summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/build/vm.scm18
-rw-r--r--gnu/local.mk4
-rw-r--r--gnu/packages/cdrom.scm14
-rw-r--r--gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch47
-rw-r--r--gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch107
-rw-r--r--gnu/system/vm.scm11
6 files changed, 194 insertions, 7 deletions
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index ac99d6b1a3..a5d9fefa62 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -423,7 +423,8 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
             ;; Graft the configuration file onto the image.
             (string-append "boot/grub/grub.cfg=" config-file))))
 
-(define* (make-iso9660-image grub config-file os-drv target
+(define* (make-iso9660-image xorriso grub-mkrescue-environment
+                             grub config-file os-drv target
                              #:key (volume-id "Guix_image") (volume-uuid #f)
                              register-closures? (closures '()))
   "Given a GRUB package, creates an iso image as TARGET, using CONFIG-FILE as
@@ -431,6 +432,9 @@ GRUB configuration and OS-DRV as the stuff in it."
   (define grub-mkrescue
     (string-append grub "/bin/grub-mkrescue"))
 
+  (define grub-mkrescue-sed.sh
+    (string-append xorriso "/bin/grub-mkrescue-sed.sh"))
+
   (define target-store
     (string-append "/tmp/root" (%store-directory)))
 
@@ -483,9 +487,19 @@ GRUB configuration and OS-DRV as the stuff in it."
                               #x77777777)
                           16))
 
+  (setenv "MKRESCUE_SED_MODE" "original")
+  (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso
+                                                "/bin/xorriso"))
+  (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes")
+  (for-each (match-lambda
+             ((name . value) (setenv name value)))
+            grub-mkrescue-environment)
+
   (let ((pipe
          (apply open-pipe* OPEN_WRITE
-                grub-mkrescue "-o" target
+                grub-mkrescue
+                (string-append "--xorriso=" grub-mkrescue-sed.sh)
+                "-o" target
                 (string-append "boot/grub/grub.cfg=" config-file)
                 "etc=/tmp/root/etc"
                 "var=/tmp/root/var"
diff --git a/gnu/local.mk b/gnu/local.mk
index ac55e1dd28..694bbfd367 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1372,7 +1372,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/xfce4-session-fix-xflock4.patch		\
   %D%/packages/patches/xfce4-settings-defaults.patch		\
   %D%/packages/patches/xinetd-fix-fd-leak.patch			\
-  %D%/packages/patches/xinetd-CVE-2013-4342.patch
+  %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
+  %D%/packages/patches/xorriso-no-partition-table-in-inner-efi.patch \
+  %D%/packages/patches/xorriso-no-mbr-in-inner-efi.patch
 
 MISC_DISTRO_FILES =				\
   %D%/packages/ld-wrapper.in
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 2bd5745ad3..8d9778176f 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -162,8 +162,20 @@ libcdio.")
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0aq6lvlwlkxz56l5sbvgycr6j5c82ch2bv6zrnc2345ibfpafgx9"))))
+               "0aq6lvlwlkxz56l5sbvgycr6j5c82ch2bv6zrnc2345ibfpafgx9"))
+             (patches
+              (search-patches "xorriso-no-partition-table-in-inner-efi.patch"
+                              "xorriso-no-mbr-in-inner-efi.patch"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'install-frontends
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (out-bin (string-append out "/bin")))
+               (install-file "frontend/grub-mkrescue-sed.sh" out-bin)
+               #t))))))
     (inputs
      `(("acl" ,acl)
        ("readline" ,readline)
diff --git a/gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch b/gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch
new file mode 100644
index 0000000000..a43889d2c6
--- /dev/null
+++ b/gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch
@@ -0,0 +1,47 @@
+https://dev.lovelyhq.com/libburnia/libisoburn/commit/1eb51f44dadb8b6c5f87533ca357186cdc1ac625
+diff --git a/frontend/grub-mkrescue-sed.sh b/frontend/grub-mkrescue-sed.sh
+index b3948c99..dcd9d696 100755
+--- a/frontend/grub-mkrescue-sed.sh
++++ b/frontend/grub-mkrescue-sed.sh
+@@ -120,6 +120,7 @@ fi
+ # "yes" overwrites the MBR partition table area in the EFI boot image by zeros.
+ # Some EFI implementations get stuck when seeing in the EFI partition a
+ # partition table entry which begins at LBA 0.
++# "extra" not only zeros the partition table but also the MBR signature.
+ efi_zero_inner_pt=no
+ if test -n "$MKRESCUE_SED_IN_EFI_NO_PT"
+ then
+@@ -192,24 +193,31 @@ then
+   find "$dir"
+ fi
+ 
+-if test "$efi_zero_inner_pt" = yes
++if test "$efi_zero_inner_pt" = yes -o "$efi_zero_inner_pt" = extra
+ then
+   did_dd=0
+   if test -e "$dir"/efi.img
+   then
++    # Look for 0x55 0xAA in bytes 510 and 511
+     magic=$(dd bs=1 skip=510 count=2 if="$dir"/efi.img 2>/dev/null | \
+             od -c | head -1 | awk '{print $2 " " $3}')
+     if test "$magic" = "U 252"
+     then
++      echo "Performing actions for MKRESCUE_SED_IN_EFI_NO_PT=$efi_zero_inner_pt" >&2
+       dd if=/dev/zero bs=1 seek=446 count=64 conv=notrunc of="$dir"/efi.img
+       did_dd=1
++      if test "$efi_zero_inner_pt" = extra
++      then
++        dd if=/dev/zero bs=1 seek=510 count=2 conv=notrunc of="$dir"/efi.img
++      fi
++      echo >&2
+     fi
+   fi
+   if test "$did_dd" = 0
+   then
+     echo >&2
+     echo "$0 : NOTE : No EFI image found or no MBR signature in it." >&2
+-    echo "$0 : NOTE : Will not obey MKRESCUE_SED_IN_EFI_NO_PT=yes" >&2
++    echo "$0 : NOTE : Will not obey MKRESCUE_SED_IN_EFI_NO_PT=$efi_zero_inner_pt" >&2
+     echo >&2
+   fi
+ fi
diff --git a/gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch b/gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch
new file mode 100644
index 0000000000..a719ca1f89
--- /dev/null
+++ b/gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch
@@ -0,0 +1,107 @@
+https://dev.lovelyhq.com/libburnia/libisoburn/commit/3a2a3ba737a06162c22ace0ae09d33ba97aa2673
+diff --git a/frontend/grub-mkrescue-sed.sh b/frontend/grub-mkrescue-sed.sh
+index d772ff22..b3948c99 100755
+--- a/frontend/grub-mkrescue-sed.sh
++++ b/frontend/grub-mkrescue-sed.sh
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+ 
+-# Copyright (C) 2015 - 2016
++# Copyright (C) 2015 - 2019
+ # Thomas Schmitt <scdbackup@gmx.net>, libburnia-project.org
+ # Provided under BSD license: Use, modify, and distribute as you like.
+ 
+@@ -117,6 +117,15 @@ fi
+ #  command line.)
+ # Each argument must be a single word. No whitespace. No quotation marks.
+ 
++# "yes" overwrites the MBR partition table area in the EFI boot image by zeros.
++# Some EFI implementations get stuck when seeing in the EFI partition a
++# partition table entry which begins at LBA 0.
++efi_zero_inner_pt=no
++if test -n "$MKRESCUE_SED_IN_EFI_NO_PT"
++then
++  efi_zero_inner_pt="$MKRESCUE_SED_IN_EFI_NO_PT"
++fi
++
+ 
+ #
+ #                               Do the work 
+@@ -183,12 +192,48 @@ then
+   find "$dir"
+ fi
+ 
++if test "$efi_zero_inner_pt" = yes
++then
++  did_dd=0
++  if test -e "$dir"/efi.img
++  then
++    magic=$(dd bs=1 skip=510 count=2 if="$dir"/efi.img 2>/dev/null | \
++            od -c | head -1 | awk '{print $2 " " $3}')
++    if test "$magic" = "U 252"
++    then
++      dd if=/dev/zero bs=1 seek=446 count=64 conv=notrunc of="$dir"/efi.img
++      did_dd=1
++    fi
++  fi
++  if test "$did_dd" = 0
++  then
++    echo >&2
++    echo "$0 : NOTE : No EFI image found or no MBR signature in it." >&2
++    echo "$0 : NOTE : Will not obey MKRESCUE_SED_IN_EFI_NO_PT=yes" >&2
++    echo >&2
++  fi
++fi
++
+ efi_tmp_name=
++if test x"$mode" = xmjg \
++     -o x"$mode" = xmbr_only \
++     -o x"$mode" = xgpt_appended \
++     -o x"$mode" = xmbr_hfs
++then
++  # Move EFI partition image file out of the "$dir" tree, i.e. out of the ISO
++  efi_tmp_name=grub-mkrescue-sed-efi-img.$$
++  if test -e "$dir"/efi.img
++  then
++    mv "$dir"/efi.img /tmp/$efi_tmp_name
++  elif test -e /tmp/$efi_tmp_name
++  then
++    rm /tmp/$efi_tmp_name
++  fi
++fi
++
+ if test x"$mode" = xmjg
+ then
+   # Exchange arguments for the experimental GRUB2 mjg layout
+-  efi_tmp_name=grub-mkrescue-sed-efi-img.$$
+-  mv "$dir"/efi.img /tmp/$efi_tmp_name
+   x=$(echo " $*" | sed \
+     -e "s/-efi-boot-part --efi-boot-image/-no-pad -append_partition $partno 0xef \/tmp\/$efi_tmp_name/" \
+     -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_${partno}:all:: -no-emul-boot -isohybrid-gpt-basdat/" \
+@@ -207,8 +252,6 @@ then
+ elif test x"$mode" = xmbr_only
+ then
+   # Exchange arguments for no-HFS MBR-only layout
+-  efi_tmp_name=grub-mkrescue-sed-efi-img.$$
+-  mv "$dir"/efi.img /tmp/$efi_tmp_name
+   x=$(echo " $*" | sed \
+     -e "s/-efi-boot-part --efi-boot-image/$iso_mbr_part_type -no-pad -append_partition 2 0xef \/tmp\/$efi_tmp_name/" \
+     -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_2:all:: -no-emul-boot/" \
+@@ -228,8 +271,6 @@ then
+ elif test x"$mode" = xmbr_hfs
+ then
+   # Exchange arguments for MBR and HFS+ layout
+-  efi_tmp_name=grub-mkrescue-sed-efi-img.$$
+-  mv "$dir"/efi.img /tmp/$efi_tmp_name
+   x=$(echo " $*" | sed \
+     -e "s/-efi-boot-part --efi-boot-image/$iso_mbr_part_type -no-pad -append_partition 2 0xef \/tmp\/$efi_tmp_name/" \
+     -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_2:all:: -no-emul-boot/" \
+@@ -247,8 +288,6 @@ then
+ elif test x"$mode" = xgpt_appended
+ then
+   # Exchange arguments for no-HFS MBR-only layout
+-  efi_tmp_name=grub-mkrescue-sed-efi-img.$$
+-  mv "$dir"/efi.img /tmp/$efi_tmp_name
+   x=$(echo " $*" | sed \
+     -e "s/-efi-boot-part --efi-boot-image/-no-pad -append_partition 2 0xef \/tmp\/$efi_tmp_name -appended_part_as_gpt -partition_offset 16/" \
+     -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_2:all:: -no-emul-boot/" \
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index aa37896498..0d4ed63eec 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -266,7 +266,8 @@ made available under the /xchg CIFS share."
                         bootcfg-drv
                         bootloader
                         (register-closures? (has-guix-service-type? os))
-                        (inputs '()))
+                        (inputs '())
+                        (grub-mkrescue-environment '()))
   "Return a bootable, stand-alone iso9660 image.
 
 INPUTS is a list of inputs (as for packages)."
@@ -313,7 +314,9 @@ INPUTS is a list of inputs (as for packages)."
                           inputs)))
 
              (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
-             (make-iso9660-image #$(bootloader-package bootloader)
+             (make-iso9660-image #$xorriso
+                                 '#$grub-mkrescue-environment
+                                 #$(bootloader-package bootloader)
                                  #$bootcfg-drv
                                  #$os
                                  "/xchg/guixsd.iso"
@@ -704,7 +707,9 @@ to USB sticks meant to be read-only."
                        #:bootloader (bootloader-configuration-bootloader
                                      (operating-system-bootloader os))
                        #:inputs `(("system" ,os)
-                                  ("bootcfg" ,bootcfg)))
+                                  ("bootcfg" ,bootcfg))
+                       #:grub-mkrescue-environment
+                       '(("MKRESCUE_SED_MODE" . "mbr_hfs")))
         (qemu-image #:name name
                     #:os os
                     #:bootcfg-drv bootcfg