guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: gnu: Add ipxe.


From: guix-commits
Subject: 01/02: gnu: Add ipxe.
Date: Wed, 13 Jan 2021 19:52:31 -0500 (EST)

dannym pushed a commit to branch master
in repository guix.

commit aeed7218a933054806edd246548346e9edc327c4
Author: Vincent Legoll <vincent.legoll@gmail.com>
AuthorDate: Tue Jan 12 22:44:18 2021 +0100

    gnu: Add ipxe.
    
    * gnu/packages/bootloaders.scm (ipxe): New variable.
    * gnu/packages/patches/ipxe-reproducible-geniso.patch: New file …
    * gnu/local.mk (dist_patch_DATA): … add it.
    
    Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
    Co-authored-by: Brice Waegeneire <brice@waegenei.re>
    Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
---
 gnu/local.mk                                       |   1 +
 gnu/packages/bootloaders.scm                       | 125 ++++++++++++++++++++-
 .../patches/ipxe-reproducible-geniso.patch         |  77 +++++++++++++
 3 files changed, 202 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index bcf7ee0..eb28104 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1184,6 +1184,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/intel-xed-fix-nondeterminism.patch      \
   %D%/packages/patches/intltool-perl-compatibility.patch       \
   %D%/packages/patches/iputils-libcap-compat.patch             \
+  %D%/packages/patches/ipxe-reproducible-geniso.patch          \
   %D%/packages/patches/irrlicht-use-system-libs.patch          \
   %D%/packages/patches/isl-0.11.1-aarch64-support.patch        \
   %D%/packages/patches/json-c-CVE-2020-12762.patch             \
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 9ca574a..38dba4c 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -7,12 +7,14 @@
 ;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
 ;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019, 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2019 nee <nee@cock.li>
 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
 ;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant@debian.org>
 ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2021 Vincent Legoll <vincent.legoll@gmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1095,3 +1097,124 @@ systems so that they can be added to the bootloader.  
It also works out how to
 boot existing GNU/Linux systems and detects what distribution is installed in
 order to add a suitable bootloader menu entry.")
     (license license:gpl2+)))
+
+(define-public ipxe
+  ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version
+  ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system.
+  ;;
+  ;; TODO: Bump this timestamp at each modifications of the package (not only
+  ;; for updates) by running: date +%s.
+  (let ((timestamp "1591706427"))
+    (package
+      (name "ipxe")
+      (version "1.20.1")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/ipxe/ipxe";)
+                      (commit (string-append "v" version))))
+                (file-name (git-file-name name version))
+                (patches (search-patches "ipxe-reproducible-geniso.patch"))
+                (sha256
+                 (base32
+                  "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:modules ((guix build utils)
+                    (guix build gnu-build-system)
+                    (guix base32)
+                    (ice-9 string-fun)
+                    (ice-9 regex)
+                    (rnrs bytevectors))
+         #:imported-modules ((guix base32)
+                             ,@%gnu-build-system-modules)
+         #:make-flags
+         ;; XXX: 'BUILD_ID' is used to determine when another ROM in the
+         ;; system contains identical code in order to save space within the
+         ;; legacy BIOS option ROM area, which is extremely limited in size.
+         ;; It is supposed to be collision-free across all ROMs, to do so we
+         ;; use the truncated output hash of the package.
+         (let ((build-id
+                (lambda (out)
+                  (let* ((nix-store (string-append
+                                     (or (getenv "NIX_STORE") "/gnu/store")
+                                     "/"))
+                         (filename
+                          (string-replace-substring out nix-store ""))
+                         (hash (match:substring (string-match "[0-9a-z]{32}"
+                                                              filename)))
+                         (bv (nix-base32-string->bytevector hash)))
+                    (format #f "0x~x"
+                            (bytevector-u32-ref bv 0 (endianness big))))))
+               (out (assoc-ref %outputs "out"))
+               (syslinux (assoc-ref %build-inputs "syslinux")))
+           (list "ECHO_E_BIN_ECHO=echo"
+                 "ECHO_E_BIN_ECHO_E=echo -e"
+
+                 ;; cdrtools' mkisofs will silently ignore a missing 
isolinux.bin!
+                 ;; Luckily xorriso is more strict.
+                 (string-append "ISOLINUX_BIN=" syslinux
+                                "/share/syslinux/isolinux.bin")
+                 (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux
+                                "/share/syslinux/isohdpfx.bin")
+
+                 ;; Build reproducibly.
+                 (string-append "BUILD_ID_CMD=echo -n " (build-id out))
+                 (string-append "BUILD_TIMESTAMP=" ,timestamp)
+                 "everything"))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'enter-source-directory
+             (lambda _ (chdir "src") #t))
+           (add-after 'enter-source-directory 'set-options
+             (lambda _
+               (substitute* "config/general.h"
+                 (("^//(#define PING_CMD.*)" _ uncommented) uncommented)
+                 (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented)
+                  uncommented)
+                 (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option)
+                  (string-append "#define " option))
+                 (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option)
+                  (string-append "#define " option)))
+               #t))
+           (delete 'configure)          ; no configure script
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (ipxe (string-append out "/lib/ipxe"))
+                      (exts-re
+                       "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$")
+                      (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios"
+                              "bin-x86_64-efi" "bin-x86_64-linux" 
"bin-i386-efi"))
+                      (files (apply append
+                                    (map (lambda (dir)
+                                           (find-files dir exts-re)) dirs))))
+                 (for-each (lambda (file)
+                             (let* ((subdir (dirname file))
+                                    (fn (basename file))
+                                    (tgtsubdir (cond
+                                                ((string=? "bin" subdir) "")
+                                                ((string-prefix? "bin-" subdir)
+                                                 (string-drop subdir 4)))))
+                               (install-file file
+                                             (string-append ipxe "/" 
tgtsubdir))))
+                           files))
+               #t))
+           (add-after 'install 'leave-source-directory
+             (lambda _ (chdir "..") #t)))
+         #:tests? #f))                  ; no test suite
+      (native-inputs
+       `(("perl" ,perl)
+         ("syslinux" ,syslinux)
+         ("xorriso" ,xorriso)))
+      (home-page "https://ipxe.org";)
+      (synopsis "PXE-compliant network boot firmware")
+      (description "iPXE is a network boot firmware.  It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network.  It allows to
+control the boot process with a script.  You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+      (license license:gpl2+))))
+
diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch 
b/gnu/packages/patches/ipxe-reproducible-geniso.patch
new file mode 100644
index 0000000..ff6aa1d
--- /dev/null
+++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch
@@ -0,0 +1,77 @@
+From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001
+From: Brice Waegeneire <brice@waegenei.re>
+Date: Fri, 5 Jun 2020 14:38:43 +0200
+Subject: [PATCH] [geniso] Make it reproducible
+
+Some timestamps get embedded in the generated ISO, making it
+unreproducible so we overwrite those timestamps to be at the UNIX epoch.
+---
+ src/util/geniso | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/geniso b/src/util/geniso
+index ff090d4a..e032ffb0 100755
+--- a/src/util/geniso
++++ b/src/util/geniso
+@@ -11,6 +11,13 @@ function help() {
+       echo " -o FILE  save iso image to file"
+ }
+ 
++function reset_timestamp() {
++      for f in "$1"/*; do
++              touch -t 197001010100 "$f"
++      done
++      touch -t 197001010100 "$1"
++}
++
+ LEGACY=0
+ FIRST=""
+ 
+@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then
+       exit 1
+ fi
+ 
+-# There should either be mkisofs or the compatible genisoimage program
+-for command in genisoimage mkisofs; do
++# There should either be mkisofs, xorriso or the compatible genisoimage
++# program
++for command in xorriso genisoimage mkisofs; do
+       if ${command} --version >/dev/null 2>/dev/null; then
+               mkisofs=(${command})
+               break
+@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do
+ done
+ 
+ if [ -z "${mkisofs}" ]; then
+-      echo "${0}: mkisofs or genisoimage not found, please install or set 
PATH" >&2
++      echo "${0}: mkisofs, xorriso or genisoimage not found, please install 
or set PATH" >&2
+       exit 1
++elif [ "$mkisofs" = "xorriso" ]; then
++       mkisofs+=(-as mkisofs)
+ fi
+ 
+ dir=$(mktemp -d bin/iso.dir.XXXXXX)
+@@ -115,6 +125,8 @@ case "${LEGACY}" in
+                       exit 1
+               fi
+ 
++              reset_timestamp "$dir"
++
+               # generate the iso image
+               "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
+               ;;
+@@ -127,6 +139,12 @@ case "${LEGACY}" in
+                       cp ${LDLINUX_C32} ${dir}
+               fi
+ 
++              reset_timestamp "$dir"
++
++              if [ "${mkisofs[0]}" = "xorriso" ]; then
++                      mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH")
++              fi
++
+               # generate the iso image
+               "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 
-boot-info-table -output ${OUT} ${dir}
+ 
+-- 
+2.26.2



reply via email to

[Prev in Thread] Current Thread [Next in Thread]