feat(image): install upstream kexec which now have support for UKIs

2025-02-26 14:35:58 +01:00 · 2025-02-26 14:35:58 +01:00 · 7365ef8918
commit 7365ef8918
parent 0a0e9127e0
13 changed files with 74 additions and 7 deletions
--- a/pkgs/rootfs/default.nix
+++ b/pkgs/rootfs/default.nix
@ -0,0 +1,32 @@
+{
+  pkgs,
+  stdenvNoCC,
+  patosPkgs,
+  version,
+  ...
+}:
+let
+  pname = "patos-rootfs";
+in
+stdenvNoCC.mkDerivation (finalAttrs: {
+  inherit version;
+  inherit pname;
+
+  buildInputs = with pkgs; [
+    glibc
+    binutils
+  ];
+
+  glibcPatos = patosPkgs.glibc.out;
+  systemd = patosPkgs.systemd.out;
+  dbusBroker = patosPkgs.dbus-broker.out;
+  kernel = patosPkgs.kernel.kernel;
+  busybox = pkgs.busybox.out;
+  kmodLibs = pkgs.kmod.lib;
+  kmodBin = pkgs.kmod.out;
+  libbpf = pkgs.libbpf.out;
+  btrfs = pkgs.btrfs-progs.out;
+  kexec = patosPkgs.kexec.out;
+
+  builder = ./mkrootfs.sh;
+})
--- a/pkgs/rootfs/mkinitrd.nix
+++ b/pkgs/rootfs/mkinitrd.nix
@ -0,0 +1,23 @@
+{
+  pkgs,
+  stdenvNoCC,
+  patosPkgs,
+  version,
+  ...
+}:
+let
+  pname = "patos-ramdisk";
+in
+stdenvNoCC.mkDerivation (finalAttrs: {
+  inherit version;
+  inherit pname;
+
+  buildInputs = with pkgs; [
+    cpio
+    xz
+  ];
+
+  rootfs = patosPkgs.rootfs.out;
+
+  builder = ./mkinitrd.sh;
+})
--- a/pkgs/rootfs/mkinitrd.sh
+++ b/pkgs/rootfs/mkinitrd.sh
@ -0,0 +1,23 @@
+set -ex -p pipefail
+echo "Building initram disk"
+mkdir -p $out/root
+pushd $out/root
+
+### copy rootfs
+cp -prP $rootfs/* .
+find . -type d -exec chmod 755 {} \;
+mkdir sysroot
+
+### create directories
+ln -sf ../usr/lib/systemd/systemd init
+
+### Create needed files
+echo patos > ./etc/hostname
+
+ln -sf /etc/os-release ./etc/initrd-release
+
+# gen initrd
+find . -print0 | cpio --null --owner=root:root -o --format=newc | xz -9 --check=crc32 > ../initrd.xz
+
+popd
+rm -rf $out/root
--- a/pkgs/rootfs/mkrootfs.sh
+++ b/pkgs/rootfs/mkrootfs.sh
@ -0,0 +1,200 @@
+set -ex -o pipefail
+
+### create directory structure
+mkdir -p $out/etc/repart.d $out/dev $out/proc $out/sys $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var/tmp
+ln -sf /usr/bin $out/bin
+ln -sf /usr/bin $out/sbin
+ln -sf /usr/lib $out/lib
+ln -sf /usr/lib $out/lib64
+ln -sf ../proc/self/mounts $out/etc/mtab
+
+### install systemd
+echo "Installing systemd"
+cp -Pr $systemd/* $out/
+find $out -type d -exec chmod 755 {} \;
+rm -rf $out/usr/include
+rm -rf $out/usr/sbin
+rm -f $out/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
+rm -f $out/usr/lib/systemd/ukify
+rm -f $out/usr/bin/ukify
+rm -f $out/usr/lib/udev/rules.d/90-vconsole.rules
+
+cat <<EOF > $out/etc/os-release
+NAME=PatOS
+PRETTY_NAME=PatOS v${version} (Pre-Alpha)
+IMAGE_ID=patos
+ID=patos
+IMAGE_VERSION=${version}
+VERSION=${version}
+VERSION_ID={version}
+BUILD_ID={version}
+EOF
+
+cat <<EOF > $out/etc/issue
+<<< Welcome to PatOS v${version} (Pre-Alpha) (\m) - \l >>>
+
+EOF
+
+# replace agetty with busybox getty
+sed -i 's#ExecStart=.*#ExecStart=-/sbin/getty -L %I 115200 vt100#' $out/usr/lib/systemd/system/serial-getty@.service
+
+sed -i 's#After=\(.*\)#After=sysroot.mount \1#' $out/usr/lib/systemd/system/systemd-repart.service
+cat <<EOF > $out/etc/repart.d/10-esp.conf
+[Partition]
+Type=esp
+Format=vfat
+EOF
+
+cat <<EOF > $out/etc/repart.d/22-root.conf
+[Partition]
+Type=root
+EOF
+
+cat <<EOF > $out/etc/repart.d/40-var.conf
+[Partition]
+Type=var
+UUID=4d21b016-b534-45c2-a9fb-5c16e091fd2d
+Format=btrfs
+Label=patos-state
+Minimize=off
+FactoryReset=yes
+SizeMinBytes=1G
+SplitName=-
+EOF
+
+cat <<EOF > $out/usr/lib/systemd/system/var.mount
+[Unit]
+Description=Mount for /var
+Before=local-fs.target
+After=systemd-repart.service
+
+[Mount]
+What=/dev/disk/by-label/patos-state
+Where=/var
+Type=btrfs
+Options=defaults
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF > $out/usr/lib/systemd/system/etc.mount
+[Unit]
+Description=Overlay mount for /etc
+Before=local-fs.target
+
+[Mount]
+What=overlay
+Where=/etc
+Type=overlay
+Options=lowerdir=/etc,upperdir=/run/.rw-etc/upper,workdir=/run/.rw-etc/work
+
+[Install]
+WantedBy=local-fs.target
+EOF
+
+### install PatOS glibc
+cp -P $glibcPatos/lib/*.so* $out/usr/lib/
+
+### install kernel modules
+cp -r $kernel/lib/modules $out/usr/lib/
+find $out/usr/lib/modules -type d -exec chmod 755 {} \;
+
+### install busybox
+cp $busybox/bin/busybox $out/usr/bin/
+$out/usr/bin/busybox --list | xargs -I {} ln -sf busybox $out/usr/bin/{}
+
+### install dbus broker
+cp -r $dbusBroker/* $out/
+
+### install kexec
+cp -Pr ${kexec}/sbin/kexec $out/usr/bin/
+
+### install btrfs progs
+cp -Pr ${btrfs}/bin/* $out/usr/bin/
+cp -Pr ${btrfs}/lib/* $out/usr/lib/
+
+### install lib kmod
+cp -P $kmodLibs/lib/* $out/usr/lib
+cp -P $kmodBin/bin/* $out/usr/bin
+
+### install libbpf
+cp -P $libbpf/lib/libbpf* $out/usr/lib
+
+# remove pkgconfig
+rm -rf $out/usr/lib/pkgconfig
+
+cat <<EOF > $out/etc/passwd
+root::0:0:root:/root:/bin/sh
+bin:x:1:1:bin:/bin:/usr/bin/nologin
+daemon:x:2:2:daemon:/:/usr/bin/nologin
+mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
+ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
+http:x:33:33:http:/srv/http:/usr/bin/nologin
+uuidd:x:68:68:uuidd:/:/usr/bin/nologin
+messagebus:x:81:81:messagebus:/:/usr/bin/nologin
+nobody:x:99:99:nobody:/:/usr/bin/nologin
+systemd-coredump:x:151:992::/var/empty:/usr/bin/nologin
+systemd-network:x:152:152::/var/empty:/usr/bin/nologin
+systemd-resolve:x:153:153::/var/empty:/usr/bin/nologin
+systemd-timesync:x:154:154::/var/empty:/usr/bin/nologin
+EOF
+chmod 644 $out/etc/passwd
+
+cat <<EOF > $out/etc/group
+root:x:0:root
+bin:x:1:root,bin,daemon
+daemon:x:2:root,bin,daemon
+sys:x:3:root,bin
+adm:x:4:root,daemon
+tty:x:5:
+disk:x:6:root
+lp:x:7:daemon
+mem:x:8:
+kmem:x:9:
+wheel:x:10:root
+ftp:x:11:
+mail:x:12:
+uucp:x:14:
+log:x:19:root
+utmp:x:20:
+locate:x:21:
+rfkill:x:24:
+smmsp:x:25:
+proc:x:26:
+http:x:33:
+games:x:50:
+lock:x:54:
+uuidd:x:68:
+messagebus:x:81:
+systemd-journal:x:62:
+systemd-network:x:152:
+systemd-resolve:x:153:
+systemd-timesync:x:154:
+systemd-oom:x:991:
+systemd-coredump:x:992:
+network:x:90:
+video:x:91:
+audio:x:92:
+optical:x:93:
+floppy:x:94:
+storage:x:95:
+scanner:x:96:
+input:x:97:
+power:x:98:
+nobody:x:99:
+EOF
+chmod 644 $out/etc/group
+
+### Find and install all shared libs
+find $out -type f -executable -exec ldd {} \; | awk '{print $3}' | grep -v systemd | grep -v glibc | sort -u | xargs cp -t $out/usr/lib
+find $out -type f -executable -exec chmod 755 {} \;
+
+# FIXME: ELF patching. Is there a better way?
+find $out -type f -executable -exec patchelf --set-rpath /lib:/usr/lib:/usr/lib/systemd {} \;
+find $out -type f -executable -exec patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 {} \;
+patchelf --remove-rpath $out/usr/lib/ld-linux-x86-64.so.2
+
+# strip binaries
+find $out -type f -executable -exec strip {} \;
+find $out -type d -exec chmod 755 {} \;