;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2016 Christine Lemmer-Webber ;;; Copyright © 2016, 2017 Leo Famulari ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2020, 2022 Tobias Geerinckx-Rice ;;; Copyright © 2020 Mathieu Othacehe ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu build image) #:use-module (guix build store-copy) #:use-module (guix build syscalls) #:use-module (guix build utils) #:use-module (guix store database) #:use-module (gnu build bootloader) #:use-module (gnu build install) #:use-module (gnu build linux-boot) #:use-module (gnu image) #:use-module (gnu system uuid) #:use-module (ice-9 ftw) #:use-module (ice-9 match) #:use-module (srfi srfi-19) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:export (make-partition-image convert-disk-image genimage initialize-efi-partition initialize-root-partition make-iso9660-image)) (define (sexp->partition sexp) "Take SEXP, a tuple as returned by 'partition->gexp', and turn it into a rec
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;; Copyright © 2022 Timothy Sample <samplet@ngyro.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu build bootloader)
  #:use-module (guix build utils)
  #:use-module (guix utils)
  #:use-module (ice-9 binary-ports)
  #:use-module (ice-9 format)
  #:use-module (rnrs io ports)
  #:use-module (rnrs io simple)
  #:export (write-file-on-device
            install-efi-loader))


;;;
;;; Writing utils.
;;;

(define (write-file-on-device file size device offset)
  "Write SIZE bytes from FILE to DEVICE starting at OFFSET."
  (call-with-input-file file
    (lambda (input)
      (let ((bv (get-bytevector-n input size)))
        (call-with-port
         ;; Do not use "call-with-output-file" that would truncate the file.
         (open-file-output-port device
                                (file-options no-truncate no-fail)
                                (buffer-mode block)
                                ;; Use the binary-friendly ISO-8859-1
                                ;; encoding.
                                (make-transcoder (latin-1-codec)))
         (lambda (output)
           (seek output offset SEEK_SET)
           (put-bytevector output bv)))))))


;;;
;;; EFI bootloader.
;;;

(define* (install-efi grub grub-config esp #:key targets)
  "Write a self-contained GRUB EFI loader to the mounted ESP using
GRUB-CONFIG.

If TARGETS is set, use its car as the GRUB image format and its cdr as
the output filename.  Otherwise, use defaults for the host platform."
  (let* ((system %host-type)
         ;; Hard code the output location to a well-known path recognized by
         ;; compliant firmware. See "3.5.1.1 Removable Media Boot Behaviour":
         ;; http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf
         (grub-mkstandalone (string-append grub "/bin/grub-mkstandalone"))
         (efi-directory (string-append esp "/EFI/BOOT"))
         ;; Map grub target names to boot file names.
         (efi-targets (or targets
                          (cond ((string-prefix? "x86_64" system)
                                 '("x86_64-efi" . "BOOTX64.EFI"))
                                ((string-prefix? "i686" system)
                                 '("i386-efi" . "BOOTIA32.EFI"))
                                ((string-prefix? "armhf" system)
                                 '("arm-efi" . "BOOTARM.EFI"))
                                ((string-prefix? "aarch64" system)
                                 '("arm64-efi" . "BOOTAA64.EFI"))))))
    ;; grub-mkstandalone requires a TMPDIR to prepare the firmware image.
    (setenv "TMPDIR" esp)

    (mkdir-p efi-directory)
    (invoke grub-mkstandalone "-O" (car efi-targets)
            "-o" (string-append efi-directory "/"
                                (cdr efi-targets))
            ;; Graft the configuration file onto the image.
            (string-append "boot/grub/grub.cfg=" grub-config))))

(define* (install-efi-loader grub-efi esp #:key targets)
  "Install in ESP directory the given GRUB-EFI bootloader.  Configure it to
load the Grub bootloader located in the 'Guix_image' root partition.

If TARGETS is set, use its car as the GRUB image format and its cdr as
the output filename.  Otherwise, use defaults for the host platform."
  (let ((grub-config "grub.cfg"))
    (call-with-output-file grub-config
      (lambda (port)
        ;; Create a tiny configuration file telling the embedded grub where to
        ;; load the real thing.  XXX This is quite fragile, and can prevent
        ;; the image from booting when there's more than one volume with this
        ;; label present.  Reproducible almost-UUIDs could reduce the risk
        ;; (not eliminate it).
        (format port
                "insmod part_msdos~@
               insmod part_gpt~@
               search --set=root --label Guix_image~@
               configfile /boot/grub/grub.cfg~%")))
    (install-efi grub-efi grub-config esp #:targets targets)
    (delete-file grub-config)))
generated by cgit
store. If DEDUPLICATE? is true, then also deduplicate files common to CLOSURES and the rest of the store when registering the closures. SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation. Pass WAL-MODE? to register-closure." (define root-store (string-append root (%store-directory))) (define tmp-store ".tmp-store") (populate-root-file-system system-directory root) (when copy-closures? (populate-store references-graphs root #:deduplicate? deduplicate?)) ;; Populate /dev. (when make-device-nodes (make-device-nodes root)) (when register-closures? (unless copy-closures? ;; XXX: 'register-closure' wants to palpate the things it registers, so ;; create a symlink to the store. (rename-file root-store tmp-store) (symlink (%store-directory) root-store)) (for-each (lambda (closure) (register-closure root closure #:wal-mode? wal-mode?)) references-graphs) (unless copy-closures? (delete-file root-store) (rename-file tmp-store root-store))) ;; There's no point installing a bootloader if we do not populate the store. (when copy-closures? (when bootloader-installer (display "installing bootloader...\n") (bootloader-installer bootloader-package #f root)) (when bootcfg (install-boot-config bootcfg bootcfg-location root)))) (define* (make-iso9660-image xorriso grub-mkrescue-environment grub bootcfg system-directory root target #:key (volume-id "Guix_image") (volume-uuid #f) register-closures? (references-graphs '()) (compression? #t)) "Given a GRUB package, creates an iso image as TARGET, using BOOTCFG as GRUB configuration and OS-DRV as the stuff in it." (define grub-mkrescue (string-append grub "/bin/grub-mkrescue")) (define grub-mkrescue-sed.sh (string-append (getcwd) "/" "grub-mkrescue-sed.sh")) ;; Use a modified version of grub-mkrescue-sed.sh, see below. (copy-file (string-append xorriso "/bin/grub-mkrescue-sed.sh") grub-mkrescue-sed.sh) ;; Force grub-mkrescue-sed.sh to use the build directory instead of /tmp ;; that is read-only inside the build container. (substitute* grub-mkrescue-sed.sh (("/tmp/") (string-append (getcwd) "/")) (("MKRESCUE_SED_XORRISO_ARGS \\$x") (format #f "MKRESCUE_SED_XORRISO_ARGS $(echo $x | sed \"s|/tmp|~a|\")" (getcwd)))) ;; 'grub-mkrescue' calls out to mtools programs to create 'efi.img', a FAT ;; file system image, and mtools honors SOURCE_DATE_EPOCH for the mtime of ;; those files. The epoch for FAT is Jan. 1st 1980, not 1970, so choose ;; that. (setenv "SOURCE_DATE_EPOCH" (number->string (time-second (date->time-utc (make-date 0 0 0 0 1 1 1980 0))))) ;; Our patched 'grub-mkrescue' honors this environment variable and passes ;; it to 'mformat', which makes it the serial number of 'efi.img'. This ;; allows for deterministic builds. (setenv "GRUB_FAT_SERIAL_NUMBER" (number->string (if volume-uuid ;; On 32-bit systems the 2nd argument must be ;; lower than 2^32. (string-hash (iso9660-uuid->string volume-uuid) (- (expt 2 32) 1)) #x77777777) 16)) (setenv "MKRESCUE_SED_MODE" "original") (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso "/bin/xorriso")) (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes") (for-each (match-lambda ((name . value) (setenv name value))) grub-mkrescue-environment) (apply invoke grub-mkrescue (string-append "--xorriso=" grub-mkrescue-sed.sh) "-o" target (string-append "boot/grub/grub.cfg=" bootcfg) root "--" ;; Set all timestamps to 1. "-volume_date" "all_file_dates" "=1" `(,@(if compression? '(;; ‘zisofs’ compression reduces the total image size by ;; ~60%. "-zisofs" "level=9:block_size=128k" ; highest compression ;; It's transparent to our Linux-Libre kernel but not to ;; GRUB. Don't compress the kernel, initrd, and other ;; files read by grub.cfg, as well as common ;; already-compressed file names. "-find" "/" "-type" "f" ;; XXX Even after "--" above, and despite documentation ;; claiming otherwise, "-or" is stolen by grub-mkrescue ;; which then chokes on it (as ‘-o …’) and dies. Don't use ;; "-or". "-not" "-wholename" "/boot/*" "-not" "-wholename" "/System/*" "-not" "-name" "unicode.pf2" "-not" "-name" "bzImage" "-not" "-name" "*.gz" ; initrd & all man pages "-not" "-name" "*.png" ; includes grub-image.png "-exec" "set_filter" "--zisofs" "--") '()) "-volid" ,(string-upcase volume-id) ,@(if volume-uuid `("-volume_date" "uuid" ,(string-filter (lambda (value) (not (char=? #\- value))) (iso9660-uuid->string volume-uuid))) '()))))