Hi,
I'm trying to build Coreboot with Nix [1] and am facing some issues. I'm wondering whether someone has already tried this before and can give some pointers. My specific problem is how to nicely package the toolchain that coreboot requires.
Any hints are appreciated. :)
I did discover https://nixos.wiki/wiki/Coreboot, but this doesn't help with the toolchain issue when coreboot is built as a Nix derivation...
Thanks! Julian
Julian Stecklina wrote:
I'm trying to build Coreboot with Nix [1] and am facing some issues. I'm wondering whether someone has already tried this before and can give some pointers.
I don't think so.
My specific problem is how to nicely package the toolchain that coreboot requires.
Any hints are appreciated. :)
How does Nix deal with other cross-toolchains? That's essentially what the coreboot toolchain is, so maybe you can find inspiration there.
//Peter
On Thu, 2021-04-15 at 17:11 +0000, Peter Stuge wrote:
How does Nix deal with other cross-toolchains? That's essentially what the coreboot toolchain is, so maybe you can find inspiration there.
The short story is: It doesn't deal very well with software that tries to build its own toolchain. :)
I got a bit lost in trying to make Coreboot build with the normal Nix toolchain. But once I gave that up and embraced building the toolchain in a custom chroot, I got everything working and it came out reasonably clean:
https://github.com/blitz/nix-coreboot/blob/main/default.nix
I've also pointed the Coreboot Nix wiki page there to spare someone else the headscratching.
Thanks! Julian
On 4/15/21 6:58 PM, Julian Stecklina wrote:
Hi,
Hi Julian,
I'm trying to build Coreboot with Nix [1] and am facing some issues. I'm wondering whether someone has already tried this before and can give some pointers. My specific problem is how to nicely package the toolchain that coreboot requires.
Any hints are appreciated. :)
I did discover https://nixos.wiki/wiki/Coreboot, but this doesn't help with the toolchain issue when coreboot is built as a Nix derivation...
Toolchain reproducibility is something that was discussed many times in community during after-party and vPub events. Current state of the art is here: https://github.com/Thrilleratplay/guix-docker
There is dedicated private channel for that problem on OSFW Slack: https://slack.osfw.dev/ Feel free to ping me (nick pietrushnic) and I will add you to discussion.
Topics was so popular that we added it to official Dasharo Trolling Topics List: https://docs.dasharo.com/osf-trolling-list/build_process/
Best Regards,
I did not mention https://github.com/Thrilleratplay/guix-docker as it probably is a red herring.
The goal of that repo is to create reproducible build environments using Guix; the output is a docker image that can build coreboot and not coreboot itself. The ultimate goal is create a replacement for coreboot-sdk that itself is prove to be bit for bit reproducible from source at any time in the future and reproduce a coreboot build. From what I understand, Nix and Guix share philosophies but Nix's package manager is more in line with apt, pacman, portage, etc where Guix is a "hackable" version that is controlled via Guile Scheme (please correct me if I am wrong with that). In any case, currently it will not build coreboot 4.13 as I need to create a package definition for gnat and bootstrap the FSF version of the Ada compiler. I am juggling many projects on top of the demands of every day life, so development is slow.
Julian,
The take away is if you only want to build coreboot on NixOS and are ok with using Docker, you may want to use https://hub.docker.com/r/coreboot/coreboot-sdk.%C2%A0 My https://github.com/Thrilleratplay/coreboot-builder-scripts uses the coreboot-sdk Docker image and may be helpful depending on which system you are trying to build for.
On 4/28/21 7:24 PM, Piotr Król wrote:
On 4/15/21 6:58 PM, Julian Stecklina wrote:
Hi,
Hi Julian,
I'm trying to build Coreboot with Nix [1] and am facing some issues. I'm wondering whether someone has already tried this before and can give some pointers. My specific problem is how to nicely package the toolchain that coreboot requires.
Any hints are appreciated. :)
I did discover https://nixos.wiki/wiki/Coreboot, but this doesn't help with the toolchain issue when coreboot is built as a Nix derivation...
Toolchain reproducibility is something that was discussed many times in community during after-party and vPub events. Current state of the art is here: https://github.com/Thrilleratplay/guix-docker
There is dedicated private channel for that problem on OSFW Slack: https://slack.osfw.dev/ Feel free to ping me (nick pietrushnic) and I will add you to discussion.
Topics was so popular that we added it to official Dasharo Trolling Topics List: https://docs.dasharo.com/osf-trolling-list/build_process/
Best Regards,
Hi,
On Thu, 2021-04-15 at 18:58 +0200, Julian Stecklina wrote:
I'm trying to build Coreboot with Nix [1] [...]
I have not yet tried it personally, but corenix[1] looks nice.
Cheers Phil
-
Julian Stecklina -
Peter Stuge -
Philipp Bartsch -
Piotr Król -
Tom Hiller