genodepkgs/README.md

```
``     ______                     __           __
`     / ____/__  ____  ____  ____/ /__  ____  / / ____ ______
     / / __/ _ \/ __ \/ __ \/ __  / _ \/ __ \/ / / __ `/ ___/
    / /_/ /  __/ / / / /_/ / /_/ /  __/ /_/ / , \ /_/ (__  )
`   \____/\___/_/ /_/\____/\__,_/\___/ .___/_/ \_\_, /____/
``                                  /_/        /____/
```

[Genodepkgs](https://git.sr.ht/~ehmry/genodepkgs) is nexus of
[Nix](https://nixos.org/nix/) expressions related to the
[Genode OS framework](https://genode.org).

**IRC:** irc://freenode.net/#nixos-exotic

**Mailing List:** https://lists.sr.ht/~ehmry/genodepkgs

**Hydra:** https://hydra7.hq.c3d2.de/project/genodepkgs

**SoTest:** https://opensource.sotest.io/userName%3Demery/1

# Current status

I (the singular maintainer) have paused my work here while I write a native
[Dhall evaluator](https://git.sr.ht/~ehmry/dhall-nim) for Genode. This will
allow for dynamic on-target reconfiguration.

## Repository layout

 - Native packages are at [packages](./packages/default.nix)

 - Existing Nixpkgs packages are patched at [overlay](./overlay/default.nix)

 - Tests are at [tests](./tests/default.nix)

 - NixOS module at [nixos-modules](./nixos-modules)

# Installation

This repository contains an experimental NixOS module that can be used to build
and boot Genode using a shared Nix store. Hardware support is limited, and the
system does not support any dynamic reconfiguration.

NixOS must be installed on the target first, with many caveats. First of which,
the block driver is hard-coded to use the media on the first AHCI port, port
selection or NVMe simply hasn't been implemented within the Nix module.

These instructions are non-normative have not be tested exactly as follows. This
probably wont work for you.

### Step 1: Install NixOS

Format the first AHCI drive with a GUID Partition Table. */nix/store must be
placed on a partition with the partition type
`24b69406-18a1-428d-908e-d21a1437122c` and formatted with an Ext2 file-system.*
Install NixOS, using Grub to boot. Use the `nixos-unstable` channel. See
https://nixos.org/nixos/manual/index.html#ch-installation.

### Step 2: Build Genode

As mentioned before, the NixOS installation must be built from the
`nixos-unstable` channel. This is to ensure that the `nixos-rebuild` utility is
built with suport for taking configuration from Nix flakes.

Create a file a `/etc/nixos/flake.nix` (or study the `nixos-rebuild` manual)
with something similar to the following content:

```nix
{
  description = "Example configuration flake";

  inputs = {
    genodepkgs.url = "git+https://git.sr.ht/~ehmry/genodepkgs";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  };

  outputs = { self, genodepkgs, nixpkgs }: {

    nixosConfigurations.${your-hostname-here} = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [

        ./configuration.nix

        genodepkgs.nixosModules.genodeHost

        {
          genode.fbDriver = "intel"; # or "vesa"
          genode.guests = {
            # Add two NixOS guest VMs to the Genode side:

            nixos = {
              config = { config, lib, pkgs, ... }: {
                users.users.root.password = "nixos";
                services.openssh.permitRootLogin = lib.mkDefault "yes";
                services.mingetty.autologinUser = lib.mkDefault "root";
              };
            };

            tor-browser = {
              memorySize = 1024;
              config = { config, lib, pkgs, ... }: {
                services.cage = {
                  enable = true;
                  program = "${pkgs.tor-browser-bundle-bin}/bin/tor-browser";
                };
                users.users.demo.isNormalUser = true;
              };
            };

          };

        }
      ];
    };
  };

}

```

Do a `nixos-rebuild boot`. *Grub must be in use, UEFI booting is optional.*

## Reboot

Reboot and select the Genode entry from the Grub menu. Hopefully the display
will come up quickly, and the VMs will boot. *The VMs will take a long time to
come up initially,* this is because the VDI disk images are copied from
/nix/store to a mutable area of the file-system.

Thats all for now, patches are welcome.


# Contributing

Patches can be submitted and issues reported via the
[mailing list](https://lists.sr.ht/~ehmry/genodepkgs). The mailing list is the
minimum viable mechanism for community development, and may be replaced later.

The worksites at the moment are:

 - Documentation

 - Packaging multi-component scenarios

 - Graphical launcher

 - Port Boehm-Demers-Weiser GC to Genode

 - ARM, i686

 - Patching standard Nixpkgs packages by overlay. Explore Workflow and tooling
   for building emulated UNIX environments.

 - LLVM testing and upstreaming patches.

 - Formalizing Dhall configuration types.

 - NixOS modules for constructing a reasonably usable Genode system. Reusing the
   module system from NixOS is advantageous because a dual boot system can
   share a `/nix/store` and be updated simultaneously.

 - NixOS module for NixOS guests with the ARM VMM.

 - Configuration validation via a service routing prover.

 - Fix Ncurses build

# Nix Flakes

This repository is structured as a Nix flake, which is an experimental extension
of Nix tooling. See https://www.tweag.io/posts/2020-05-25-flakes.html for an
introduction and tutorial.

## Build Caching

The builds produced by Hydra are available as a binary cache, using the cache is
strongly recommended.

The global (IPv6 only) address for the cache can be tested by fetching the
following: http://cache.server7.hq.c3d2.de/nix-cache-info.

If that fails the cache is also available within the
[Yggdrasil](https://yggdrasil-network.github.io/) network:
http://nix-serve.y.c3d2.de/nix-cache-info.

Those with IPv6 will want to the following to their */etc/nix/nix.conf* file:

```
substituters = https://cache.nixos.org https://cache.server7.hq.c3d2.de
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U=
```

NixOS users may alternatively using the following configuration:

```nix
{ pkgs, ... }:
{
  # The following enables the use of a binary cache (IPv6 only)
  nix.binaryCaches = [
    "https://cache.nixos.org"
    "https://cache.server7.hq.c3d2.de"
    # or "http://nix-serve.y.c3d2.de"
  ];
  nix.binaryCachePublicKeys = [
    "cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
  ];
}
```

## Building from flakes

```sh
$ git clone https://git.sr.ht/~ehmry/genodepkgs
$ cd genodepkgs
$ nix build .#checks.x86_64-linux.nova-x86

# View the log if the result is already cached:
$ nix log .#checks.x86_64-linux.nova-x86
```

# Packaging

Packaging is done using standard Nixpkgs methods, a `stdenv` is available for
cross-compilation. See [Solo5](./packages/solo5/default.nix) as an example.

## Cross-compiling Nixpkgs

Some existing packages from Nixpkgs can be built with little or no modification.
Nixpkgs is available at the path `.#legacyPackages.x86_64-linux-x86_64-genode`
(or `…-aarch64-genode`) and modifications to packages are made at an
[overlay](./overlay/default.nix). Some packages need patched, others require
additional features added to the Genode libc.

Packages that run on Linux as well as Genode should not be packaged here, those
should be added to Nixpkgs.

# Toolchain

The Genode Labs toolchain is available here only for Linux and in binary form.
However, an experimental LLVM cross-compiler is provided here. Bootstrapping GCC
has not been practical due to its recursive autotools build system.

The enter a shell with the toolchain:

```shell
nix shell .#legacyPackages.x86_64-linux-x86_64-genode.stdenv.cc

x86_64-unknown-genode-clang++ -v
```

# Testing

Tests are performed using QEMU, the test artifacts are built as follows:

```shell
# Build a test log from a QEMU test run:
nix build .#checks.x86_64-linux.nova-x86

# Build a tarball of the Nix store internal to a test VM:
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.store

# Build the XML configuration of the test VM:
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.xml

# Build the Dhall boot description of the test run:
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.config
```

# System description format

The high-level interface to system building are boot descriptions. These Dhall
documents describe the configuration of an [Init](https://genode.org/documentation/genode-foundations/19.05/system_configuration/The_init_component.html)
instance and a store of ROM (Read-Only Memory) modules. These description can be
used to build firmware-like binary images or merged and nested within other
descriptions. In theory these descriptions can arrange file-systems, but those
functions are missing.

The description schema is documented as code:
https://git.sr.ht/~ehmry/dhall-genode/tree/master/Boot/package.dhall

# Tips and tricks

## How to build a Genode make target?

```nix
let flake = getFlake "genodepkgs";
in flake.packages.x86_64-linux-x86_64-genode.genodeSources.make "app/ping"
```

## How to build a Genode depot package?

```nix
let flake = getFlake "genodepkgs";
in flake.packages.x86_64-linux-x86_64-genode.genodeSources.depot "wifi_drv"
```

## How to add missing ports to a depot package?

The missing ports as indicated by a depot build failure must be added to
[targets.nix](./overlay/genode/targets.nix). To continue from the previous
example, this would be sufficient:

```nix
{
  wifi_drv = { portInputs = [ dde_linux libc openssl ]; };
}
```

## How to add undefined ports?

Should a required port not be defined, it must be added to
[ports.nix](./overlay/genode/ports.nix). Initially it should be sufficient to
define the port as an empty attribute set, run the build again, and then add the
hash found in the successive build error.

To continue from the previous example:

```nix
{
  dde_linux = { };
}
```

And after the reattempting the build a fixed-output hash should be produced,
this must now be added to the port definitions.

```nix
{
  dde_linux = {
    hash = "sha256-3G5Mprv9ZBNhDJRuVF6Nrkp3KbFaN10IKFq0OdyAY9M="; };
}
```

Should the port preparation fail do to missing utilities, these must be added to
the port definition using a `nativeBuildInputs` attribute.

Note that the hash checked into `ports.nix` is an *output hash*. The port hash
within the Genode source tree is an *explicit input hash* and the output of
the port preparation is non-deterministic.


## Enter an environment compatible with the Genode Labs build scripts

```shell
nix dev-shell genodepkgs
cd $GENODE_DIR
make -C build/x86_64 run/bomb
```

# Glossary

Some of terms that follow are necessary for understanding packaging methodology,
Others are simply introduced as an aid to the reader:

 - *Upstream* - repositories packaged by expressions in this repository

 - *Downstream* - repositories depending on this repository

 - *OS ABI* - The binary interface to an operating system. In the case of Genode
   this does not include kernel interfaces, as system calls are abstracted via
   dynamically linked procedures.

 - `localSystem` - the CPU and OS ABI pair used to evaluate and compile
   packages. Genode cannot natively instantiate Nix derivations, therefore it
   cannot be a `localSystem` ABI.

 - `crossSystem` - the target CPU and OS ABI pair for packages. In the common
   case the ABI will be Genode. In the case of tooling it may be the same as
   `localSystem`. For software that runs bare-metal the CPU is significant but
   ABI is irrelevant.

 - `buildPlatform` - equivalent to `localSystem`.

 - `hostPlatform` - the platform on which a package will execute.

 - `targetPlatform` - the platform for which a package will produce artifacts.
   This is only significant for software such as compilers. The respective
   build, host, and target platform of a compiler that was built on a Solaris,
   executes on Genode, and produces only Haiku binaries would be Solaris,
   Genode, and Haiku.

 - *Flake* - a code repository containing a `flake.nix` file describing
   dependency repositories. The evaluation of flakes may only form ascyclic
   graphs. Repositories packaged here may themselves contain a `flake.nix`
   file that refers to this repository, but these repositories cannot be inputs
   to the Genodepkgs flake.

 - *Genode core* - Genode component of highest privilege. The core is located
   conceptually at the bottom and root of the component tree. Core might be
   directly above the kernel, or acting as the kernel. The role of core is a
   subset of the role of the kernel in a monolithic system.

 - *Lower* - lowering a subsystem is moving it closer to the Genode core
   and increasing privilege.

 - *Raise* - raising a subsystem is moving it further away from the Genode core
   and decreasing privilege.

 - *Package* - *undefined*

# Legal

This repository is for trivial packaging and metadata that exists only for the
sake of richer and more meaningful code in external repositories. All works
committed to this repository, unless otherwise noted, shall be implicitly
licensed under a [CC0 1.0](https://creativecommons.org/publicdomain/zero/1.0/deed)
public domain dedication.

![CC0 PUBLIC DOMAIN](.CC0-1.0.png)