diff options
Diffstat (limited to 'nixpkgs/nixos/modules/system/boot/loader/grub')
4 files changed, 1447 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix new file mode 100644 index 000000000000..3a33b3f65d36 --- /dev/null +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix @@ -0,0 +1,678 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.boot.loader.grub; + + efi = config.boot.loader.efi; + + realGrub = if cfg.version == 1 then pkgs.grub + else if cfg.zfsSupport then pkgs.grub2.override { zfsSupport = true; } + else if cfg.trustedBoot.enable + then if cfg.trustedBoot.isHPLaptop + then pkgs.trustedGrub-for-HP + else pkgs.trustedGrub + else pkgs.grub2; + + grub = + # Don't include GRUB if we're only generating a GRUB menu (e.g., + # in EC2 instances). + if cfg.devices == ["nodev"] + then null + else realGrub; + + grubEfi = + # EFI version of Grub v2 + if cfg.efiSupport && (cfg.version == 2) + then realGrub.override { efiSupport = cfg.efiSupport; } + else null; + + f = x: if x == null then "" else "" + x; + + grubConfig = args: + let + efiSysMountPoint = if args.efiSysMountPoint == null then args.path else args.efiSysMountPoint; + efiSysMountPoint' = replaceChars [ "/" ] [ "-" ] efiSysMountPoint; + in + pkgs.writeText "grub-config.xml" (builtins.toXML + { splashImage = f cfg.splashImage; + splashMode = f cfg.splashMode; + backgroundColor = f cfg.backgroundColor; + grub = f grub; + grubTarget = f (grub.grubTarget or ""); + shell = "${pkgs.runtimeShell}"; + fullName = (builtins.parseDrvName realGrub.name).name; + fullVersion = (builtins.parseDrvName realGrub.name).version; + grubEfi = f grubEfi; + grubTargetEfi = if cfg.efiSupport && (cfg.version == 2) then f (grubEfi.grubTarget or "") else ""; + bootPath = args.path; + storePath = config.boot.loader.grub.storePath; + bootloaderId = if args.efiBootloaderId == null then "NixOS${efiSysMountPoint'}" else args.efiBootloaderId; + timeout = if config.boot.loader.timeout == null then -1 else config.boot.loader.timeout; + inherit efiSysMountPoint; + inherit (args) devices; + inherit (efi) canTouchEfiVariables; + inherit (cfg) + version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber + extraEntriesBeforeNixOS extraPrepareConfig extraInitrd configurationLimit copyKernels + default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios; + path = (makeBinPath ([ + pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils pkgs.btrfs-progs + pkgs.utillinux ] + ++ (optional (cfg.efiSupport && (cfg.version == 2)) pkgs.efibootmgr) + ++ (optionals cfg.useOSProber [pkgs.busybox pkgs.os-prober]) + )) + ":" + (makeSearchPathOutput "bin" "sbin" [ + pkgs.mdadm pkgs.utillinux + ]); + font = if cfg.font == null then "" + else (if lib.last (lib.splitString "." cfg.font) == "pf2" + then cfg.font + else "${convertedFont}"); + }); + + bootDeviceCounters = fold (device: attr: attr // { "${device}" = (attr."${device}" or 0) + 1; }) {} + (concatMap (args: args.devices) cfg.mirroredBoots); + + convertedFont = (pkgs.runCommand "grub-font-converted.pf2" {} + (builtins.concatStringsSep " " + ([ "${realGrub}/bin/grub-mkfont" + cfg.font + "--output" "$out" + ] ++ (optional (cfg.fontSize!=null) "--size ${toString cfg.fontSize}"))) + ); + + defaultSplash = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bootloader.png"; +in + +{ + + ###### interface + + options = { + + boot.loader.grub = { + + enable = mkOption { + default = !config.boot.isContainer; + type = types.bool; + description = '' + Whether to enable the GNU GRUB boot loader. + ''; + }; + + version = mkOption { + default = 2; + example = 1; + type = types.int; + description = '' + The version of GRUB to use: <literal>1</literal> for GRUB + Legacy (versions 0.9x), or <literal>2</literal> (the + default) for GRUB 2. + ''; + }; + + device = mkOption { + default = ""; + example = "/dev/disk/by-id/wwn-0x500001234567890a"; + type = types.str; + description = '' + The device on which the GRUB boot loader will be installed. + The special value <literal>nodev</literal> means that a GRUB + boot menu will be generated, but GRUB itself will not + actually be installed. To install GRUB on multiple devices, + use <literal>boot.loader.grub.devices</literal>. + ''; + }; + + devices = mkOption { + default = []; + example = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; + type = types.listOf types.str; + description = '' + The devices on which the boot loader, GRUB, will be + installed. Can be used instead of <literal>device</literal> to + install GRUB onto multiple devices. + ''; + }; + + mirroredBoots = mkOption { + default = [ ]; + example = [ + { path = "/boot1"; devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; } + { path = "/boot2"; devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ]; } + ]; + description = '' + Mirror the boot configuration to multiple partitions and install grub + to the respective devices corresponding to those partitions. + ''; + + type = with types; listOf (submodule { + options = { + + path = mkOption { + example = "/boot1"; + type = types.str; + description = '' + The path to the boot directory where GRUB will be written. Generally + this boot path should double as an EFI path. + ''; + }; + + efiSysMountPoint = mkOption { + default = null; + example = "/boot1/efi"; + type = types.nullOr types.str; + description = '' + The path to the efi system mount point. Usually this is the same + partition as the above path and can be left as null. + ''; + }; + + efiBootloaderId = mkOption { + default = null; + example = "NixOS-fsid"; + type = types.nullOr types.str; + description = '' + The id of the bootloader to store in efi nvram. + The default is to name it NixOS and append the path or efiSysMountPoint. + This is only used if <literal>boot.loader.efi.canTouchEfiVariables</literal> is true. + ''; + }; + + devices = mkOption { + default = [ ]; + example = [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]; + type = types.listOf types.str; + description = '' + The path to the devices which will have the GRUB MBR written. + Note these are typically device paths and not paths to partitions. + ''; + }; + + }; + }); + }; + + configurationName = mkOption { + default = ""; + example = "Stable 2.6.21"; + type = types.str; + description = '' + GRUB entry name instead of default. + ''; + }; + + storePath = mkOption { + default = "/nix/store"; + type = types.str; + description = '' + Path to the Nix store when looking for kernels at boot. + Only makes sense when copyKernels is false. + ''; + }; + + extraPrepareConfig = mkOption { + default = ""; + type = types.lines; + description = '' + Additional bash commands to be run at the script that + prepares the GRUB menu entries. + ''; + }; + + extraConfig = mkOption { + default = ""; + example = "serial; terminal_output.serial"; + type = types.lines; + description = '' + Additional GRUB commands inserted in the configuration file + just before the menu entries. + ''; + }; + + extraPerEntryConfig = mkOption { + default = ""; + example = "root (hd0)"; + type = types.lines; + description = '' + Additional GRUB commands inserted in the configuration file + at the start of each NixOS menu entry. + ''; + }; + + extraEntries = mkOption { + default = ""; + type = types.lines; + example = '' + # GRUB 1 example (not GRUB 2 compatible) + title Windows + chainloader (hd0,1)+1 + + # GRUB 2 example + menuentry "Windows 7" { + chainloader (hd0,4)+1 + } + + # GRUB 2 with UEFI example, chainloading another distro + menuentry "Fedora" { + set root=(hd1,1) + chainloader /efi/fedora/grubx64.efi + } + ''; + description = '' + Any additional entries you want added to the GRUB boot menu. + ''; + }; + + extraEntriesBeforeNixOS = mkOption { + default = false; + type = types.bool; + description = '' + Whether extraEntries are included before the default option. + ''; + }; + + extraFiles = mkOption { + type = types.attrsOf types.path; + default = {}; + example = literalExample '' + { "memtest.bin" = "''${pkgs.memtest86plus}/memtest.bin"; } + ''; + description = '' + A set of files to be copied to <filename>/boot</filename>. + Each attribute name denotes the destination file name in + <filename>/boot</filename>, while the corresponding + attribute value specifies the source file. + ''; + }; + + extraInitrd = mkOption { + type = types.nullOr types.path; + default = null; + example = "/boot/extra_initramfs.gz"; + description = '' + The path to a second initramfs to be supplied to the kernel. + This ramfs will not be copied to the store, so that it can + contain secrets such as LUKS keyfiles or ssh keys. + This implies that rolling back to a previous configuration + won't rollback the state of this file. + ''; + }; + + useOSProber = mkOption { + default = false; + type = types.bool; + description = '' + If set to true, append entries for other OSs detected by os-prober. + ''; + }; + + splashImage = mkOption { + type = types.nullOr types.path; + example = literalExample "./my-background.png"; + description = '' + Background image used for GRUB. + Set to <literal>null</literal> to run GRUB in text mode. + + <note><para> + For grub 1: + It must be a 640x480, + 14-colour image in XPM format, optionally compressed with + <command>gzip</command> or <command>bzip2</command>. + </para></note> + + <note><para> + For grub 2: + File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must + not be progressive. + The image will be scaled if necessary to fit the screen. + </para></note> + ''; + }; + + backgroundColor = mkOption { + type = types.nullOr types.string; + example = "#7EBAE4"; + default = null; + description = '' + Background color to be used for GRUB to fill the areas the image isn't filling. + + <note><para> + This options has no effect for GRUB 1. + </para></note> + ''; + }; + + splashMode = mkOption { + type = types.enum [ "normal" "stretch" ]; + default = "stretch"; + description = '' + Whether to stretch the image or show the image in the top-left corner unstretched. + + <note><para> + This options has no effect for GRUB 1. + </para></note> + ''; + }; + + font = mkOption { + type = types.nullOr types.path; + default = "${realGrub}/share/grub/unicode.pf2"; + description = '' + Path to a TrueType, OpenType, or pf2 font to be used by Grub. + ''; + }; + + fontSize = mkOption { + type = types.nullOr types.int; + example = literalExample 16; + default = null; + description = '' + Font size for the grub menu. Ignored unless <literal>font</literal> + is set to a ttf or otf font. + ''; + }; + + gfxmodeEfi = mkOption { + default = "auto"; + example = "1024x768"; + type = types.str; + description = '' + The gfxmode to pass to GRUB when loading a graphical boot interface under EFI. + ''; + }; + + gfxmodeBios = mkOption { + default = "1024x768"; + example = "auto"; + type = types.str; + description = '' + The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS. + ''; + }; + + configurationLimit = mkOption { + default = 100; + example = 120; + type = types.int; + description = '' + Maximum of configurations in boot menu. GRUB has problems when + there are too many entries. + ''; + }; + + copyKernels = mkOption { + default = false; + type = types.bool; + description = '' + Whether the GRUB menu builder should copy kernels and initial + ramdisks to /boot. This is done automatically if /boot is + on a different partition than /. + ''; + }; + + default = mkOption { + default = "0"; + type = types.either types.int types.str; + apply = toString; + description = '' + Index of the default menu item to be booted. + ''; + }; + + fsIdentifier = mkOption { + default = "uuid"; + type = types.enum [ "uuid" "label" "provided" ]; + description = '' + Determines how GRUB will identify devices when generating the + configuration file. A value of uuid / label signifies that grub + will always resolve the uuid or label of the device before using + it in the configuration. A value of provided means that GRUB will + use the device name as show in <command>df</command> or + <command>mount</command>. Note, zfs zpools / datasets are ignored + and will always be mounted using their labels. + ''; + }; + + zfsSupport = mkOption { + default = false; + type = types.bool; + description = '' + Whether GRUB should be built against libzfs. + ZFS support is only available for GRUB v2. + This option is ignored for GRUB v1. + ''; + }; + + efiSupport = mkOption { + default = false; + type = types.bool; + description = '' + Whether GRUB should be built with EFI support. + EFI support is only available for GRUB v2. + This option is ignored for GRUB v1. + ''; + }; + + efiInstallAsRemovable = mkOption { + default = false; + type = types.bool; + description = '' + Whether to invoke <literal>grub-install</literal> with + <literal>--removable</literal>.</para> + + <para>Unless you turn this on, GRUB will install itself somewhere in + <literal>boot.loader.efi.efiSysMountPoint</literal> (exactly where + depends on other config variables). If you've set + <literal>boot.loader.efi.canTouchEfiVariables</literal> *AND* you + are currently booted in UEFI mode, then GRUB will use + <literal>efibootmgr</literal> to modify the boot order in the + EFI variables of your firmware to include this location. If you are + *not* booted in UEFI mode at the time GRUB is being installed, the + NVRAM will not be modified, and your system will not find GRUB at + boot time. However, GRUB will still return success so you may miss + the warning that gets printed ("<literal>efibootmgr: EFI variables + are not supported on this system.</literal>").</para> + + <para>If you turn this feature on, GRUB will install itself in a + special location within <literal>efiSysMountPoint</literal> (namely + <literal>EFI/boot/boot$arch.efi</literal>) which the firmwares + are hardcoded to try first, regardless of NVRAM EFI variables.</para> + + <para>To summarize, turn this on if: + <itemizedlist> + <listitem><para>You are installing NixOS and want it to boot in UEFI mode, + but you are currently booted in legacy mode</para></listitem> + <listitem><para>You want to make a drive that will boot regardless of + the NVRAM state of the computer (like a USB "removable" drive)</para></listitem> + <listitem><para>You simply dislike the idea of depending on NVRAM + state to make your drive bootable</para></listitem> + </itemizedlist> + ''; + }; + + enableCryptodisk = mkOption { + default = false; + type = types.bool; + description = '' + Enable support for encrypted partitions. GRUB should automatically + unlock the correct encrypted partition and look for filesystems. + ''; + }; + + forceInstall = mkOption { + default = false; + type = types.bool; + description = '' + Whether to try and forcibly install GRUB even if problems are + detected. It is not recommended to enable this unless you know what + you are doing. + ''; + }; + + trustedBoot = { + + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enable trusted boot. GRUB will measure all critical components during + the boot process to offer TCG (TPM) support. + ''; + }; + + systemHasTPM = mkOption { + default = ""; + example = "YES_TPM_is_activated"; + type = types.string; + description = '' + Assertion that the target system has an activated TPM. It is a safety + check before allowing the activation of 'trustedBoot.enable'. TrustedBoot + WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available. + ''; + }; + + isHPLaptop = mkOption { + default = false; + type = types.bool; + description = '' + Use a special version of TrustedGRUB that is needed by some HP laptops + and works only for the HP laptops. + ''; + }; + + }; + + }; + + }; + + + ###### implementation + + config = mkMerge [ + + { boot.loader.grub.splashImage = mkDefault ( + if cfg.version == 1 then pkgs.fetchurl { + url = http://www.gnome-look.org/CONTENT/content-files/36909-soft-tux.xpm.gz; + sha256 = "14kqdx2lfqvh40h6fjjzqgff1mwk74dmbjvmqphi6azzra7z8d59"; + } + # GRUB 1.97 doesn't support gzipped XPMs. + else defaultSplash); + } + + (mkIf (cfg.splashImage == defaultSplash) { + boot.loader.grub.backgroundColor = mkDefault "#2F302F"; + boot.loader.grub.splashMode = mkDefault "normal"; + }) + + (mkIf cfg.enable { + + boot.loader.grub.devices = optional (cfg.device != "") cfg.device; + + boot.loader.grub.mirroredBoots = optionals (cfg.devices != [ ]) [ + { path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; } + ]; + + system.build.installBootLoader = + let + install-grub-pl = pkgs.substituteAll { + src = ./install-grub.pl; + inherit (pkgs) utillinux; + btrfsprogs = pkgs.btrfs-progs; + }; + in pkgs.writeScript "install-grub.sh" ('' + #!${pkgs.runtimeShell} + set -e + export PERL5LIB=${makePerlPath (with pkgs.perlPackages; [ FileSlurp XMLLibXML XMLSAX XMLSAXBase ListCompare ])} + ${optionalString cfg.enableCryptodisk "export GRUB_ENABLE_CRYPTODISK=y"} + '' + flip concatMapStrings cfg.mirroredBoots (args: '' + ${pkgs.perl}/bin/perl ${install-grub-pl} ${grubConfig args} $@ + '')); + + system.build.grub = grub; + + # Common attribute for boot loaders so only one of them can be + # set at once. + system.boot.loader.id = "grub"; + + environment.systemPackages = optional (grub != null) grub; + + boot.loader.grub.extraPrepareConfig = + concatStrings (mapAttrsToList (n: v: '' + ${pkgs.coreutils}/bin/cp -pf "${v}" "/boot/${n}" + '') config.boot.loader.grub.extraFiles); + + assertions = [ + { + assertion = !cfg.zfsSupport || cfg.version == 2; + message = "Only GRUB version 2 provides ZFS support"; + } + { + assertion = cfg.mirroredBoots != [ ]; + message = "You must set the option ‘boot.loader.grub.devices’ or " + + "'boot.loader.grub.mirroredBoots' to make the system bootable."; + } + { + assertion = cfg.efiSupport || all (c: c < 2) (mapAttrsToList (_: c: c) bootDeviceCounters); + message = "You cannot have duplicated devices in mirroredBoots"; + } + { + assertion = !cfg.trustedBoot.enable || cfg.version == 2; + message = "Trusted GRUB is only available for GRUB 2"; + } + { + assertion = !cfg.efiSupport || !cfg.trustedBoot.enable; + message = "Trusted GRUB does not have EFI support"; + } + { + assertion = !cfg.zfsSupport || !cfg.trustedBoot.enable; + message = "Trusted GRUB does not have ZFS support"; + } + { + assertion = !cfg.trustedBoot.enable || cfg.trustedBoot.systemHasTPM == "YES_TPM_is_activated"; + message = "Trusted GRUB can break the system! Confirm that the system has an activated TPM by setting 'systemHasTPM'."; + } + { + assertion = cfg.efiInstallAsRemovable -> cfg.efiSupport; + message = "If you wish to to use boot.loader.grub.efiInstallAsRemovable, then turn on boot.loader.grub.efiSupport"; + } + { + assertion = cfg.efiInstallAsRemovable -> !config.boot.loader.efi.canTouchEfiVariables; + message = "If you wish to to use boot.loader.grub.efiInstallAsRemovable, then turn off boot.loader.efi.canTouchEfiVariables"; + } + ] ++ flip concatMap cfg.mirroredBoots (args: [ + { + assertion = args.devices != [ ]; + message = "A boot path cannot have an empty devices string in ${args.path}"; + } + { + assertion = hasPrefix "/" args.path; + message = "Boot paths must be absolute, not ${args.path}"; + } + { + assertion = if args.efiSysMountPoint == null then true else hasPrefix "/" args.efiSysMountPoint; + message = "EFI paths must be absolute, not ${args.efiSysMountPoint}"; + } + ] ++ flip map args.devices (device: { + assertion = device == "nodev" || hasPrefix "/" device; + message = "GRUB devices must be absolute paths, not ${device} in ${args.path}"; + })); + }) + + ]; + + + imports = + [ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "") + (mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]) + (mkRenamedOptionModule [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ]) + (mkRenamedOptionModule [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ]) + (mkRenamedOptionModule [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ]) + (mkRenamedOptionModule [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ]) + (mkRenamedOptionModule [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ]) + ]; + +} diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl new file mode 100644 index 000000000000..bda6a3136407 --- /dev/null +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -0,0 +1,612 @@ +use strict; +use warnings; +use Class::Struct; +use XML::LibXML; +use File::Basename; +use File::Path; +use File::stat; +use File::Copy; +use File::Slurp; +use File::Temp; +require List::Compare; +use POSIX; +use Cwd; + +# system.build.toplevel path +my $defaultConfig = $ARGV[1] or die; + +# Grub config XML generated by grubConfig function in grub.nix +my $dom = XML::LibXML->load_xml(location => $ARGV[0]); + +sub get { my ($name) = @_; return $dom->findvalue("/expr/attrs/attr[\@name = '$name']/*/\@value"); } + +sub readFile { + my ($fn) = @_; local $/ = undef; + open FILE, "<$fn" or return undef; my $s = <FILE>; close FILE; + local $/ = "\n"; chomp $s; return $s; +} + +sub writeFile { + my ($fn, $s) = @_; + open FILE, ">$fn" or die "cannot create $fn: $!\n"; + print FILE $s or die; + close FILE or die; +} + +sub runCommand { + my ($cmd) = @_; + open FILE, "$cmd 2>/dev/null |" or die "Failed to execute: $cmd\n"; + my @ret = <FILE>; + close FILE; + return ($?, @ret); +} + +my $grub = get("grub"); +my $grubVersion = int(get("version")); +my $grubTarget = get("grubTarget"); +my $extraConfig = get("extraConfig"); +my $extraPrepareConfig = get("extraPrepareConfig"); +my $extraPerEntryConfig = get("extraPerEntryConfig"); +my $extraEntries = get("extraEntries"); +my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true"; +my $extraInitrd = get("extraInitrd"); +my $splashImage = get("splashImage"); +my $splashMode = get("splashMode"); +my $backgroundColor = get("backgroundColor"); +my $configurationLimit = int(get("configurationLimit")); +my $copyKernels = get("copyKernels") eq "true"; +my $timeout = int(get("timeout")); +my $defaultEntry = get("default"); +my $fsIdentifier = get("fsIdentifier"); +my $grubEfi = get("grubEfi"); +my $grubTargetEfi = get("grubTargetEfi"); +my $bootPath = get("bootPath"); +my $storePath = get("storePath"); +my $canTouchEfiVariables = get("canTouchEfiVariables"); +my $efiInstallAsRemovable = get("efiInstallAsRemovable"); +my $efiSysMountPoint = get("efiSysMountPoint"); +my $gfxmodeEfi = get("gfxmodeEfi"); +my $gfxmodeBios = get("gfxmodeBios"); +my $bootloaderId = get("bootloaderId"); +my $forceInstall = get("forceInstall"); +my $font = get("font"); +$ENV{'PATH'} = get("path"); + +die "unsupported GRUB version\n" if $grubVersion != 1 && $grubVersion != 2; + +print STDERR "updating GRUB $grubVersion menu...\n"; + +mkpath("$bootPath/grub", 0, 0700); + +# Discover whether the bootPath is on the same filesystem as / and +# /nix/store. If not, then all kernels and initrds must be copied to +# the bootPath. +if (stat($bootPath)->dev != stat("/nix/store")->dev) { + $copyKernels = 1; +} + +# Discover information about the location of the bootPath +struct(Fs => { + device => '$', + type => '$', + mount => '$', +}); +sub PathInMount { + my ($path, $mount) = @_; + my @splitMount = split /\//, $mount; + my @splitPath = split /\//, $path; + if ($#splitPath < $#splitMount) { + return 0; + } + for (my $i = 0; $i <= $#splitMount; $i++) { + if ($splitMount[$i] ne $splitPath[$i]) { + return 0; + } + } + return 1; +} + +# Figure out what filesystem is used for the directory with init/initrd/kernel files +sub GetFs { + my ($dir) = @_; + my $bestFs = Fs->new(device => "", type => "", mount => ""); + foreach my $fs (read_file("/proc/self/mountinfo")) { + chomp $fs; + my @fields = split / /, $fs; + my $mountPoint = $fields[4]; + next unless -d $mountPoint; + my @mountOptions = split /,/, $fields[5]; + + # Skip the optional fields. + my $n = 6; $n++ while $fields[$n] ne "-"; $n++; + my $fsType = $fields[$n]; + my $device = $fields[$n + 1]; + my @superOptions = split /,/, $fields[$n + 2]; + + # Skip the bind-mount on /nix/store. + next if $mountPoint eq "/nix/store" && (grep { $_ eq "rw" } @superOptions); + # Skip mount point generated by systemd-efi-boot-generator? + next if $fsType eq "autofs"; + + # Ensure this matches the intended directory + next unless PathInMount($dir, $mountPoint); + + # Is it better than our current match? + if (length($mountPoint) > length($bestFs->mount)) { + $bestFs = Fs->new(device => $device, type => $fsType, mount => $mountPoint); + } + } + return $bestFs; +} +struct (Grub => { + path => '$', + search => '$', +}); +my $driveid = 1; +sub GrubFs { + my ($dir) = @_; + my $fs = GetFs($dir); + my $path = substr($dir, length($fs->mount)); + if (substr($path, 0, 1) ne "/") { + $path = "/$path"; + } + my $search = ""; + + if ($grubVersion > 1) { + # ZFS is completely separate logic as zpools are always identified by a label + # or custom UUID + if ($fs->type eq 'zfs') { + my $sid = index($fs->device, '/'); + + if ($sid < 0) { + $search = '--label ' . $fs->device; + $path = '/@' . $path; + } else { + $search = '--label ' . substr($fs->device, 0, $sid); + $path = '/' . substr($fs->device, $sid) . '/@' . $path; + } + } else { + my %types = ('uuid' => '--fs-uuid', 'label' => '--label'); + + if ($fsIdentifier eq 'provided') { + # If the provided dev is identifying the partition using a label or uuid, + # we should get the label / uuid and do a proper search + my @matches = $fs->device =~ m/\/dev\/disk\/by-(label|uuid)\/(.*)/; + if ($#matches > 1) { + die "Too many matched devices" + } elsif ($#matches == 1) { + $search = "$types{$matches[0]} $matches[1]" + } + } else { + # Determine the identifying type + $search = $types{$fsIdentifier} . ' '; + + # Based on the type pull in the identifier from the system + my ($status, @devInfo) = runCommand("@utillinux@/bin/blkid -o export @{[$fs->device]}"); + if ($status != 0) { + die "Failed to get blkid info (returned $status) for @{[$fs->mount]} on @{[$fs->device]}"; + } + my @matches = join("", @devInfo) =~ m/@{[uc $fsIdentifier]}=([^\n]*)/; + if ($#matches != 0) { + die "Couldn't find a $types{$fsIdentifier} for @{[$fs->device]}\n" + } + $search .= $matches[0]; + } + + # BTRFS is a special case in that we need to fix the referrenced path based on subvolumes + if ($fs->type eq 'btrfs') { + my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs subvol show @{[$fs->mount]}"); + if ($status != 0) { + die "Failed to retrieve subvolume info for @{[$fs->mount]}\n"; + } + my @ids = join("\n", @id_info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s; + if ($#ids > 0) { + die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n" + } elsif ($#ids == 0) { + my ($status, @path_info) = runCommand("@btrfsprogs@/bin/btrfs subvol list @{[$fs->mount]}"); + if ($status != 0) { + die "Failed to find @{[$fs->mount]} subvolume id from btrfs\n"; + } + my @paths = join("", @path_info) =~ m/ID $ids[0] [^\n]* path ([^\n]*)/; + if ($#paths > 0) { + die "Btrfs returned multiple paths for a single subvolume id, mountpoint @{[$fs->mount]}\n"; + } elsif ($#paths != 0) { + die "Btrfs did not return a path for the subvolume at @{[$fs->mount]}\n"; + } + $path = "/$paths[0]$path"; + } + } + } + if (not $search eq "") { + $search = "search --set=drive$driveid " . $search; + $path = "(\$drive$driveid)$path"; + $driveid += 1; + } + } + return Grub->new(path => $path, search => $search); +} +my $grubBoot = GrubFs($bootPath); +my $grubStore; +if ($copyKernels == 0) { + $grubStore = GrubFs($storePath); +} +my $extraInitrdPath; +if ($extraInitrd) { + if (! -f $extraInitrd) { + print STDERR "Warning: the specified extraInitrd " . $extraInitrd . " doesn't exist. Your system won't boot without it.\n"; + } + $extraInitrdPath = GrubFs($extraInitrd); +} + +# Generate the header. +my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n"; + +if ($grubVersion == 1) { + $conf .= " + default $defaultEntry + timeout $timeout + "; + if ($splashImage) { + copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath\n"; + $conf .= "splashimage " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background.xpm.gz\n"; + } +} + +else { + if ($copyKernels == 0) { + $conf .= " + " . $grubStore->search; + } + # FIXME: should use grub-mkconfig. + $conf .= " + " . $grubBoot->search . " + if [ -s \$prefix/grubenv ]; then + load_env + fi + + # ‘grub-reboot’ sets a one-time saved entry, which we process here and + # then delete. + if [ \"\${next_entry}\" ]; then + set default=\"\${next_entry}\" + set next_entry= + save_env next_entry + set timeout=1 + else + set default=$defaultEntry + set timeout=$timeout + fi + + # Setup the graphics stack for bios and efi systems + if [ \"\${grub_platform}\" = \"efi\" ]; then + insmod efi_gop + insmod efi_uga + else + insmod vbe + fi + "; + + if ($font) { + copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath\n"; + $conf .= " + insmod font + if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then + insmod gfxterm + if [ \"\${grub_platform}\" = \"efi\" ]; then + set gfxmode=$gfxmodeEfi + set gfxpayload=keep + else + set gfxmode=$gfxmodeBios + set gfxpayload=text + fi + terminal_output gfxterm + fi + "; + } + if ($splashImage) { + # Keeps the image's extension. + my ($filename, $dirs, $suffix) = fileparse($splashImage, qr"\..[^.]*$"); + # The module for jpg is jpeg. + if ($suffix eq ".jpg") { + $suffix = ".jpeg"; + } + if ($backgroundColor) { + $conf .= " + background_color '$backgroundColor' + "; + } + copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath\n"; + $conf .= " + insmod " . substr($suffix, 1) . " + if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then + set color_normal=white/black + set color_highlight=black/white + else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + fi + "; + } +} + +$conf .= "$extraConfig\n"; + + +# Generate the menu entries. +$conf .= "\n"; + +my %copied; +mkpath("$bootPath/kernels", 0, 0755) if $copyKernels; + +sub copyToKernelsDir { + my ($path) = @_; + return $grubStore->path . substr($path, length("/nix/store")) unless $copyKernels; + $path =~ /\/nix\/store\/(.*)/ or die; + my $name = $1; $name =~ s/\//-/g; + my $dst = "$bootPath/kernels/$name"; + # Don't copy the file if $dst already exists. This means that we + # have to create $dst atomically to prevent partially copied + # kernels or initrd if this script is ever interrupted. + if (! -e $dst) { + my $tmp = "$dst.tmp"; + copy $path, $tmp or die "cannot copy $path to $tmp\n"; + rename $tmp, $dst or die "cannot rename $tmp to $dst\n"; + } + $copied{$dst} = 1; + return ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$name"; +} + +sub addEntry { + my ($name, $path) = @_; + return unless -e "$path/kernel" && -e "$path/initrd"; + + my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel")); + my $initrd = copyToKernelsDir(Cwd::abs_path("$path/initrd")); + if ($extraInitrd) { + $initrd .= " " .$extraInitrdPath->path; + } + my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef; + + # FIXME: $confName + + my $kernelParams = + "systemConfig=" . Cwd::abs_path($path) . " " . + "init=" . Cwd::abs_path("$path/init") . " " . + readFile("$path/kernel-params"); + my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : ""; + + if ($grubVersion == 1) { + $conf .= "title $name\n"; + $conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig; + $conf .= " kernel $xen $xenParams\n" if $xen; + $conf .= " " . ($xen ? "module" : "kernel") . " $kernel $kernelParams\n"; + $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n\n"; + } else { + $conf .= "menuentry \"$name\" {\n"; + $conf .= $grubBoot->search . "\n"; + if ($copyKernels == 0) { + $conf .= $grubStore->search . "\n"; + } + if ($extraInitrd) { + $conf .= $extraInitrdPath->search . "\n"; + } + $conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig; + $conf .= " multiboot $xen $xenParams\n" if $xen; + $conf .= " " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n"; + $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n"; + $conf .= "}\n\n"; + } +} + + +# Add default entries. +$conf .= "$extraEntries\n" if $extraEntriesBeforeNixOS; + +addEntry("NixOS - Default", $defaultConfig); + +$conf .= "$extraEntries\n" unless $extraEntriesBeforeNixOS; + +my $grubBootPath = $grubBoot->path; +# extraEntries could refer to @bootRoot@, which we have to substitute +$conf =~ s/\@bootRoot\@/$grubBootPath/g; + +# Emit submenus for all system profiles. +sub addProfile { + my ($profile, $description) = @_; + + # Add entries for all generations of this profile. + $conf .= "submenu \"$description\" {\n" if $grubVersion == 2; + + sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; } + + my @links = sort + { nrFromGen($b) <=> nrFromGen($a) } + (glob "$profile-*-link"); + + my $curEntry = 0; + foreach my $link (@links) { + last if $curEntry++ >= $configurationLimit; + if (! -e "$link/nixos-version") { + warn "skipping corrupt system profile entry ‘$link’\n"; + next; + } + my $date = strftime("%F", localtime(lstat($link)->mtime)); + my $version = + -e "$link/nixos-version" + ? readFile("$link/nixos-version") + : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); + addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link); + } + + $conf .= "}\n" if $grubVersion == 2; +} + +addProfile "/nix/var/nix/profiles/system", "NixOS - All configurations"; + +if ($grubVersion == 2) { + for my $profile (glob "/nix/var/nix/profiles/system-profiles/*") { + my $name = basename($profile); + next unless $name =~ /^\w+$/; + addProfile $profile, "NixOS - Profile '$name'"; + } +} + +# Run extraPrepareConfig in sh +if ($extraPrepareConfig ne "") { + system((get("shell"), "-c", $extraPrepareConfig)); +} + +# write the GRUB config. +my $confFile = $grubVersion == 1 ? "$bootPath/grub/menu.lst" : "$bootPath/grub/grub.cfg"; +my $tmpFile = $confFile . ".tmp"; +writeFile($tmpFile, $conf); + + +# check whether to install GRUB EFI or not +sub getEfiTarget { + if ($grubVersion == 1) { + return "no" + } elsif (($grub ne "") && ($grubEfi ne "")) { + # EFI can only be installed when target is set; + # A target is also required then for non-EFI grub + if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die } + else { return "both" } + } elsif (($grub ne "") && ($grubEfi eq "")) { + # TODO: It would be safer to disallow non-EFI grub installation if no taget is given. + # If no target is given, then grub auto-detects the target which can lead to errors. + # E.g. it seems as if grub would auto-detect a EFI target based on the availability + # of a EFI partition. + # However, it seems as auto-detection is currently relied on for non-x86_64 and non-i386 + # architectures in NixOS. That would have to be fixed in the nixos modules first. + return "no" + } elsif (($grub eq "") && ($grubEfi ne "")) { + # EFI can only be installed when target is set; + if ($grubTargetEfi eq "") { die } + else {return "only" } + } else { + # prevent an installation if neither grub nor grubEfi is given + return "neither" + } +} + +my $efiTarget = getEfiTarget(); + +# Append entries detected by os-prober +if (get("useOSProber") eq "true") { + my $targetpackage = ($efiTarget eq "no") ? $grub : $grubEfi; + system(get("shell"), "-c", "pkgdatadir=$targetpackage/share/grub $targetpackage/etc/grub.d/30_os-prober >> $tmpFile"); +} + +# Atomically switch to the new config +rename $tmpFile, $confFile or die "cannot rename $tmpFile to $confFile\n"; + + +# Remove obsolete files from $bootPath/kernels. +foreach my $fn (glob "$bootPath/kernels/*") { + next if defined $copied{$fn}; + print STDERR "removing obsolete file $fn\n"; + unlink $fn; +} + + +# +# Install GRUB if the parameters changed from the last time we installed it. +# + +struct(GrubState => { + name => '$', + version => '$', + efi => '$', + devices => '$', + efiMountPoint => '$', +}); +sub readGrubState { + my $defaultGrubState = GrubState->new(name => "", version => "", efi => "", devices => "", efiMountPoint => "" ); + open FILE, "<$bootPath/grub/state" or return $defaultGrubState; + local $/ = "\n"; + my $name = <FILE>; + chomp($name); + my $version = <FILE>; + chomp($version); + my $efi = <FILE>; + chomp($efi); + my $devices = <FILE>; + chomp($devices); + my $efiMountPoint = <FILE>; + chomp($efiMountPoint); + close FILE; + my $grubState = GrubState->new(name => $name, version => $version, efi => $efi, devices => $devices, efiMountPoint => $efiMountPoint ); + return $grubState +} + +sub getDeviceTargets { + my @devices = (); + foreach my $dev ($dom->findnodes('/expr/attrs/attr[@name = "devices"]/list/string/@value')) { + $dev = $dev->findvalue(".") or die; + push(@devices, $dev); + } + return @devices; +} +my @deviceTargets = getDeviceTargets(); +my $prevGrubState = readGrubState(); +my @prevDeviceTargets = split/,/, $prevGrubState->devices; + +my $devicesDiffer = scalar (List::Compare->new( '-u', '-a', \@deviceTargets, \@prevDeviceTargets)->get_symmetric_difference()); +my $nameDiffer = get("fullName") ne $prevGrubState->name; +my $versionDiffer = get("fullVersion") ne $prevGrubState->version; +my $efiDiffer = $efiTarget ne $prevGrubState->efi; +my $efiMountPointDiffer = $efiSysMountPoint ne $prevGrubState->efiMountPoint; +if (($ENV{'NIXOS_INSTALL_GRUB'} // "") eq "1") { + warn "NIXOS_INSTALL_GRUB env var deprecated, use NIXOS_INSTALL_BOOTLOADER"; + $ENV{'NIXOS_INSTALL_BOOTLOADER'} = "1"; +} +my $requireNewInstall = $devicesDiffer || $nameDiffer || $versionDiffer || $efiDiffer || $efiMountPointDiffer || (($ENV{'NIXOS_INSTALL_BOOTLOADER'} // "") eq "1"); + +# install a symlink so that grub can detect the boot drive +my $tmpDir = File::Temp::tempdir(CLEANUP => 1) or die "Failed to create temporary space"; +symlink "$bootPath", "$tmpDir/boot" or die "Failed to symlink $tmpDir/boot"; + +# install non-EFI GRUB +if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) { + foreach my $dev (@deviceTargets) { + next if $dev eq "nodev"; + print STDERR "installing the GRUB $grubVersion boot loader on $dev...\n"; + my @command = ("$grub/sbin/grub-install", "--recheck", "--root-directory=$tmpDir", Cwd::abs_path($dev)); + if ($forceInstall eq "true") { + push @command, "--force"; + } + if ($grubTarget ne "") { + push @command, "--target=$grubTarget"; + } + (system @command) == 0 or die "$0: installation of GRUB on $dev failed\n"; + } +} + + +# install EFI GRUB +if (($requireNewInstall != 0) && ($efiTarget eq "only" || $efiTarget eq "both")) { + print STDERR "installing the GRUB $grubVersion EFI boot loader into $efiSysMountPoint...\n"; + my @command = ("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--boot-directory=$bootPath", "--efi-directory=$efiSysMountPoint"); + if ($forceInstall eq "true") { + push @command, "--force"; + } + if ($canTouchEfiVariables eq "true") { + push @command, "--bootloader-id=$bootloaderId"; + } else { + push @command, "--no-nvram"; + push @command, "--removable" if $efiInstallAsRemovable eq "true"; + } + + (system @command) == 0 or die "$0: installation of GRUB EFI into $efiSysMountPoint failed\n"; +} + + +# update GRUB state file +if ($requireNewInstall != 0) { + open FILE, ">$bootPath/grub/state" or die "cannot create $bootPath/grub/state: $!\n"; + print FILE get("fullName"), "\n" or die; + print FILE get("fullVersion"), "\n" or die; + print FILE $efiTarget, "\n" or die; + print FILE join( ",", @deviceTargets ), "\n" or die; + print FILE $efiSysMountPoint, "\n" or die; + close FILE or die; +} diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix new file mode 100644 index 000000000000..249c2761934d --- /dev/null +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix @@ -0,0 +1,64 @@ +# This module adds a scripted iPXE entry to the GRUB boot menu. + +{ config, lib, pkgs, ... }: + +with lib; + +let + scripts = builtins.attrNames config.boot.loader.grub.ipxe; + + grubEntry = name: + '' + menuentry "iPXE - ${name}" { + linux16 @bootRoot@/ipxe.lkrn + initrd16 @bootRoot@/${name}.ipxe + } + + ''; + + scriptFile = name: + let + value = builtins.getAttr name config.boot.loader.grub.ipxe; + in + if builtins.typeOf value == "path" then value + else builtins.toFile "${name}.ipxe" value; +in +{ + options = + { boot.loader.grub.ipxe = mkOption { + type = types.attrsOf (types.either types.path types.str); + description = + '' + Set of iPXE scripts available for + booting from the GRUB boot menu. + ''; + default = { }; + example = literalExample '' + { demo = ''' + #!ipxe + dhcp + chain http://boot.ipxe.org/demo/boot.php + '''; + } + ''; + }; + }; + + config = mkIf (builtins.length scripts != 0) { + + boot.loader.grub.extraEntries = + if config.boot.loader.grub.version == 2 then + toString (map grubEntry scripts) + else + throw "iPXE is not supported with GRUB 1."; + + boot.loader.grub.extraFiles = + { "ipxe.lkrn" = "${pkgs.ipxe}/ipxe.lkrn"; } + // + builtins.listToAttrs ( map + (name: { name = name+".ipxe"; value = scriptFile name; }) + scripts + ); + }; + +} diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix new file mode 100644 index 000000000000..94e5a14174b0 --- /dev/null +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix @@ -0,0 +1,93 @@ +# This module adds Memtest86+ to the GRUB boot menu. + +{ config, lib, pkgs, ... }: + +with lib; + +let + memtest86 = pkgs.memtest86plus; + cfg = config.boot.loader.grub.memtest86; +in + +{ + options = { + + boot.loader.grub.memtest86 = { + + enable = mkOption { + default = false; + type = types.bool; + description = '' + Make Memtest86+, a memory testing program, available from the + GRUB boot menu. + ''; + }; + + params = mkOption { + default = []; + example = [ "console=ttyS0,115200" ]; + type = types.listOf types.str; + description = '' + Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 + the following list of (apparently undocumented) parameters are + accepted: + + <itemizedlist> + + <listitem> + <para><literal>console=...</literal>, set up a serial console. + Examples: + <literal>console=ttyS0</literal>, + <literal>console=ttyS0,9600</literal> or + <literal>console=ttyS0,115200n8</literal>.</para> + </listitem> + + <listitem> + <para><literal>btrace</literal>, enable boot trace.</para> + </listitem> + + <listitem> + <para><literal>maxcpus=N</literal>, limit number of CPUs.</para> + </listitem> + + <listitem> + <para><literal>onepass</literal>, run one pass and exit if there + are no errors.</para> + </listitem> + + <listitem> + <para><literal>tstlist=...</literal>, list of tests to run. + Example: <literal>0,1,2</literal>.</para> + </listitem> + + <listitem> + <para><literal>cpumask=...</literal>, set a CPU mask, to select CPUs + to use for testing.</para> + </listitem> + + </itemizedlist> + + This list of command line options was obtained by reading the + Memtest86+ source code. + ''; + }; + + }; + }; + + config = mkIf cfg.enable { + + boot.loader.grub.extraEntries = + if config.boot.loader.grub.version == 2 then + '' + menuentry "Memtest86+" { + linux16 @bootRoot@/memtest.bin ${toString cfg.params} + } + '' + else + throw "Memtest86+ is not supported with GRUB 1."; + + boot.loader.grub.extraFiles."memtest.bin" = "${memtest86}/memtest.bin"; + + }; +} |