README.md: update repro notes. flake.nix: qemu_kvm was not included for native kvm support: added

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-18 20:47:55 +00:00 · 2024-05-08 11:26:34 -04:00 · 2024-05-08 11:26:34 -04:00 · 1bef1083e0
commit 1bef1083e0
parent 03e861ea48
2 changed files with 38 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -50,25 +50,42 @@ echo 'experimental-features = nix-command flakes' >~/.config/nix/nix.conf
 # END OF DANGER SECTION TO BE REVIEWED
 # [...]
 # Build nix developer local env with flakes locks to specified versions and exits just running "true" command:
-nix --print-build-logs --verbose develop --ignore-environment -- true
+nix --print-build-logs --verbose develop --ignore-environment --command true
 # Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image:
 nix build .#dockerImage && docker load < result
 ```

-Jump into docker image
+
+Jump into nix develop created docker image for interactive workflow
 =====
 `docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env`

-Build a board from docker image
-=====
+
+From there you can use the docker image interactively.
+
 `make BOARD=board_name` where board_name is the name of the board directory under `./boards` directory.


-Use prepared docker image from docker hub
+One such useful example is to build and test qemu board roms and test them through qemu/kvm/swtpm provided in the docker image. 
+Please refer to [qemu documentation](targets/qemu.md) for more information.
+
+Eg:
+```
+make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime
+make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image
+make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install
+```
+
+Alternatively, you can use locally built docker image to build a board ROM image in a single call.
+
+Eg:
+`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=nitropad-nv41`
+
+Pull docker hub image to prepare reproducible ROMs as CircleCI in one call
 ====
 ```
-docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2
-docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm2 run
+docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-maximized
+docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41
 ```

 Maintenance notes on docker image
@ -81,7 +98,7 @@ docker push tlaurion/heads-dev-env:latest
 ```

 Notes:
- Local builds can use ":latest" 
+- Local builds can use ":latest" tag, which will use latest tested successful CircleCI run
 - To reproduce CirlceCI results, make sure to use the same versioned tag declared under .circleci/config.yml's "image:" 


--- a/flake.nix
+++ b/flake.nix
@ -6,9 +6,13 @@
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Using the unstable channel for the latest packages, while flake.lock fixates the commit reused until changed.
    flake-utils.url = "github:numtide/flake-utils"; # Utilities for flake functionality.
  };
-
  # Outputs are the result of the flake, including the development environment and Docker image.
-  outputs = { self, nixpkgs, flake-utils, ... }:
+  outputs = {
+    self,
+    flake-utils,
+    nixpkgs,
+    ...
+  }:
    flake-utils.lib.eachDefaultSystem (system: let
      pkgs = nixpkgs.legacyPackages.${system}; # Accessing the legacy package set.
      lib = pkgs.lib; # The standard Nix packages library.
@ -66,8 +70,13 @@
        zlib.dev
      ] ++ [
        # Packages for qemu support with Canokey integration.
-        qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement (RTFM).
-        #canokey doesn;t work still even if compiled in, so no reason to add 1Gb of stuff in the image
+        #qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker
+        qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement.
+        qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full
+	#
+	# TODO: make work qemu-canokey not existing in caches:
+	# Below are overrides to make canokey-qemu library availabe to qemu built derivative through override)
+        #canokey doesn't work still even if compiled in, so no reason to add 1Gb of stuff in the image (qemu -device canokey not exposed even if configured in)
        #canokey-qemu # Canokey lib for qemu build-time compilation.
        #(qemu.override {
        #  canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available.
@ -141,4 +150,3 @@
      };
    });
 }
-