381 lines
12 KiB
Markdown
381 lines
12 KiB
Markdown
```
|
|
`` ______ __ __
|
|
` / ____/__ ____ ____ ____/ /__ ____ / / ____ ______
|
|
/ / __/ _ \/ __ \/ __ \/ __ / _ \/ __ \/ / / __ `/ ___/
|
|
/ /_/ / __/ / / / /_/ / /_/ / __/ /_/ / , \ /_/ (__ )
|
|
` \____/\___/_/ /_/\____/\__,_/\___/ .___/_/ \_\_, /____/
|
|
`` /_/ /____/
|
|
```
|
|
|
|
[Genodepkgs](https://git.sr.ht/~ehmry/genodepkgs) is nexus of
|
|
[Nix](https://nixos.org/nix/) expressions related to the
|
|
[Genode OS framework](https://genode.org).
|
|
|
|
[IRC](irc://freenode.net/#nixos-exotic)
|
|
|
|
[Mailing list](https://lists.sr.ht/~ehmry/genodepkgs)
|
|
|
|
[Sotest](https://opensource.sotest.io/userName%3Demery/1)
|
|
|
|
[Cachix](https://app.cachix.org/cache/genodepkgs)
|
|
|
|
# Current status
|
|
|
|
Work here has slowed as effort is focused on a native [Dhall
|
|
evaluator](https://git.sr.ht/~ehmry/dhall-nim) for Genode. This will allow for
|
|
dynamic on-target reconfiguration.
|
|
|
|
## Repository layout
|
|
|
|
- Native packages are at [packages](./packages/default.nix)
|
|
|
|
- Existing Nixpkgs packages are patched at [overlay](./overlay/default.nix)
|
|
|
|
- Tests are at [tests](./tests/default.nix)
|
|
|
|
- NixOS module at [nixos-modules](./nixos-modules)
|
|
|
|
# Installation
|
|
|
|
This repository contains an experimental NixOS module that can be used to build
|
|
and boot Genode using a shared Nix store. Hardware support is limited, and the
|
|
system does not support any dynamic reconfiguration.
|
|
|
|
NixOS must be installed on the target first, with many caveats. First of which,
|
|
the block driver is hard-coded to use the media on the first AHCI port, port
|
|
selection or NVMe simply hasn't been implemented within the Nix module.
|
|
|
|
These instructions are non-normative have not be tested exactly as follows. This
|
|
probably wont work for you.
|
|
|
|
### Step 1: Install NixOS
|
|
|
|
Format the first AHCI drive with a GUID Partition Table. */nix/store must be
|
|
placed on a partition with the partition type
|
|
`24b69406-18a1-428d-908e-d21a1437122c` and formatted with an Ext2 file-system.*
|
|
Install NixOS, using Grub to boot. Use the `nixos-unstable` channel. See
|
|
https://nixos.org/nixos/manual/index.html#ch-installation.
|
|
|
|
### Step 2: Build Genode
|
|
|
|
As mentioned before, the NixOS installation must be built from the
|
|
`nixos-unstable` channel. This is to ensure that the `nixos-rebuild` utility is
|
|
built with suport for taking configuration from Nix flakes.
|
|
|
|
Create a file a `/etc/nixos/flake.nix` (or study the `nixos-rebuild` manual)
|
|
with something similar to the following content:
|
|
|
|
```nix
|
|
{
|
|
description = "Example configuration flake";
|
|
|
|
inputs = {
|
|
genodepkgs.url = "git+https://git.sr.ht/~ehmry/genodepkgs";
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
};
|
|
|
|
outputs = { self, genodepkgs, nixpkgs }: {
|
|
|
|
nixosConfigurations.${your-hostname-here} = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
|
|
./configuration.nix
|
|
|
|
genodepkgs.nixosModules.genodeHost
|
|
|
|
{
|
|
genode.fbDriver = "intel"; # or "vesa"
|
|
genode.guests = {
|
|
# Add two NixOS guest VMs to the Genode side:
|
|
|
|
nixos = {
|
|
config = { config, lib, pkgs, ... }: {
|
|
users.users.root.password = "nixos";
|
|
services.openssh.permitRootLogin = lib.mkDefault "yes";
|
|
services.mingetty.autologinUser = lib.mkDefault "root";
|
|
};
|
|
};
|
|
|
|
tor-browser = {
|
|
memorySize = 1024;
|
|
config = { config, lib, pkgs, ... }: {
|
|
services.cage = {
|
|
enable = true;
|
|
program = "${pkgs.tor-browser-bundle-bin}/bin/tor-browser";
|
|
};
|
|
users.users.demo.isNormalUser = true;
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
}
|
|
|
|
```
|
|
|
|
Do a `nixos-rebuild boot`. *Grub must be in use, UEFI booting is optional.*
|
|
|
|
## Reboot
|
|
|
|
Reboot and select the Genode entry from the Grub menu. Hopefully the display
|
|
will come up quickly, and the VMs will boot. *The VMs will take a long time to
|
|
come up initially,* this is because the VDI disk images are copied from
|
|
/nix/store to a mutable area of the file-system.
|
|
|
|
Thats all for now, patches are welcome.
|
|
|
|
|
|
# Contributing
|
|
|
|
Patches can be submitted and issues reported via the
|
|
[mailing list](https://lists.sr.ht/~ehmry/genodepkgs). The mailing list is the
|
|
minimum viable mechanism for community development, and may be replaced later.
|
|
|
|
The worksites at the moment are:
|
|
|
|
- Documentation
|
|
|
|
- Packaging multi-component scenarios
|
|
|
|
- Graphical launcher
|
|
|
|
- Port Boehm-Demers-Weiser GC to Genode
|
|
|
|
- ARM, i686
|
|
|
|
- Patching standard Nixpkgs packages by overlay. Explore Workflow and tooling
|
|
for building emulated UNIX environments.
|
|
|
|
- LLVM testing and upstreaming patches.
|
|
|
|
- Formalizing Dhall configuration types.
|
|
|
|
- NixOS modules for constructing a reasonably usable Genode system. Reusing the
|
|
module system from NixOS is advantageous because a dual boot system can
|
|
share a `/nix/store` and be updated simultaneously.
|
|
|
|
- NixOS module for NixOS guests with the ARM VMM.
|
|
|
|
- Configuration validation via a service routing prover.
|
|
|
|
- Fix Ncurses build
|
|
|
|
# Nix Flakes
|
|
|
|
This repository is structured as a Nix flake, which is an experimental extension
|
|
of Nix tooling. See https://www.tweag.io/posts/2020-05-25-flakes.html for an
|
|
introduction and tutorial.
|
|
|
|
## Build Caching
|
|
|
|
A binary cache is graciously provided by Cachix, the following link provides
|
|
instructions for enabling: https://app.cachix.org/cache/genodepkgs
|
|
|
|
## Building from flakes
|
|
|
|
```sh
|
|
$ git clone https://git.sr.ht/~ehmry/genodepkgs
|
|
$ cd genodepkgs
|
|
$ nix build .#checks.x86_64-linux.nova-x86
|
|
|
|
# View the log if the result is already cached:
|
|
$ nix log .#checks.x86_64-linux.nova-x86
|
|
```
|
|
|
|
# Packaging
|
|
|
|
Packaging is done using standard Nixpkgs methods, a `stdenv` is available for
|
|
cross-compilation. See [Solo5](./packages/solo5/default.nix) as an example.
|
|
|
|
## Cross-compiling Nixpkgs
|
|
|
|
Some existing packages from Nixpkgs can be built with little or no modification.
|
|
Nixpkgs is available at the path `.#legacyPackages.x86_64-linux-x86_64-genode`
|
|
(or `…-aarch64-genode`) and modifications to packages are made at an
|
|
[overlay](./overlay/default.nix). Some packages need patched, others require
|
|
additional features added to the Genode libc.
|
|
|
|
Packages that run on Linux as well as Genode should not be packaged here, those
|
|
should be added to Nixpkgs.
|
|
|
|
# Toolchain
|
|
|
|
The Genode Labs toolchain is available here only for Linux and in binary form.
|
|
However, an experimental LLVM cross-compiler is provided here. Bootstrapping GCC
|
|
has not been practical due to its recursive autotools build system.
|
|
|
|
The enter a shell with the toolchain:
|
|
|
|
```shell
|
|
nix shell .#legacyPackages.x86_64-linux-x86_64-genode.stdenv.cc
|
|
|
|
x86_64-unknown-genode-clang++ -v
|
|
```
|
|
|
|
# Testing
|
|
|
|
Tests are performed using QEMU, the test artifacts are built as follows:
|
|
|
|
```shell
|
|
# Build a test log from a QEMU test run:
|
|
nix build .#checks.x86_64-linux.nova-x86
|
|
|
|
# Build a tarball of the Nix store internal to a test VM:
|
|
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.store
|
|
|
|
# Build the XML configuration of the test VM:
|
|
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.xml
|
|
|
|
# Build the Dhall boot description of the test run:
|
|
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.config
|
|
```
|
|
|
|
# System description format
|
|
|
|
The high-level interface to system building are boot descriptions. These Dhall
|
|
documents describe the configuration of an [Init](https://genode.org/documentation/genode-foundations/19.05/system_configuration/The_init_component.html)
|
|
instance and a store of ROM (Read-Only Memory) modules. These description can be
|
|
used to build firmware-like binary images or merged and nested within other
|
|
descriptions. In theory these descriptions can arrange file-systems, but those
|
|
functions are missing.
|
|
|
|
The description schema is documented as code:
|
|
https://git.sr.ht/~ehmry/dhall-genode/tree/master/Boot/package.dhall
|
|
|
|
# Tips and tricks
|
|
|
|
## How to build a Genode make target?
|
|
|
|
```nix
|
|
let flake = getFlake "genodepkgs";
|
|
in flake.packages.x86_64-linux-x86_64-genode.genodeSources.make "app/ping"
|
|
```
|
|
|
|
## How to build a Genode depot package?
|
|
|
|
```nix
|
|
let flake = getFlake "genodepkgs";
|
|
in flake.packages.x86_64-linux-x86_64-genode.genodeSources.depot "wifi_drv"
|
|
```
|
|
|
|
## How to add missing ports to a depot package?
|
|
|
|
The missing ports as indicated by a depot build failure must be added to
|
|
[targets.nix](./overlay/genode/targets.nix). To continue from the previous
|
|
example, this would be sufficient:
|
|
|
|
```nix
|
|
{
|
|
wifi_drv = { portInputs = [ dde_linux libc openssl ]; };
|
|
}
|
|
```
|
|
|
|
## How to add undefined ports?
|
|
|
|
Should a required port not be defined, it must be added to
|
|
[ports.nix](./overlay/genode/ports.nix). Initially it should be sufficient to
|
|
define the port as an empty attribute set, run the build again, and then add the
|
|
hash found in the successive build error.
|
|
|
|
To continue from the previous example:
|
|
|
|
```nix
|
|
{
|
|
dde_linux = { };
|
|
}
|
|
```
|
|
|
|
And after the reattempting the build a fixed-output hash should be produced,
|
|
this must now be added to the port definitions.
|
|
|
|
```nix
|
|
{
|
|
dde_linux = {
|
|
hash = "sha256-3G5Mprv9ZBNhDJRuVF6Nrkp3KbFaN10IKFq0OdyAY9M="; };
|
|
}
|
|
```
|
|
|
|
Should the port preparation fail do to missing utilities, these must be added to
|
|
the port definition using a `nativeBuildInputs` attribute.
|
|
|
|
Note that the hash checked into `ports.nix` is an *output hash*. The port hash
|
|
within the Genode source tree is an *explicit input hash* and the output of
|
|
the port preparation is non-deterministic.
|
|
|
|
|
|
## Enter an environment compatible with the Genode Labs build scripts
|
|
|
|
```shell
|
|
nix dev-shell genodepkgs
|
|
cd $GENODE_DIR
|
|
make -C build/x86_64 run/bomb
|
|
```
|
|
|
|
# Glossary
|
|
|
|
Some of terms that follow are necessary for understanding packaging methodology,
|
|
Others are simply introduced as an aid to the reader:
|
|
|
|
- *Upstream* - repositories packaged by expressions in this repository
|
|
|
|
- *Downstream* - repositories depending on this repository
|
|
|
|
- *OS ABI* - The binary interface to an operating system. In the case of Genode
|
|
this does not include kernel interfaces, as system calls are abstracted via
|
|
dynamically linked procedures.
|
|
|
|
- `localSystem` - the CPU and OS ABI pair used to evaluate and compile
|
|
packages. Genode cannot natively instantiate Nix derivations, therefore it
|
|
cannot be a `localSystem` ABI.
|
|
|
|
- `crossSystem` - the target CPU and OS ABI pair for packages. In the common
|
|
case the ABI will be Genode. In the case of tooling it may be the same as
|
|
`localSystem`. For software that runs bare-metal the CPU is significant but
|
|
ABI is irrelevant.
|
|
|
|
- `buildPlatform` - equivalent to `localSystem`.
|
|
|
|
- `hostPlatform` - the platform on which a package will execute.
|
|
|
|
- `targetPlatform` - the platform for which a package will produce artifacts.
|
|
This is only significant for software such as compilers. The respective
|
|
build, host, and target platform of a compiler that was built on a Solaris,
|
|
executes on Genode, and produces only Haiku binaries would be Solaris,
|
|
Genode, and Haiku.
|
|
|
|
- *Flake* - a code repository containing a `flake.nix` file describing
|
|
dependency repositories. The evaluation of flakes may only form ascyclic
|
|
graphs. Repositories packaged here may themselves contain a `flake.nix`
|
|
file that refers to this repository, but these repositories cannot be inputs
|
|
to the Genodepkgs flake.
|
|
|
|
- *Genode core* - Genode component of highest privilege. The core is located
|
|
conceptually at the bottom and root of the component tree. Core might be
|
|
directly above the kernel, or acting as the kernel. The role of core is a
|
|
subset of the role of the kernel in a monolithic system.
|
|
|
|
- *Lower* - lowering a subsystem is moving it closer to the Genode core
|
|
and increasing privilege.
|
|
|
|
- *Raise* - raising a subsystem is moving it further away from the Genode core
|
|
and decreasing privilege.
|
|
|
|
- *Package* - *undefined*
|
|
|
|
# Legal
|
|
|
|
This repository is published under MIT licensing consistent with Nixpkgs.
|
|
|
|
> Note: MIT license does not apply to the packages built by Nixpkgs,
|
|
> merely to the files in this repository (the Nix expressions, build
|
|
> scripts, NixOS modules, etc.). It also might not apply to patches
|
|
> included in Nixpkgs, which may be derivative works of the packages to
|
|
> which they apply. The aforementioned artifacts are all covered by the
|
|
> licenses of the respective packages.
|