From 07896ee61dba47bc57c4c3b3b819033dc0324a1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 8 Aug 2022 08:27:06 +0200 Subject: Turris Omnia cross build now should work --- README.md | 18 ++++- flake.lock | 12 +-- nixos/default.nix | 2 + nixos/modules/armv7l-overlay.nix | 86 ++++++++++++++++++++++ pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch | 31 -------- pkgs/certgen/default.nix | 25 +++++++ pkgs/crypto-wrapper/default.nix | 28 +++++++ pkgs/default.nix | 31 -------- pkgs/libatsha204/default.nix | 3 + pkgs/libatsha204/multiple-definitions.patch | 13 ++++ .../0001-configure.ac-replace-AC_CHECK_FILE.patch | 31 ++++++++ 11 files changed, 208 insertions(+), 72 deletions(-) create mode 100644 nixos/modules/armv7l-overlay.nix delete mode 100644 pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch create mode 100644 pkgs/certgen/default.nix create mode 100644 pkgs/crypto-wrapper/default.nix create mode 100644 pkgs/libatsha204/multiple-definitions.patch create mode 100644 pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch diff --git a/README.md b/README.md index 1fb1e55..dee5f38 100644 --- a/README.md +++ b/README.md @@ -43,13 +43,10 @@ you should do to get the correct layout: ``` ~# parted /dev/mmcblk1 (parted) mktable gpt -(parted) mkpart NixTurris 0% -4G +(parted) mkpart NixTurris 0% 100% (parted) set 1 boot on -(parted) mkpart NixTurrisSwap -4G 100% -(parted) set 2 swap on (parted) quit ~# mkfs.btrfs /dev/mmcblk1p1 -~# mkswap /dev/mmcblk1p2 ``` Next we need the initial system tarball to unpack to the SD card. For this you @@ -76,3 +73,16 @@ The last step is to unpack the tarball to the SD card. ``` Now you can take this micro SD card and insert it to your Mox. + +### System fails to boot due to invalid initrd + +The issue is caused by initrd start being overwritten by kernel image's tail. + +The kernel image in NixOS can be pretty large and default Mox's configuration +expects kernel of maximum size 48MB. To increase this to 64MB you have to use +serial console and run: + +``` +setenv ramdisk_addr_r 0x9000000 +saveenv +``` diff --git a/flake.lock b/flake.lock index 7f426ae..961b06c 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -16,11 +16,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658150454, - "narHash": "sha256-dhyOQvRT8oYWN0SwsNyujohBsJqwF5W7fnhEcfgBk7E=", + "lastModified": 1659868656, + "narHash": "sha256-LINDS957FYzOb412t/Zha44LQqGniMpUIUz4Pi+fvSs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3110964916469ad6ed9fea72a0a3119a0959a14e", + "rev": "80fc83ad314fe701766ee66ac8286307d65b39e3", "type": "github" }, "original": { diff --git a/nixos/default.nix b/nixos/default.nix index 7274f66..080ec0d 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -7,6 +7,8 @@ self: let turris-tarball = import ./modules/turris-tarball.nix; turris-crossbuild = import ./modules/turris-crossbuild.nix; + armv7l-overlay = import ./modules/armv7l-overlay.nix; + hostapd = import ./modules/hostapd.nix; }; diff --git a/nixos/modules/armv7l-overlay.nix b/nixos/modules/armv7l-overlay.nix new file mode 100644 index 0000000..a1b2449 --- /dev/null +++ b/nixos/modules/armv7l-overlay.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + is_native = config.nixpkgs.crossSystem == null && config.nixpkgs.system == "armv7l-linux"; + is_cross = config.nixpkgs.crossSystem != null && config.nixpkgs.crossSystem.system == "armv7l-linux"; + +in { + nixpkgs.overlays = (optionals is_native [ + (self: super: let + + disableCheck = pkg: pkg.overrideAttrs (oldAttrs: { + doCheck = false; + doInstallCheck = false; + }); + + in { + + boehmgc = disableCheck super.boehmgc; + libseccomp = disableCheck super.libseccomp; + libuv = disableCheck super.libuv; + elfutils = disableCheck super.elfutils; + gobject-introspection = disableCheck super.gobject-introspection; + nlohmann_json = disableCheck super.nlohmann_json; + openldap = disableCheck super.openldap; + + + python310 = super.python310.override { + + packageOverrides = python-self: python-super: let + noTest = pkg: pkg.overrideAttrs (oldAttrs: { + dontUsePytestCheck = true; + dontUseSetuptoolsCheck = true; + }); + in { + + pytest-xdist = noTest python-super.pytest-xdist; + requests = noTest python-super.requests; + + }; + }; + python310Packages = self.python310.pkgs; + python = self.python310; + pythonPackages = self.python.pkgs; + + # Overrides to get build to work + #boehmgc = armv7lDisableCheck nixpkgs.boehmgc; + #libseccomp = armv7lDisableCheck nixpkgs.libseccomp; + #libuv = armv7lDisableCheck nixpkgs.libuv; + #elfutils = armv7lDisableCheck nixpkgs.elfutils; + #patchelf = armv7lDisableCheck nixpkgs.patchelf; + #bison = armv7lDisableCheck nixpkgs.bison; + #findutils = armv7lDisableCheck nixpkgs.findutils; + #p11-kit = armv7lDisableCheck nixpkgs.p11-kit; + #glib = armv7lDisableCheck nixpkgs.glib; + #rustc = armv7lDisableCheck nixpkgs.rustc; + #mdbook = armv7lDisableCheck nixpkgs.mdbook; + #ell = armv7lDisableCheck nixpkgs.ell; + #polkit = armv7lDisableCheck nixpkgs.polkit; + #udisks2 = disableCheck nixpkgs.udisks2; + #udisks = udisks2; + #llvm = armv7lDisableCheck nixpkgs.llvm; + #llvm_14 = armv7lDisableCheck nixpkgs.llvm_14; + #jemalloc = armv7lDisableCheck nixpkgs.jemalloc; + #openssh = armv7lDisableCheck nixpkgs.openssh; + #nlohmann_json = armv7lDisableCheck nixpkgs.nlohmann_json; + + }) + ]) ++ (optionals is_cross [ + (self: super: { + + btrfs-progs = super.btrfs-progs.overrideAttrs (oldAttrs: { + configureFlags = ["--disable-python"]; + installFlags = []; + }); + pixz = super.pixz.overrideAttrs (oldAttrs: { + configureFlags = ["--without-manpage"]; + patches = [ ../../pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch ]; + }); + + }) + ]); + +} diff --git a/pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch b/pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch deleted file mode 100644 index 8b377f3..0000000 --- a/pkgs/0001-configure.ac-replace-AC_CHECK_FILE.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 4ddfdca8416a008819d08d14d6a6f4796aef7857 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Mon, 12 Oct 2020 22:40:13 +0200 -Subject: [PATCH] configure.ac: replace AC_CHECK_FILE - -AC_CHECK_FILE can't be used when cross-compiling so replace it by a -simple test -f - -Signed-off-by: Fabrice Fontaine ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0a19a2a..9773993 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -16,8 +16,8 @@ AC_PROG_CC_STDC - # Check for a2x only if the man page is missing, i.e. we are building from git. The release tarballs - # are set up to include the man pages. This way, only people creating tarballs via `make dist` and - # people building from git need a2x as a dependency. --AC_CHECK_FILE( -- [src/pixz.1], -+AS_IF( -+ [test -f src/pixz.1], - [], - [ - AC_ARG_WITH( --- -2.35.1 - diff --git a/pkgs/certgen/default.nix b/pkgs/certgen/default.nix new file mode 100644 index 0000000..3818b9b --- /dev/null +++ b/pkgs/certgen/default.nix @@ -0,0 +1,25 @@ +{ buildPythonApplication, lib, fetchgit +, python3 +, crypto-wrapper +}: + +buildPythonApplication rec { + pname = "sentinel-certgen"; + version = "6.2"; + meta = with lib; { + homepage = "https://gitlab.nic.cz/turris/sentinel/certgen"; + description = "Sentinel automated passwords and certificates retrieval"; + license = licenses.gpl3; + }; + + src = fetchgit { + url = "https://gitlab.nic.cz/turris/sentinel/certgen.git"; + rev = "v" + version; + sha256 = "10ii3j3wqdib7m2fc0w599981mv9q3ahj96q4kyrn5sh18v2c7nb"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + crypto-wrapper + six requests cryptography + ]; +} diff --git a/pkgs/crypto-wrapper/default.nix b/pkgs/crypto-wrapper/default.nix new file mode 100644 index 0000000..3f431b2 --- /dev/null +++ b/pkgs/crypto-wrapper/default.nix @@ -0,0 +1,28 @@ +{ stdenv, lib, fetchgit +, bash +, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "crypto-wrapper"; + version = "0.4"; + meta = with lib; { + homepage = "https://gitlab.nic.cz/turris/crypto-wrapper"; + description = "Simple script abstracting access to the Turris crypto backend."; + platforms = platforms.linux; + license = licenses.gpl3; + }; + + src = fetchgit { + url = "https://gitlab.nic.cz/turris/crypto-wrapper.git"; + rev = "v" + version; + sha256 = "1ly37cajkmgqmlj230h5az9m2m1rgvf4r0bf94yipp80wl0z215s"; + }; + + installPhase = '' + mkdir -p $out/bin + cp crypto-wrapper.sh $out/bin/crypto-wrapper + wrapProgram $out/bin/crypto-wrapper \ + --prefix PATH : ${lib.makeBinPath [ bash openssl coreutils ]} + ''; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 929d030..a64757f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -19,37 +19,6 @@ let #crypto-wrapper = callPackage ./crypto-wrapper { }; #certgen = python3Packages.callPackage ./certgen { }; - # Overrides to get build to work - patchelf = armv7lDisableCheck nixpkgs.patchelf; - bison = armv7lDisableCheck nixpkgs.bison; - findutils = armv7lDisableCheck nixpkgs.findutils; - libuv = armv7lDisableCheck nixpkgs.libuv; - p11-kit = armv7lDisableCheck nixpkgs.p11-kit; - elfutils = armv7lDisableCheck nixpkgs.elfutils; - glib = armv7lDisableCheck nixpkgs.glib; - rustc = armv7lDisableCheck nixpkgs.rustc; - mdbook = armv7lDisableCheck nixpkgs.mdbook; - ell = armv7lDisableCheck nixpkgs.ell; - polkit = armv7lDisableCheck nixpkgs.polkit; - udisks2 = disableCheck nixpkgs.udisks2; - udisks = udisks2; - llvm = armv7lDisableCheck nixpkgs.llvm; - llvm_14 = armv7lDisableCheck nixpkgs.llvm_14; - jemalloc = armv7lDisableCheck nixpkgs.jemalloc; - openssh = armv7lDisableCheck nixpkgs.openssh; - nlohmann_json = armv7lDisableCheck nixpkgs.nlohmann_json; - libseccomp = armv7lDisableCheck nixpkgs.libseccomp; - openldap = armv7lDisableCheck nixpkgs.openldap; - # Crosscompilation worarounds - btrfs-progs = nixpkgs.btrfs-progs.overrideAttrs (oldAttrs: { - configureFlags = ["--disable-python"]; - installFlags = []; - }); - pixz = nixpkgs.pixz.overrideAttrs (oldAttrs: { - configureFlags = ["--without-manpage"]; - patches = [ ./0001-configure.ac-replace-AC_CHECK_FILE.patch ]; - }); - }; in turrispkgs diff --git a/pkgs/libatsha204/default.nix b/pkgs/libatsha204/default.nix index 96a621d..10cd859 100644 --- a/pkgs/libatsha204/default.nix +++ b/pkgs/libatsha204/default.nix @@ -19,6 +19,9 @@ stdenv.mkDerivation rec { fetchSubmodules = true; sha256 = "1lhvqdy2sfbvz9y9lwqhxggpr8rwfd66v73gv9s7b7811r6way20"; }; + patches = [ + ./multiple-definitions.patch + ]; buildInputs = [openssl unbound]; nativeBuildInputs = [pkg-config perl patchelf]; diff --git a/pkgs/libatsha204/multiple-definitions.patch b/pkgs/libatsha204/multiple-definitions.patch new file mode 100644 index 0000000..94dd5fc --- /dev/null +++ b/pkgs/libatsha204/multiple-definitions.patch @@ -0,0 +1,13 @@ +diff --git a/src/libatsha204/dnsmagic.c b/src/libatsha204/dnsmagic.c +index d5f82b4..dc0bb90 100644 +--- a/src/libatsha204/dnsmagic.c ++++ b/src/libatsha204/dnsmagic.c +@@ -42,7 +42,7 @@ + /* + * Global variable with configuration and some initial config values. + */ +-atsha_configuration g_config; ++extern atsha_configuration g_config; + + /* + * Get decimal number from its string representation diff --git a/pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch b/pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch new file mode 100644 index 0000000..8b377f3 --- /dev/null +++ b/pkgs/patches/0001-configure.ac-replace-AC_CHECK_FILE.patch @@ -0,0 +1,31 @@ +From 4ddfdca8416a008819d08d14d6a6f4796aef7857 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Mon, 12 Oct 2020 22:40:13 +0200 +Subject: [PATCH] configure.ac: replace AC_CHECK_FILE + +AC_CHECK_FILE can't be used when cross-compiling so replace it by a +simple test -f + +Signed-off-by: Fabrice Fontaine +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0a19a2a..9773993 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -16,8 +16,8 @@ AC_PROG_CC_STDC + # Check for a2x only if the man page is missing, i.e. we are building from git. The release tarballs + # are set up to include the man pages. This way, only people creating tarballs via `make dist` and + # people building from git need a2x as a dependency. +-AC_CHECK_FILE( +- [src/pixz.1], ++AS_IF( ++ [test -f src/pixz.1], + [], + [ + AC_ARG_WITH( +-- +2.35.1 + -- cgit v1.2.3