| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
| |
We have no use for VTs in guests, and disabling them means that
we don't need a console parameter on the kernel command line on
aarch64.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
| |
cloud-hypervisor only supports x86_64 and aarch64, but it's clear that
it's x86_64 that's the odd one out when it comes to needing special
kernel images. So let's assume we should use the default kernel
target, except on x86 where we know we shouldn't.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
| |
This reduces the combined image from 9.1G to 7.2G, and also gets us
away from using the vmlinux from dev, which we wouldn't be able to do
on aarch64 anyway.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
| |
Possibly we want to disable this entirely, but let's wait until we
have Wayland working, and a better approach to kernel configuration,
before we worry about that.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
| |
Both places this was used, there was a KERNEL variable with the same
value. On other architectures, we might not even use vmlinux, so
keeping KERNEL makes more sense.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
| |
cloud-hypervisor has changed the CLI, so we have to update every place
we invoke it.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
| |
Before this change, a clean release/live "make -j4" had a median
runtime of 85 seconds. Now, it's 37 seconds. That much of a
reduction in iteration time is worth the extra complexity.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
| |
This way, we don't have to worry about them confusing Nix, or the
lockfiles ending up in git.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
| |
Otherwise, cloud-hypervisor won't be able to bind to the path and will
fail to start.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our image Makefiles are either used for interactive development in a
nix-shell, or as part of a Nix build of Spectrum. In neither of these
cases is the two step "make; make install" process useful like it is
for packages, because one image from Spectrum somewhere on the
development system isn't something it ever makes sense to do.
By removing the separation between building and installing, and
creating the final output directly in its destination, we can save
some copies of very large files, which should save seconds in each
build, even for the smaller components.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
| |
This was widely used when each component was responsible for filtering
out its own Nix files, but now that's centralised, all these bindings
can be cleaned up.
Fixes: 0149885 ("nix: centralise source cleaning")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221010232909.1953738-11-hi@alyssa.is>
|
| |
|
|
|
|
|
|
| |
mg is a text editor with a built-in filesystem browser, so it will be
useful for testing virtiofs.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221010232909.1953738-10-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
| |
Not all VMs will even have networking! So it makes more sense to put
waiting for the network in the application-specific part.
The "listen" and "wait" scripts are copied from the host system.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221010232909.1953738-8-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can simplify our Makefiles a bit by moving some things into a
library file. So far, I've done this for non-component-specific
macros, and inference rules.
Some tar2ext4 rules used a temporary file for the tar2ext4 invocation,
and then moved the file into place when it was done, to prevent a
half-built image sticking around if tar2ext4 died. According to
POSIX, make should clean up any targets that didn't finish building if
it's interrupted, so we should only end up with a half-built image if
tar2ext4 crashes, e.g. due to running out of disk space. I think we
should just ignore that possibility, since otherwise we'd have to
write annoying make rules using temporary file names for every target,
and if it does happen recovery is just a make clean away.
With this, I've also made a small reorganisation. I got rid of the
"nix" directory and created a "lib" directory, where I put
eval-config.nix and the new common.mk file, since both are library
code. checks.nix isn't really a library though, so I moved it into
the "release" directory, since the only reference to it is in
release.nix.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When I introduced the global src attribute, I broke custom
configurations, since they wouldn't be passing that key in, and nor
should they. To allow for non-customisable globals like src, we need
to separate them from config. Here, I've modified eval-config.nix to
take a callback, so that it can provide multiple attributes, and
handle command line arguments itself so that doesn't need to be in
every entry point any more. This gives us an interface similar to the
NixOS module system's, where a variety of globals are available that
can be pulled out of the passed attribute set as required, but with
the additional advantage that files are usable directly from
nix-build, and support command line arguments.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Fixes: 0149885 ("nix: centralise source cleaning")
|
| |
|
|
|
|
|
|
|
| |
This was getting very repetitive. Having a single copy of the sources
shared between builds will also save on store space, and means we
don't need to support overriding the path to the scripts directory in
Makefiles.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a generic application VM image. It mounts a
filesystem containing the application, and then launches a "run"
script on that filesystem to start the application. The Nix store on
the application filesystem is overlaid onto the generic Nix store, so
shared paths don't have to be duplicated in the application
filesystem.
The "appvm" image is part of the Spectrum system — it lives on the
root filesystem, not the user data partition. Users of course have
the choice not to use the built in image if they don't want to, but
this gives us a default to use for future features like starting VMs
at runtime.
Individual application VMs are now defined in a single Nix file each,
using a VM builder function. I expect this is how Nix-based VMs would
be defined in the user data partition, and then built with Nix into
Spectrum VM configurations.
The new top-level vm-lib directory is intended to be copied into user
Nix expressions that build VMs, and therefore has to be usable
standalone. User-defined VMs should not do any path deduplication
with the system-provided base VM, so that the two can independently
update Nixpkgs. But for VMs that are part of the system (which I
consider the pre-built VMs to be, even though they're currently on the
user data partition), we can safely deduplicate paths that we know to
be present in the base image. So they go through vm/make-vm.nix,
which is a wrapper around vm-lib/make-vm.nix that does this
deduplication.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-7-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
| |
This will allow booting reliably from multiple disk images, without
relying on order or requiring udev in an initramfs. (The only
deterministic way of doing boot order on Linux without special
userspace support is to set "root" on the kernel command line to
either a GPT partition UUID or label.)
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-4-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first step to being able to do things like having a static
base image for an application VM, and another image containing the
application to run.
When we actually use multiple images we'll need to change how we boot
so we know the kernel is booting from the right image — probably by
PARTUUID or PARTLABEL — because we can't guarantee how the kernel
orders disks inside the VM.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-2-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, a file called "config.nix" in the root of the Spectrum
repository will be read if it exists. That file should contain an
attribute set. Currently, only a "pkgs" key is supported, which
allows specifying a custom package set that will be used throughout
the Spectrum Nix files. This will allow us to provide configuartion
options for people who want to build Spectrum in ways that are
probably not suitable for upstreaming.
For example, using the "pkgs" config option I'm introducing here, it
would be possible to use an overlay to patch individual components,
like so:
{
pkgs = import <nixpkgs> {
overlays = [
(final: super: {
weston = super.weston.overrideAttrs ({ patches ? [], ... }: {
patches = patches ++ [
path/to/weston.patch
];
});
})
];
};
}
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20220831093727.282797-1-hi@alyssa.is>
Reviewed-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
|
| |
|
|
|
|
|
| |
This will save having to download gcc and binutils just to change a
config file in a VM.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This isn't a license change — the code was always available under
potential future EUPL versions because of this language in the EUPL:
> Copyleft clause: If the Licensee distributes or communicates copies of the
> Original Works or Derivative Works, this Distribution or Communication will be
> done under the terms of this Licence or of a later version of this Licence
> unless the Original Work is expressly distributed only under this version of the
> Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee
> (becoming Licensor) cannot offer or impose any additional terms or conditions on
> the Work or Derivative Work that alter or restrict the terms of the Licence.
But now that reuse 1.0.0 is out, and supports SPDX '+' expressions, we
can express this more clearly in SPDX.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
| |
|
|
|
|
| |
Nix files shouldn't be considered part of the sources, and so they
should be filtered out. This way, changes to them (that don't change
their meaning) won't force rebuilds.
|
| |
|
|
|
|
| |
Whoops.
Fixes: e64a796 ("host/appvm-lynx-vmm: reduce VM memory")
|
| |
|
|
|
|
|
|
|
| |
When I set the virtio console to go to a new PTY by default, it was
because I was working on / testing patches for terminal emulators to
get them to attach to PTYs and send resize events. Now that I'm not
doing that so much, let's show the console intended for VM output by
default, rather than requiring running another process to connect to
it.
|
| | |
|
| |
|
|
|
| |
Not worth pulling this in any more just for another mkdir
implementation!
|
| |
|
|
|
|
|
| |
The main improvement things brings is that it should resolve a rare
race condition in early boot, where s6-rc-init would run before
s6-svscan, and so the boot would hang because s6-rc would never end up
properly running.
|
| |
|
|
| |
This is preparatory work before a switch to s6-linux-init.
|
| |
|
|
|
| |
We don't need to create the etc/service directory, because we're
already including etc/service/getty-hvc0.
|
| |
|
|
|
|
|
| |
These never needed to be separate. They were the result of some
confusion while I was trying to hack on the Musl fstab parser, briefly
broke comment parsing, and then didn't realise I'd introduced that
breakage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These fields are pretty much obsolete and are supposed to be optional
according to fstab(5), but upstream Musl requires them. Long ago, I
wrote a patch[1] to fix it, sent it upstream, and then applied it in
Spectrum's Nixpkgs as a temporary measure, to avoid churn in the fstab
files, thinking it would quickly be applied upstream.
But it has now been more than half a year since the last discussion on
my patch. I do think it'll probably be accepted eventually, but at
this point it's not worth patching Musl ourselves for to avoid the
very minor churn of doing this change now, and reverting it when my
patch is finally accepted. So just add the fields, and then we can
drop the patch from our Nixpkgs, and then we won't have to rebuild the
Musl-targetting compilers we could otherwise get from Hydra.
[1]: https://inbox.vuxu.org/musl/20210915221155.3977763-4-hi@alyssa.is/
|
| |
|
|
| |
The reuse tool is fortunately smart enough to ignore these.
|
| |
|
|
|
|
|
|
| |
It apparently doesn't on Ubuntu, and this way we also don't have to
hack around it being missing in the Nix sandbox.
Reported-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Message-Id: <20220406082038.4012718-1-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
| |
Problems with s6-mount:
• s6-mount -a will fail if some filesystems have already been mounted
• Does not support LABEL= device patterns.
We also already have a mount implementation in Busybox, so
standardising on that lets us drop the s6-linux-utils package entirely.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Trying to use modprobe from Busybox has caused nothing but problems.
The latest issue is that it doesn't implement softdep at all.
rootfs.ext4 before: 509M
rootfs.ext4 after: 513M
Thanks-to: Puck Meerburg <puck@puckipedia.com>
Message-Id: <20220321140107.1043654-1-hi@alyssa.is>
Tested-by: Ville Ilvonen <ville.ilvonen@unikie.com>
|
| |
|
|
|
| |
We take linux from buildPackages so don't need the separate linux
argument.
|
| | |
|
| |
|
|
| |
These have nothing to do with s6-rc.
|
| | |
|
| |
|
|
|
|
|
|
| |
This way, we don't allow arbitrary code from the ext partition to run
on the host system, which gives us better integrity guarantees when
paired with Secure Boot. This new scheme also makes it easy to
introspect VMs, since they're defined using a very limited
configuration language.
|
| |
|
|
|
|
|
| |
I don't think Nix files are likely to contain anything particularly
worth protecting with copyleft, and I'd like to make code sharing with
Nixpkgs as easy as possible, so I think it's a good idea to adopt the
policy that Nix files are MIT-licensed by default to match Nixpkgs.
|
| | |
|
| | |
|
| | |
|