Package: guix-patches;
Reported by: Vincent Legoll <vincent.legoll <at> gmail.com>
Date: Sun, 12 Apr 2020 18:00:02 UTC
Severity: normal
Tags: patch
Done: Vincent Legoll <vincent.legoll <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40579 in the body.
You can then email your comments to 40579 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Sun, 12 Apr 2020 18:00:02 GMT) Full text and rfc822 format available.Vincent Legoll <vincent.legoll <at> gmail.com>
:guix-patches <at> gnu.org
.
(Sun, 12 Apr 2020 18:00:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: guix-patches <at> gnu.org Subject: [RFC PATCH] add iPXE. Date: Sun, 12 Apr 2020 19:59:05 +0200
[Message part 1 (text/plain, inline)]
Here is a patch for review that adds iPXE. The licensing is "interesting", see: https://ipxe.org/licensing Is that a problem ? There was no real install target in makefile, so I added one, any hints on how to write that in a cleaner way ? I've put all firmware & rom images in $(out)/bin Is there a better subdirectory to put such files ? The double with-directory-excursion could be handled with a single phase cd'ing into src, but I can't find where I've seen that... WDYT ? -- Vincent Legoll
[0001-gnu-Add-iPXE.patch (text/x-patch, attachment)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Sun, 12 Apr 2020 18:48:02 GMT) Full text and rfc822 format available.Message #8 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: 40579 <at> debbugs.gnu.org Subject: Re: [bug#40579] [RFC PATCH] add iPXE. Date: Sun, 12 Apr 2020 20:47:23 +0200
[Message part 1 (text/plain, inline)]
Vincent, Thank you! Brief review, will build & maybe notice more later: Vincent Legoll 写道: > The licensing is "interesting", see: > > https://ipxe.org/licensing > > Is that a problem ? Could you elaborate? What's "interesting" about it? That all looks very boring and straightforward to me (which is good! :-) — the result is GPL2-only, no? + (file-name (string-append name "-" version "-checkout")) You can use the GIT-FILE-NAME helper here. + `(#:phases (modify-phases %standard-phases Aside: I'd indent arguments' #:keywords as + `(#:phases + (modify-phases %standard-phases to give you more breathing room at deeper indentation levels. It's not needed now, but if someone were to add a new phase they might have to do annoying things, or re-indent the entire thing later, causing noise. Maybe that's just me though. + (add-after 'unpack 'add-real-make-install + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "src/Makefile" + (("^install :") + (string-append "install :" + "\n\t@$(MKDIR) -p " + (assoc-ref outputs "out") "/bin" + "\n\t@$(CP) $(ALL) " + (assoc-ref outputs "out") "/bin" + "\n\n__old_install :"))) Interesting approach! I'm OK with it; looking at ALL it wouldn't be more readable or future-proff to use FIND-FILES & Scheme. /bin is not the right place for these files. /lib/ipxe looks to be the standard; let's use that. + (replace 'build + (lambda _ (with-directory-excursion "src" + (invoke "make" "-j" (number->string + (parallel-job-count)))))) Let's, instead: (add-after 'unpack 'enter-source-directory (lambda _ (chdir "src") #t)) Don't worry, the state can't hurt you now. Now we can keep the standard build & install phases. It might be necessary to add a ‘leave-source-directory’ after 'install to make sure the licence files are still installed to share/doc/. + #:tests? #f)) → #:tests? #f)) ; no test suite + (native-inputs Nitpick: sort? :-) + (synopsis "PXE-compliant network boot firmware") I personally like the ‘these are just boot loaders’ angle, but would users expect to find this in (gnu packages firmware) instead? Shrug. + (license license:gpl2+))) ‘gpl2’ as mentioned above. If you feel like it (there aren't that many files) you could list the licences for each output binary, but that's optional. The combined work appears to be GPL2. Kind regards, T G-R
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Sun, 12 Apr 2020 18:59:02 GMT) Full text and rfc822 format available.Message #11 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: 40579 <at> debbugs.gnu.org Subject: Re: [bug#40579] [RFC PATCH] add iPXE. Date: Sun, 12 Apr 2020 20:58:15 +0200
[Message part 1 (text/plain, inline)]
Tobias Geerinckx-Rice 写道: > Brief review, will build & maybe notice more later: Such as: we don't ship static (.a) libraries in Guix unless something else (in Guix) needs them. Can we delete the 5.6-MiB blib.a? Kind regards, T G-R
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Sun, 12 Apr 2020 19:47:02 GMT) Full text and rfc822 format available.Message #14 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: 40579 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#40579] [RFC PATCH] add iPXE. Date: Sun, 12 Apr 2020 21:46:09 +0200
[Message part 1 (text/plain, inline)]
Hi, On Sun, 12 Apr 2020 20:47:23 +0200 Tobias Geerinckx-Rice via Guix-patches via <guix-patches <at> gnu.org> wrote: > Could you elaborate? What's "interesting" about it? That all > looks very boring and straightforward to me (which is good! :-) — > the result is GPL2-only, no? No, there are different makefile targets (rom output filenames) which will result in different parts of ipxe to be built and included in the output. There's special makefile targets for each of these targets to determine the license that applies to each of the latter targets, respectively. Unfortunately, there's no "all.license" target. > /bin is not the right place for these files. /lib/ipxe looks to > be the standard; let's use that. I agree. > Let's, instead: > > (add-after 'unpack 'enter-source-directory > (lambda _ (chdir "src") #t)) > > Don't worry, the state can't hurt you now. Now we can keep the > standard build & install phases. I agree. > If you feel like it (there aren't that many files) you could list > the licences for each output binary, but that's optional. The > combined work appears to be GPL2. Does it? Did you try to make all of the targets' license targets? P.S. The following ROMs are not reproducible: 10222000.rom GPL2 10500940.rom GPL2 10ec8139.rom GPL2 15ad07b0.rom GPL2+ 1af41000.rom GPL2+ 8086100e.mrom GPL2+ 8086100f.mrom GPL2+ 808610d3.mrom GPL2+ 80861209.rom GPL2+ ipxe.iso license checker doesn't work rtl8139.rom GPL2 which are ALL of them except blib.a, ipxe.dsk, ipxe.lkrn, ipxe.pxe, ipxe.usb and undionly.kpxe (this one has GPL2+) (which are not roms). Note: Maybe also pass make-flags to overwrite those: ./Makefile.housekeeping:ECHO_E_BIN_ECHO := /bin/echo ./Makefile.housekeeping:ECHO_E_BIN_ECHO_E := /bin/echo -e
[Message part 2 (application/pgp-signature, inline)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Sun, 12 Apr 2020 21:19:02 GMT) Full text and rfc822 format available.Message #17 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: 40579 <at> debbugs.gnu.org Subject: Re: [bug#40579] [RFC PATCH] add iPXE. Date: Sun, 12 Apr 2020 23:18:21 +0200
[Message part 1 (text/plain, inline)]
Hullo Danny, Danny Milosavljevic 写道: > Tobias Geerinckx-Rice via Guix-patches via > <guix-patches <at> gnu.org> wrote: > >> Could you elaborate? What's "interesting" about it? That all >> looks very boring and straightforward to me (which is good! :-) >> — >> the result is GPL2-only, no? > > No, there are different makefile targets (rom output filenames) > which will > result in different parts of ipxe to be built and included in > the output. > > There's special makefile targets for each of these targets to > determine > the license that applies to each of the latter targets, > respectively. OK. This was already clear. I'm now convinced that this whole make target thing is a misunderstanding and a distraction: iPXE licencing is not, in any way, ‘generated on the fly by make rules’ or ‘unclear’ or ‘interesting’. It's boring. It's good. It's GPL2. λ grep -hr '^FILE_LICENCE ( .* );' * | sort -u FILE_LICENCE ( BSD2 ); FILE_LICENCE ( BSD3 ); FILE_LICENCE ( GPL2_ONLY ); FILE_LICENCE ( GPL2_OR_LATER ); FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); FILE_LICENCE ( GPL_ANY ); FILE_LICENCE ( MIT ); FILE_LICENCE ( PUBLIC_DOMAIN ); Just a normal Free software package. Happens to bundle a Perl script similar to <https://linux.die.net/man/1/licensecheck> (but less useful). Nothing to see here. > Did you try to make all of the targets' license targets? No. I hope I've shown they're irrelevant now. What is relevant is that some files are missing licence headers (e.g. drivers/net/tg3/tg3_phy.c). However, this is so common as to be standard (Guix wouldn't exist if we demanded headers in every file) and COPYING says that these are licenced under ‘the GPL’. That's… acceptable. > P.S. The following ROMs are not reproducible: > > 10222000.rom GPL2 > 10500940.rom GPL2 > 10ec8139.rom GPL2 > 15ad07b0.rom GPL2+ > 1af41000.rom GPL2+ > 8086100e.mrom GPL2+ > 8086100f.mrom GPL2+ > 808610d3.mrom GPL2+ > 80861209.rom GPL2+ > ipxe.iso license checker doesn't work > rtl8139.rom GPL2 Ooh, thanks for catching that. I noticed that Debian installs a very different set of file( name)s[0] than we do. I don't know what that means though. Kind regards, T G-R [0]: https://packages.debian.org/sid/all/ipxe/filelist https://packages.debian.org/sid/all/ipxe-qemu/filelist
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Sun, 12 Apr 2020 23:29:02 GMT) Full text and rfc822 format available.Message #20 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: 40579 <at> debbugs.gnu.org Cc: Vincent Legoll <vincent.legoll <at> gmail.com> Subject: [PATCH v2] gnu: Add iPXE. Date: Mon, 13 Apr 2020 01:28:31 +0200
From: Vincent Legoll <vincent.legoll <at> gmail.com> * gnu/packages/bootloaders.scm (ipxe): New variable. Co-authored-by Tobias Geerinckx-Rice <me <at> tobias.gr> --- Vincent, Danny, Danny Milosavljevic wrote: > P.S. The following ROMs are not reproducible: The ROMS were easily fixed by setting BUILD_ID_CMD to a static string. The ISO was a pain. cdrtools' mkisofs seems to predate the concept of reproducible builds. Switching to the modern Xorriso exposed another bug: we weren't setting ISOLINUX_BIN, and cdrtools' mkisofs happily created an ISO that probably never worked(?). Luckily, Xorriso complained loudly. The image still isn't reproducible, but it has much fewer dates in it now and it actually boots ;-) [citation needed]. I've silenced some other annoying warnings during the build, and applied some of my suggestions from my previous mail (not all though — please do send a V3). Neither mtools nor XZ were ever used. Why were they there? Kind regards, T G-R gnu/packages/bootloaders.scm | 70 +++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index cadcc937e1..112b079c1b 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -7,10 +7,11 @@ ;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym <at> scratchpost.org> ;;; Copyright © 2016, 2017 David Craven <david <at> craven.ch> ;;; Copyright © 2017, 2018 Efraim Flashner <efraim <at> flashner.co.il> -;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me <at> tobias.gr> +;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me <at> tobias.gr> ;;; Copyright © 2019 nee <nee <at> cock.li> ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe <at> gmail.com> ;;; Copyright © 2020 Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> +;;; Copyright © 2020 Vincent Legoll <vincent.legoll <at> gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -834,6 +835,73 @@ to Novena upstream, does not load u-boot.img from the first partition.") `(("firmware" ,arm-trusted-firmware-rk3399) ,@(package-native-inputs base)))))) +(define-public ipxe + (package + (name "ipxe") + (version "1.20.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ipxe/ipxe") + (commit (string-append "v" version)))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags + (list "ECHO_E_BIN_ECHO=echo" + "ECHO_E_BIN_ECHO_E=echo -e" + + ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin! + ;; Luckily xorriso is more strict. + (string-append "ISOLINUX_BIN=" (assoc-ref %build-inputs "syslinux") + "/share/syslinux/isolinux.bin") + + ;; Build reproducibly. + "BUILD_ID_CMD=echo -n 0x78697547") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source-directory + (lambda _ (chdir "src") #t)) + (add-before 'configure 'add-make-install-target + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (ipxe (string-append out "/share/ipxe"))) + (substitute* "Makefile" + (("^install :") + (string-append "install :" + "\n\t@$(MKDIR) -p " ipxe + "\n\t@$(CP) $(ALL) " ipxe + "\n\n__old_install :"))) + #t))) + (add-before 'configure 'use-xorriso + ;; Use xorriso's mkisofs emulation, which is better maintained and + ;; respects SOURCE_DATE_EPOCH to create a reproducible image. + (lambda _ + (substitute* "util/geniso" + ((" genisoimage ") " \"xorriso -as mkisofs\" ")) + #t)) + (delete 'configure) ; no configure script + (add-after 'install 'leave-source-directory + (lambda _ (chdir "..") #t))) + #:tests? #f)) ; no test suite + (native-inputs + `(("perl" ,perl) + ("syslinux" ,syslinux) + ("xorriso" ,xorriso))) + (home-page "https://ipxe.org") + (synopsis "PXE-compliant network boot firmware") + (description "iPXE is a network boot firmware. It provides a full PXE +implementation enhanced with additional features such as booting from: a web +server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a +wireless network, a wide-area network, an Infiniband network. It allows to +control the boot process with a script. You can use iPXE to replace the +existing PXE ROM on your network card, or you can chainload into iPXE to obtain +the features of iPXE without the hassle of reflashing.") + (license license:gpl2+))) + (define-public vboot-utils (package (name "vboot-utils") -- 2.25.2
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 14 Apr 2020 15:12:02 GMT) Full text and rfc822 format available.Message #23 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: Tobias Geerinckx-Rice <me <at> tobias.gr>, 40579 <at> debbugs.gnu.org Subject: Re: [PATCH v3] gnu: Add iPXE. Date: Tue, 14 Apr 2020 17:11:29 +0200
[Message part 1 (text/plain, inline)]
Hello, On 13/04/2020 01:28, Tobias Geerinckx-Rice wrote: > The image still isn't reproducible, but it has much fewer dates in it > now and it actually boots ;-) [citation needed]. I tried it in qemu, got confused by its own ipxe stack, but I think it then went to isolinux which is from the ipxe.iso image... > I've silenced some other annoying warnings during the build, and > applied some of my suggestions from my previous mail (not all though — > please do send a V3). This new patch has the following changes: * used git-file-name * build everything, as I didn't know what subset to choose * install everything in ...-ipxe-1.20.1/lib/ipxe with subdirs for per-arch binaries: bin-i386, etc. You spoke about lib but put them in share, so I choose to change to the former * do the install phase in scheme, as it was easier to handle the above item than to generate a proper makefile target * only install files with specified extensions, this will get rid of the .a and other irrelevant files > Neither mtools nor XZ were ever used. Why were they there? I initially added the inputs in bulk from the build instructions on the website, and forgot to check their usefulness before sending the patch RFC. -- Vincent Legoll
[0001-gnu-Add-iPXE.patch (text/x-patch, attachment)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Wed, 15 Apr 2020 20:42:01 GMT) Full text and rfc822 format available.Message #26 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: Tobias Geerinckx-Rice via Guix-patches via <guix-patches <at> gnu.org> Cc: Vincent Legoll <vincent.legoll <at> gmail.com>, 40579 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#40579] [PATCH v2] gnu: Add iPXE. Date: Wed, 15 Apr 2020 22:41:34 +0200
[Message part 1 (text/plain, inline)]
Thanks. ipxe.iso is not reproducible it seems. --- /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1 +++ /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1-check ├── share │ ├── ipxe │ │ ├── ipxe.iso │ │ │┄ xxd not available in path. Falling back to Python hexlify. │ │ │┄ 'isoinfo' not available in path. Falling back to binary comparison. │ │ │ @@ -7,15 +7,15 @@ │ │ │ 206d697373696e67206f7220636f72727570742e0d0a66606631d2660306f87b │ │ │ 661316fc7b6652665006536a016a1089e666f736e87bc0e40688e188c592f636 │ │ │ ee7b88c608e141b801028a16f27bcd138d64106661c3e81e004f706572617469 │ │ │ 6e672073797374656d206c6f6164206572726f722e0d0a5eacb40e8a3e6204b3 │ │ │ 07cd103c0a75f1cd18f4ebfd0000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ -0000000000000000000000000000000088000000000000005e67d53200008000 │ │ │ +00000000000000000000000000000000880000000000000067458b6b00008000 │ │ │ 0100173f20000000000000080000000000000000000000000000000000000000 │ │ │ 00000000000000000000000000000000000000000000000000000000000055aa │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ @@ -1023,15 +1023,15 @@ │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0143443030310100202020202020202020202020202020202020202020202020 │ │ │ 2020202020202020695058452020202020202020202020202020202020202020 │ │ │ 2020202020202020000000000000000070010000000001700000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000100000101000001 │ │ │ 000808000a0000000000000a1500000000000000000000160000000022001300 │ │ │ -000000000013000800000000080078040f142712000200000100000101002020 │ │ │ +000000000013000800000000080078040f142617000200000100000101002020 │ │ │ 2020202020202020202020202020202020202020202020202020202020202020 │ │ │ 2020202020202020202020202020202020202020202020202020202020202020 │ │ │ 2020202020202020202020202020202020202020202020202020202020202020 │ │ │ 2020202020202020202020202020202020202020202020202020202020204854 │ │ │ 54503a2f2f495058452e4f52472f202020202020202020202020202020202020 │ │ │ 2020202020202020202020202020202020202020202020202020202020202020 │ │ │ 2020202020202020202020202020202020202020202020202020202020202020 │ │ │ @@ -1210,37 +1210,37 @@ │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ 0000000000000000000000000000000000000000000000000000000000000000 │ │ │ -84001300000000000013000800000000080078040f1427120002000001000001 │ │ │ +84001300000000000013000800000000080078040f1426170002000001000001 │ │ │ 010053500701beef0050582401c0410000000041c00100000000000001e70300 │ │ │ -00000003e7307500000000753054461a010e78040f1427120078040f14271200 │ │ │ -78040f1427120043451c0114000000000000140000000000000000ed00000000 │ │ │ -0000ed0060001300000000000013000800000000080078040f14271200020000 │ │ │ +00000003e7307500000000753054461a010e78040f1426170078040f14261700 │ │ │ +78040f1426170043451c0114000000000000140000000000000000ed00000000 │ │ │ +0000ed0060001300000000000013000800000000080078040f14261700020000 │ │ │ 01000001010150582401c0410000000041c00100000000000001e70300000000 │ │ │ -03e7307500000000753054461a010e78040f1427120078040f1427120078040f │ │ │ -1427120078002100000000000021000800000000080046010100000100000000 │ │ │ +03e7307500000000753054461a010e78040f1426170078040f1426170078040f │ │ │ +1426170078002100000000000021000800000000080046010100000100000000 │ │ │ 010000010a626f6f742e6361743b310050582401008100000000810001000000 │ │ │ 00000001e7030000000003e7307500000000753054461a010e46010100000100 │ │ │ 46010100000100460101000001004e4d0d0100626f6f742e6361740078003700 │ │ │ -000000000037c50a050000050ac578040f14271200000000010000010a697078 │ │ │ +000000000037c50a050000050ac578040f14261700000000010000010a697078 │ │ │ 652e6b726e3b310050582401a4810000000081a40100000000000001e7030000 │ │ │ -000003e7307500000000753054461a010e78040f1427120078040f1427120078 │ │ │ -040f142712004e4d0d0100697078652e6b726e008000220000000000002200a8 │ │ │ -00000000a80078040f14271200000000010000010e69736f6c696e75782e6269 │ │ │ +000003e7307500000000753054461a010e78040f1426170078040f1426170078 │ │ │ +040f142617004e4d0d0100697078652e6b726e008000220000000000002200a8 │ │ │ +00000000a80078040f14261700000000010000010e69736f6c696e75782e6269 │ │ │ 6e3b31005058240124810000000081240100000000000001e7030000000003e7 │ │ │ -307500000000753054461a010e78040f1427120078040f1427120078040f1427 │ │ │ -12004e4d11010069736f6c696e75782e62696e008000d9000000000000d99200 │ │ │ -00000000009278040f14271200000000010000010e69736f6c696e75782e6366 │ │ │ +307500000000753054461a010e78040f1426170078040f1426170078040f1426 │ │ │ +17004e4d11010069736f6c696e75782e62696e008000d9000000000000d99200 │ │ │ +00000000009278040f14261700000000010000010e69736f6c696e75782e6366 │ │ │ 673b310050582401a4810000000081a40100000000000001e7030000000003e7 │ │ │ -307500000000753054461a010e78040f1427120078040f1427120078040f1427 [...] Otherwise really cool!
[Message part 2 (application/pgp-signature, inline)]
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Wed, 15 Apr 2020 20:42:02 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Wed, 15 Apr 2020 20:56:02 GMT) Full text and rfc822 format available.Message #32 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: Danny Milosavljevic <dannym <at> scratchpost.org>, Tobias Geerinckx-Rice via Guix-patches via <guix-patches <at> gnu.org> Cc: 40579 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#40579] [PATCH v2] gnu: Add iPXE. Date: Wed, 15 Apr 2020 22:55:04 +0200
Hello, On 15/04/2020 22:41, Danny Milosavljevic wrote: > ipxe.iso is not reproducible it seems. > > --- /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1 > +++ /gnu/store/gbik17qks3cijj2jazx9a6z1v7a5mari-ipxe-1.20.1-check > ├── share > │ ├── ipxe > │ │ ├── ipxe.iso > │ │ │┄ xxd not available in path. Falling back to Python hexlify. > │ │ │┄ 'isoinfo' not available in path. Falling back to binary comparison. > [...] > > Otherwise really cool! I'll try to have a look, but that's a first for me... Does this prevent merging ? -- Vincent Legoll
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Wed, 15 Apr 2020 20:56:02 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 09 Jun 2020 19:33:02 GMT) Full text and rfc822 format available.Message #38 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Brice Waegeneire <brice <at> waegenei.re> To: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: vincent.legoll <at> gmail.com, 40579 <at> debbugs.gnu.org, me <at> tobias.gr Subject: Re: [bug#40579] [PATCH v2] gnu: Add iPXE. Date: Tue, 09 Jun 2020 21:31:43 +0200
[Message part 1 (text/plain, inline)]
Hello Vincent, Tobias, Danny, Danny Milosavljevic <dannym <at> scratchpost.org> writes: > ipxe.iso is not reproducible it seems. > > [...] The attached patch should be reproducible, it is based on v3 from Vincent. It adds the following: - generate a BUILD_ID based on the package's output hash - use 'let' to set BUILD_TIMESTAMP - set some useful options - add a patch that reset the timestamps of ipxe.iso - Brice
[Message part 2 (text/plain, inline)]
From 5d6acaa49844ce1ad3f8ca4cba74be695901fb24 Mon Sep 17 00:00:00 2001 From: Vincent Legoll <vincent.legoll <at> gmail.com> Date: Mon, 13 Apr 2020 01:28:31 +0200 Subject: [PATCH v4] gnu: Add iPXE. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/bootloaders.scm (ipxe): New variable. * gnu/packages/patches/ipxe-reproducible-geniso.patch: New file … * gnu/local.mk (dist_patch_DATA): … add it. Co-authored-by: Tobias Geerinckx-Rice <me <at> tobias.gr> Co-authored-by: Brice Waegeneire <brice <at> waegenei.re> --- gnu/local.mk | 1 + gnu/packages/bootloaders.scm | 122 ++++++++++++++++++ .../patches/ipxe-reproducible-geniso.patch | 78 +++++++++++ 3 files changed, 201 insertions(+) create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch diff --git a/gnu/local.mk b/gnu/local.mk index 33b344d41b..92ad64135a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1105,6 +1105,7 @@ dist_patch_DATA = \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \ + %D%/packages/patches/ipxe-reproducible-geniso.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jacal-fix-texinfo.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index ea80cf020e..c819c903e8 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -14,6 +14,8 @@ ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke <at> gnu.org> ;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant <at> debian.org> ;;; Copyright © 2020 Pierre Langlois <pierre.langlois <at> gmx.com> +;;; Copyright © 2020 Vincent Legoll <vincent.legoll <at> gmail.com> +;;; Copyright © 2020 Brice Waegeneire <brice <at> waegenei.re> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1068,3 +1070,123 @@ systems so that they can be added to the bootloader. It also works out how to boot existing GNU/Linux systems and detects what distribution is installed in order to add a suitable bootloader menu entry.") (license license:gpl2+))) + +(define-public ipxe + ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version + ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system. + ;; + ;; TODO: Bump this timestamp at each modifications of the package (not only + ;; for updates) by running: date +%s. + (let ((timestamp "1591706427")) + (package + (name "ipxe") + (version "1.20.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ipxe/ipxe") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (patches (search-patches "ipxe-reproducible-geniso.patch")) + (sha256 + (base32 + "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp")))) + (build-system gnu-build-system) + (arguments + `(#:modules ((guix build utils) + (guix build gnu-build-system) + (guix base32) + (ice-9 string-fun) + (ice-9 regex) + (rnrs bytevectors)) + #:imported-modules ((guix base32) + ,@%gnu-build-system-modules) + #:make-flags + ;; XXX: 'BUILD_ID' is used to determine when another ROM in the + ;; system contains identical code in order to save space within the + ;; legacy BIOS option ROM area, which is extremely limited in size. + ;; It is supposed to be collision-free across all ROMs, to do so we + ;; use the truncated output hash of the package. + (let ((build-id + (lambda (out) + (let* ((nix-store (string-append + (or (getenv "NIX_STORE") "/gnu/store") + "/")) + (filename + (string-replace-substring out nix-store "")) + (hash (match:substring (string-match "[0-9a-z]{32}" + filename))) + (bv (nix-base32-string->bytevector hash))) + (format #f "0x~x" + (bytevector-u32-ref bv 0 (endianness big)))))) + (out (assoc-ref %outputs "out")) + (syslinux (assoc-ref %build-inputs "syslinux"))) + (list "ECHO_E_BIN_ECHO=echo" + "ECHO_E_BIN_ECHO_E=echo -e" + + ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin! + ;; Luckily xorriso is more strict. + (string-append "ISOLINUX_BIN=" syslinux + "/share/syslinux/isolinux.bin") + (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux + "/share/syslinux/isohdpfx.bin") + + ;; Build reproducibly. + (string-append "BUILD_ID_CMD=echo -n " (build-id out)) + (string-append "BUILD_TIMESTAMP=" ,timestamp) + "everything")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source-directory + (lambda _ (chdir "src") #t)) + (add-after 'enter-source-directory 'set-options + (lambda _ + (substitute* "config/general.h" + (("^//(#define PING_CMD.*)" _ uncommented) uncommented) + (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented) + uncommented) + (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option) + (string-append "#define " option)) + (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option) + (string-append "#define " option))) + #t)) + (delete 'configure) ; no configure script + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (ipxe (string-append out "/lib/ipxe")) + (exts-re + "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$") + (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios" + "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi")) + (files (apply append + (map (lambda (dir) + (find-files dir exts-re)) dirs)))) + (for-each (lambda (file) + (let* ((subdir (dirname file)) + (fn (basename file)) + (tgtsubdir (cond + ((string=? "bin" subdir) "") + ((string-prefix? "bin-" subdir) + (string-drop subdir 4))))) + (install-file file + (string-append ipxe "/" tgtsubdir)))) + files)) + #t)) + (add-after 'install 'leave-source-directory + (lambda _ (chdir "..") #t))) + #:tests? #f)) ; no test suite + (native-inputs + `(("perl" ,perl) + ("syslinux" ,syslinux) + ("xorriso" ,xorriso))) + (home-page "https://ipxe.org") + (synopsis "PXE-compliant network boot firmware") + (description "iPXE is a network boot firmware. It provides a full PXE +implementation enhanced with additional features such as booting from: a web +server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a +wireless network, a wide-area network, an Infiniband network. It allows to +control the boot process with a script. You can use iPXE to replace the +existing PXE ROM on your network card, or you can chainload into iPXE to obtain +the features of iPXE without the hassle of reflashing.") + (license license:gpl2+)))) diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/packages/patches/ipxe-reproducible-geniso.patch new file mode 100644 index 0000000000..d3c97c3085 --- /dev/null +++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch @@ -0,0 +1,78 @@ +From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001 +From: Brice Waegeneire <brice <at> waegenei.re> +Date: Fri, 5 Jun 2020 14:38:43 +0200 +Subject: [PATCH] [geniso] Make it reproducible + +Some timestamps get embedded in the generated ISO, making it +unreproducible so we overwrite those timestamps to be at the UNIX epoch. +--- + src/util/geniso | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/util/geniso b/src/util/geniso +index ff090d4a..e032ffb0 100755 +--- a/src/util/geniso ++++ b/src/util/geniso +@@ -11,6 +11,13 @@ function help() { + echo " -o FILE save iso image to file" + } + ++function reset_timestamp() { ++ for f in "$1"/*; do ++ touch -t 197001010100 "$f" ++ done ++ touch -t 197001010100 "$1" ++} ++ + LEGACY=0 + FIRST="" + +@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then + exit 1 + fi + +-# There should either be mkisofs or the compatible genisoimage program +-for command in genisoimage mkisofs; do ++# There should either be mkisofs, xorriso or the compatible genisoimage ++# program ++for command in xorriso genisoimage mkisofs; do + if ${command} --version >/dev/null 2>/dev/null; then + mkisofs=(${command}) + break +@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do + done + + if [ -z "${mkisofs}" ]; then +- echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2 ++ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2 + exit 1 ++elif [ "$mkisofs" = "xorriso" ]; then ++ mkisofs+=(-as mkisofs) + fi + + dir=$(mktemp -d bin/iso.dir.XXXXXX) +@@ -115,6 +125,8 @@ case "${LEGACY}" in + exit 1 + fi + ++ reset_timestamp "$dir" ++ + # generate the iso image + "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir} + ;; +@@ -127,6 +139,12 @@ case "${LEGACY}" in + cp ${LDLINUX_C32} ${dir} + fi + ++ reset_timestamp "$dir" ++ ++ if [ "${mkisofs[0]}" = "xorriso" ]; then ++ mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH") ++ fi ++ + # generate the iso image + "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir} + +-- +2.26.2 + -- 2.26.2
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 09 Jun 2020 20:00:02 GMT) Full text and rfc822 format available.Message #41 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: Brice Waegeneire <brice <at> waegenei.re>, Danny Milosavljevic <dannym <at> scratchpost.org> Cc: 40579 <at> debbugs.gnu.org, me <at> tobias.gr Subject: Re: [bug#40579] [PATCH v2] gnu: Add iPXE. Date: Tue, 9 Jun 2020 21:58:55 +0200
Hello, On 09/06/2020 21:31, Brice Waegeneire wrote: > Danny Milosavljevic <dannym <at> scratchpost.org> writes: > >> ipxe.iso is not reproducible it seems. >> >> [...] > > The attached patch should be reproducible, it is based on v3 from > Vincent. > > It adds the following: > - generate a BUILD_ID based on the package's output hash > - use 'let' to set BUILD_TIMESTAMP > - set some useful options > - add a patch that reset the timestamps of ipxe.iso Nice and thanks for taking care of this, I've got less time to contribute lately. Did you try to upstream the reproducibility patch ? Should be straightforward enough. -- Vincent Legoll
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 09 Jun 2020 20:12:02 GMT) Full text and rfc822 format available.Message #44 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Brice Waegeneire <brice <at> waegenei.re> To: Vincent Legoll <vincent.legoll <at> gmail.com> Cc: Danny Milosavljevic <dannym <at> scratchpost.org>, 40579 <at> debbugs.gnu.org, me <at> tobias.gr Subject: Re: [bug#40579] [PATCH v2] gnu: Add iPXE. Date: Tue, 09 Jun 2020 22:11:43 +0200
Vincent Legoll <vincent.legoll <at> gmail.com> writes: > On 09/06/2020 21:31, Brice Waegeneire wrote: >> Danny Milosavljevic <dannym <at> scratchpost.org> writes: >> >>> ipxe.iso is not reproducible it seems. >>> >>> [...] >> The attached patch should be reproducible, it is based on v3 from >> Vincent. >> It adds the following: >> - generate a BUILD_ID based on the package's output hash >> - use 'let' to set BUILD_TIMESTAMP >> - set some useful options >> - add a patch that reset the timestamps of ipxe.iso > > Nice and thanks for taking care of this, I've got less time to > contribute lately. > > Did you try to upstream the reproducibility patch ? > Should be straightforward enough. No problem :) No I didn't submit it to upstream, I got frighten by the answers to a much smaller patch from a Debian team member about reproduciblity[0][1]. Those threads were useful to make our build reproducible tho. [0]: https://lists.ipxe.org/pipermail/ipxe-devel/2020-May/007023.html [1]: https://lists.ipxe.org/pipermail/ipxe-devel/2020-May/007051.html - Brice
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 12 Jan 2021 21:02:01 GMT) Full text and rfc822 format available.Message #47 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: Brice Waegeneire <brice <at> waegenei.re> Cc: Danny Milosavljevic <dannym <at> scratchpost.org>, 40579 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr> Subject: Re: [bug#40579] [PATCH v2] gnu: Add iPXE. Date: Tue, 12 Jan 2021 22:01:29 +0100
Hello, I'll try to forward-port this latest version, then update to 1.21.1 and resubmit here -- Vincent Legoll
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 12 Jan 2021 21:45:02 GMT) Full text and rfc822 format available.Message #50 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: 40579 <at> debbugs.gnu.org Cc: dannym <at> scratchpost.org, me <at> tobias.gr, brice <at> waegenei.re, Vincent Legoll <vincent.legoll <at> gmail.com> Subject: [PATCH 2/2] gnu: ipxe: Update to 1.21.1. Date: Tue, 12 Jan 2021 22:44:19 +0100
* gnu/packages/bootloaders.scm (ipxe): Update to 1.21.1. --- gnu/packages/bootloaders.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 38dba4cebd..88abe29a1e 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -1107,7 +1107,7 @@ order to add a suitable bootloader menu entry.") (let ((timestamp "1591706427")) (package (name "ipxe") - (version "1.20.1") + (version "1.21.1") (source (origin (method git-fetch) (uri (git-reference @@ -1117,7 +1117,7 @@ order to add a suitable bootloader menu entry.") (patches (search-patches "ipxe-reproducible-geniso.patch")) (sha256 (base32 - "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp")))) + "1pkf1n1c0rdlzfls8fvjvi1sd9xjd9ijqlyz3wigr70ijcv6x8i9")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build utils) -- 2.30.0
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 12 Jan 2021 21:45:02 GMT) Full text and rfc822 format available.Message #53 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: 40579 <at> debbugs.gnu.org Cc: dannym <at> scratchpost.org, me <at> tobias.gr, brice <at> waegenei.re, Vincent Legoll <vincent.legoll <at> gmail.com> Subject: [PATCH 1/2] gnu: Add iPXE. Date: Tue, 12 Jan 2021 22:44:18 +0100
* gnu/packages/bootloaders.scm (ipxe): New variable. * gnu/packages/patches/ipxe-reproducible-geniso.patch: New file … * gnu/local.mk (dist_patch_DATA): … add it. Co-authored-by: Tobias Geerinckx-Rice <me <at> tobias.gr> Co-authored-by: Brice Waegeneire <brice <at> waegenei.re> --- gnu/local.mk | 1 + gnu/packages/bootloaders.scm | 125 +++++++++++++++++- .../patches/ipxe-reproducible-geniso.patch | 77 +++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ipxe-reproducible-geniso.patch diff --git a/gnu/local.mk b/gnu/local.mk index bcf7ee0245..eb28104add 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1184,6 +1184,7 @@ dist_patch_DATA = \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \ %D%/packages/patches/iputils-libcap-compat.patch \ + %D%/packages/patches/ipxe-reproducible-geniso.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/json-c-CVE-2020-12762.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 9ca574a151..38dba4cebd 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -7,12 +7,14 @@ ;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym <at> scratchpost.org> ;;; Copyright © 2016, 2017 David Craven <david <at> craven.ch> ;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim <at> flashner.co.il> -;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me <at> tobias.gr> +;;; Copyright © 2018, 2019, 2020, 2021 Tobias Geerinckx-Rice <me <at> tobias.gr> ;;; Copyright © 2019 nee <nee <at> cock.li> ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe <at> gmail.com> ;;; Copyright © 2020 Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> ;;; Copyright © 2018, 2019, 2020 Vagrant Cascadian <vagrant <at> debian.org> ;;; Copyright © 2020 Pierre Langlois <pierre.langlois <at> gmx.com> +;;; Copyright © 2021 Vincent Legoll <vincent.legoll <at> gmail.com> +;;; Copyright © 2021 Brice Waegeneire <brice <at> waegenei.re> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1095,3 +1097,124 @@ systems so that they can be added to the bootloader. It also works out how to boot existing GNU/Linux systems and detects what distribution is installed in order to add a suitable bootloader menu entry.") (license license:gpl2+))) + +(define-public ipxe + ;; XXX: 'BUILD_TIMESTAMP' is used to automatically select the newest version + ;; of iPXE if multiple iPXE drivers are loaded concurrently in a UEFI system. + ;; + ;; TODO: Bump this timestamp at each modifications of the package (not only + ;; for updates) by running: date +%s. + (let ((timestamp "1591706427")) + (package + (name "ipxe") + (version "1.20.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ipxe/ipxe") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (patches (search-patches "ipxe-reproducible-geniso.patch")) + (sha256 + (base32 + "0w7h7y97gj9nqvbmsg1zp6zj5mpbbpckqbbx7bpp6k3ahy5fk8zp")))) + (build-system gnu-build-system) + (arguments + `(#:modules ((guix build utils) + (guix build gnu-build-system) + (guix base32) + (ice-9 string-fun) + (ice-9 regex) + (rnrs bytevectors)) + #:imported-modules ((guix base32) + ,@%gnu-build-system-modules) + #:make-flags + ;; XXX: 'BUILD_ID' is used to determine when another ROM in the + ;; system contains identical code in order to save space within the + ;; legacy BIOS option ROM area, which is extremely limited in size. + ;; It is supposed to be collision-free across all ROMs, to do so we + ;; use the truncated output hash of the package. + (let ((build-id + (lambda (out) + (let* ((nix-store (string-append + (or (getenv "NIX_STORE") "/gnu/store") + "/")) + (filename + (string-replace-substring out nix-store "")) + (hash (match:substring (string-match "[0-9a-z]{32}" + filename))) + (bv (nix-base32-string->bytevector hash))) + (format #f "0x~x" + (bytevector-u32-ref bv 0 (endianness big)))))) + (out (assoc-ref %outputs "out")) + (syslinux (assoc-ref %build-inputs "syslinux"))) + (list "ECHO_E_BIN_ECHO=echo" + "ECHO_E_BIN_ECHO_E=echo -e" + + ;; cdrtools' mkisofs will silently ignore a missing isolinux.bin! + ;; Luckily xorriso is more strict. + (string-append "ISOLINUX_BIN=" syslinux + "/share/syslinux/isolinux.bin") + (string-append "SYSLINUX_MBR_DISK_PATH=" syslinux + "/share/syslinux/isohdpfx.bin") + + ;; Build reproducibly. + (string-append "BUILD_ID_CMD=echo -n " (build-id out)) + (string-append "BUILD_TIMESTAMP=" ,timestamp) + "everything")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source-directory + (lambda _ (chdir "src") #t)) + (add-after 'enter-source-directory 'set-options + (lambda _ + (substitute* "config/general.h" + (("^//(#define PING_CMD.*)" _ uncommented) uncommented) + (("^//(#define IMAGE_TRUST_CMD.*)" _ uncommented) + uncommented) + (("^#undef.*(DOWNLOAD_PROTO_HTTPS.*)" _ option) + (string-append "#define " option)) + (("^#undef.*(DOWNLOAD_PROTO_NFS.*)" _ option) + (string-append "#define " option))) + #t)) + (delete 'configure) ; no configure script + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (ipxe (string-append out "/lib/ipxe")) + (exts-re + "\\.(efi|efirom|iso|kkpxe|kpxe|lkrn|mrom|pxe|rom|usb)$") + (dirs '("bin" "bin-i386-linux" "bin-x86_64-pcbios" + "bin-x86_64-efi" "bin-x86_64-linux" "bin-i386-efi")) + (files (apply append + (map (lambda (dir) + (find-files dir exts-re)) dirs)))) + (for-each (lambda (file) + (let* ((subdir (dirname file)) + (fn (basename file)) + (tgtsubdir (cond + ((string=? "bin" subdir) "") + ((string-prefix? "bin-" subdir) + (string-drop subdir 4))))) + (install-file file + (string-append ipxe "/" tgtsubdir)))) + files)) + #t)) + (add-after 'install 'leave-source-directory + (lambda _ (chdir "..") #t))) + #:tests? #f)) ; no test suite + (native-inputs + `(("perl" ,perl) + ("syslinux" ,syslinux) + ("xorriso" ,xorriso))) + (home-page "https://ipxe.org") + (synopsis "PXE-compliant network boot firmware") + (description "iPXE is a network boot firmware. It provides a full PXE +implementation enhanced with additional features such as booting from: a web +server via HTTP, an iSCSI SAN, a Fibre Channel SAN via FCoE, an AoE SAN, a +wireless network, a wide-area network, an Infiniband network. It allows to +control the boot process with a script. You can use iPXE to replace the +existing PXE ROM on your network card, or you can chainload into iPXE to obtain +the features of iPXE without the hassle of reflashing.") + (license license:gpl2+)))) + diff --git a/gnu/packages/patches/ipxe-reproducible-geniso.patch b/gnu/packages/patches/ipxe-reproducible-geniso.patch new file mode 100644 index 0000000000..ff6aa1da94 --- /dev/null +++ b/gnu/packages/patches/ipxe-reproducible-geniso.patch @@ -0,0 +1,77 @@ +From 052d24d8217c51c572c2f6cbb4a687be2e8ba52d Mon Sep 17 00:00:00 2001 +From: Brice Waegeneire <brice <at> waegenei.re> +Date: Fri, 5 Jun 2020 14:38:43 +0200 +Subject: [PATCH] [geniso] Make it reproducible + +Some timestamps get embedded in the generated ISO, making it +unreproducible so we overwrite those timestamps to be at the UNIX epoch. +--- + src/util/geniso | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/util/geniso b/src/util/geniso +index ff090d4a..e032ffb0 100755 +--- a/src/util/geniso ++++ b/src/util/geniso +@@ -11,6 +11,13 @@ function help() { + echo " -o FILE save iso image to file" + } + ++function reset_timestamp() { ++ for f in "$1"/*; do ++ touch -t 197001010100 "$f" ++ done ++ touch -t 197001010100 "$1" ++} ++ + LEGACY=0 + FIRST="" + +@@ -37,8 +44,9 @@ if [ -z "${OUT}" ]; then + exit 1 + fi + +-# There should either be mkisofs or the compatible genisoimage program +-for command in genisoimage mkisofs; do ++# There should either be mkisofs, xorriso or the compatible genisoimage ++# program ++for command in xorriso genisoimage mkisofs; do + if ${command} --version >/dev/null 2>/dev/null; then + mkisofs=(${command}) + break +@@ -46,8 +54,10 @@ for command in genisoimage mkisofs; do + done + + if [ -z "${mkisofs}" ]; then +- echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2 ++ echo "${0}: mkisofs, xorriso or genisoimage not found, please install or set PATH" >&2 + exit 1 ++elif [ "$mkisofs" = "xorriso" ]; then ++ mkisofs+=(-as mkisofs) + fi + + dir=$(mktemp -d bin/iso.dir.XXXXXX) +@@ -115,6 +125,8 @@ case "${LEGACY}" in + exit 1 + fi + ++ reset_timestamp "$dir" ++ + # generate the iso image + "${mkisofs[@]}" -b boot.img -output ${OUT} ${dir} + ;; +@@ -127,6 +139,12 @@ case "${LEGACY}" in + cp ${LDLINUX_C32} ${dir} + fi + ++ reset_timestamp "$dir" ++ ++ if [ "${mkisofs[0]}" = "xorriso" ]; then ++ mkisofs+=(-isohybrid-mbr "$SYSLINUX_MBR_DISK_PATH") ++ fi ++ + # generate the iso image + "${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir} + +-- +2.26.2 -- 2.30.0
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Tue, 12 Jan 2021 21:48:02 GMT) Full text and rfc822 format available.Message #56 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: 40579 <at> debbugs.gnu.org Cc: Danny Milosavljevic <dannym <at> scratchpost.org>, Tobias Geerinckx-Rice <me <at> tobias.gr>, Brice Waegeneire <brice <at> waegenei.re> Subject: Re: [PATCH 1/2] gnu: Add iPXE. Date: Tue, 12 Jan 2021 22:47:10 +0100
The 2 versions 1.20.1 & 1.21.1 passed: ./pre-inst-env guix build --rounds=6 successfuly with this package recipe. Thanks for all the involved people ! -- Vincent Legoll
guix-patches <at> gnu.org
:bug#40579
; Package guix-patches
.
(Thu, 14 Jan 2021 00:54:02 GMT) Full text and rfc822 format available.Message #59 received at 40579 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: Vincent Legoll <vincent.legoll <at> gmail.com> Cc: 40579 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr>, Brice Waegeneire <brice <at> waegenei.re> Subject: Re: [PATCH 1/2] gnu: Add iPXE. Date: Thu, 14 Jan 2021 01:53:18 +0100
[Message part 1 (text/plain, inline)]
Hi Vincent, On Tue, 12 Jan 2021 22:47:10 +0100 Vincent Legoll <vincent.legoll <at> gmail.com> wrote: > The 2 versions 1.20.1 & 1.21.1 passed: > ./pre-inst-env guix build --rounds=6 > successfuly with this package recipe. I've pushed both patches to guix master as commits aeed7218a933054806edd246548346e9edc327c4 and ca34b6f04559adc91c29fc5f7432b37c1486a0c3. Thanks!
[Message part 2 (application/pgp-signature, inline)]
Vincent Legoll <vincent.legoll <at> gmail.com>
:Vincent Legoll <vincent.legoll <at> gmail.com>
:Message #64 received at 40579-done <at> debbugs.gnu.org (full text, mbox):
From: Vincent Legoll <vincent.legoll <at> gmail.com> To: 40579-DONE <at> debbugs.gnu.org Subject: [RFC PATCH] add iPXE. Date: Thu, 14 Jan 2021 09:33:24 +0100
Thanks a lot Danny ! -- Vincent Legoll
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org
.
(Thu, 11 Feb 2021 12:24:09 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.