Turris Omnia cross build now should work

10 files changed, 177 insertions, 41 deletions

diff --git a/README.md b/README.md
index 1fb1e55..dee5f38 100644
--- a/README.md
+++ b/README.md
@@ -43,13 +43,10 @@ you should do to get the correct layout:
 ```
 ~# parted /dev/mmcblk1
 (parted) mktable gpt
-(parted) mkpart NixTurris 0% -4G
+(parted) mkpart NixTurris 0% 100%
 (parted) set 1 boot on
-(parted) mkpart NixTurrisSwap -4G 100%
-(parted) set 2 swap on
 (parted) quit
 ~# mkfs.btrfs /dev/mmcblk1p1
-~# mkswap /dev/mmcblk1p2
 ```
 
 Next we need the initial system tarball to unpack to the SD card. For this you
@@ -76,3 +73,16 @@ The last step is to unpack the tarball to the SD card.
 ```
 
 Now you can take this micro SD card and insert it to your Mox.
+
+### System fails to boot due to invalid initrd
+
+The issue is caused by initrd start being overwritten by kernel image's tail.
+
+The kernel image in NixOS can be pretty large and default Mox's configuration
+expects kernel of maximum size 48MB. To increase this to 64MB you have to use
+serial console and run:
+
+```
+setenv ramdisk_addr_r 0x9000000
+saveenv
+```
diff --git a/flake.lock b/flake.lock
index 7f426ae..961b06c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "flake-utils": {
       "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -16,11 +16,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1658150454,
-        "narHash": "sha256-dhyOQvRT8oYWN0SwsNyujohBsJqwF5W7fnhEcfgBk7E=",
+        "lastModified": 1659868656,
+        "narHash": "sha256-LINDS957FYzOb412t/Zha44LQqGniMpUIUz4Pi+fvSs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3110964916469ad6ed9fea72a0a3119a0959a14e",
+        "rev": "80fc83ad314fe701766ee66ac8286307d65b39e3",
         "type": "github"
       },
       "original": {
diff --git a/nixos/default.nix b/nixos/default.nix
index 7274f66..080ec0d 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -7,6 +7,8 @@ self: let
     turris-tarball = import ./modules/turris-tarball.nix;
     turris-crossbuild = import ./modules/turris-crossbuild.nix;
 
+    armv7l-overlay = import ./modules/armv7l-overlay.nix;
+
     hostapd = import ./modules/hostapd.nix;
 
   };
diff --git a/nixos/modules/armv7l-overlay.nix b/nixos/modules/armv7l-overlay.nix
new file mode 100644
index 0000000..a1b2449
--- /dev/null
+++ b/nixos/modules/armv7l-overlay.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  is_native = config.nixpkgs.crossSystem == null && config.nixpkgs.system == "armv7l-linux";
+  is_cross = config.nixpkgs.crossSystem != null && config.nixpkgs.crossSystem.system == "armv7l-linux";
+
+in {
+  nixpkgs.overlays = (optionals is_native [
+    (self: super: let
+
+      disableCheck = pkg: pkg.overrideAttrs (oldAttrs: {
+        doCheck = false;
+        doInstallCheck = false;
+      });
+
+    in {
+
+        boehmgc = disableCheck super.boehmgc;
+        libseccomp = disableCheck super.libseccomp;
+        libuv = disableCheck super.libuv;
+        elfutils = disableCheck super.elfutils;
+        gobject-introspection = disableCheck super.gobject-introspection;
+        nlohmann_json = disableCheck super.nlohmann_json;
+        openldap = disableCheck super.openldap;
+
+
+        python310 = super.python310.override {
+
+          packageOverrides = python-self: python-super: let
+            noTest = pkg: pkg.overrideAttrs (oldAttrs: {
+              dontUsePytestCheck = true;
+              dontUseSetuptoolsCheck = true;
+            });
+          in {
+
+            pytest-xdist = noTest python-super.pytest-xdist;
+            requests = noTest python-super.requests;
+
+          };
+        };
+        python310Packages = self.python310.pkgs;
+        python = self.python310;
+        pythonPackages = self.python.pkgs;
+
+        # Overrides to get build to work
+        #boehmgc = armv7lDisableCheck nixpkgs.boehmgc;
+        #libseccomp = armv7lDisableCheck nixpkgs.libseccomp;
+        #libuv = armv7lDisableCheck nixpkgs.libuv;
+        #elfutils = armv7lDisableCheck nixpkgs.elfutils;
+        #patchelf = armv7lDisableCheck nixpkgs.patchelf;
+        #bison = armv7lDisableCheck nixpkgs.bison;
+        #findutils = armv7lDisableCheck nixpkgs.findutils;
+        #p11-kit = armv7lDisableCheck nixpkgs.p11-kit;
+        #glib = armv7lDisableCheck nixpkgs.glib;
+        #rustc = armv7lDisableCheck nixpkgs.rustc;
+        #mdbook = armv7lDisableCheck nixpkgs.mdbook;
+        #ell = armv7lDisableCheck nixpkgs.ell;
+        #polkit = armv7lDisableCheck nixpkgs.polkit;
+        #udisks2 = disableCheck nixpkgs.udisks2;
+        #udisks = udisks2;
+        #llvm = armv7lDisableCheck nixpkgs.llvm;
+        #llvm_14 = armv7lDisableCheck nixpkgs.llvm_14;
+        #jemalloc = armv7lDisableCheck nixpkgs.jemalloc;
+        #openssh = armv7lDisableCheck nixpkgs.openssh;
+        #nlohmann_json = armv7lDisableCheck nixpkgs.nlohmann_json;
+
+    })
+  ]) ++ (optionals is_cross [
+    (self: super: {
+
+      btrfs-progs = super.btrfs-progs.overrideAttrs (oldAttrs: {
+        configureFlags = ["--disable-python"];
+        installFlags = [];
+      });
+      pixz = super.pixz.overrideAttrs (oldAttrs: {
+        configureFlags = ["--without-manpage"];
+        patches = [ ../../pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch ];
+      });
+
+    })
+  ]);
+
+}
diff --git a/pkgs/certgen/default.nix b/pkgs/certgen/default.nix
new file mode 100644
index 0000000..3818b9b
--- /dev/null
+++ b/pkgs/certgen/default.nix
@@ -0,0 +1,25 @@
+{ buildPythonApplication, lib, fetchgit
+, python3
+, crypto-wrapper
+}:
+
+buildPythonApplication rec {
+  pname = "sentinel-certgen";
+  version = "6.2";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/certgen";
+    description = "Sentinel automated passwords and certificates retrieval";
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/certgen.git";
+    rev = "v" + version;
+    sha256 = "10ii3j3wqdib7m2fc0w599981mv9q3ahj96q4kyrn5sh18v2c7nb";
+  };
+
+  propagatedBuildInputs = with python3.pkgs; [
+    crypto-wrapper
+    six requests cryptography
+  ];
+}
diff --git a/pkgs/crypto-wrapper/default.nix b/pkgs/crypto-wrapper/default.nix
new file mode 100644
index 0000000..3f431b2
--- /dev/null
+++ b/pkgs/crypto-wrapper/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, lib, fetchgit
+, bash
+, makeWrapper
+}:
+
+stdenv.mkDerivation rec {
+  pname = "crypto-wrapper";
+  version = "0.4";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/crypto-wrapper";
+    description = "Simple script abstracting access to the Turris crypto backend.";
+    platforms = platforms.linux;
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/crypto-wrapper.git";
+    rev = "v" + version;
+    sha256 = "1ly37cajkmgqmlj230h5az9m2m1rgvf4r0bf94yipp80wl0z215s";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp crypto-wrapper.sh $out/bin/crypto-wrapper
+    wrapProgram $out/bin/crypto-wrapper  \
+      --prefix PATH : ${lib.makeBinPath [ bash openssl coreutils ]}
+    '';
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 929d030..a64757f 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -19,37 +19,6 @@ let
     #crypto-wrapper = callPackage ./crypto-wrapper { };
     #certgen = python3Packages.callPackage ./certgen { };
 
-    # Overrides to get build to work
-    patchelf = armv7lDisableCheck nixpkgs.patchelf;
-    bison = armv7lDisableCheck nixpkgs.bison;
-    findutils = armv7lDisableCheck nixpkgs.findutils;
-    libuv = armv7lDisableCheck nixpkgs.libuv;
-    p11-kit = armv7lDisableCheck nixpkgs.p11-kit;
-    elfutils = armv7lDisableCheck nixpkgs.elfutils;
-    glib = armv7lDisableCheck nixpkgs.glib;
-    rustc = armv7lDisableCheck nixpkgs.rustc;
-    mdbook = armv7lDisableCheck nixpkgs.mdbook;
-    ell = armv7lDisableCheck nixpkgs.ell;
-    polkit = armv7lDisableCheck nixpkgs.polkit;
-    udisks2 = disableCheck nixpkgs.udisks2;
-    udisks = udisks2;
-    llvm = armv7lDisableCheck nixpkgs.llvm;
-    llvm_14 = armv7lDisableCheck nixpkgs.llvm_14;
-    jemalloc = armv7lDisableCheck nixpkgs.jemalloc;
-    openssh = armv7lDisableCheck nixpkgs.openssh;
-    nlohmann_json = armv7lDisableCheck nixpkgs.nlohmann_json;
-    libseccomp = armv7lDisableCheck nixpkgs.libseccomp;
-    openldap = armv7lDisableCheck nixpkgs.openldap;
-    # Crosscompilation worarounds
-    btrfs-progs = nixpkgs.btrfs-progs.overrideAttrs (oldAttrs: {
-      configureFlags = ["--disable-python"];
-      installFlags = [];
-    });
-    pixz = nixpkgs.pixz.overrideAttrs (oldAttrs: {
-      configureFlags = ["--without-manpage"];
-      patches = [ ./0001-configure.ac-replace-AC_CHECK_FILE.patch ];
-    });
-
   };
 
 in turrispkgs
diff --git a/pkgs/libatsha204/default.nix b/pkgs/libatsha204/default.nix
index 96a621d..10cd859 100644
--- a/pkgs/libatsha204/default.nix
+++ b/pkgs/libatsha204/default.nix
@@ -19,6 +19,9 @@ stdenv.mkDerivation rec {
     fetchSubmodules = true;
     sha256 = "1lhvqdy2sfbvz9y9lwqhxggpr8rwfd66v73gv9s7b7811r6way20";
   };
+  patches = [
+    ./multiple-definitions.patch
+  ];
 
   buildInputs = [openssl unbound];
   nativeBuildInputs = [pkg-config perl patchelf];
diff --git a/pkgs/libatsha204/multiple-definitions.patch b/pkgs/libatsha204/multiple-definitions.patch
new file mode 100644
index 0000000..94dd5fc
--- /dev/null
+++ b/pkgs/libatsha204/multiple-definitions.patch
@@ -0,0 +1,13 @@
+diff --git a/src/libatsha204/dnsmagic.c b/src/libatsha204/dnsmagic.c
+index d5f82b4..dc0bb90 100644
+--- a/src/libatsha204/dnsmagic.c
++++ b/src/libatsha204/dnsmagic.c
+@@ -42,7 +42,7 @@
+ /*
+  * Global variable with configuration and some initial config values.
+  */
+-atsha_configuration g_config;
++extern atsha_configuration g_config;
+ 
+ /*
+  * Get decimal number from its string representation
diff --git a/pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch b/pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch
index 8b377f3..8b377f3 100644
--- a/pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch
+++ b/pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch