silly uki image with the systemd-ukify tooling

2025-02-17 15:15:24 +01:00 · 2025-02-17 15:15:24 +01:00 · 7cc41d1139
commit 7cc41d1139
parent 52986e7e70
4 changed files with 188 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,6 +4,8 @@
 .task
 /result
 /target
+/out
+/initrd.gz
 .*.swp
 .*.swo
 .nixos-test-history
--- a/flake.nix
+++ b/flake.nix
@ -21,11 +21,122 @@
        packages = {
          default = self.packages.${system}.image;
          image = pkgs.writeShellScriptBin "image" ''
-            echo "make image here..."
+            echo "make UKI..."
+            echo ${self.packages.${system}.kernel.kernel}/bzImage
+            ${self.packages.${system}.systemd.out}/usr/bin/ukify build \
+            --linux ${self.packages.${system}.kernel.kernel}/bzImage \
+            --initrd ./initrd.gz \
+            --cmdline "console=ttyS0" \
+            -o patos.efi
          '';

          kernel = pkgs.callPackage ./kernel { };
+          glibc = pkgs.callPackage ./glibc { };
          systemd = pkgs.callPackage ./systemd { };
+
+          mkinitrd = pkgs.writeShellScriptBin "mkinitrd" ''
+            echo "make initrd..."
+            mkdir -p out
+
+            # copy systemd
+            cp -r ${self.packages.${system}.systemd.out}/* out/
+            pushd out
+
+            find . -type d -exec chmod 755 {} \;
+
+            mkdir -p dev proc sys tmp root
+            ln -sf usr/bin bin
+            ln -sf usr/bin sbin
+            ln -sf usr/lib lib
+            ln -sf usr/lib lib64
+
+            ln -sf ../proc/self/mounts etc/mtab
+            ln -sf ../usr/lib/systemd/systemd init
+
+            echo patos > ./etc/hostname
+            cat <<EOF > ./etc/os-release
+            NAME="PatOS"
+            PRETTY_NAME="PatOS Platform"
+            ID=patos
+            EOF
+
+            cat <<EOF > ./etc/passwd
+            root::0:0:root:/root:/bin/sh
+            bin:x:1:1:bin:/bin:/usr/bin/nologin
+            daemon:x:2:2:daemon:/:/usr/bin/nologin
+            mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
+            ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
+            http:x:33:33:http:/srv/http:/usr/bin/nologin
+            uuidd:x:68:68:uuidd:/:/usr/bin/nologin
+            dbus:x:81:81:dbus:/:/usr/bin/nologin
+            nobody:x:99:99:nobody:/:/usr/bin/nologin
+            EOF
+            chmod 644 ./etc/passwd
+
+            cat <<EOF > ./etc/group
+            root:x:0:root
+            bin:x:1:root,bin,daemon
+            daemon:x:2:root,bin,daemon
+            sys:x:3:root,bin
+            adm:x:4:root,daemon
+            tty:x:5:
+            disk:x:6:root
+            lp:x:7:daemon
+            mem:x:8:
+            kmem:x:9:
+            wheel:x:10:root
+            ftp:x:11:
+            mail:x:12:
+            uucp:x:14:
+            log:x:19:root
+            utmp:x:20:
+            locate:x:21:
+            rfkill:x:24:
+            smmsp:x:25:
+            proc:x:26:
+            http:x:33:
+            games:x:50:
+            lock:x:54:
+            uuidd:x:68:
+            dbus:x:81:
+            network:x:90:
+            video:x:91:
+            audio:x:92:
+            optical:x:93:
+            floppy:x:94:
+            storage:x:95:
+            scanner:x:96:
+            input:x:97:
+            power:x:98:
+            nobody:x:99:
+            EOF
+            chmod 644 ./etc/group
+
+            # install lib kmod
+            cp ${pkgs.kmod.lib}/lib/* ./usr/lib
+            cp ${pkgs.libbpf.out}/lib/libbpf* ./usr/lib
+
+            # install busybox
+            cp ${pkgs.busybox.out}/bin/busybox usr/bin/
+            usr/bin/busybox --list | xargs -I {} ln -sf busybox usr/bin/{}
+
+            # get shared libs
+            find . -type f -executable | xargs ldd 2> /dev/null | awk '{print $3}' | grep -v systemd | sort -u | xargs cp -t usr/lib
+            find . -type f -executable | xargs chmod 755
+
+            # FIXME: hacky(?) ELF patching. Is there a better way????????
+            find . -type f -executable -print | xargs -I {} ${pkgs.lib.getExe pkgs.patchelf} --set-rpath /lib:/usr/lib:/usr/lib/systemd {} 2> /dev/null
+            find . -type f -executable -print | xargs -I {} ${pkgs.lib.getExe pkgs.patchelf} --set-interpreter /lib/ld-linux-x86-64.so.2 {} 2> /dev/null
+            cp ${
+              self.packages.${system}.glibc.out
+            }/lib/ld-linux-x86-64.so.2 lib/ && ${pkgs.lib.getExe pkgs.patchelf} --remove-rpath lib/ld-linux-x86-64.so.2
+
+            # strip binaries
+            find . -type f -executable | xargs strip 2> /dev/null
+
+            # gen initrd
+            find . -print0 | ${pkgs.lib.getExe pkgs.cpio} --null --owner=root:root -o --format=newc | ${pkgs.lib.getExe pkgs.gzip} -9 > ../initrd.gz
+          '';
        };

        checks = {
--- a/glibc/default.nix
+++ b/glibc/default.nix
@ -0,0 +1,57 @@
+{
+  fetchurl,
+  pkgs,
+  stdenv,
+
+  ...
+}:
+let
+  version = "2.40";
+  pname = "glibcStandalone";
+in
+stdenv.mkDerivation (finalAttrs: {
+  inherit version;
+
+  pname = pname;
+
+  src = fetchurl {
+    url = "mirror://gnu/glibc/glibc-${version}.tar.xz";
+    sha256 = "sha256-GaiQF16SY9dI9ieZPeb0sa+c0h4D8IDkv7Oh+sECBaI=";
+  };
+
+  enableParallelBuilding = true;
+
+  configureFlags = [
+    "--prefix=/"
+    "--libdir=/lib"
+    "--bindir=/bin"
+    "--sysconfdir=/etc"
+  ];
+
+  preConfigure =
+    ''
+      export PWD_P=$(type -tP pwd)
+      for i in configure io/ftwtest-sh; do
+          sed -i "$i" -e "s^/bin/pwd^$PWD_P^g"
+      done
+
+      mkdir ../build
+      cd ../build
+
+      configureScript="`pwd`/../$sourceRoot/configure"
+    '';
+
+  nativeBuildInputs = with pkgs; [
+      bison
+      python3Minimal
+  ];
+
+  outputs = [
+    "out"
+  ];
+
+  preInstall = ''
+    export DESTDIR=${placeholder "out"}
+  '';
+
+})
--- a/systemd/default.nix
+++ b/systemd/default.nix
@ -137,9 +137,6 @@ stdenv.mkDerivation (finalAttrs: {

  postPatch =
    ''
-      substituteInPlace src/basic/path-util.h --replace "@defaultPathNormal@" "${placeholder "out"}/bin/"
-    ''
-    + ''
      substituteInPlace meson.build \
        --replace "find_program('clang'" "find_program('${stdenv.cc.targetPrefix}clang'"
    ''
@ -150,7 +147,7 @@ stdenv.mkDerivation (finalAttrs: {
        "'${targetPackages.stdenv.cc.bintools.targetPrefix}readelf'" \
        --replace \
        "/usr/lib/systemd/boot/efi" \
-        "$out/lib/systemd/boot/efi"
+        "$out/usr/lib/systemd/boot/efi"
    ''
    # Finally, patch shebangs in scripts used at build time. This must not patch
    # scripts that will end up in the output, to avoid build platform references
@ -171,7 +168,7 @@ stdenv.mkDerivation (finalAttrs: {
    "--sysconfdir=/etc"
    "--localstatedir=/var"
    "--libdir=/usr/lib"
-    "--bindir=/bin"
+    "--bindir=/usr/bin"
    "--includedir=/usr/include"
    "--localedir=/usr/share/locale"

@ -190,7 +187,21 @@ stdenv.mkDerivation (finalAttrs: {
    (lib.mesonOption "mode" "release")
    (lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3

-    (lib.mesonOption "kmod-path" "/bin/kmod")
+    # Use busybox kernel modules tools instead
+    (lib.mesonOption "kmod-path" "")
+
+    (lib.mesonOption "debug-shell" "/usr/bin/sh")
+    (lib.mesonOption "pamconfdir" "/etc/pam.d")
+    (lib.mesonOption "shellprofiledir" "/etc/profile.d")
+    (lib.mesonOption "dbuspolicydir" "/usr/share/dbus-1/system.d")
+    (lib.mesonOption "dbussessionservicedir" "/usr/share/dbus-1/services")
+    (lib.mesonOption "dbussystemservicedir" "/usr/share/dbus-1/system-services")
+    (lib.mesonOption "setfont-path" "/usr/bin/setfont")
+    (lib.mesonOption "loadkeys-path" "/usr/bin/loadkeys")
+    (lib.mesonOption "sulogin-path"  "/usr/bin/sulogin")
+    (lib.mesonOption "nologin-path" "/usr/bin/nologin")
+    (lib.mesonOption "mount-path" "/usr/bin/mount")
+    (lib.mesonOption "umount-path" "/usr/bin/umount")

    # SBAT
    (lib.mesonOption "sbat-distro" "patos")