all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Brice Waegeneire <brice@waegenei.re>
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: vincent.legoll@gmail.com, 40579@debbugs.gnu.org, me@tobias.gr
Subject: [bug#40579] [PATCH v2] gnu: Add iPXE.
Date: Tue, 09 Jun 2020 21:31:43 +0200	[thread overview]
Message-ID: <87wo4gf334.fsf@waegenei.re> (raw)
In-Reply-To: <20200415224134.2014eee9@scratchpost.org> (Danny Milosavljevic's message of "Wed, 15 Apr 2020 22:41:34 +0200")

[-- Attachment #1: Type: text/plain, Size: 418 bytes --]


Hello Vincent, Tobias, Danny,

Danny Milosavljevic <dannym@scratchpost.org> writes:

> ipxe.iso is not reproducible it seems.
>
> [...]


The attached patch should be reproducible, it is based on v3 from
Vincent.

It adds the following:
- generate a BUILD_ID based on the package's output hash
- use 'let' to set BUILD_TIMESTAMP
- set some useful options
- add a patch that reset the timestamps of ipxe.iso

- Brice


[-- Attachment #2: [PATCH v4] gnu: Add iPXE. --]
[-- Type: text/plain, Size: 11131 bytes --]

From 5d6acaa49844ce1ad3f8ca4cba74be695901fb24 Mon Sep 17 00:00:00 2001
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Mon, 13 Apr 2020 01:28:31 +0200
Subject: [PATCH v4] gnu: Add iPXE.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/packages/bootloaders.scm (ipxe): New variable.
* gnu/packages/patches/ipxe-reproducible-geniso.patch: New file …
* gnu/local.mk (dist_patch_DATA): … add it.

Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
---
 gnu/local.mk                                  |   1 +
 gnu/packages/bootloaders.scm                  | 122 ++++++++++++++++++
 .../patches/ipxe-reproducible-geniso.patch    |  78 +++++++++++
 3 files changed, 201 insertions(+)
 create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 33b344d41b..92ad64135a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1105,6 +1105,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/inetutils-hurd.patch			\
   %D%/packages/patches/inkscape-poppler-0.76.patch		\
   %D%/packages/patches/intltool-perl-compatibility.patch	\
+  %D%/packages/patches/ipxe-reproducible-geniso.patch	        \
   %D%/packages/patches/irrlicht-use-system-libs.patch		\
   %D%/packages/patches/isl-0.11.1-aarch64-support.patch	\
   %D%/packages/patches/jacal-fix-texinfo.patch			\
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index ea80cf020e..c819c903e8 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -14,6 +14,8 @@
 ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant@debian.org>
 ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
+;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1068,3 +1070,123 @@ systems so that they can be added to the bootloader.  It also works out how to
 boot existing GNU/Linux systems and detects what distribution is installed in
 order to add a suitable bootloader menu entry.")
     (license license:gpl2+)))
+
+(define-public ipxe
+  ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version
+  ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system.
+  ;;
+  ;; TODO: Bump this timestamp at each modifications of the package (not only
+  ;; for updates) by running: date +%s.
+  (let ((timestamp "1591706427"))
+    (package
+      (name "ipxe")
+      (version "1.20.1")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/ipxe/ipxe")
+                      (commit (string-append "v" version))))
+                (file-name (git-file-name name version))
+                (patches (search-patches "ipxe-reproducible-geniso.patch"))
+                (sha256
+                 (base32
+                  "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:modules ((guix build utils)
+                    (guix build gnu-build-system)
+                    (guix base32)
+                    (ice-9 string-fun)
+                    (ice-9 regex)
+                    (rnrs bytevectors))
+         #:imported-modules ((guix base32)
+                             ,@%gnu-build-system-modules)
+         #:make-flags
+         ;; XXX: 'BUILD_ID' is used to determine when another ROM in the
+         ;; system contains identical code in order to save space within the
+         ;; legacy BIOS option ROM area, which is extremely limited in size.
+         ;; It is supposed to be collision-free across all ROMs, to do so we
+         ;; use the truncated output hash of the package.
+         (let ((build-id
+                (lambda (out)
+                  (let* ((nix-store (string-append
+                                     (or (getenv "NIX_STORE") "/gnu/store")
+                                     "/"))
+                         (filename
+                          (string-replace-substring out nix-store ""))
+                         (hash (match:substring (string-match "[0-9a-z]{32}"
+                                                              filename)))
+                         (bv (nix-base32-string->bytevector hash)))
+                    (format #f "0x~x"
+                            (bytevector-u32-ref bv 0 (endianness big))))))
+               (out (assoc-ref %outputs "out"))
+               (syslinux (assoc-ref %build-inputs "syslinux")))
+           (list "ECHO_E_BIN_ECHO=echo"
+                 "ECHO_E_BIN_ECHO_E=echo -e"
+
+                 ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin!
+                 ;; Luckily xorriso is more strict.
+                 (string-append "ISOLINUX_BIN=" syslinux
+                                "/share/syslinux/isolinux.bin")
+                 (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux
+                                "/share/syslinux/isohdpfx.bin")
+
+                 ;; Build reproducibly.
+                 (string-append "BUILD_ID_CMD=echo -n " (build-id out))
+                 (string-append "BUILD_TIMESTAMP=" ,timestamp)
+                 "everything"))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'enter-source-directory
+             (lambda _ (chdir "src") #t))
+           (add-after 'enter-source-directory 'set-options
+             (lambda _
+               (substitute* "config/general.h"
+                 (("^//(#define PING_CMD.*)" _ uncommented) uncommented)
+                 (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented)
+                  uncommented)
+                 (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option)
+                  (string-append "#define " option))
+                 (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option)
+                  (string-append "#define " option)))
+               #t))
+           (delete 'configure)          ; no configure script
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (ipxe (string-append out "/lib/ipxe"))
+                      (exts-re
+                       "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$")
+                      (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios"
+                              "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi"))
+                      (files (apply append
+                                    (map (lambda (dir)
+                                           (find-files dir exts-re)) dirs))))
+                 (for-each (lambda (file)
+                             (let* ((subdir (dirname file))
+                                    (fn (basename file))
+                                    (tgtsubdir (cond
+                                                ((string=? "bin" subdir) "")
+                                                ((string-prefix? "bin-" subdir)
+                                                 (string-drop subdir 4)))))
+                               (install-file file
+                                             (string-append ipxe "/" tgtsubdir))))
+                           files))
+               #t))
+           (add-after 'install 'leave-source-directory
+             (lambda _ (chdir "..") #t)))
+         #:tests? #f))                  ; no test suite
+      (native-inputs
+       `(("perl" ,perl)
+         ("syslinux" ,syslinux)
+         ("xorriso" ,xorriso)))
+      (home-page "https://ipxe.org")
+      (synopsis "PXE-compliant network boot firmware")
+      (description "iPXE is a network boot firmware.  It provides a full PXE
+implementation enhanced with additional features such as booting from: a web
+server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
+wireless network, a wide-area network, an Infiniband network.  It allows to
+control the boot process with a script.  You can use iPXE to replace the
+existing PXE ROM on your network card, or you can chainload into iPXE to obtain
+the features of iPXE without the hassle of reflashing.")
+      (license license:gpl2+))))
diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/packages/patches/ipxe-reproducible-geniso.patch
new file mode 100644
index 0000000000..d3c97c3085
--- /dev/null
+++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch
@@ -0,0 +1,78 @@
+From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001
+From: Brice Waegeneire <brice@waegenei.re>
+Date: Fri, 5 Jun 2020 14:38:43 +0200
+Subject: [PATCH] [geniso] Make it reproducible
+
+Some timestamps get embedded in the generated ISO, making it
+unreproducible so we overwrite those timestamps to be at the UNIX epoch.
+---
+ src/util/geniso | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/geniso b/src/util/geniso
+index ff090d4a..e032ffb0 100755
+--- a/src/util/geniso
++++ b/src/util/geniso
+@@ -11,6 +11,13 @@ function help() {
+ 	echo " -o FILE  save iso image to file"
+ }
+ 
++function reset_timestamp() {
++	for f in "$1"/*; do
++		touch -t 197001010100 "$f"
++	done
++	touch -t 197001010100 "$1"
++}
++
+ LEGACY=0
+ FIRST=""
+ 
+@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then
+ 	exit 1
+ fi
+ 
+-# There should either be mkisofs or the compatible genisoimage program
+-for command in genisoimage mkisofs; do
++# There should either be mkisofs, xorriso or the compatible genisoimage
++# program
++for command in xorriso genisoimage mkisofs; do
+ 	if ${command} --version >/dev/null 2>/dev/null; then
+ 		mkisofs=(${command})
+ 		break
+@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do
+ done
+ 
+ if [ -z "${mkisofs}" ]; then
+-	echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
++	echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2
+ 	exit 1
++elif [ "$mkisofs" = "xorriso" ]; then
++	 mkisofs+=(-as mkisofs)
+ fi
+ 
+ dir=$(mktemp -d bin/iso.dir.XXXXXX)
+@@ -115,6 +125,8 @@ case "${LEGACY}" in
+ 			exit 1
+ 		fi
+ 
++		reset_timestamp "$dir"
++
+ 		# generate the iso image
+ 		"${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
+ 		;;
+@@ -127,6 +139,12 @@ case "${LEGACY}" in
+ 			cp ${LDLINUX_C32} ${dir}
+ 		fi
+ 
++		reset_timestamp "$dir"
++
++		if [ "${mkisofs[0]}" = "xorriso" ]; then
++			mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH")
++		fi
++
+ 		# generate the iso image
+ 		"${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
+ 
+-- 
+2.26.2
+
-- 
2.26.2


  parent reply	other threads:[~2020-06-09 19:33 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-12 17:59 [bug#40579] [RFC PATCH] add iPXE Vincent Legoll
2020-04-12 18:47 ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 18:58   ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 19:46   ` Danny Milosavljevic
2020-04-12 21:18     ` Tobias Geerinckx-Rice via Guix-patches via
2020-04-12 23:28       ` [bug#40579] [PATCH v2] gnu: Add iPXE Tobias Geerinckx-Rice via Guix-patches via
2020-04-14 15:11         ` [bug#40579] [PATCH v3] " Vincent Legoll
2020-04-15 20:41         ` [bug#40579] [PATCH v2] " Danny Milosavljevic
2020-04-15 20:55           ` Vincent Legoll
2020-06-09 19:31           ` Brice Waegeneire [this message]
2020-06-09 19:58             ` Vincent Legoll
2020-06-09 20:11               ` Brice Waegeneire
2021-01-12 21:01                 ` Vincent Legoll
2021-01-12 21:44 ` [bug#40579] [PATCH 1/2] " Vincent Legoll
2021-01-12 21:44   ` [bug#40579] [PATCH 2/2] gnu: ipxe: Update to 1.21.1 Vincent Legoll
2021-01-12 21:47   ` [bug#40579] [PATCH 1/2] gnu: Add iPXE Vincent Legoll
2021-01-14  0:53     ` Danny Milosavljevic
2021-01-14  8:33 ` bug#40579: [RFC PATCH] add iPXE Vincent Legoll

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87wo4gf334.fsf@waegenei.re \
    --to=brice@waegenei.re \
    --cc=40579@debbugs.gnu.org \
    --cc=dannym@scratchpost.org \
    --cc=me@tobias.gr \
    --cc=vincent.legoll@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.