From: Lilah Tascheter via Guix-patches <guix-patches@gnu.org>
To: 68525@debbugs.gnu.org
Cc: Lilah Tascheter <lilah@lunabee.space>,
Efraim Flashner <efraim@flashner.co.il>,
Vagrant Cascadian <vagrant@debian.org>
Subject: [bug#68525] [PATCH 1/2] gnu: bootloaders: Add uki packages.
Date: Tue, 16 Jan 2024 22:23:03 -0600 [thread overview]
Message-ID: <c0905637db21c4bb89714cbb9225d8f59f8911e1.1705465384.git.lilah@lunabee.space> (raw)
In-Reply-To: <cover.1705465384.git.lilah@lunabee.space>
* gnu/packages/bootloaders.scm (systemd-stub-name): New procedure.
(systemd-version,systemd-source,systemd-stub,ukify): New variables.
Change-Id: Ie27bdcbf2c03e895956295f94f280c304393ce8d
---
gnu/packages/bootloaders.scm | 94 ++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index c73a0e665d..32cbb4e704 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -46,11 +46,13 @@ (define-module (gnu packages bootloaders)
#:use-module (gnu packages compression)
#:use-module (gnu packages cross-base)
#:use-module (gnu packages disk)
+ #:use-module (gnu packages efi)
#:use-module (gnu packages firmware)
#:use-module (gnu packages flex)
#:use-module (gnu packages fontutils)
#:use-module (gnu packages gcc)
#:use-module (gnu packages gettext)
+ #:use-module (gnu packages gperf)
#:use-module (gnu packages linux)
#:use-module (gnu packages man)
#:use-module (gnu packages mtools)
@@ -71,11 +73,13 @@ (define-module (gnu packages bootloaders)
#:use-module (gnu packages valgrind)
#:use-module (gnu packages virtualization)
#:use-module (gnu packages xorg)
+ #:use-module (gnu packages python-crypto)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (guix build-system gnu)
#:use-module (guix build-system meson)
#:use-module (guix build-system pyproject)
+ #:use-module (guix build-system python)
#:use-module (guix build-system trivial)
#:use-module (guix download)
#:use-module (guix gexp)
@@ -632,6 +636,96 @@ (define-public syslinux
;; Also contains:
license:expat license:isc license:zlib)))))
+(define systemd-version "255")
+(define systemd-source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/systemd/systemd")
+ (commit (string-append "v" systemd-version))))
+ (file-name (git-file-name "systemd" systemd-version))
+ (sha256
+ (base32
+ "1qdyw9g3jgvsbc1aryr11gpc3075w5pg00mqv4pyf3hwixxkwaq6"))))
+
+(define-public (systemd-stub-name)
+ (let ((arch (cond ((target-x86-32?) "ia32")
+ ((target-x86-64?) "x64")
+ ((target-arm32?) "arm")
+ ((target-aarch64?) "aa64")
+ ((target-riscv64?) "riscv64"))))
+ (string-append "linux" arch ".efi.stub")))
+
+(define-public systemd-stub
+ (package
+ (name "systemd-stub")
+ (version systemd-version)
+ (source systemd-source)
+ (build-system meson-build-system)
+ (arguments
+ (list
+ #:configure-flags
+ `(list "-Defi=true" "-Dsbat-distro=guix"
+ "-Dsbat-distro-generation=1" ; package revision!
+ "-Dsbat-distro-summary=Guix System"
+ "-Dsbat-distro-url=https://guix.gnu.org"
+ ,(string-append "-Dsbat-distro-pkgname=" name)
+ ,(string-append "-Dsbat-distro-version=" version))
+ #:phases
+ #~(let ((stub #$(string-append "src/boot/efi/" (systemd-stub-name))))
+ (modify-phases %standard-phases
+ (replace 'build
+ (lambda* (#:key parallel-build? #:allow-other-keys)
+ (invoke "ninja" stub
+ "-j" (if parallel-build?
+ (number->string (parallel-job-count)) "1"))))
+ (replace 'install
+ (lambda _
+ (install-file stub (string-append #$output "/libexec"))))
+ (delete 'check)))))
+ (inputs (list libcap python-pyelftools `(,util-linux "lib")))
+ (native-inputs (list gperf pkg-config python-3 python-jinja2))
+ (home-page "https://systemd.io")
+ (synopsis "Unified kernel image UEFI stub")
+ (description "Simple UEFi boot stub that loads a conjoined kernel image and
+supporting data to their proper locations, before chainloading to the kernel.
+Supports measured and/or verified boot environments.")
+ (license license:lgpl2.1+)))
+
+(define-public ukify
+ (package
+ (name "ukify")
+ (version systemd-version)
+ (source systemd-source)
+ (build-system python-build-system)
+ (arguments
+ (list #:phases
+ #~(modify-phases %standard-phases
+ (replace 'build
+ (lambda _
+ (substitute* "src/ukify/ukify.py" ; added in python 3.11
+ (("datetime\\.UTC") "datetime.timezone.utc"))))
+ (delete 'check)
+ (replace 'install
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((bin (string-append #$output "/bin"))
+ (file (string-append bin "/ukify"))
+ (binutils (assoc-ref inputs "binutils"))
+ (sbsign (assoc-ref inputs "sbsigntools")))
+ (mkdir-p bin)
+ (copy-file "src/ukify/ukify.py" file)
+ (wrap-program file
+ `("PATH" ":" prefix
+ (,(string-append binutils "/bin")
+ ,(string-append sbsign "/bin"))))))))))
+ (inputs (list binutils python-cryptography python-pefile sbsigntools))
+ (home-page "https://systemd.io")
+ (synopsis "Unified kernel image UEFI tool")
+ (description "@command{ukify} joins together a UKI stub, linux kernel, initrd,
+kernel arguments, and optional secure boot signatures into a single, UEFI-bootable
+image.")
+ (license license:lgpl2.1+)))
+
(define-public dtc
(package
(name "dtc")
--
2.41.0
next prev parent reply other threads:[~2024-01-17 4:38 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-17 4:23 [bug#68524] [PATCH 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-01-17 4:23 ` Lilah Tascheter via Guix-patches [this message]
2024-01-17 4:23 ` [bug#68526] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-01-17 4:48 ` [bug#68524] [PATCH 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-01-17 4:48 ` [bug#68524] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-01-25 10:03 ` Herman Rimm via Guix-patches via
2024-01-28 0:50 ` Lilah Tascheter via Guix-patches
2024-01-28 9:51 ` [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-01-28 9:51 ` [bug#68524] [PATCH v2 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-02-11 18:37 ` Hilton Chain via Guix-patches via
2024-01-28 9:51 ` [bug#68524] [PATCH v2 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-02-11 18:39 ` Hilton Chain via Guix-patches via
2024-02-13 2:11 ` Lilah Tascheter via Guix-patches
2024-02-13 7:34 ` Lilah Tascheter via Guix-patches
2024-02-14 18:02 ` Hilton Chain via Guix-patches via
2024-02-11 18:37 ` [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot Hilton Chain via Guix-patches via
2024-02-20 1:08 ` [bug#68524] [PATCH " Nikolaos Chatzikonstantinou
2024-03-08 8:09 ` Lilah Tascheter via Guix-patches
2024-03-08 10:41 ` [bug#68524] Nikolaos Chatzikonstantinou
2024-03-23 19:40 ` [bug#68524] [PATCH 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-03-24 9:38 ` Nikolaos Chatzikonstantinou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c0905637db21c4bb89714cbb9225d8f59f8911e1.1705465384.git.lilah@lunabee.space \
--to=guix-patches@gnu.org \
--cc=68525@debbugs.gnu.org \
--cc=efraim@flashner.co.il \
--cc=lilah@lunabee.space \
--cc=vagrant@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).