Compare commits
13 Commits
9632a64b47
...
7bc9cb6c55
Author | SHA1 | Date |
---|---|---|
Daniel Barlow | 7bc9cb6c55 | |
Daniel Barlow | a251ceeb99 | |
Daniel Barlow | 38a7f0b03b | |
Daniel Barlow | c0c4752350 | |
Daniel Barlow | 3c941b4ce2 | |
Daniel Barlow | 243295aab8 | |
Daniel Barlow | 45e8db09e1 | |
Daniel Barlow | 2a93f24a58 | |
Daniel Barlow | 64898eada8 | |
Daniel Barlow | 136c5e6f32 | |
Daniel Barlow | fa9a2c6413 | |
Daniel Barlow | 049cdbb610 | |
Daniel Barlow | 5ee4adff10 |
8
NEWS
8
NEWS
|
@ -23,5 +23,13 @@ the name of an outputs that gloms together other filesystem-like
|
|||
outputs with some kind of partition table - so we might in future have
|
||||
gptimage or lvmimage or ubimage.
|
||||
|
||||
2024-01-03
|
||||
|
||||
Liminix is now targeted to Nixpkgs 23.11 (not 23.05 as previously).
|
||||
Upstream changes that have led to incompatible Liminix changes are:
|
||||
|
||||
* newer U-Boot version
|
||||
* util-linux can now be built (previously depended on systemd)
|
||||
|
||||
|
||||
|
||||
|
|
106
THOUGHTS.txt
106
THOUGHTS.txt
|
@ -3707,9 +3707,10 @@ Here is scope of work for Turris:
|
|||
recovery/install.
|
||||
|
||||
- disk partitioning tools and mkfs stuff
|
||||
- kernel with all the filesystems
|
||||
- dhcp client for connecting to wired network
|
||||
|
||||
(II) we need insttuctions for building the real system
|
||||
(II) we need instructions for building the real system
|
||||
and using min-copy-closure to copy and install the system
|
||||
configuration of the real one into /mnt
|
||||
|
||||
|
@ -3742,14 +3743,105 @@ To be any use, the test needs to be end-to-end - as in, rather than
|
|||
just checking some files are copied, test that the machine rebooted
|
||||
successfully
|
||||
|
||||
Fri Dec 29 18:36:16 GMT 2023
|
||||
|
||||
Our test for liminix-rebuild uses qemu block device and ext4 instead
|
||||
of phram because -device loader doesn't seem to survive a reboot.
|
||||
And it needs some free space in the ext4 partition inside the
|
||||
mbr image so that it can install new stuff. However, the
|
||||
filesystem is sized to be near-full.
|
||||
|
||||
If the mbrimage output is to be much use, probably there should be
|
||||
some way of telling it how big the disk is. Maybe it should use
|
||||
hardware.flash.size?
|
||||
|
||||
UBI also does a bad job of integrating into the hardware.flash hierarchy
|
||||
(but ubi is also more complicated as the ubi volumes are "nested" inside
|
||||
an MTD partition)
|
||||
|
||||
To move forwards with this test I think I will make it not depend on
|
||||
mbrimage for now, but we have to come back to this. Maybe importing
|
||||
the mbrimage module provides new hardware.disk = { partitions, size etc}
|
||||
config options.
|
||||
|
||||
Sun Dec 31 23:52:04 GMT 2023
|
||||
|
||||
https://developer.ridgerun.com/wiki/index.php/Setting_up_fw_printenv_to_modify_u-boot_environment_variables#Preparing_the_fw_env.config_file
|
||||
|
||||
can we extract the fw_env config data somehow to produce an appropriate
|
||||
file for the device?
|
||||
|
||||
the device config needs to specify partition name and offset at minimum,
|
||||
possibly also size.
|
||||
|
||||
we can create a service that writes the config based on those values. but
|
||||
if we are to be using fw_setenv from the shell, there is no service
|
||||
which depends on that service. whatever defines the service also needs
|
||||
to add it to system.services so that the recovery system can specify it
|
||||
|
||||
Sat Jan 6 12:30:27 GMT 2024
|
||||
|
||||
How do we min-copy-closure to the device when we don't have anything
|
||||
hooked to the LAN port? It's rather easy to break the WAN connection
|
||||
when it involves going out to the internet and back
|
||||
|
||||
* Don't want to plug it into the actual lan because it's doing dhcp service
|
||||
and that is going to confuse
|
||||
|
||||
* the machine we're copying from is loaclhost
|
||||
|
||||
* we could do some kind of port forwarding thing? maybe a port forward on
|
||||
run-border-vm qemu user networking ...
|
||||
|
||||
* static route on loaclhost?
|
||||
|
||||
512 sudo ip netns add test-lan
|
||||
514 sudo ip link set dev enp1s0 netns test-lan
|
||||
|
||||
525 sudo ip link add veth-test-lan type veth peer veth1 netns test-lan
|
||||
533 sudo ip netns exec test-lan ip link add name br0 type bridge
|
||||
536 sudo ip netns exec test-lan ip link set veth1 master br0
|
||||
537 sudo ip netns exec test-lan ip link set enp1s0 master br0
|
||||
sudo ip netns exec test-lan /nix/store/dh66q9k402pwpmmgc983xwmwb3vvvjbr-busybox-1.36.1/bin/busybox udhcpc -i br0
|
||||
|
||||
then we could add a route to 10.8.0.1/32 with dev veth-test-lan ?
|
||||
|
||||
Sat Jan 6 20:52:45 GMT 2024
|
||||
|
||||
This is all beside the point right now because the _recovery_ system
|
||||
does not run all this stuff - it just has a dhcp client on the lan
|
||||
interface. We could plug it straight into the switch.
|
||||
|
||||
|
||||
COPYING /nix/store/dlz86nip271ybaz0cip7bgkbzijk0cr7-make-stuff-mips-unknown-linux-musl TO //persist
|
||||
As we already just plugged it into enp1s0 on loaclhost, could we
|
||||
do somethin to put it on the lan from there? add it to vbridge0?
|
||||
|
||||
Sun Jan 7 15:30:57 GMT 2024
|
||||
|
||||
/nix/store/gr255qjxijksf9361glsj5lz0cklassx-profile
|
||||
Turns out we should have used a working ethernet cable.
|
||||
|
||||
md5sum /persist/activate
|
||||
8eb0760c39cdee0b141b15bbafbc94a0 /persist/activate BAD
|
||||
6c27b75cbe9f2ce87c1fd1425362108f /persist/activate GOOD
|
||||
8eb0760c39cdee0b141b15bbafbc94a0 /persist/activate
|
||||
Sun Jan 7 15:31:14 GMT 2024
|
||||
|
||||
OK, so
|
||||
|
||||
# on device
|
||||
mount /dev/mmcblk0p1 /mnt
|
||||
[ take a snapshot if needed ]
|
||||
[ clear out the turrisos files ]
|
||||
ls /mnt/@
|
||||
|
||||
# on build
|
||||
|
||||
$ nix-build -I liminix-config=./examples/rotuer.nix --arg device "import ./devices/turris-omnia" -A outputs.systemConfiguration
|
||||
$ nix-shell --run "min-copy-closure -r /mnt/@ root@recovery.lan result "
|
||||
|
||||
# on device
|
||||
|
||||
$ mkdir /mnt/@/persist
|
||||
$ /mnt/@/nix/store/swf3vn9bzx198c0cwp6naq0glqa9192n-make-stuff-armv7l-unknown-linux-musleabihf/bin/install /mnt/@/
|
||||
|
||||
this fails because it tries to copy from the unprefixed nix
|
||||
store. Also probably it should mkdir $prefix/persist. Also it needs to
|
||||
create $prefix/boot: it's too late to do that with `activate`
|
||||
because u-boot will need it to exist in order to load the initramfs
|
||||
that runs activate
|
||||
|
|
|
@ -127,7 +127,7 @@
|
|||
NET_DSA_MV88E6XXX = "y"; # depends on PTP_1588_CLOCK_OPTIONAL
|
||||
};
|
||||
};
|
||||
rootfsType = "ext4";
|
||||
|
||||
boot = {
|
||||
commandLine = [
|
||||
"console=ttyS0,115200"
|
||||
|
@ -219,9 +219,13 @@
|
|||
ifname = "wan";
|
||||
};
|
||||
|
||||
lan = link.build {
|
||||
ifname = "lan1";
|
||||
};
|
||||
lan0 = link.build { ifname = "lan0"; };
|
||||
lan1 = link.build { ifname = "lan1"; };
|
||||
lan2 = link.build { ifname = "lan2"; };
|
||||
lan3 = link.build { ifname = "lan3"; };
|
||||
lan4 = link.build { ifname = "lan4"; };
|
||||
lan5 = link.build { ifname = "lan5"; };
|
||||
lan = lan0; # maybe we should build a bridge?
|
||||
|
||||
wlan = link.build {
|
||||
ifname = "wlan0";
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
||||
|
||||
in rec {
|
||||
imports = [
|
||||
../modules/network
|
||||
../modules/ssh
|
||||
../modules/schnapps
|
||||
../modules/outputs/mtdimage.nix
|
||||
../modules/outputs/mbrimage.nix
|
||||
../modules/outputs/tftpboot.nix
|
||||
../modules/outputs/ubifs.nix
|
||||
../modules/outputs/ubimage.nix
|
||||
../modules/outputs/jffs2.nix
|
||||
../modules/outputs/ext4fs.nix
|
||||
];
|
||||
|
||||
kernel.config = {
|
||||
BTRFS_FS = "y";
|
||||
};
|
||||
|
||||
boot.tftp = {
|
||||
ipaddr = "10.0.0.8"; # my address
|
||||
serverip = "10.0.0.1"; # build machine or other tftp server
|
||||
};
|
||||
|
||||
hostname = "recovery";
|
||||
|
||||
services.dhcpc = svc.network.dhcp.client.build {
|
||||
interface = config.hardware.networkInterfaces.lan2;
|
||||
|
||||
# don't start DHCP until the hostname is configured,
|
||||
# so it can identify itself to the DHCP server
|
||||
dependencies = [ config.services.hostname ];
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
via = "$(output ${services.dhcpc} router)";
|
||||
target = "default";
|
||||
dependencies = [services.dhcpc];
|
||||
};
|
||||
services.resolvconf = oneshot rec {
|
||||
dependencies = [ services.dhcpc ];
|
||||
name = "resolvconf";
|
||||
up = ''
|
||||
. ${serviceFns}
|
||||
( in_outputs ${name}
|
||||
for i in $(output ${services.dhcpc} dns); do
|
||||
echo "nameserver $i" > resolv.conf
|
||||
done
|
||||
)
|
||||
'';
|
||||
};
|
||||
filesystem = dir {
|
||||
etc = dir {
|
||||
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
|
||||
};
|
||||
mnt = dir {};
|
||||
};
|
||||
rootfsType = "squashfs";
|
||||
users.root = {
|
||||
# the password is "secret". Use mkpasswd -m sha512crypt to
|
||||
# create this hashed password string
|
||||
passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
e2fsprogs # ext4
|
||||
btrfs-progs
|
||||
mtdutils # mtd, jffs2, ubifs
|
||||
dtc # you never know when you might need device tree stuff
|
||||
util-linux-small # fdisk
|
||||
libubootenv # fw_{set,print}env
|
||||
pciutils
|
||||
];
|
||||
}
|
|
@ -43,8 +43,11 @@ in rec {
|
|||
../modules/bridge
|
||||
../modules/ntp
|
||||
../modules/ssh
|
||||
../modules/outputs/btrfs.nix
|
||||
|
||||
];
|
||||
hostname = "rotuer";
|
||||
rootfsType = "btrfs";
|
||||
|
||||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
|
|
|
@ -40,6 +40,7 @@ in {
|
|||
rootfsType = mkOption {
|
||||
default = "squashfs";
|
||||
type = types.enum [
|
||||
"btrfs"
|
||||
"ext4"
|
||||
"jffs2"
|
||||
"squashfs"
|
||||
|
@ -134,6 +135,7 @@ in {
|
|||
proc = dir {};
|
||||
run = dir {};
|
||||
sys = dir {};
|
||||
tmp = dir {};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
o = config.system.outputs;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./initramfs.nix
|
||||
];
|
||||
config = mkIf (config.rootfsType == "btrfs") {
|
||||
kernel.config = {
|
||||
BTRFS_FS = "y";
|
||||
};
|
||||
boot.initramfs.enable = true;
|
||||
system.outputs = {
|
||||
rootfs =
|
||||
let
|
||||
inherit (pkgs.pkgsBuildBuild) runCommand e2fsprogs;
|
||||
in runCommand "mkfs.btrfs" {
|
||||
depsBuildBuild = [ e2fsprogs ];
|
||||
} ''
|
||||
tree=${o.bootablerootdir}
|
||||
size=$(du -s --apparent-size --block-size 1024 $tree |cut -f1)
|
||||
# add 25% for filesystem overhead
|
||||
size=$(( 5 * $size / 4))
|
||||
dd if=/dev/zero of=$out bs=1024 count=$size
|
||||
echo "not implemented" ; exit 1
|
||||
# mke2fs -t ext4 -j -d $tree $out
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -31,7 +31,7 @@ in {
|
|||
label Liminix
|
||||
kernel /boot/kernel
|
||||
# initrd /boot/initramfs
|
||||
append ${cmdline} root=/dev/vda1
|
||||
append ${cmdline}
|
||||
${if wantsDtb then "fdt /boot/dtb" else ""}
|
||||
_EOF
|
||||
'';
|
||||
|
|
|
@ -17,6 +17,7 @@ shift
|
|||
|
||||
mount -t proc none /proc
|
||||
mount -t sysfs none /sys
|
||||
mount -t tmpfs none /tmp
|
||||
# s6-linux-init mounts /dev before this script is called
|
||||
mkdir /dev/pts
|
||||
mount -t devpts none /dev/pts
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
{ config, pkgs, lib, ... } :
|
||||
{
|
||||
config = {
|
||||
programs.busybox = {
|
||||
options = {
|
||||
# schnapps is a shell script that needs
|
||||
# [ command
|
||||
# find -maxdepth -mindepth
|
||||
# head -c
|
||||
# echo -n
|
||||
ASH_TEST = "y";
|
||||
FEATURE_FIND_MAXDEPTH = "y";
|
||||
FEATURE_FANCY_HEAD = "y";
|
||||
FEATURE_FANCY_ECHO = "y";
|
||||
};
|
||||
};
|
||||
defaultProfile.packages = [ pkgs.schnapps ] ;
|
||||
};
|
||||
}
|
|
@ -50,6 +50,12 @@ extraPkgs // {
|
|||
};
|
||||
|
||||
# keep these alphabetical
|
||||
|
||||
btrfs-progs = prev.btrfs-progs.override {
|
||||
udevSupport = false;
|
||||
udev = null;
|
||||
};
|
||||
|
||||
chrony =
|
||||
let chrony' = prev.chrony.overrideAttrs(o: {
|
||||
configureFlags = [
|
||||
|
|
|
@ -10,10 +10,7 @@ let
|
|||
type' = types.submodule { options = type; };
|
||||
in (mergeDefinitions [] type' defs).mergedValue;
|
||||
in {
|
||||
pseudofile = callPackage ./pseudofile {};
|
||||
liminix = {
|
||||
services = callPackage ./liminix-tools/services {};
|
||||
networking = callPackage ./liminix-tools/networking {};
|
||||
builders = {
|
||||
squashfs = callPackage ./liminix-tools/builders/squashfs.nix {};
|
||||
dtb = callPackage ./kernel/dtb.nix {};
|
||||
|
@ -52,32 +49,26 @@ in {
|
|||
};
|
||||
inherit typeChecked;
|
||||
};
|
||||
networking = callPackage ./liminix-tools/networking {};
|
||||
services = callPackage ./liminix-tools/services {};
|
||||
};
|
||||
writeFennelScript = callPackage ./write-fennel-script {};
|
||||
writeFennel = callPackage ./write-fennel {};
|
||||
writeAshScript = callPackage ./write-ash-script {};
|
||||
systemconfig = callPackage ./systemconfig {};
|
||||
s6-init-bin = callPackage ./s6-init-bin {};
|
||||
s6-rc-database = callPackage ./s6-rc-database {};
|
||||
run-liminix-vm = callPackage ./run-liminix-vm {};
|
||||
ppp = callPackage ./ppp {};
|
||||
pppoe = callPackage ./pppoe {};
|
||||
|
||||
kernel-backport = callPackage ./kernel-backport {};
|
||||
mac80211 = callPackage ./mac80211 {};
|
||||
netlink-lua = callPackage ./netlink-lua {};
|
||||
linotify = callPackage ./linotify {};
|
||||
ifwait = callPackage ./ifwait {};
|
||||
# please keep the rest of this list alphabetised :-)
|
||||
|
||||
anoia = callPackage ./anoia {};
|
||||
fennel = callPackage ./fennel {};
|
||||
fennelrepl = callPackage ./fennelrepl {};
|
||||
firewallgen = callPackage ./firewallgen {};
|
||||
gen_init_cpio = callPackage ./gen_init_cpio {};
|
||||
|
||||
serviceFns = callPackage ./service-fns {};
|
||||
|
||||
# these are packages for the build system not the host/target
|
||||
|
||||
tufted = callPackage ./tufted {};
|
||||
routeros = callPackage ./routeros {};
|
||||
go-l2tp = callPackage ./go-l2tp {};
|
||||
hi = callPackage ./hi {};
|
||||
ifwait = callPackage ./ifwait {};
|
||||
initramfs-peek = callPackage ./initramfs-peek {};
|
||||
kernel-backport = callPackage ./kernel-backport {};
|
||||
kernel-modules = callPackage ./kernel-modules {};
|
||||
levitate = callPackage ./levitate {};
|
||||
libubootenv = callPackage ./libubootenv {};
|
||||
linotify = callPackage ./linotify {};
|
||||
|
||||
# we need to build real lzma instead of using xz, because the lzma
|
||||
# decoder in u-boot doesn't understand streaming lzma archives
|
||||
|
@ -86,24 +77,33 @@ in {
|
|||
# https://sourceforge.net/p/squashfs/mailman/message/26599379/
|
||||
lzma = callPackage ./lzma {};
|
||||
|
||||
preinit = callPackage ./preinit {};
|
||||
swconfig = callPackage ./swconfig {};
|
||||
odhcp6c = callPackage ./odhcp6c {};
|
||||
|
||||
openwrt = callPackage ./openwrt {};
|
||||
|
||||
initramfs-peek = callPackage ./initramfs-peek {};
|
||||
mac80211 = callPackage ./mac80211 {};
|
||||
min-collect-garbage = callPackage ./min-collect-garbage {};
|
||||
min-copy-closure = callPackage ./min-copy-closure {};
|
||||
hi = callPackage ./hi {};
|
||||
firewallgen = callPackage ./firewallgen {};
|
||||
kernel-modules = callPackage ./kernel-modules {};
|
||||
netlink-lua = callPackage ./netlink-lua {};
|
||||
odhcp-script = callPackage ./odhcp-script {};
|
||||
fennel = callPackage ./fennel {};
|
||||
fennelrepl = callPackage ./fennelrepl {};
|
||||
anoia = callPackage ./anoia {};
|
||||
odhcp6c = callPackage ./odhcp6c {};
|
||||
openwrt = callPackage ./openwrt {};
|
||||
ppp = callPackage ./ppp {};
|
||||
pppoe = callPackage ./pppoe {};
|
||||
preinit = callPackage ./preinit {};
|
||||
pseudofile = callPackage ./pseudofile {};
|
||||
routeros = callPackage ./routeros {};
|
||||
run-liminix-vm = callPackage ./run-liminix-vm {};
|
||||
s6-init-bin = callPackage ./s6-init-bin {};
|
||||
s6-rc-database = callPackage ./s6-rc-database {};
|
||||
|
||||
levitate = callPackage ./levitate {};
|
||||
# schnapps is written by Turris and provides a high-level interface
|
||||
# to btrfs snapshots. It may be useful on the Turris Omnia to
|
||||
# install Liminix while retaining the ability to rollback to the
|
||||
# vendor OS, or even to derisk Liminix updates on that device
|
||||
schnapps = callPackage ./schnapps {};
|
||||
|
||||
libubootenv = callPackage ./libubootenv {};
|
||||
serviceFns = callPackage ./service-fns {};
|
||||
swconfig = callPackage ./swconfig {};
|
||||
systemconfig = callPackage ./systemconfig {};
|
||||
tufted = callPackage ./tufted {};
|
||||
writeAshScript = callPackage ./write-ash-script {};
|
||||
writeFennel = callPackage ./write-fennel {};
|
||||
writeFennelScript = callPackage ./write-fennel-script {};
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ target_host=$1
|
|||
shift
|
||||
|
||||
if [ -z "$target_host" ] ; then
|
||||
echo Usage: liminix-rebuild [--no-reboot] target-host params
|
||||
echo Usage: liminix-rebuild \[--no-reboot\] target-host params
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
{
|
||||
stdenv
|
||||
, fetchFromGitLab
|
||||
, makeWrapper
|
||||
, btrfs-progs
|
||||
, lib
|
||||
}:
|
||||
let search_path = lib.makeBinPath [btrfs-progs];
|
||||
in stdenv.mkDerivation {
|
||||
pname = "schnapps";
|
||||
version = "2.13.0";
|
||||
|
||||
src =fetchFromGitLab {
|
||||
domain = "gitlab.nic.cz";
|
||||
owner = "turris";
|
||||
repo = "schnapps";
|
||||
rev = "53ac92c765d670be4b98dba2c948859a9ac7607f";
|
||||
hash = "sha256-yVgXK+V2wrcOPLB6X6qm3hyBcWcyzNhfJjFF7YRk5Lc=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
buildPhase = ":";
|
||||
installPhase = ''
|
||||
install -D schnapps.sh $out/bin/schnapps
|
||||
wrapProgram $out/bin/schnapps --prefix PATH : "${search_path}"
|
||||
'';
|
||||
}
|
|
@ -81,8 +81,11 @@ in attrset:
|
|||
$STRIP --remove-section=.note --remove-section=.comment --strip-all makedevs -o $out/bin/activate
|
||||
ln -s ${s6-init-bin}/bin/init $out/bin/init
|
||||
cat > $out/bin/install <<EOF
|
||||
#!/bin/sh
|
||||
cp -v -fP $out/bin/* $out/etc/* \''${1-/}/persist
|
||||
#!/bin/sh -e
|
||||
prefix=\''${1-/}
|
||||
src=\''${prefix}$out
|
||||
mkdir -p \$prefix/persist
|
||||
cp -v -fP \$src/bin/* \$src/etc/* \$prefix/persist
|
||||
EOF
|
||||
chmod +x $out/bin/install
|
||||
'';
|
||||
|
|
Loading…
Reference in New Issue