diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm index ac99d6b1a3..a5d9fefa62 100644 --- a/gnu/build/vm.scm +++ b/gnu/build/vm.scm @@ -423,7 +423,8 @@ (define (install-efi grub esp config-file) ;; Graft the configuration file onto the image. (string-append "boot/grub/grub.cfg=" config-file)))) -(define* (make-iso9660-image grub config-file os-drv target +(define* (make-iso9660-image xorriso grub-mkrescue-environment + grub config-file os-drv target #:key (volume-id "Guix_image") (volume-uuid #f) register-closures? (closures '())) "Given a GRUB package, creates an iso image as TARGET, using CONFIG-FILE as @@ -431,6 +432,9 @@ (define* (make-iso9660-image grub config-file os-drv target (define grub-mkrescue (string-append grub "/bin/grub-mkrescue")) + (define grub-mkrescue-sed.sh + (string-append xorriso "/bin/grub-mkrescue-sed.sh")) + (define target-store (string-append "/tmp/root" (%store-directory))) @@ -483,9 +487,19 @@ (define items #x77777777) 16)) + (setenv "MKRESCUE_SED_MODE" "original") + (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso + "/bin/xorriso")) + (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes") + (for-each (match-lambda + ((name . value) (setenv name value))) + grub-mkrescue-environment) + (let ((pipe (apply open-pipe* OPEN_WRITE - grub-mkrescue "-o" target + grub-mkrescue + (string-append "--xorriso=" grub-mkrescue-sed.sh) + "-o" target (string-append "boot/grub/grub.cfg=" config-file) "etc=/tmp/root/etc" "var=/tmp/root/var" diff --git a/gnu/local.mk b/gnu/local.mk index ac55e1dd28..694bbfd367 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1372,7 +1372,9 @@ dist_patch_DATA = \ %D%/packages/patches/xfce4-session-fix-xflock4.patch \ %D%/packages/patches/xfce4-settings-defaults.patch \ %D%/packages/patches/xinetd-fix-fd-leak.patch \ - %D%/packages/patches/xinetd-CVE-2013-4342.patch + %D%/packages/patches/xinetd-CVE-2013-4342.patch \ + %D%/packages/patches/xorriso-no-partition-table-in-inner-efi.patch \ + %D%/packages/patches/xorriso-no-mbr-in-inner-efi.patch MISC_DISTRO_FILES = \ %D%/packages/ld-wrapper.in diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm index 2bd5745ad3..8d9778176f 100644 --- a/gnu/packages/cdrom.scm +++ b/gnu/packages/cdrom.scm @@ -162,8 +162,20 @@ (define-public xorriso version ".tar.gz")) (sha256 (base32 - "0aq6lvlwlkxz56l5sbvgycr6j5c82ch2bv6zrnc2345ibfpafgx9")))) + "0aq6lvlwlkxz56l5sbvgycr6j5c82ch2bv6zrnc2345ibfpafgx9")) + (patches + (search-patches "xorriso-no-partition-table-in-inner-efi.patch" + "xorriso-no-mbr-in-inner-efi.patch")))) (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'install 'install-frontends + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (out-bin (string-append out "/bin"))) + (install-file "frontend/grub-mkrescue-sed.sh" out-bin) + #t)))))) (inputs `(("acl" ,acl) ("readline" ,readline) diff --git a/gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch b/gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch new file mode 100644 index 0000000000..a43889d2c6 --- /dev/null +++ b/gnu/packages/patches/xorriso-no-mbr-in-inner-efi.patch @@ -0,0 +1,47 @@ +https://dev.lovelyhq.com/libburnia/libisoburn/commit/1eb51f44dadb8b6c5f87533ca357186cdc1ac625 +diff --git a/frontend/grub-mkrescue-sed.sh b/frontend/grub-mkrescue-sed.sh +index b3948c99..dcd9d696 100755 +--- a/frontend/grub-mkrescue-sed.sh ++++ b/frontend/grub-mkrescue-sed.sh +@@ -120,6 +120,7 @@ fi + # "yes" overwrites the MBR partition table area in the EFI boot image by zeros. + # Some EFI implementations get stuck when seeing in the EFI partition a + # partition table entry which begins at LBA 0. ++# "extra" not only zeros the partition table but also the MBR signature. + efi_zero_inner_pt=no + if test -n "$MKRESCUE_SED_IN_EFI_NO_PT" + then +@@ -192,24 +193,31 @@ then + find "$dir" + fi + +-if test "$efi_zero_inner_pt" = yes ++if test "$efi_zero_inner_pt" = yes -o "$efi_zero_inner_pt" = extra + then + did_dd=0 + if test -e "$dir"/efi.img + then ++ # Look for 0x55 0xAA in bytes 510 and 511 + magic=$(dd bs=1 skip=510 count=2 if="$dir"/efi.img 2>/dev/null | \ + od -c | head -1 | awk '{print $2 " " $3}') + if test "$magic" = "U 252" + then ++ echo "Performing actions for MKRESCUE_SED_IN_EFI_NO_PT=$efi_zero_inner_pt" >&2 + dd if=/dev/zero bs=1 seek=446 count=64 conv=notrunc of="$dir"/efi.img + did_dd=1 ++ if test "$efi_zero_inner_pt" = extra ++ then ++ dd if=/dev/zero bs=1 seek=510 count=2 conv=notrunc of="$dir"/efi.img ++ fi ++ echo >&2 + fi + fi + if test "$did_dd" = 0 + then + echo >&2 + echo "$0 : NOTE : No EFI image found or no MBR signature in it." >&2 +- echo "$0 : NOTE : Will not obey MKRESCUE_SED_IN_EFI_NO_PT=yes" >&2 ++ echo "$0 : NOTE : Will not obey MKRESCUE_SED_IN_EFI_NO_PT=$efi_zero_inner_pt" >&2 + echo >&2 + fi + fi diff --git a/gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch b/gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch new file mode 100644 index 0000000000..a719ca1f89 --- /dev/null +++ b/gnu/packages/patches/xorriso-no-partition-table-in-inner-efi.patch @@ -0,0 +1,107 @@ +https://dev.lovelyhq.com/libburnia/libisoburn/commit/3a2a3ba737a06162c22ace0ae09d33ba97aa2673 +diff --git a/frontend/grub-mkrescue-sed.sh b/frontend/grub-mkrescue-sed.sh +index d772ff22..b3948c99 100755 +--- a/frontend/grub-mkrescue-sed.sh ++++ b/frontend/grub-mkrescue-sed.sh +@@ -1,6 +1,6 @@ + #!/bin/sh + +-# Copyright (C) 2015 - 2016 ++# Copyright (C) 2015 - 2019 + # Thomas Schmitt , libburnia-project.org + # Provided under BSD license: Use, modify, and distribute as you like. + +@@ -117,6 +117,15 @@ fi + # command line.) + # Each argument must be a single word. No whitespace. No quotation marks. + ++# "yes" overwrites the MBR partition table area in the EFI boot image by zeros. ++# Some EFI implementations get stuck when seeing in the EFI partition a ++# partition table entry which begins at LBA 0. ++efi_zero_inner_pt=no ++if test -n "$MKRESCUE_SED_IN_EFI_NO_PT" ++then ++ efi_zero_inner_pt="$MKRESCUE_SED_IN_EFI_NO_PT" ++fi ++ + + # + # Do the work +@@ -183,12 +192,48 @@ then + find "$dir" + fi + ++if test "$efi_zero_inner_pt" = yes ++then ++ did_dd=0 ++ if test -e "$dir"/efi.img ++ then ++ magic=$(dd bs=1 skip=510 count=2 if="$dir"/efi.img 2>/dev/null | \ ++ od -c | head -1 | awk '{print $2 " " $3}') ++ if test "$magic" = "U 252" ++ then ++ dd if=/dev/zero bs=1 seek=446 count=64 conv=notrunc of="$dir"/efi.img ++ did_dd=1 ++ fi ++ fi ++ if test "$did_dd" = 0 ++ then ++ echo >&2 ++ echo "$0 : NOTE : No EFI image found or no MBR signature in it." >&2 ++ echo "$0 : NOTE : Will not obey MKRESCUE_SED_IN_EFI_NO_PT=yes" >&2 ++ echo >&2 ++ fi ++fi ++ + efi_tmp_name= ++if test x"$mode" = xmjg \ ++ -o x"$mode" = xmbr_only \ ++ -o x"$mode" = xgpt_appended \ ++ -o x"$mode" = xmbr_hfs ++then ++ # Move EFI partition image file out of the "$dir" tree, i.e. out of the ISO ++ efi_tmp_name=grub-mkrescue-sed-efi-img.$$ ++ if test -e "$dir"/efi.img ++ then ++ mv "$dir"/efi.img /tmp/$efi_tmp_name ++ elif test -e /tmp/$efi_tmp_name ++ then ++ rm /tmp/$efi_tmp_name ++ fi ++fi ++ + if test x"$mode" = xmjg + then + # Exchange arguments for the experimental GRUB2 mjg layout +- efi_tmp_name=grub-mkrescue-sed-efi-img.$$ +- mv "$dir"/efi.img /tmp/$efi_tmp_name + x=$(echo " $*" | sed \ + -e "s/-efi-boot-part --efi-boot-image/-no-pad -append_partition $partno 0xef \/tmp\/$efi_tmp_name/" \ + -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_${partno}:all:: -no-emul-boot -isohybrid-gpt-basdat/" \ +@@ -207,8 +252,6 @@ then + elif test x"$mode" = xmbr_only + then + # Exchange arguments for no-HFS MBR-only layout +- efi_tmp_name=grub-mkrescue-sed-efi-img.$$ +- mv "$dir"/efi.img /tmp/$efi_tmp_name + x=$(echo " $*" | sed \ + -e "s/-efi-boot-part --efi-boot-image/$iso_mbr_part_type -no-pad -append_partition 2 0xef \/tmp\/$efi_tmp_name/" \ + -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_2:all:: -no-emul-boot/" \ +@@ -228,8 +271,6 @@ then + elif test x"$mode" = xmbr_hfs + then + # Exchange arguments for MBR and HFS+ layout +- efi_tmp_name=grub-mkrescue-sed-efi-img.$$ +- mv "$dir"/efi.img /tmp/$efi_tmp_name + x=$(echo " $*" | sed \ + -e "s/-efi-boot-part --efi-boot-image/$iso_mbr_part_type -no-pad -append_partition 2 0xef \/tmp\/$efi_tmp_name/" \ + -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_2:all:: -no-emul-boot/" \ +@@ -247,8 +288,6 @@ then + elif test x"$mode" = xgpt_appended + then + # Exchange arguments for no-HFS MBR-only layout +- efi_tmp_name=grub-mkrescue-sed-efi-img.$$ +- mv "$dir"/efi.img /tmp/$efi_tmp_name + x=$(echo " $*" | sed \ + -e "s/-efi-boot-part --efi-boot-image/-no-pad -append_partition 2 0xef \/tmp\/$efi_tmp_name -appended_part_as_gpt -partition_offset 16/" \ + -e "s/--efi-boot efi\.img/-eltorito-alt-boot -e --interval:appended_partition_2:all:: -no-emul-boot/" \ diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index aa37896498..0d4ed63eec 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -266,7 +266,8 @@ (define* (iso9660-image #:key bootcfg-drv bootloader (register-closures? (has-guix-service-type? os)) - (inputs '())) + (inputs '()) + (grub-mkrescue-environment '())) "Return a bootable, stand-alone iso9660 image. INPUTS is a list of inputs (as for packages)." @@ -313,7 +314,9 @@ (define schema inputs))) (set-path-environment-variable "PATH" '("bin" "sbin") inputs) - (make-iso9660-image #$(bootloader-package bootloader) + (make-iso9660-image #$xorriso + '#$grub-mkrescue-environment + #$(bootloader-package bootloader) #$bootcfg-drv #$os "/xchg/guixsd.iso" @@ -704,7 +707,9 @@ (define file-systems-to-keep #:bootloader (bootloader-configuration-bootloader (operating-system-bootloader os)) #:inputs `(("system" ,os) - ("bootcfg" ,bootcfg))) + ("bootcfg" ,bootcfg)) + #:grub-mkrescue-environment + '(("MKRESCUE_SED_MODE" . "mbr_hfs"))) (qemu-image #:name name #:os os #:bootcfg-drv bootcfg