flake.nix: add canokey-qemu lib, derivate qemu on tope of it and have qemu_kvm depend on qemu derivative
targets/qemu.mk: modified to had canokey support by default if no "USB_TOKEN=" specified on make run call
CircleCI: base docker image pull on v0.1.6 containing the newly added derivatives
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Use relative paths in configs generated from templates, so the final
build doesn't depend on the absolute location of the repository. The
coreboot config is part of the final ROM.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Specifying LIBS_BASE causes flashrom's Makefile to link in an RPATH,
using the Heads workspace path, which is not what we want. It does
other things too, but we already pass the parts we need to the make
invocation for flashrom.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Modify .circleci/config.yml to also not reuse past caches if CircleCI config changes as part of calculated hashes for the 3 layers
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- push v0.1.3 and have latest point to the same image, add repro notes inside of README.md
- modify qemu.md to also refer to using docker images
TODO: remove NIX_REPRO_NOTES prior of merging
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
git difftool -d HEAD^ to check config against previous version (librem shared config), noticed I2C options being maybe relevant, added them back in
Then saved with make BOARD=nitropad-ns50 linux.modify_and_save_oldconfig_in_place
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Result of:
make BOARD=nitropad-nv41 coreboot.save_in_oldconfig_format_in_place
make BOARD=nitropad-ns50 coreboot.save_in_oldconfig_format_in_place
No change, was applied like this anyway at compilation.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- include nix tools inside of the docker to be able to call the garbage collector prior of creating docker.
- protect roots from garbage collection (WiP)
- Requires external preparation call so that nix (the binary) is not wiped as well. See NIX_REPRO_NOTES at the end of the file for repro notes
- Could probably be improved. Works as of now and created a 4Gb vs 3.02Gb docker image I'm uploading now.
- CircleCI bumped to use v0.0.9 version including this
- CircleCI now depending on flake.lock for all cache layers. Will rebuild clean once again
So now we have qemu with canokey support in image, nix basic tools inside of container. Possible to call docker with DISPLAY, see NIX_REPRO_NOTES as of now.
That feels nice. No need of USB security dongle to have TPM based TPMTOTP nor detach sign? Not tested but feature is there
TODO:
- make docker creating nicer in the Nix way.
- Add canokey support under targets/qemu.mk
- add canokey board version
At least we have reproducible stack and testing stack being in same docker image. Docker image moved from 991.18MB (v0.0.8) to 1.18GB (v0.0.9)
- And I tried to clean binaries of symbols here! Seems like I do not know enough of the Nix way here.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Was causing another ac macro misbehavior since host ac was not considered by aclocal and autoreconf
TODO: Might want to revert 6a1791112de451509d81e03bce5bdd6b1a49a79f if talos-2 board is able to build 3rdparty/sb-sign-tool
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- switch cache to nix-docker-heads to not interfere with nixos develop layer on same PR
- remove nix develop calls; replace by direct script calls and make calls
- make sure save/restore/root is ~/heads
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
if patch fails to apply, its because patch file creates a file and doesn't expect it to exist.
just call rm on the file reported to exist, and relaunch build.
Deletes ./install/*/* and permits to rebuild all dependencies in order, just based on freshly extracted and patched code.
Bonus, this saves your SDD from unneeded wear and rebuilds faster then all other Mafile helpers.
That's my favorite.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
See first lines of output of any make command. Change aimed to be respectful of CI resource (8GB ram 4CPUs)
With CPUS=8 AVAILABLE_MEM_GB=4, CircleCI outputs:
!!!!!! BUILD SYSTEM INFO !!!!!!
System CPUS: 36
System Available Memory: 4 GB
System Load Average: 12.99
----------------------------------------------------------------------
Used **CPUS**: 8
Used **LOADAVG**: 8
Used **AVAILABLE_MEM_GB**: 4 GB
----------------------------------------------------------------------
**MAKE_JOBS**: -j8 --max-load 8
Variables available for override (use 'make VAR_NAME=value'):
**CPUS** (default: number of processors, e.g., 'make CPUS=4')
**LOADAVG** (default: same as CPUS, e.g., 'make LOADAVG=4')
**AVAILABLE_MEM_GB** (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4')
**MEM_PER_JOB_GB** (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2')
----------------------------------------------------------------------
Let's try without any limitation...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Until nix PR is merged to not interfere with master/other pr caches
Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
