* [bug#40579] [RFC PATCH] add iPXE.
@ 2020-04-12 17:59 Vincent Legoll
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
` (2 more replies)
0 siblings, 3 replies; 18+ messages in thread
From: Vincent Legoll @ 2020-04-12 17:59 UTC (permalink / raw)
To: 40579
[-- Attachment #1: Type: text/plain, Size: 518 bytes --]
Here is a patch for review that adds iPXE.
The licensing is "interesting", see:
https://ipxe.org/licensing
Is that a problem ?
There was no real install target in makefile, so I
added one, any hints on how to write that in a
cleaner way ?
I've put all firmware & rom images in $(out)/bin
Is there a better subdirectory to put such files ?
The double with-directory-excursion could be
handled with a single phase cd'ing into src, but I
can't find where I've seen that...
WDYT ?
--
Vincent Legoll
[-- Attachment #2: 0001-gnu-Add-iPXE.patch --]
[-- Type: text/x-patch, Size: 3589 bytes --]
From d0fcf7a69a7503e8fb5b61a4c1109ebfed208a40 Mon Sep 17 00:00:00 2001
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Sun, 12 Apr 2020 19:54:47 +0200
Subject: [PATCH] gnu: Add iPXE.
* gnu/packages/bootloaders.scm (ipxe): New variable.
---
gnu/packages/bootloaders.scm | 54 ++++++++++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index cadcc937e1..4b1f209540 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2019 nee <nee@cock.li>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -834,6 +835,59 @@ to Novena upstream, does not load u-boot.img from the first partition.")
`(("firmware" ,arm-trusted-firmware-rk3399)
,@(package-native-inputs base))))))
+(define-public ipxe
+ (package
+ (name "ipxe")
+ (version "1.20.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ipxe/ipxe")
+ (commit (string-append "v" version))))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases (modify-phases %standard-phases
+ (add-after 'unpack 'add-real-make-install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "src/Makefile"
+ (("^install :")
+ (string-append "install :"
+ "\n\t@$(MKDIR) -p "
+ (assoc-ref outputs "out") "/bin"
+ "\n\t@$(CP) $(ALL) "
+ (assoc-ref outputs "out") "/bin"
+ "\n\n__old_install :")))
+ #t))
+ (delete 'configure)
+ (replace 'build
+ (lambda _ (with-directory-excursion "src"
+ (invoke "make" "-j" (number->string
+ (parallel-job-count))))))
+ (replace 'install
+ (lambda _ (with-directory-excursion "src"
+ (invoke "make" "install")))))
+ #:tests? #f))
+ (native-inputs
+ `(("perl" ,perl)
+ ("syslinux" ,syslinux)
+ ("cdrtools" ,cdrtools)
+ ("mtools" ,mtools)
+ ("xz" ,xz)))
+ (home-page "https://ipxe.org")
+ (synopsis "PXE-compliant network boot firmware")
+ (description "iPXE is a network boot firmware. It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network. It allows to
+control the boot process with a script. You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+ (license license:gpl2+)))
+
(define-public vboot-utils
(package
(name "vboot-utils")
--
2.26.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [bug#40579] [RFC PATCH] add iPXE.
2020-04-12 17:59 [bug#40579] [RFC PATCH] add iPXE Vincent Legoll
@ 2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 18:58 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 19:46 ` Danny Milosavljevic
2021-01-12 21:44 ` [bug#40579] [PATCH 1/2] " Vincent Legoll
2021-01-14 8:33 ` bug#40579: [RFC PATCH] add iPXE Vincent Legoll
2 siblings, 2 replies; 18+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-04-12 18:47 UTC (permalink / raw)
To: 40579
[-- Attachment #1: Type: text/plain, Size: 3229 bytes --]
Vincent,
Thank you! Brief review, will build & maybe notice more later:
Vincent Legoll 写道:
> The licensing is "interesting", see:
>
> https://ipxe.org/licensing
>
> Is that a problem ?
Could you elaborate? What's "interesting" about it? That all
looks very boring and straightforward to me (which is good! :-) —
the result is GPL2-only, no?
+ (file-name (string-append name "-" version
"-checkout"))
You can use the GIT-FILE-NAME helper here.
+ `(#:phases (modify-phases %standard-phases
Aside: I'd indent arguments' #:keywords as
+ `(#:phases
+ (modify-phases %standard-phases
to give you more breathing room at deeper indentation levels.
It's
not needed now, but if someone were to add a new phase they might
have
to
do
annoying
things,
or re-indent the entire thing later, causing noise. Maybe that's
just me though.
+ (add-after 'unpack 'add-real-make-install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "src/Makefile"
+ (("^install :")
+ (string-append "install :"
+ "\n\t@$(MKDIR) -p "
+ (assoc-ref outputs "out")
"/bin"
+ "\n\t@$(CP) $(ALL) "
+ (assoc-ref outputs "out")
"/bin"
+ "\n\n__old_install :")))
Interesting approach! I'm OK with it; looking at ALL it wouldn't
be more readable or future-proff to use FIND-FILES & Scheme.
/bin is not the right place for these files. /lib/ipxe looks to
be the standard; let's use that.
+ (replace 'build
+ (lambda _ (with-directory-excursion "src"
+ (invoke "make" "-j"
(number->string
+
(parallel-job-count))))))
Let's, instead:
(add-after 'unpack 'enter-source-directory
(lambda _ (chdir "src") #t))
Don't worry, the state can't hurt you now. Now we can keep the
standard build & install phases.
It might be necessary to add a ‘leave-source-directory’ after
'install to make sure the licence files are still installed to
share/doc/.
+ #:tests? #f))
→ #:tests? #f)) ; no test suite
+ (native-inputs
Nitpick: sort? :-)
+ (synopsis "PXE-compliant network boot firmware")
I personally like the ‘these are just boot loaders’ angle, but
would users expect to find this in (gnu packages firmware)
instead? Shrug.
+ (license license:gpl2+)))
‘gpl2’ as mentioned above.
If you feel like it (there aren't that many files) you could list
the licences for each output binary, but that's optional. The
combined work appears to be GPL2.
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [RFC PATCH] add iPXE.
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2020-04-12 18:58 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 19:46 ` Danny Milosavljevic
1 sibling, 0 replies; 18+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-04-12 18:58 UTC (permalink / raw)
To: 40579
[-- Attachment #1: Type: text/plain, Size: 253 bytes --]
Tobias Geerinckx-Rice 写道:
> Brief review, will build & maybe notice more later:
Such as: we don't ship static (.a) libraries in Guix unless
something else (in Guix) needs them. Can we delete the 5.6-MiB
blib.a?
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [RFC PATCH] add iPXE.
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 18:58 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2020-04-12 19:46 ` Danny Milosavljevic
2020-04-12 21:18 ` Tobias Geerinckx-Rice via Guix-patches via
1 sibling, 1 reply; 18+ messages in thread
From: Danny Milosavljevic @ 2020-04-12 19:46 UTC (permalink / raw)
Cc: 40579, Tobias Geerinckx-Rice
[-- Attachment #1: Type: text/plain, Size: 1851 bytes --]
Hi,
On Sun, 12 Apr 2020 20:47:23 +0200
Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org> wrote:
> Could you elaborate? What's "interesting" about it? That all
> looks very boring and straightforward to me (which is good! :-) —
> the result is GPL2-only, no?
No, there are different makefile targets (rom output filenames) which will
result in different parts of ipxe to be built and included in the output.
There's special makefile targets for each of these targets to determine
the license that applies to each of the latter targets, respectively.
Unfortunately, there's no "all.license" target.
> /bin is not the right place for these files. /lib/ipxe looks to
> be the standard; let's use that.
I agree.
> Let's, instead:
>
> (add-after 'unpack 'enter-source-directory
> (lambda _ (chdir "src") #t))
>
> Don't worry, the state can't hurt you now. Now we can keep the
> standard build & install phases.
I agree.
> If you feel like it (there aren't that many files) you could list
> the licences for each output binary, but that's optional. The
> combined work appears to be GPL2.
Does it? Did you try to make all of the targets' license targets?
P.S. The following ROMs are not reproducible:
10222000.rom GPL2
10500940.rom GPL2
10ec8139.rom GPL2
15ad07b0.rom GPL2+
1af41000.rom GPL2+
8086100e.mrom GPL2+
8086100f.mrom GPL2+
808610d3.mrom GPL2+
80861209.rom GPL2+
ipxe.iso license checker doesn't work
rtl8139.rom GPL2
which are ALL of them except blib.a, ipxe.dsk, ipxe.lkrn, ipxe.pxe, ipxe.usb
and undionly.kpxe (this one has GPL2+) (which are not roms).
Note: Maybe also pass make-flags to overwrite those:
./Makefile.housekeeping:ECHO_E_BIN_ECHO := /bin/echo
./Makefile.housekeeping:ECHO_E_BIN_ECHO_E := /bin/echo -e
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [RFC PATCH] add iPXE.
2020-04-12 19:46 ` Danny Milosavljevic
@ 2020-04-12 21:18 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 23:28 ` [bug#40579] [PATCH v2] gnu: Add iPXE Tobias Geerinckx-Rice via Guix-patches via
0 siblings, 1 reply; 18+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-04-12 21:18 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: 40579
[-- Attachment #1: Type: text/plain, Size: 2426 bytes --]
Hullo Danny,
Danny Milosavljevic 写道:
> Tobias Geerinckx-Rice via Guix-patches via
> <guix-patches@gnu.org> wrote:
>
>> Could you elaborate? What's "interesting" about it? That all
>> looks very boring and straightforward to me (which is good! :-)
>> —
>> the result is GPL2-only, no?
>
> No, there are different makefile targets (rom output filenames)
> which will
> result in different parts of ipxe to be built and included in
> the output.
>
> There's special makefile targets for each of these targets to
> determine
> the license that applies to each of the latter targets,
> respectively.
OK. This was already clear.
I'm now convinced that this whole make target thing is a
misunderstanding and a distraction: iPXE licencing is not, in any
way, ‘generated on the fly by make rules’ or ‘unclear’ or
‘interesting’. It's boring. It's good. It's GPL2.
λ grep -hr '^FILE_LICENCE ( .* );' * | sort -u
FILE_LICENCE ( BSD2 );
FILE_LICENCE ( BSD3 );
FILE_LICENCE ( GPL2_ONLY );
FILE_LICENCE ( GPL2_OR_LATER );
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
FILE_LICENCE ( GPL_ANY );
FILE_LICENCE ( MIT );
FILE_LICENCE ( PUBLIC_DOMAIN );
Just a normal Free software package. Happens to bundle a Perl
script similar to <https://linux.die.net/man/1/licensecheck> (but
less useful). Nothing to see here.
> Did you try to make all of the targets' license targets?
No. I hope I've shown they're irrelevant now.
What is relevant is that some files are missing licence headers
(e.g. drivers/net/tg3/tg3_phy.c). However, this is so common as
to be standard (Guix wouldn't exist if we demanded headers in
every file) and COPYING says that these are licenced under ‘the
GPL’. That's… acceptable.
> P.S. The following ROMs are not reproducible:
>
> 10222000.rom GPL2
> 10500940.rom GPL2
> 10ec8139.rom GPL2
> 15ad07b0.rom GPL2+
> 1af41000.rom GPL2+
> 8086100e.mrom GPL2+
> 8086100f.mrom GPL2+
> 808610d3.mrom GPL2+
> 80861209.rom GPL2+
> ipxe.iso license checker doesn't work
> rtl8139.rom GPL2
Ooh, thanks for catching that.
I noticed that Debian installs a very different set of file(
name)s[0] than we do. I don't know what that means though.
Kind regards,
T G-R
[0]: https://packages.debian.org/sid/all/ipxe/filelist
https://packages.debian.org/sid/all/ipxe-qemu/filelist
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-04-12 21:18 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2020-04-12 23:28 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-14 15:11 ` [bug#40579] [PATCH v3] " Vincent Legoll
2020-04-15 20:41 ` [bug#40579] [PATCH v2] " Danny Milosavljevic
0 siblings, 2 replies; 18+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-04-12 23:28 UTC (permalink / raw)
To: 40579; +Cc: Vincent Legoll
From: Vincent Legoll <vincent.legoll@gmail.com>
* gnu/packages/bootloaders.scm (ipxe): New variable.
Co-authored-by Tobias Geerinckx-Rice <me@tobias.gr>
---
Vincent, Danny,
Danny Milosavljevic wrote:
> P.S. The following ROMs are not reproducible:
The ROMS were easily fixed by setting BUILD_ID_CMD to a static string.
The ISO was a pain. cdrtools' mkisofs seems to predate the concept of
reproducible builds. Switching to the modern Xorriso exposed another
bug: we weren't setting ISOLINUX_BIN, and cdrtools' mkisofs happily
created an ISO that probably never worked(?). Luckily, Xorriso
complained loudly.
The image still isn't reproducible, but it has much fewer dates in it
now and it actually boots ;-) [citation needed].
I've silenced some other annoying warnings during the build, and
applied some of my suggestions from my previous mail (not all though —
please do send a V3).
Neither mtools nor XZ were ever used. Why were they there?
Kind regards,
T G-R
gnu/packages/bootloaders.scm | 70 +++++++++++++++++++++++++++++++++++-
1 file changed, 69 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index cadcc937e1..112b079c1b 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -7,10 +7,11 @@
;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 nee <nee@cock.li>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -834,6 +835,73 @@ to Novena upstream, does not load u-boot.img from the first partition.")
`(("firmware" ,arm-trusted-firmware-rk3399)
,@(package-native-inputs base))))))
+(define-public ipxe
+ (package
+ (name "ipxe")
+ (version "1.20.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ipxe/ipxe")
+ (commit (string-append "v" version))))
+ (file-name (string-append name "-" version "-checkout"))
+ (sha256
+ (base32
+ "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags
+ (list "ECHO_E_BIN_ECHO=echo"
+ "ECHO_E_BIN_ECHO_E=echo -e"
+
+ ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin!
+ ;; Luckily xorriso is more strict.
+ (string-append "ISOLINUX_BIN=" (assoc-ref %build-inputs "syslinux")
+ "/share/syslinux/isolinux.bin")
+
+ ;; Build reproducibly.
+ "BUILD_ID_CMD=echo -n 0x78697547")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'enter-source-directory
+ (lambda _ (chdir "src") #t))
+ (add-before 'configure 'add-make-install-target
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (ipxe (string-append out "/share/ipxe")))
+ (substitute* "Makefile"
+ (("^install :")
+ (string-append "install :"
+ "\n\t@$(MKDIR) -p " ipxe
+ "\n\t@$(CP) $(ALL) " ipxe
+ "\n\n__old_install :")))
+ #t)))
+ (add-before 'configure 'use-xorriso
+ ;; Use xorriso's mkisofs emulation, which is better maintained and
+ ;; respects SOURCE_DATE_EPOCH to create a reproducible image.
+ (lambda _
+ (substitute* "util/geniso"
+ ((" genisoimage ") " \"xorriso -as mkisofs\" "))
+ #t))
+ (delete 'configure) ; no configure script
+ (add-after 'install 'leave-source-directory
+ (lambda _ (chdir "..") #t)))
+ #:tests? #f)) ; no test suite
+ (native-inputs
+ `(("perl" ,perl)
+ ("syslinux" ,syslinux)
+ ("xorriso" ,xorriso)))
+ (home-page "https://ipxe.org")
+ (synopsis "PXE-compliant network boot firmware")
+ (description "iPXE is a network boot firmware. It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network. It allows to
+control the boot process with a script. You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+ (license license:gpl2+)))
+
(define-public vboot-utils
(package
(name "vboot-utils")
--
2.25.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v3] gnu: Add iPXE.
2020-04-12 23:28 ` [bug#40579] [PATCH v2] gnu: Add iPXE Tobias Geerinckx-Rice via Guix-patches via
@ 2020-04-14 15:11 ` Vincent Legoll
2020-04-15 20:41 ` [bug#40579] [PATCH v2] " Danny Milosavljevic
1 sibling, 0 replies; 18+ messages in thread
From: Vincent Legoll @ 2020-04-14 15:11 UTC (permalink / raw)
To: Tobias Geerinckx-Rice, 40579
[-- Attachment #1: Type: text/plain, Size: 1260 bytes --]
Hello,
On 13/04/2020 01:28, Tobias Geerinckx-Rice wrote:
> The image still isn't reproducible, but it has much fewer dates in it
> now and it actually boots ;-) [citation needed].
I tried it in qemu, got confused by its own ipxe stack, but I
think it then went to isolinux which is from the ipxe.iso image...
> I've silenced some other annoying warnings during the build, and
> applied some of my suggestions from my previous mail (not all though —
> please do send a V3).
This new patch has the following changes:
* used git-file-name
* build everything, as I didn't know what subset to choose
* install everything in ...-ipxe-1.20.1/lib/ipxe with subdirs
for per-arch binaries: bin-i386, etc. You spoke about lib
but put them in share, so I choose to change to the former
* do the install phase in scheme, as it was easier to handle
the above item than to generate a proper makefile target
* only install files with specified extensions, this will get rid
of the .a and other irrelevant files
> Neither mtools nor XZ were ever used. Why were they there?
I initially added the inputs in bulk from the build instructions
on the website, and forgot to check their usefulness before
sending the patch RFC.
--
Vincent Legoll
[-- Attachment #2: 0001-gnu-Add-iPXE.patch --]
[-- Type: text/x-patch, Size: 5242 bytes --]
From a9313c42e8e07c501f1991ff98001bb3fc908584 Mon Sep 17 00:00:00 2001
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Mon, 13 Apr 2020 01:28:31 +0200
Subject: [PATCH] gnu: Add iPXE.
* gnu/packages/bootloaders.scm (ipxe): New variable.
Co-authored-by Tobias Geerinckx-Rice <me@tobias.gr>
---
gnu/packages/bootloaders.scm | 82 +++++++++++++++++++++++++++++++++++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index cadcc937e1..23dda99b2a 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -7,10 +7,11 @@
;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 nee <nee@cock.li>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -834,6 +835,85 @@ to Novena upstream, does not load u-boot.img from the first partition.")
`(("firmware" ,arm-trusted-firmware-rk3399)
,@(package-native-inputs base))))))
+(define-public ipxe
+ (package
+ (name "ipxe")
+ (version "1.20.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ipxe/ipxe")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags
+ (list "ECHO_E_BIN_ECHO=echo"
+ "ECHO_E_BIN_ECHO_E=echo -e"
+
+ ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin!
+ ;; Luckily xorriso is more strict.
+ (string-append "ISOLINUX_BIN=" (assoc-ref %build-inputs "syslinux")
+ "/share/syslinux/isolinux.bin")
+
+ ;; Build reproducibly.
+ "BUILD_ID_CMD=echo -n 0x78697547"
+ "everything")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'enter-source-directory
+ (lambda _ (chdir "src") #t))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (ipxe (string-append out "/lib/ipxe"))
+ (exts-re
+ "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$")
+ (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios"
+ "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi"))
+ (files (apply append
+ (map (lambda (dir)
+ (find-files dir exts-re)) dirs))))
+ (for-each (lambda (file)
+ (let* ((subdir (dirname file))
+ (fn (basename file))
+ (tgtsubdir (cond
+ ((string=? "bin" subdir) "")
+ ((string-prefix? "bin-" subdir)
+ (string-drop subdir 4)))))
+ (install-file file
+ (string-append ipxe "/" tgtsubdir))))
+ files))
+ #t))
+ (add-before 'configure 'use-xorriso
+ ;; Use xorriso's mkisofs emulation, which is better maintained and
+ ;; respects SOURCE_DATE_EPOCH to create a reproducible image.
+ (lambda _
+ (substitute* "util/geniso"
+ ((" genisoimage ") " \"xorriso -as mkisofs\" "))
+ #t))
+ (delete 'configure) ; no configure script
+ (add-after 'install 'leave-source-directory
+ (lambda _ (chdir "..") #t)))
+ #:tests? #f)) ; no test suite
+ (native-inputs
+ `(("perl" ,perl)
+ ("syslinux" ,syslinux)
+ ("xorriso" ,xorriso)))
+ (home-page "https://ipxe.org")
+ (synopsis "PXE-compliant network boot firmware")
+ (description "iPXE is a network boot firmware. It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network. It allows to
+control the boot process with a script. You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+ (license license:gpl2+)))
+
(define-public vboot-utils
(package
(name "vboot-utils")
--
2.26.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-04-12 23:28 ` [bug#40579] [PATCH v2] gnu: Add iPXE Tobias Geerinckx-Rice via Guix-patches via
2020-04-14 15:11 ` [bug#40579] [PATCH v3] " Vincent Legoll
@ 2020-04-15 20:41 ` Danny Milosavljevic
2020-04-15 20:55 ` Vincent Legoll
2020-06-09 19:31 ` Brice Waegeneire
1 sibling, 2 replies; 18+ messages in thread
From: Danny Milosavljevic @ 2020-04-15 20:41 UTC (permalink / raw)
To: 40579; +Cc: vincent.legoll, me
[-- Attachment #1: Type: text/plain, Size: 6389 bytes --]
Thanks.
ipxe.iso is not reproducible it seems.
--- /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1
+++ /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1-check
├── share
│ ├── ipxe
│ │ ├── ipxe.iso
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │┄ 'isoinfo' not available in path. Falling back to binary comparison.
│ │ │ @@ -7,15 +7,15 @@
│ │ │ 206d697373696e67206f7220636f72727570742e0d0a66606631d2660306f87b
│ │ │ 661316fc7b6652665006536a016a1089e666f736e87bc0e40688e188c592f636
│ │ │ ee7b88c608e141b801028a16f27bcd138d64106661c3e81e004f706572617469
│ │ │ 6e672073797374656d206c6f6164206572726f722e0d0a5eacb40e8a3e6204b3
│ │ │ 07cd103c0a75f1cd18f4ebfd0000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ -0000000000000000000000000000000088000000000000005e67d53200008000
│ │ │ +00000000000000000000000000000000880000000000000067458b6b00008000
│ │ │ 0100173f20000000000000080000000000000000000000000000000000000000
│ │ │ 00000000000000000000000000000000000000000000000000000000000055aa
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ @@ -1023,15 +1023,15 @@
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0143443030310100202020202020202020202020202020202020202020202020
│ │ │ 2020202020202020695058452020202020202020202020202020202020202020
│ │ │ 2020202020202020000000000000000070010000000001700000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000100000101000001
│ │ │ 000808000a0000000000000a1500000000000000000000160000000022001300
│ │ │ -000000000013000800000000080078040f142712000200000100000101002020
│ │ │ +000000000013000800000000080078040f142617000200000100000101002020
│ │ │ 2020202020202020202020202020202020202020202020202020202020202020
│ │ │ 2020202020202020202020202020202020202020202020202020202020202020
│ │ │ 2020202020202020202020202020202020202020202020202020202020202020
│ │ │ 2020202020202020202020202020202020202020202020202020202020204854
│ │ │ 54503a2f2f495058452e4f52472f202020202020202020202020202020202020
│ │ │ 2020202020202020202020202020202020202020202020202020202020202020
│ │ │ 2020202020202020202020202020202020202020202020202020202020202020
│ │ │ @@ -1210,37 +1210,37 @@
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ 0000000000000000000000000000000000000000000000000000000000000000
│ │ │ -84001300000000000013000800000000080078040f1427120002000001000001
│ │ │ +84001300000000000013000800000000080078040f1426170002000001000001
│ │ │ 010053500701beef0050582401c0410000000041c00100000000000001e70300
│ │ │ -00000003e7307500000000753054461a010e78040f1427120078040f14271200
│ │ │ -78040f1427120043451c0114000000000000140000000000000000ed00000000
│ │ │ -0000ed0060001300000000000013000800000000080078040f14271200020000
│ │ │ +00000003e7307500000000753054461a010e78040f1426170078040f14261700
│ │ │ +78040f1426170043451c0114000000000000140000000000000000ed00000000
│ │ │ +0000ed0060001300000000000013000800000000080078040f14261700020000
│ │ │ 01000001010150582401c0410000000041c00100000000000001e70300000000
│ │ │ -03e7307500000000753054461a010e78040f1427120078040f1427120078040f
│ │ │ -1427120078002100000000000021000800000000080046010100000100000000
│ │ │ +03e7307500000000753054461a010e78040f1426170078040f1426170078040f
│ │ │ +1426170078002100000000000021000800000000080046010100000100000000
│ │ │ 010000010a626f6f742e6361743b310050582401008100000000810001000000
│ │ │ 00000001e7030000000003e7307500000000753054461a010e46010100000100
│ │ │ 46010100000100460101000001004e4d0d0100626f6f742e6361740078003700
│ │ │ -000000000037c50a050000050ac578040f14271200000000010000010a697078
│ │ │ +000000000037c50a050000050ac578040f14261700000000010000010a697078
│ │ │ 652e6b726e3b310050582401a4810000000081a40100000000000001e7030000
│ │ │ -000003e7307500000000753054461a010e78040f1427120078040f1427120078
│ │ │ -040f142712004e4d0d0100697078652e6b726e008000220000000000002200a8
│ │ │ -00000000a80078040f14271200000000010000010e69736f6c696e75782e6269
│ │ │ +000003e7307500000000753054461a010e78040f1426170078040f1426170078
│ │ │ +040f142617004e4d0d0100697078652e6b726e008000220000000000002200a8
│ │ │ +00000000a80078040f14261700000000010000010e69736f6c696e75782e6269
│ │ │ 6e3b31005058240124810000000081240100000000000001e7030000000003e7
│ │ │ -307500000000753054461a010e78040f1427120078040f1427120078040f1427
│ │ │ -12004e4d11010069736f6c696e75782e62696e008000d9000000000000d99200
│ │ │ -00000000009278040f14271200000000010000010e69736f6c696e75782e6366
│ │ │ +307500000000753054461a010e78040f1426170078040f1426170078040f1426
│ │ │ +17004e4d11010069736f6c696e75782e62696e008000d9000000000000d99200
│ │ │ +00000000009278040f14261700000000010000010e69736f6c696e75782e6366
│ │ │ 673b310050582401a4810000000081a40100000000000001e7030000000003e7
│ │ │ -307500000000753054461a010e78040f1427120078040f1427120078040f1427
[...]
Otherwise really cool!
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-04-15 20:41 ` [bug#40579] [PATCH v2] " Danny Milosavljevic
@ 2020-04-15 20:55 ` Vincent Legoll
2020-06-09 19:31 ` Brice Waegeneire
1 sibling, 0 replies; 18+ messages in thread
From: Vincent Legoll @ 2020-04-15 20:55 UTC (permalink / raw)
To: dannym, 40579; +Cc: me
Hello,
On 15/04/2020 22:41, Danny Milosavljevic wrote:
> ipxe.iso is not reproducible it seems.
>
> --- /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1
> +++ /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1-check
> ├── share
> │ ├── ipxe
> │ │ ├── ipxe.iso
> │ │ │┄ xxd not available in path. Falling back to Python hexlify.
> │ │ │┄ 'isoinfo' not available in path. Falling back to binary comparison.
> [...]
>
> Otherwise really cool!
I'll try to have a look, but that's a first for me...
Does this prevent merging ?
--
Vincent Legoll
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-04-15 20:41 ` [bug#40579] [PATCH v2] " Danny Milosavljevic
2020-04-15 20:55 ` Vincent Legoll
@ 2020-06-09 19:31 ` Brice Waegeneire
2020-06-09 19:58 ` Vincent Legoll
1 sibling, 1 reply; 18+ messages in thread
From: Brice Waegeneire @ 2020-06-09 19:31 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: vincent.legoll, 40579, me
[-- Attachment #1: Type: text/plain, Size: 418 bytes --]
Hello Vincent, Tobias, Danny,
Danny Milosavljevic <dannym@scratchpost.org> writes:
> ipxe.iso is not reproducible it seems.
>
> [...]
The attached patch should be reproducible, it is based on v3 from
Vincent.
It adds the following:
- generate a BUILD_ID based on the package's output hash
- use 'let' to set BUILD_TIMESTAMP
- set some useful options
- add a patch that reset the timestamps of ipxe.iso
- Brice
[-- Attachment #2: [PATCH v4] gnu: Add iPXE. --]
[-- Type: text/plain, Size: 11131 bytes --]
From 5d6acaa49844ce1ad3f8ca4cba74be695901fb24 Mon Sep 17 00:00:00 2001
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Mon, 13 Apr 2020 01:28:31 +0200
Subject: [PATCH v4] gnu: Add iPXE.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* gnu/packages/bootloaders.scm (ipxe): New variable.
* gnu/packages/patches/ipxe-reproducible-geniso.patch: New file …
* gnu/local.mk (dist_patch_DATA): … add it.
Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
---
gnu/local.mk | 1 +
gnu/packages/bootloaders.scm | 122 ++++++++++++++++++
.../patches/ipxe-reproducible-geniso.patch | 78 +++++++++++
3 files changed, 201 insertions(+)
create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 33b344d41b..92ad64135a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1105,6 +1105,7 @@ dist_patch_DATA = \
%D%/packages/patches/inetutils-hurd.patch \
%D%/packages/patches/inkscape-poppler-0.76.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
+ %D%/packages/patches/ipxe-reproducible-geniso.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
%D%/packages/patches/isl-0.11.1-aarch64-support.patch \
%D%/packages/patches/jacal-fix-texinfo.patch \
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index ea80cf020e..c819c903e8 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -14,6 +14,8 @@
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
+;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1068,3 +1070,123 @@ systems so that they can be added to the bootloader. It also works out how to
boot existing GNU/Linux systems and detects what distribution is installed in
order to add a suitable bootloader menu entry.")
(license license:gpl2+)))
+
+(define-public ipxe
+ ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version
+ ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system.
+ ;;
+ ;; TODO: Bump this timestamp at each modifications of the package (not only
+ ;; for updates) by running: date +%s.
+ (let ((timestamp "1591706427"))
+ (package
+ (name "ipxe")
+ (version "1.20.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ipxe/ipxe")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (patches (search-patches "ipxe-reproducible-geniso.patch"))
+ (sha256
+ (base32
+ "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:modules ((guix build utils)
+ (guix build gnu-build-system)
+ (guix base32)
+ (ice-9 string-fun)
+ (ice-9 regex)
+ (rnrs bytevectors))
+ #:imported-modules ((guix base32)
+ ,@%gnu-build-system-modules)
+ #:make-flags
+ ;; XXX: 'BUILD_ID' is used to determine when another ROM in the
+ ;; system contains identical code in order to save space within the
+ ;; legacy BIOS option ROM area, which is extremely limited in size.
+ ;; It is supposed to be collision-free across all ROMs, to do so we
+ ;; use the truncated output hash of the package.
+ (let ((build-id
+ (lambda (out)
+ (let* ((nix-store (string-append
+ (or (getenv "NIX_STORE") "/gnu/store")
+ "/"))
+ (filename
+ (string-replace-substring out nix-store ""))
+ (hash (match:substring (string-match "[0-9a-z]{32}"
+ filename)))
+ (bv (nix-base32-string->bytevector hash)))
+ (format #f "0x~x"
+ (bytevector-u32-ref bv 0 (endianness big))))))
+ (out (assoc-ref %outputs "out"))
+ (syslinux (assoc-ref %build-inputs "syslinux")))
+ (list "ECHO_E_BIN_ECHO=echo"
+ "ECHO_E_BIN_ECHO_E=echo -e"
+
+ ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin!
+ ;; Luckily xorriso is more strict.
+ (string-append "ISOLINUX_BIN=" syslinux
+ "/share/syslinux/isolinux.bin")
+ (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux
+ "/share/syslinux/isohdpfx.bin")
+
+ ;; Build reproducibly.
+ (string-append "BUILD_ID_CMD=echo -n " (build-id out))
+ (string-append "BUILD_TIMESTAMP=" ,timestamp)
+ "everything"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'enter-source-directory
+ (lambda _ (chdir "src") #t))
+ (add-after 'enter-source-directory 'set-options
+ (lambda _
+ (substitute* "config/general.h"
+ (("^//(#define PING_CMD.*)" _ uncommented) uncommented)
+ (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented)
+ uncommented)
+ (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option)
+ (string-append "#define " option))
+ (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option)
+ (string-append "#define " option)))
+ #t))
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (ipxe (string-append out "/lib/ipxe"))
+ (exts-re
+ "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$")
+ (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios"
+ "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi"))
+ (files (apply append
+ (map (lambda (dir)
+ (find-files dir exts-re)) dirs))))
+ (for-each (lambda (file)
+ (let* ((subdir (dirname file))
+ (fn (basename file))
+ (tgtsubdir (cond
+ ((string=? "bin" subdir) "")
+ ((string-prefix? "bin-" subdir)
+ (string-drop subdir 4)))))
+ (install-file file
+ (string-append ipxe "/" tgtsubdir))))
+ files))
+ #t))
+ (add-after 'install 'leave-source-directory
+ (lambda _ (chdir "..") #t)))
+ #:tests? #f)) ; no test suite
+ (native-inputs
+ `(("perl" ,perl)
+ ("syslinux" ,syslinux)
+ ("xorriso" ,xorriso)))
+ (home-page "https://ipxe.org")
+ (synopsis "PXE-compliant network boot firmware")
+ (description "iPXE is a network boot firmware. It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network. It allows to
+control the boot process with a script. You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+ (license license:gpl2+))))
diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/packages/patches/ipxe-reproducible-geniso.patch
new file mode 100644
index 0000000000..d3c97c3085
--- /dev/null
+++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch
@@ -0,0 +1,78 @@
+From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001
+From: Brice Waegeneire <brice@waegenei.re>
+Date: Fri, 5 Jun 2020 14:38:43 +0200
+Subject: [PATCH] [geniso] Make it reproducible
+
+Some timestamps get embedded in the generated ISO, making it
+unreproducible so we overwrite those timestamps to be at the UNIX epoch.
+---
+ src/util/geniso | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/geniso b/src/util/geniso
+index ff090d4a..e032ffb0 100755
+--- a/src/util/geniso
++++ b/src/util/geniso
+@@ -11,6 +11,13 @@ function help() {
+ echo " -o FILE save iso image to file"
+ }
+
++function reset_timestamp() {
++ for f in "$1"/*; do
++ touch -t 197001010100 "$f"
++ done
++ touch -t 197001010100 "$1"
++}
++
+ LEGACY=0
+ FIRST=""
+
+@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then
+ exit 1
+ fi
+
+-# There should either be mkisofs or the compatible genisoimage program
+-for command in genisoimage mkisofs; do
++# There should either be mkisofs, xorriso or the compatible genisoimage
++# program
++for command in xorriso genisoimage mkisofs; do
+ if ${command} --version >/dev/null 2>/dev/null; then
+ mkisofs=(${command})
+ break
+@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do
+ done
+
+ if [ -z "${mkisofs}" ]; then
+- echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
++ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2
+ exit 1
++elif [ "$mkisofs" = "xorriso" ]; then
++ mkisofs+=(-as mkisofs)
+ fi
+
+ dir=$(mktemp -d bin/iso.dir.XXXXXX)
+@@ -115,6 +125,8 @@ case "${LEGACY}" in
+ exit 1
+ fi
+
++ reset_timestamp "$dir"
++
+ # generate the iso image
+ "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
+ ;;
+@@ -127,6 +139,12 @@ case "${LEGACY}" in
+ cp ${LDLINUX_C32} ${dir}
+ fi
+
++ reset_timestamp "$dir"
++
++ if [ "${mkisofs[0]}" = "xorriso" ]; then
++ mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH")
++ fi
++
+ # generate the iso image
+ "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
+
+--
+2.26.2
+
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-06-09 19:31 ` Brice Waegeneire
@ 2020-06-09 19:58 ` Vincent Legoll
2020-06-09 20:11 ` Brice Waegeneire
0 siblings, 1 reply; 18+ messages in thread
From: Vincent Legoll @ 2020-06-09 19:58 UTC (permalink / raw)
To: Brice Waegeneire, Danny Milosavljevic; +Cc: 40579, me
Hello,
On 09/06/2020 21:31, Brice Waegeneire wrote:
> Danny Milosavljevic <dannym@scratchpost.org> writes:
>
>> ipxe.iso is not reproducible it seems.
>>
>> [...]
>
> The attached patch should be reproducible, it is based on v3 from
> Vincent.
>
> It adds the following:
> - generate a BUILD_ID based on the package's output hash
> - use 'let' to set BUILD_TIMESTAMP
> - set some useful options
> - add a patch that reset the timestamps of ipxe.iso
Nice and thanks for taking care of this, I've got less time to
contribute lately.
Did you try to upstream the reproducibility patch ?
Should be straightforward enough.
--
Vincent Legoll
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-06-09 19:58 ` Vincent Legoll
@ 2020-06-09 20:11 ` Brice Waegeneire
2021-01-12 21:01 ` Vincent Legoll
0 siblings, 1 reply; 18+ messages in thread
From: Brice Waegeneire @ 2020-06-09 20:11 UTC (permalink / raw)
To: Vincent Legoll; +Cc: Danny Milosavljevic, 40579, me
Vincent Legoll <vincent.legoll@gmail.com> writes:
> On 09/06/2020 21:31, Brice Waegeneire wrote:
>> Danny Milosavljevic <dannym@scratchpost.org> writes:
>>
>>> ipxe.iso is not reproducible it seems.
>>>
>>> [...]
>> The attached patch should be reproducible, it is based on v3 from
>> Vincent.
>> It adds the following:
>> - generate a BUILD_ID based on the package's output hash
>> - use 'let' to set BUILD_TIMESTAMP
>> - set some useful options
>> - add a patch that reset the timestamps of ipxe.iso
>
> Nice and thanks for taking care of this, I've got less time to
> contribute lately.
>
> Did you try to upstream the reproducibility patch ?
> Should be straightforward enough.
No problem :)
No I didn't submit it to upstream, I got frighten by the answers to a
much smaller patch from a Debian team member about reproduciblity[0][1].
Those threads were useful to make our build reproducible tho.
[0]: https://lists.ipxe.org/pipermail/ipxe-devel/2020-May/007023.html
[1]: https://lists.ipxe.org/pipermail/ipxe-devel/2020-May/007051.html
- Brice
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH v2] gnu: Add iPXE.
2020-06-09 20:11 ` Brice Waegeneire
@ 2021-01-12 21:01 ` Vincent Legoll
0 siblings, 0 replies; 18+ messages in thread
From: Vincent Legoll @ 2021-01-12 21:01 UTC (permalink / raw)
To: Brice Waegeneire; +Cc: 40579
Hello,
I'll try to forward-port this latest version,
then update to 1.21.1 and resubmit here
--
Vincent Legoll
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH 1/2] gnu: Add iPXE.
2020-04-12 17:59 [bug#40579] [RFC PATCH] add iPXE Vincent Legoll
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2021-01-12 21:44 ` Vincent Legoll
2021-01-12 21:44 ` [bug#40579] [PATCH 2/2] gnu: ipxe: Update to 1.21.1 Vincent Legoll
2021-01-12 21:47 ` [bug#40579] [PATCH 1/2] gnu: Add iPXE Vincent Legoll
2021-01-14 8:33 ` bug#40579: [RFC PATCH] add iPXE Vincent Legoll
2 siblings, 2 replies; 18+ messages in thread
From: Vincent Legoll @ 2021-01-12 21:44 UTC (permalink / raw)
To: 40579; +Cc: brice, Vincent Legoll
* gnu/packages/bootloaders.scm (ipxe): New variable.
* gnu/packages/patches/ipxe-reproducible-geniso.patch: New file …
* gnu/local.mk (dist_patch_DATA): … add it.
Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
---
gnu/local.mk | 1 +
gnu/packages/bootloaders.scm | 125 +++++++++++++++++-
.../patches/ipxe-reproducible-geniso.patch | 77 +++++++++++
3 files changed, 202 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index bcf7ee0245..eb28104add 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1184,6 +1184,7 @@ dist_patch_DATA = \
%D%/packages/patches/intel-xed-fix-nondeterminism.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/iputils-libcap-compat.patch \
+ %D%/packages/patches/ipxe-reproducible-geniso.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
%D%/packages/patches/isl-0.11.1-aarch64-support.patch \
%D%/packages/patches/json-c-CVE-2020-12762.patch \
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 9ca574a151..38dba4cebd 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -7,12 +7,14 @@
;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019, 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 nee <nee@cock.li>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2021 Vincent Legoll <vincent.legoll@gmail.com>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1095,3 +1097,124 @@ systems so that they can be added to the bootloader. It also works out how to
boot existing GNU/Linux systems and detects what distribution is installed in
order to add a suitable bootloader menu entry.")
(license license:gpl2+)))
+
+(define-public ipxe
+ ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version
+ ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system.
+ ;;
+ ;; TODO: Bump this timestamp at each modifications of the package (not only
+ ;; for updates) by running: date +%s.
+ (let ((timestamp "1591706427"))
+ (package
+ (name "ipxe")
+ (version "1.20.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ipxe/ipxe")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (patches (search-patches "ipxe-reproducible-geniso.patch"))
+ (sha256
+ (base32
+ "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:modules ((guix build utils)
+ (guix build gnu-build-system)
+ (guix base32)
+ (ice-9 string-fun)
+ (ice-9 regex)
+ (rnrs bytevectors))
+ #:imported-modules ((guix base32)
+ ,@%gnu-build-system-modules)
+ #:make-flags
+ ;; XXX: 'BUILD_ID' is used to determine when another ROM in the
+ ;; system contains identical code in order to save space within the
+ ;; legacy BIOS option ROM area, which is extremely limited in size.
+ ;; It is supposed to be collision-free across all ROMs, to do so we
+ ;; use the truncated output hash of the package.
+ (let ((build-id
+ (lambda (out)
+ (let* ((nix-store (string-append
+ (or (getenv "NIX_STORE") "/gnu/store")
+ "/"))
+ (filename
+ (string-replace-substring out nix-store ""))
+ (hash (match:substring (string-match "[0-9a-z]{32}"
+ filename)))
+ (bv (nix-base32-string->bytevector hash)))
+ (format #f "0x~x"
+ (bytevector-u32-ref bv 0 (endianness big))))))
+ (out (assoc-ref %outputs "out"))
+ (syslinux (assoc-ref %build-inputs "syslinux")))
+ (list "ECHO_E_BIN_ECHO=echo"
+ "ECHO_E_BIN_ECHO_E=echo -e"
+
+ ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin!
+ ;; Luckily xorriso is more strict.
+ (string-append "ISOLINUX_BIN=" syslinux
+ "/share/syslinux/isolinux.bin")
+ (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux
+ "/share/syslinux/isohdpfx.bin")
+
+ ;; Build reproducibly.
+ (string-append "BUILD_ID_CMD=echo -n " (build-id out))
+ (string-append "BUILD_TIMESTAMP=" ,timestamp)
+ "everything"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'enter-source-directory
+ (lambda _ (chdir "src") #t))
+ (add-after 'enter-source-directory 'set-options
+ (lambda _
+ (substitute* "config/general.h"
+ (("^//(#define PING_CMD.*)" _ uncommented) uncommented)
+ (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented)
+ uncommented)
+ (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option)
+ (string-append "#define " option))
+ (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option)
+ (string-append "#define " option)))
+ #t))
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (ipxe (string-append out "/lib/ipxe"))
+ (exts-re
+ "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$")
+ (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios"
+ "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi"))
+ (files (apply append
+ (map (lambda (dir)
+ (find-files dir exts-re)) dirs))))
+ (for-each (lambda (file)
+ (let* ((subdir (dirname file))
+ (fn (basename file))
+ (tgtsubdir (cond
+ ((string=? "bin" subdir) "")
+ ((string-prefix? "bin-" subdir)
+ (string-drop subdir 4)))))
+ (install-file file
+ (string-append ipxe "/" tgtsubdir))))
+ files))
+ #t))
+ (add-after 'install 'leave-source-directory
+ (lambda _ (chdir "..") #t)))
+ #:tests? #f)) ; no test suite
+ (native-inputs
+ `(("perl" ,perl)
+ ("syslinux" ,syslinux)
+ ("xorriso" ,xorriso)))
+ (home-page "https://ipxe.org")
+ (synopsis "PXE-compliant network boot firmware")
+ (description "iPXE is a network boot firmware. It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network. It allows to
+control the boot process with a script. You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+ (license license:gpl2+))))
+
diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/packages/patches/ipxe-reproducible-geniso.patch
new file mode 100644
index 0000000000..ff6aa1da94
--- /dev/null
+++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch
@@ -0,0 +1,77 @@
+From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001
+From: Brice Waegeneire <brice@waegenei.re>
+Date: Fri, 5 Jun 2020 14:38:43 +0200
+Subject: [PATCH] [geniso] Make it reproducible
+
+Some timestamps get embedded in the generated ISO, making it
+unreproducible so we overwrite those timestamps to be at the UNIX epoch.
+---
+ src/util/geniso | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/geniso b/src/util/geniso
+index ff090d4a..e032ffb0 100755
+--- a/src/util/geniso
++++ b/src/util/geniso
+@@ -11,6 +11,13 @@ function help() {
+ echo " -o FILE save iso image to file"
+ }
+
++function reset_timestamp() {
++ for f in "$1"/*; do
++ touch -t 197001010100 "$f"
++ done
++ touch -t 197001010100 "$1"
++}
++
+ LEGACY=0
+ FIRST=""
+
+@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then
+ exit 1
+ fi
+
+-# There should either be mkisofs or the compatible genisoimage program
+-for command in genisoimage mkisofs; do
++# There should either be mkisofs, xorriso or the compatible genisoimage
++# program
++for command in xorriso genisoimage mkisofs; do
+ if ${command} --version >/dev/null 2>/dev/null; then
+ mkisofs=(${command})
+ break
+@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do
+ done
+
+ if [ -z "${mkisofs}" ]; then
+- echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
++ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2
+ exit 1
++elif [ "$mkisofs" = "xorriso" ]; then
++ mkisofs+=(-as mkisofs)
+ fi
+
+ dir=$(mktemp -d bin/iso.dir.XXXXXX)
+@@ -115,6 +125,8 @@ case "${LEGACY}" in
+ exit 1
+ fi
+
++ reset_timestamp "$dir"
++
+ # generate the iso image
+ "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
+ ;;
+@@ -127,6 +139,12 @@ case "${LEGACY}" in
+ cp ${LDLINUX_C32} ${dir}
+ fi
+
++ reset_timestamp "$dir"
++
++ if [ "${mkisofs[0]}" = "xorriso" ]; then
++ mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH")
++ fi
++
+ # generate the iso image
+ "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
+
+--
+2.26.2
--
2.30.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH 2/2] gnu: ipxe: Update to 1.21.1.
2021-01-12 21:44 ` [bug#40579] [PATCH 1/2] " Vincent Legoll
@ 2021-01-12 21:44 ` Vincent Legoll
2021-01-12 21:47 ` [bug#40579] [PATCH 1/2] gnu: Add iPXE Vincent Legoll
1 sibling, 0 replies; 18+ messages in thread
From: Vincent Legoll @ 2021-01-12 21:44 UTC (permalink / raw)
To: 40579; +Cc: brice, Vincent Legoll
* gnu/packages/bootloaders.scm (ipxe): Update to 1.21.1.
---
gnu/packages/bootloaders.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 38dba4cebd..88abe29a1e 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -1107,7 +1107,7 @@ order to add a suitable bootloader menu entry.")
(let ((timestamp "1591706427"))
(package
(name "ipxe")
- (version "1.20.1")
+ (version "1.21.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -1117,7 +1117,7 @@ order to add a suitable bootloader menu entry.")
(patches (search-patches "ipxe-reproducible-geniso.patch"))
(sha256
(base32
- "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+ "1pkf1n1c0rdlzfls8fvjvi1sd9xjd9ijqlyz3wigr70ijcv6x8i9"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build utils)
--
2.30.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH 1/2] gnu: Add iPXE.
2021-01-12 21:44 ` [bug#40579] [PATCH 1/2] " Vincent Legoll
2021-01-12 21:44 ` [bug#40579] [PATCH 2/2] gnu: ipxe: Update to 1.21.1 Vincent Legoll
@ 2021-01-12 21:47 ` Vincent Legoll
2021-01-14 0:53 ` Danny Milosavljevic
1 sibling, 1 reply; 18+ messages in thread
From: Vincent Legoll @ 2021-01-12 21:47 UTC (permalink / raw)
To: 40579; +Cc: Brice Waegeneire
The 2 versions 1.20.1 & 1.21.1 passed:
./pre-inst-env guix build --rounds=6
successfuly with this package recipe.
Thanks for all the involved people !
--
Vincent Legoll
^ permalink raw reply [flat|nested] 18+ messages in thread
* [bug#40579] [PATCH 1/2] gnu: Add iPXE.
2021-01-12 21:47 ` [bug#40579] [PATCH 1/2] gnu: Add iPXE Vincent Legoll
@ 2021-01-14 0:53 ` Danny Milosavljevic
0 siblings, 0 replies; 18+ messages in thread
From: Danny Milosavljevic @ 2021-01-14 0:53 UTC (permalink / raw)
To: Vincent Legoll; +Cc: 40579, Brice Waegeneire
[-- Attachment #1: Type: text/plain, Size: 380 bytes --]
Hi Vincent,
On Tue, 12 Jan 2021 22:47:10 +0100
Vincent Legoll <vincent.legoll@gmail.com> wrote:
> The 2 versions 1.20.1 & 1.21.1 passed:
> ./pre-inst-env guix build --rounds=6
> successfuly with this package recipe.
I've pushed both patches to guix master
as commits aeed7218a933054806edd246548346e9edc327c4
and ca34b6f04559adc91c29fc5f7432b37c1486a0c3.
Thanks!
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#40579: [RFC PATCH] add iPXE.
2020-04-12 17:59 [bug#40579] [RFC PATCH] add iPXE Vincent Legoll
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
2021-01-12 21:44 ` [bug#40579] [PATCH 1/2] " Vincent Legoll
@ 2021-01-14 8:33 ` Vincent Legoll
2 siblings, 0 replies; 18+ messages in thread
From: Vincent Legoll @ 2021-01-14 8:33 UTC (permalink / raw)
To: 40579-DONE
Thanks a lot Danny !
--
Vincent Legoll
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2021-01-14 8:36 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-12 17:59 [bug#40579] [RFC PATCH] add iPXE Vincent Legoll
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 18:58 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 19:46 ` Danny Milosavljevic
2020-04-12 21:18 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 23:28 ` [bug#40579] [PATCH v2] gnu: Add iPXE Tobias Geerinckx-Rice via Guix-patches via
2020-04-14 15:11 ` [bug#40579] [PATCH v3] " Vincent Legoll
2020-04-15 20:41 ` [bug#40579] [PATCH v2] " Danny Milosavljevic
2020-04-15 20:55 ` Vincent Legoll
2020-06-09 19:31 ` Brice Waegeneire
2020-06-09 19:58 ` Vincent Legoll
2020-06-09 20:11 ` Brice Waegeneire
2021-01-12 21:01 ` Vincent Legoll
2021-01-12 21:44 ` [bug#40579] [PATCH 1/2] " Vincent Legoll
2021-01-12 21:44 ` [bug#40579] [PATCH 2/2] gnu: ipxe: Update to 1.21.1 Vincent Legoll
2021-01-12 21:47 ` [bug#40579] [PATCH 1/2] gnu: Add iPXE Vincent Legoll
2021-01-14 0:53 ` Danny Milosavljevic
2021-01-14 8:33 ` bug#40579: [RFC PATCH] add iPXE Vincent Legoll
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).