gnu: Add ipxe.

* gnu/packages/bootloaders.scm (ipxe): New variable.
* gnu/packages/patches/ipxe-reproducible-geniso.patch: New file …
* gnu/local.mk (dist_patch_DATA): … add it.

Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
This commit is contained in:
Vincent Legoll 2021-01-12 22:44:18 +01:00 committed by Danny Milosavljevic
parent 872aa117d2
commit aeed7218a9
No known key found for this signature in database
GPG Key ID: E71A35542C30BAA5
3 changed files with 202 additions and 1 deletions

View File

@ -1184,6 +1184,7 @@ dist_patch_DATA = \
%D%/packages/patches/intel-xed-fix-nondeterminism.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/iputils-libcap-compat.patch \ %D%/packages/patches/iputils-libcap-compat.patch \
%D%/packages/patches/ipxe-reproducible-geniso.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \
%D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \
%D%/packages/patches/json-c-CVE-2020-12762.patch \ %D%/packages/patches/json-c-CVE-2020-12762.patch \

View File

@ -7,12 +7,14 @@
;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org> ;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016, 2017 David Craven <david@craven.ch> ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2018, 2019, 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 nee <nee@cock.li> ;;; Copyright © 2019 nee <nee@cock.li>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de> ;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant@debian.org> ;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com> ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2021 Vincent Legoll <vincent.legoll@gmail.com>
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -1095,3 +1097,124 @@ systems so that they can be added to the bootloader. It also works out how to
boot existing GNU/Linux systems and detects what distribution is installed in boot existing GNU/Linux systems and detects what distribution is installed in
order to add a suitable bootloader menu entry.") order to add a suitable bootloader menu entry.")
(license license:gpl2+))) (license license:gpl2+)))
(define-public ipxe
;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version
;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system.
;;
;; TODO: Bump this timestamp at each modifications of the package (not only
;; for updates) by running: date +%s.
(let ((timestamp "1591706427"))
(package
(name "ipxe")
(version "1.20.1")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/ipxe/ipxe")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(patches (search-patches "ipxe-reproducible-geniso.patch"))
(sha256
(base32
"0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build utils)
(guix build gnu-build-system)
(guix base32)
(ice-9 string-fun)
(ice-9 regex)
(rnrs bytevectors))
#:imported-modules ((guix base32)
,@%gnu-build-system-modules)
#:make-flags
;; XXX: 'BUILD_ID' is used to determine when another ROM in the
;; system contains identical code in order to save space within the
;; legacy BIOS option ROM area, which is extremely limited in size.
;; It is supposed to be collision-free across all ROMs, to do so we
;; use the truncated output hash of the package.
(let ((build-id
(lambda (out)
(let* ((nix-store (string-append
(or (getenv "NIX_STORE") "/gnu/store")
"/"))
(filename
(string-replace-substring out nix-store ""))
(hash (match:substring (string-match "[0-9a-z]{32}"
filename)))
(bv (nix-base32-string->bytevector hash)))
(format #f "0x~x"
(bytevector-u32-ref bv 0 (endianness big))))))
(out (assoc-ref %outputs "out"))
(syslinux (assoc-ref %build-inputs "syslinux")))
(list "ECHO_E_BIN_ECHO=echo"
"ECHO_E_BIN_ECHO_E=echo -e"
;; cdrtools' mkisofs will silently ignore a missing isolinux.bin!
;; Luckily xorriso is more strict.
(string-append "ISOLINUX_BIN=" syslinux
"/share/syslinux/isolinux.bin")
(string-append "SYSLINUX_MBR_DISK_PATH=" syslinux
"/share/syslinux/isohdpfx.bin")
;; Build reproducibly.
(string-append "BUILD_ID_CMD=echo -n " (build-id out))
(string-append "BUILD_TIMESTAMP=" ,timestamp)
"everything"))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'enter-source-directory
(lambda _ (chdir "src") #t))
(add-after 'enter-source-directory 'set-options
(lambda _
(substitute* "config/general.h"
(("^//(#define PING_CMD.*)" _ uncommented) uncommented)
(("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented)
uncommented)
(("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option)
(string-append "#define " option))
(("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option)
(string-append "#define " option)))
#t))
(delete 'configure) ; no configure script
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(ipxe (string-append out "/lib/ipxe"))
(exts-re
"\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$")
(dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios"
"bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi"))
(files (apply append
(map (lambda (dir)
(find-files dir exts-re)) dirs))))
(for-each (lambda (file)
(let* ((subdir (dirname file))
(fn (basename file))
(tgtsubdir (cond
((string=? "bin" subdir) "")
((string-prefix? "bin-" subdir)
(string-drop subdir 4)))))
(install-file file
(string-append ipxe "/" tgtsubdir))))
files))
#t))
(add-after 'install 'leave-source-directory
(lambda _ (chdir "..") #t)))
#:tests? #f)) ; no test suite
(native-inputs
`(("perl" ,perl)
("syslinux" ,syslinux)
("xorriso" ,xorriso)))
(home-page "https://ipxe.org")
(synopsis "PXE-compliant network boot firmware")
(description "iPXE is a network boot firmware. It provides a full PXE
implementation enhanced with additional features such as booting from: a web
server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a
wireless network, a wide-area network, an Infiniband network. It allows to
control the boot process with a script. You can use iPXE to replace the
existing PXE ROM on your network card, or you can chainload into iPXE to obtain
the features of iPXE without the hassle of reflashing.")
(license license:gpl2+))))

View File

@ -0,0 +1,77 @@
From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001
From: Brice Waegeneire <brice@waegenei.re>
Date: Fri, 5 Jun 2020 14:38:43 +0200
Subject: [PATCH] [geniso] Make it reproducible
Some timestamps get embedded in the generated ISO, making it
unreproducible so we overwrite those timestamps to be at the UNIX epoch.
---
src/util/geniso | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/util/geniso b/src/util/geniso
index ff090d4a..e032ffb0 100755
--- a/src/util/geniso
+++ b/src/util/geniso
@@ -11,6 +11,13 @@ function help() {
echo " -o FILE save iso image to file"
}
+function reset_timestamp() {
+ for f in "$1"/*; do
+ touch -t 197001010100 "$f"
+ done
+ touch -t 197001010100 "$1"
+}
+
LEGACY=0
FIRST=""
@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then
exit 1
fi
-# There should either be mkisofs or the compatible genisoimage program
-for command in genisoimage mkisofs; do
+# There should either be mkisofs, xorriso or the compatible genisoimage
+# program
+for command in xorriso genisoimage mkisofs; do
if ${command} --version >/dev/null 2>/dev/null; then
mkisofs=(${command})
break
@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do
done
if [ -z "${mkisofs}" ]; then
- echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
+ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2
exit 1
+elif [ "$mkisofs" = "xorriso" ]; then
+ mkisofs+=(-as mkisofs)
fi
dir=$(mktemp -d bin/iso.dir.XXXXXX)
@@ -115,6 +125,8 @@ case "${LEGACY}" in
exit 1
fi
+ reset_timestamp "$dir"
+
# generate the iso image
"${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
;;
@@ -127,6 +139,12 @@ case "${LEGACY}" in
cp ${LDLINUX_C32} ${dir}
fi
+ reset_timestamp "$dir"
+
+ if [ "${mkisofs[0]}" = "xorriso" ]; then
+ mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH")
+ fi
+
# generate the iso image
"${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
--
2.26.2