Patagia/patos
Patagia/patos
1
1
Code Issues 4 Pull requests 4 Activity

chore: add dbus-broker
Some checks are pending
ci/woodpecker/pr/ci Pipeline is pending
Details

Browse source
This commit is contained in:
Lars Sjöström 2025-02-20 10:40:53 +01:00
parent 0f7958b596
commit 1bd2d1643f
No known key found for this signature in database
4 changed files with 403 additions and 142 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

158
dbus-broker/default.nix Normal file
View file

@ -0,0 +1,158 @@
{
lib,
stdenv,
fetchFromGitHub,
pkgs,
...
}:
let
meta = {
maintainers = with lib.maintainers; [ peterhoeg ];
platforms = lib.platforms.linux;
};
dep =
{
pname,
version,
hash,
rev ? "v${version}",
buildInputs ? [ ],
}:
stdenv.mkDerivation {
inherit pname version;
src = fetchFromGitHub {
owner = "c-util";
repo = pname;
inherit hash rev;
};
nativeBuildInputs = with pkgs; [
meson
ninja
pkg-config
];
inherit buildInputs;
meta = meta // {
description = "The C-Util Project is a collection of utility libraries for the C11 language.";
homepage = "https://c-util.github.io/";
license = [
lib.licenses.asl20
lib.licenses.lgpl21Plus
];
};
};
# These libraries are not used outside of dbus-broker.
#
# If that changes, we can always break them out, but they are essentially
# part of the dbus-broker project, just in separate repositories.
c-dvar = dep {
pname = "c-dvar";
version = "1.1.0";
hash = "sha256-p/C+BktclVseCtZJ1Q/YK03vP2ClnYRLB1Vmj2OQJD4=";
buildInputs = [
c-stdaux
c-utf8
];
};
c-ini = dep {
pname = "c-ini";
version = "1.1.0";
hash = "sha256-wa7aNl20hkb/83c4AkQ/0YFDdmBs4XGW+WLUtBWIC98=";
buildInputs = [
c-list
c-rbtree
c-stdaux
c-utf8
];
};
c-list = dep {
pname = "c-list";
version = "3.1.0";
hash = "sha256-fp3EAqcbFCLaT2EstLSzwP2X13pi2EFpFAullhoCtpw=";
};
c-rbtree = dep {
pname = "c-rbtree";
version = "3.2.0";
hash = "sha256-dTMeawhPLRtHvMXfXCrT5iCdoh7qS3v+raC6c+t+X38=";
buildInputs = [ c-stdaux ];
};
c-shquote = dep {
pname = "c-shquote";
version = "1.1.0";
hash = "sha256-z6hpQ/kpCYAngMNfxLkfsxaGtvP4yBMigX1lGpIIzMQ=";
buildInputs = [ c-stdaux ];
};
c-stdaux = dep {
pname = "c-stdaux";
version = "1.5.0";
hash = "sha256-MsnuEyVCmOIr/q6I1qyPsNXp48jxIEcXoYLHbOAZtW0=";
};
c-utf8 = dep {
pname = "c-utf8";
version = "1.1.0";
hash = "sha256-9vBYylbt1ypJwIAQJd/oiAueh+4VYcn/KzofQuhUea0=";
buildInputs = [ c-stdaux ];
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "dbus-broker";
version = "36";
src = fetchFromGitHub {
owner = "bus1";
repo = "dbus-broker";
rev = "v${finalAttrs.version}";
hash = "sha256-5dAMKjybqrHG57vArbtWEPR/svSj2ION75JrjvnnpVM=";
};
nativeBuildInputs = with pkgs; [
docutils
meson
ninja
pkg-config
];
buildInputs = [
c-dvar
c-ini
c-list
c-rbtree
c-shquote
c-stdaux
c-utf8
pkgs.dbus
pkgs.linuxHeaders
pkgs.systemd
];
mesonFlags = [
# while we technically support 4.9 and 4.14, the NixOS module will throw an
# error when using a kernel that's too old
"--prefix=/"
"--bindir=/usr/bin"
"-D=linux-4-17=true"
"-D=system-console-users=gdm,sddm,lightdm"
];
PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMUNITDIR = "/lib/systemd/system";
PKG_CONFIG_SYSTEMD_SYSTEMDUSERUNITDIR = "/lib/systemd/user";
PKG_CONFIG_SYSTEMD_CATALOGDIR = "/lib/systemd/catalog";
preInstall = ''
export DESTDIR=${placeholder "out"}
'';
postInstall = '''';
doCheck = false;
meta = meta // {
description = "Linux D-Bus Message Broker";
homepage = "https://github.com/bus1/dbus-broker/wiki";
license = lib.licenses.asl20;
};
})

155
flake.nix
View file

@ -21,160 +21,29 @@
packages = {
default = self.packages.${system}.image;
image = pkgs.writeShellScriptBin "image" ''
set -ex
echo "make UKI..."
echo ${self.packages.${system}.kernel.kernel}/bzImage
mkdir -p patos/efi/boot
${self.packages.${system}.systemd.out}/usr/bin/ukify build \
--linux ${self.packages.${system}.kernel.kernel}/bzImage \
--initrd ./initrd.gz \
--cmdline "console=ttyS0" \
-o patos.efi
-o patos/efi/boot/bootx64.efi
'';
kernel = pkgs.callPackage ./kernel { };
glibc = pkgs.callPackage ./glibc { };
systemd = pkgs.callPackage ./systemd { };
dbus-broker = pkgs.callPackage ./dbus-broker { };
mkinitrd = pkgs.writeShellScriptBin "mkinitrd" ''
echo "make initrd..."
mkdir -p out
qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { inherit pkgs; };
# copy systemd
cp -Pr ${self.packages.${system}.systemd.out}/* out/
pushd out
find . -type d -exec chmod 755 {} \;
# Copy kernel modules
cp -Pr ${self.packages.${system}.kernel.kernel}/lib/modules ./usr/lib/
find usr/lib/modules -type d -exec chmod 755 {} \;
mkdir -p dev proc sys tmp root
ln -sf usr/bin bin
ln -sf usr/bin sbin
ln -sf usr/lib lib
ln -sf usr/lib lib64
ln -sf ../proc/self/mounts etc/mtab
ln -sf ../usr/lib/systemd/systemd init
echo patos > ./etc/hostname
cat <<EOF > ./etc/os-release
NAME="PatOS"
PRETTY_NAME="PatOS Platform"
ID=patos
EOF
cat <<EOF > ./etc/passwd
root::0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/usr/bin/nologin
daemon:x:2:2:daemon:/:/usr/bin/nologin
mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
http:x:33:33:http:/srv/http:/usr/bin/nologin
uuidd:x:68:68:uuidd:/:/usr/bin/nologin
dbus:x:81:81:dbus:/:/usr/bin/nologin
nobody:x:99:99:nobody:/:/usr/bin/nologin
EOF
chmod 644 ./etc/passwd
cat <<EOF > ./etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
proc:x:26:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
dbus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
input:x:97:
power:x:98:
nobody:x:99:
EOF
chmod 644 ./etc/group
# FIXME: remove this
cat <<EOF > usr/lib/systemd/system/demo.service
[Unit]
Description=Debug Shell (/bin/sulogin)
Conflicts=shutdown.target
Before=shutdown.target
[Service]
Environment=HOME=/root
WorkingDirectory=/root
ExecStart=/bin/sulogin
Type=idle
StandardInput=tty-force
StandardOutput=inherit
StandardError=inherit
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes
Restart=always
[Install]
WantedBy=basic.target
EOF
mkdir usr/lib/systemd/system/basic.target.wants
ln -sf ../demo.service usr/lib/systemd/system/basic.target.wants/demo.service
# set default target
ln -sf basic.target usr/lib/systemd/system/default.target
# remove first boot
rm -f usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
# remove vconsole setup
rm -f usr/lib/udev/rules.d/90-vconsole.rules
# install busybox
cp ${pkgs.busybox.out}/bin/busybox usr/bin/
usr/bin/busybox --list | xargs -I {} ln -sf busybox usr/bin/{}
# install lib kmod
cp -P ${pkgs.kmod.lib}/lib/* ./usr/lib
cp -P ${pkgs.kmod.out}/bin/* ./usr/bin
cp -P ${pkgs.libbpf.out}/lib/libbpf* ./usr/lib
# get shared libs
find . -type f -executable | xargs ldd 2> /dev/null | awk '{print $3}' | grep -v systemd | sort -u | xargs cp -t usr/lib
find . -type f -executable | xargs chmod 755
# FIXME: hacky(?) ELF patching. Is there a better way????????
find . -type f -executable -print | xargs -I {} ${pkgs.lib.getExe pkgs.patchelf} --set-rpath /lib:/usr/lib:/usr/lib/systemd {} 2> /dev/null
find . -type f -executable -print | xargs -I {} ${pkgs.lib.getExe pkgs.patchelf} --set-interpreter /lib/ld-linux-x86-64.so.2 {} 2> /dev/null
cp ${
self.packages.${system}.glibc.out
}/lib/ld-linux-x86-64.so.2 lib/ && ${pkgs.lib.getExe pkgs.patchelf} --remove-rpath lib/ld-linux-x86-64.so.2
# strip binaries
find . -type f -executable | xargs strip 2> /dev/null
# gen initrd
find . -print0 | ${pkgs.lib.getExe pkgs.cpio} --null --owner=root:root -o --format=newc | ${pkgs.lib.getExe pkgs.gzip} -9 > ../initrd.gz
'';
mkinitrd = pkgs.callPackage ./utils/mkinitrd.nix {
inherit pkgs;
inherit system;
inherit self;
};
};
checks = {
@ -193,6 +62,8 @@
nixd
nixfmt-rfc-style
squashfs-tools-ng
self.packages.${system}.qemu-uefi-tpm
self.packages.${system}.mkinitrd
];
};

182
utils/mkinitrd.nix Normal file
View file

@ -0,0 +1,182 @@
{
pkgs,
self,
system,
...
}:
pkgs.writeShellApplication {
name = "mkinitrd";
runtimeInputs = with pkgs; [
patchelf
cpio
gzip
];
text = ''
# shellcheck disable=SC2038
echo "make initrd..."
mkdir -p out
# copy systemd
cp -Pr ${self.packages.${system}.systemd.out}/* out/
pushd out
find . -type d -exec chmod 755 {} \;
# Copy kernel modules
cp -Pr ${self.packages.${system}.kernel.kernel}/lib/modules ./usr/lib/
find usr/lib/modules -type d -exec chmod 755 {} \;
mkdir -p dev proc sys tmp root
ln -sf usr/bin bin
ln -sf usr/bin sbin
ln -sf usr/lib lib
ln -sf usr/lib lib64
ln -sf ../proc/self/mounts etc/mtab
ln -sf ../usr/lib/systemd/systemd init
echo patos > ./etc/hostname
cat <<EOF > ./etc/os-release
NAME="PatOS"
PRETTY_NAME="PatOS Platform"
ID=patos
EOF
cat <<EOF > ./etc/passwd
root::0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/usr/bin/nologin
daemon:x:2:2:daemon:/:/usr/bin/nologin
mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
http:x:33:33:http:/srv/http:/usr/bin/nologin
uuidd:x:68:68:uuidd:/:/usr/bin/nologin
messagebus:x:81:81:messagebus:/:/usr/bin/nologin
nobody:x:99:99:nobody:/:/usr/bin/nologin
EOF
chmod 644 ./etc/passwd
cat <<EOF > ./etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
proc:x:26:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
messagebus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
input:x:97:
power:x:98:
nobody:x:99:
EOF
chmod 644 ./etc/group
# FIXME: remove this
cat <<EOF > usr/lib/systemd/system/demo.service
[Unit]
Description=Debug Shell (/bin/sulogin)
Conflicts=shutdown.target
Before=shutdown.target
[Service]
Environment=HOME=/root
WorkingDirectory=/root
ExecStart=/bin/sulogin
Type=idle
StandardInput=tty-force
StandardOutput=inherit
StandardError=inherit
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes
Restart=always
[Install]
WantedBy=basic.target
EOF
mkdir usr/lib/systemd/system/basic.target.wants
ln -sf ../demo.service usr/lib/systemd/system/basic.target.wants/demo.service
# set default target
ln -sf basic.target usr/lib/systemd/system/default.target
# remove first boot
rm -f usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
# remove vconsole setup
rm -f usr/lib/udev/rules.d/90-vconsole.rules
# install busybox
cp ${pkgs.busybox.out}/bin/busybox usr/bin/
usr/bin/busybox --list | xargs -I {} ln -sf busybox usr/bin/{}
# install dbus broker
cp ${self.packages.${system}.dbus-broker.out}/usr/bin/* usr/bin
cp ${self.packages.${system}.dbus-broker.out}/lib/systemd/system/* usr/lib/systemd/system
cp -Pr ${pkgs.dbus.out}/share/* usr/share/
find usr/share/ -type d -exec chmod 755 {} \;
sed -i 's#/nix/store.*/share#/usr/share#' usr/share/xml/dbus-1/*
sed -i 's#/nix/store.*/libexec#/usr/bin#' usr/share/dbus-1/system.conf
# enable dbus
ln -sf ../dbus-broker.service usr/lib/systemd/system/basic.target.wants/dbus.service
cat <<EOF > usr/lib/systemd/system/dbus.socket
[Unit]
Description=D-Bus System Message Bus Socket
[Socket]
ListenStream=/run/dbus/system_bus_socket
EOF
ln -sf ../dbus.socket usr/lib/systemd/system/sockets.target.wants/dbus.socket
# install lib kmod
cp -P ${pkgs.kmod.lib}/lib/* ./usr/lib
cp -P ${pkgs.kmod.out}/bin/* ./usr/bin
cp -P ${pkgs.libbpf.out}/lib/libbpf* ./usr/lib
# get shared libs
find . -type f -executable -exec ldd {} \; 2> /dev/null | awk '{print $3}' | grep -v systemd | sort -u | xargs cp -t usr/lib
find . -type f -executable -exec chmod 755 {} \;
# FIXME: hacky(?) ELF patching. Is there a better way????????
find . -type f -executable -exec patchelf --set-rpath /lib:/usr/lib:/usr/lib/systemd {} \; 2> /dev/null
find . -type f -executable -exec patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 {} \; 2> /dev/null
cp ${
self.packages.${system}.glibc.out
}/lib/ld-linux-x86-64.so.2 lib/ && patchelf --remove-rpath lib/ld-linux-x86-64.so.2
# strip binaries
find . -type f -executable -exec strip {} \; 2> /dev/null
find . -type d -exec chmod 755 {} \;
# gen initrd
find . -print0 | cpio --null --owner=root:root -o --format=newc | gzip -9 > ../initrd.gz
popd
rm -rf out
'';
}

50
utils/qemu-uefi-tpm.nix Normal file
View file

@ -0,0 +1,50 @@
{
pkgs,
...
}:
pkgs.writeShellApplication {
name = "qemu-uefi-tpm";
runtimeInputs = with pkgs; [
qemu
swtpm
];
text =
let
tpmOVMF = pkgs.OVMF.override { tpmSupport = true; };
in
''
set -ex
state="/tmp/patos-qemu-$USER"
rm -rf "$state"
mkdir -m 700 "$state"
truncate -s 1G "$state/disk.raw"
swtpm socket -d --tpmstate dir="$state" \
--ctrl type=unixio,path="$state/swtpm-sock" \
--tpm2 \
--log level=20
qemu-system-x86_64 \
-enable-kvm \
-machine q35,accel=kvm \
-cpu host \
-smp 8 \
-m 4G \
-display none \
-nographic \
-chardev "stdio,id=char0,mux=on,logfile=$state/console.log,signal=off" \
-serial chardev:char0 \
-mon chardev=char0 \
-drive "if=pflash,format=raw,unit=0,readonly=on,file=${tpmOVMF.firmware}" \
-drive "if=pflash,format=raw,unit=1,readonly=on,file=${tpmOVMF.variables}" \
-chardev socket,id=chrtpm,path="$state/swtpm-sock" \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
-netdev id=net00,type=user,hostfwd=tcp::2222-:22 \
-device virtio-net-pci,netdev=net00 \
-drive "file=fat:rw:patos/,format=raw" \
-drive "format=raw,file=$state/disk.raw"
'';
}