diff --git a/flake.nix b/flake.nix
index 9e92cc8..b4a7411 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,7 +17,7 @@
let
pkgs = import nixpkgs { inherit system; };
patosPkgs = self.packages.${system};
- version = "0.0.1";
+ version = "0.0.3";
updateUrl = "http://10.0.2.2:8000/";
in
{
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index 94748a3..452bf1f 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -25,18 +25,28 @@ runCommand pname {
SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
};
- kernelCmdLine = "console=ttyS0 patos.secureboot=true";
+ kernelCmdLine = "console=ttyS0 patos.secureboot=false";
}
''
mkdir -p $out/init.repart.d $out/final.repart.d
pushd $out
-# Don't seem to work just to create a symlink to rootfs derivation?
-# ln -sf $rootfs rootfs
mkdir rootfs
cp -prP ${patosPkgs.rootfs}/* rootfs/
find rootfs/ -type d -exec chmod 755 {} \;
+# package kernel modules as sysext
+pkgName="patos-kernel-modules-${version}"
+mkdir -p ./tree/usr/lib/extension-release.d
+cat << EOF > ./tree/usr/lib/extension-release.d/extension-release.patos-kernel-modules
+ID=patos
+IMAGE_ID=patos-kernel-modules
+IMAGE_VERSION=${version}
+VERSION_ID=patos
+EOF
+cp -Prp rootfs/usr/lib/modules ./tree/usr/lib/modules && rm -rf rootfs/usr/lib/modules
+tar -cJf $pkgName.tar.xz -C ./tree . --owner=root:0 --group=root:0 && rm -rf tree
+
# set default target to multi-user
ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
@@ -127,6 +137,22 @@ ReadOnly=1
Verify=no
EOF
+cat <<EOF > rootfs/etc/sysupdate.d/30-kernel-modules.transfer
+[Source]
+Type=url-tar
+Path=${updateUrl}
+MatchPattern=patos-kernel-modules-@v.tar.xz
+
+[Target]
+Type=subvolume
+Path=/var/lib/extensions
+MatchPattern=patos-kernel-modules-@v
+CurrentSymlink=patos-kernel-modules
+
+[Transfer]
+Verify=no
+EOF
+
# Initial partitioning
cat <<EOF > init.repart.d/10-root.conf
@@ -241,8 +267,8 @@ ${patosPkgs.systemd}/usr/bin/systemd-repart \
--root=$out \
patos_${version}.img > final-repart-output.json
-rm -rf rootfs
-sha256sum *.root *.verity *.efi > SHA256SUMS
+rm -rf rootfs init.repart.d final.repart.d *.json
+sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
popd
''
diff --git a/pkgs/kernel/generic.config b/pkgs/kernel/generic.config
index 048421b..4c67b0a 100644
--- a/pkgs/kernel/generic.config
+++ b/pkgs/kernel/generic.config
@@ -276,7 +276,7 @@ CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_BRIDGE=y
CONFIG_BSD_DISKLABEL=y
CONFIG_BSD_PROCESS_ACCT=y
-CONFIG_BTRFS_FS=m
+CONFIG_BTRFS_FS=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_BUFFER_HEAD=y
CONFIG_BUG_ON_DATA_CORRUPTION=y
@@ -426,7 +426,7 @@ CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
CONFIG_CRYPTO_AUTHENC=y
-CONFIG_CRYPTO_BLAKE2B=m
+CONFIG_CRYPTO_BLAKE2B=y
CONFIG_CRYPTO_BLAKE2S_X86=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=y
@@ -643,7 +643,7 @@ CONFIG_ELF_CORE=y
CONFIG_ELFCORE=y
CONFIG_ENA_ETHERNET=y
CONFIG_ENCLOSURE_SERVICES=y
-CONFIG_ENCRYPTED_KEYS=m
+CONFIG_ENCRYPTED_KEYS=y
CONFIG_ENIC=m
CONFIG_EPOLL=y
CONFIG_EROFS_FS_POSIX_ACL=y
@@ -1953,7 +1953,7 @@ CONFIG_QUOTA_TREE=y
CONFIG_QUOTA=y
CONFIG_R8169=m
CONFIG_RAID6_PQ_BENCHMARK=y
-CONFIG_RAID6_PQ=m
+CONFIG_RAID6_PQ=y
CONFIG_RAID_ATTRS=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
@@ -2487,7 +2487,7 @@ CONFIG_XFS_QUOTA=y
CONFIG_XFS_RT=y
CONFIG_XFS_SUPPORT_ASCII_CI=y
CONFIG_XFS_SUPPORT_V4=y
-CONFIG_XOR_BLOCKS=m
+CONFIG_XOR_BLOCKS=y
CONFIG_XPS=y
CONFIG_XXHASH=y
CONFIG_XZ_DEC_ARMTHUMB=y
diff --git a/pkgs/rootfs/mkrootfs.nix b/pkgs/rootfs/mkrootfs.nix
index 257ffb6..235a70a 100644
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@@ -172,7 +172,9 @@ cp -P ${pkgs.libbpf}/lib/libbpf*.so* $out/usr/lib/
### install secure boot tools
cp -P ${pkgs.sbctl}/bin/sbctl $out/usr/bin/
+rm -f $out/usr/bin/tar
rm -f $out/usr/bin/blkid
+cp -P ${pkgs.gnutar}/bin/tar $out/usr/bin/
cp -P ${pkgs.util-linuxMinimal}/bin/blkid $out/usr/bin/
cp -P ${pkgs.util-linuxMinimal}/bin/lsblk $out/usr/bin/
diff --git a/utils/qemu-uefi-tpm.nix b/utils/qemu-uefi-tpm.nix
index 9087ada..7d51868 100644
--- a/utils/qemu-uefi-tpm.nix
+++ b/utils/qemu-uefi-tpm.nix
@@ -47,6 +47,7 @@ pkgs.writeShellApplication {
-chardev socket,id=chrtpm,path="$state/swtpm-sock" \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
+ -netdev id=net00,type=user \
-device virtio-net-pci,netdev=net00 \
-drive "format=qcow2,file=$state/disk.qcow2"
'';