2022-10-21 02:32:02 +00:00
{
2024-05-02 18:57:05 +00:00
description = " O p t i m i z e d h e a d s f l a k e f o r D o c k e r i m a g e w i t h g a r b a g e c o l l e c t i o n p r o t e c t i o n " ;
2022-10-21 02:32:02 +00:00
2024-05-02 18:57:05 +00:00
# Inputs define external dependencies and their sources.
2022-10-21 02:32:02 +00:00
inputs = {
2024-05-02 18:57:05 +00:00
nixpkgs . url = " g i t h u b : n i x o s / n i x p k g s / n i x o s - u n s t a b l e " ; # Using the unstable channel for the latest packages, while flake.lock fixates the commit reused until changed.
flake-utils . url = " g i t h u b : n u m t i d e / f l a k e - u t i l s " ; # Utilities for flake functionality.
2022-10-21 02:32:02 +00:00
} ;
2024-05-02 18:57:05 +00:00
# Outputs are the result of the flake, including the development environment and Docker image.
2024-05-08 15:26:34 +00:00
outputs = {
self ,
flake-utils ,
nixpkgs ,
. . .
} :
2022-10-21 02:32:02 +00:00
flake-utils . lib . eachDefaultSystem ( system : let
2024-05-02 18:57:05 +00:00
pkgs = nixpkgs . legacyPackages . ${ system } ; # Accessing the legacy package set.
lib = pkgs . lib ; # The standard Nix packages library.
# Dependencies are the packages required for the Heads project.
# Organized into subsets for clarity and maintainability.
deps = with pkgs ; [
# Core build utilities
autoconf
automake
bashInteractive
coreutils
bc
2024-05-03 14:13:09 +00:00
bison # Generate flashmap descriptor parser
2024-05-02 18:57:05 +00:00
bzip2
cacert
ccache
cmake
cpio
curl
diffutils
dtc
e2fsprogs
elfutils
findutils
flex
gawk
git
2024-05-30 21:05:29 +00:00
gnat # required for libgfxinit under coreboot, hacked around for kgpe-d16
2024-05-02 18:57:05 +00:00
gnugrep
gnumake
gnused
gnutar
gzip
2024-05-30 21:05:29 +00:00
imagemagick # For bootsplash manipulation
innoextract # ROM extraction for dGPU
2024-05-02 18:57:05 +00:00
libtool
m4
2024-05-03 14:13:09 +00:00
ncurses5 # make menuconfig and slang
modules/coreboot: 24.02.01-Purism-1, remove CFLAGS overrides, needs nss
Update Purism coreboot to 24.02.01-Purism-1.
Remove CFLAGS overrides when building coreboot. These overrides break
24.02.01, which added (and needs) --param=min-pagesize=1024. This has
happened repeatedly in the past since Heads has to duplicate coreboot's
CFLAGS if it overrides them.
Specifically, the build fails with this error:
src/commonlib/include/commonlib/endian.h:27:26: error: array subscript 1 is outside array bounds of 'void[0]' [-Werror=array-bounds=]
27 | *(uint8_t *)dest = val;
| ~~~~~~~~~~~~~~~~~^~~~~
In function 'setup_default_ebda':
cc1: note: source object is likely at address zero
That's because coreboot is attempting to write to EBDA at physical
address 0x40e, just above 1024. That is a valid address for x86, but
it's too close to 0 by default for GCC, --param-min-pagesize=1024
allows writes to physical addresses above 1024.
coreboot shouldn't need any of the usual Heads CFLAGS overrides for
reproducibility; it is already reproducible.
Fix indentation in modules/coreboot. Make accepted it before because
the indented lines followed a variable assignment, so they couldn't
be part of a recipe. That assignment is now gone, so they're now
interprted as part of a recipe for the `.configured` target just above,
they should not be indented.
Add nss to flake.nix, needed as of 24.02.01.
Update Librem coreboot configs for 24.02.01-Purism-1. Notably, the
board Kconfig changed for Mini v2 in coreboot, so this is needed for
correct builds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-06-18 20:42:31 +00:00
nss
2024-05-30 21:05:29 +00:00
openssl # needed for talos-2 kernel build
2024-05-02 18:57:05 +00:00
parted
patch
perl
pkg-config
2024-05-30 21:05:29 +00:00
python3 # me_cleaner, coreboot
rsync # coreboot
2024-05-02 18:57:05 +00:00
sharutils
texinfo
unzip
wget
which
xz
zip
zlib
zlib . dev
] ++ [
2024-05-30 21:05:29 +00:00
qemu_full #Heavier then qemu + qemu_kvm, but contains qemu-img + kvm and everything else needed to do development/testing cycles under docker
2024-05-02 18:57:05 +00:00
] ++ [
2024-05-30 21:05:29 +00:00
# Additional tools for debugging/editing/testing
vim # Mostly used amongst us, sorry if you'd like something else, open issue
swtpm # QEMU requirement to emulate tpm1/tpm2
2024-05-02 18:57:05 +00:00
dosfstools # QEMU requirement to produce valid fs to store exported public key to be fused through inject_key on qemu (so qemu flashrom emulated SPI support).
2024-05-30 21:05:29 +00:00
diffoscopeMinimal # Not sure exactly what is packed here, let's try. Might need diffoscope if something is missing
gnupg #to inject public key inside of qemu create rom through inject_gpg target of targets/qemu.mk TODO: remove when pflash supported by flashrom + modify code
2024-05-23 15:34:09 +00:00
less # so 'git log' is usable
2024-05-02 18:57:05 +00:00
] ++ [
2024-05-03 14:13:09 +00:00
# Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh)
2024-05-02 18:57:05 +00:00
bundler
p7zip
ruby
2024-05-03 14:13:09 +00:00
sudo # ( °-° )
2024-05-02 18:57:05 +00:00
upx
] ;
2022-10-21 02:32:02 +00:00
in {
2024-05-02 18:57:05 +00:00
# The development shell includes all the dependencies.
2022-10-21 02:32:02 +00:00
devShell = pkgs . mkShellNoCC {
2024-05-03 18:13:39 +00:00
buildInputs = deps ;
2022-10-21 02:32:02 +00:00
} ;
2024-05-02 18:57:05 +00:00
# myDevShell outputs environment variables necessary for development.
2022-10-21 02:32:02 +00:00
packages . myDevShell =
pkgs . runCommand " m y - d e v - s h e l l " { }
#bash
''
grep \
- e CMAKE_PREFIX_PATH \
- e NIX_CC_WRAPPER_TARGET_TARGET \
- e NIX_CFLAGS_COMPILE_FOR_TARGET \
- e NIX_LDFLAGS_FOR_TARGET \
- e PKG_CONFIG_PATH_FOR_TARGET \
2024-05-02 13:54:14 +00:00
- e ACLOCAL_PATH \
2022-10-21 02:32:02 +00:00
$ { self . devShell . ${ system } } > $ out
'' ;
2024-05-02 18:57:05 +00:00
# Docker image configuration for the Heads project.
2022-10-21 02:32:02 +00:00
packages . dockerImage = pkgs . dockerTools . buildLayeredImage {
2024-05-03 18:13:39 +00:00
name = " l i n u x b o o t / h e a d s " ;
tag = " d e v - e n v " ;
config . Entrypoint = [ " b a s h " " - c " '' s o u r c e / d e v e n v . s h ; i f ( ( $# = = 0 ) ) ; t h e n e x e c b a s h ; e l s e e x e c " $0 " " $@ " ; f i '' ] ;
contents =
deps
++ [
2024-05-02 18:57:05 +00:00
pkgs . dockerTools . binSh
pkgs . dockerTools . caCertificates
pkgs . dockerTools . usrBinEnv
] ;
2024-05-03 18:13:39 +00:00
enableFakechroot = true ;
2022-10-21 02:32:02 +00:00
fakeRootCommands =
#bash
''
2024-05-02 18:57:05 +00:00
set - e
2022-10-21 02:32:02 +00:00
2024-05-02 18:57:05 +00:00
# Environment setup for the development shell.
grep \
- e NIX_CC_WRAPPER_TARGET_TARGET \
- e NIX_CFLAGS_COMPILE_FOR_TARGET \
- e NIX_LDFLAGS_FOR_TARGET \
- e NIX_PKG_CONFIG_WRAPPER_TARGET \
- e PKG_CONFIG_PATH_FOR_TARGET \
- e ACLOCAL_PATH \
$ { self . devShell . ${ system } } > /devenv.sh
2022-10-21 02:32:02 +00:00
2024-05-03 14:13:09 +00:00
# Git configuration for safe directory access.
2024-05-02 18:57:05 +00:00
printf ' [ safe ] \ n \ tdirectory = * \ n' > /.gitconfig
2024-05-03 14:13:09 +00:00
mkdir /tmp ; # Temporary directory for various operations.
2024-05-02 18:57:05 +00:00
'' ;
2022-10-21 02:32:02 +00:00
} ;
} ) ;
}