parent
c748e17279
commit
4166b4c1fb
5 changed files with 40 additions and 11 deletions
|
|
@ -17,7 +17,7 @@
|
|||
let
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
patosPkgs = self.packages.${system};
|
||||
version = "0.0.1";
|
||||
version = "0.0.3";
|
||||
updateUrl = "http://10.0.2.2:8000/";
|
||||
in
|
||||
{
|
||||
|
|
|
|||
|
|
@ -25,18 +25,28 @@ runCommand pname {
|
|||
SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
|
||||
};
|
||||
|
||||
kernelCmdLine = "console=ttyS0 patos.secureboot=true";
|
||||
kernelCmdLine = "console=ttyS0 patos.secureboot=false";
|
||||
}
|
||||
''
|
||||
mkdir -p $out/init.repart.d $out/final.repart.d
|
||||
pushd $out
|
||||
|
||||
# Don't seem to work just to create a symlink to rootfs derivation?
|
||||
# ln -sf $rootfs rootfs
|
||||
mkdir rootfs
|
||||
cp -prP ${patosPkgs.rootfs}/* rootfs/
|
||||
find rootfs/ -type d -exec chmod 755 {} \;
|
||||
|
||||
# package kernel modules as sysext
|
||||
pkgName="patos-kernel-modules-${version}"
|
||||
mkdir -p ./tree/usr/lib/extension-release.d
|
||||
cat << EOF > ./tree/usr/lib/extension-release.d/extension-release.patos-kernel-modules
|
||||
ID=patos
|
||||
IMAGE_ID=patos-kernel-modules
|
||||
IMAGE_VERSION=${version}
|
||||
VERSION_ID=patos
|
||||
EOF
|
||||
cp -Prp rootfs/usr/lib/modules ./tree/usr/lib/modules && rm -rf rootfs/usr/lib/modules
|
||||
tar -cJf $pkgName.tar.xz -C ./tree . --owner=root:0 --group=root:0 && rm -rf tree
|
||||
|
||||
# set default target to multi-user
|
||||
ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
|
||||
|
||||
|
|
@ -127,6 +137,22 @@ ReadOnly=1
|
|||
Verify=no
|
||||
EOF
|
||||
|
||||
cat <<EOF > rootfs/etc/sysupdate.d/30-kernel-modules.transfer
|
||||
[Source]
|
||||
Type=url-tar
|
||||
Path=${updateUrl}
|
||||
MatchPattern=patos-kernel-modules-@v.tar.xz
|
||||
|
||||
[Target]
|
||||
Type=subvolume
|
||||
Path=/var/lib/extensions
|
||||
MatchPattern=patos-kernel-modules-@v
|
||||
CurrentSymlink=patos-kernel-modules
|
||||
|
||||
[Transfer]
|
||||
Verify=no
|
||||
EOF
|
||||
|
||||
|
||||
# Initial partitioning
|
||||
cat <<EOF > init.repart.d/10-root.conf
|
||||
|
|
@ -241,8 +267,8 @@ ${patosPkgs.systemd}/usr/bin/systemd-repart \
|
|||
--root=$out \
|
||||
patos_${version}.img > final-repart-output.json
|
||||
|
||||
rm -rf rootfs
|
||||
sha256sum *.root *.verity *.efi > SHA256SUMS
|
||||
rm -rf rootfs init.repart.d final.repart.d *.json
|
||||
sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
|
||||
|
||||
popd
|
||||
''
|
||||
|
|
|
|||
|
|
@ -276,7 +276,7 @@ CONFIG_BRIDGE_VLAN_FILTERING=y
|
|||
CONFIG_BRIDGE=y
|
||||
CONFIG_BSD_DISKLABEL=y
|
||||
CONFIG_BSD_PROCESS_ACCT=y
|
||||
CONFIG_BTRFS_FS=m
|
||||
CONFIG_BTRFS_FS=y
|
||||
CONFIG_BTRFS_FS_POSIX_ACL=y
|
||||
CONFIG_BUFFER_HEAD=y
|
||||
CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
|
|
@ -426,7 +426,7 @@ CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
|
|||
CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
|
||||
CONFIG_CRYPTO_AUTHENC=y
|
||||
CONFIG_CRYPTO_BLAKE2B=m
|
||||
CONFIG_CRYPTO_BLAKE2B=y
|
||||
CONFIG_CRYPTO_BLAKE2S_X86=y
|
||||
CONFIG_CRYPTO_CBC=y
|
||||
CONFIG_CRYPTO_CCM=y
|
||||
|
|
@ -643,7 +643,7 @@ CONFIG_ELF_CORE=y
|
|||
CONFIG_ELFCORE=y
|
||||
CONFIG_ENA_ETHERNET=y
|
||||
CONFIG_ENCLOSURE_SERVICES=y
|
||||
CONFIG_ENCRYPTED_KEYS=m
|
||||
CONFIG_ENCRYPTED_KEYS=y
|
||||
CONFIG_ENIC=m
|
||||
CONFIG_EPOLL=y
|
||||
CONFIG_EROFS_FS_POSIX_ACL=y
|
||||
|
|
@ -1953,7 +1953,7 @@ CONFIG_QUOTA_TREE=y
|
|||
CONFIG_QUOTA=y
|
||||
CONFIG_R8169=m
|
||||
CONFIG_RAID6_PQ_BENCHMARK=y
|
||||
CONFIG_RAID6_PQ=m
|
||||
CONFIG_RAID6_PQ=y
|
||||
CONFIG_RAID_ATTRS=y
|
||||
CONFIG_RANDOMIZE_BASE=y
|
||||
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
|
||||
|
|
@ -2487,7 +2487,7 @@ CONFIG_XFS_QUOTA=y
|
|||
CONFIG_XFS_RT=y
|
||||
CONFIG_XFS_SUPPORT_ASCII_CI=y
|
||||
CONFIG_XFS_SUPPORT_V4=y
|
||||
CONFIG_XOR_BLOCKS=m
|
||||
CONFIG_XOR_BLOCKS=y
|
||||
CONFIG_XPS=y
|
||||
CONFIG_XXHASH=y
|
||||
CONFIG_XZ_DEC_ARMTHUMB=y
|
||||
|
|
|
|||
|
|
@ -172,7 +172,9 @@ cp -P ${pkgs.libbpf}/lib/libbpf*.so* $out/usr/lib/
|
|||
|
||||
### install secure boot tools
|
||||
cp -P ${pkgs.sbctl}/bin/sbctl $out/usr/bin/
|
||||
rm -f $out/usr/bin/tar
|
||||
rm -f $out/usr/bin/blkid
|
||||
cp -P ${pkgs.gnutar}/bin/tar $out/usr/bin/
|
||||
cp -P ${pkgs.util-linuxMinimal}/bin/blkid $out/usr/bin/
|
||||
cp -P ${pkgs.util-linuxMinimal}/bin/lsblk $out/usr/bin/
|
||||
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ pkgs.writeShellApplication {
|
|||
-chardev socket,id=chrtpm,path="$state/swtpm-sock" \
|
||||
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
||||
-device tpm-tis,tpmdev=tpm0 \
|
||||
-netdev id=net00,type=user \
|
||||
-device virtio-net-pci,netdev=net00 \
|
||||
-drive "format=qcow2,file=$state/disk.qcow2"
|
||||
'';
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue