From 1bef1083e047c8f78b47ae8fd8eed33eea770d39 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 8 May 2024 11:26:34 -0400 Subject: [PATCH] README.md: update repro notes. flake.nix: qemu_kvm was not included for native kvm support: added Signed-off-by: Thierry Laurion --- README.md | 33 +++++++++++++++++++++++++-------- flake.nix | 18 +++++++++++++----- 2 files changed, 38 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index e87aa90a..15b1527c 100644 --- a/README.md +++ b/README.md @@ -50,25 +50,42 @@ echo 'experimental-features = nix-command flakes' >~/.config/nix/nix.conf # END OF DANGER SECTION TO BE REVIEWED # [...] # Build nix developer local env with flakes locks to specified versions and exits just running "true" command: -nix --print-build-logs --verbose develop --ignore-environment -- true +nix --print-build-logs --verbose develop --ignore-environment --command true # Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image: nix build .#dockerImage && docker load < result ``` -Jump into docker image + +Jump into nix develop created docker image for interactive workflow ===== `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env` -Build a board from docker image -===== + +From there you can use the docker image interactively. + `make BOARD=board_name` where board_name is the name of the board directory under `./boards` directory. -Use prepared docker image from docker hub +One such useful example is to build and test qemu board roms and test them through qemu/kvm/swtpm provided in the docker image. +Please refer to [qemu documentation](targets/qemu.md) for more information. + +Eg: +``` +make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime +make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image +make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install +``` + +Alternatively, you can use locally built docker image to build a board ROM image in a single call. + +Eg: +`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=nitropad-nv41` + +Pull docker hub image to prepare reproducible ROMs as CircleCI in one call ==== ``` -docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2 -docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2 run +docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-maximized +docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41 ``` Maintenance notes on docker image @@ -81,7 +98,7 @@ docker push tlaurion/heads-dev-env:latest ``` Notes: -- Local builds can use ":latest" +- Local builds can use ":latest" tag, which will use latest tested successful CircleCI run - To reproduce CirlceCI results, make sure to use the same versioned tag declared under .circleci/config.yml's "image:" diff --git a/flake.nix b/flake.nix index 325193a0..94c947f6 100644 --- a/flake.nix +++ b/flake.nix @@ -6,9 +6,13 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Using the unstable channel for the latest packages, while flake.lock fixates the commit reused until changed. flake-utils.url = "github:numtide/flake-utils"; # Utilities for flake functionality. }; - # Outputs are the result of the flake, including the development environment and Docker image. - outputs = { self, nixpkgs, flake-utils, ... }: + outputs = { + self, + flake-utils, + nixpkgs, + ... + }: flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; # Accessing the legacy package set. lib = pkgs.lib; # The standard Nix packages library. @@ -66,8 +70,13 @@ zlib.dev ] ++ [ # Packages for qemu support with Canokey integration. - qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement (RTFM). - #canokey doesn;t work still even if compiled in, so no reason to add 1Gb of stuff in the image + #qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker + qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement. + qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full + # + # TODO: make work qemu-canokey not existing in caches: + # Below are overrides to make canokey-qemu library availabe to qemu built derivative through override) + #canokey doesn't work still even if compiled in, so no reason to add 1Gb of stuff in the image (qemu -device canokey not exposed even if configured in) #canokey-qemu # Canokey lib for qemu build-time compilation. #(qemu.override { # canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available. @@ -141,4 +150,3 @@ }; }); } -