From 2576c66e4725d6829e602c15f8f95861a36fe383 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 1 Dec 2025 08:00:00 +0100 Subject: [PATCH 01/15] image: operating-system-for-image: Support AArch64 iso. Let the user decide for grub/grub-efi in cases where grub-hybrid is unsupported. This is the case on aarch64, where grub-pc is not supported, so only grub-efi can be used. * gnu/system/image.scm (operating-system-for-image): Do not replace bootloader with grub-mkrescue-bootloader for iso9660 when grub-hybrid is not supported. Change-Id: Icd2b68155935b1d9599c1b0df22f0c80a2e36d6a Signed-off-by: Rutherther --- gnu/system/image.scm | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/gnu/system/image.scm b/gnu/system/image.scm index 0101fe3d6eb..9e9b7cbba47 100644 --- a/gnu/system/image.scm +++ b/gnu/system/image.scm @@ -985,11 +985,16 @@ it can be used for bootloading." file-systems #:volatile-root? volatile-root? rest))) - (bootloader (if (eq? format 'iso9660) + ;; Only replace with grub-mkrescue-bootloader if grub-pc + ;; is supported. AArch64 doesn't support it. In such + ;; cases, respect bootloader of the system. Still, + ;; for now make-iso9660-image installs only GRUB. + (bootloader (if (and (eq? format 'iso9660) + (supported-package? grub-hybrid)) (bootloader-configuration - (inherit - (operating-system-bootloader base-os)) - (bootloader grub-mkrescue-bootloader)) + (inherit + (operating-system-bootloader base-os)) + (bootloader grub-mkrescue-bootloader)) (operating-system-bootloader base-os))) (file-systems (cons (file-system (mount-point "/") From 20157dae27d3ed2c754a5c15aa001f6c268366c3 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 1 Dec 2025 08:02:24 +0100 Subject: [PATCH 02/15] image: Add qcow2-gpt image type. qcow2 is a mbr-hybrid image. But on aarch64, we have to use grub-efi bootloader. For that bootloader, gpt should be used and Guix errors if it isn't (due to failed check in Guix code). So it's impossible to generate qcow2 type aarch64 image without using customized bootloader. One would have to define their own image instead of using the ones pre-defined. * gnu/system/system.scm (qcow2-gpt-image-type): New variable. * doc/guix.texi: Document qcow2-gpt and its use. Change-Id: I93f0880c7ca2d3f934067c12dd1143ad20828333 Signed-off-by: Rutherther --- doc/guix.texi | 17 +++++++++++++++-- gnu/system/image.scm | 11 +++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index fc25b653f32..55d3af16426 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -47841,7 +47841,9 @@ machine. The @code{grub-bootloader} bootloader is always used independently of what is declared in the @code{operating-system} file passed as argument. This is to make it easier to work with QEMU, which uses the SeaBIOS BIOS by default, expecting a bootloader to be installed -in the Master Boot Record (MBR). +in the Master Boot Record (MBR). In case the virtual machine is +going to be AArch64, you might want to take a look at @code{qcow2-gpt} +image type that installs bootloader only in EFI. @cindex docker-image, creating docker images When using the @code{docker} image type, a Docker image is produced. @@ -54765,7 +54767,18 @@ Build an image based on the @code{efi32-disk-image} image. @defvar qcow2-image-type Build an image based on the @code{mbr-disk-image} image but with the -@code{compressed-qcow2} image format. +@code{compressed-qcow2} image format. The resulting image will have +an MBR embedded bootloader as well as an EFI bootloader. This image +is not suitable for architectures that do not support `grub-pc`, +such as AArch64. See @code{qcow2-gpt-image-type} for an alternative. +@end defvar + +@defvar qcow2-gpt-image-type +Build an image based on the @code{efi-disk-image} image but with the +@code{compressed-qcow2} image format. The resulting image will have +only EFI bootloader, unlike @code{qcow2-image-type}. This image +is suitable for architectures that do not support `grub-pc`, such +as AArch64. @end defvar @defvar iso-image-type diff --git a/gnu/system/image.scm b/gnu/system/image.scm index 9e9b7cbba47..de975360ae9 100644 --- a/gnu/system/image.scm +++ b/gnu/system/image.scm @@ -98,6 +98,7 @@ efi-raw-image-type efi32-raw-image-type qcow2-image-type + qcow2-gpt-image-type iso-image-type uncompressed-iso-image-type docker-image-type @@ -265,6 +266,16 @@ set to the given OS." (format 'compressed-qcow2)) <>)))) +(define qcow2-gpt-image-type + (image-type + (name 'qcow2-gpt) + (constructor (cut image-with-os + (image + (inherit efi-disk-image) + (name 'image.qcow2) + (format 'compressed-qcow2)) + <>)))) + (define iso-image-type (image-type (name 'iso9660) From efc32c6684f75531cfd600874ba5d23a0bd643b9 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Thu, 18 Dec 2025 19:10:02 +0100 Subject: [PATCH 03/15] image: Add /boot/efi filesystem if operating-system specifies it. Instead of forgetting about the /boot/efi system completely, re-add it with proper label. This way lightweight.tmpl, desktop.tmpl still boot when supplied to guix system image. That was the reason for removing /boot/efi file-system in the first place. Removing it however means the target system cannot be reconfigured by default, as the esp is not mounted. * gnu/system/image.scm (partition-has-flag?): New variable. (root-partition?): Use it. (find-partition-with-flag): New variable. (find-root-partition): Use it. (find-esp-partition): New variable. (operating-system-for-image): Add /boot/efi file-system with proper label instead of removing it completely. Change-Id: I3ef2120059d8bbf76170d10ae718cb0de637f453 Signed-off-by: Rutherther --- gnu/system/image.scm | 57 ++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/gnu/system/image.scm b/gnu/system/image.scm index de975360ae9..df7fa2c3905 100644 --- a/gnu/system/image.scm +++ b/gnu/system/image.scm @@ -363,16 +363,27 @@ set to the given OS." (guix build utils)) gexp* ...)))) +(define (partition-has-flag? partition flag) + "Return true if PARTITION's flags include FLAG." + (member flag (partition-flags partition))) + +(define (find-partition-with-flag image flag) + "Return partition of the given IMAGE that has FLAG, or #f if not found." + (srfi-1:find (cut partition-has-flag? <> flag) + (image-partitions image))) + (define (root-partition? partition) "Return true if PARTITION is the root partition, false otherwise." - (member 'boot (partition-flags partition))) + (partition-has-flag? partition 'boot)) (define (find-root-partition image) - "Return the root partition of the given IMAGE." - (or (srfi-1:find root-partition? (image-partitions image)) + (or (find-partition-with-flag image 'boot) (raise (formatted-message (G_ "image lacks a partition with the 'boot' flag"))))) +(define (find-esp-partition image) + (find-partition-with-flag image 'esp)) + (define (root-partition-index image) "Return the index of the root partition of the given IMAGE." (1+ (srfi-1:list-index root-partition? (image-partitions image)))) @@ -980,6 +991,19 @@ it can be used for bootloading." (let* ((root-file-system-type (image->root-file-system image)) (base-os (image-operating-system image)) + (esp-partition (find-esp-partition image)) + ;; In case the user has added /boot/efi file-system, + ;; try to respect it and add a file-system pointing + ;; to the correct esp. + (wants-boot-efi? (and + (srfi-1:any + (lambda (fs) + (let ((mount-point (file-system-mount-point fs))) + (string=? mount-point "/boot/efi"))) + (operating-system-file-systems base-os)) + esp-partition)) + ;; Replace root file system with one with proper UUID that the + ;; target image will have. Similarly for /boot/efi. (file-systems-to-keep (srfi-1:remove (lambda (fs) @@ -1006,19 +1030,22 @@ it can be used for bootloading." (inherit (operating-system-bootloader base-os)) (bootloader grub-mkrescue-bootloader)) - (operating-system-bootloader base-os))) - (file-systems (cons (file-system - (mount-point "/") - (device "/dev/placeholder") - (type root-file-system-type)) - file-systems-to-keep)))) + (operating-system-bootloader base-os))))) (uuid (root-uuid os))) - (operating-system - (inherit os) - (file-systems (cons (file-system - (mount-point "/") - (device uuid) - (type root-file-system-type)) + (operating-system + (inherit os) + (file-systems (append + (list (file-system + (mount-point "/") + (device uuid) + (type root-file-system-type))) + (if wants-boot-efi? + (list (file-system + (mount-point "/boot/efi") + (type "vfat") + (device (file-system-label + (partition-label esp-partition))))) + '()) file-systems-to-keep))))) (define* (system-image image) From 5623e6331342c232a6816073bae9e3d9928ac884 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 1 Dec 2025 08:15:13 +0100 Subject: [PATCH 04/15] system: installation-os: Support efi-only. Aarch64 doesn't support grub-pc, so we cannot use the regular grub-bootloader, grub-efi-bootloader has to be used. Since neither packages nor bootloader are thunked, there seems to be no other choice than using something from the outside environment, such as an environment variable to decide what bootloader to use. For convenience, a procedure is made to be used from other Guile code, instead of relying on environment variables. * gnu/system/install.scm (make-installation-os): New variable; Use grub-efi-bootloader when efi-only? is #t; Use bootloader package in packages instead of grub-pc. (installation-os): Replace with call of make-installation-os with default arguments. Change-Id: I34ec8da6079617f39805b3e1168bad4a42d84cab Signed-off-by: Rutherther --- gnu/installer.scm | 4 +- gnu/system/install.scm | 139 +++++++++++++++++++++++++++-------------- 2 files changed, 94 insertions(+), 49 deletions(-) diff --git a/gnu/installer.scm b/gnu/installer.scm index 4acad60f214..d905ffa7957 100644 --- a/gnu/installer.scm +++ b/gnu/installer.scm @@ -374,7 +374,7 @@ purposes." `(channel ,(channel-name channel) ,url ,(channel-commit channel)))) channels)))) -(define* (installer-program #:key dry-run?) +(define* (installer-program #:key dry-run? (guix-for-installer (current-guix))) "Return a file-like object that runs the given INSTALLER." (define init-gettext ;; Initialize gettext support, so that installer messages can be @@ -423,7 +423,7 @@ purposes." guile-gnutls guile-zlib ;for (gnu build linux-modules) guile-zstd ;for (gnu build linux-modules) - (current-guix)) + guix-for-installer) (with-imported-modules `(,@(source-module-closure `(,@modules (gnu services herd) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 5041dadf15d..06fed8cae9a 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -28,6 +28,7 @@ #:use-module (gnu) #:use-module (gnu system) #:use-module (gnu system privilege) + #:use-module (gnu bootloader) #:use-module (gnu bootloader u-boot) #:use-module (guix gexp) #:use-module (guix store) @@ -64,6 +65,7 @@ #:use-module (gnu packages xorg) #:use-module (ice-9 match) #:export (installation-os + make-installation-os a20-olinuxino-lime-installation-os a20-olinuxino-lime2-emmc-installation-os a20-olinuxino-micro-installation-os @@ -334,10 +336,29 @@ templates under @file{/etc/configuration}."))) "Load the @code{uvesafb} kernel module with the right options.") (default-value #t))) -(define* (%installation-services #:key (system (or (and=> - (%current-target-system) - platform-target->system) - (%current-system)))) +(define (guix-package-commit guix) + ;; Extract the commit of the GUIX package. + (match (package-source guix) + ((? channel? source) + (channel-commit source)) + (_ + (apply (lambda* (#:key commit #:allow-other-keys) commit) + (package-arguments guix))))) + +(define* (%installation-services + #:key + (system (or (and=> + (%current-target-system) + platform-target->system) + (%current-system))) + (guix-for-system + (let ((guix (current-guix))) + (package + (inherit guix) + ;; Do not leak the local checkout URL. + (source (channel + (inherit %default-guix-channel) + (commit (guix-package-commit guix)))))))) ;; List of services of the installation system. (let ((motd (plain-file "motd" " \x1b[1;37mWelcome to the installation of GNU Guix!\x1b[0m @@ -355,15 +376,6 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m (define bare-bones-os (load "examples/bare-bones.tmpl")) - (define (guix-package-commit guix) - ;; Extract the commit of the GUIX package. - (match (package-source guix) - ((? channel? source) - (channel-commit source)) - (_ - (apply (lambda* (#:key commit #:allow-other-keys) commit) - (package-arguments guix))))) - (append ;; Generic services (list (service virtual-terminal-service-type) @@ -371,7 +383,8 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m (service kmscon-service-type (kmscon-configuration (virtual-terminal "tty1") - (login-program (installer-program)))) + (login-program (installer-program + #:guix-for-installer guix-for-system)))) (service login-service-type (login-configuration @@ -408,13 +421,7 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m ;; Install and run the current Guix rather than an older ;; snapshot. - (guix (let ((guix (current-guix))) - (package - (inherit guix) - ;; Do not leak the local checkout URL. - (source (channel - (inherit %default-guix-channel) - (commit (guix-package-commit guix))))))))) + (guix guix-for-system))) ;; Start udev so that useful device nodes are available. ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for @@ -525,19 +532,52 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m jfsutils xfsprogs)) -(define installation-os +(define* (%installation-initrd-modules + #:key + (system (or (and=> + (%current-target-system) + platform-target->system) + (%current-system)))) + ;; AArch64 currently lacks a lot of modules necessary + ;; for booting from USB sticks, hard disks or + ;; CDROMs. Those are built-in in x86_64 kernel. + `(,@(if (target-aarch64? system) + '("sr_mod" "sd_mod" + "usb_common" "usbcore" + ;; USB 3.0 + "xhci_pci" "xhci_hcd" + ;; embedded USB 3.0 + "xhci_plat_hcd" + ;; USB 2.0 + "ehci_pci" "ehci_hcd") + '()) + ,@%base-initrd-modules)) + +(define* (make-installation-os #:key + ;; Version displayed in the GRUB entry name. + (grub-displayed-version + (package-version guix)) + ;; Whether to use efi-only installation. + ;; When #f, use hybrid grub that sets up + ;; both legacy boot and efi. + (efi-only? #f)) ;; The operating system used on installation images for USB sticks etc. (operating-system (host-name "gnu") (timezone "Europe/Paris") (locale "en_US.utf8") (name-service-switch %mdns-host-lookup-nss) - (bootloader (bootloader-configuration - (bootloader grub-bootloader) - (targets '("/dev/sda")))) - (label (string-append "GNU Guix installation " - (or (getenv "GUIX_DISPLAYED_VERSION") - (package-version guix)))) + + (initrd-modules (%installation-initrd-modules)) + + (bootloader (if efi-only? + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi"))) + (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/sda"))))) + (label (string-append "GNU Guix installation " grub-displayed-version)) ;; XXX: The AMD Radeon driver is reportedly broken, which makes kmscon ;; non-functional: @@ -550,19 +590,19 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m ;; the appropriate one. (append %base-live-file-systems - ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need - ;; elogind's cgroup file systems. - (list %pseudo-terminal-file-system - %shared-memory-file-system - %efivars-file-system - %immutable-store))) + ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need + ;; elogind's cgroup file systems. + (list %pseudo-terminal-file-system + %shared-memory-file-system + %efivars-file-system + %immutable-store))) (users (list (user-account - (name "guest") - (group "users") - (supplementary-groups '("wheel")) ; allow use of sudo - (password "") - (comment "Guest of GNU")))) + (name "guest") + (group "users") + (supplementary-groups '("wheel")) ; allow use of sudo + (password "") + (comment "Guest of GNU")))) (issue %issue) (services (%installation-services)) @@ -570,20 +610,25 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m ;; We don't need setuid programs, except for 'passwd', which can be handy ;; if one is to allow remote SSH login to the machine being installed. (privileged-programs (list (privileged-program - (program (file-append shadow "/bin/passwd")) - (setuid? #t)))) + (program (file-append shadow "/bin/passwd")) + (setuid? #t)))) (pam-services ;; Explicitly allow for empty passwords. (base-pam-services #:allow-empty-passwords? #t)) (packages (append - (list glibc ; for 'tzselect' & co. - fontconfig - font-dejavu font-gnu-unifont - grub) ; mostly so xrefs to its manual work - %installer-disk-utilities - %base-packages)))) + (list glibc ; for 'tzselect' & co. + fontconfig + font-dejavu font-gnu-unifont + + ;; Mostly so xrefs to its manual work. + (bootloader-package + (bootloader-configuration-bootloader bootloader))) + %installer-disk-utilities + %base-packages)))) + +(define installation-os (make-installation-os)) (define* (os-with-u-boot os board #:key (bootloader-target "/dev/mmcblk0") (triplet "arm-linux-gnueabihf")) From 08016049908b732c1b26922fe47bd3c2755100f6 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 1 Dec 2025 19:39:53 +0100 Subject: [PATCH 05/15] gnu: make-iso9660-image: Do not compress any kernel, compress man pages. Because the linux image is called differently based on the architectures, see system-linu/-image-file-name from gnu/system.scm, the kernel image on aarch64, mips and armhf has still been compressed. This means that grub cannot boot. Man pages have moved from gz to zst, so compress them as well. * gnu/build/image.scm (make-iso9660-image): Do not compress Image, vmlinuz and zImage; Compress all man pages. Change-Id: I68b35f383c84ff231865d580aa9e79d9fd88ace1 Signed-off-by: Rutherther --- gnu/build/image.scm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gnu/build/image.scm b/gnu/build/image.scm index d68fb29e05a..53c75839bab 100644 --- a/gnu/build/image.scm +++ b/gnu/build/image.scm @@ -428,7 +428,11 @@ GRUB configuration and OS-DRV as the stuff in it." "-not" "-wholename" "/System/*" "-not" "-name" "unicode.pf2" "-not" "-name" "bzImage" - "-not" "-name" "*.gz" ; initrd & all man pages + "-not" "-name" "zImage" + "-not" "-name" "Image" + "-not" "-name" "vmlinuz" + "-not" "-name" "*.gz" ; initrd + "-not" "-name" "*.zst" ; all man pages "-not" "-name" "*.png" ; includes grub-image.png "-exec" "set_filter" "--zisofs" "--") From 9e7e40b8bd1410dfcad6cbface22b1c31e665401 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 22 Dec 2025 09:10:41 +0100 Subject: [PATCH 06/15] services: xorg: Return only supported packages in %default-xorg-modules. The xorg modules are used inside of services that's thunked. So we can make them depend on the %current-system. * gnu/services/xorg.scm (default-xorg-modules): New variable. (%default-xorg-modules): Return result of (default-xorg-modules). Change-Id: I10f722e52d598ce3e83ef3f200b3bd953bc08e17 Signed-off-by: Rutherther --- etc/manifests/cross-compile.scm | 14 ++++++---- gnu/services/xorg.scm | 48 ++++++++++++++++++++------------- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/etc/manifests/cross-compile.scm b/etc/manifests/cross-compile.scm index 44a6407b0c3..776da581cf9 100644 --- a/etc/manifests/cross-compile.scm +++ b/etc/manifests/cross-compile.scm @@ -71,18 +71,21 @@ TARGET." "connman" "network-manager" "wpa-supplicant" "isc-dhcp" "cups" "linux-libre" "grub-hybrid"))) -(define %system-gui-packages +(define (%system-gui-packages target) ;; Key packages proposed by the Guix System installer. (append (map specification->package '(;; build system `python' does not support cross builds - ;"gnome" "xfce" "mate" "openbox" + ;"gnome" "xfce" "mate" "openbox" "awesome" "i3-wm" "i3status" "dmenu" "st" "ratpoison" "xterm" ;; build system `emacs' does not support cross builds - ;"emacs-exwm" "emacs-desktop-environment" + ;"emacs-exwm" "emacs-desktop-environment" "emacs")) - %default-xorg-modules)) + ;; NOTE: %default-xorg-modules depends on system. + (parameterize + ((%current-target-system target)) + %default-xorg-modules))) (define %packages-to-cross-build ;; Packages that must be cross-buildable from x86_64-linux. @@ -151,7 +154,8 @@ TARGET." ;; With a graphical environment: (if (or (target-x86-32? target) (target-aarch64? target)) - %system-gui-packages + ;; %system-gui-packages depends on the system. + (%system-gui-packages target) '())))) (fold delete (map platform-system->target (systems)) '(;; Disable cross-compilation to self: diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index b32a960bcf6..25f44566beb 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -64,6 +64,7 @@ #:use-module ((guix modules) #:select (source-module-closure)) #:use-module (guix packages) #:use-module (guix derivations) + #:use-module (guix platform) #:use-module (guix records) #:use-module (guix deprecation) #:use-module (guix utils) @@ -148,25 +149,36 @@ ;;; ;;; Code: -(define %default-xorg-modules - ;; Default list of modules loaded by the server. When multiple drivers - ;; match, the first one in the list is loaded. - (list xf86-video-vesa - xf86-video-fbdev - xf86-video-amdgpu - xf86-video-ati - xf86-video-cirrus - xf86-video-intel - xf86-video-mach64 - xf86-video-nouveau - xf86-video-nv - xf86-video-sis +(define* (default-xorg-modules + #:optional + (system (or (and=> + (%current-target-system) + platform-target->system) + (%current-system)))) + "Default list of modules loaded by the server. When multiple drivers match, +the first one in the list is loaded." + ;; Return only supported packages, because some aren't supported + ;; on all architectures. + (filter (cut supported-package? <> system) + (list xf86-video-vesa + xf86-video-fbdev + xf86-video-amdgpu + xf86-video-ati + xf86-video-cirrus + xf86-video-intel + xf86-video-mach64 + xf86-video-nouveau + xf86-video-nv + xf86-video-sis - ;; Libinput is the new thing and is recommended over evdev/synaptics: - ;; . - xf86-input-libinput - xf86-input-evdev - xf86-input-mouse)) + ;; Libinput is the new thing and is recommended over evdev/synaptics: + ;; . + xf86-input-libinput + xf86-input-evdev + xf86-input-mouse))) + +(define-syntax %default-xorg-modules + (identifier-syntax (default-xorg-modules))) (define %default-xorg-fonts ;; Default list of fonts available to the X server. From b7a12230525bb0a0481279d7d7c4447f8d01bf13 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 1 Dec 2025 08:09:03 +0100 Subject: [PATCH 07/15] system: vm-image-efi.tmpl: Add example efi vm image. This is a copy of vm-image.tmpl, but with efi bootloader. Since user ends up with this config in their /run/current-user/configuration.scm and the regular way to continue is to copy that file and reconfigure off of it, it seems better to just keep distinct configuration. Moreover xf86-video-intel is removed, because it doesn't compile on aarch64. * gnu/system/examples/vm-image-efi.tmpl Change-Id: I0f72ac5a775339ee84cb1a4046ca5a8deca0e2ea Signed-off-by: Rutherther --- gnu/system/examples/vm-image-efi.tmpl | 161 ++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 gnu/system/examples/vm-image-efi.tmpl diff --git a/gnu/system/examples/vm-image-efi.tmpl b/gnu/system/examples/vm-image-efi.tmpl new file mode 100644 index 00000000000..1bde66c2dd8 --- /dev/null +++ b/gnu/system/examples/vm-image-efi.tmpl @@ -0,0 +1,161 @@ +;; -*- mode: scheme; -*- +;; This is an operating system configuration for a VM image. +;; Modify it as you see fit and instantiate the changes by running: +;; +;; guix system reconfigure /etc/config.scm +;; + +(use-modules (gnu) + (guix) + (srfi srfi-1) + (ice-9 match) + (guix channels) + (gnu system image)) +(use-service-modules desktop mcron networking spice ssh xorg sddm) +(use-package-modules bootloaders fonts + package-management xdisorg xorg) + +(define vm-image-motd (plain-file "motd" " +\x1b[1;37mThis is the GNU system. Welcome!\x1b[0m + +This instance of Guix is a template for virtualized environments. +You can reconfigure the whole system by adjusting /etc/config.scm +and running: + + guix system reconfigure /etc/config.scm + +Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation. + +\x1b[1;33mConsider setting a password for the 'root' and 'guest' \ +accounts.\x1b[0m +")) + +(define (guix-package-commit guix) + ;; Extract the commit of the GUIX package. + (match (package-source guix) + ((? channel? source) + (channel-commit source)) + (_ + (apply (lambda* (#:key commit #:allow-other-keys) commit) + (package-arguments guix))))) + +(operating-system + (host-name "gnu") + (timezone "Etc/UTC") + (locale "en_US.utf8") + (keyboard-layout (keyboard-layout "us" "altgr-intl")) + + ;; Label for the GRUB boot menu. + (label (string-append "GNU Guix " + (or (getenv "GUIX_DISPLAYED_VERSION") + (package-version guix)))) + + (firmware '()) + + ;; On AArch64, support SCSI CDROMs and HDs. + (initrd-modules (cons* "sd_mod" "sr_mod" + %base-initrd-modules)) + + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + (terminal-outputs '(console)))) + (file-systems (cons* (file-system + (mount-point "/") + (device (file-system-label root-label)) + (type "ext4")) + (file-system + (mount-point "/boot/efi") + (device (file-system-label "GNU-ESP")) + (type "vfat")) + %base-file-systems)) + + (users (cons (user-account + (name "guest") + (comment "GNU Guix Live") + (password "") ;no password + (group "users") + (supplementary-groups '("wheel" "netdev" + "audio" "video"))) + %base-user-accounts)) + + ;; Our /etc/sudoers file. Since 'guest' initially has an empty password, + ;; allow for password-less sudo. + (sudoers-file (plain-file "sudoers" "\ +root ALL=(ALL) ALL +%wheel ALL=NOPASSWD: ALL\n")) + + (pam-services + ;; Explicitly allow for empty passwords. + (base-pam-services #:allow-empty-passwords? #t)) + + (packages + (append (list font-bitstream-vera + ;; Auto-started script providing SPICE dynamic resizing for + ;; Xfce (see: + ;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142). + x-resize) + %base-packages)) + + (services + (append (list (service xfce-desktop-service-type) + + ;; Choose SLiM, which is lighter than the default GDM. + (service slim-service-type + (slim-configuration + (auto-login? #t) + (default-user "guest") + (xorg-configuration + (xorg-configuration + ;; The QXL virtual GPU driver is added to provide + ;; a better SPICE experience. + (modules (cons xf86-video-qxl + %default-xorg-modules)) + (keyboard-layout keyboard-layout))))) + + ;; Uncomment the line below to add an SSH server. + ;;(service openssh-service-type) + + ;; Add support for the SPICE protocol, which enables dynamic + ;; resizing of the guest screen resolution, clipboard + ;; integration with the host, etc. + (service spice-vdagent-service-type) + + ;; Use the DHCP client service rather than NetworkManager. + (service dhcpcd-service-type)) + + ;; Remove some services that don't make sense in a VM. + (remove (lambda (service) + (let ((type (service-kind service))) + (or (memq type + (list gdm-service-type + sddm-service-type + wpa-supplicant-service-type + cups-pk-helper-service-type + network-manager-service-type + modem-manager-service-type)) + (eq? 'network-manager-applet + (service-type-name type))))) + (modify-services %desktop-services + (login-service-type config => + (login-configuration + (inherit config) + (motd vm-image-motd))) + + ;; Install and run the current Guix rather than an older + ;; snapshot. + (guix-service-type config => + (guix-configuration + (inherit config) + (guix + (let ((guix (current-guix))) + (package + (inherit guix) + ;; Do not leak the local checkout URL. + (source (channel + (inherit %default-guix-channel) + (commit (guix-package-commit guix))))))))))))) + + ;; Allow resolution of '.local' host names with mDNS. + (name-service-switch %mdns-host-lookup-nss)) From 8ba84edf997a95726d2aa452b0c3e33e6c8a1262 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Mon, 15 Dec 2025 20:53:46 +0100 Subject: [PATCH 08/15] linux-initrd: Support more virtio modules in initrd. Adds mmio and scsi modules for virtio. scsi one is needed for using virtio-scsi-pci, that can be a common option on aarch64, where only two options pop up for mounting disks: - virtio-scsi-pci - virtio-blk While virtio-blk should generally be preferred, sometimes virtio-scsi-pci pops up first on the internet, so people can use it. virtio-mmio is a necessity on Aarch64 for virtio-blk to work. * gnu/system/linux-initrd.scm (default-initrd-modules): Add virtio_mmio and virito_scsi. Change-Id: Ia8fabb5594893ef1712359d27d482d9f44dc89c0 Signed-off-by: Rutherther --- gnu/system/linux-initrd.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm index febfda57785..329ded9f0b0 100644 --- a/gnu/system/linux-initrd.scm +++ b/gnu/system/linux-initrd.scm @@ -366,7 +366,7 @@ FILE-SYSTEMS." (define virtio-modules ;; Modules for Linux para-virtualized devices, for use in QEMU guests. '("virtio_pci" "virtio_balloon" "virtio_blk" "virtio_net" - "virtio_console" "virtio-rng")) + "virtio_console" "virtio-rng" "virtio_mmio" "virtio_scsi")) `("ahci" ;for SATA controllers "usb-storage" "uas" ;for the installation image etc. From 86a6006f41141fcd78cec25e31f93ea85e363c73 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Sun, 7 Dec 2025 11:33:50 +0100 Subject: [PATCH 09/15] Split release Makefile target to two. Due to recent changes, the commit has to be published to create the artifacts. Because of that, split the target to two. * Makefile.am (release): Move first steps to prepare-release (prepare-release): New target; Beginning of release. Change-Id: I325c6dc36f7298482de7797c1e01fdaa70ef80c5 Signed-off-by: Rutherther --- Makefile.am | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index 895465dc969..cca120baa1c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1142,12 +1142,18 @@ system_flags = $(foreach system,$(1),-s $(system)) # 5. Build the installation and VM images. The images will run 'guix' # corresponding to 'vX.Y.Z' + 1 commit, and they will install 'vX.Y.Z'. # -# This 'release' target takes care of everything and copies the resulting -# files to $(releasedir). +# This is split into two targets, because a commit is made that has to be +# pushed to Guix. +# First, 'prepare-release' should be run, doing steps 1 and 2. +# Then, the resulting commit should be pushed so that it's available +# to be downloaded for the system images. +# Afterwards, the 'release' target takes care of the rest. This 'release' +# target takes care of everything and copies the resulting files to +# $(releasedir). # # XXX: Depend on 'dist' rather than 'distcheck' to work around the Gettext # issue described at . -release: dist-with-updated-version all +prepare-release: dist-with-updated-version all @if ! git diff-index --quiet HEAD; then \ echo "There are uncommitted changes; stopping." >&2 ; \ exit 1 ; \ @@ -1165,6 +1171,13 @@ release: dist-with-updated-version all $(top_builddir)/pre-inst-env guix build guix \ $(call system_flags,$(SUPPORTED_SYSTEMS)) \ -v1 --no-grafts --fallback + + @echo + @echo "First step done! Source tarball is ready in $(releasedir)" + @echo "Now push the resulting commit and run `make release`." + @echo + +release: all # Generate the binary release tarballs. rm -f $(BINARY_TARBALLS) $(MAKE) $(BINARY_TARBALLS) From d226cc49339df6c2c13fdb9c2149051f418212ee Mon Sep 17 00:00:00 2001 From: Rutherther Date: Tue, 16 Dec 2025 12:12:37 +0100 Subject: [PATCH 10/15] image: system-iso9660-image: Propagate image-name to derivation name. * gnu/system/image.scm (system-iso9660-image): Use name from image-name instead of hardcoded image.iso. Change-Id: I3cea3857729c2eb7d6728f650db7fb33cf4c8c8a Signed-off-by: Rutherther --- gnu/system/image.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/system/image.scm b/gnu/system/image.scm index df7fa2c3905..7be6a796880 100644 --- a/gnu/system/image.scm +++ b/gnu/system/image.scm @@ -674,6 +674,10 @@ used in the image. " (uuid-bytevector (partition-uuid partition))))) (let* ((os (image-operating-system image)) + (image-name (image-name image)) + (name (if image-name + (symbol->string image-name) + name)) (bootloader (bootloader-package bootloader)) (compression? (image-compression? image)) (substitutable? (image-substitutable? image)) From 105dbf7deec8599b2175bb3a6798ce726ece0154 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Tue, 16 Dec 2025 12:15:12 +0100 Subject: [PATCH 11/15] vm-image.tmpl: Remove current-guix url override. This simplifies things thanks to the release artifacts now, they have been rewritten to Guile and can now supply current-guix-package as a parameter, as was intended. That way the checkout is not leaked for the release artifacts. * gnu/system/examples/vm-image.tmpl (guix-package-commit): Remove variable. (operating-system): Use (current-guix) directly. * gnu/system/examples/vm-image-efi.tmpl: Likewise. Change-Id: Iabf1bb5bbb86b9984bfb87ba0543782a6dce3192 Signed-off-by: Rutherther --- gnu/system/examples/vm-image-efi.tmpl | 18 +----------------- gnu/system/examples/vm-image.tmpl | 19 ++----------------- 2 files changed, 3 insertions(+), 34 deletions(-) diff --git a/gnu/system/examples/vm-image-efi.tmpl b/gnu/system/examples/vm-image-efi.tmpl index 1bde66c2dd8..d264b27a5f4 100644 --- a/gnu/system/examples/vm-image-efi.tmpl +++ b/gnu/system/examples/vm-image-efi.tmpl @@ -30,15 +30,6 @@ Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation. accounts.\x1b[0m ")) -(define (guix-package-commit guix) - ;; Extract the commit of the GUIX package. - (match (package-source guix) - ((? channel? source) - (channel-commit source)) - (_ - (apply (lambda* (#:key commit #:allow-other-keys) commit) - (package-arguments guix))))) - (operating-system (host-name "gnu") (timezone "Etc/UTC") @@ -148,14 +139,7 @@ root ALL=(ALL) ALL (guix-service-type config => (guix-configuration (inherit config) - (guix - (let ((guix (current-guix))) - (package - (inherit guix) - ;; Do not leak the local checkout URL. - (source (channel - (inherit %default-guix-channel) - (commit (guix-package-commit guix))))))))))))) + (guix (current-guix)))))))) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)) diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl index f7c27d23db8..2a0e9e21c84 100644 --- a/gnu/system/examples/vm-image.tmpl +++ b/gnu/system/examples/vm-image.tmpl @@ -10,6 +10,7 @@ (srfi srfi-1) (ice-9 match) (guix channels) + (gnu packages package-management) (gnu system image)) (use-service-modules desktop mcron networking spice ssh xorg sddm) (use-package-modules bootloaders fonts @@ -30,15 +31,6 @@ Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation. accounts.\x1b[0m ")) -(define (guix-package-commit guix) - ;; Extract the commit of the GUIX package. - (match (package-source guix) - ((? channel? source) - (channel-commit source)) - (_ - (apply (lambda* (#:key commit #:allow-other-keys) commit) - (package-arguments guix))))) - (operating-system (host-name "gnu") (timezone "Etc/UTC") @@ -141,14 +133,7 @@ root ALL=(ALL) ALL (guix-service-type config => (guix-configuration (inherit config) - (guix - (let ((guix (current-guix))) - (package - (inherit guix) - ;; Do not leak the local checkout URL. - (source (channel - (inherit %default-guix-channel) - (commit (guix-package-commit guix))))))))))))) + (guix (current-guix)))))))) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)) From e2857e21fa54ff72b4adabf95841d61fb820d55f Mon Sep 17 00:00:00 2001 From: Rutherther Date: Tue, 16 Dec 2025 12:24:42 +0100 Subject: [PATCH 12/15] system: install: Remove current-guix url override. Prefer parameterization of current-guix in release artifacts generation. * gnu/system/install.scm (%installation-service): Use (current-guix) directly in guix service configuration. Change-Id: Ifa363465e6a4f6936d0e51eaf1b33872519e2b0a Signed-off-by: Rutherther --- gnu/system/install.scm | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 06fed8cae9a..e5dfdbb427b 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -336,29 +336,13 @@ templates under @file{/etc/configuration}."))) "Load the @code{uvesafb} kernel module with the right options.") (default-value #t))) -(define (guix-package-commit guix) - ;; Extract the commit of the GUIX package. - (match (package-source guix) - ((? channel? source) - (channel-commit source)) - (_ - (apply (lambda* (#:key commit #:allow-other-keys) commit) - (package-arguments guix))))) - (define* (%installation-services #:key (system (or (and=> (%current-target-system) platform-target->system) (%current-system))) - (guix-for-system - (let ((guix (current-guix))) - (package - (inherit guix) - ;; Do not leak the local checkout URL. - (source (channel - (inherit %default-guix-channel) - (commit (guix-package-commit guix)))))))) + (guix-for-system (current-guix))) ;; List of services of the installation system. (let ((motd (plain-file "motd" " \x1b[1;37mWelcome to the installation of GNU Guix!\x1b[0m From ab63e29e90aba4f10d477e76587d687a7bb6a27d Mon Sep 17 00:00:00 2001 From: Rutherther Date: Thu, 18 Dec 2025 15:39:54 +0100 Subject: [PATCH 13/15] installer: Drop uri from provenance log. To synchronize the artifacts made from Cuirass, pre-inst-env and time-machine, drop the url from provenance sexp. * gnu/installer.scm (provenance-sexp): Drop url. Change-Id: Ibe2515abdc92853ce06c0381dd03cc61b2077335 Signed-off-by: Rutherther --- gnu/installer.scm | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/gnu/installer.scm b/gnu/installer.scm index d905ffa7957..adc891e4eb4 100644 --- a/gnu/installer.scm +++ b/gnu/installer.scm @@ -367,11 +367,10 @@ purposes." 'unknown) ((channels ...) (map (lambda (channel) - (let* ((uri (string->uri (channel-url channel))) - (url (if (or (not uri) (eq? 'file (uri-scheme uri))) - "local checkout" - (channel-url channel)))) - `(channel ,(channel-name channel) ,url ,(channel-commit channel)))) + ;; NOTE: URL is not logged to synchronize the derivations + ;; coming out of pre-inst-env, time-machine and Cuirass + ;; for generating release artifacts. + `(channel ,(channel-name channel) ,(channel-commit channel))) channels)))) (define* (installer-program #:key dry-run? (guix-for-installer (current-guix))) From 2d4ed08662714ea46cfe0b41ca195d1ef845fd1b Mon Sep 17 00:00:00 2001 From: Rutherther Date: Tue, 16 Dec 2025 12:26:57 +0100 Subject: [PATCH 14/15] etc: release: Switch to Guile declaration of artifacts. This is a rewrite of the bash commands for generation of guix binary tarballs and system images to Guile. I am expecting this will help us significantly with getting the same derivations locally and from Cuirass, instead of relying on images/tarball job specifications and trying to tweak it locally to have the same ones. Implements: #4347, #4348. * etc/teams/release/artifacts-manifest.scm: Make a manifest with release artifacts for all supported systems. * etc/teams/release/artifacts.scm: Collect artifacts for all supported systems into a union with proper names for the release artifacts. * Makefile.am (release): Use time-machine instead of pre-inst-env; Switch to building new artifacts.scm Change-Id: I71a6a27e6f315dd31b91c49e71dff2d09695c0dc Signed-off-by: Rutherther --- Makefile.am | 55 +-- etc/teams/release/artifacts-manifest.scm | 412 +++++++++++++++++++++++ etc/teams/release/artifacts.scm | 26 ++ 3 files changed, 451 insertions(+), 42 deletions(-) create mode 100644 etc/teams/release/artifacts-manifest.scm create mode 100644 etc/teams/release/artifacts.scm diff --git a/Makefile.am b/Makefile.am index cca120baa1c..dabceddf2ac 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1177,49 +1177,20 @@ prepare-release: dist-with-updated-version all @echo "Now push the resulting commit and run `make release`." @echo +# Make sure you've ran prepare-release prior to running release and pushed +# the commit to Guix. It might be pushed to any branch, such as version-X.Y.Z. release: all -# Generate the binary release tarballs. - rm -f $(BINARY_TARBALLS) - $(MAKE) $(BINARY_TARBALLS) - for system in $(SUPPORTED_SYSTEMS) ; do \ - mv "guix-binary.$$system.tar.xz" \ - "$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \ - done -# Build 'current-guix' to speed things up for the next step. - $(top_builddir)/pre-inst-env guix build \ - -e '((@ (gnu packages package-management) current-guix))' \ - $(call system_flags,$(GUIX_SYSTEM_INSTALLER_SYSTEMS)) \ - -v1 --no-grafts --fallback -# Generate the ISO installation images. - for system in $(GUIX_SYSTEM_INSTALLER_SYSTEMS) ; do \ - GUIX_DISPLAYED_VERSION="`git describe --match=v* | sed -'es/^v//'`" ; \ - image=`$(top_builddir)/pre-inst-env \ - guix system image -t iso9660 \ - --label="GUIX_$${system}_$(VERSION)" \ - --system=$$system --fallback \ - gnu/system/install.scm` ; \ - if [ ! -f "$$image" ] ; then \ - echo "failed to produce Guix installation image for $$system" >&2 ; \ - exit 1 ; \ - fi ; \ - cp "$$image" "$(releasedir)/$(GUIX_SYSTEM_IMAGE_BASE).$$system.iso.tmp" ; \ - mv "$(releasedir)/$(GUIX_SYSTEM_IMAGE_BASE).$$system.iso.tmp" \ - "$(releasedir)/$(GUIX_SYSTEM_IMAGE_BASE).$$system.iso" ; \ - done -# Generate the VM images. - for system in $(GUIX_SYSTEM_VM_SYSTEMS) ; do \ - GUIX_DISPLAYED_VERSION="`git describe --match=v* | sed -'es/^v//'`" ; \ - image=`$(top_builddir)/pre-inst-env \ - guix system image -t qcow2 $(GUIX_SYSTEM_VM_IMAGE_FLAGS) \ - --save-provenance \ - --system=$$system --fallback \ - gnu/system/examples/vm-image.tmpl` ; \ - if [ ! -f "$$image" ] ; then \ - echo "failed to produce Guix VM image for $$system" >&2 ; \ - exit 1 ; \ - fi ; \ - cp "$$image" "$(releasedir)/$(GUIX_SYSTEM_VM_IMAGE_BASE).$$system.qcow2"; \ - done +# Build the artifacts for current commit. +# Use time-machine for provenance. + $(MKDIR_P) "$(releasedir)" + @echo "Building guix inferior for current commit." + COMMIT="$$(git rev-parse HEAD)" && \ + GUIX="$$(guix time-machine --commit=$$COMMIT)/bin/guix" && \ + echo "Building artifacts for current commit: $$COMMIT." && \ + ARTIFACTS="$$($$GUIX build --no-grafts \ + -f ./etc/teams/release/artifacts.scm)" && \ + echo "Artifacts built! Copying to $(releasedir)" && \ + cp -f "$$ARTIFACTS"/* "$(releasedir)" @echo @echo "Congratulations! All the release files are now in $(releasedir)." @echo diff --git a/etc/teams/release/artifacts-manifest.scm b/etc/teams/release/artifacts-manifest.scm new file mode 100644 index 00000000000..7b8c942c795 --- /dev/null +++ b/etc/teams/release/artifacts-manifest.scm @@ -0,0 +1,412 @@ +;;; GNU Guix --- Functional package management for GNU +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +;;; This manifest returns build artfacts for all supported systems. This can be +;;; controlled by SUPPORTED_SYSTEMS environment variable. For the list of +;;; artifacts produced, see artifacts-for-system and the `-for-system?` +;;; procedures. NOTE: the --system argument does not change the system for which +;;; the resulting package is built. They return different definitions of the +;;; images. To change the system, pass different SUPPORTED_SYSTEMS. + +(use-modules (gnu compression) + (gnu image) + (gnu packages graphviz) + (gnu packages imagemagick) + (gnu packages package-management) + (gnu packages perl) + (gnu services) + (gnu system image) + (gnu system install) + (gnu system) + (guix build-system gnu) + (guix build-system trivial) + (guix channels) + (guix gexp) + (guix git) + (guix grafts) + (guix memoization) + (guix monads) + (guix packages) + (guix profiles) + (guix records) + (guix scripts pack) + (guix store) + (guix ui) + (guix utils) + (ice-9 format) + (ice-9 match) + (srfi srfi-9) + (srfi srfi-26) + (srfi srfi-35)) + +;; For easier testing, use (snapshot) guix package from (gnu packages +;; package-management). Otherwise, the package is updated to current commit and +;; might not be substitutable, leading to longer build times. +(define %use-snapshot-package? + (string=? (or (getenv "GUIX_USE_SNAPSHOT_PACKAGE") "no") "yes")) + +(define (%guix-version) + ;; NOTE: while package-version guix is not correct in general, + ;; it is correct for the release itself. At that time, the + ;; guix package is updated to vX.Y.Z and it's the version + ;; we want to use. + (package-version guix)) + +(define (%vm-image-path) + (search-path %load-path "gnu/system/examples/vm-image.tmpl")) + +(define (%vm-image-efi-path) + (search-path %load-path "gnu/system/examples/vm-image-efi.tmpl")) + +;; monadic record and gexp-compiler +;; taken from Inria +;; https://gitlab.inria.fr/numpex-pc5/wp3/guix-images/-/blob/17bf4585abc2d637faa5d339436e778b7c9fb1ce/modules/guix-hpc/packs.scm + +;; XXX: The hack below will hopefully become unnecessary once the +;; (guix scripts pack) interface switches to declarative style--i.e., +;; file-like objects. + +(define-record-type + (monadic->declarative mvalue) + monadic? + (mvalue monadic-value)) + +(define-gexp-compiler (monadic-compiler (monadic ) system target) + (monadic-value monadic)) + +;; The tarball should be the same for every system. +;; Still, we need to decide what system to build it +;; for, so use the one that CI has most resources for. +(define (source-tarball-for-system? system) + (member system + '("x86_64-linux"))) + +(define (iso-for-system? system) + (member system + '("x86_64-linux" "i686-linux" "aarch64-linux"))) + +(define (qcow2-for-system? system) + (member system + '("x86_64-linux" "aarch64-linux"))) + +(define* (qcow2-gpt-for-system? system) + (string=? system "aarch64-linux")) + +(define (copy-/etc/config.scm config) + "Copy the configuration.scm of the operating system to /etc/config.scm, for +user's convenience. The file has to be writable, not a link to the store, so +etc-service-type can't be used here. CONFIG is a pair of strings, (FROM . TO). +The config will be copied from FROM to TO." + (match config + ((from . to) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (when (not (file-exists? #$to)) + (copy-file #$from #$to) + (make-file-writable #$to))))) + (_ (raise + (formatted-message-string + (G_ "unexpected config parameter, should be pair of strings: ~a" + config)))))) + +(define copy-/etc/config.scm-service-type + (service-type (name 'copy-/etc/config.scm) + (description + "Copy the system configuration file to /etc/config.scm.") + (extensions (list (service-extension activation-service-type + copy-/etc/config.scm))) + (default-value (cons "/run/current-system/configuration.scm" + "/etc/config.scm")))) + +(define (operating-system-with-/etc/config.scm os) + "Copy the system configuration file to writable /etc/config.scm on first boot." + (operating-system + (inherit os) + (services (cons (service copy-/etc/config.scm-service-type) + (operating-system-user-services os))))) + +(define (simple-provenance-entry config-file) + "Return system entries describing the operating system config, provided +through CONFIG-FILE." + (mbegin %store-monad + (return `(("configuration.scm" + ,(local-file (assume-valid-file-name config-file) + "configuration.scm")))))) + +;; This is mostly taken from provenance-service-type from (gnu services), +;; but it provides only configuration.scm, not channels.scm. This is +;; to get the same derivations for both Cuirass and local builds. +;; In the future, provenance-service-type could be adapted to support +;; this use case as well. +(define simple-provenance-service-type + (service-type (name 'provenance) + (extensions + (list (service-extension system-service-type + simple-provenance-entry))) + (default-value #f) ;the OS config file + (description + "Store configuration.scm of the system in the system +itself."))) + +(define* (operating-system-with-simple-provenance + os + #:optional + (config-file + (operating-system-configuration-file + os))) + "Return a variant of OS that stores its CONFIG-FILE. This is similar to +`operating-system-with-provenance`, but it does copy only the +configuration.scm." + (operating-system + (inherit os) + (services (cons (service simple-provenance-service-type config-file) + (operating-system-user-services os))))) + +(define (guix-package-commit guix) + ;; Extract the commit of the GUIX package. + (match (package-source guix) + ((? channel? source) + (channel-commit source)) + (_ + (apply (lambda* (#:key commit #:allow-other-keys) commit) + (package-arguments guix))))) + +;; NOTE: Normally, we would use (current-guix), along with url +;; overriden to the upstream repository to not leak our local checkout. +;; But currently, the (current-guix) derivation has to be computed through +;; QEMU for systems other than your host system. This takes a lot of time, +;; it takes at least half an hour to get the derivations. +(define (guix-package/with-commit guix commit) + "Use the guix from (gnu packages package-management), +but override its commit to the specified version. Make sure +to also override the channel commit to have the correct +provenance." + (let ((scm-version (car (string-split (package-version guix) #\-)))) + (package + (inherit guix) + (version (string-append scm-version "." (string-take commit 7))) + (source (git-checkout + (url (channel-url %default-guix-channel)) + (commit commit))) + (arguments + (substitute-keyword-arguments (package-arguments guix) + ((#:configure-flags flags '()) + #~(cons* + (string-append "--with-channel-commit=" #$commit) + (filter (lambda (flag) + (not (string-prefix? "--with-channel-commit=" flag))) + #$flags)))))))) + +(define guix-for-images + (mlambda (system) + (cond + ;; For testing purposes, use the guix package directly. + (%use-snapshot-package? guix) + ;; Normally, update the guix package to current commit. + (else + (guix-package/with-commit guix (guix-package-commit (current-guix))))))) + +(define %binary-tarball-compression "xz") + +;; Like guix pack -C xz -s --localstatedir --profile-name=current-guix guix +(define* (binary-tarball-for-system system #:key (extra-packages '())) + (let* ((base-name (string-append "guix-binary-" (%guix-version) "." system)) + (manifest (packages->manifest (cons* guix extra-packages))) + (profile (profile (content manifest))) + (inputs `(("profile" ,profile))) + (compression %binary-tarball-compression)) + (manifest-entry + (name (string-append base-name ".tar." compression)) + (version (%guix-version)) + (item (monadic->declarative + (self-contained-tarball + base-name profile + #:profile-name "current-guix" + #:compressor (lookup-compressor compression) + #:localstatedir? #t)))))) + +;; Like guix system image -t iso9660 \ +;; --label="GUIX_$${system}_$(VERSION)" gnu/system/install.scm +(define* (iso-for-system system) + (let* ((name (string-append + "guix-system-install-" (%guix-version) "." system ".iso")) + (base-os (make-installation-os + #:grub-displayed-version (%guix-version) + #:efi-only? (string=? system "aarch64-linux"))) + (base-image (os->image base-os #:type iso-image-type)) + (label (string-append "GUIX_" system "_" + (if (> (string-length (%guix-version)) 7) + (string-take (%guix-version) 7) + (%guix-version))))) + (manifest-entry + (name name) + (version (%guix-version)) + (item (system-image + (image-with-label + (image + (inherit base-image) + (name (string->symbol name))) + label)))))) + +;; Like guix system image -t qcow2 gnu/system/examples/vm-image.tmpl +(define* (qcow2-for-system system) + (let* ((name (string-append + "guix-system-vm-image-" (%guix-version) "." system ".qcow2")) + (base-os-path + (if (qcow2-gpt-for-system? system) + (%vm-image-efi-path) + (%vm-image-path))) + (target-image-type + (if (qcow2-gpt-for-system? system) + qcow2-gpt-image-type + qcow2-image-type)) + (base-os + (operating-system-with-/etc/config.scm + (operating-system-with-simple-provenance + (load base-os-path) base-os-path))) + (base-image (os->image base-os #:type target-image-type))) + (manifest-entry + (name name) + (version (%guix-version)) + (item (system-image + (image + (inherit base-image) + (volatile-root? #f) + (name (string->symbol name)))))))) + +(define* (guix-source-tarball) + (let ((guix (package + (inherit guix) + (native-inputs + (modify-inputs (package-native-inputs guix) + ;; graphviz-minimal -> graphviz + (replace "graphviz" graphviz) + (append imagemagick) + (append perl)))))) + (manifest-entry + (name (string-append "guix-" (%guix-version) ".tar.gz")) + (version (package-version guix)) + (item (dist-package + guix + ;; Guix is built from git source, not from tarball. + ;; So it's fine to use its source directly. + (package-source guix)))))) + +(define* (manifest-entry-with-parameters system entry + #:key + (guix-for-images-proc guix-for-images)) + (manifest-entry + (inherit entry) + (item + (with-parameters + ((%current-system system) + (%current-target-system #f) + (current-guix-package (guix-for-images-proc system))) + (manifest-entry-item entry))))) + +(define* (manifest-with-parameters system manifest + #:key + (guix-for-images-proc guix-for-images)) + "Returns entries in the manifest accompanied with %current-system, +%current-target-sytem and current-guix-package parameters." + (make-manifest + (map (cut manifest-entry-with-parameters system <> + #:guix-for-images-proc guix-for-images-proc) + (manifest-entries manifest)))) + +(define (artifacts-for-system/nonparameterized system) + "Get all artifacts for given system. This will always include the +guix-binary tarball and optionally iso and/or qcow2 images." + (manifest + (append + (list + (binary-tarball-for-system system)) + ;; TODO: After source tarball generation is ready, uncomment. + ;; (if (source-tarball-for-system? system) + ;; (list (guix-source-tarball)) + ;; '()) + (if (iso-for-system? system) + (list (iso-for-system system)) + '()) + (if (qcow2-for-system? system) + (list (qcow2-for-system system)) + '())))) + +(define* (artifacts-for-system system + #:key + (guix-for-images-proc guix-for-images)) + "Collects all artifacts for a system. Gives them the proper %current-system +and %current-target-system parameters, so the --system passed on CLI is +irrelevant." + ;; NOTE: parameterizing current system, because the tarball seems to somehow + ;; depend on it early on. I haven't investigated it, but seems like a bug. Could + ;; it be the gexp->derivation + monadic->declarative, not passing down the + ;; system? Symptom: guix build --system=x86_64 -m artifacts-manifest.scm and + ;; guix build --system=i686-linux -m artifacts-manifest.scm gives out different + ;; results without the parameterization. + (parameterize + ((%current-system system) + (%current-target-system #f) + (current-guix-package (guix-for-images-proc system))) + (manifest-with-parameters + system + (artifacts-for-system/nonparameterized system) + #:guix-for-images-proc guix-for-images-proc))) + +(define (manifest->union manifest) + "Makes a union that will be a folder with all the entries symlinked. This +is different from a profile as it expects the entries are just simple files +and symlinks them by their manifest-entry-name." + (let ((entries (manifest-entries manifest))) + (computed-file + "artifacts-union" + (with-imported-modules '((guix build union) + (guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (mkdir-p #$output) + + (for-each + (lambda* (entry) + (symlink (cdr entry) + (string-append #$output "/" (car entry)))) + (list #$@(map (lambda (entry) + #~(cons + #$(manifest-entry-name entry) + #$(manifest-entry-item entry))) + entries)))))))) + +(define %supported-systems + (or (and + (getenv "SUPPORTED_SYSTEMS") + (string-split (getenv "SUPPORTED_SYSTEMS") #\ )) + '("x86_64-linux" "i686-linux" + "armhf-linux" "aarch64-linux" + "powerpc64le-linux" "riscv64-linux"))) + +(define supported-systems-union-manifest + (concatenate-manifests + (map artifacts-for-system + %supported-systems))) + +(when %use-snapshot-package? + (warning (G_ "building images using the 'guix' package (snapshot)~%"))) +(info (G_ "producing artifacts for the following systems: ~a~%") + %supported-systems) +supported-systems-union-manifest diff --git a/etc/teams/release/artifacts.scm b/etc/teams/release/artifacts.scm new file mode 100644 index 00000000000..095df709de4 --- /dev/null +++ b/etc/teams/release/artifacts.scm @@ -0,0 +1,26 @@ +;;; GNU Guix --- Functional package management for GNU +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +;;; Produce a single directory with all the artifacts inside of it, with proper +;;; names. They can then be easily copied to releasedir in Makefile. The files are +;;; symlinked to save space, but they should be copied out of the store as regular +;;; files. + +(load "artifacts-manifest.scm") + +(manifest->union + supported-systems-union-manifest) From d339785a0fbd8f13930082a4fa7a73b6685630fd Mon Sep 17 00:00:00 2001 From: Rutherther Date: Tue, 23 Dec 2025 10:29:43 +0100 Subject: [PATCH 15/15] gnu: guix: Update to 1.5.0rc1. Change-Id: I5afcfb7071c559b356e435bdefb4624a2c4ffa00 --- gnu/packages/package-management.scm | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index eadaea4967d..71977aaa9f3 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -197,9 +197,9 @@ ;; Latest version of Guix, which may or may not correspond to a release. ;; Note: the 'update-guix-package.scm' script expects this definition to ;; start precisely like this. - (let ((version "1.4.0") - (commit "21ce6b392ace4c4d22543abc41bd7c22596cd6d2") - (revision 47)) + (let ((version "1.5.0rc1") + (commit "2d4ed08662714ea46cfe0b41ca195d1ef845fd1b") + (revision 0)) (package (name "guix") @@ -215,7 +215,7 @@ (commit commit))) (sha256 (base32 - "0q4f5aiqld1smjmq0k0y96wrrvn7pizsx8xzqk6m7f9f2qm7pdhc")) + "0z1ixlkzsaj978nh57179871xkzbf8zsf10xkcfs2647iznkx7az")) (file-name (string-append "guix-" version "-checkout")))) (build-system gnu-build-system) (arguments @@ -234,10 +234,9 @@ (string-append "--with-bash-completion-dir=" (assoc-ref %outputs "out") "/etc/bash_completion.d") - ;; TODO: Uncomment after guix is updated. - ;; (string-append "--with-apparmor-profile-dir=" - ;; (assoc-ref %outputs "out") - ;; "/etc/apparmor.d") + (string-append "--with-apparmor-profile-dir=" + (assoc-ref %outputs "out") + "/etc/apparmor.d") ;; Set 'DOT_USER_PROGRAM' to the empty string so ;; we don't keep a reference to Graphviz, whose