why is extlink hardcoding root device?

I think we might turn "lan" into a bridge, but that's for later

NEWS

@@ -23,5 +23,13 @@ the name of an outputs that gloms together other filesystem-like
 outputs with some kind of partition table - so we might in future have
 gptimage or lvmimage or ubimage.
 
+2024-01-03
+
+Liminix is now targeted to Nixpkgs 23.11 (not 23.05 as previously).
+Upstream changes that have led to incompatible Liminix changes are:
+
+* newer U-Boot version
+* util-linux can now be built (previously depended on systemd)
+
 
 

THOUGHTS.txt

@@ -3707,9 +3707,10 @@ Here is scope of work for Turris:
 recovery/install.
 
 - disk partitioning tools and mkfs stuff
+- kernel with all the filesystems
 - dhcp client for connecting to wired network
 
-(II) we need insttuctions for building the real system
+(II) we need instructions for building the real system
 and using min-copy-closure to copy and install the system
 configuration of the real one into /mnt
 
@@ -3742,14 +3743,105 @@ To be any use, the test needs to be end-to-end - as in, rather than
 just checking some files are copied, test that the machine rebooted
 successfully
 
+Fri Dec 29 18:36:16 GMT 2023
+
+Our test for liminix-rebuild uses qemu block device and ext4 instead
+of phram because -device loader doesn't seem to survive a reboot.
+And it needs some free space in the ext4 partition inside the
+mbr image so that it can install new stuff. However, the
+filesystem is sized to be near-full.
+
+If the mbrimage output is to be much use, probably there should be
+some way of telling it how big the disk is. Maybe it should use
+hardware.flash.size?
+
+UBI also does a bad job of integrating into the hardware.flash hierarchy
+(but ubi is also more complicated as the ubi volumes are "nested" inside
+an MTD partition)
+
+To move forwards with this test I think I will make it not depend on
+mbrimage for now, but we have to come back to this. Maybe importing
+the mbrimage module provides new hardware.disk = { partitions, size etc}
+config options.
+
+Sun Dec 31 23:52:04 GMT 2023
+
+https://developer.ridgerun.com/wiki/index.php/Setting_up_fw_printenv_to_modify_u-boot_environment_variables#Preparing_the_fw_env.config_file
+
+can we extract the fw_env config data somehow to produce an appropriate
+file for the device?
+
+the device config needs to specify partition name and offset at minimum,
+possibly also size.
+
+we can create a service that writes the config based on those values. but
+if we are to be using fw_setenv from the shell, there is no service
+which depends on that service. whatever defines the service also needs
+to add it to system.services so that the recovery system can specify it
+
+Sat Jan  6 12:30:27 GMT 2024
+
+How do we min-copy-closure to the device when we don't have anything
+hooked to the LAN port? It's rather easy to break the WAN  connection
+when it involves going out to the internet and back
+
+* Don't want to plug it into the actual lan because it's doing dhcp service
+ and that is going to confuse
+
+* the machine we're copying from is loaclhost
+
+* we could do some kind of port forwarding thing? maybe a port forward on
+  run-border-vm qemu user networking ...
+
+* static route on loaclhost?
+
+  512  sudo ip netns add test-lan
+  514  sudo ip link set dev enp1s0 netns test-lan
+
+  525  sudo ip link add veth-test-lan type veth peer veth1 netns test-lan
+  533  sudo  ip netns exec test-lan ip link add name br0 type bridge
+  536  sudo  ip netns exec test-lan ip link set veth1 master br0
+  537  sudo  ip netns exec test-lan ip link set enp1s0 master br0
+       sudo  ip netns exec test-lan /nix/store/dh66q9k402pwpmmgc983xwmwb3vvvjbr-busybox-1.36.1/bin/busybox udhcpc -i br0
+
+then we could add a route to 10.8.0.1/32 with dev veth-test-lan ?
+
+Sat Jan  6 20:52:45 GMT 2024
+
+This is all beside the point right now because the _recovery_ system
+does not run all this stuff - it just has a dhcp client on the lan
+interface. We could plug it straight into the switch.
 
 
-COPYING /nix/store/dlz86nip271ybaz0cip7bgkbzijk0cr7-make-stuff-mips-unknown-linux-musl TO //persist
+As we already just plugged it into enp1s0 on loaclhost, could we
+do somethin to put it on the lan from there? add it to vbridge0?
 
+Sun Jan  7 15:30:57 GMT 2024
 
-/nix/store/gr255qjxijksf9361glsj5lz0cklassx-profile
+Turns out we should have used a working ethernet cable.
 
-md5sum /persist/activate
-8eb0760c39cdee0b141b15bbafbc94a0  /persist/activate BAD
-6c27b75cbe9f2ce87c1fd1425362108f  /persist/activate GOOD
-8eb0760c39cdee0b141b15bbafbc94a0  /persist/activate
+Sun Jan  7 15:31:14 GMT 2024
+
+OK, so
+
+# on device
+mount /dev/mmcblk0p1 /mnt
+ [ take a snapshot if needed ]
+ [ clear out the turrisos files ]
+ls /mnt/@
+
+# on build
+
+$ nix-build -I liminix-config=./examples/rotuer.nix --arg device "import ./devices/turris-omnia" -A outputs.systemConfiguration
+$ nix-shell --run "min-copy-closure -r /mnt/@  root@recovery.lan   result "
+
+# on device
+
+$ mkdir /mnt/@/persist
+$ /mnt/@/nix/store/swf3vn9bzx198c0cwp6naq0glqa9192n-make-stuff-armv7l-unknown-linux-musleabihf/bin/install /mnt/@/
+
+this fails because it tries to copy from the unprefixed nix
+store. Also probably it should mkdir $prefix/persist. Also it needs to
+create $prefix/boot: it's too late to do that with `activate`
+because u-boot will need it to exist in order to load the initramfs
+that runs activate

devices/turris-omnia/default.nix

@@ -127,7 +127,7 @@
             NET_DSA_MV88E6XXX = "y"; # depends on PTP_1588_CLOCK_OPTIONAL
           };
         };
-        rootfsType = "ext4";
+
         boot = {
           commandLine = [
             "console=ttyS0,115200"
@@ -219,9 +219,13 @@
                 ifname = "wan";
               };
 
-              lan = link.build {
-                ifname = "lan1";
-              };
+              lan0 = link.build { ifname = "lan0"; };
+              lan1 = link.build { ifname = "lan1"; };
+              lan2 = link.build { ifname = "lan2"; };
+              lan3 = link.build { ifname = "lan3"; };
+              lan4 = link.build { ifname = "lan4"; };
+              lan5 = link.build { ifname = "lan5"; };
+              lan = lan0; # maybe we should build a bridge?
 
               wlan = link.build {
                 ifname = "wlan0";

examples/recovery.nix

@@ -0,0 +1,82 @@
+{ config, pkgs, lib, ... } :
+let
+  inherit (pkgs) serviceFns;
+  svc = config.system.service;
+  inherit (pkgs.pseudofile) dir symlink;
+  inherit (pkgs.liminix.services) oneshot longrun bundle target;
+
+in rec {
+  imports = [
+    ../modules/network
+    ../modules/ssh
+    ../modules/schnapps
+    ../modules/outputs/mtdimage.nix
+    ../modules/outputs/mbrimage.nix
+    ../modules/outputs/tftpboot.nix
+    ../modules/outputs/ubifs.nix
+    ../modules/outputs/ubimage.nix
+    ../modules/outputs/jffs2.nix
+    ../modules/outputs/ext4fs.nix
+  ];
+
+  kernel.config = {
+    BTRFS_FS = "y";
+  };
+
+  boot.tftp = {
+    ipaddr = "10.0.0.8"; # my address
+    serverip = "10.0.0.1"; # build machine or other tftp server
+  };
+
+  hostname = "recovery";
+
+  services.dhcpc = svc.network.dhcp.client.build {
+    interface = config.hardware.networkInterfaces.lan2;
+
+    # don't start DHCP until the hostname is configured,
+    # so it can identify itself to the DHCP server
+    dependencies = [ config.services.hostname ];
+  };
+
+  services.sshd = svc.ssh.build { };
+
+  services.defaultroute4 = svc.network.route.build {
+    via = "$(output ${services.dhcpc} router)";
+    target = "default";
+    dependencies = [services.dhcpc];
+  };
+  services.resolvconf = oneshot rec {
+    dependencies = [ services.dhcpc ];
+    name = "resolvconf";
+    up = ''
+      . ${serviceFns}
+      ( in_outputs ${name}
+      for i in $(output ${services.dhcpc} dns); do
+        echo "nameserver $i" > resolv.conf
+      done
+      )
+    '';
+  };
+  filesystem = dir {
+    etc = dir {
+      "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
+    };
+    mnt = dir {};
+  };
+  rootfsType = "squashfs";
+  users.root = {
+    # the password is "secret". Use mkpasswd -m sha512crypt to
+    # create this hashed password string
+    passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
+  };
+
+  defaultProfile.packages = with pkgs; [
+    e2fsprogs # ext4
+    btrfs-progs
+    mtdutils # mtd, jffs2, ubifs
+    dtc      # you never know when you might need device tree stuff
+    util-linux-small # fdisk
+    libubootenv # fw_{set,print}env
+    pciutils
+  ];
+}

examples/rotuer.nix

@@ -43,8 +43,11 @@ in rec {
     ../modules/bridge
     ../modules/ntp
     ../modules/ssh
+    ../modules/outputs/btrfs.nix
+
   ];
   hostname = "rotuer";
+  rootfsType = "btrfs";
 
   services.hostap = svc.hostapd.build {
     interface = config.hardware.networkInterfaces.wlan;

modules/base.nix

@@ -40,6 +40,7 @@ in {
     rootfsType =  mkOption {
       default = "squashfs";
       type = types.enum [
+        "btrfs"
         "ext4"
         "jffs2"
         "squashfs"
@@ -134,6 +135,7 @@ in {
       proc = dir {};
       run = dir {};
       sys = dir {};
+      tmp = dir {};
     };
   };
 }

modules/outputs/btrfs.nix

@@ -0,0 +1,37 @@
+{
+  config
+, pkgs
+, lib
+, ...
+}:
+let
+  inherit (lib) mkIf mkOption types;
+  o = config.system.outputs;
+in
+{
+  imports = [
+    ./initramfs.nix
+  ];
+  config = mkIf (config.rootfsType == "btrfs") {
+    kernel.config = {
+      BTRFS_FS = "y";
+    };
+    boot.initramfs.enable = true;
+    system.outputs = {
+      rootfs =
+        let
+          inherit (pkgs.pkgsBuildBuild) runCommand e2fsprogs;
+        in runCommand "mkfs.btrfs" {
+          depsBuildBuild = [ e2fsprogs ];
+        } ''
+          tree=${o.bootablerootdir}
+          size=$(du -s --apparent-size --block-size 1024 $tree |cut -f1)
+          # add 25% for filesystem overhead
+          size=$(( 5 * $size / 4))
+          dd if=/dev/zero of=$out bs=1024 count=$size
+          echo "not implemented" ; exit 1
+          # mke2fs -t ext4 -j -d $tree $out
+        '';
+    };
+  };
+}

modules/outputs/extlinux.nix

@@ -31,7 +31,7 @@ in {
       label Liminix
         kernel /boot/kernel
         # initrd /boot/initramfs
-        append ${cmdline} root=/dev/vda1
+        append ${cmdline} 
         ${if wantsDtb then "fdt /boot/dtb" else ""}
       _EOF
     '';

modules/s6/scripts/rc.init

@@ -17,6 +17,7 @@ shift
 
 mount -t proc none /proc
 mount -t sysfs none /sys
+mount -t tmpfs none /tmp
 # s6-linux-init mounts /dev before this script is called
 mkdir /dev/pts
 mount -t devpts none /dev/pts

modules/schnapps/default.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... } :
+{
+  config = {
+    programs.busybox = {
+      options = {
+        # schnapps is a shell script that needs
+        # [ command
+        # find -maxdepth  -mindepth
+        # head -c
+        # echo -n
+        ASH_TEST = "y";
+        FEATURE_FIND_MAXDEPTH = "y";
+        FEATURE_FANCY_HEAD = "y";
+        FEATURE_FANCY_ECHO = "y";
+      };
+    };
+    defaultProfile.packages = [ pkgs.schnapps ] ;
+  };
+}

overlay.nix

@@ -50,6 +50,12 @@ extraPkgs // {
   };
 
   # keep these alphabetical
+
+  btrfs-progs = prev.btrfs-progs.override {
+    udevSupport = false;
+    udev = null;
+  };
+
   chrony =
     let chrony' = prev.chrony.overrideAttrs(o: {
           configureFlags = [

pkgs/default.nix

@@ -10,10 +10,7 @@ let
       type' = types.submodule { options = type; };
     in (mergeDefinitions [] type' defs).mergedValue;
 in {
-  pseudofile = callPackage ./pseudofile {};
   liminix = {
-    services = callPackage ./liminix-tools/services {};
-    networking =  callPackage ./liminix-tools/networking {};
     builders =  {
       squashfs = callPackage ./liminix-tools/builders/squashfs.nix {};
       dtb = callPackage ./kernel/dtb.nix {};
@@ -52,32 +49,26 @@ in {
         };
       inherit typeChecked;
     };
+    networking =  callPackage ./liminix-tools/networking {};
+    services = callPackage ./liminix-tools/services {};
   };
-  writeFennelScript = callPackage ./write-fennel-script {};
-  writeFennel = callPackage ./write-fennel {};
-  writeAshScript = callPackage ./write-ash-script {};
-  systemconfig = callPackage ./systemconfig {};
-  s6-init-bin =  callPackage ./s6-init-bin {};
-  s6-rc-database = callPackage ./s6-rc-database {};
-  run-liminix-vm = callPackage ./run-liminix-vm {};
-  ppp = callPackage ./ppp {};
-  pppoe = callPackage ./pppoe {};
 
-  kernel-backport = callPackage ./kernel-backport {};
-  mac80211 = callPackage ./mac80211 {};
-  netlink-lua = callPackage ./netlink-lua {};
-  linotify = callPackage ./linotify {};
-  ifwait = callPackage ./ifwait {};
+  # please keep the rest of this list alphabetised :-)
 
+  anoia = callPackage ./anoia {};
+  fennel = callPackage ./fennel {};
+  fennelrepl = callPackage ./fennelrepl {};
+  firewallgen  = callPackage ./firewallgen {};
   gen_init_cpio = callPackage ./gen_init_cpio {};
-
-  serviceFns = callPackage ./service-fns {};
-
-  # these are packages for the build system not the host/target
-
-  tufted = callPackage ./tufted {};
-  routeros = callPackage ./routeros {};
   go-l2tp = callPackage ./go-l2tp {};
+  hi = callPackage ./hi {};
+  ifwait = callPackage ./ifwait {};
+  initramfs-peek = callPackage ./initramfs-peek {};
+  kernel-backport = callPackage ./kernel-backport {};
+  kernel-modules  = callPackage ./kernel-modules {};
+  levitate = callPackage ./levitate {};
+  libubootenv = callPackage ./libubootenv {};
+  linotify = callPackage ./linotify {};
 
   # we need to build real lzma instead of using xz, because the lzma
   # decoder in u-boot doesn't understand streaming lzma archives
@@ -86,24 +77,33 @@ in {
   # https://sourceforge.net/p/squashfs/mailman/message/26599379/
   lzma = callPackage ./lzma {};
 
-  preinit = callPackage ./preinit {};
-  swconfig = callPackage ./swconfig {};
-  odhcp6c = callPackage ./odhcp6c {};
-
-  openwrt = callPackage ./openwrt {};
-
-  initramfs-peek = callPackage ./initramfs-peek {};
+  mac80211 = callPackage ./mac80211 {};
   min-collect-garbage = callPackage ./min-collect-garbage {};
   min-copy-closure = callPackage ./min-copy-closure {};
-  hi = callPackage ./hi {};
-  firewallgen  = callPackage ./firewallgen {};
-  kernel-modules  = callPackage ./kernel-modules {};
+  netlink-lua = callPackage ./netlink-lua {};
   odhcp-script = callPackage ./odhcp-script {};
-  fennel = callPackage ./fennel {};
-  fennelrepl = callPackage ./fennelrepl {};
-  anoia = callPackage ./anoia {};
+  odhcp6c = callPackage ./odhcp6c {};
+  openwrt = callPackage ./openwrt {};
+  ppp = callPackage ./ppp {};
+  pppoe = callPackage ./pppoe {};
+  preinit = callPackage ./preinit {};
+  pseudofile = callPackage ./pseudofile {};
+  routeros = callPackage ./routeros {};
+  run-liminix-vm = callPackage ./run-liminix-vm {};
+  s6-init-bin =  callPackage ./s6-init-bin {};
+  s6-rc-database = callPackage ./s6-rc-database {};
 
-  levitate = callPackage ./levitate {};
+  # schnapps is written by Turris and provides a high-level interface
+  # to btrfs snapshots. It may be useful on the Turris Omnia to
+  # install Liminix while retaining the ability to rollback to the
+  # vendor OS, or even to derisk Liminix updates on that device
+  schnapps = callPackage ./schnapps {};
 
-  libubootenv = callPackage ./libubootenv {};
+  serviceFns = callPackage ./service-fns {};
+  swconfig = callPackage ./swconfig {};
+  systemconfig = callPackage ./systemconfig {};
+  tufted = callPackage ./tufted {};
+  writeAshScript = callPackage ./write-ash-script {};
+  writeFennel = callPackage ./write-fennel {};
+  writeFennelScript = callPackage ./write-fennel-script {};
 }

pkgs/min-copy-closure/liminix-rebuild.sh

@@ -12,7 +12,7 @@ target_host=$1
 shift
 
 if [ -z "$target_host" ] ; then
-    echo Usage: liminix-rebuild [--no-reboot] target-host params
+    echo Usage: liminix-rebuild \[--no-reboot\] target-host params
     exit 1
 fi
 

pkgs/schnapps/default.nix

@@ -0,0 +1,27 @@
+{
+  stdenv
+, fetchFromGitLab
+, makeWrapper
+, btrfs-progs
+, lib
+}:
+let search_path = lib.makeBinPath [btrfs-progs];
+in stdenv.mkDerivation {
+  pname = "schnapps";
+  version = "2.13.0";
+
+  src =fetchFromGitLab {
+    domain = "gitlab.nic.cz";
+    owner = "turris";
+    repo = "schnapps";
+    rev = "53ac92c765d670be4b98dba2c948859a9ac7607f";
+    hash = "sha256-yVgXK+V2wrcOPLB6X6qm3hyBcWcyzNhfJjFF7YRk5Lc=";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+  buildPhase = ":";
+  installPhase = ''
+    install -D schnapps.sh $out/bin/schnapps
+    wrapProgram $out/bin/schnapps --prefix PATH : "${search_path}"
+  '';
+}

pkgs/systemconfig/default.nix

@@ -81,8 +81,11 @@ in attrset:
       $STRIP --remove-section=.note  --remove-section=.comment --strip-all makedevs -o $out/bin/activate
       ln -s ${s6-init-bin}/bin/init $out/bin/init
       cat > $out/bin/install <<EOF
-      #!/bin/sh
-      cp -v -fP $out/bin/* $out/etc/* \''${1-/}/persist
+      #!/bin/sh -e
+      prefix=\''${1-/}
+      src=\''${prefix}$out
+      mkdir -p \$prefix/persist
+      cp -v -fP \$src/bin/* \$src/etc/* \$prefix/persist
       EOF
       chmod +x $out/bin/install
     '';