add riscv64 kexec image

2024-06-23 15:13:27 +02:00 · 2024-06-23 15:13:27 +02:00 · 2d72a425a2
commit 2d72a425a2
parent 6d917c1e38
4 changed files with 106 additions and 40 deletions
--- a/README.md
+++ b/README.md
@ -36,7 +36,7 @@ integration into automated nixos installation scripts, since you can cleanly
 disconnect from the running machine before the kexec takes place. The tarball
 is also designed to be run from NixOS, which can be useful for new installations

-## Iso installer images
+## ISO installer images

 This image allows to boot a NixOS installer off a USB-Stick.
 This installer has been optimized for remote installation i.e.
--- a/flake.nix
+++ b/flake.nix
@ -5,20 +5,39 @@
  inputs.nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.05";

  nixConfig.extra-substituters = [ "https://nix-community.cachix.org" ];
-  nixConfig.extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
+  nixConfig.extra-trusted-public-keys = [
+    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+  ];

-  outputs = { self, nixos-unstable, nixos-stable }:
-    let
-      supportedSystems = [ "aarch64-linux" "x86_64-linux" ];
-      forAllSystems = nixos-unstable.lib.genAttrs supportedSystems;
-    in
+  outputs =
    {
-      packages = forAllSystems (system:
+      self,
+      nixos-unstable,
+      nixos-stable,
+    }:
+    let
+      supportedSystems = [
+        "aarch64-linux"
+        "x86_64-linux"
+      ];
+      forAllSystems = nixos-unstable.lib.genAttrs supportedSystems;
+
+      packages = forAllSystems (
+        system:
        let
          netboot = nixpkgs: (import (nixpkgs + "/nixos/release.nix") { }).netboot.${system};
-          kexec-installer = nixpkgs: modules: (nixpkgs.legacyPackages.${system}.nixos (modules ++ [ self.nixosModules.kexec-installer ])).config.system.build.kexecTarball;
-          netboot-installer = nixpkgs: (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.netboot-installer ]).config.system.build.netboot;
-          image-installer = nixpkgs: (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.image-installer ]).config.system.build.isoImage;
+          kexec-installer =
+            nixpkgs: modules:
+            (nixpkgs.legacyPackages.${system}.nixos (modules ++ [ self.nixosModules.kexec-installer ]))
+            .config.system.build.kexecTarball;
+          netboot-installer =
+            nixpkgs:
+            (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.netboot-installer ])
+            .config.system.build.netboot;
+          image-installer =
+            nixpkgs:
+            (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.image-installer ])
+            .config.system.build.isoImage;
        in
        {
          netboot-nixos-unstable = netboot nixos-unstable;
@ -30,21 +49,40 @@
          image-installer-nixos-stable = image-installer nixos-stable;

          kexec-installer-nixos-unstable-noninteractive = kexec-installer nixos-unstable [
-            {
-              system.kexec-installer.name = "nixos-kexec-installer-noninteractive";
-            }
+            { system.kexec-installer.name = "nixos-kexec-installer-noninteractive"; }
            self.nixosModules.noninteractive
          ];
          kexec-installer-nixos-stable-noninteractive = kexec-installer nixos-stable [
-            {
-              system.kexec-installer.name = "nixos-kexec-installer-noninteractive";
-            }
+            { system.kexec-installer.name = "nixos-kexec-installer-noninteractive"; }
            self.nixosModules.noninteractive
          ];

          netboot-installer-nixos-unstable = netboot-installer nixos-unstable;
          netboot-installer-nixos-stable = netboot-installer nixos-stable;
-        });
+        }
+      );
+
+      crossPackages = {
+        x86_64-linux =
+          let
+            kexec-installer =
+              nixpkgs: modules:
+              (nixpkgs.legacyPackages.x86_64-linux.pkgsCross.riscv64.nixos (
+                modules
+                ++ [
+                  self.nixosModules.kexec-installer
+                  self.nixosModules.noninteractive
+                ]
+              )).config.system.build.kexecTarball;
+          in
+          {
+            kexec-installer-nixos-unstable-noninteractive-riscv64 = kexec-installer nixos-unstable [ ];
+            kexec-installer-nixos-stable-noninteractive-riscv64 = kexec-installer nixos-stable [ ];
+          };
+      };
+    in
+    {
+      packages = nixos-unstable.lib.recursiveUpdate packages crossPackages;
      nixosModules = {
        kexec-installer = ./nix/kexec-installer/module.nix;
        noninteractive = ./nix/noninteractive.nix;
@ -55,7 +93,12 @@
      checks =
        let
          # re-export the packages as checks
-          packages = forAllSystems (system: nixos-unstable.lib.mapAttrs' (n: nixos-unstable.lib.nameValuePair "package-${n}") self.packages.${system});
+          packages = forAllSystems (
+            system:
+            nixos-unstable.lib.mapAttrs' (
+              n: nixos-unstable.lib.nameValuePair "package-${n}"
+            ) self.packages.${system}
+          );
          checks =
            let
              pkgs = nixos-unstable.legacyPackages.x86_64-linux;
@ -64,16 +107,13 @@
              kexec-installer-unstable = pkgs.callPackage ./nix/kexec-installer/test.nix {
                kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-unstable-noninteractive;
              };
-              shellcheck = pkgs.runCommand "shellcheck"
-                {
-                  nativeBuildInputs = [ pkgs.shellcheck ];
-                } ''
-                shellcheck ${(pkgs.nixos [self.nixosModules.kexec-installer]).config.system.build.kexecRun}
+              shellcheck = pkgs.runCommand "shellcheck" { nativeBuildInputs = [ pkgs.shellcheck ]; } ''
+                shellcheck ${(pkgs.nixos [ self.nixosModules.kexec-installer ]).config.system.build.kexecRun}
                touch $out
              '';
-              kexec-installer-stable = nixos-stable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {
-                kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-stable-noninteractive;
-              };
+              kexec-installer-stable =
+                nixos-stable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix
+                  { kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-stable-noninteractive; };
            };
        in
        nixos-unstable.lib.recursiveUpdate packages { x86_64-linux = checks; };
--- a/nix/kexec-installer/module.nix
+++ b/nix/kexec-installer/module.nix
@ -1,10 +1,33 @@
-{ config, lib, modulesPath, pkgs, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
 let
-  restore-network = pkgs.writers.writePython3 "restore-network" { flakeIgnore = [ "E501" ]; }
-    ./restore_routes.py;
+  restore-network = pkgs.writers.writePython3 "restore-network" {
+    flakeIgnore = [ "E501" ];
+  } ./restore_routes.py;

  # does not link with iptables enabled
  iprouteStatic = pkgs.pkgsStatic.iproute2.override { iptables = null; };
+
+  kexec-tools = pkgs.pkgsStatic.kexec-tools.overrideAttrs (old: {
+    patches = old.patches ++ [
+      (pkgs.fetchpatch {
+        url = "https://marc.info/?l=kexec&m=166636009110699&q=mbox";
+        hash = "sha256-wi0/Ajy/Ac+7npKEvDsMzgNhEWhOMFeoUWcpgGrmVDc=";
+      })
+    ];
+
+    nativeBuildInputs = (old.nativeBuildInputs or []) ++ [
+      pkgs.pkgsStatic.buildPackages.autoreconfHook
+    ];
+    meta = old.meta // {
+      badPlatforms = [ ]; # allow riscv64
+    };
+  });
 in
 {
  imports = [
@ -27,23 +50,25 @@ in
  config = {
    # This is a variant of the upstream kexecScript that also allows embedding
    # a ssh key.
-    system.build.kexecRun = pkgs.runCommand "kexec-run" { } ''
-      install -D -m 0755 ${./kexec-run.sh} $out
+    system.build.kexecRun =
+      pkgs.runCommand "kexec-run" { nativeBuildInputs = [ pkgs.buildPackages.shellcheck ]; }
+        ''
+          install -D -m 0755 ${./kexec-run.sh} $out

-      sed -i \
-        -e 's|@init@|${config.system.build.toplevel}/init|' \
-        -e 's|@kernelParams@|${lib.escapeShellArgs config.boot.kernelParams}|' \
-        $out
+          sed -i \
+            -e 's|@init@|${config.system.build.toplevel}/init|' \
+            -e 's|@kernelParams@|${lib.escapeShellArgs config.boot.kernelParams}|' \
+            $out

-      ${pkgs.shellcheck}/bin/shellcheck $out
-    '';
+          shellcheck $out
+        '';

    system.build.kexecTarball = pkgs.runCommand "kexec-tarball" { } ''
      mkdir kexec $out
      cp "${config.system.build.netbootRamdisk}/initrd" kexec/initrd
      cp "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}" kexec/bzImage
      cp "${config.system.build.kexecRun}" kexec/run
-      cp "${pkgs.pkgsStatic.kexec-tools}/bin/kexec" kexec/kexec
+      cp "${kexec-tools}/bin/kexec" kexec/kexec
      cp "${iprouteStatic}/bin/ip" kexec/ip
      ${lib.optionalString (pkgs.hostPlatform == pkgs.buildPlatform) ''
        kexec/ip -V
--- a/nix/zfs-minimal.nix
+++ b/nix/zfs-minimal.nix
@ -5,8 +5,9 @@ let
    # this overrides saves 10MB
    samba = pkgs.coreutils;
  };
+  hasZfs = lib.meta.availableOn pkgs.stdenv.hostPlatform config.boot.zfs.package;
 in
-{
+lib.mkIf hasZfs {
  services.udev.packages = [ zfs ]; # to hook zvol naming, etc.
  # unsure if need this, but in future udev rules could potentially point to systemd services.
  systemd.packages = [ zfs ];