patos/lib/make-sysext.nix

{
  lib,
  runCommand,
  pkgs,

  name,
  packages,
  osId ? "patos",
  version ? null,
}:


let
  metadata = {
    ID = osId;
    VERSION_ID = osId;
    IMAGE_ID = name;
    IMAGE_VERSION = version;
  };

  metadataFile = lib.concatStringsSep "\n" (
    lib.mapAttrsToList (k: v: "${k}=${v}") (lib.filterAttrs (_: v: v != null) metadata)
  );

  doCopy =
    {
      drv,
      prefix ? "usr",
      path,
      destpath ? null,
    }:
    "do_copy ${prefix} ${drv} ${path}" + lib.optionalString (destpath != null) " ${destpath}";

in

runCommand name
  {
    passthru.name = name;
    inherit metadataFile;
    passAsFile = [ "metadataFile" ];

    buildInputs = [
      pkgs.erofs-utils
      pkgs.cryptsetup
    ];

  }
  ''
    do_copy () {
      local prefix="$1"
      local drv="$2"
      local path="$3"
      local destpath="''${4:-$path}"

      local srcfile
      local destdir
      local destfile
      srcfile="$drv/$path"
      destfile="$out/tree/$prefix/$destpath"
      destdir="$(dirname -- "$destfile")"

      mkdir -pv "$destdir"
      cp -Pv "$srcfile" "$destfile"

      chmod 755 "$destfile"
      patchelf --set-rpath /lib:/usr/lib:/ $destfile
      patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 $destfile || true
    }

    mkdir -p $out/tree

    ${lib.concatStringsSep "\n" (map doCopy packages)}

    # bake metadata into the structure
    if ! [ -f $out/tree/usr/lib/extension-release.d/extension-release."${name}" ]; then
      mkdir -p $out/tree/usr/lib/extension-release.d
      cat "$metadataFilePath" > $out/tree/usr/lib/extension-release.d/extension-release."${name}"
    fi

    pushd $out
    find tree -type d -exec chmod 0755 {} \;
    mkfs.erofs --all-root $name.raw tree/
    veritysetup format --root-hash-file $name.roothash $name.raw $name.verity
    #TODO: pcks7 signature?
    rm -rf tree
    popd
  ''
chore: add lib for making systemd sysexts 2025-03-12 10:39:39 +01:00			`{`
			`lib,`
			`runCommand,`
			`pkgs,`

			`name,`
			`packages,`
			`osId ? "patos",`
			`version ? null,`
			`}:`


			`let`
			`metadata = {`
			`ID = osId;`
			`VERSION_ID = osId;`
			`IMAGE_ID = name;`
			`IMAGE_VERSION = version;`
			`};`

			`metadataFile = lib.concatStringsSep "\n" (`
			`lib.mapAttrsToList (k: v: "${k}=${v}") (lib.filterAttrs (_: v: v != null) metadata)`
			`);`

			`doCopy =`
			`{`
			`drv,`
			`prefix ? "usr",`
			`path,`
			`destpath ? null,`
			`}:`
			`"do_copy ${prefix} ${drv} ${path}" + lib.optionalString (destpath != null) " ${destpath}";`

			`in`

			`runCommand name`
			`{`
			`passthru.name = name;`
			`inherit metadataFile;`
			`passAsFile = [ "metadataFile" ];`

			`buildInputs = [`
			`pkgs.erofs-utils`
			`pkgs.cryptsetup`
			`];`

			`}`
			`''`
			`do_copy () {`
			`local prefix="$1"`
			`local drv="$2"`
			`local path="$3"`
			`local destpath="''${4:-$path}"`

			`local srcfile`
			`local destdir`
			`local destfile`
			`srcfile="$drv/$path"`
			`destfile="$out/tree/$prefix/$destpath"`
			`destdir="$(dirname -- "$destfile")"`

			`mkdir -pv "$destdir"`
			`cp -Pv "$srcfile" "$destfile"`

			`chmod 755 "$destfile"`
			`patchelf --set-rpath /lib:/usr/lib:/ $destfile`
			`patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 $destfile \|\| true`
			`}`

			`mkdir -p $out/tree`

			`${lib.concatStringsSep "\n" (map doCopy packages)}`

			`# bake metadata into the structure`
			`if ! [ -f $out/tree/usr/lib/extension-release.d/extension-release."${name}" ]; then`
			`mkdir -p $out/tree/usr/lib/extension-release.d`
			`cat "$metadataFilePath" > $out/tree/usr/lib/extension-release.d/extension-release."${name}"`
			`fi`

			`pushd $out`
			`find tree -type d -exec chmod 0755 {} \;`
			`mkfs.erofs --all-root $name.raw tree/`
			`veritysetup format --root-hash-file $name.roothash $name.raw $name.verity`
			`#TODO: pcks7 signature?`
			`rm -rf tree`
			`popd`
			`''`
No results found.