From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id cJZpJvfj316fPQAA0tVLHw (envelope-from ) for ; Tue, 09 Jun 2020 19:33:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 0BdVIvfj315WdAAAB5/wlQ (envelope-from ) for ; Tue, 09 Jun 2020 19:33:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 222D194042C for ; Tue, 9 Jun 2020 19:33:11 +0000 (UTC) Received: from localhost ([::1]:35790 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jijzh-0003ES-Ku for larch@yhetil.org; Tue, 09 Jun 2020 15:33:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51294) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jijza-0003EA-VY for guix-patches@gnu.org; Tue, 09 Jun 2020 15:33:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49421) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jijza-0005Nl-Ll for guix-patches@gnu.org; Tue, 09 Jun 2020 15:33:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jijza-0001ba-H3 for guix-patches@gnu.org; Tue, 09 Jun 2020 15:33:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#40579] [PATCH v2] gnu: Add iPXE. Resent-From: Brice Waegeneire Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 09 Jun 2020 19:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40579 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Danny Milosavljevic Cc: vincent.legoll@gmail.com, 40579@debbugs.gnu.org, me@tobias.gr Received: via spool by 40579-submit@debbugs.gnu.org id=B40579.15917311266109 (code B ref 40579); Tue, 09 Jun 2020 19:33:02 +0000 Received: (at 40579) by debbugs.gnu.org; 9 Jun 2020 19:32:06 +0000 Received: from localhost ([127.0.0.1]:60967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jijyb-0001a4-A5 for submit@debbugs.gnu.org; Tue, 09 Jun 2020 15:32:06 -0400 Received: from relay11.mail.gandi.net ([217.70.178.231]:52147) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jijyV-0001Zk-B4 for 40579@debbugs.gnu.org; Tue, 09 Jun 2020 15:31:59 -0400 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 8F213100002; Tue, 9 Jun 2020 19:31:47 +0000 (UTC) From: Brice Waegeneire In-Reply-To: <20200415224134.2014eee9@scratchpost.org> (Danny Milosavljevic's message of "Wed, 15 Apr 2020 22:41:34 +0200") References: <87tv1ommhu.fsf@nckx> <20200412232831.5876-1-me@tobias.gr> <20200415224134.2014eee9@scratchpost.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.91 (gnu/linux) Date: Tue, 09 Jun 2020 21:31:43 +0200 Message-ID: <87wo4gf334.fsf@waegenei.re> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 2.99 X-TUID: DcjpzA8cDgcW --=-=-= Content-Type: text/plain Hello Vincent, Tobias, Danny, Danny Milosavljevic writes: > ipxe.iso is not reproducible it seems. > > [...] The attached patch should be reproducible, it is based on v3 from Vincent. It adds the following: - generate a BUILD_ID based on the package's output hash - use 'let' to set BUILD_TIMESTAMP - set some useful options - add a patch that reset the timestamps of ipxe.iso - Brice --=-=-= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Description: [PATCH v4] gnu: Add iPXE. >From 5d6acaa49844ce1ad3f8ca4cba74be695901fb24 Mon Sep 17 00:00:00 2001 From: Vincent Legoll Date: Mon, 13 Apr 2020 01:28:31 +0200 Subject: [PATCH v4] gnu: Add iPXE. MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/bootloaders.scm (ipxe): New variable. * gnu/packages/patches/ipxe-reproducible-geniso.patch: New file =E2=80=A6 * gnu/local.mk (dist_patch_DATA): =E2=80=A6 add it. Co-authored-by: Tobias Geerinckx-Rice Co-authored-by: Brice Waegeneire --- gnu/local.mk | 1 + gnu/packages/bootloaders.scm | 122 ++++++++++++++++++ .../patches/ipxe-reproducible-geniso.patch | 78 +++++++++++ 3 files changed, 201 insertions(+) create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch diff --git a/gnu/local.mk b/gnu/local.mk index 33b344d41b..92ad64135a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1105,6 +1105,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \ + %D%/packages/patches/ipxe-reproducible-geniso.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jacal-fix-texinfo.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index ea80cf020e..c819c903e8 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -14,6 +14,8 @@ ;;; Copyright =C2=A9 2020 Jan (janneke) Nieuwenhuizen ;;; Copyright =C2=A9 2018, 2019, 2020 Vagrant Cascadian ;;; Copyright =C2=A9 2020 Pierre Langlois +;;; Copyright =C2=A9 2020 Vincent Legoll +;;; Copyright =C2=A9 2020 Brice Waegeneire ;;; ;;; This file is part of GNU Guix. ;;; @@ -1068,3 +1070,123 @@ systems so that they can be added to the bootloader= . It also works out how to boot existing GNU/Linux systems and detects what distribution is installed= in order to add a suitable bootloader menu entry.") (license license:gpl2+))) + +(define-public ipxe + ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest ver= sion + ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI sy= stem. + ;; + ;; TODO: Bump this timestamp at each modifications of the package (not o= nly + ;; for updates) by running: date +%s. + (let ((timestamp "1591706427")) + (package + (name "ipxe") + (version "1.20.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ipxe/ipxe") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (patches (search-patches "ipxe-reproducible-geniso.patch")) + (sha256 + (base32 + "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))= )) + (build-system gnu-build-system) + (arguments + `(#:modules ((guix build utils) + (guix build gnu-build-system) + (guix base32) + (ice-9 string-fun) + (ice-9 regex) + (rnrs bytevectors)) + #:imported-modules ((guix base32) + ,@%gnu-build-system-modules) + #:make-flags + ;; XXX: 'BUILD_ID' is used to determine when another ROM in the + ;; system contains identical code in order to save space within t= he + ;; legacy BIOS option ROM area, which is extremely limited in siz= e. + ;; It is supposed to be collision-free across all ROMs, to do so = we + ;; use the truncated output hash of the package. + (let ((build-id + (lambda (out) + (let* ((nix-store (string-append + (or (getenv "NIX_STORE") "/gnu/store") + "/")) + (filename + (string-replace-substring out nix-store "")) + (hash (match:substring (string-match "[0-9a-z]{32= }" + filename))) + (bv (nix-base32-string->bytevector hash))) + (format #f "0x~x" + (bytevector-u32-ref bv 0 (endianness big)))))) + (out (assoc-ref %outputs "out")) + (syslinux (assoc-ref %build-inputs "syslinux"))) + (list "ECHO_E_BIN_ECHO=3Decho" + "ECHO_E_BIN_ECHO_E=3Decho -e" + + ;; cdrtools' mkisofs will silently ignore a missing isoli= nux.bin! + ;; Luckily xorriso is more strict. + (string-append "ISOLINUX_BIN=3D" syslinux + "/share/syslinux/isolinux.bin") + (string-append "SYSLINUX_MBR_DISK_PATH=3D" syslinux + "/share/syslinux/isohdpfx.bin") + + ;; Build reproducibly. + (string-append "BUILD_ID_CMD=3Decho -n " (build-id out)) + (string-append "BUILD_TIMESTAMP=3D" ,timestamp) + "everything")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source-directory + (lambda _ (chdir "src") #t)) + (add-after 'enter-source-directory 'set-options + (lambda _ + (substitute* "config/general.h" + (("^//(#define PING_CMD.*)" _ uncommented) uncommented) + (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented) + uncommented) + (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option) + (string-append "#define " option)) + (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option) + (string-append "#define " option))) + #t)) + (delete 'configure) ; no configure script + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (ipxe (string-append out "/lib/ipxe")) + (exts-re + "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|us= b)$") + (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios" + "bin-x86_64-efi" "bin-x86_64-linux" "bin-i38= 6-efi")) + (files (apply append + (map (lambda (dir) + (find-files dir exts-re)) dirs)= ))) + (for-each (lambda (file) + (let* ((subdir (dirname file)) + (fn (basename file)) + (tgtsubdir (cond + ((string=3D? "bin" subdir)= "") + ((string-prefix? "bin-" su= bdir) + (string-drop subdir 4))))) + (install-file file + (string-append ipxe "/" tgtsu= bdir)))) + files)) + #t)) + (add-after 'install 'leave-source-directory + (lambda _ (chdir "..") #t))) + #:tests? #f)) ; no test suite + (native-inputs + `(("perl" ,perl) + ("syslinux" ,syslinux) + ("xorriso" ,xorriso))) + (home-page "https://ipxe.org") + (synopsis "PXE-compliant network boot firmware") + (description "iPXE is a network boot firmware. It provides a full P= XE +implementation enhanced with additional features such as booting from: a w= eb +server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a +wireless network, a wide-area network, an Infiniband network. It allows to +control the boot process with a script. You can use iPXE to replace the +existing PXE ROM on your network card, or you can chainload into iPXE to o= btain +the features of iPXE without the hassle of reflashing.") + (license license:gpl2+)))) diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/pack= ages/patches/ipxe-reproducible-geniso.patch new file mode 100644 index 0000000000..d3c97c3085 --- /dev/null +++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch @@ -0,0 +1,78 @@ +From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001 +From: Brice Waegeneire +Date: Fri, 5 Jun 2020 14:38:43 +0200 +Subject: [PATCH] [geniso] Make it reproducible + +Some timestamps get embedded in the generated ISO, making it +unreproducible so we overwrite those timestamps to be at the UNIX epoch. +--- + src/util/geniso | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/util/geniso b/src/util/geniso +index ff090d4a..e032ffb0 100755 +--- a/src/util/geniso ++++ b/src/util/geniso +@@ -11,6 +11,13 @@ function help() { + echo " -o FILE save iso image to file" + } +=20 ++function reset_timestamp() { ++ for f in "$1"/*; do ++ touch -t 197001010100 "$f" ++ done ++ touch -t 197001010100 "$1" ++} ++ + LEGACY=3D0 + FIRST=3D"" +=20 +@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then + exit 1 + fi +=20 +-# There should either be mkisofs or the compatible genisoimage program +-for command in genisoimage mkisofs; do ++# There should either be mkisofs, xorriso or the compatible genisoimage ++# program ++for command in xorriso genisoimage mkisofs; do + if ${command} --version >/dev/null 2>/dev/null; then + mkisofs=3D(${command}) + break +@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do + done +=20 + if [ -z "${mkisofs}" ]; then +- echo "${0}: mkisofs or genisoimage not found, please install or set PATH= " >&2 ++ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or= set PATH" >&2 + exit 1 ++elif [ "$mkisofs" =3D "xorriso" ]; then ++ mkisofs+=3D(-as mkisofs) + fi +=20 + dir=3D$(mktemp -d bin/iso.dir.XXXXXX) +@@ -115,6 +125,8 @@ case "${LEGACY}" in + exit 1 + fi +=20 ++ reset_timestamp "$dir" ++ + # generate the iso image + "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir} + ;; +@@ -127,6 +139,12 @@ case "${LEGACY}" in + cp ${LDLINUX_C32} ${dir} + fi +=20 ++ reset_timestamp "$dir" ++ ++ if [ "${mkisofs[0]}" =3D "xorriso" ]; then ++ mkisofs+=3D(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH") ++ fi ++ + # generate the iso image + "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-i= nfo-table -output ${OUT} ${dir} +=20 +--=20 +2.26.2 + --=20 2.26.2 --=-=-=--