;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2016 Christopher Allan Webber ;;; Copyright © 2016, 2017 Leo Famulari ;;; Copyright © 2017 Mathieu Othacehe ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2018 Chris Marusich ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu system vm) #:use-module (guix config) #:use-module (guix store) #:use-module (guix gexp) #:use-module (guix derivations) #:use-module (guix packages) #:use-module (guix monads) #:use-module (guix records) #:use-module (guix modules) #:use-module (guix utils) #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module ((guix self) #:select (make-config.scm)) #:use-module ((gnu build vm) #:select (qemu-command)) #:use-module (gnu packages base) #:use-module (gnu packages bootloaders) #:use-module (gnu packages cdrom) #:use-module (gnu packages compression) #:use-module (gnu packages guile) #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu packages gawk) #:use-module (gnu packages bash) #:use-module (gnu packag;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 David Craven <david@craven.ch> ;;; Copyright © 2017, 2020, 2022 Mathieu Othacehe <othacehe@gnu.org> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2019, 2021, 2023 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz> ;;; Copyright © 2022 Reza Alizadeh Majd <r.majd@pantherx.org> ;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu bootloader) #:use-module (gnu system file-systems) #:use-module (gnu system uuid) #:use-module (guix discovery) #:use-module (guix gexp) #:use-module (guix profiles) #:use-module (guix records) #:use-module (guix deprecation) #:use-module ((guix ui) #:select (warn-about-load-error)) #:use-module (guix diagnostics) #:use-module (guix i18n) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:export (menu-entry menu-entry? menu-entry-label menu-entry-device menu-entry-linux menu-entry-linux-arguments menu-entry-initrd menu-entry-device-mount-point menu-entry-multiboot-kernel menu-entry-multiboot-arguments menu-entry-multiboot-modules menu-entry-chain-loader menu-entry->sexp sexp->menu-entry bootloader bootloader? bootloader-name bootloader-package bootloader-installer bootloader-disk-image-installer bootloader-configuration-file bootloader-configuration-file-generator bootloader-configuration bootloader-configuration? bootloader-configuration-bootloader bootloader-configuration-target ;deprecated bootloader-configuration-targets bootloader-configuration-menu-entries bootloader-configuration-default-entry bootloader-configuration-timeout bootloader-configuration-keyboard-layout bootloader-configuration-theme bootloader-configuration-terminal-outputs bootloader-configuration-terminal-inputs bootloader-configuration-serial-unit bootloader-configuration-serial-speed bootloader-configuration-device-tree-support? bootloader-configuration-extra-initrd %bootloaders lookup-bootloader-by-name efi-bootloader-chain)) ;;; ;;; Menu-entry record. ;;; (define-record-type* <menu-entry> menu-entry make-menu-entry menu-entry? (label menu-entry-label) (device menu-entry-device ; file system uuid, label, or #f (default #f)) (device-mount-point menu-entry-device-mount-point (default #f)) (linux menu-entry-linux (default #f)) (linux-arguments menu-entry-linux-arguments (default '())) ; list of string-valued gexps (initrd menu-entry-initrd ; file name of the initrd as a gexp (default #f)) (multiboot-kernel menu-entry-multiboot-kernel (default #f)) (multiboot-arguments menu-entry-multiboot-arguments (default '())) ; list of string-valued gexps (multiboot-modules menu-entry-multiboot-modules (default '())) ; list of multiboot commands, where ; a command is a list of <string> (chain-loader menu-entry-chain-loader (default #f))) ; string, path of efi file (define (report-menu-entry-error menu-entry) (raise (condition (&message (message (format #f (G_ "invalid menu-entry: ~a") menu-entry))) (&fix-hint (hint (G_ "Please chose only one of: @enumerate @item direct boot by specifying fields @code{linux}, @code{linux-arguments} and @code{linux-modules}, @item multiboot by specifying fields @code{multiboot-kernel}, @code{multiboot-arguments} and @code{multiboot-modules}, @item chain-loader by specifying field @code{chain-loader}. @end enumerate")))))) (define (menu-entry->sexp entry) "Return ENTRY serialized as an sexp." (define (device->sexp device) (match device ((? uuid? uuid) `(uuid ,(uuid-type uuid) ,(uuid->string uuid))) ((? file-system-label? label) `(label ,(file-system-label->string label))) (_ device))) (match entry (($ <menu-entry> label device mount-point (? identity linux) linux-arguments (? identity initrd) #f () () #f) `(menu-entry (version 0) (label ,label) (device ,(device->sexp device)) (device-mount-point ,mount-point) (linux ,linux) (linux-arguments ,linux-arguments) (initrd ,initrd))) (($ <menu-entry> label device mount-point #f () #f (? identity multiboot-kernel) multiboot-arguments multiboot-modules #f) `(menu-entry (version 0) (label ,label) (device ,(device->sexp device)) (device-mount-point ,mount-point) (multiboot-kernel ,multiboot-kernel) (multiboot-arguments ,multiboot-arguments) (multiboot-modules ,multiboot-modules))) (($ <menu-entry> label device mount-point #f () #f #f () () (? identity chain-loader)) `(menu-entry (version 0) (label ,label) (device ,(device->sexp device)) (device-mount-point ,mount-point) (chain-loader ,chain-loader))) (_ (report-menu-entry-error entry)))) (define (sexp->menu-entry sexp) "Turn SEXP, an sexp as returned by 'menu-entry->sexp', into a <menu-entry> record." (define (sexp->device device-sexp) (match device-sexp (('uuid type uuid-string) (uuid uuid-string type)) (('label label) (file-system-label label)) (_ device-sexp))) (match sexp (('menu-entry ('version 0) ('label label) ('device device) ('device-mount-point mount-point) ('linux linux) ('linux-arguments linux-arguments) ('initrd initrd) _ ...) (menu-entry (label label) (device (sexp->device device)) (device-mount-point mount-point) (linux linux) (linux-arguments linux-arguments) (initrd initrd))) (('menu-entry ('version 0) ('label label) ('device device) ('device-mount-point mount-point) ('multiboot-kernel multiboot-kernel) ('multiboot-arguments multiboot-arguments) ('multiboot-modules multiboot-modules) _ ...) (menu-entry (label label) (device (sexp->device device)) (device-mount-point mount-point) (multiboot-kernel multiboot-kernel) (multiboot-arguments multiboot-arguments) (multiboot-modules multiboot-modules))) (('menu-entry ('version 0) ('label label) ('device device) ('device-mount-point mount-point) ('chain-loader chain-loader) _ ...) (menu-entry (label label) (device (sexp->device device)) (device-mount-point mount-point) (chain-loader chain-loader))))) ;;; ;;; Bootloader record. ;;; ;; The <bootloader> record contains fields expressing how the bootloader ;; should be installed. Every bootloader in gnu/bootloader/ directory ;; has to be described by this record. (define-record-type* <bootloader> bootloader make-bootloader bootloader? (name bootloader-name) (package bootloader-package) (installer bootloader-installer) (disk-image-installer bootloader-disk-image-installer (default #f)) (configuration-file bootloader-configuration-file) (configuration-file-generator bootloader-configuration-file-generator)) ;;; ;;; Bootloader configuration record. ;;; ;; The <bootloader-configuration> record contains bootloader independant ;; configuration used to fill bootloader configuration file. (define-with-syntax-properties (warn-target-field-deprecation (value properties)) (when value (warning (source-properties->location properties) (G_ "the 'target' field is deprecated, please use 'targets' \ instead~%"))) value) (define-record-type* <bootloader-configuration> bootloader-configuration make-bootloader-configuration bootloader-configuration? (bootloader bootloader-configuration-bootloader) ;<bootloader> (targets %bootloader-configuration-targets (default #f)) ;list of strings (target %bootloader-configuration-target ;deprecated (default #f) (sanitize warn-target-field-deprecation)) (menu-entries bootloader-configuration-menu-entries (default '())) ;list of <menu-entry> (default-entry bootloader-configuration-default-entry (default 0)) ;integer (timeout bootloader-configuration-timeout (default 5)) ;seconds as integer (keyboard-layout bootloader-configuration-keyboard-layout (default #f)) ;<keyboard-layout> | #f (theme bootloader-configuration-theme (default #f)) ;bootloader-specific theme (terminal-outputs bootloader-configuration-terminal-outputs (default '(gfxterm))) ;list of symbols (terminal-inputs bootloader-configuration-terminal-inputs (default '())) ;list of symbols (serial-unit bootloader-configuration-serial-unit (default #f)) ;integer | #f (serial-speed bootloader-configuration-serial-speed (default #f)) ;integer | #f (device-tree-support? bootloader-configuration-device-tree-support? (default #t)) ;boolean (extra-initrd bootloader-configuration-extra-initrd (default #f))) ;string | #f (define-deprecated (bootloader-configuration-target config) bootloader-configuration-targets (%bootloader-configuration-target config)) (define (bootloader-configuration-targets config) (or (%bootloader-configuration-targets config) ;; TODO: Remove after the deprecated 'target' field is removed. (list (%bootloader-configuration-target config)) ;; XXX: At least the GRUB installer (see (gnu bootloader grub)) has this ;; peculiar behavior of installing fonts and GRUB modules when DEVICE is #f, ;; hence the default value of '(#f) rather than '(). (list #f))) ;;; ;;; Bootloaders. ;;; (define (bootloader-modules) "Return the list of bootloader modules." (all-modules (map (lambda (entry) `(,entry . "gnu/bootloader")) %load-path) #:warn warn-about-load-error)) (define %bootloaders ;; The list of publically-known bootloaders. (delay (fold-module-public-variables (lambda (obj result) (if (bootloader? obj) (cons obj result) result)) '() (bootloader-modules)))) (define (lookup-bootloader-by-name name) "Return the bootloader called NAME." (or (find (lambda (bootloader) (eq? name (bootloader-name bootloader))) (force %bootloaders)) (leave (G_ "~a: no such bootloader~%") name))) (define (efi-bootloader-profile packages files hooks) "Creates a profile from the lists of PACKAGES and FILES from the store. This profile is meant to be used by the bootloader-installer. FILES is a list of file or directory names from the store, which will be symlinked into the profile. If a directory name ends with '/', then the directory content instead of the directory itself will be symlinked into the profile. FILES may contain file like objects produced by procedures like plain-file, local-file, etc., or package contents produced with file-append. HOOKS lists additional hook functions to modify the profile." (define* (efi-bootloader-profile-hook manifest #:optional system) (define build (with-imported-modules '((guix build utils)) #~(begin (use-modules ((guix build utils) #:select (mkdir-p strip-store-file-name)) ((ice-9 ftw) #:select (scandir)) ((srfi srfi-1) #:select (append-map every remove)) ((srfi srfi-26) #:select (cut))) (define (symlink-to file directory transform) "Creates a symlink to FILE named (TRANSFORM FILE) in DIRECTORY." (symlink file (string-append directory "/" (transform file)))) (define (directory-content directory) "Creates a list of absolute path names inside DIRECTORY." (map (lambda (name) (string-append directory name)) (or (scandir directory (lambda (name) (not (member name '("." ".."))))) '()))) (define name-ends-with-/? (cut string-suffix? "/" <>)) (define (name-is-store-entry? name) "Return #t if NAME is a direct store entry and nothing inside." (not (string-index (strip-store-file-name name) #\/))) (let* ((files '#$files) (directories (filter name-ends-with-/? files)) (names-from-directories (append-map (lambda (directory) (directory-content directory)) directories)) (names (append names-from-directories (remove name-ends-with-/? files)))) (mkdir-p #$output) (if (every file-exists? names) (begin (for-each (lambda (name) (symlink-to name #$output (if (name-is-store-entry? name) strip-store-file-name basename))) names) #t) #f))))) (gexp->derivation "efi-bootloader-profile" build #:system system #:local-build? #t #:substitutable? #f #:properties `((type . profile-hook) (hook . efi-bootloader-profile-hook)))) (profile (content (packages->manifest packages)) (name "efi-bootloader-profile") (hooks (cons efi-bootloader-profile-hook hooks)) (locales? #f) (allow-collisions? #f) (relative-symlinks? #f))) (define* (efi-bootloader-chain final-bootloader #:key (packages '()) (files '()) (hooks '()) installer disk-image-installer) "Define a chain of bootloaders with the FINAL-BOOTLOADER, optional PACKAGES, and optional directories and files from the store given in the list of FILES. The package of the FINAL-BOOTLOADER and all PACKAGES and FILES will be placed in an efi-bootloader-profile, which will be passed to the INSTALLER. FILES may contain file-like objects produced by procedures like plain-file, local-file, etc., or package contents produced with file-append. If a directory name in FILES ends with '/', then the directory content instead of the directory itself will be symlinked into the efi-bootloader-profile. The procedures in the HOOKS list can be used to further modify the bootloader profile. It is possible to pass a single function instead of a list. If the INSTALLER argument is used, then this gexp procedure will be called to install the efi-bootloader-profile. Otherwise the installer of the FINAL-BOOTLOADER will be called. If the DISK-IMAGE-INSTALLER is used, then this gexp procedure will be called to install the efi-bootloader-profile into a disk image. Otherwise the disk-image-installer of the FINAL-BOOTLOADER will be called." (bootloader (inherit final-bootloader) (name "efi-bootloader-chain") (package (efi-bootloader-profile (cons (bootloader-package final-bootloader) packages) files (if (list? hooks) hooks (list hooks)))) (installer (or installer (bootloader-installer final-bootloader))) (disk-image-installer (or disk-image-installer (bootloader-disk-image-installer final-bootloader)))))
generated by cgit
;; when mounting. The actual FAT-ness is based ;; on file system size (16 in this case). (file-system "vfat") (flags '(esp))))))) (grub-efi #$(and (not (target-arm?)) grub-efi))) (initialize-hard-disk "/dev/vda" #:partitions partitions #:grub-efi grub-efi #:bootloader-package #$(bootloader-package bootloader) #:bootcfg #$bootcfg-drv #:bootcfg-location #$(bootloader-configuration-file bootloader) #:bootloader-installer #$(bootloader-installer bootloader))))))) #:system system #:target target #:make-disk-image? #t #:disk-image-size disk-image-size #:disk-image-format disk-image-format #:references-graphs inputs #:substitutable? substitutable?)) (define* (system-docker-image os #:key (name "guix-docker-image") (register-closures? (has-guix-service-type? os))) "Build a docker image. OS is the desired . NAME is the base name to use for the output file. When REGISTER-CLOSURES? is true, register the closure of OS with Guix in the resulting Docker image. By default, REGISTER-CLOSURES? is set to true only if a service of type GUIX-SERVICE-TYPE is present in the services definition of the operating system." (define schema (and register-closures? (local-file (search-path %load-path "guix/store/schema.sql")))) (define boot-program ;; Program that runs the boot script of OS, which in turn starts shepherd. (program-file "boot-program" #~(let ((system (cadr (command-line)))) (setenv "GUIX_NEW_SYSTEM" system) (execl #$(file-append guile-2.2 "/bin/guile") "guile" "--no-auto-compile" (string-append system "/boot"))))) (let ((os (operating-system-with-gc-roots (containerized-operating-system os '()) (list boot-program))) (name (string-append name ".tar.gz")) (graph "system-graph")) (define build (with-extensions (cons guile-json-3 ;for (guix docker) gcrypt-sqlite3&co) ;for (guix store database) (with-imported-modules `(,@(source-module-closure '((guix docker) (guix store database) (guix build utils) (guix build store-copy) (gnu build vm)) #:select? not-config?) ((guix config) => ,(make-config.scm))) #~(begin (use-modules (guix docker) (guix build utils) (gnu build vm) (srfi srfi-19) (guix build store-copy) (guix store database)) ;; Set the SQL schema location. (sql-schema #$schema) ;; Allow non-ASCII file names--e.g., 'nss-certs'--to be decoded. (setenv "GUIX_LOCPATH" #+(file-append glibc-utf8-locales "/lib/locale")) (setlocale LC_ALL "en_US.utf8") (let* (;; This initializer requires elevated privileges that are ;; not normally available in the build environment (e.g., ;; it needs to create device nodes). In order to obtain ;; such privileges, we run it as root in a VM. (initialize (root-partition-initializer #:closures '(#$graph) #:register-closures? #$register-closures? #:system-directory #$os ;; De-duplication would fail due to ;; cross-device link errors, so don't do it. #:deduplicate? #f)) ;; Even as root in a VM, the initializer would fail due to ;; lack of privileges if we use a root-directory that is on ;; a file system that is shared with the host (e.g., /tmp). (root-directory "/guixsd-system-root")) (set-path-environment-variable "PATH" '("bin" "sbin") '(#+tar)) (mkdir root-directory) (initialize root-directory) (build-docker-image (string-append "/xchg/" #$name) ;; The output file. (cons* root-directory (map store-info-item (call-with-input-file (string-append "/xchg/" #$graph) read-reference-graph))) #$os #:entry-point '(#$boot-program #$os) #:compressor '(#+(file-append gzip "/bin/gzip") "-9n") #:creation-time (make-time time-utc 0 1) #:transformations `((,root-directory -> "")))))))) (expression->derivation-in-linux-vm name build #:make-disk-image? #f #:single-file-output? #t #:references-graphs `((,graph ,os))))) ;;; ;;; VM and disk images. ;;; (define* (operating-system-uuid os #:optional (type 'dce)) "Compute UUID object with a deterministic \"UUID\" for OS, of the given TYPE (one of 'iso9660 or 'dce). Return a UUID object." ;; Note: For this to be deterministic, we must not hash things that contains ;; (directly or indirectly) procedures, for example. That rules out ;; anything that contains gexps, thunk or delayed record fields, etc. (define service-name (compose service-type-name service-kind)) (define (file-system-digest fs) ;; Return a hashable digest that does not contain 'dependencies' since ;; this field can contain procedures. (let ((device (file-system-device fs))) (list (file-system-mount-point fs) (file-system-type fs) (file-system-device->string device) (file-system-options fs)))) (if (eq? type 'iso9660) (let ((pad (compose (cut string-pad <> 2 #\0) number->string)) (h (hash (map service-name (operating-system-services os)) 3600))) (bytevector->uuid (string->iso9660-uuid (string-append "1970-01-01-" (pad (hash (operating-system-host-name os) 24)) "-" (pad (quotient h 60)) "-" (pad (modulo h 60)) "-" (pad (hash (map file-system-digest (operating-system-file-systems os)) 100)))) 'iso9660)) (bytevector->uuid (uint-list->bytevector (list (hash (map file-system-digest (operating-system-file-systems os)) (- (expt 2 32) 1)) (hash (operating-system-host-name os) (- (expt 2 32) 1)) (hash (map service-name (operating-system-services os)) (- (expt 2 32) 1)) (hash (map file-system-digest (operating-system-file-systems os)) (- (expt 2 32) 1))) (endianness little) 4) type))) (define* (system-disk-image os #:key (name "disk-image") (file-system-type "ext4") (disk-image-size (* 900 (expt 2 20))) (volatile? #t) (substitutable? #t)) "Return the derivation of a disk image of DISK-IMAGE-SIZE bytes of the system described by OS. Said image can be copied on a USB stick as is. When VOLATILE? is true, the root file system is made volatile; this is useful to USB sticks meant to be read-only. SUBSTITUTABLE? determines whether the returned derivation should be marked as substitutable." (define normalize-label ;; ISO labels are all-caps (case-insensitive), but since ;; 'find-partition-by-label' is case-sensitive, make it all-caps here. (if (string=? "iso9660" file-system-type) string-upcase identity)) (define root-label ;; Volume name of the root file system. (normalize-label "Guix_image")) (define (root-uuid os) ;; UUID of the root file system, computed in a deterministic fashion. ;; This is what we use to locate the root file system so it has to be ;; different from the user's own file system UUIDs. (operating-system-uuid os (if (string=? file-system-type "iso9660") 'iso9660 'dce))) (define file-systems-to-keep (remove (lambda (fs) (string=? (file-system-mount-point fs) "/")) (operating-system-file-systems os))) (let* ((os (operating-system (inherit os) ;; Since this is meant to be used on real hardware, don't ;; install QEMU networking or anything like that. Assume USB ;; mass storage devices (usb-storage.ko) are available. (initrd (lambda (file-systems . rest) (apply (operating-system-initrd os) file-systems #:volatile-root? volatile? rest))) (bootloader (if (string=? "iso9660" file-system-type) (bootloader-configuration (inherit (operating-system-bootloader os)) (bootloader grub-mkrescue-bootloader)) (operating-system-bootloader os))) ;; Force our own root file system. (We need a "/" file system ;; to call 'root-uuid'.) (file-systems (cons (file-system (mount-point "/") (device "/dev/placeholder") (type file-system-type)) file-systems-to-keep)))) (uuid (root-uuid os)) (os (operating-system (inherit os) (file-systems (cons (file-system (mount-point "/") (device uuid) (type file-system-type)) file-systems-to-keep)))) (bootcfg (operating-system-bootcfg os))) (if (string=? "iso9660" file-system-type) (iso9660-image #:name name #:file-system-label root-label #:file-system-uuid uuid #:os os #:bootcfg-drv bootcfg #:bootloader (bootloader-configuration-bootloader (operating-system-bootloader os)) #:inputs `(("system" ,os) ("bootcfg" ,bootcfg)) #:grub-mkrescue-environment '(("MKRESCUE_SED_MODE" . "mbr_hfs")) #:substitutable? substitutable?) (qemu-image #:name name #:os os #:bootcfg-drv bootcfg #:bootloader (bootloader-configuration-bootloader (operating-system-bootloader os)) #:disk-image-size disk-image-size #:disk-image-format "raw" #:file-system-type file-system-type #:file-system-label root-label #:file-system-uuid uuid #:copy-inputs? #t #:inputs `(("system" ,os) ("bootcfg" ,bootcfg)) #:substitutable? substitutable?)))) (define* (system-qemu-image os #:key (file-system-type "ext4") (disk-image-size (* 900 (expt 2 20)))) "Return the derivation of a freestanding QEMU image of DISK-IMAGE-SIZE bytes of the GNU system as described by OS." (define file-systems-to-keep ;; Keep only file systems other than root and not normally bound to real ;; devices. (remove (lambda (fs) (let ((target (file-system-mount-point fs)) (source (file-system-device fs))) (or (string=? target "/") (string-prefix? "/dev/" source)))) (operating-system-file-systems os))) (define root-uuid ;; UUID of the root file system. (operating-system-uuid os (if (string=? file-system-type "iso9660") 'iso9660 'dce))) (let* ((os (operating-system (inherit os) ;; Assume we have an initrd with the whole QEMU shebang. ;; Force our own root file system. Refer to it by UUID so that ;; it works regardless of how the image is used ("qemu -hda", ;; Xen, etc.). (file-systems (cons (file-system (mount-point "/") (device root-uuid) (type file-system-type)) file-systems-to-keep)))) (bootcfg (operating-system-bootcfg os))) (qemu-image #:os os #:bootcfg-drv bootcfg #:bootloader (bootloader-configuration-bootloader (operating-system-bootloader os)) #:disk-image-size disk-image-size #:file-system-type file-system-type #:file-system-uuid root-uuid #:inputs `(("system" ,os) ("bootcfg" ,bootcfg)) #:copy-inputs? #t))) ;;; ;;; VMs that share file systems with the host. ;;; (define (file-system->mount-tag fs) "Return a 9p mount tag for host file system FS." ;; QEMU mount tags must be ASCII, at most 31-byte long, cannot contain ;; slashes, and cannot start with '_'. Compute an identifier that ;; corresponds to the rules. (string-append "TAG" (string-drop (bytevector->base32-string (sha1 (string->utf8 fs))) 4))) (define (mapping->file-system mapping) "Return a 9p file system that realizes MAPPING." (match mapping (($ source target writable?) (file-system (mount-point target) (device (file-system->mount-tag source)) (type "9p") (flags (if writable? '() '(read-only))) (options "trans=virtio,cache=loose") (check? #f) (create-mount-point? #t))))) (define* (virtualized-operating-system os mappings #:optional (full-boot? #f)) "Return an operating system based on OS suitable for use in a virtualized environment with the store shared with the host. MAPPINGS is a list of to realize in the virtualized OS." (define user-file-systems ;; Remove file systems that conflict with those added below, or that are ;; normally bound to real devices. (remove (lambda (fs) (let ((target (file-system-mount-point fs)) (source (file-system-device fs))) (or (string=? target (%store-prefix)) (string=? target "/") (and (string? source) (string-prefix? "/dev/" source)) ;; Labels and UUIDs are necessarily invalid in the VM. (and (file-system-mount? fs) (or (file-system-label? source) (uuid? source)))))) (operating-system-file-systems os))) (define virtual-file-systems (cons (file-system (mount-point "/") (device "/dev/vda1") (type "ext4")) (append (map mapping->file-system mappings) user-file-systems))) (operating-system (inherit os) ;; XXX: Until we run QEMU with UEFI support (with the OVMF firmware), ;; force the traditional i386/BIOS method. ;; See . (bootloader (bootloader-configuration (inherit (operating-system-bootloader os)) (bootloader grub-bootloader) (target "/dev/vda"))) (initrd (lambda (file-systems . rest) (apply (operating-system-initrd os) file-systems #:volatile-root? #t rest))) ;; Disable swap. (swap-devices '()) ;; XXX: When FULL-BOOT? is true, do not add a 9p mount for /gnu/store ;; since that would lead the bootloader config to look for the kernel and ;; initrd in it. (file-systems (if full-boot? virtual-file-systems (cons (file-system (inherit (mapping->file-system %store-mapping)) (needed-for-boot? #t)) virtual-file-systems))))) (define* (system-qemu-image/shared-store os #:key full-boot? (disk-image-size (* (if full-boot? 500 30) (expt 2 20)))) "Return a derivation that builds a QEMU image of OS that shares its store with the host. When FULL-BOOT? is true, return an image that does a complete boot sequence, bootloaded included; thus, make a disk image that contains everything the bootloader refers to: OS kernel, initrd, bootloader data, etc." (define root-uuid ;; Use a fixed UUID to improve determinism. (operating-system-uuid os 'dce)) (define bootcfg (operating-system-bootcfg os)) ;; XXX: When FULL-BOOT? is true, we end up creating an image that contains ;; BOOTCFG and all its dependencies, including the output of OS. ;; This is more than needed (we only need the kernel, initrd, GRUB for its ;; font, and the background image), but it's hard to filter that. (qemu-image #:os os #:bootcfg-drv bootcfg #:bootloader (bootloader-configuration-bootloader (operating-system-bootloader os)) #:disk-image-size disk-image-size #:file-system-uuid root-uuid #:inputs (if full-boot? `(("bootcfg" ,bootcfg)) '()) ;; XXX: Passing #t here is too slow, so let it off by default. #:register-closures? #f #:copy-inputs? full-boot?)) (define* (common-qemu-options image shared-fs) "Return the a string-value gexp with the common QEMU options to boot IMAGE, with '-virtfs' options for the host file systems listed in SHARED-FS." (define (virtfs-option fs) #~(format #f "-virtfs local,path=~s,security_model=none,mount_tag=~s" #$fs #$(file-system->mount-tag fs))) #~(;; Only enable kvm if we see /dev/kvm exists. ;; This allows users without hardware virtualization to still use these ;; commands. #$@(if (file-exists? "/dev/kvm") '("-enable-kvm") '()) "-no-reboot" "-nic" "user,model=virtio-net-pci" "-object" "rng-random,filename=/dev/urandom,id=guixsd-vm-rng" "-device" "virtio-rng-pci,rng=guixsd-vm-rng" #$@(map virtfs-option shared-fs) "-vga std" (format #f "-drive file=~a,if=virtio,cache=writeback,werror=report,readonly" #$image))) (define* (system-qemu-image/shared-store-script os #:key (qemu qemu) (graphic? #t) (memory-size 256) (mappings '()) full-boot? (disk-image-size (* (if full-boot? 500 70) (expt 2 20))) (options '())) "Return a derivation that builds a script to run a virtual machine image of OS that shares its store with the host. The virtual machine runs with MEMORY-SIZE MiB of memory. MAPPINGS is a list of specifying mapping of host file systems into the guest. When FULL-BOOT? is true, the returned script runs everything starting from the bootloader; otherwise it directly starts the operating system kernel. The DISK-IMAGE-SIZE parameter specifies the size in bytes of the root disk image; it is mostly useful when FULL-BOOT? is true." (mlet* %store-monad ((os -> (virtualized-operating-system os mappings full-boot?)) (image (system-qemu-image/shared-store os #:full-boot? full-boot? #:disk-image-size disk-image-size))) (define kernel-arguments #~(list #$@(if graphic? #~() #~("console=ttyS0")) #+@(operating-system-kernel-arguments os "/dev/vda1"))) (define qemu-exec #~(list (string-append #$qemu "/bin/" #$(qemu-command (%current-system))) #$@(if full-boot? #~() #~("-kernel" #$(operating-system-kernel-file os) "-initrd" #$(file-append os "/initrd") (format #f "-append ~s" (string-join #$kernel-arguments " ")))) #$@(common-qemu-options image (map file-system-mapping-source (cons %store-mapping mappings))) "-m " (number->string #$memory-size) #$@options)) (define builder #~(call-with-output-file #$output (lambda (port) (format port "#!~a~% exec ~a \"$@\"~%" #$(file-append bash "/bin/sh") (string-join #$qemu-exec " ")) (chmod port #o555)))) (gexp->derivation "run-vm.sh" builder))) ;;; ;;; High-level abstraction. ;;; (define-record-type* %virtual-machine make-virtual-machine virtual-machine? (operating-system virtual-machine-operating-system) ; (qemu virtual-machine-qemu ; (default qemu)) (graphic? virtual-machine-graphic? ;Boolean (default #f)) (memory-size virtual-machine-memory-size ;integer (MiB) (default 256)) (disk-image-size virtual-machine-disk-image-size ;integer (bytes) (default 'guess)) (port-forwardings virtual-machine-port-forwardings ;list of integer pairs (default '()))) (define-syntax virtual-machine (syntax-rules () "Declare a virtual machine running the specified OS, with the given options." ((_ os) ;shortcut (%virtual-machine (operating-system os))) ((_ fields ...) (%virtual-machine fields ...)))) (define (port-forwardings->qemu-options forwardings) "Return the QEMU option for the given port FORWARDINGS as a string, where FORWARDINGS is a list of host-port/guest-port pairs." (string-join (map (match-lambda ((host-port . guest-port) (string-append "hostfwd=tcp::" (number->string host-port) "-:" (number->string guest-port)))) forwardings) ",")) (define-gexp-compiler (virtual-machine-compiler (vm ) system target) ;; XXX: SYSTEM and TARGET are ignored. (match vm (($ os qemu graphic? memory-size disk-image-size ()) (system-qemu-image/shared-store-script os #:qemu qemu #:graphic? graphic? #:memory-size memory-size #:disk-image-size disk-image-size)) (($ os qemu graphic? memory-size disk-image-size forwardings) (let ((options `("-nic" ,(string-append "user,model=virtio-net-pci," (port-forwardings->qemu-options forwardings))))) (system-qemu-image/shared-store-script os #:qemu qemu #:graphic? graphic? #:memory-size memory-size #:disk-image-size disk-image-size #:options options))))) ;;; vm.scm ends here