| 10 Mar 2023 |
 @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
That's not good Should we try to strip that out or just make our own initrd os-release attrset with less info to begin with? | 13:41:45 |
 @janne.hess:helsinki-systems.de | Lily Foster: added a MIT license and a README with the appropriate attribution | 13:59:25 |
| @janne.hess:helsinki-systems.de | Feel free to open a PR that mentions the package name in the README once it's upstreamed ;) | 14:00:24 |
 @elvishjerricco:matrix.org | In reply to @lily:lily.flowers
Should we try to strip that out or just make our own initrd os-release attrset with less info to begin with? Probably just separate common, stage 2, and stage 1. I'm going to need another variant for ukify since that seems to require an os-release as well | 16:15:44 |
 K900 | One thing I wanted to do for bootis but didn't get around to doing is building UKIs with Nix | 16:16:36 |
| K900 | That would be really nice | 16:16:51 |
| @elvishjerricco:matrix.org | It's not hard. I've got a little script for it somewhere | 16:16:53 |
| @elvishjerricco:matrix.org | addSections = pkgs.writeShellScriptBin "add-sections" ''
set -euo pipefail
stub="$1"
image="$2"
stub_line=$(${pkgs.binutils}/bin/objdump -h "$stub" | tail -2 | head -1)
stub_size=0x$(echo "$stub_line" | awk '{print $3}')
stub_offs=0x$(echo "$stub_line" | awk '{print $4}')
next_offs=$((stub_size + stub_offs))
args=()
while read sectionName contentsFile; do
contentsFile="$(readlink -f "$contentsFile")"
args+=(--add-section "$sectionName"="$contentsFile")
args+=(--change-section-vma "$sectionName"=$(printf 0x%x $next_offs))
next_offs=$((next_offs + $(stat -c%s "$contentsFile")))
done
set -x
exec ${pkgs.binutils}/bin/objcopy "''${args[@]}" "$stub" "$image"
'';
stub = pkgs.runCommand "stub" {nativeBuildInputs = [addSections];} ''
mkdir $out
add-sections ${nixosConfig}/systemd/lib/systemd/boot/efi/linuxx64.efi.stub $out/foo-unsigned.efi <<EOF
.osrel ${osRelease}
.linux ${nixosConfig}/kernel
.initrd ${nixosConfig}/initrd${lib.optionalString kernelBoot "\n.cmdline ${cmdline}"}
EOF
'';
| 16:18:36 |
| @elvishjerricco:matrix.org | * addSections = pkgs.writeShellScriptBin "add-sections" ''
set -euo pipefail
stub="$1"
image="$2"
stub_line=$(${pkgs.binutils}/bin/objdump -h "$stub" | tail -2 | head -1)
stub_size=0x$(echo "$stub_line" | awk '{print $3}')
stub_offs=0x$(echo "$stub_line" | awk '{print $4}')
next_offs=$((stub_size + stub_offs))
args=()
while read sectionName contentsFile; do
contentsFile="$(readlink -f "$contentsFile")"
args+=(--add-section "$sectionName"="$contentsFile")
args+=(--change-section-vma "$sectionName"=$(printf 0x%x $next_offs))
next_offs=$((next_offs + $(stat -c%s "$contentsFile")))
done
set -x
exec ${pkgs.binutils}/bin/objcopy "''${args[@]}" "$stub" "$image"
'';
stub = pkgs.runCommand "stub" {nativeBuildInputs = [addSections];} ''
mkdir $out
add-sections ${nixosConfig}/systemd/lib/systemd/boot/efi/linuxx64.efi.stub $out/foo-unsigned.efi <<EOF
.osrel ${osRelease}
.linux ${nixosConfig}/kernel
.initrd ${nixosConfig}/initrd
EOF
'';
| 16:20:44 |
| @elvishjerricco:matrix.org | But also systemd now has theukify tool to do it, which can easily be used in a nix derivation. It just requires an os-release for whatever reason | 16:22:00 |
| K900 | I know it's not hard, I just wanted to get it into nixpkgs | 16:25:24 |
| K900 | And probably wire it up as a bootspec extension | 16:25:34 |
 @gdamjan:spodeli.org | you can create a custom os-release right | 16:25:41 |
| @elvishjerricco:matrix.org | gdamjan: Yea I'm just annoyed by it :P | 16:25:58 |
| @gdamjan:spodeli.org | it's used to identify the image :D | 16:26:17 |
| @elvishjerricco:matrix.org | Is there a mapping anywhere in nixpkgs from system architecture to uefi architecture name? e.g. x86_64 -> x64 | 16:31:09 |
| @elvishjerricco:matrix.org | Oh, derp. xyzPlatform.efiArch | 16:32:46 |
| @lily:lily.flowers | Does anyone want tmpfiles working in initrd? It was a pretty simple patch to get working, but I ended up deciding I didn't need it. So I'll PR it if someone wants it, but probably won't otherwise | 18:29:17 |
| @lily:lily.flowers | https://github.com/lilyinstarlight/nixpkgs/commit/d456921f5c93f963bb5491e671b92e20382d3e5b | 18:29:18 |
| @elvishjerricco:matrix.org | Lily Foster: Possibly? For some reason there was an issue in the networkd PR when that was enabled: https://github.com/NixOS/nixpkgs/pull/169116/files#diff-68fef76b66b99ee77baba62969a434c1f912c2fcf8765bfc884b7aa5b0e70d35R71-R72
It was just a unit ordering issue, so it had nothing to do with its lack of implementation. But I can't remember what it was, considering it's been 9 months since I wrote that comment :P
| 21:07:33 |
| @elvishjerricco:matrix.org | It's possible that issue only existed back when I was trying to reuse the openssh module verbatim in stage 1, rather than doing the dead simple thing like the PR does now | 21:08:14 |
| @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
It's possible that issue only existed back when I was trying to reuse the openssh module verbatim in stage 1, rather than doing the dead simple thing like the PR does now Yeah as a problem that sounds suspicious. I can probably test with it added back if you need to see how it behaves now | 21:24:38 |
| @elvishjerricco:matrix.org | Lily Foster: Feel free. Though fwiw I kinda doubt tmpfiles would be useful for us in stage 1. | 21:26:02 |
| @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
Lily Foster: Feel free. Though fwiw I kinda doubt tmpfiles would be useful for us in stage 1. Yeah, me too. Which is why I wasn't gonna PR it unless someone expressed an interest to have tmpfiles in initrd | 21:26:32 |
| @lily:lily.flowers | (it's a small patch but it also really doesn't do much good -- though I feel we probably should leave it available to work, even if we don't actually add it to any targets or emit tmpfiles.d stuff by default) | 21:27:13 |
| @lily:lily.flowers | (so to clarify my stance -- I'd rather not remove the unit if we don't have to, but I also don't care to implement stuff in the tmpfiles/initrd modules for it) | 21:28:42 |
| @elvishjerricco:matrix.org | I'd say let's leave it out. It's just an unnecessary thing that can still cause stuff to break for no reason | 21:29:15 |
| @lily:lily.flowers | The unit existing really should cause anything to break (which is why that sounds suspicious that it did -- It's rarely pulled in by anything as far as I remember). But the amount I care is not much, so whichever you're more comfortable with is fine | 21:30:48 |
| @elvishjerricco:matrix.org | Well the existing unit also doesn't do anything :P If we're going to keep it, we should have an implementation. And if we have an implementation, that's logic we have to maintain even if no one's using it | 21:32:29 |
| 11 Mar 2023 |
 jaen | Hi, I've asked previously for help with getting systemd-stage1 to work with my LUKS setup, but didn't get any responses, so I've put it aside for a while. I'm trying again now and I think the only issue I have is getting my unit dependencies wrong, as doing the same steps manually on a running system properly shows Plymouth password prompt and decrypts what it should decrypt. | 11:52:42 |
