From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eF+yL5IY/l8WTgAA0tVLHw (envelope-from ) for ; Tue, 12 Jan 2021 21:45:54 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id sO2VK5IY/l9/IAAAbx9fmQ (envelope-from ) for ; Tue, 12 Jan 2021 21:45:54 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 216A69402DD for ; Tue, 12 Jan 2021 21:45:54 +0000 (UTC) Received: from localhost ([::1]:47144 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kzRU9-0001BM-3s for larch@yhetil.org; Tue, 12 Jan 2021 16:45:53 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:47358) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kzRTL-0000qt-S1 for guix-patches@gnu.org; Tue, 12 Jan 2021 16:45:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:50182) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kzRTK-0006A2-QG for guix-patches@gnu.org; Tue, 12 Jan 2021 16:45:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kzRTK-0004MI-O5 for guix-patches@gnu.org; Tue, 12 Jan 2021 16:45:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#40579] [PATCH 1/2] gnu: Add iPXE. References: In-Reply-To: Resent-From: Vincent Legoll Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 12 Jan 2021 21:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40579 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 40579@debbugs.gnu.org Received: via spool by 40579-submit@debbugs.gnu.org id=B40579.161048789116704 (code B ref 40579); Tue, 12 Jan 2021 21:45:02 +0000 Received: (at 40579) by debbugs.gnu.org; 12 Jan 2021 21:44:51 +0000 Received: from localhost ([127.0.0.1]:33494 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kzRT0-0004Ky-Gk for submit@debbugs.gnu.org; Tue, 12 Jan 2021 16:44:51 -0500 Received: from mail-ed1-f51.google.com ([209.85.208.51]:34978) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kzRSx-0004Kc-Rk for 40579@debbugs.gnu.org; Tue, 12 Jan 2021 16:44:41 -0500 Received: by mail-ed1-f51.google.com with SMTP id u19so4058392edx.2 for <40579@debbugs.gnu.org>; Tue, 12 Jan 2021 13:44:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Ly/L6L6B7VFvI9k0jPdJ/vFQUAn6Mr5w7BCbAVxJHuE=; b=H8GPATCJ/RT2iGLvAlbFN3Wovf8xDS1Nbb1r1W54X7IReisFEZ9vCoZFdx5kycT8hz +GZzP0CC8N89ScfEFtzzp28wViOfDUbCeqKscrDvNc60IzZ/Z9VKwV+lH0JzdndnGVkY sJNlIhGoc1uE5ChVMsVjBTRBRNukH+MOI8oNBTp16CuRdI1nuvTjFgp3mjqb0M9Lv1XW Vn4baunxZyvePhOfEdKWQQyh2m6b2Icr7Mx0qosfuTgkEyp2W6IqypzDMoOlwo8LEVXo 2tl7VCvDvMRlUy/YYDNn/U+ugY9GKWlD27zz2m0v3XxbhBYU5xGEGfTVoBZdfudPHUQF uH/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Ly/L6L6B7VFvI9k0jPdJ/vFQUAn6Mr5w7BCbAVxJHuE=; b=FxoFJ3CsxrS/kOmgwsm6ZpfIBrtQk4IMQxwi/3jOLITE1o8R7HFzYnqxw5snSG2fO7 0GoHiu13xhAr8v40OPajwoBTnTr6iyuHtEMNhLnt3LxxCyDTvQz7f3VdrW5uSnuSn4hj HwRCxRVHpGPXoEJUQh5TaFISejjCAr73rsXbA49k2ug09i9zbh1aaeeR//FAfRCFl3Li tcydhR+I//81hB+sZ4Uxgjs9glfCMlnpMBP2vQ+RM/rp+4EAHFt+AnCL8KRKDt8KOT83 wIB7kEK6PSy4566FMkrzKwS7oa6GV9pJoUoGs7bb0YODtsvlvttbKV/4y7ll2y6EIT89 +FLA== X-Gm-Message-State: AOAM533W+VnJmEnsdii/zldEJheDAhs1PNHZxCq287Yhx0mGJBR7viGX M1uKIO37oiDoXXXwFv6uLNwQYzMyAD4= X-Google-Smtp-Source: ABdhPJxbL6i/R0s5GqPWavnaIQ8S8btSH+isQHQWfWmQaYvO2cBzkYBkUAWsZq1+EAb5FQDqhZRWSw== X-Received: by 2002:a05:6402:11d3:: with SMTP id j19mr929274edw.314.1610487873847; Tue, 12 Jan 2021 13:44:33 -0800 (PST) Received: from localhost.localdomain (se167-1-82-242-148-1.fbx.proxad.net. [82.242.148.1]) by smtp.gmail.com with ESMTPSA id c14sm2017552edy.56.2021.01.12.13.44.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Jan 2021 13:44:33 -0800 (PST) From: Vincent Legoll Date: Tue, 12 Jan 2021 22:44:18 +0100 Message-Id: <20210112214419.10004-1-vincent.legoll@gmail.com> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brice@waegenei.re, Vincent Legoll Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.26 Authentication-Results: aspmx1.migadu.com; dkim=fail (headers rsa verify failed) header.d=gmail.com header.s=20161025 header.b=H8GPATCJ; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 216A69402DD X-Spam-Score: -1.26 X-Migadu-Scanner: scn0.migadu.com X-TUID: HLbJ4xu7lTKq * gnu/packages/bootloaders.scm (ipxe): New variable. * gnu/packages/patches/ipxe-reproducible-geniso.patch: New file … * gnu/local.mk (dist_patch_DATA): … add it. Co-authored-by: Tobias Geerinckx-Rice Co-authored-by: Brice Waegeneire --- gnu/local.mk | 1 + gnu/packages/bootloaders.scm | 125 +++++++++++++++++- .../patches/ipxe-reproducible-geniso.patch | 77 +++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch diff --git a/gnu/local.mk b/gnu/local.mk index bcf7ee0245..eb28104add 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1184,6 +1184,7 @@ dist_patch_DATA = \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \ %D%/packages/patches/iputils-libcap-compat.patch \ + %D%/packages/patches/ipxe-reproducible-geniso.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/json-c-CVE-2020-12762.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 9ca574a151..38dba4cebd 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -7,12 +7,14 @@ ;;; Copyright © 2016, 2017 Danny Milosavljevic ;;; Copyright © 2016, 2017 David Craven ;;; Copyright © 2017, 2018, 2020 Efraim Flashner -;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright © 2018, 2019, 2020, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2019 nee ;;; Copyright © 2019 Mathieu Othacehe ;;; Copyright © 2020 Björn Höfling ;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian ;;; Copyright © 2020 Pierre Langlois +;;; Copyright © 2021 Vincent Legoll +;;; Copyright © 2021 Brice Waegeneire ;;; ;;; This file is part of GNU Guix. ;;; @@ -1095,3 +1097,124 @@ systems so that they can be added to the bootloader. It also works out how to boot existing GNU/Linux systems and detects what distribution is installed in order to add a suitable bootloader menu entry.") (license license:gpl2+))) + +(define-public ipxe + ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version + ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system. + ;; + ;; TODO: Bump this timestamp at each modifications of the package (not only + ;; for updates) by running: date +%s. + (let ((timestamp "1591706427")) + (package + (name "ipxe") + (version "1.20.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ipxe/ipxe") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (patches (search-patches "ipxe-reproducible-geniso.patch")) + (sha256 + (base32 + "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp")))) + (build-system gnu-build-system) + (arguments + `(#:modules ((guix build utils) + (guix build gnu-build-system) + (guix base32) + (ice-9 string-fun) + (ice-9 regex) + (rnrs bytevectors)) + #:imported-modules ((guix base32) + ,@%gnu-build-system-modules) + #:make-flags + ;; XXX: 'BUILD_ID' is used to determine when another ROM in the + ;; system contains identical code in order to save space within the + ;; legacy BIOS option ROM area, which is extremely limited in size. + ;; It is supposed to be collision-free across all ROMs, to do so we + ;; use the truncated output hash of the package. + (let ((build-id + (lambda (out) + (let* ((nix-store (string-append + (or (getenv "NIX_STORE") "/gnu/store") + "/")) + (filename + (string-replace-substring out nix-store "")) + (hash (match:substring (string-match "[0-9a-z]{32}" + filename))) + (bv (nix-base32-string->bytevector hash))) + (format #f "0x~x" + (bytevector-u32-ref bv 0 (endianness big)))))) + (out (assoc-ref %outputs "out")) + (syslinux (assoc-ref %build-inputs "syslinux"))) + (list "ECHO_E_BIN_ECHO=echo" + "ECHO_E_BIN_ECHO_E=echo -e" + + ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin! + ;; Luckily xorriso is more strict. + (string-append "ISOLINUX_BIN=" syslinux + "/share/syslinux/isolinux.bin") + (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux + "/share/syslinux/isohdpfx.bin") + + ;; Build reproducibly. + (string-append "BUILD_ID_CMD=echo -n " (build-id out)) + (string-append "BUILD_TIMESTAMP=" ,timestamp) + "everything")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source-directory + (lambda _ (chdir "src") #t)) + (add-after 'enter-source-directory 'set-options + (lambda _ + (substitute* "config/general.h" + (("^//(#define PING_CMD.*)" _ uncommented) uncommented) + (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented) + uncommented) + (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option) + (string-append "#define " option)) + (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option) + (string-append "#define " option))) + #t)) + (delete 'configure) ; no configure script + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (ipxe (string-append out "/lib/ipxe")) + (exts-re + "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$") + (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios" + "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi")) + (files (apply append + (map (lambda (dir) + (find-files dir exts-re)) dirs)))) + (for-each (lambda (file) + (let* ((subdir (dirname file)) + (fn (basename file)) + (tgtsubdir (cond + ((string=? "bin" subdir) "") + ((string-prefix? "bin-" subdir) + (string-drop subdir 4))))) + (install-file file + (string-append ipxe "/" tgtsubdir)))) + files)) + #t)) + (add-after 'install 'leave-source-directory + (lambda _ (chdir "..") #t))) + #:tests? #f)) ; no test suite + (native-inputs + `(("perl" ,perl) + ("syslinux" ,syslinux) + ("xorriso" ,xorriso))) + (home-page "https://ipxe.org") + (synopsis "PXE-compliant network boot firmware") + (description "iPXE is a network boot firmware. It provides a full PXE +implementation enhanced with additional features such as booting from: a web +server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a +wireless network, a wide-area network, an Infiniband network. It allows to +control the boot process with a script. You can use iPXE to replace the +existing PXE ROM on your network card, or you can chainload into iPXE to obtain +the features of iPXE without the hassle of reflashing.") + (license license:gpl2+)))) + diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/packages/patches/ipxe-reproducible-geniso.patch new file mode 100644 index 0000000000..ff6aa1da94 --- /dev/null +++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch @@ -0,0 +1,77 @@ +From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001 +From: Brice Waegeneire +Date: Fri, 5 Jun 2020 14:38:43 +0200 +Subject: [PATCH] [geniso] Make it reproducible + +Some timestamps get embedded in the generated ISO, making it +unreproducible so we overwrite those timestamps to be at the UNIX epoch. +--- + src/util/geniso | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/util/geniso b/src/util/geniso +index ff090d4a..e032ffb0 100755 +--- a/src/util/geniso ++++ b/src/util/geniso +@@ -11,6 +11,13 @@ function help() { + echo " -o FILE save iso image to file" + } + ++function reset_timestamp() { ++ for f in "$1"/*; do ++ touch -t 197001010100 "$f" ++ done ++ touch -t 197001010100 "$1" ++} ++ + LEGACY=0 + FIRST="" + +@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then + exit 1 + fi + +-# There should either be mkisofs or the compatible genisoimage program +-for command in genisoimage mkisofs; do ++# There should either be mkisofs, xorriso or the compatible genisoimage ++# program ++for command in xorriso genisoimage mkisofs; do + if ${command} --version >/dev/null 2>/dev/null; then + mkisofs=(${command}) + break +@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do + done + + if [ -z "${mkisofs}" ]; then +- echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2 ++ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2 + exit 1 ++elif [ "$mkisofs" = "xorriso" ]; then ++ mkisofs+=(-as mkisofs) + fi + + dir=$(mktemp -d bin/iso.dir.XXXXXX) +@@ -115,6 +125,8 @@ case "${LEGACY}" in + exit 1 + fi + ++ reset_timestamp "$dir" ++ + # generate the iso image + "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir} + ;; +@@ -127,6 +139,12 @@ case "${LEGACY}" in + cp ${LDLINUX_C32} ${dir} + fi + ++ reset_timestamp "$dir" ++ ++ if [ "${mkisofs[0]}" = "xorriso" ]; then ++ mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH") ++ fi ++ + # generate the iso image + "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir} + +-- +2.26.2 -- 2.30.0