raboof/liminix
1
0
Fork 0
forked from dan/liminix
Code Pull Requests Activity

Merge branch 'main' into linux-version-with-openwrt

Browse Source
This commit is contained in:
dan 2024-12-24 12:24:13 +00:00
commit 52967f746b
36 changed files with 498 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
NEWS
View File

@ -132,4 +132,28 @@ and then run the generated `install.sh` script
result/install.sh root@192.168.8.1 result/install.sh root@192.168.8.1
2024-12-16
Config options changed: if you had set config.hardware.dts.includes
(maybe in an out-of-tree device port) to specify the search paths
in which dtc finds include files, you will need to change this to
hardware.dts.includePaths.
The "new" hardware.dts.includes option is now for dtsi files which
should be merged into the device tree.
2024-12-19
Incremental updates changed again (but not massively). From hereon in,
the preferred way to do an incremental update on an installed device
with a writable filesystem is to build the updater output
nix-build -I liminix-config=hosts/myhost.nix --argstr deviceName turris-omnia -A outputs.updater
and then run the generated `update.sh` script. See
https://www.liminix.org/doc/admin.html#updating-an-installed-system
2024-12-22
outputs.zimage is now outputs.kernel.zImage. This is unlikely to
affect many people at all but I mention it anyway.

131
THOUGHTS.txt
View File

@ -6539,3 +6539,134 @@ using a Makefile
idea 2: when a configuration contains levitate, something similar idea 2: when a configuration contains levitate, something similar
but necessarily more "manual" to do the analogous thing but necessarily more "manual" to do the analogous thing
Sun Dec 15 18:55:55 GMT 2024
Where we left off with this, rotuer was crashing randomly or failing
to boot every time we tried to add log shipping, which is not very
ideal. I started doing something with logging to /dev/pmsg0
(CONFIG_PSTORE_PMSG) but I think (there seems not to be anything
written down :-( ) that the gl-ar750 kernel needs it added to kconfig and device tree
https://wiki.postmarketos.org/wiki/User:Knuxify/Enabling_pstore_and_ramoops
we could add a new hardware.dts.dtsi = [] option so that any module
could add a new chunk of dts. (Ideally we'd call it `includes`
but that conflicts with the existing use of `includes` to specify
search path. Maybe rename?)
would we ever use it except in a hardware device definition?
(Or user config?) I guess if we were consistent with names
then we could set up nodes in the device file with status="disabled"
and enable them in the module, except that dt doesn't consistently
use status and in fact there isn't one for reserved-memory
we could use global config to enable pstore_msg and check it in
the device module to enable the needed hw support
Tue Dec 17 23:39:28 GMT 2024
I think we can just stick a tee in the fallback logger pipeline that
writes to /dev/pmsg0
Need to check it's a circular buffer
do we want to do anything about recovering the log on boot?
- we could just copy it to /run/log
- if we have backfilling for shipped logs (we don't yet)
then we might want to ship it - but that may result in duplicate
logs if some of it was shipped before the crash
perhaps we should truncate pmsg0 on orderly shutdown? or maybe it's
good to see the late shutdown logs.
Thu Dec 19 13:40:39 GMT 2024
although we have PSTORE_foo in the omnia kconfig, I think this might
be just because I copied it from RT3200
Thu Dec 19 14:15:43 GMT 2024
Omnia is not in ci.nix, and it's not trivial to add it because there
is no output in the ci.nix configuration that makes sense for omnia.
... OK, fixed by adding system-configuration as an independent module
and importing in device config
Thu Dec 19 21:59:47 GMT 2024
The build-system shell script in outputs.systemConfiguration
is ugly and requires we do bad things to avoid sucking build
system stuff into the config
I propose we make it a separate derivation.
But first maybe we could improve some names
Sun Dec 22 14:23:02 GMT 2024
MT7622> echo $boot_default
if env exists flag_recover ; then else run bootcmd ; fi ; run boot_recovery ; setenv replacevol 1 ; run boot_tftp_for
ever
MT7622> echo $bootcmd
if pstore check ; then run boot_recovery ; else run boot_ubi ; fi
MT7622> echo $boot_ubi
ubi part ubi && run boot_production ; run boot_recovery
MT7622> echo $boot_production
led $bootled_pwr on ; run ubi_read_production && bootm $loadaddr#$bootconf ; led $bootled_pwr off
MT7622> echo $ubi_read_production
ubi read $loadaddr fit && iminfo $loadaddr && run ubi_prepare_rootfs
MT7622> echo $ubi_prepare_rootfs
if ubi check rootfs_data ; then else if env exists rootfs_data_max ; then ubi create rootfs_data $rootfs_data_max dynamic || ubi create rootfs_data - dynamic ; else ubi create rootfs_data - dynamic ; fi ; fi
MT7622> echo $bootconf
config-1
MT7622> run boot_ubi
UBI partition 'ubi' already selected
No size specified -> Using max size (126976)
Read 126976 bytes from volume fit to 0000000048000000
## Checking Image at 48000000 ...
Unknown image format!
No size specified -> Using max size (7491584)
Read 7491584 bytes from volume recovery to 0000000048000000
## Loading kernel from FIT Image at 48000000 ...
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: ARM64 OpenWrt Linux-6.6.45
Sun Dec 22 17:39:56 GMT 2024
From the output above it looks like the device I have plugged in has
an openwrt "recovery" image but not a "production" image
It also looks like it will be quite hard work to persuade it to boot
from usb or anything. It doesn't have any of the extlinux stuff
but it does have uefi for what that's worth
default boot_production command reads a ubi volume called 'fit' and
calls bootm on what it finds
we could define boot_production to ubifsmount liminix; ubifs load
<addr> <filename> (which is a fit) and bootm it. *presumably* we could
do this from the openwrt recovery image
but could we install the whole system using said recovery image? I
expect we could do, it only requires getting a tarball onto it and
unpacking it
however, extlinux is not going to be helpful
(actually it might be a bit, if we ask it to write the fit as
well as/instead of the individual files)
maybe we need separate concepts of "the filesystem contains
stuff we need for boot" and "the stuff we need is the stuff
that extlinux needs"
each bootloader makes an output called bootfiles, and
the bootablerootdir output copies from bootfiles
Mon Dec 23 18:28:50 GMT 2024
it might be worth moving ubi option decls into the hardware module, if
they're hardware-dependent

12
bordervm-configuration.nix
View File

@ -102,12 +102,18 @@ in {
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
virtualisation = { virtualisation = {
forwardPorts = [ { forwardPorts = [
{
from = "host"; from = "host";
host.port = 7654; host.port = 7654;
# guest.address = "10.0.2.15"; # guest.address = "10.0.2.15";
guest.port =7654; guest.port =7654;
} ]; }
{
host.port = 2222;
guest.address = "10.0.2.15";
guest.port = 22;
}];
qemu = { qemu = {
networkingOptions = [ ]; networkingOptions = [ ];
options = options =

1
ci.nix
View File

@ -12,6 +12,7 @@ let
"qemu-armv7l" "qemu-armv7l"
"tp-archer-ax23" "tp-archer-ax23"
"zyxel-nwa50ax" "zyxel-nwa50ax"
"turris-omnia"
]; ];
vanilla = ./vanilla-configuration.nix; vanilla = ./vanilla-configuration.nix;
for-device = name: for-device = name:

37
devices/belkin-rt3200/default.nix
View File

@ -7,12 +7,10 @@
and is "work in progress" in Liminix. and is "work in progress" in Liminix.
.. note:: The factory flash image contains ECC errors that make it .. note:: The factory flash image contains ECC errors that make it
incompatible with Liminix: you need to use the `OpenWrt incompatible with Liminix: use the `OpenWrt
UBI Installer <https://github.com/dangowrt/owrt-ubi-installer>`_ to UBI Installer <https://github.com/dangowrt/owrt-ubi-installer>`_ to
rewrite the partition layout before you can flash rewrite the partition layout before you can use
Liminix onto it (or even use it with Liminix with it
:ref:`system-outputs-tftpboot`, if you want the wireless
to work).
Hardware summary Hardware summary
================ ================
@ -27,8 +25,31 @@
Installation Installation
============ ============
Installation is currently a manual process (you need a :ref:`serial <serial>` conection and Installation is currently a manual process.
TFTP) following the instructions at :ref:`system-outputs-ubimage`
Preparation
-----------
To prepare the device for Liminix you first need to use the
`OpenWrt UBI Installer
<https://github.com/dangowrt/owrt-ubi-installer>`_ image to
rewrite the flash layout. You can do this in onw of two ways:
either follow the instructions to do it through the vendor web
interface, or you can drop to U-boot and use TFTP
.. code-block:: console
MT7622> setenv ipaddr 10.0.0.6
MT7622> setenv serverip 10.0.0.1
MT7622> tftpboot 0x42000000 openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery-installer.itb
MT7622> bootm 0x42000000
Once it's finished booted into Linux you can safely reboot
Installing Liminix
------------------
This is a manual process: you need a :ref:`serial <serial>` conection and TFTP : follow the instructions at :ref:`system-outputs-ubimage`
''; '';
@ -192,7 +213,7 @@
rootDevice = "ubi0:liminix"; rootDevice = "ubi0:liminix";
dts = { dts = {
src = "${openwrt.src}/target/linux/mediatek/dts/mt7622-linksys-e8450-ubi.dts"; src = "${openwrt.src}/target/linux/mediatek/dts/mt7622-linksys-e8450-ubi.dts";
includes = [ includePaths = [
"${openwrt.src}/target/linux/mediatek/dts" "${openwrt.src}/target/linux/mediatek/dts"
"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/" "${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
]; ];

8
devices/gl-ar750/default.nix
View File

@ -52,8 +52,9 @@
''; '';
module = {pkgs, config, lim, ... }: module = {pkgs, config, lim, lib, ... }:
let let
inherit (lib) mkIf;
openwrt = pkgs.openwrt; openwrt = pkgs.openwrt;
firmwareBlobs = pkgs.pkgsBuildBuild.fetchFromGitHub { firmwareBlobs = pkgs.pkgsBuildBuild.fetchFromGitHub {
owner = "kvalo"; owner = "kvalo";
@ -116,9 +117,12 @@
rootDevice = "/dev/mtdblock5"; rootDevice = "/dev/mtdblock5";
dts = { dts = {
src = "${openwrt.src}/target/linux/ath79/dts/qca9531_glinet_gl-ar750.dts"; src = "${openwrt.src}/target/linux/ath79/dts/qca9531_glinet_gl-ar750.dts";
includes = [ includePaths = [
"${openwrt.src}/target/linux/ath79/dts" "${openwrt.src}/target/linux/ath79/dts"
]; ];
includes = mkIf config.logging.persistent.enable [
./pstore-ramoops.dtsi
];
}; };
networkInterfaces = networkInterfaces =

9
devices/gl-ar750/pstore-ramoops.dtsi Normal file
View File

@ -0,0 +1,9 @@
/ {
reserved-memory {
ramoops@03f00000 {
compatible = "ramoops";
reg = <0x03f00000 0x10000>;
pmsg-size = <0x10000>;
};
};
};

2
devices/gl-mt300a/default.nix
View File

@ -81,7 +81,7 @@
dts = { dts = {
src = "${openwrt.src}/target/linux/ramips/dts/mt7620a_glinet_gl-mt300a.dts"; src = "${openwrt.src}/target/linux/ramips/dts/mt7620a_glinet_gl-mt300a.dts";
includes = [ includePaths = [
"${openwrt.src}/target/linux/ramips/dts" "${openwrt.src}/target/linux/ramips/dts"
]; ];
}; };

2
devices/gl-mt300n-v2/default.nix
View File

@ -78,7 +78,7 @@
dts = { dts = {
src = "${openwrt.src}/target/linux/ramips/dts/mt7628an_glinet_gl-mt300n-v2.dts"; src = "${openwrt.src}/target/linux/ramips/dts/mt7628an_glinet_gl-mt300n-v2.dts";
includes = [ includePaths = [
"${openwrt.src}/target/linux/ramips/dts" "${openwrt.src}/target/linux/ramips/dts"
]; ];
}; };

2
devices/qemu/default.nix
View File

@ -66,7 +66,7 @@
# *correct* but it does at least boot # *correct* but it does at least boot
dts = lib.mkForce { dts = lib.mkForce {
src = "${config.system.outputs.kernel.modulesupport}/arch/mips/boot/dts/mti/malta.dts"; src = "${config.system.outputs.kernel.modulesupport}/arch/mips/boot/dts/mti/malta.dts";
includes = [ includePaths = [
"${config.system.outputs.kernel.modulesupport}/arch/mips/boot/dts/" "${config.system.outputs.kernel.modulesupport}/arch/mips/boot/dts/"
]; ];
}; };

2
devices/tp-archer-ax23/default.nix
View File

@ -405,7 +405,7 @@
rootDevice = "/dev/mtdblock3"; rootDevice = "/dev/mtdblock3";
dts = { dts = {
src = "${openwrt.src}/target/linux/ramips/dts/mt7621_tplink_archer-ax23-v1.dts"; src = "${openwrt.src}/target/linux/ramips/dts/mt7621_tplink_archer-ax23-v1.dts";
includes = [ includePaths = [
"${openwrt.src}/target/linux/ramips/dts" "${openwrt.src}/target/linux/ramips/dts"
"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/" "${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
]; ];

10
devices/turris-omnia/default.nix
View File

@ -172,7 +172,6 @@
../../modules/arch/arm.nix ../../modules/arch/arm.nix
../../modules/outputs/tftpboot.nix ../../modules/outputs/tftpboot.nix
../../modules/outputs/mbrimage.nix ../../modules/outputs/mbrimage.nix
../../modules/outputs/extlinux.nix
]; ];
config = { config = {
@ -224,11 +223,6 @@
# WARNING: unmet direct dependencies detected for ARCH_WANT_LIBATA_LEDS # WARNING: unmet direct dependencies detected for ARCH_WANT_LIBATA_LEDS
ATA = "y"; ATA = "y";
PSTORE = "y";
PSTORE_RAM = "y";
PSTORE_CONSOLE = "y";
# PSTORE_DEFLATE_COMPRESS = "n";
BLOCK = "y"; BLOCK = "y";
MMC="y"; MMC="y";
PWRSEQ_EMMC="y"; # ??? PWRSEQ_EMMC="y"; # ???
@ -341,14 +335,14 @@
targets = ["ath9k" "ath10k_pci"]; targets = ["ath9k" "ath10k_pci"];
}; };
in { in {
defaultOutput = "mtdimage"; defaultOutput = "updater";
loadAddress = lim.parseInt "0x00800000"; # "0x00008000"; loadAddress = lim.parseInt "0x00800000"; # "0x00008000";
entryPoint = lim.parseInt "0x00800000"; # "0x00008000"; entryPoint = lim.parseInt "0x00800000"; # "0x00008000";
rootDevice = "/dev/mmcblk0p1"; rootDevice = "/dev/mmcblk0p1";
dts = { dts = {
src = "${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/marvell/armada-385-turris-omnia.dts"; src = "${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/marvell/armada-385-turris-omnia.dts";
includes = [ includePaths = [
"${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/marvell/" "${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/marvell/"
]; ];
}; };

2
devices/zyxel-nwa50ax/default.nix
View File

@ -184,7 +184,7 @@
# Actually, this is not what we want. # Actually, this is not what we want.
# This DTS is insufficient. # This DTS is insufficient.
src = ./mt7621_zyxel_nwa50ax.dtsi; src = ./mt7621_zyxel_nwa50ax.dtsi;
includes = [ includePaths = [
# Here's one weird trick to make `ubi` detection # Here's one weird trick to make `ubi` detection
# out of the box. # out of the box.
# We will write ubi on /dev/firmware_a:rootfs location # We will write ubi on /dev/firmware_a:rootfs location

81
doc/admin.rst
View File

@ -131,50 +131,54 @@ human-readable format, use :command:`s6-tai64nlocal`.
1970-01-02 21:51:48.832588765 wan.link.pppoe sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x667a9594> <pcomp> <accom 1970-01-02 21:51:48.832588765 wan.link.pppoe sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x667a9594> <pcomp> <accom
p>] p>]
Log persistence
---------------
Logs written to :file:`/run/log/` will not survive a reboot or crash,
as it is an ephemeral filesystem.
Updating an installed system (JFFS2) On supported hardware you can enable logging to `pstore
************************************ <https://www.kernel.org/doc/Documentation/ABI/testing/pstore>`_ which
means the most recent log messages will be preserved on reboot. Set
the config option ``logging.persistent.enable = true`` to log messages
to :file:`/dev/pmsg0` as well as to the regular log. This is a
circular buffer, so when it fills up newer messages will overwrite the
oldest messages.
To check the previous messages after a (planned or forced) reboot,
Adding packages you need to mooun the pstore filesystem.
===============
If your device is running a JFFS2 root filesystem, you can build
extra packages for it on your build system and copy them to the
device: any package in Nixpkgs or in the Liminix overlay is available
with the ``pkgs`` prefix:
.. code-block:: console .. code-block:: console
nix-build -I liminix-config=./my-configuration.nix \ # mount -t pstore pstore /sys/fs/pstore/
--arg device "import ./devices/mydevice" -A pkgs.tcpdump # ls -l /sys/fs/pstore/
-r--r--r-- 1 43071 pmsg-ramoops-0
nix-shell -p min-copy-closure root@the-device result/ # cat /sys/fs/pstore/pmsg-ramoops-0
@40000000000000282c997d29 mydevice klogd <6>[ 30.793756] int: port 2(wlan0) entered blocking state
Note that this only copies the package to the device: it doesn't update [log messages from before the reboot follow]
any profile to add it to ``$PATH``
.. _rebuilding the system:
Rebuilding the system Updating an installed system
===================== ****************************
Liminix has a mechanism for in-place updates of a running system which If your system has a writable root filesystem (JFFS2, btrfs etc -
is analogous to :command:`nixos-rebuild`, but its operation is a anything but squashfs), we have mechanisms for in-places updates
bit different because it expects to run on a build machine and then analogous to :command:`nixos-rebuild`, but the operation is a bit
copy to the host device. To use this, build the `outputs.systemConfiguration` different because it expects to run on a build machine and then copy
target and then run the :command:`result/install.sh` script it generates. to the host device using :command:`ssh`.
To use this, build the ``outputs.updater``
target and then run the :command:`update.sh` script it generates.
.. code-block:: console .. code-block:: console
nix-build -I liminix-config=./my-configuration.nix \ nix-build -I liminix-config=./my-configuration.nix \
--arg device "import ./devices/mydevice" \ --arg device "import ./devices/mydevice" \
-A outputs.systemConfiguration -A outputs.updater
./result/install.sh root@the-device ./result/bin/update.sh root@the-device
The install script uses min-copy-closure to copy new or changed The update script uses min-copy-closure to copy new or changed
packages to the device, then (perhaps) reboots it. The reboot packages to the device, then (perhaps) reboots it. The reboot
behaviour can be affected by flags: behaviour can be affected by flags:
@ -187,7 +191,6 @@ behaviour can be affected by flags:
the services that have updated store paths (and anything that the services that have updated store paths (and anything that
depends on them), but will not affect services that haven't changed. depends on them), but will not affect services that haven't changed.
It doesn't delete old packages automatically: to do that run It doesn't delete old packages automatically: to do that run
:command:`min-collect-garbage`, which will delete any packages not in :command:`min-collect-garbage`, which will delete any packages not in
the current system closure. Note that Liminix does not have the NixOS the current system closure. Note that Liminix does not have the NixOS
@ -207,6 +210,26 @@ Caveats
.. _levitate: .. _levitate:
Adding packages
===============
If you simply wish to add a package without any change to services,
you can call :command:`min-copy-closure` directly to install
any package in Nixpkgs or in the Liminix overlay
.. code-block:: console
nix-build -I liminix-config=./my-configuration.nix \
--arg device "import ./devices/mydevice" -A pkgs.tcpdump
nix-shell -p min-copy-closure root@the-device result/
Note that this only copies the package and its dependencies to the
device: it doesn't update any profile to add it to ``$PATH``
.. _rebuilding the system:
Reinstalling on a running system Reinstalling on a running system
******************************** ********************************

1
examples/recovery.nix
View File

@ -22,7 +22,6 @@ in rec {
../modules/outputs/ubimage.nix ../modules/outputs/ubimage.nix
../modules/outputs/jffs2.nix ../modules/outputs/jffs2.nix
../modules/outputs/ext4fs.nix ../modules/outputs/ext4fs.nix
../modules/outputs/extlinux.nix
]; ];
kernel.config = { kernel.config = {

1
modules/all-modules.nix
View File

@ -30,7 +30,6 @@
./outputs/vmroot.nix ./outputs/vmroot.nix
./ppp ./ppp
./ramdisk.nix ./ramdisk.nix
./squashfs.nix
./ssh ./ssh
./users.nix ./users.nix
./vlan ./vlan

7
modules/hardware.nix
View File

@ -24,11 +24,16 @@ in
only for QEMU. only for QEMU.
''; '';
}; };
includes = mkOption { includePaths = mkOption {
default = [ ]; default = [ ];
description = "List of directories to search for DTS includes (.dtsi files)"; description = "List of directories to search for DTS includes (.dtsi files)";
type = types.listOf types.path; type = types.listOf types.path;
}; };
includes = mkOption {
default = [ ];
description = "\"dtsi\" fragments to include in the generated device tree";
type = types.listOf types.path;
};
}; };
defaultOutput = mkOption { defaultOutput = mkOption {
description = "\"Default\" output: what gets built for this device when outputs.default is requested. Typically this is \"mtdimage\" or \"vmroot\""; description = "\"Default\" output: what gets built for this device when outputs.default is requested. Typically this is \"mtdimage\" or \"vmroot\"";

8
modules/kernel/default.nix
View File

@ -68,20 +68,16 @@ in {
}; };
}; };
config = { config = {
system.outputs = system.outputs.kernel =
let let
mergedConfig = mergeConditionals mergedConfig = mergeConditionals
config.kernel.config config.kernel.config
config.kernel.conditionalConfig; config.kernel.conditionalConfig;
k = liminix.builders.kernel.override { in liminix.builders.kernel.override {
config = mergedConfig; config = mergedConfig;
inherit (config.kernel) version src extraPatchPhase; inherit (config.kernel) version src extraPatchPhase;
targets = config.kernel.makeTargets; targets = config.kernel.makeTargets;
}; };
in {
kernel = k.vmlinux;
zimage = k.zImage;
};
kernel = rec { kernel = rec {
modular = true; # disabling this is not yet supported modular = true; # disabling this is not yet supported

50
modules/outputs.nix
View File

@ -11,9 +11,12 @@ let
in in
{ {
imports = [ imports = [
./squashfs.nix ./outputs/squashfs.nix
./outputs/vmroot.nix ./outputs/vmroot.nix
./outputs/extlinux.nix ./outputs/boot-extlinux.nix
./outputs/boot-fit.nix
./outputs/uimage.nix
./outputs/updater
]; ];
options = { options = {
system.outputs = { system.outputs = {
@ -27,17 +30,7 @@ in
kernel kernel
****** ******
Kernel vmlinux file (usually ELF) Kernel package (multi-output derivation)
'';
};
zimage = mkOption {
type = types.package;
internal = true;
description = ''
zimage
******
Kernel in compressed self-extracting package
''; '';
}; };
dtb = mkOption { dtb = mkOption {
@ -50,16 +43,6 @@ in
Compiled device tree (FDT) for the target device Compiled device tree (FDT) for the target device
''; '';
}; };
uimage = mkOption {
type = types.package;
internal = true;
description = ''
uimage
******
Combined kernel and FDT in uImage (U-Boot compatible) format
'';
};
tplink-safeloader = mkOption { tplink-safeloader = mkOption {
type = types.package; type = types.package;
}; };
@ -82,6 +65,12 @@ in
directory of files to package into root filesystem directory of files to package into root filesystem
''; '';
}; };
bootfiles = mkOption {
type = types.nullOr types.package;
internal = true;
default = null;
# description = "";
};
bootablerootdir = mkOption { bootablerootdir = mkOption {
type = types.package; type = types.package;
internal = true; internal = true;
@ -104,18 +93,11 @@ in
system.outputs = rec { system.outputs = rec {
dtb = liminix.builders.dtb { dtb = liminix.builders.dtb {
inherit (config.boot) commandLine; inherit (config.boot) commandLine;
dts = config.hardware.dts.src; dts = [config.hardware.dts.src] ++ config.hardware.dts.includes;
includes = config.hardware.dts.includes ++ [ includes = config.hardware.dts.includePaths ++ [
"${o.kernel.headers}/include" "${o.kernel.headers}/include"
]; ];
}; };
uimage = liminix.builders.uimage {
commandLine = concatStringsSep " " config.boot.commandLine;
inherit (config.boot) commandLineDtbNode;
inherit (config.hardware) loadAddress entryPoint alignment;
inherit (config.boot) imageFormat;
inherit (o) kernel dtb;
};
rootdir = rootdir =
let let
inherit (pkgs.pkgsBuildBuild) runCommand; inherit (pkgs.pkgsBuildBuild) runCommand;
@ -132,8 +114,8 @@ in
let inherit (pkgs.pkgsBuildBuild) runCommand; let inherit (pkgs.pkgsBuildBuild) runCommand;
in runCommand "add-slash-boot" { } '' in runCommand "add-slash-boot" { } ''
cp -a ${o.rootdir} $out cp -a ${o.rootdir} $out
${if config.boot.loader.extlinux.enable ${if o.bootfiles != null
then "(cd $out && chmod -R +w . && rmdir boot && cp -a ${o.extlinux} boot)" then "(cd $out && chmod -R +w . && rmdir boot && cp -a ${o.bootfiles} boot)"
else "" else ""
} }
''; '';

10
modules/outputs/extlinux.nix → modules/outputs/boot-extlinux.nix
View File

@ -12,19 +12,15 @@ let
cmdline = concatStringsSep " " config.boot.commandLine; cmdline = concatStringsSep " " config.boot.commandLine;
wantsDtb = config.hardware.dts ? src && config.hardware.dts.src != null; wantsDtb = config.hardware.dts ? src && config.hardware.dts.src != null;
in { in {
options.system.outputs.extlinux = mkOption {
type = types.package;
# description = "";
};
options.boot.loader.extlinux.enable = mkEnableOption "extlinux"; options.boot.loader.extlinux.enable = mkEnableOption "extlinux";
config = mkIf cfg.enable { config = mkIf cfg.enable {
system.outputs.extlinux = pkgs.runCommand "extlinux" {} '' system.outputs.bootfiles = pkgs.runCommand "extlinux" {} ''
mkdir $out mkdir $out
cd $out cd $out
${if wantsDtb then "cp ${o.dtb} dtb" else "true"} ${if wantsDtb then "cp ${o.dtb} dtb" else "true"}
cp ${o.initramfs} initramfs cp ${o.initramfs} initramfs
cp ${o.zimage} kernel cp ${o.kernel.zImage} kernel
mkdir extlinux mkdir extlinux
cat > extlinux/extlinux.conf << _EOF cat > extlinux/extlinux.conf << _EOF
menu title Liminix menu title Liminix
@ -37,7 +33,7 @@ in {
_EOF _EOF
''; '';
filesystem = dir { filesystem = dir {
boot = symlink config.system.outputs.extlinux; boot = symlink config.system.outputs.bootfiles;
}; };
}; };
} }

27
modules/outputs/boot-fit.nix Normal file
View File

@ -0,0 +1,27 @@
{
config
, pkgs
, lib
, ...
}:
let
inherit (lib) mkIf mkEnableOption mkOption types concatStringsSep;
inherit (pkgs.pseudofile) dir symlink;
cfg = config.boot.loader.fit;
o = config.system.outputs;
cmdline = concatStringsSep " " config.boot.commandLine;
wantsDtb = config.hardware.dts ? src && config.hardware.dts.src != null;
in {
options.boot.loader.fit.enable = mkEnableOption "FIT in /boot";
config = mkIf cfg.enable {
system.outputs.bootfiles = pkgs.runCommand "boot-fit" {} ''
mkdir $out
cd $out
cp ${o.uimage} fit
'';
filesystem = dir {
boot = symlink config.system.outputs.bootfiles;
};
};
}

11
modules/outputs/initramfs.nix
View File

@ -9,6 +9,7 @@ let
inherit (pkgs) runCommand; inherit (pkgs) runCommand;
in in
{ {
imports = [ ./system-configuration.nix ];
options = { options = {
boot.initramfs = { boot.initramfs = {
enable = mkEnableOption "initramfs"; enable = mkEnableOption "initramfs";
@ -22,14 +23,6 @@ in
filesystem filesystem
''; '';
}; };
systemConfiguration = mkOption {
type = types.package;
description = ''
pkgs.systemconfig for the configured filesystem,
contains 'activate' and 'init' commands
'';
internal = true;
};
}; };
}; };
config = mkIf config.boot.initramfs.enable { config = mkIf config.boot.initramfs.enable {
@ -53,8 +46,6 @@ in
file /init ${pkgs.preinit}/bin/preinit 0755 0 0 file /init ${pkgs.preinit}/bin/preinit 0755 0 0
SPECIALS SPECIALS
''; '';
systemConfiguration =
pkgs.systemconfig config.filesystem.contents;
}; };
}; };
} }

0
modules/squashfs.nix → modules/outputs/squashfs.nix
View File

28
modules/outputs/system-configuration.nix Normal file
View File

@ -0,0 +1,28 @@
{
config
, pkgs
, lib
, ...
}:
let
inherit (lib) mkEnableOption mkOption mkIf types;
inherit (pkgs) runCommand;
in
{
options = {
system.outputs = {
systemConfiguration = mkOption {
type = types.package;
description = ''
pkgs.systemconfig for the configured filesystem,
contains 'activate' and 'init' commands
'';
internal = true;
};
};
};
config = {
system.outputs.systemConfiguration =
pkgs.systemconfig config.filesystem.contents;
};
}

2
modules/outputs/tftpboot.nix
View File

@ -61,7 +61,7 @@ in {
o = config.system.outputs; o = config.system.outputs;
image = let choices = { image = let choices = {
uimage = o.uimage; uimage = o.uimage;
zimage = o.zimage; zimage = o.kernel.zImage;
}; in choices.${cfg.kernelFormat}; }; in choices.${cfg.kernelFormat};
bootCommand = let choices = { bootCommand = let choices = {
uimage = "bootm"; uimage = "bootm";

30
modules/outputs/uimage.nix Normal file
View File

@ -0,0 +1,30 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) mkOption types concatStringsSep;
inherit (pkgs) liminix writeText;
o = config.system.outputs;
in
{
options.system.outputs.uimage = mkOption {
type = types.package;
internal = true;
description = ''
uimage
******
Combined kernel and FDT in uImage (U-Boot compatible) format
'';
};
config.system.outputs.uimage = liminix.builders.uimage {
commandLine = concatStringsSep " " config.boot.commandLine;
inherit (config.boot) commandLineDtbNode;
inherit (config.hardware) loadAddress entryPoint alignment;
inherit (config.boot) imageFormat;
inherit (o) kernel dtb;
};
}

36
modules/outputs/updater/default.nix Normal file
View File

@ -0,0 +1,36 @@
{
config
, pkgs
, lib
, ...
}:
let
inherit (lib) mkIf;
o = config.system.outputs;
inherit (pkgs) runCommand;
inherit (lib) mkOption types;
inherit (pkgs.buildPackages) min-copy-closure;
in
{
imports = [ ../system-configuration.nix ];
options.system.outputs.updater = mkOption {
type = types.package;
description = ''
updater
******
For configurations with a writable filesystem, create a shell
script that runs on the build system and updates the device
over the network to the new configuration
'';
};
config.system.outputs.updater =
runCommand "buildUpdater" { } ''
mkdir -p $out/bin
substitute ${./update.sh} $out/bin/update.sh \
--subst-var-by toplevel ${o.systemConfiguration} \
--subst-var-by min_copy_closure ${min-copy-closure}
chmod +x $out/bin/update.sh
'';
}

14
pkgs/systemconfig/build-system-install.sh → modules/outputs/updater/update.sh
View File

@ -1,22 +1,19 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# this shell script can be run on the build system to # this shell script is run on the build system to min-copy-closure the
# min-copy-closure the system configuration onto the device # system configuration onto the device and reboot/restart services as
# and reboot/restart services as requested # requested
die() { die() {
echo "$@" echo "$@"
exit 1 exit 1
} }
# add min-copy-closure to the path. removing junk characters
# inserted by default.nix (q.v.)
min_copy_closure=@min-copy-closure@; PATH=${min_copy_closure//_/}/bin:$PATH
PATH=@min_copy_closure@/bin:$PATH
ssh_command=${SSH_COMMAND-ssh} ssh_command=${SSH_COMMAND-ssh}
reboot="reboot" reboot="reboot"
case "$1" in case "$1" in
"--no-reboot") "--no-reboot")
unset reboot unset reboot
@ -34,10 +31,11 @@ shift
test -n "$target_host" || \ test -n "$target_host" || \
die "Usage: $0 [--no-reboot] [--fast] target-host" die "Usage: $0 [--no-reboot] [--fast] target-host"
toplevel=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && readlink `pwd` ) toplevel=$(realpath @toplevel@)
test -e $toplevel/etc/nix-store-paths || die "missing etc/nix-store-paths, is this really a system configuration?" test -e $toplevel/etc/nix-store-paths || die "missing etc/nix-store-paths, is this really a system configuration?"
echo installing from systemConfiguration $toplevel to host $target_host echo installing from systemConfiguration $toplevel to host $target_host
$ssh_command $target_host uname -a || die "Can't ssh to $target_host"
min-copy-closure $target_host $toplevel min-copy-closure $target_host $toplevel
set -x set -x
$ssh_command $target_host $toplevel/bin/install $ssh_command $target_host $toplevel/bin/install

41
modules/s6/default.nix
View File

@ -7,10 +7,27 @@ let
s6-linux-init s6-linux-init
stdenvNoCC; stdenvNoCC;
inherit (lib.lists) unique concatMap; inherit (lib.lists) unique concatMap;
inherit (lib) concatStrings;
inherit (builtins) map;
inherit (pkgs.pseudofile) dir symlink; inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs.liminix.services) oneshot bundle longrun; inherit (pkgs.liminix.services) oneshot bundle longrun;
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.logging; cfg = config.logging;
logger =
let pipecmds =
["${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1"] ++
(lib.optional cfg.persistent.enable
"/bin/tee /dev/pmsg0") ++
(lib.optional cfg.shipping.enable
"${pkgs.logshipper}/bin/logtap ${cfg.shipping.socket} logshipper-socket-event");
in ''
#!${execline}/bin/execlineb -P
${execline}/bin/redirfd -w 1 /dev/null
${execline}/bin/redirfd -rnb 0 fifo
${concatStrings (map (l: "pipeline { ${l} }\n") pipecmds)}
${s6}/bin/s6-log -- ${cfg.directory}
'';
s6-rc-db = s6-rc-db =
let let
# In the default bundle we need to have all the services # In the default bundle we need to have all the services
@ -106,21 +123,7 @@ let
mode = "0600"; mode = "0600";
}; };
notification-fd = { file = "3"; }; notification-fd = { file = "3"; };
run = { run = { file = logger; mode = "0755"; };
file = ''
#!${execline}/bin/execlineb -P
${execline}/bin/redirfd -w 1 /dev/null
${execline}/bin/redirfd -rnb 0 fifo
${if cfg.shipping.enable then ''
pipeline { ${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1 }
pipeline { ${pkgs.logshipper}/bin/logtap ${cfg.shipping.socket} logshipper-socket-event }
${s6}/bin/s6-log -- ${cfg.directory}
'' else ''
${s6}/bin/s6-log -bpd3 -- ${cfg.script} ${cfg.directory}
''}
'';
mode = "0755";
};
}; };
getty = dir { getty = dir {
run = { run = {
@ -212,6 +215,9 @@ let
in { in {
options = { options = {
logging = { logging = {
persistent = {
enable = mkEnableOption "store logs across reboots";
};
shipping = { shipping = {
enable = mkEnableOption "unix socket for log shipping"; enable = mkEnableOption "unix socket for log shipping";
socket = mkOption { socket = mkOption {
@ -263,6 +269,11 @@ in {
)]; )];
config = { config = {
kernel.config = mkIf config.logging.persistent.enable {
PSTORE = "y";
PSTORE_PMSG = "y";
PSTORE_RAM = "y";
};
filesystem = dir { filesystem = dir {
etc = dir { etc = dir {
s6-rc = dir { s6-rc = dir {

4
overlay.nix
View File

@ -218,11 +218,11 @@ extraPkgs // {
] ++ final.lib.optionals (o ? patches) o.patches; ] ++ final.lib.optionals (o ? patches) o.patches;
}); });
mtdutils = prev.mtdutils.overrideAttrs(o: { mtdutils = (prev.mtdutils.overrideAttrs(o: {
patches = (if o ? patches then o.patches else []) ++ [ patches = (if o ? patches then o.patches else []) ++ [
./pkgs/mtdutils/0001-mkfs.jffs2-add-graft-option.patch ./pkgs/mtdutils/0001-mkfs.jffs2-add-graft-option.patch
]; ];
}); })).override { util-linux = final.util-linux-small ; };
nftables = prev.nftables.overrideAttrs(o: { nftables = prev.nftables.overrideAttrs(o: {
configureFlags = [ configureFlags = [

2
pkgs/anoia/init.fnl
View File

@ -84,6 +84,8 @@
(false err) (expect (string.match err "path traversal"))))] (false err) (expect (string.match err "path traversal"))))]
(expect= (append-path "/tmp" "hello") "/tmp/hello") (expect= (append-path "/tmp" "hello") "/tmp/hello")
(expect= (append-path "/tmp/" "hello") "/tmp/hello") (expect= (append-path "/tmp/" "hello") "/tmp/hello")
(expect= (append-path "/tmp/" "///hello") "/tmp/hello")
(expect= (append-path "/tmp/" "///hello/../fish") "/tmp/fish")
(traps "/tmp/" "../hello") (traps "/tmp/" "../hello")
(expect= (append-path "/tmp/" "hello/../goodbye") "/tmp/goodbye") (expect= (append-path "/tmp/" "hello/../goodbye") "/tmp/goodbye")
(traps "/tmp/" "hello/../../goodbye")) (traps "/tmp/" "hello/../../goodbye"))

12
pkgs/kernel/dtb.nix
View File

@ -2,6 +2,8 @@
stdenv stdenv
, dtc , dtc
, lib , lib
, runCommand
, writeText
}: }:
{ dts { dts
, includes , includes
@ -10,14 +12,20 @@
cppDtSearchFlags = builtins.concatStringsSep " " (map (f: "-I${f}") includes); cppDtSearchFlags = builtins.concatStringsSep " " (map (f: "-I${f}") includes);
dtcSearchFlags = builtins.concatStringsSep " " (map (f: "-i${f}") includes); dtcSearchFlags = builtins.concatStringsSep " " (map (f: "-i${f}") includes);
cmdline = lib.concatStringsSep " " commandLine; cmdline = lib.concatStringsSep " " commandLine;
chosen = writeText "chosen.dtsi" "/{ chosen { bootargs = ${builtins.toJSON cmdline}; }; };";
combined = writeText "combined-dts-fragments"
(lib.concatStrings
(builtins.map
(f: "#include \"${f}\"\n")
(dts ++ [ chosen ])));
in stdenv.mkDerivation { in stdenv.mkDerivation {
name = "dtb"; name = "dtb";
phases = [ "buildPhase" ]; phases = [ "buildPhase" ];
nativeBuildInputs = [ dtc ]; nativeBuildInputs = [ dtc ];
buildPhase = '' buildPhase = ''
${stdenv.cc.targetPrefix}cpp -nostdinc -x assembler-with-cpp ${cppDtSearchFlags} -undef -D__DTS__ -o dtb.tmp ${dts} ${stdenv.cc.targetPrefix}cpp -nostdinc -x assembler-with-cpp ${cppDtSearchFlags} -undef -D__DTS__ -o dtb.tmp ${combined}
echo '/{ chosen { bootargs = ${builtins.toJSON cmdline}; }; };' >> dtb.tmp
dtc ${dtcSearchFlags} -I dts -O dtb -o $out dtb.tmp dtc ${dtcSearchFlags} -I dts -O dtb -o $out dtb.tmp
# dtc -I dtb -O dts $out
test -e $out test -e $out
''; '';
} }

21
pkgs/systemconfig/default.nix
View File

@ -56,38 +56,33 @@ let
else ""; else "";
in "unlink(${qpathname}); ${cmd} ${chown}"; in "unlink(${qpathname}); ${cmd} ${chown}";
in mapAttrsToList (makeFile prefix) attrset; in mapAttrsToList (makeFile prefix) attrset;
activateScript = attrset: writeText "makedevs.c" '' in attrset:
let
activateScript = writeText "activate.c" ''
#include "defs.h" #include "defs.h"
int main(int argc, char* argv[]) { int main(int argc, char* argv[]) {
chdir(argv[1]); chdir(argv[1]);
${(builtins.concatStringsSep "\n" (visit "." attrset))} ${(builtins.concatStringsSep "\n" (visit "." attrset))}
} }
''; '';
in attrset:
let makedevs = activateScript attrset;
in stdenv.mkDerivation { in stdenv.mkDerivation {
name="make-stuff"; name="system-configuration";
src = ./.; src = ./.;
CFLAGS = "-Os"; CFLAGS = "-Os";
LDFLAGS = "-static -Xlinker -static"; LDFLAGS = "-static -Xlinker -static";
postConfigure = '' postConfigure = ''
cp ${makedevs} makedevs.c cp ${activateScript} activate.c
''; '';
makeFlags = ["makedevs"]; makeFlags = ["activate"];
installPhase = '' installPhase = ''
closure=${closureInfo { rootPaths = [ makedevs ]; }} closure=${closureInfo { rootPaths = [ activateScript ]; }}
mkdir -p $out/bin $out/etc mkdir -p $out/bin $out/etc
cp $closure/store-paths $out/etc/nix-store-paths cp $closure/store-paths $out/etc/nix-store-paths
$STRIP --remove-section=.note --remove-section=.comment --strip-all makedevs -o $out/bin/activate $STRIP --remove-section=.note --remove-section=.comment --strip-all activate -o $out/bin/activate
ln -s ${s6-init-bin}/bin/init $out/bin/init ln -s ${s6-init-bin}/bin/init $out/bin/init
cp -p ${writeFennel "restart-services" {} ./restart-services.fnl} $out/bin/restart-services cp -p ${writeFennel "restart-services" {} ./restart-services.fnl} $out/bin/restart-services
# obfuscate the store path of min-copy-closure so that the output
# closure doesn't include a bunch of build system stuff
f=${buildPackages.min-copy-closure}; f=$(echo $f | sed 's/\(.....\)/\1_/g')
substitute ${./build-system-install.sh} $out/install.sh --subst-var-by min-copy-closure $f
chmod +x $out/install.sh
cat > $out/bin/install <<EOF cat > $out/bin/install <<EOF
#!/bin/sh -e #!/bin/sh -e
prefix=\''${1-/} prefix=\''${1-/}

16
pkgs/tufted/tufted.fnl
View File

@ -16,10 +16,18 @@
(print (.. "TFTP serving from " options.base-directory)) (print (.. "TFTP serving from " options.base-directory))
(fn merge-pathname [directory filename] ;; this is a copy of anoia append-path
(if (directory:match "/$") (fn merge-pathname [dirname filename]
(.. directory filename) (let [base (or (string.match dirname "(.*)/$") dirname)
(.. directory "/" filename))) result []]
(each [component (string.gmatch filename "([^/]+)")]
(if (and (= component "..") (> (# result) 0))
(table.remove result)
(= component "..")
(error "path traversal attempt")
true
(table.insert result component)))
(.. base "/" (table.concat result "/"))))
(-> (->
(tftp:listen (tftp:listen

1
shell.nix
View File

@ -3,7 +3,6 @@ let
liminix = (import ./default.nix { liminix = (import ./default.nix {
device = (import ./devices/qemu); device = (import ./devices/qemu);
liminix-config = ./vanilla-configuration.nix; liminix-config = ./vanilla-configuration.nix;
inherit nixpkgs;
}); });
here = builtins.toString ./.; here = builtins.toString ./.;
in liminix.buildEnv.overrideAttrs (o: { in liminix.buildEnv.overrideAttrs (o: {

2
tests/jffs2/configuration.nix
View File

@ -4,7 +4,7 @@ let
in { in {
imports = [ imports = [
../../vanilla-configuration.nix ../../vanilla-configuration.nix
../../modules/squashfs.nix ../../modules/outputs/squashfs.nix
../../modules/outputs/jffs2.nix ../../modules/outputs/jffs2.nix
]; ];
config.rootfsType = "jffs2"; config.rootfsType = "jffs2";