~ehmry/genodepkgs

Genode Nix expressions
Update Genode sources to latest master
Add Cachix note to README
solo5: 0.6.6 -> 0.6.7

clone

read-only
https://git.sr.ht/~ehmry/genodepkgs
read/write
git@git.sr.ht:~ehmry/genodepkgs

You can also use your local clone with git send-email.

``     ______                     __           __
`     / ____/__  ____  ____  ____/ /__  ____  / / ____ ______
     / / __/ _ \/ __ \/ __ \/ __  / _ \/ __ \/ / / __ `/ ___/
    / /_/ /  __/ / / / /_/ / /_/ /  __/ /_/ / , \ /_/ (__  )
`   \____/\___/_/ /_/\____/\__,_/\___/ .___/_/ \_\_, /____/
``                                  /_/        /____/

Genodepkgs is nexus of Nix expressions related to the Genode OS framework.

IRC

Mailing list

Sotest

Cachix

#Current status

Work here has slowed as effort is focused on a native Dhall evaluator for Genode. This will allow for dynamic on-target reconfiguration.

#Repository layout

#Installation

This repository contains an experimental NixOS module that can be used to build and boot Genode using a shared Nix store. Hardware support is limited, and the system does not support any dynamic reconfiguration.

NixOS must be installed on the target first, with many caveats. First of which, the block driver is hard-coded to use the media on the first AHCI port, port selection or NVMe simply hasn't been implemented within the Nix module.

These instructions are non-normative have not be tested exactly as follows. This probably wont work for you.

#Step 1: Install NixOS

Format the first AHCI drive with a GUID Partition Table. /nix/store must be placed on a partition with the partition type 24b69406-18a1-428d-908e-d21a1437122c and formatted with an Ext2 file-system. Install NixOS, using Grub to boot. Use the nixos-unstable channel. See https://nixos.org/nixos/manual/index.html#ch-installation.

#Step 2: Build Genode

As mentioned before, the NixOS installation must be built from the nixos-unstable channel. This is to ensure that the nixos-rebuild utility is built with suport for taking configuration from Nix flakes.

Create a file a /etc/nixos/flake.nix (or study the nixos-rebuild manual) with something similar to the following content:

{
  description = "Example configuration flake";

  inputs = {
    genodepkgs.url = "git+https://git.sr.ht/~ehmry/genodepkgs";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  };

  outputs = { self, genodepkgs, nixpkgs }: {

    nixosConfigurations.${your-hostname-here} = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [

        ./configuration.nix

        genodepkgs.nixosModules.genodeHost

        {
          genode.fbDriver = "intel"; # or "vesa"
          genode.guests = {
            # Add two NixOS guest VMs to the Genode side:

            nixos = {
              config = { config, lib, pkgs, ... }: {
                users.users.root.password = "nixos";
                services.openssh.permitRootLogin = lib.mkDefault "yes";
                services.mingetty.autologinUser = lib.mkDefault "root";
              };
            };

            tor-browser = {
              memorySize = 1024;
              config = { config, lib, pkgs, ... }: {
                services.cage = {
                  enable = true;
                  program = "${pkgs.tor-browser-bundle-bin}/bin/tor-browser";
                };
                users.users.demo.isNormalUser = true;
              };
            };

          };

        }
      ];
    };
  };

}

Do a nixos-rebuild boot. Grub must be in use, UEFI booting is optional.

#Reboot

Reboot and select the Genode entry from the Grub menu. Hopefully the display will come up quickly, and the VMs will boot. The VMs will take a long time to come up initially, this is because the VDI disk images are copied from /nix/store to a mutable area of the file-system.

Thats all for now, patches are welcome.

#Contributing

Patches can be submitted and issues reported via the mailing list. The mailing list is the minimum viable mechanism for community development, and may be replaced later.

The worksites at the moment are:

  • Documentation

  • Packaging multi-component scenarios

  • Graphical launcher

  • Port Boehm-Demers-Weiser GC to Genode

  • ARM, i686

  • Patching standard Nixpkgs packages by overlay. Explore Workflow and tooling for building emulated UNIX environments.

  • LLVM testing and upstreaming patches.

  • Formalizing Dhall configuration types.

  • NixOS modules for constructing a reasonably usable Genode system. Reusing the module system from NixOS is advantageous because a dual boot system can share a /nix/store and be updated simultaneously.

  • NixOS module for NixOS guests with the ARM VMM.

  • Configuration validation via a service routing prover.

  • Fix Ncurses build

#Nix Flakes

This repository is structured as a Nix flake, which is an experimental extension of Nix tooling. See https://www.tweag.io/posts/2020-05-25-flakes.html for an introduction and tutorial.

#Build Caching

A binary cache is graciously provided by Cachix, the following link provides instructions for enabling: https://app.cachix.org/cache/genodepkgs

#Building from flakes

$ git clone https://git.sr.ht/~ehmry/genodepkgs
$ cd genodepkgs
$ nix build .#checks.x86_64-linux.nova-x86

# View the log if the result is already cached:
$ nix log .#checks.x86_64-linux.nova-x86

#Packaging

Packaging is done using standard Nixpkgs methods, a stdenv is available for cross-compilation. See Solo5 as an example.

#Cross-compiling Nixpkgs

Some existing packages from Nixpkgs can be built with little or no modification. Nixpkgs is available at the path .#legacyPackages.x86_64-linux-x86_64-genode (or …-aarch64-genode) and modifications to packages are made at an overlay. Some packages need patched, others require additional features added to the Genode libc.

Packages that run on Linux as well as Genode should not be packaged here, those should be added to Nixpkgs.

#Toolchain

The Genode Labs toolchain is available here only for Linux and in binary form. However, an experimental LLVM cross-compiler is provided here. Bootstrapping GCC has not been practical due to its recursive autotools build system.

The enter a shell with the toolchain:

nix shell .#legacyPackages.x86_64-linux-x86_64-genode.stdenv.cc

x86_64-unknown-genode-clang++ -v

#Testing

Tests are performed using QEMU, the test artifacts are built as follows:

# Build a test log from a QEMU test run:
nix build .#checks.x86_64-linux.nova-x86

# Build a tarball of the Nix store internal to a test VM:
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.store

# Build the XML configuration of the test VM:
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.xml

# Build the Dhall boot description of the test run:
nix build .#checks.x86_64-linux.nova-x86.nodes.machine.config

#System description format

The high-level interface to system building are boot descriptions. These Dhall documents describe the configuration of an Init instance and a store of ROM (Read-Only Memory) modules. These description can be used to build firmware-like binary images or merged and nested within other descriptions. In theory these descriptions can arrange file-systems, but those functions are missing.

The description schema is documented as code: https://git.sr.ht/~ehmry/dhall-genode/tree/master/Boot/package.dhall

#Tips and tricks

#How to build a Genode make target?

let flake = getFlake "genodepkgs";
in flake.packages.x86_64-linux-x86_64-genode.genodeSources.make "app/ping"

#How to build a Genode depot package?

let flake = getFlake "genodepkgs";
in flake.packages.x86_64-linux-x86_64-genode.genodeSources.depot "wifi_drv"

#How to add missing ports to a depot package?

The missing ports as indicated by a depot build failure must be added to targets.nix. To continue from the previous example, this would be sufficient:

{
  wifi_drv = { portInputs = [ dde_linux libc openssl ]; };
}

#How to add undefined ports?

Should a required port not be defined, it must be added to ports.nix. Initially it should be sufficient to define the port as an empty attribute set, run the build again, and then add the hash found in the successive build error.

To continue from the previous example:

{
  dde_linux = { };
}

And after the reattempting the build a fixed-output hash should be produced, this must now be added to the port definitions.

{
  dde_linux = {
    hash = "sha256-3G5Mprv9ZBNhDJRuVF6Nrkp3KbFaN10IKFq0OdyAY9M="; };
}

Should the port preparation fail do to missing utilities, these must be added to the port definition using a nativeBuildInputs attribute.

Note that the hash checked into ports.nix is an output hash. The port hash within the Genode source tree is an explicit input hash and the output of the port preparation is non-deterministic.

#Enter an environment compatible with the Genode Labs build scripts

nix dev-shell genodepkgs
cd $GENODE_DIR
make -C build/x86_64 run/bomb

#Glossary

Some of terms that follow are necessary for understanding packaging methodology, Others are simply introduced as an aid to the reader:

  • Upstream - repositories packaged by expressions in this repository

  • Downstream - repositories depending on this repository

  • OS ABI - The binary interface to an operating system. In the case of Genode this does not include kernel interfaces, as system calls are abstracted via dynamically linked procedures.

  • localSystem - the CPU and OS ABI pair used to evaluate and compile packages. Genode cannot natively instantiate Nix derivations, therefore it cannot be a localSystem ABI.

  • crossSystem - the target CPU and OS ABI pair for packages. In the common case the ABI will be Genode. In the case of tooling it may be the same as localSystem. For software that runs bare-metal the CPU is significant but ABI is irrelevant.

  • buildPlatform - equivalent to localSystem.

  • hostPlatform - the platform on which a package will execute.

  • targetPlatform - the platform for which a package will produce artifacts. This is only significant for software such as compilers. The respective build, host, and target platform of a compiler that was built on a Solaris, executes on Genode, and produces only Haiku binaries would be Solaris, Genode, and Haiku.

  • Flake - a code repository containing a flake.nix file describing dependency repositories. The evaluation of flakes may only form ascyclic graphs. Repositories packaged here may themselves contain a flake.nix file that refers to this repository, but these repositories cannot be inputs to the Genodepkgs flake.

  • Genode core - Genode component of highest privilege. The core is located conceptually at the bottom and root of the component tree. Core might be directly above the kernel, or acting as the kernel. The role of core is a subset of the role of the kernel in a monolithic system.

  • Lower - lowering a subsystem is moving it closer to the Genode core and increasing privilege.

  • Raise - raising a subsystem is moving it further away from the Genode core and decreasing privilege.

  • Package - undefined

This repository is published under MIT licensing consistent with Nixpkgs.

Note: MIT license does not apply to the packages built by Nixpkgs, merely to the files in this repository (the Nix expressions, build scripts, NixOS modules, etc.). It also might not apply to patches included in Nixpkgs, which may be derivative works of the packages to which they apply. The aforementioned artifacts are all covered by the licenses of the respective packages.