length) + (if (zero? (bytevector-u16-ref bv index 'little)) + index + (loop (+ index 2))) + length)))) + +(define* (bytevector->u16-list bv endianness #:optional (index 0)) + (if (< index (bytevector-length bv)) + (cons (bytevector-u16-ref bv index endianness) + (bytevector->u16-list bv endianness (+ index 2))) + '())) + +;; The initrd doesn't have iconv data, so do the conversion ourselves. +(define (utf16->string bv endianness) + (list->string + (map integer->char + (reverse + (let loop ((remainder (bytevector->u16-list bv endianness)) + (result '())) + (match remainder + (() result) + ((a) (cons a result)) + ((a b x ...) + (if (and (>= a #xD800) (< a #xDC00) ; high surrogate + (>= b #xDC00) (< b #xE000)) ; low surrogate + (loop x (cons (+ #x10000 + (* #x400 (- a #xD800)) + (- b #xDC00)) + result)) + (loop (cons b x) (cons a result)))))))))) + +(define (null-terminated-utf16->string bv endianness) + (utf16->string (sub-bytevector bv 0 (bytevector-utf16-length bv)) + endianness)) + ;;; ;;; Ext2 file systems. @@ -338,6 +379,60 @@ if DEVICE does not contain a JFS file system." ;;; +;;; F2FS (Flash-Friendly File System) +;;; + +;;; https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/tree/include/linux/f2fs_fs.h +;;; (but using xxd proved to be simpler) + +(define-syntax %f2fs-endianness + ;; Endianness of F2FS file systems + (identifier-syntax (endianness little))) + +;; F2FS actually stores two adjacent copies of the superblock. +;; should we read both? +(define (f2fs-superblock? sblock) + "Return #t when SBLOCK is an F2FS superblock." + (let ((magic (bytevector-u32-ref sblock 0 %f2fs-endianness))) + (= magic #xF2F52010))) + +(define (read-f2fs-superblock device) + "Return the raw contents of DEVICE's F2FS superblock as a bytevector, or #f +if DEVICE does not contain an F2FS file system." + (read-superblock device + ;; offset of magic in first copy + #x400 + ;; difference between magic of second + ;; and first copies + (- #x1400 #x400) + f2fs-superblock?)) + +(define (f2fs-superblock-uuid sblock) + "Return the UUID of F2FS superblock SBLOCK as a 16-byte bytevector." + (sub-bytevector sblock + (- (+ #x460 12) + ;; subtract superblock offset + #x400) + 16)) + +(define (f2fs-superblock-volume-name sblock) + "Return the volume name of SBLOCK as a string of at most 512 characters, or +#f if SBLOCK has no volume name." + (null-terminated-utf16->string + (sub-bytevector sblock (- (+ #x470 12) #x400) 512) + %f2fs-endianness)) + +(define (check-f2fs-file-system device) + "Return the health of a F2FS file system on DEVICE." + (match (status:exit-val + (system* "fsck.f2fs" "-p" device)) + ;; 0 and -1 are the only two possibilities + ;; (according to the manpage) + (0 'pass) + (_ 'fatal-error))) + + +;;; ;;; LUKS encrypted devices. ;;; @@ -472,7 +567,9 @@ partition field reader that returned a value." (partition-field-reader read-fat16-superblock fat16-superblock-volume-name) (partition-field-reader read-jfs-superblock - jfs-superblock-volume-name))) + jfs-superblock-volume-name) + (partition-field-reader read-f2fs-superblock + f2fs-superblock-volume-name))) (define %partition-uuid-readers (list (partition-field-reader read-iso9660-superblock @@ -486,7 +583,9 @@ partition field reader that returned a value." (partition-field-reader read-fat16-superblock fat16-superblock-uuid) (partition-field-reader read-jfs-superblock - jfs-superblock-uuid))) + jfs-superblock-uuid) + (partition-field-reader read-f2fs-superblock + f2fs-superblock-uuid))) (define read-partition-label (cut read-partition-field <> %partition-label-readers)) @@ -582,6 +681,7 @@ were found." ((string-prefix? "btrfs" type) check-btrfs-file-system) ((string-suffix? "fat" type) check-fat-file-system) ((string-prefix? "jfs" type) check-jfs-file-system) + ((string-prefix? "f2fs" type) check-f2fs-file-system) ((string-prefix? "nfs" type) (const 'pass)) (else #f))) diff --git a/gnu/build/image.scm b/gnu/build/image.scm new file mode 100644 index 0000000000..fe8e11aa1b --- /dev/null +++ b/gnu/build/image.scm @@ -0,0 +1,273 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> +;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> +;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu build image) + #:use-module (guix build store-copy) + #:use-module (guix build syscalls) + #:use-module (guix build utils) + #:use-module (guix store database) + #:use-module (gnu build bootloader) + #:use-module (gnu build install) + #:use-module (gnu build linux-boot) + #:use-module (gnu image) + #:use-module (gnu system uuid) + #:use-module (ice-9 ftw) + #:use-module (ice-9 match) + #:use-module (srfi srfi-19) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) + #:export (make-partition-image + genimage + initialize-efi-partition + initialize-root-partition + + make-iso9660-image)) + +(define (sexp->partition sexp) + "Take SEXP, a tuple as returned by 'partition->gexp', and turn it into a +<partition> record." + (match sexp + ((size file-system label uuid) + (partition (size size) + (file-system file-system) + (label label) + (uuid uuid))))) + +(define (size-in-kib size) + "Convert SIZE expressed in bytes, to kilobytes and return it as a string." + (number->string + (inexact->exact (ceiling (/ size 1024))))) + +(define (estimate-partition-size root) + "Given the ROOT directory, evalute and return its size. As this doesn't +take the partition metadata size into account, take a 25% margin." + (* 1.25 (file-size root))) + +(define* (make-ext4-image partition target root + #:key + (owner-uid 0) + (owner-gid 0)) + "Handle the creation of EXT4 partition images. See 'make-partition-image'." + (let ((size (partition-size partition)) + (label (partition-label partition)) + (uuid (partition-uuid partition)) + (options "lazy_itable_init=1,lazy_journal_init=1")) + (invoke "mke2fs" "-t" "ext4" "-d" root + "-L" label "-U" (uuid->string uuid) + "-E" (format #f "root_owner=~a:~a,~a" + owner-uid owner-gid options) + target + (format #f "~ak" + (size-in-kib + (if (eq? size 'guess) + (estimate-partition-size root) + size)))))) + +(define* (make-vfat-image partition target root) + "Handle the creation of VFAT partition images. See 'make-partition-image'." + (let ((size (partition-size partition)) + (label (partition-label partition))) + (invoke "mkdosfs" "-n" label "-C" target "-F" "16" "-S" "1024" + (size-in-kib + (if (eq? size 'guess) + (estimate-partition-size root) + size))) + (for-each (lambda (file) + (unless (member file '("." "..")) + (invoke "mcopy" "-bsp" "-i" target + (string-append root "/" file) + (string-append "::" file)))) + (scandir root)))) + +(define* (make-partition-image partition-sexp target root) + "Create and return the image of PARTITION-SEXP as TARGET. Use the given +ROOT directory to populate the image." + (let* ((partition (sexp->partition partition-sexp)) + (type (partition-file-system partition))) + (cond + ((string=? type "ext4") + (make-ext4-image partition target root)) + ((string=? type "vfat") + (make-vfat-image partition target root)) + (else + (format (current-error-port) + "Unsupported partition type~%."))))) + +(define* (genimage config target) + "Use genimage to generate in TARGET directory, the image described in the +given CONFIG file." + ;; genimage needs a 'root' directory. + (mkdir "root") + (invoke "genimage" "--config" config + "--outputpath" target)) + +(define* (register-closure prefix closure + #:key + (deduplicate? #t) (reset-timestamps? #t) + (schema (sql-schema))) + "Register CLOSURE in PREFIX, where PREFIX is the directory name of the +target store and CLOSURE is the name of a file containing a reference graph as +produced by #:references-graphs.. As a side effect, if RESET-TIMESTAMPS? is +true, reset timestamps on store files and, if DEDUPLICATE? is true, +deduplicates files common to CLOSURE and the rest of PREFIX." + (let ((items (call-with-input-file closure read-reference-graph))) + (register-items items + #:prefix prefix + #:deduplicate? deduplicate? + #:reset-timestamps? reset-timestamps? + #:registration-time %epoch + #:schema schema))) + +(define* (initialize-efi-partition root + #:key + bootloader-package + #:allow-other-keys) + "Install in ROOT directory, an EFI loader using BOOTLOADER-PACKAGE." + (install-efi-loader bootloader-package root)) + +(define* (initialize-root-partition root + #:key + bootcfg + bootcfg-location + (deduplicate? #t) + references-graphs + (register-closures? #t) + system-directory + #:allow-other-keys) + "Initialize the given ROOT directory. Use BOOTCFG and BOOTCFG-LOCATION to +install the bootloader configuration. + +If REGISTER-CLOSURES? is true, register REFERENCES-GRAPHS in the store. If +DEDUPLICATE? is true, then also deduplicate files common to CLOSURES and the +rest of the store when registering the closures. SYSTEM-DIRECTORY is the name +of the directory of the 'system' derivation." + (populate-root-file-system system-directory root) + (populate-store references-graphs root) + + (when register-closures? + (for-each (lambda (closure) + (register-closure root + closure + #:reset-timestamps? #t + #:deduplicate? deduplicate?)) + references-graphs)) + + (when bootcfg + (install-boot-config bootcfg bootcfg-location root))) + +(define* (make-iso9660-image xorriso grub-mkrescue-environment + grub bootcfg system-directory root target + #:key (volume-id "Guix_image") (volume-uuid #f) + register-closures? (references-graphs '()) + (compression? #t)) + "Given a GRUB package, creates an iso image as TARGET, using BOOTCFG as +GRUB configuration and OS-DRV as the stuff in it." + (define grub-mkrescue + (string-append grub "/bin/grub-mkrescue")) + + (define grub-mkrescue-sed.sh + (string-append (getcwd) "/" "grub-mkrescue-sed.sh")) + + ;; Use a modified version of grub-mkrescue-sed.sh, see below. + (copy-file (string-append xorriso + "/bin/grub-mkrescue-sed.sh") + grub-mkrescue-sed.sh) + + ;; Force grub-mkrescue-sed.sh to use the build directory instead of /tmp + ;; that is read-only inside the build container. + (substitute* grub-mkrescue-sed.sh + (("/tmp/") (string-append (getcwd) "/")) + (("MKRESCUE_SED_XORRISO_ARGS \\$x") + (format #f "MKRESCUE_SED_XORRISO_ARGS $(echo $x | sed \"s|/tmp|~a|\")" + (getcwd)))) + + ;; 'grub-mkrescue' calls out to mtools programs to create 'efi.img', a FAT + ;; file system image, and mtools honors SOURCE_DATE_EPOCH for the mtime of + ;; those files. The epoch for FAT is Jan. 1st 1980, not 1970, so choose + ;; that. + (setenv "SOURCE_DATE_EPOCH" + (number->string + (time-second + (date->time-utc (make-date 0 0 0 0 1 1 1980 0))))) + + ;; Our patched 'grub-mkrescue' honors this environment variable and passes + ;; it to 'mformat', which makes it the serial number of 'efi.img'. This + ;; allows for deterministic builds. + (setenv "GRUB_FAT_SERIAL_NUMBER" + (number->string (if volume-uuid + + ;; On 32-bit systems the 2nd argument must be + ;; lower than 2^32. + (string-hash (iso9660-uuid->string volume-uuid) + (- (expt 2 32) 1)) + + #x77777777) + 16)) + + (setenv "MKRESCUE_SED_MODE" "original") + (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso "/bin/xorriso")) + (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes") + + (for-each (match-lambda + ((name . value) (setenv name value))) + grub-mkrescue-environment) + + (apply invoke grub-mkrescue + (string-append "--xorriso=" grub-mkrescue-sed.sh) + "-o" target + (string-append "boot/grub/grub.cfg=" bootcfg) + root + "--" + ;; Set all timestamps to 1. + "-volume_date" "all_file_dates" "=1" + + `(,@(if compression? + '(;; ‘zisofs’ compression reduces the total image size by + ;; ~60%. + "-zisofs" "level=9:block_size=128k" ; highest compression + ;; It's transparent to our Linux-Libre kernel but not to + ;; GRUB. Don't compress the kernel, initrd, and other + ;; files read by grub.cfg, as well as common + ;; already-compressed file names. + "-find" "/" "-type" "f" + ;; XXX Even after "--" above, and despite documentation + ;; claiming otherwise, "-or" is stolen by grub-mkrescue + ;; which then chokes on it (as ‘-o …’) and dies. Don't use + ;; "-or". + "-not" "-wholename" "/boot/*" + "-not" "-wholename" "/System/*" + "-not" "-name" "unicode.pf2" + "-not" "-name" "bzImage" + "-not" "-name" "*.gz" ; initrd & all man pages + "-not" "-name" "*.png" ; includes grub-image.png + "-exec" "set_filter" "--zisofs" + "--") + '()) + "-volid" ,(string-upcase volume-id) + ,@(if volume-uuid + `("-volume_date" "uuid" + ,(string-filter (lambda (value) + (not (char=? #\- value))) + (iso9660-uuid->string + volume-uuid))) + '())))) diff --git a/gnu/build/install.scm b/gnu/build/install.scm index c0d4d44091..87aa5d68da 100644 --- a/gnu/build/install.scm +++ b/gnu/build/install.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com> ;;; ;;; This file is part of GNU Guix. @@ -25,7 +25,6 @@ #:export (install-boot-config evaluate-populate-directive populate-root-file-system - register-closure install-database-and-gc-roots populate-single-profile-directory)) @@ -51,9 +50,14 @@ that the fonts, background images, etc. referred to by BOOTCFG are not GC'd." (copy-file bootcfg pivot) (rename-file pivot target))) -(define (evaluate-populate-directive directive target) +(define* (evaluate-populate-directive directive target + #:key + (default-gid 0) + (default-uid 0)) "Evaluate DIRECTIVE, an sexp describing a file or directory to create under -directory TARGET." +directory TARGET. DEFAULT-UID and DEFAULT-GID are the default UID and GID in +the context of the caller. If the directive matches those defaults then, +'chown' won't be run." (let loop ((directive directive)) (catch 'system-error (lambda () @@ -63,10 +67,22 @@ directory TARGET." (('directory name uid gid) (let ((dir (string-append target name))) (mkdir-p dir) - (chown dir uid gid))) + ;; If called from a context without "root" permissions, "chown" + ;; to root will fail. In that case, do not try to run "chown" + ;; and assume that the file will be chowned elsewhere (when + ;; interned in the store for instance). + (or (and (= uid default-uid) (= gid default-gid)) + (chown dir uid gid)))) (('directory name uid gid mode) (loop `(directory ,name ,uid ,gid)) (chmod (string-append target name) mode)) + (('file name) + (call-with-output-file (string-append target name) + (const #t))) + (('file name (? string? content)) + (call-with-output-file (string-append target name) + (lambda (port) + (display content port)))) ((new '-> old) (let try () (catch 'system-error @@ -91,9 +107,7 @@ directory TARGET." (define (directives store) "Return a list of directives to populate the root file system that will host STORE." - `(;; Note: the store's GID is fixed precisely so we can set it here rather - ;; than at activation time. - (directory ,store 0 30000 #o1775) + `((directory ,store 0 0 #o1775) (directory "/etc") (directory "/var/log") ; for shepherd @@ -119,11 +133,14 @@ STORE." (directory "/home" 0 0))) -(define (populate-root-file-system system target) +(define* (populate-root-file-system system target + #:key (extras '())) "Make the essential non-store files and directories on TARGET. This -includes /etc, /var, /run, /bin/sh, etc., and all the symlinks to SYSTEM." +includes /etc, /var, /run, /bin/sh, etc., and all the symlinks to SYSTEM. +EXTRAS is a list of directives appended to the built-in directives to populate +TARGET." (for-each (cut evaluate-populate-directive <> target) - (directives (%store-directory))) + (append (directives (%store-directory)) extras)) ;; Add system generation 1. (let ((generation-1 (string-append target diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm index 4fb711b8f2..c6f9df5f29 100644 --- a/gnu/build/linux-boot.scm +++ b/gnu/build/linux-boot.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2019 Guillaume Le Vaillant <glv@posteo.net> ;;; @@ -40,6 +40,7 @@ find-long-option find-long-options make-essential-device-nodes + make-hurd-device-nodes make-static-device-nodes configure-qemu-networking @@ -223,7 +224,7 @@ one specific hardware device. These we have to create." (call-with-input-file devname-name read-static-device-nodes)))) -(define* (make-essential-device-nodes #:key (root "/")) +(define* (make-essential-device-nodes #:optional (root "/")) "Make essential device nodes under ROOT/dev." ;; The hand-made devtmpfs/udev! @@ -323,6 +324,36 @@ one specific hardware device. These we have to create." ;; File systems in user space (FUSE). (mknod (scope "dev/fuse") 'char-special #o666 (device-number 10 229))) +(define* (make-hurd-device-nodes #:optional (root "/")) + "Make some of the nodes needed on GNU/Hurd." + (define (scope dir) + (string-append root + (if (string-suffix? "/" root) + "" + "/") + dir)) + + (mkdir (scope "dev")) + (for-each (lambda (file) + (call-with-output-file (scope file) + (lambda (port) + (chmod port #o666)))) + '("dev/null" + "dev/zero" + "dev/full" + "dev/random" + "dev/urandom")) + ;; Don't create /dev/console, /dev/vcs, etc.: they are created by + ;; console-run on first boot. + + (mkdir (scope "servers")) + (mkdir (scope "servers/socket")) + ;; Don't create /servers/socket/1 & co: runsystem does that on first boot. + + ;; TODO: Set the 'gnu.translator' extended attribute for passive translator + ;; settings? + ) + (define %host-qemu-ipv4-address (inet-pton AF_INET "10.0.2.10")) @@ -534,10 +565,13 @@ upon error." ;; The "--root=SPEC" kernel command-line option always provides a ;; string, but the string can represent a device, a UUID, or a ;; label. So check for all three. - (let ((root (cond ((string-prefix? "/" root) root) - ((uuid root) => identity) - (else (file-system-label root))))) - (mount-root-file-system (canonicalize-device-spec root) + (let ((device-spec (cond ((string-prefix? "/" root) root) + ((uuid root) => identity) + ((string-contains root ":/") #f) ; nfs + (else (file-system-label root))))) + (mount-root-file-system (if device-spec + (canonicalize-device-spec device-spec) + root) root-fs-type #:volatile-root? volatile-root? #:flags root-fs-flags diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm index 9caa110463..433b5a7e8d 100644 --- a/gnu/build/vm.scm +++ b/gnu/build/vm.scm @@ -27,12 +27,14 @@ #:use-module (guix build store-copy) #:use-module (guix build syscalls) #:use-module (guix store database) + #:use-module (gnu build bootloader) #:use-module (gnu build linux-boot) #:use-module (gnu build install) #:use-module (gnu system uuid) #:use-module (guix records) #:use-module ((guix combinators) #:select (fold2)) #:use-module (ice-9 format) + #:use-module (ice-9 ftw) #:use-module (ice-9 match) #:use-module (ice-9 regex) #:use-module (ice-9 popen) @@ -56,8 +58,7 @@ estimated-partition-size root-partition-initializer initialize-partition-table - initialize-hard-disk - make-iso9660-image)) + initialize-hard-disk)) ;;; Commentary: ;;; @@ -234,6 +235,8 @@ deduplicates files common to CLOSURE and the rest of PREFIX." (device partition-device (default #f)) (size partition-size) (file-system partition-file-system (default "ext4")) + (file-system-options partition-file-system-options ;passed to 'mkfs.FS' + (default '())) (label partition-label (default #f)) (uuid partition-uuid (default #f)) (flags partition-flags (default '())) @@ -308,7 +311,7 @@ actual /dev name based on DEVICE." (define MS_BIND 4096) ; <sys/mounts.h> again! (define* (create-ext-file-system partition type - #:key label uuid) + #:key label uuid (options '())) "Create an ext-family file system of TYPE on PARTITION. If LABEL is true, use that as the volume name. If UUID is true, use it as the partition UUID." (format #t "creating ~a partition... ~@[label: ~s~] ~@[uuid: ~s~]\n" @@ -320,26 +323,29 @@ use that as the volume name. If UUID is true, use it as the partition UUID." '()) ,@(if uuid `("-U" ,(uuid->string uuid)) - '())))) + '()) + ,@options))) (define* (create-fat-file-system partition - #:key label uuid) + #:key label uuid (options '())) "Create a FAT file system on PARTITION. The number of File Allocation Tables will be determined based on file system size. If LABEL is true, use that as the volume name." ;; FIXME: UUID is ignored! (format #t "creating FAT partition...\n") (apply invoke "mkfs.fat" partition - (if label `("-n" ,label) '()))) + (append (if label `("-n" ,label) '()) options))) (define* (format-partition partition type - #:key label uuid) + #:key label uuid (options '())) "Create a file system TYPE on PARTITION. If LABEL is true, use that as the -volume name." +volume name. Options is a list of command-line options passed to 'mkfs.FS'." (cond ((string-prefix? "ext" type) - (create-ext-file-system partition type #:label label #:uuid uuid)) + (create-ext-file-system partition type #:label label #:uuid uuid + #:options options)) ((or (string-prefix? "fat" type) (string= "vfat" type)) - (create-fat-file-system partition #:label label #:uuid uuid)) + (create-fat-file-system partition #:label label #:uuid uuid + #:options options)) (else (error "Unsupported file system.")))) (define (initialize-partition partition) @@ -349,7 +355,8 @@ it, run its initializer, and unmount it." (format-partition (partition-device partition) (partition-file-system partition) #:label (partition-label partition) - #:uuid (partition-uuid partition)) + #:uuid (partition-uuid partition) + #:options (partition-file-system-options partition)) (mkdir-p target) (mount (partition-device partition) target (partition-file-system partition)) @@ -363,14 +370,20 @@ it, run its initializer, and unmount it." copy-closures? (register-closures? #t) system-directory - (deduplicate? #t)) + (deduplicate? #t) + (make-device-nodes + make-essential-device-nodes) + (extra-directives '())) "Return a procedure to initialize a root partition. If REGISTER-CLOSURES? is true, register all of CLOSURES in the partition's store. If DEDUPLICATE? is true, then also deduplicate files common to CLOSURES and the rest of the store when registering the closures. If COPY-CLOSURES? is true, copy all of CLOSURES to the partition. -SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation." +SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation. + +EXTRA-DIRECTIVES is an optional list of directives to populate the root file +system that is passed to 'populate-root-file-system'." (lambda (target) (define target-store (string-append target (%store-directory))) @@ -381,7 +394,7 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation." target)) ;; Populate /dev. - (make-essential-device-nodes #:root target) + (make-device-nodes target) ;; Optionally, register the inputs in the image's store. (when register-closures? @@ -403,12 +416,22 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation." ;; Add the non-store directories and files. (display "populating...\n") - (populate-root-file-system system-directory target) + (populate-root-file-system system-directory target + #:extras extra-directives) ;; 'register-closure' resets timestamps and everything, so no need to do it ;; once more in that case. (unless register-closures? - (reset-timestamps target)))) + ;; 'reset-timestamps' also resets file permissions; do that everywhere + ;; except on /dev so that /dev/null remains writable, etc. + (for-each (lambda (directory) + (reset-timestamps (string-append target "/" directory))) + (scandir target + (match-lambda + ((or "." ".." "dev") #f) + (_ #t)))) + (reset-timestamps (string-append target "/dev") + #:preserve-permissions? #t)))) (define (register-bootcfg-root target bootcfg) "On file system TARGET, register BOOTCFG as a GC root." @@ -416,159 +439,6 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation." (mkdir-p directory) (symlink bootcfg (string-append directory "/bootcfg")))) -(define (install-efi grub esp config-file) - "Write a self-contained GRUB EFI loader to the mounted ESP using CONFIG-FILE." - (let* ((system %host-type) - ;; Hard code the output location to a well-known path recognized by - ;; compliant firmware. See "3.5.1.1 Removable Media Boot Behaviour": - ;; http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf - (grub-mkstandalone (string-append grub "/bin/grub-mkstandalone")) - (efi-directory (string-append esp "/EFI/BOOT")) - ;; Map grub target names to boot file names. - (efi-targets (cond ((string-prefix? "x86_64" system) - '("x86_64-efi" . "BOOTX64.EFI")) - ((string-prefix? "i686" system) - '("i386-efi" . "BOOTIA32.EFI")) - ((string-prefix? "armhf" system) - '("arm-efi" . "BOOTARM.EFI")) - ((string-prefix? "aarch64" system) - '("arm64-efi" . "BOOTAA64.EFI"))))) - ;; grub-mkstandalone requires a TMPDIR to prepare the firmware image. - (setenv "TMPDIR" esp) - - (mkdir-p efi-directory) - (invoke grub-mkstandalone "-O" (car efi-targets) - "-o" (string-append efi-directory "/" - (cdr efi-targets)) - ;; Graft the configuration file onto the image. - (string-append "boot/grub/grub.cfg=" config-file)))) - -(define* (make-iso9660-image xorriso grub-mkrescue-environment - grub config-file os-drv target - #:key (volume-id "Guix_image") (volume-uuid #f) - register-closures? (closures '())) - "Given a GRUB package, creates an iso image as TARGET, using CONFIG-FILE as -GRUB configuration and OS-DRV as the stuff in it." - (define grub-mkrescue - (string-append grub "/bin/grub-mkrescue")) - - (define grub-mkrescue-sed.sh - (string-append xorriso "/bin/grub-mkrescue-sed.sh")) - - (define target-store - (string-append "/tmp/root" (%store-directory))) - - (define items - ;; The store items to add to the image. - (delete-duplicates - (append-map (lambda (closure) - (map store-info-item - (call-with-input-file (string-append "/xchg/" closure) - read-reference-graph))) - closures))) - - (populate-root-file-system os-drv "/tmp/root") - (mount (%store-directory) target-store "" MS_BIND) - - (when register-closures? - (display "registering closures...\n") - (for-each (lambda (closure) - (register-closure - "/tmp/root" - (string-append "/xchg/" closure) - - ;; TARGET-STORE is a read-only bind-mount so we shouldn't try - ;; to modify it. - #:deduplicate? #f - #:reset-timestamps? #f)) - closures) - (register-bootcfg-root "/tmp/root" config-file)) - - ;; 'grub-mkrescue' calls out to mtools programs to create 'efi.img', a FAT - ;; file system image, and mtools honors SOURCE_DATE_EPOCH for the mtime of - ;; those files. The epoch for FAT is Jan. 1st 1980, not 1970, so choose - ;; that. - (setenv "SOURCE_DATE_EPOCH" - (number->string - (time-second - (date->time-utc (make-date 0 0 0 0 1 1 1980 0))))) - - ;; Our patched 'grub-mkrescue' honors this environment variable and passes - ;; it to 'mformat', which makes it the serial number of 'efi.img'. This - ;; allows for deterministic builds. - (setenv "GRUB_FAT_SERIAL_NUMBER" - (number->string (if volume-uuid - - ;; On 32-bit systems the 2nd argument must be - ;; lower than 2^32. - (string-hash (iso9660-uuid->string volume-uuid) - (- (expt 2 32) 1)) - - #x77777777) - 16)) - - (setenv "MKRESCUE_SED_MODE" "original") - (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso - "/bin/xorriso")) - (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes") - (for-each (match-lambda - ((name . value) (setenv name value))) - grub-mkrescue-environment) - - (let ((pipe - (apply open-pipe* OPEN_WRITE - grub-mkrescue - (string-append "--xorriso=" grub-mkrescue-sed.sh) - "-o" target - (string-append "boot/grub/grub.cfg=" config-file) - "etc=/tmp/root/etc" - "var=/tmp/root/var" - "run=/tmp/root/run" - ;; /mnt is used as part of the installation - ;; process, as the mount point for the target - ;; file system, so create it. - "mnt=/tmp/root/mnt" - "-path-list" "-" - "--" - - ;; Set all timestamps to 1. - "-volume_date" "all_file_dates" "=1" - - ;; ‘zisofs’ compression reduces the total image size by ~60%. - "-zisofs" "level=9:block_size=128k" ; highest compression - ;; It's transparent to our Linux-Libre kernel but not to GRUB. - ;; Don't compress the kernel, initrd, and other files read by - ;; grub.cfg, as well as common already-compressed file names. - "-find" "/" "-type" "f" - ;; XXX Even after "--" above, and despite documentation claiming - ;; otherwise, "-or" is stolen by grub-mkrescue which then chokes - ;; on it (as ‘-o …’) and dies. Don't use "-or". - "-not" "-wholename" "/boot/*" - "-not" "-wholename" "/System/*" - "-not" "-name" "unicode.pf2" - "-not" "-name" "bzImage" - "-not" "-name" "*.gz" ; initrd & all man pages - "-not" "-name" "*.png" ; includes grub-image.png - "-exec" "set_filter" "--zisofs" - "--" - - "-volid" (string-upcase volume-id) - (if volume-uuid - `("-volume_date" "uuid" - ,(string-filter (lambda (value) - (not (char=? #\- value))) - (iso9660-uuid->string - volume-uuid))) - `())))) - ;; Pass lines like 'gnu/store/…-x=/gnu/store/…-x' corresponding to the - ;; '-path-list -' option. - (for-each (lambda (item) - (format pipe "~a=~a~%" - (string-drop item 1) item)) - items) - (unless (zero? (close-pipe pipe)) - (error "oh, my! grub-mkrescue failed" grub-mkrescue)))) - (define* (initialize-hard-disk device #:key bootloader-package @@ -610,30 +480,16 @@ passing it a directory name where it is mounted." (when esp ;; Mount the ESP somewhere and install GRUB UEFI image. - (let ((mount-point (string-append target "/boot/efi")) - (grub-config (string-append target "/tmp/grub-standalone.cfg"))) + (let ((mount-point (string-append target "/boot/efi"))) (display "mounting EFI system partition...\n") (mkdir-p mount-point) (mount (partition-device esp) mount-point (partition-file-system esp)) - ;; Create a tiny configuration file telling the embedded grub - ;; where to load the real thing. - ;; XXX This is quite fragile, and can prevent the image from booting - ;; when there's more than one volume with this label present. - ;; Reproducible almost-UUIDs could reduce the risk (not eliminate it). - (call-with-output-file grub-config - (lambda (port) - (format port - "insmod part_msdos~@ - search --set=root --label Guix_image~@ - configfile /boot/grub/grub.cfg~%"))) - (display "creating EFI firmware image...") - (install-efi grub-efi mount-point grub-config) + (install-efi-loader grub-efi mount-point) (display "done.\n") - (delete-file grub-config) (umount mount-point))) ;; Register BOOTCFG as a GC root. |