From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id wLKlMtEbyWULdwAAe85BDQ:P1 (envelope-from ) for ; Sun, 11 Feb 2024 20:11:14 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id wLKlMtEbyWULdwAAe85BDQ (envelope-from ) for ; Sun, 11 Feb 2024 20:11:13 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ultrarare.space header.s=dkim header.b=SiYPs69i; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707678673; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Gb106VRnv0W/Wdxwd7z2hIHd6sM2eU8QCZun0e/zECM=; b=O7NjihrKZrRZO4aDFiS2pfEOmI+QkxPQvJyVultgd8m1AWPgG4Bxj1Z42AF0eSbQKjMdL7 XrGAf4SH6WF0f4vl8upEBnUBcfMlolaK0SETqxbjY7d9IahNAp36H8MiVcfXbg7Us1Ct3G c8onuyR3fFwjPRoVB2YncZ8LAgwrDxYlHrpDGiSUY2R0ssumK52LV23IOmazI886YYjRUH JinOME3QWyAwbzRi9ExUveJb2IkLYStiD1fKPwuEzvNCV0pIInCf2SNwgzCdL0c9Ml9KuR YwRkcKM7IlZ+wpkwmL4gZwkCqdEWXvDphJ03g+5b75LZD03dwbR+M8yZ7llOzg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ultrarare.space header.s=dkim header.b=SiYPs69i; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707678673; a=rsa-sha256; cv=none; b=LW3s1m7AdFP38YwxbsMpzgkvWeqgpclvgJWh2yJxiJryKWHf2KUWdj6vuyukdJEIdjZApi Hpp+oJ6Og7H34I63rCX4atoSt3PMmNmhPd6WoSYm/HDeM3yRQ2UqChGsDOiJ7LT+JZJxWR waxQbwOClyL8PFih6Q1kMThsN0yzZQ+UaN5CH8SahbAaInBKvB5rF2jyJ3cUGS2GAzCwGd j/YAu2hWZBIH1gLY3Alc0ZWb+b6jMMZua9IUsah6MLLK5+YeZBLFuvXHAabVUQFgWoR6NG QCBAcfCLj7J1YNHS1qEo+lS/G/WtV6kG/r7z6nNqQ3O8tPzgBLflpFN47gQEbw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 68ABF6F1E8 for ; Sun, 11 Feb 2024 20:11:13 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rZFE2-0004rj-GM; Sun, 11 Feb 2024 14:10:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rZFDy-0004qi-Vn for guix-patches@gnu.org; Sun, 11 Feb 2024 14:10:47 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rZFDy-0008C7-MZ for guix-patches@gnu.org; Sun, 11 Feb 2024 14:10:46 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rZFEF-0005Q2-0h for guix-patches@gnu.org; Sun, 11 Feb 2024 14:11:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68524] [PATCH v2 1/2] gnu: bootloaders: Add uki packages. Resent-From: Hilton Chain Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 11 Feb 2024 19:11:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68524 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Lilah Tascheter Cc: Vagrant Cascadian , 68524@debbugs.gnu.org, Herman Rimm , Efraim Flashner Received: via spool by 68524-submit@debbugs.gnu.org id=B68524.170767862420728 (code B ref 68524); Sun, 11 Feb 2024 19:11:02 +0000 Received: (at 68524) by debbugs.gnu.org; 11 Feb 2024 19:10:24 +0000 Received: from localhost ([127.0.0.1]:40671 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rZFDY-0005O2-Rr for submit@debbugs.gnu.org; Sun, 11 Feb 2024 14:10:24 -0500 Received: from mail.boiledscript.com ([144.168.59.46]:56386) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rZEqc-0004I0-RD for 68524@debbugs.gnu.org; Sun, 11 Feb 2024 13:46:40 -0500 Date: Mon, 12 Feb 2024 02:37:59 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space; s=dkim; t=1707677091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gb106VRnv0W/Wdxwd7z2hIHd6sM2eU8QCZun0e/zECM=; b=SiYPs69ibFXRAXZ/7sWocN4HojmZ5n8l0gZMpXQ4siYEIvdDBEuymwuuSGzefcPvj2lJWY 83frMGQVm7vBVOvungRQnoVI3iIIWcTOEITLae34dCIdXAnAdcAFLkIVMVYWgZTPlSjoFC MV3F4MYjfdmxA3PZMyl2AbW8s9t5pGG/5mWTBoHA/gsOX4fFBfkohIGA12GjPQicSsgQr2 b1fsYnrDs91UMs9e4hgP6l3jGIHQ65qDDjiQZZzab91VLSdR4f5SZQ5MnFx3iiz20ju3Br ZOEZVNrQ4kNFtpW0tP5PK9OOAqW5qzz6x0dAgEt4kRDJhE/RZzbXgwnX99weSA== Message-ID: <87bk8mn8xk.wl-hako@ultrarare.space> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Hilton Chain X-ACL-Warn: , Hilton Chain via Guix-patches From: Hilton Chain via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.17 X-Migadu-Queue-Id: 68ABF6F1E8 X-Spam-Score: -7.17 X-Migadu-Scanner: mx11.migadu.com X-TUID: wlirImJvhtp7 Hi Lilah, On Sun, 28 Jan 2024 17:51:40 +0800, Lilah Tascheter via Guix-patches wrote: > > * gnu/packages/bootloaders.scm (systemd-stub-name): New procedure. > (systemd-version,systemd-source,systemd-stub,ukify): New variables. First of all, please split this commit into two commits, each adding a sing= le package. (Other comments are between quote blocks.) > Change-Id: I67776ec35d165afebc2eb4b11bea0459259e4bd8 > --- > gnu/packages/bootloaders.scm | 95 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 95 insertions(+) > > diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm > index 986f0ac035..b0d4979f44 100644 > --- a/gnu/packages/bootloaders.scm > +++ b/gnu/packages/bootloaders.scm > @@ -19,6 +19,7 @@ > ;;; Copyright =A9 2021 Stefan > ;;; Copyright =A9 2022, 2023 Maxim Cournoyer > ;;; Copyright =A9 2023 Herman Rimm > +;;; Copyright =A9 2024 Lilah Tascheter > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -46,11 +47,13 @@ (define-module (gnu packages bootloaders) > #:use-module (gnu packages compression) > #:use-module (gnu packages cross-base) > #:use-module (gnu packages disk) > + #:use-module (gnu packages efi) > #:use-module (gnu packages firmware) > #:use-module (gnu packages flex) > #:use-module (gnu packages fontutils) > #:use-module (gnu packages gcc) > #:use-module (gnu packages gettext) > + #:use-module (gnu packages gperf) > #:use-module (gnu packages linux) > #:use-module (gnu packages man) > #:use-module (gnu packages mtools) > @@ -71,11 +74,13 @@ (define-module (gnu packages bootloaders) > #:use-module (gnu packages valgrind) > #:use-module (gnu packages virtualization) > #:use-module (gnu packages xorg) > + #:use-module (gnu packages python-crypto) > #:use-module (gnu packages python-web) > #:use-module (gnu packages python-xyz) > #:use-module (guix build-system gnu) > #:use-module (guix build-system meson) > #:use-module (guix build-system pyproject) > + #:use-module (guix build-system python) > #:use-module (guix build-system trivial) > #:use-module (guix download) > #:use-module (guix gexp) > @@ -632,6 +637,96 @@ (define-public syslinux > ;; Also contains: > license:expat license:isc license:zlib))))) > > +(define systemd-version "255") > +(define systemd-source > + (origin > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/systemd/systemd") > + (commit (string-append "v" systemd-version)))) > + (file-name (git-file-name "systemd" systemd-version)) > + (sha256 > + (base32 > + "1qdyw9g3jgvsbc1aryr11gpc3075w5pg00mqv4pyf3hwixxkwaq6")))) > + > +(define-public (systemd-stub-name) > + (let ((arch (cond ((target-x86-32?) "ia32") > + ((target-x86-64?) "x64") > + ((target-arm32?) "arm") > + ((target-aarch64?) "aa64") > + ((target-riscv64?) "riscv64")))) > + (string-append "linux" arch ".efi.stub"))) How about exporting this procedure in the module definition instead? > + > +(define-public systemd-stub > + (package > + (name "systemd-stub") > + (version systemd-version) > + (source systemd-source) > + (build-system meson-build-system) > + (arguments > + (list > + #:configure-flags > + `(list "-Defi=3Dtrue" "-Dsbat-distro=3Dguix" > + "-Dsbat-distro-generation=3D1" ; package revision! > + "-Dsbat-distro-summary=3DGuix System" > + "-Dsbat-distro-url=3Dhttps://guix.gnu.org" > + ,(string-append "-Dsbat-distro-pkgname=3D" name) > + ,(string-append "-Dsbat-distro-version=3D" version)) Please use a G-expression for #:configure-flags, replace =A1name=A2 and =A1= version=A2 to =A1#$(package-name this-package)=A2 and =A1#$(package-version this-packa= ge)=A2. "-Dmode=3Drelease" can be added, too. > + #:phases > + #~(let ((stub #$(string-append "src/boot/efi/" (systemd-stub-nam= e)))) > + (modify-phases %standard-phases > + (replace 'build > + (lambda* (#:key parallel-build? #:allow-other-keys) > + (invoke "ninja" stub > + "-j" (if parallel-build? > + (number->string (parallel-job-count)) "1")))) > + (replace 'install > + (lambda _ > + (install-file stub (string-append #$output "/libexec")= ))) > + (delete 'check))))) > + (inputs (list libcap python-pyelftools `(,util-linux "lib"))) > + (native-inputs (list gperf pkg-config python-3 python-jinja2)) > + (home-page "https://systemd.io") I think its homepage has an ending slash, as in "https://systemd.io/". > + (synopsis "Unified kernel image UEFI stub") > + (description "Simple UEFi boot stub that loads a conjoined kernel im= age and > +supporting data to their proper locations, before chainloading to the ke= rnel. > +Supports measured and/or verified boot environments.") > + (license license:lgpl2.1+))) > + > +(define-public ukify > + (package > + (name "ukify") > + (version systemd-version) > + (source systemd-source) > + (build-system python-build-system) > + (arguments > + (list #:phases > + #~(modify-phases %standard-phases > + (replace 'build > + (lambda _ > + (substitute* "src/ukify/ukify.py" ; added in python = 3.11 > + (("datetime\\.UTC") "datetime.timezone.utc")))) It's likely that only =A1systemd-source=A2 will be touched in the future, s= o I'd suggest moving this substitution into =A1systemd-source=A2 as a snippet. > + (delete 'check) > + (replace 'install > + (lambda* (#:key inputs #:allow-other-keys) > + (let* ((bin (string-append #$output "/bin")) > + (file (string-append bin "/ukify")) > + (binutils (assoc-ref inputs "binutils")) > + (sbsign (assoc-ref inputs "sbsigntools"))) Getting inputs' path with =A1assoc-ref=A2 is not recommended. =A1search-in= put-file=A2 or =A1this-package-input=A2 can be used instead. > + (mkdir-p bin) > + (copy-file "src/ukify/ukify.py" file) > + (wrap-program file > + `("PATH" ":" prefix > + (,(string-append binutils "/bin") > + ,(string-append sbsign "/bin")))))))))) I'd suggest patching paths instead of wrapping programs when possible, for example, I have made one when reviewing this patch: --8<---------------cut here---------------start------------->8--- (replace 'install (lambda* (#:key inputs #:allow-other-keys) (let ((file (string-append #$output "/bin/ukify"))) (mkdir-p (dirname file)) (copy-file "src/ukify/ukify.py" file) (substitute* file (("(find_tool.'|'name': ')\\<(readelf|sbsign|sbverify)\\>" _ pre cmd) (string-append pre (search-input-file inputs (string-append "bin/" cmd)))))))) --8<---------------cut here---------------end--------------->8--- Note that one dependency, =A1pesign=A2, is currently missing from Guix, thu= s not handled here. I don't know if it has anything to do with our usage, but for the completen= ess of the package, I think we can package this dependency, or adding a comment around the =A1inputs=A2 field to indicate it's missing. > + (inputs (list binutils python-cryptography python-pefile sbsigntools= )) > + (home-page "https://systemd.io") Same as the homepage mentioned above. > + (synopsis "Unified kernel image UEFI tool") > + (description "@command{ukify} joins together a UKI stub, linux kerne= l, initrd, > +kernel arguments, and optional secure boot signatures into a single, UEF= I-bootable > +image.") > + (license license:lgpl2.1+))) > + > (define-public dtc > (package > (name "dtc") > -- > 2.41.0 Thanks