Good: this means it's not hanging holding the s6 dataase lock.
Bad: it's the ugliest implementation and doesn't deserve to be preserved
(tbf the ugliness is not new)
We call s6-rc -u -p default to restart/start the base services
on a rebuild, otherwise services that are only in the new
configuration won't come up. However, this stops any service
started by a trigger. So, workaround is to restart the trigger
service and expect it to restart the services it manages if they're
needed
this is like pkgs.callService except that it passes
config.system.service as a param so that the service
being defined can invoke other services
if this proves to be a good idea, all uses of
pkgs.callService should be changed to use it instead
a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules. Specifying `rules` will override the defaults
config.boot.commandLineDtbNode can be set from `bootargs` to
`bootargs-override` (used for boards where the u-boot on the board does
set `bootargs` on its own).
In that case, the code updating the cmdline for tftpboot purposes also
needs to update this node, not the `bootargs` node.
Otherwise the kernel won't find the phram device, as it never heard
about it, as it didn't get the necessary cmdline options.
this is a bit of an experiment to reduce the copy-paste in
examples by turning them into "application" modules.
planning to follow up with another module for "wifi router"
This adds a simple boot blessing module, to be used, with the Zyxel NWA50AX.
There's a lot of elephant in the rooms: how do you upgrade kernel, etc.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Zyxel "firmware" format is just… a FIT with some metadata on the models.
This FIT is like this:
--------------------------
uImage FIT header
--------------------------
Linux kernel
--------------------------
FDT DTB
--------------------------
Padding so that
this makes
8192kb [1]
--------------------------
UBI volume
as a root filesystem
--------------------------
We just reproduce this in a very brutal and naive way.
In the future, this seems worth to generalize and modularize this idea
so that zyxel-nwa-fit is just an instance of a more general output.
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=target/linux/ramips/image/mt7621.mk;h=ab1b829ba0086cb9fc9ca8cbbf3cbc14735034d6;hb=refs/heads/main#l3097
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
I believe there should be another module exposing `rootubifs` as `rootfs`
or let any other module just subsume that component like `zyxel-nwa-fit` output.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Some devices have a U-boot variant that does not accept a third
parameter on the "bootm" command, meaning we can't override the dtb
in the bootloader so have to smush it back into the kernel image
This doesn't work in QEMU but I think the problem is with the
U-Boot configuration for QEMU. It does work on at least one
hardware device so I'm pushing it anyway
Based on
https://gti.telent.net/raboof/liminix/src/branch/tftp-old-uboot
Co-authored-by: Arnout Engelen <arnout@bzzt.net>
This changes the practice for building kernel modules: now we expect
that the appropriate Kconfig symbols are set to =m in
config.kernel.config, and then use pkgs.kmodloader to create
a service that loads and unloads all the modules depended on by
a particular requirement.
Note that modules won't be installed on the target device just by
virue of having been built: only the modules that are referenced by a
kmodloader package will be in the closure.
An example may make this clearer: see modules/firewall/default.nix
in this commit.
Why?
If you have a compiled Linux kernel source tree and you change some
symbol from "is not set" to m and then run make modules, you cannot in
general expect that newly compiled module to work. This is because
there are places in the build of the main kernel where it looks to see
which modules _may_ be defined and uses that information to
accommodate them.
For example in an in-kernel build of
https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
some symbols are defined only if CONFIG_NF_CONNTRACK is set, meaning
this code won't work if we have it unset initially then try later to
enable it and build modules only. Or see
https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
imagine: you are using a device that requires
CONFIG_MYDEVICE_FROBOZZ_DRIVER but only if CONFIG_FROBOZZ has been
specified elsewhere. Because we check that every requested config
symbol actually appears in .config then it can't be added
unconditionally or the build will fail if CONFIG_FROBOZZ wasn't asked
for.
I'm not 100% happy about this design but it's the best I've thought of
so far.
Adding the reserved-memory node to the dtb can cause it to grow
by enough that it needs an extra page - this will overlap the start
of the kernel image if we calculate offsets based on the original size
Reported-by: sinavir
Authored-by: sinavir
new layout has rootfs followed by kernel and dtb, so that we
know the rootfs start and size to embed them into the dtb instead
of having to use dummy values and fill them in afterwards
This is for QEMU where we won't have to provide a dtb because the
device tree is built by the platform according the (emulated) hardware
present.
Maybe in future there will be other hardware devices where we
don't need to provide a dtb.
this means that net devices in devices/foo/default.nix can be
specified by their sysfs paths (instead of by "eth0" and "eth1" that
may change from one kernel version to the next) and given mnenomic
names that are helpful for the hardware. Like "wan" and "lan[1..4]"
- patch dtb to add reserved-memory stanza for the phram device to use
(aarch64 does not accept memmap= command line option)
- patch phram driver to use memremap() instead of ioremap() as
ioremap can't be used for system ram on arm devices
I may have broken the run-liminix-vm command a bit for MIPS due to
necessary changes in how we pass the command line. If CI isn't green
for this commit and youre trying the worked examples, I suggest
reverting to the commit before this one.
... and make bridge use it.
We also had to convert bridge back into a pair of services.
Downstreams want to depend on the bridge it self being configured
even if not necessarily all the members are up. e.g. don't want
to break ssh on lan if there's a misconfigured wlan device
we then "import" them straight back into base.nix - it's not
as though you can opt out of having a kernel. But this means
they'll appear separately in the documentation
This is in preparation for writing something that extracts them
into documentation.
user configurations now call config.system.service.foo.build { ...params }
instead of config.system.service.foo
the parameter type definitions themselves now move into the
config stanza of the module referencing the service
new helper function liminix.callService
The only service moved so far is dnsmasq
We use (abuse, arguably) the nixos module system for typechecking. Un
the plus side, it gives us documentation of the options and their
expected types. On the downside, the error message doesn't tell us
the file in which the error was encountered.
(This is subject to change, if I can find a better way)
The objective here is that services which depend on global config
(e.g. kernel config or busybox options or static paths in the
filesystem) now live under config.system.service, and are added
to that collection by the module that defines the necessary state.
This is a first step: the services will be configured by a typechecked
attr set instead of the arbitrary arguments that
pkgs.liminix.networking.pppoe accepts
New rules: everything under "config" that isn't actually configuration
(e.g. build products) will in future live in config.system. This is
the first step.