From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Cc: "José Pekkarinen" <jose.pekkarinen@unikie.com>
Subject: [PATCH 1/2] host/rootfs: use initramfs in "make run"
Date: Thu, 1 Sep 2022 10:46:28 +0000 [thread overview]
Message-ID: <20220901104629.863380-1-hi@alyssa.is> (raw)
This will allow us to stop compiling e.g. the virtio-blk module into
the kernel, because it will be loaded by the initramfs.
This introduces some duplication between the rootfs and initramfs's
Makefiles. I don't think it's worth the effort at the moment to try
to reduce that, because it would come at the expense of additional
complexity in the Makefiles. We can revisit this later if we want to.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
host/rootfs/Makefile | 32 ++++++++++++++++++++++++++++----
host/rootfs/shell.nix | 10 ++++++++--
2 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 41cf87c..31f76d2 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -6,6 +6,9 @@
# QEMU_KVM = qemu-system-x86_64 -enable-kvm.
QEMU_KVM = qemu-kvm
+SCRIPTS = ../../scripts
+VERITYSETUP = veritysetup
+
# tar2ext4 will leave half a filesystem behind if it's interrupted
# half way through.
build/rootfs.ext4: build/rootfs.tar
@@ -116,16 +119,37 @@ clean:
rm -rf build
.PHONY: clean
-run: build/rootfs.ext4 $(EXT_FS)
+# veritysetup format produces two files, but Make only (portably)
+# supports one output per rule, so we combine the two outputs then
+# define two more rules to separate them again.
+build/rootfs.verity: build/rootfs.ext4
+ $(VERITYSETUP) format build/rootfs.ext4 build/rootfs.verity.superblock.tmp \
+ | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \
+ > build/rootfs.verity.roothash.tmp
+ cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \
+ > $@
+ rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp
+build/rootfs.verity.roothash: build/rootfs.verity
+ head -n 1 build/rootfs.verity > $@
+build/rootfs.verity.superblock: build/rootfs.verity
+ tail -n +2 build/rootfs.verity > $@
+
+build/live.img: $(SCRIPTS)/format-uuid.sh $(SCRIPTS)/make-gpt.sh build/rootfs.verity.superblock build/rootfs.verity.roothash build/rootfs.ext4
+ $(SCRIPTS)/make-gpt.sh $@.tmp \
+ build/rootfs.verity.superblock:2c7357ed-ebd2-46d9-aec1-23d437ec2bf5:$$($(SCRIPTS)/format-uuid.sh "$$(dd if=build/rootfs.verity.roothash bs=32 skip=1 count=1 status=none)") \
+ build/rootfs.ext4:4f68bce3-e8cd-4db1-96e7-fbcaf984b709:$$($(SCRIPTS)/format-uuid.sh "$$(head -c 32 build/rootfs.verity.roothash)")
+ mv $@.tmp $@
+
+run: build/live.img $(EXT_FS) build/rootfs.verity.roothash
$(QEMU_KVM) -cpu host -m 2G \
- -machine q35,kernel=$(KERNEL),kernel-irqchip=split \
+ -machine q35,kernel=$(KERNEL),kernel-irqchip=split,initrd=$(INITRAMFS) \
-display gtk,gl=on \
-qmp unix:vmm.sock,server,nowait \
-monitor vc \
-parallel none \
- -drive file=build/rootfs.ext4,if=virtio,format=raw,readonly=on \
+ -drive file=build/live.img,if=virtio,format=raw,readonly=on \
-drive file=$(EXT_FS),if=virtio,format=raw,readonly=on \
- -append "console=ttyS0 root=/dev/vda ext=/dev/vdb intel_iommu=on" \
+ -append "console=ttyS0 roothash=$$(< build/rootfs.verity.roothash) ext=/dev/vdb intel_iommu=on" \
-device intel-iommu,intremap=on \
-device virtio-vga-gl \
-device vhost-vsock-pci,guest-cid=3
diff --git a/host/rootfs/shell.nix b/host/rootfs/shell.nix
index 3b2310f..fe9df1b 100644
--- a/host/rootfs/shell.nix
+++ b/host/rootfs/shell.nix
@@ -1,18 +1,24 @@
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2022 Unikie
{ pkgs ? import <nixpkgs> {} }:
+let
+ rootfs = import ./. { inherit pkgs; };
+in
+
with pkgs;
-(import ./. { inherit pkgs; }).overrideAttrs (
+rootfs.overrideAttrs (
{ passthru ? {}, nativeBuildInputs ? [], ... }:
{
nativeBuildInputs = nativeBuildInputs ++ [
- jq netcat qemu_kvm reuse util-linux
+ cryptsetup jq netcat qemu_kvm reuse util-linux
];
EXT_FS = pkgsStatic.callPackage ../initramfs/extfs.nix { inherit pkgs; };
+ INITRAMFS = import ../initramfs { inherit pkgs rootfs; };
KERNEL = "${passthru.kernel}/${stdenv.hostPlatform.linux-kernel.target}";
})
--
2.37.1
next reply other threads:[~2022-09-01 10:47 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-01 10:46 Alyssa Ross [this message]
2022-09-01 10:46 ` [PATCH 2/2] host/rootfs: remove kernel override Alyssa Ross
2022-09-08 11:41 ` José Pekkarinen
2022-09-08 12:09 ` Alyssa Ross
2022-09-05 7:49 ` [PATCH 1/2] host/rootfs: use initramfs in "make run" José Pekkarinen
2022-09-08 10:52 ` Alyssa Ross
2022-09-08 11:12 ` José Pekkarinen
2022-09-08 11:30 ` Alyssa Ross
2022-09-08 11:40 ` José Pekkarinen
2022-09-08 12:09 ` Alyssa Ross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220901104629.863380-1-hi@alyssa.is \
--to=hi@alyssa.is \
--cc=devel@spectrum-os.org \
--cc=jose.pekkarinen@unikie.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).