[PATCH 20/20] host/rootfs: Switch to systemd

This requires removing the s6 calls to getty (now handled by systemd) and the use of mdevd (replaced by systemd-udevd). Additionally, s6-svscan is called by systemd instead of by s6-linux-init, and /run/service is populated by systemd-tmpfiles instead of by s6-linux-init. This overall reduces the amount of code, as systemd does so much itself and thus Spectrum OS does not need to reimplement as much. Furthermore, more savings and additional features could be obtained by using more of systemd. For instance, weston could be launched by a systemd service instead of s6, meaning that s6 would only be used to launch the per-VM services. Furthermore, the lifetime of the login session could be tied to the lifetime of the current process, so that when the user logs out (or their session is otherwise terminated, perhaps by Linux's SAK killing the compositor's parent process) all of their VMs are killed. Finally, some sandboxing features are trivial to implement with systemd. For instance, host processes are forbidden from using Linux kernel IP networking: they can configure interfaces as normal, so guest networking works, but they cannot send or receive any packets. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- LICENSES/ISC.txt | 11 - host/rootfs/Makefile | 171 +++++++--------- host/rootfs/default.nix | 228 +++++++++++---------- host/rootfs/etc/group | 1 - host/rootfs/etc/init | 10 +- host/rootfs/etc/machine-id | 0 host/rootfs/etc/mdev.conf | 7 - host/rootfs/etc/mdev/listen | 11 - host/rootfs/etc/mdev/wait | 14 -- host/rootfs/etc/pam.d/login | 9 + host/rootfs/etc/passwd | 1 - host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY | 1 - .../etc/s6-linux-init/env/WAYLAND_DISPLAY.license | 2 - host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR | 1 - .../etc/s6-linux-init/env/XDG_RUNTIME_DIR.license | 2 - .../etc/s6-linux-init/run-image/opengl-driver | 1 - .../s6-linux-init/run-image/service/getty-tty1/run | 5 - .../s6-linux-init/run-image/service/getty-tty2/run | 5 - .../s6-linux-init/run-image/service/getty-tty3/run | 5 - .../s6-linux-init/run-image/service/getty-tty4/run | 5 - .../run-image/service/s6-svscan-log/run | 6 - .../run-image/service/serial-getty-generator/run | 43 ---- .../run-image/service/serial-getty/template/run | 5 - .../run-image/service/vmm/template/run | 1 - .../notification-fd.license | 2 - .../service/xdg-desktop-portal-spectrum-host/run | 5 - .../template/notification-fd | 1 - host/rootfs/etc/s6-linux-init/scripts/rc.init | 10 - host/rootfs/etc/s6-rc/card0/type | 1 - host/rootfs/etc/s6-rc/card0/type.license | 2 - host/rootfs/etc/s6-rc/card0/up | 4 - host/rootfs/etc/s6-rc/core/type | 1 - host/rootfs/etc/s6-rc/core/type.license | 2 - host/rootfs/etc/s6-rc/kvm/timeout-up | 1 - host/rootfs/etc/s6-rc/kvm/timeout-up.license | 2 - host/rootfs/etc/s6-rc/kvm/type | 1 - host/rootfs/etc/s6-rc/kvm/type.license | 2 - host/rootfs/etc/s6-rc/kvm/up | 4 - host/rootfs/etc/s6-rc/mdevd-coldplug/dependencies | 4 - host/rootfs/etc/s6-rc/mdevd-coldplug/type | 1 - host/rootfs/etc/s6-rc/mdevd-coldplug/type.license | 2 - host/rootfs/etc/s6-rc/mdevd-coldplug/up | 4 - host/rootfs/etc/s6-rc/mdevd/notification-fd | 1 - .../rootfs/etc/s6-rc/mdevd/notification-fd.license | 2 - host/rootfs/etc/s6-rc/mdevd/run | 5 - host/rootfs/etc/s6-rc/mdevd/type | 1 - host/rootfs/etc/s6-rc/mdevd/type.license | 2 - host/rootfs/etc/s6-rc/ok-all/contents | 3 +- host/rootfs/etc/s6-rc/static-nodes/type | 1 - host/rootfs/etc/s6-rc/static-nodes/type.license | 2 - host/rootfs/etc/s6-rc/static-nodes/up | 26 --- host/rootfs/etc/s6-rc/sys-vmms/dependencies | 4 - host/rootfs/etc/s6-rc/vm-env/contents | 5 - host/rootfs/etc/s6-rc/vm-env/type | 1 - host/rootfs/etc/s6-rc/vm-env/type.license | 2 - host/rootfs/etc/s6-rc/vmm-env/contents | 6 - host/rootfs/etc/s6-rc/vmm-env/type | 1 - host/rootfs/etc/s6-rc/vmm-env/type.license | 2 - host/rootfs/etc/s6-rc/weston/dependencies | 4 - host/rootfs/etc/s6-rc/weston/run | 5 - host/rootfs/etc/security/namespace.conf | 0 .../etc/{s6-rc/core/up => sysctl.d/spectrum.conf} | 3 +- .../systemd-veritysetup-generator | 1 + .../etc/systemd/system.conf.d/zspectrum.conf | 25 +++ host/rootfs/etc/systemd/system/-.slice | 5 + .../default.target.requires/s6-init-start.service | 1 + .../s6-init-start.service | 1 + .../s6-init-start.service | 1 + .../etc/systemd/system/s6-init-start.service | 25 +++ .../system/serial-getty@.service.d/90_force.conf | 6 + .../90_spectrum.conf | 4 + .../system/user@.service.d/99_spectrum-uid.conf | 4 + host/rootfs/etc/tmpfiles.d/99-spectrum.conf | 8 + host/rootfs/etc/udev/rules.d/99-spectrum-kvm.rules | 8 + host/rootfs/shell.nix | 3 +- host/rootfs/usr/bin/run-appimage | 2 +- host/rootfs/usr/bin/vm-start | 2 +- host/rootfs/usr/lib/spectrum/s6-start | 5 + .../share/spectrum}/service/dbus/notification-fd | 0 .../spectrum}/service/dbus/notification-fd.license | 0 .../share/spectrum}/service/dbus/run | 0 .../share/spectrum/service/dbus/template/log/run | 4 + .../service/dbus/template/notification-fd | 0 .../service/dbus/template/notification-fd.license | 0 .../share/spectrum}/service/dbus/template/run | 2 +- .../service/s6-svscan-log/notification-fd | 0 .../service/s6-svscan-log/notification-fd.license | 0 .../usr/share/spectrum/service/s6-svscan-log/run | 4 + .../service/vhost-user-fs}/notification-fd | 0 .../service/vhost-user-fs}/notification-fd.license | 0 .../share/spectrum/service/vhost-user-fs}/run | 0 .../service/vhost-user-fs/template/log/run | 4 + .../vhost-user-fs/template}/notification-fd | 0 .../vhost-user-fs/template/notification-fd.license | 0 .../spectrum}/service/vhost-user-fs/template/run | 0 .../service/vhost-user-gpu}/notification-fd | 0 .../vhost-user-gpu}/notification-fd.license | 0 .../share/spectrum/service/vhost-user-gpu}/run | 0 .../service/vhost-user-gpu/template/data/check | 0 .../service/vhost-user-gpu/template/log/run | 4 + .../vhost-user-gpu/template}/notification-fd | 0 .../template/notification-fd.license | 0 .../spectrum}/service/vhost-user-gpu/template/run | 0 .../spectrum}/service/vhost-user-gpu/template/type | 0 .../service/vhost-user-gpu/template/type.license | 0 host/rootfs/usr/share/spectrum/service/vmm/log/run | 4 + .../share/spectrum/service/vmm}/notification-fd | 0 .../spectrum/service/vmm}/notification-fd.license | 0 .../share/spectrum/service/vmm}/run | 0 .../share/spectrum/service/vmm/template/log/run | 4 + .../spectrum/service/vmm/template}/notification-fd | 0 .../service/vmm/template}/notification-fd.license | 0 .../usr/share/spectrum/service/vmm/template/run | 1 + .../xdg-desktop-portal-spectrum-host/log/run | 4 + .../notification-fd | 0 .../notification-fd.license | 0 .../service/xdg-desktop-portal-spectrum-host}/run | 0 .../template/log/run | 4 + .../template}/notification-fd | 0 .../template/notification-fd.license | 0 .../xdg-desktop-portal-spectrum-host/template/run | 0 img/app/Makefile | 2 +- release/checks/integration/networking.c | 2 +- release/checks/integration/portal.c | 2 +- scripts/make-erofs.sh | 33 ++- vm/sys/net/Makefile | 2 +- 126 files changed, 381 insertions(+), 466 deletions(-) diff --git a/LICENSES/ISC.txt b/LICENSES/ISC.txt deleted file mode 100644 index 02add5e7c7de84db20898836ad5c7eefe516875b..0000000000000000000000000000000000000000 --- a/LICENSES/ISC.txt +++ /dev/null @@ -1,11 +0,0 @@ -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index c62f585b8b7b57918b71fbf4afc18c91965bc1f1..ab4a11812d4f9a5f9158b1a2dc8756872f82f339 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -10,49 +10,23 @@ dest = build/rootfs.erofs FILES = \ etc/fonts/fonts.conf \ etc/fstab \ - etc/group \ etc/init \ etc/login \ - etc/mdev.conf \ - etc/mdev/listen \ + etc/machine-id \ etc/mdev/net/add \ - etc/mdev/wait \ etc/os-release \ + etc/pam.d/login \ etc/parse-devname \ - etc/passwd \ - etc/s6-linux-init/env/WAYLAND_DISPLAY \ - etc/s6-linux-init/env/XDG_RUNTIME_DIR \ - etc/s6-linux-init/run-image/service/dbus/notification-fd \ - etc/s6-linux-init/run-image/service/dbus/run \ - etc/s6-linux-init/run-image/service/dbus/template/notification-fd \ - etc/s6-linux-init/run-image/service/dbus/template/run \ - etc/s6-linux-init/run-image/service/getty-tty1/run \ - etc/s6-linux-init/run-image/service/getty-tty2/run \ - etc/s6-linux-init/run-image/service/getty-tty3/run \ - etc/s6-linux-init/run-image/service/getty-tty4/run \ - etc/s6-linux-init/run-image/service/s6-svscan-log/notification-fd \ - etc/s6-linux-init/run-image/service/s6-svscan-log/run \ - etc/s6-linux-init/run-image/service/serial-getty-generator/run \ - etc/s6-linux-init/run-image/service/serial-getty/notification-fd \ - etc/s6-linux-init/run-image/service/serial-getty/run \ - etc/s6-linux-init/run-image/service/serial-getty/template/run \ - etc/s6-linux-init/run-image/service/vhost-user-fs/notification-fd \ - etc/s6-linux-init/run-image/service/vhost-user-fs/run \ - etc/s6-linux-init/run-image/service/vhost-user-fs/template/notification-fd \ - etc/s6-linux-init/run-image/service/vhost-user-fs/template/run \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/notification-fd \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/run \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/template/data/check \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/template/notification-fd \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/template/run \ - etc/s6-linux-init/run-image/service/vmm/notification-fd \ - etc/s6-linux-init/run-image/service/vmm/run \ - etc/s6-linux-init/run-image/service/vmm/template/notification-fd \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/notification-fd \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/run \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/notification-fd \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/run \ - etc/s6-linux-init/scripts/rc.init \ + etc/security/namespace.conf \ + etc/sysctl.d/spectrum.conf \ + etc/systemd/system.conf.d/zspectrum.conf \ + etc/systemd/system/-.slice \ + etc/systemd/system/s6-init-start.service \ + etc/systemd/system/serial-getty@.service.d/90_force.conf \ + etc/systemd/system/systemd-tmpfiles-setup.service.d/90_spectrum.conf \ + etc/systemd/system/user@.service.d/99_spectrum-uid.conf \ + etc/tmpfiles.d/99-spectrum.conf \ + etc/udev/rules.d/99-spectrum-kvm.rules \ etc/xdg/weston/autolaunch \ etc/xdg/weston/weston.ini \ usr/bin/assign-devices \ @@ -64,46 +38,73 @@ FILES = \ usr/bin/vm-start \ usr/bin/vm-stop \ usr/bin/xdg-open \ - usr/share/dbus-1/services/org.freedesktop.portal.Documents.service + usr/lib/spectrum/s6-start \ + usr/share/dbus-1/services/org.freedesktop.portal.Documents.service \ + usr/share/spectrum/service/dbus/notification-fd \ + usr/share/spectrum/service/dbus/run \ + usr/share/spectrum/service/dbus/template/log/run \ + usr/share/spectrum/service/dbus/template/notification-fd \ + usr/share/spectrum/service/dbus/template/run \ + usr/share/spectrum/service/s6-svscan-log/notification-fd \ + usr/share/spectrum/service/s6-svscan-log/run \ + usr/share/spectrum/service/vhost-user-fs/notification-fd \ + usr/share/spectrum/service/vhost-user-fs/run \ + usr/share/spectrum/service/vhost-user-fs/template/log/run \ + usr/share/spectrum/service/vhost-user-fs/template/notification-fd \ + usr/share/spectrum/service/vhost-user-fs/template/run \ + usr/share/spectrum/service/vhost-user-gpu/notification-fd \ + usr/share/spectrum/service/vhost-user-gpu/run \ + usr/share/spectrum/service/vhost-user-gpu/template/data/check \ + usr/share/spectrum/service/vhost-user-gpu/template/log/run \ + usr/share/spectrum/service/vhost-user-gpu/template/notification-fd \ + usr/share/spectrum/service/vhost-user-gpu/template/run \ + usr/share/spectrum/service/vhost-user-gpu/template/type \ + usr/share/spectrum/service/vmm/log/run \ + usr/share/spectrum/service/vmm/notification-fd \ + usr/share/spectrum/service/vmm/run \ + usr/share/spectrum/service/vmm/template/log/run \ + usr/share/spectrum/service/vmm/template/notification-fd \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/log/run \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/notification-fd \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/run \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/log/run \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/notification-fd \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/run DIRS = \ - etc/s6-linux-init/env \ - etc/s6-linux-init/run-image/configs \ - etc/s6-linux-init/run-image/service/dbus/instance \ - etc/s6-linux-init/run-image/service/dbus/instances \ - etc/s6-linux-init/run-image/service/dbus/template/data \ - etc/s6-linux-init/run-image/service/dbus/template/env \ - etc/s6-linux-init/run-image/service/serial-getty/instance \ - etc/s6-linux-init/run-image/service/serial-getty/instances \ - etc/s6-linux-init/run-image/service/vhost-user-fs/instance \ - etc/s6-linux-init/run-image/service/vhost-user-fs/instances \ - etc/s6-linux-init/run-image/service/vhost-user-fs/template/data \ - etc/s6-linux-init/run-image/service/vhost-user-fs/template/env \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/instance \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/instances \ - etc/s6-linux-init/run-image/service/vhost-user-gpu/template/env \ - etc/s6-linux-init/run-image/service/vmm/instance \ - etc/s6-linux-init/run-image/service/vmm/instances \ - etc/s6-linux-init/run-image/service/vmm/template/data \ - etc/s6-linux-init/run-image/service/vmm/template/env \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/instance \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/instances \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/data \ - etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/env \ - etc/s6-linux-init/run-image/vm/by-id \ - etc/s6-linux-init/run-image/vm/by-name \ - etc/s6-linux-init/run-image/wait \ + etc/dbus \ ext \ - root \ + root/.ssh \ + usr/share/spectrum/configs \ + usr/share/spectrum/service/dbus/instance \ + usr/share/spectrum/service/dbus/instances \ + usr/share/spectrum/service/dbus/template/data \ + usr/share/spectrum/service/dbus/template/env \ + usr/share/spectrum/service/vhost-user-fs/instance \ + usr/share/spectrum/service/vhost-user-fs/instances \ + usr/share/spectrum/service/vhost-user-fs/template/data \ + usr/share/spectrum/service/vhost-user-fs/template/env \ + usr/share/spectrum/service/vhost-user-gpu/instance \ + usr/share/spectrum/service/vhost-user-gpu/instances \ + usr/share/spectrum/service/vhost-user-gpu/template/env \ + usr/share/spectrum/service/vmm/instance \ + usr/share/spectrum/service/vmm/instances \ + usr/share/spectrum/service/vmm/template/data \ + usr/share/spectrum/service/vmm/template/env \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/instance \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/instances \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/data \ + usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/env \ var -FIFOS = etc/s6-linux-init/run-image/service/s6-svscan-log/fifo - # These are separate because they need to be included, but putting # them as make dependencies would confuse make. LINKS = \ - etc/s6-linux-init/run-image/opengl-driver \ - etc/s6-linux-init/run-image/service/vmm/template/run + etc/systemd/system-generators/systemd-veritysetup-generator \ + etc/systemd/system/default.target.requires/s6-init-start.service \ + etc/systemd/system/graphical.target.requires/s6-init-start.service \ + etc/systemd/system/multi-user.target.requires/s6-init-start.service \ + usr/share/spectrum/service/vmm/template/run BUILD_FILES = build/etc/s6-rc/compiled @@ -113,8 +114,7 @@ $(dest): ../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(BUILD_FILES) bu for file in $(FILES) $(LINKS); do printf '%s\n%s\n' $$file $$file; done ;\ for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\ printf 'build/empty\n%s\n' $(DIRS) ;\ - printf 'build/fifo\n%s\n' $(FIFOS) ;\ - ) | ../../scripts/make-erofs.sh $@ + ) | ../../scripts/make-erofs.sh systemd $@ build/fifo: mkdir -p build @@ -124,34 +124,13 @@ build/empty: mkdir -p $@ S6_RC_FILES = \ - etc/s6-rc/card0/type \ - etc/s6-rc/card0/up \ - etc/s6-rc/core/type \ - etc/s6-rc/core/up \ - etc/s6-rc/kvm/timeout-up \ - etc/s6-rc/kvm/type \ - etc/s6-rc/kvm/up \ - etc/s6-rc/mdevd-coldplug/dependencies \ - etc/s6-rc/mdevd-coldplug/type \ - etc/s6-rc/mdevd-coldplug/up \ - etc/s6-rc/mdevd/notification-fd \ - etc/s6-rc/mdevd/run \ - etc/s6-rc/mdevd/type \ etc/s6-rc/ok-all/contents \ etc/s6-rc/ok-all/type \ - etc/s6-rc/static-nodes/type \ - etc/s6-rc/static-nodes/up \ - etc/s6-rc/sys-vmms/dependencies \ etc/s6-rc/sys-vmms/type \ etc/s6-rc/sys-vmms/up \ - etc/s6-rc/vm-env/contents \ - etc/s6-rc/vm-env/type \ - etc/s6-rc/vmm-env/contents \ - etc/s6-rc/vmm-env/type \ - etc/s6-rc/weston/dependencies \ etc/s6-rc/weston/notification-fd \ - etc/s6-rc/weston/type \ - etc/s6-rc/weston/run + etc/s6-rc/weston/run \ + etc/s6-rc/weston/type # s6-rc-compile's input is a directory, but that doesn't play nice # with Make, because it won't know to update if some file in the @@ -224,7 +203,7 @@ run: build/live.img $(EXT_FS) build/rootfs.verity.roothash -device virtconsole,chardev=virtiocon0 \ -drive file=build/live.img,if=virtio,format=raw,readonly=on \ -drive file=/proc/self/fd/3,if=virtio,format=raw \ - -append "console=hvc0 roothash=$$(< build/rootfs.verity.roothash) intel_iommu=on nokaslr" \ + -append "console=hvc0 systemd.verity=no roothash=$$(< build/rootfs.verity.roothash) intel_iommu=on nokaslr systemd.verity=no" \ -device virtio-keyboard \ -device virtio-mouse \ -device virtio-gpu \ diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index f0f0214e5694afd42dc8a079e393fdf40cc0b188..539312df9fedd07184fb3599b32de9007d4722ef 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -3,100 +3,36 @@ # SPDX-FileCopyrightText: 2022 Unikie import ../../lib/call-package.nix ( -{ callSpectrumPackage, lseek, src, pkgsMusl, pkgsStatic, linux_latest }: +{ callSpectrumPackage, lseek, src, pkgsMusl, pkgsStatic, pkgs, linux_latest }: pkgsStatic.callPackage ( { spectrum-host-tools , lib, stdenvNoCC, nixos, runCommand, writeClosure, erofs-utils, s6-rc -, bcachefs-tools, busybox, cloud-hypervisor, cryptsetup, dbus, execline -, inkscape, iproute2, inotify-tools, jq, kmod, less, mdevd, s6, s6-linux-init -, socat, util-linuxMinimal, virtiofsd, xorg, xdg-desktop-portal-spectrum-host +, bcachefs-tools, busybox, cloud-hypervisor, cryptsetup, execline, inkscape +, iproute2, inotify-tools, jq, kmod, less, s6, s6-linux-init, socat +, virtiofsd, xorg, xdg-desktop-portal-spectrum-host, shadow +}: +pkgs.callPackage ( +{ cosmic-files, crosvm, dbus, dejavu_fonts, foot +, glibcLocales, linux-pam, mesa, systemd, util-linux +, westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk }: let inherit (nixosAllHardware.config.hardware) firmware; inherit (lib) - concatMapStringsSep concatStrings escapeShellArgs fileset optionalAttrs - mapAttrsToList systems trivial; - - pkgsGui = pkgsMusl.extend ( - final: super: - (optionalAttrs (systems.equals pkgsMusl.stdenv.hostPlatform super.stdenv.hostPlatform) { - flatpak = super.flatpak.override { - withMalcontent = false; - }; - - libgudev = super.libgudev.overrideAttrs ({ ... }: { - # Tests use umockdev, which is not compatible with libudev-zero. - doCheck = false; - }); - - qt6 = super.qt6.overrideScope (_: prev: { - qttranslations = prev.qttranslations.override { - qttools = prev.qttools.override { - qtbase = prev.qtbase.override { - qttranslations = null; - systemdSupport = false; - }; - qtdeclarative = null; - }; - }; - - qtbase = prev.qtbase.override { - systemdSupport = false; - }; - }); - - systemd = super.systemd.overrideAttrs ({ meta ? { }, ... }: { - meta = meta // { - platforms = [ ]; - }; - }); - - upower = super.upower.override { - # Not ideal, but it's the best way to get rid of an installed - # test that needs umockdev. - withIntrospection = false; - }; - - udev = final.libudev-zero; - - weston = super.weston.overrideAttrs ({ mesonFlags ? [], ... }: { - mesonFlags = mesonFlags ++ [ - "-Dsystemd=false" - ]; - }); - - xdg-desktop-portal = (super.xdg-desktop-portal.override { - enableSystemd = false; - }).overrideAttrs ({ ... }: { - # Tests use umockdev. - doCheck = false; - }); - }) - ); - - foot = pkgsGui.foot.override { allowPgo = false; }; + concatMapStringsSep concatStrings escapeShellArgs fileset + mapAttrsToList trivial escapeShellArg; - packages = [ - bcachefs-tools cloud-hypervisor dbus execline inotify-tools - iproute2 jq kmod less mdevd s6 s6-linux-init s6-rc socat - spectrum-host-tools virtiofsd xdg-desktop-portal-spectrum-host - - (cryptsetup.override { - programs = { - cryptsetup = false; - cryptsetup-reencrypt = false; - integritysetup = false; - }; - }) - - (busybox.override { + spectrum_busybox = + busybox.override { + # avoid conflicting with util-linux login extraConfig = '' CONFIG_ACPID n CONFIG_ARP n CONFIG_ARPING n CONFIG_BEEP n + CONFIG_BLKDISCARD n CONFIG_BOOTCHARTD n CONFIG_BRCTL n CONFIG_CAL n @@ -130,6 +66,7 @@ let CONFIG_FTPD n CONFIG_FTPGET n CONFIG_FTPPUT n + CONFIG_HALT n CONFIG_HTTPD n CONFIG_I2CDETECT n CONFIG_I2CDUMP n @@ -182,7 +119,9 @@ let CONFIG_PING n CONFIG_PING6 n CONFIG_POPMAILDIR n + CONFIG_POWEROFF n CONFIG_PSCAN n + CONFIG_REBOOT n CONFIG_REFORMMIME n CONFIG_RMMOD n CONFIG_ROUTE n @@ -191,6 +130,7 @@ let CONFIG_SENDMAIL n CONFIG_SETARCH n CONFIG_SHELL_HUSH n + CONFIG_SHUTDOWN n CONFIG_SLATTACH n CONFIG_SSL_CLIENT n CONFIG_START_STOP_DAEMON n @@ -226,8 +166,20 @@ let CONFIG_WHOIS n CONFIG_ZCIP n ''; + }; + + packages = [ + bcachefs-tools cloud-hypervisor cosmic-files crosvm execline + foot inotify-tools iproute2 jq kmod less s6 s6-linux-init s6-rc + socat spectrum-host-tools virtiofsd xdg-desktop-portal-spectrum-host + (cryptsetup.override { + programs = { + cryptsetup = false; + cryptsetup-reencrypt = false; + integritysetup = false; + }; }) - ] ++ (with pkgsGui; [ cosmic-files crosvm foot ]); + ]; nixosAllHardware = nixos ({ modulesPath, ... }: { imports = [ (modulesPath + "/profiles/all-hardware.nix") ]; @@ -243,8 +195,9 @@ let # Packages that should be fully linked into /usr, # (not just their bin/* files). usrPackages = [ - appvm kernel firmware netvm - ] ++ (with pkgsGui; [ mesa dejavu_fonts westonLite ]); + appvm dbus dejavu_fonts firmware kernel mesa + netvm systemd util-linux westonLite + ]; appvms = { appvm-firefox = callSpectrumPackage ../../vm/app/firefox.nix {}; @@ -254,38 +207,107 @@ let packagesSysroot = runCommand "packages-sysroot" { depsBuildBuild = [ inkscape ]; - nativeBuildInputs = [ xorg.lndir ]; + buildInputs = [ linux-pam shadow ]; + nativeBuildInputs = [ xorg.lndir systemd ]; } '' set -eu - mkdir -p $out/usr/bin $out/usr/share/dbus-1/services \ - $out/usr/share/icons/hicolor/20x20/apps + mkdir -p "$out/usr/bin" "$out/etc/dbus-1/services" \ + "$out/usr/share/icons/hicolor/20x20/apps" \ + "$out/etc/systemd/system.conf.d" "$out/usr/lib" + ln -s -- usr/lib "$out/lib" + ln -s -- usr/bin "$out/sbin" + ln -s -- usr/bin "$out/bin" + ln -s -- bin "$out/usr/sbin" + # NixOS patches systemd to not support units under /usr/lib or /lib. + # Work around this. + ln -s -- ../../etc/systemd "$out/usr/lib/systemd" + # Same with D-Bus + ln -s -- ../../etc/dbus-1 "$out/usr/share/dbus-1" + # Dump anything in etc to /etc not /usr/etc + ln -s -- ../etc "$out/usr/etc" + # systemd puts stuff in a weird place + ln -s -- ../etc "$out/usr/example" # Weston doesn't support SVG icons. inkscape -w 20 -h 20 \ -o $out/usr/share/icons/hicolor/20x20/apps/com.system76.CosmicFiles.png \ - ${pkgsGui.cosmic-files}/share/icons/hicolor/24x24/apps/com.system76.CosmicFiles.svg + ${escapeShellArg cosmic-files}/share/icons/hicolor/24x24/apps/com.system76.CosmicFiles.svg - ln -st $out/usr/bin \ - ${concatMapStringsSep " " (p: "${p}/bin/*") packages} \ - ${pkgsGui.xdg-desktop-portal}/libexec/xdg-document-portal \ - ${pkgsGui.xdg-desktop-portal-gtk}/libexec/xdg-desktop-portal-gtk - ln -st $out/usr/share/dbus-1 \ - ${dbus}/share/dbus-1/session.conf - ln -st $out/usr/share/dbus-1/services \ - ${pkgsGui.xdg-desktop-portal-gtk}/share/dbus-1/services/org.freedesktop.impl.portal.desktop.gtk.service + ln -st "$out/usr/bin" -- \ + ${concatMapStringsSep " " (p: "${escapeShellArg p}/bin/*") packages} \ + ${escapeShellArg xdg-desktop-portal}/libexec/xdg-document-portal \ + ${escapeShellArg xdg-desktop-portal-gtk}/libexec/xdg-desktop-portal-gtk + ln -st "$out/usr/share/dbus-1" -- \ + ${escapeShellArg dbus}/share/dbus-1/session.conf + ln -st "$out/usr/share/dbus-1/services" -- \ + ${escapeShellArg xdg-desktop-portal-gtk}/share/dbus-1/services/org.freedesktop.impl.portal.desktop.gtk.service for pkg in ${escapeShellArgs usrPackages}; do - lndir -ignorelinks -silent "$pkg" "$out/usr" + # Populate /usr. + lndir -silent "$pkg" "$out/usr/" + # lndir does not follow symlinks in the target directory unless + # the symlink is on the command line and followed by /, so for + # each symlink there it is necessary to run lndir again. + for subdir in example share/dbus-1 lib/systemd etc; do + if [ -d "$pkg/$subdir" ]; then + lndir -silent "$pkg/$subdir" "$out/usr/$subdir" + fi + done done + # Do not link Busybox stuff that is already installed + for file in ${escapeShellArg spectrum_busybox}/bin/*; do + output_file=$out/usr/bin/''${file##*/} + if [ ! -e "$output_file" ]; then + ln -s -- "$file" "$output_file" + fi + done + + # Clean up some unneeded stuff + rm -- "$out/usr/etc" "$out/usr/lib/systemd" "$out/usr/share/dbus-1" "$out/usr/example" "$out"/usr/lib/*.so* + + # Move udev rules + mv -- "$out/usr/lib/udev/rules.d" "$out/etc/udev" + + # Tell glibc where the locale archive is + locale_archive=${escapeShellArg glibcLocales} + case $locale_archive in + (*[!0-9A-Za-z._/-]*) echo "Bad locale archive path?" >&2; exit 1;; + (/*) :;; + (*) echo "Locale archive not absolute?" >&2; exit 1;; + esac + printf '[Manager] +DefaultEnvironment=LOCALE_ARCHIVE=%s PATH=/usr/bin +' "$locale_archive" > "$out/etc/systemd/system.conf.d/zspectrum-locale.conf" + + # Fix the D-Bus config files so they don't include themselves + for scope in system session; do + sed -i -- "/\/etc\/dbus-1\/$scope\.conf/d" "$out/etc/dbus-1/$scope.conf" + done + + # switch_root (used by initramfs) expects init to be at /etc/init, + # but that just mounts /etc as a writable overlayfs and then executes + # /sbin/init. + ln -sf -- ../../${escapeShellArg systemd}/lib/systemd/systemd "$out/usr/bin/init" + + # install PAM stuff where it can be found + ln -sf -- ../../../${escapeShellArg systemd}/lib/security/pam_systemd.so "$out/usr/lib/security/" + ${concatStrings (mapAttrsToList (name: path: '' - ln -s ${path} $out/usr/lib/spectrum/vm/${name} + ln -s -- ${escapeShellArg path} "$out"/usr/lib/spectrum/vm/${escapeShellArg name} '') appvms)} - # TODO: this is a hack and we should just build the util-linux - # programs we want. - # https://lore.kernel.org/util-linux/87zgrl6ufb.fsf@alyssa.is/ - ln -s ${util-linuxMinimal}/bin/{findfs,uuidgen,lsblk,mount} $out/usr/bin + # Set up users and groups + systemd-sysusers --root "$out" + + # Fix up PAM config + mkdir "$out/etc/pam.d.tmp" + for i in "$out"/etc/pam.d/*; do sed 's|pam_systemd|${systemd}/lib/security/&|g' < "$i" > "''${i%/*}.tmp/''${i##*/}"; done + rm -rf "$out/etc/pam.d" + mv "$out/etc/pam.d.tmp" "$out/etc/pam.d" + + # scripts/make-erofs will re-add this + rm -f "$out/usr/sbin" "$out/sbin" "$out/bin" "$out/lib" ''; in @@ -302,7 +324,7 @@ stdenvNoCC.mkDerivation { }; sourceRoot = "source/host/rootfs"; - nativeBuildInputs = [ erofs-utils lseek s6-rc ]; + nativeBuildInputs = [ erofs-utils lseek s6-rc systemd ]; env = { PACKAGES = runCommand "packages" {} '' @@ -322,7 +344,7 @@ stdenvNoCC.mkDerivation { unsafeDiscardReferences = { out = true; }; passthru = { - inherit appvm firmware kernel nixosAllHardware packagesSysroot pkgsGui; + inherit appvm firmware kernel nixosAllHardware packagesSysroot systemd; }; meta = with lib; { @@ -330,4 +352,4 @@ stdenvNoCC.mkDerivation { platforms = platforms.linux; }; } -) {}) (_: {}) +) {}) {}) (_: {}) diff --git a/host/rootfs/etc/group b/host/rootfs/etc/group deleted file mode 100644 index 18acc30a0e8317d3698f1b9b3cb1073c63e2e2d1..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/group +++ /dev/null @@ -1 +0,0 @@ -root:x:0:root diff --git a/host/rootfs/etc/init b/host/rootfs/etc/init index 4085fa55545e7309004967e443e47fc2b82b0663..ca4c74b62427ed5dd7a085a187f71f851fe8345e 100755 --- a/host/rootfs/etc/init +++ b/host/rootfs/etc/init @@ -1,5 +1,11 @@ #!/bin/execlineb -s0 # SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> -/bin/s6-linux-init -c /etc/s6-linux-init -s /run/param -- $@ +# Make /etc and /var writable to keep systemd happy +if { mount -t tmpfs -o defaults,mode=0700 -- tmpfs /run } +if { mkdir -m 0700 /run/etc-upper /run/etc-work /run/var-upper /run/var-work } +if { mount -t overlay -o lowerdir=/etc,upperdir=/run/etc-upper,workdir=/run/etc-work,metacopy=on,volatile,index=on,redirect_dir=on,nosuid,nodev,X-mount.mode=0755 -- overlay /etc } +if { mount -t overlay -o lowerdir=/var,upperdir=/run/var-upper,workdir=/run/var-work,metacopy=on,volatile,index=on,redirect_dir=on,nosuid,nodev,X-mount.mode=0755 -- overlay /var } +if { umount /run } +/sbin/init $@ diff --git a/host/rootfs/etc/machine-id b/host/rootfs/etc/machine-id new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/host/rootfs/etc/mdev.conf b/host/rootfs/etc/mdev.conf deleted file mode 100644 index bddcfdc44ec2a8b1aa95e84cb88fdde625c766d8..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/mdev.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021-2022, 2024 Alyssa Ross <hi@alyssa.is> - -$PCI_CLASS=^2....$ 0:0 660 +/etc/mdev/net/add --$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS -kvm 0:0 660 +background { /etc/mdev/listen kvm } -dri/card0 0:0 660 +background { /etc/mdev/listen card0 } diff --git a/host/rootfs/etc/mdev/listen b/host/rootfs/etc/mdev/listen deleted file mode 100755 index ab50ee8c5ed1139d1129bac56afa7263af150745..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/mdev/listen +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/execlineb -S1 -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> - -foreground { - redirfd -w 2 /dev/null - mkfifo /run/wait/${1} -} - -redirfd -w 1 /run/wait/${1} -echo diff --git a/host/rootfs/etc/mdev/wait b/host/rootfs/etc/mdev/wait deleted file mode 100755 index 6bddb303d2671ce4e5b8581cd81235d7404916e7..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/mdev/wait +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/execlineb -S1 -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> - -foreground { - redirfd -w 2 /dev/null - mkfifo /run/wait/${1} -} - -foreground { - redirfd -w 1 /dev/null - head -1 /run/wait/${1} -} -rm /run/wait/${1} diff --git a/host/rootfs/etc/pam.d/login b/host/rootfs/etc/pam.d/login new file mode 100644 index 0000000000000000000000000000000000000000..771fd0cbc00796577d17f65724eacf1f1eb43360 --- /dev/null +++ b/host/rootfs/etc/pam.d/login @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +auth required pam_permit.so +account required pam_permit.so +password required pam_permit.so +session required pam_loginuid.so +session required pam_keyinit.so force revoke +session required pam_namespace.so +session required /usr/lib/security/pam_systemd.so diff --git a/host/rootfs/etc/passwd b/host/rootfs/etc/passwd deleted file mode 100644 index 29f3b2524da3e6f48a241e08767d6b00b70e0e05..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/passwd +++ /dev/null @@ -1 +0,0 @@ -root:x:0:0:System administrator:/:/bin/sh diff --git a/host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY b/host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY deleted file mode 100644 index 5ff1a40978dabd364fa0adfd2f24396b7d41fb95..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY +++ /dev/null @@ -1 +0,0 @@ -wayland-1 diff --git a/host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY.license b/host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY.license deleted file mode 100644 index 555b5d4f0536d68d18108d4c8e8a16fccd09335e..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is> -SPDX-License-Identifier: CC0-1.0 diff --git a/host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR b/host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR deleted file mode 100644 index 70a6671782bf3f94b79f7af3989de19307bf7fd2..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR +++ /dev/null @@ -1 +0,0 @@ -/run/user/0 diff --git a/host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR.license b/host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR.license deleted file mode 100644 index 555b5d4f0536d68d18108d4c8e8a16fccd09335e..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is> -SPDX-License-Identifier: CC0-1.0 diff --git a/host/rootfs/etc/s6-linux-init/run-image/opengl-driver b/host/rootfs/etc/s6-linux-init/run-image/opengl-driver deleted file mode 120000 index e25db584b91486de5db5f56a271923324202d338..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/opengl-driver +++ /dev/null @@ -1 +0,0 @@ -/usr \ No newline at end of file diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty1/run b/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty1/run deleted file mode 100755 index 1ce0766c79b4afc038fbf3ea9bb777046226498b..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty1/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is> - -getty -i -n -l /etc/login 0 tty1 linux diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty2/run b/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty2/run deleted file mode 100755 index e619191005a47ddb8bf0ef68d304d8cf045d717a..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty2/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is> - -getty -i -n -l /etc/login 0 tty2 linux diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty3/run b/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty3/run deleted file mode 100755 index e3e0634ed011f4033b8546214b230c569458271b..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty3/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is> - -getty -i -n -l /etc/login 0 tty3 linux diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty4/run b/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty4/run deleted file mode 100755 index 9e1d46d2df934123e0469beddb218ee3fe90c6bc..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/getty-tty4/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is> - -getty -i -n -l /etc/login 0 tty4 linux diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/run b/host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/run deleted file mode 100755 index 8cc08c4c1932da13372778d0ebddfe2d75b1fab5..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/run +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: ISC -# SPDX-FileCopyrightText: Copyright (c) 2015-2024 Laurent Bercot <ska-skaware@skarnet.org> - -redirfd -rnb 0 fifo -s6-log -bpd3 -- T /run/log diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty-generator/run b/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty-generator/run deleted file mode 100755 index 8c1e2afab65c29cb2f067f9b5fd7e72f0e1404c0..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty-generator/run +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is> - -piperw 3 4 -background { - fdclose 3 - fdmove 2 4 - inotifywait -e MODIFY /sys/class/tty/console/active -} -fdclose 4 -importas -i inotifywait_pid ! - -foreground { - if { fdmove 0 3 grep -qx "Watches established." } - background { fdmove 0 3 cat } - fdclose 3 - - # Wait until inotifywait is ready before updating serial gettys, - # so that changes won't be missed in between updating and starting - # inotifywait. - pipeline { s6-instance-list /run/service/serial-getty } - pipeline { sort } - fdmove -c 3 0 - - redirfd -r 0 /sys/class/tty/console/active - pipeline { tr " " "\n" } - pipeline { sort } - - pipeline { comm -3 - /proc/self/fd/3 } - forstdin -Ep line - case -N $line { - " ?tty[0-9]*" { } - " (.*)" { - importas -i tty 1 - s6-instance-delete /run/service/serial-getty $tty - } - } - s6-instance-create /run/service/serial-getty $line -} - -# Block until the active consoles change, then let s6 restart us. -wait -- $inotifywait_pid diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/template/run b/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/template/run deleted file mode 100755 index da46511e8a28ecdbda0de762a19d6cf2f38a22a7..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/template/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -S1 -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021, 2024 Alyssa Ross <hi@alyssa.is> - -getty -i -n -l /etc/login 0,115200,57600,38400,9600 $1 dumb diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/run b/host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/run deleted file mode 120000 index 6ff40094aa953117466ab684c61d148a682d75c2..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/run +++ /dev/null @@ -1 +0,0 @@ -/bin/run-vmm \ No newline at end of file diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/notification-fd.license b/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/notification-fd.license deleted file mode 100644 index a941ca495a4211cf6659eda03b30f83c02985fe6..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/notification-fd.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/run b/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/run deleted file mode 100755 index 90417881eb43052aa5ea0afa3010706fb6f25a91..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is> - -s6-svscan -d3 instance diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/notification-fd b/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/notification-fd deleted file mode 100644 index 00750edc07d6415dcc07ae0351e9397b0222b7ba..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/notification-fd +++ /dev/null @@ -1 +0,0 @@ -3 diff --git a/host/rootfs/etc/s6-linux-init/scripts/rc.init b/host/rootfs/etc/s6-linux-init/scripts/rc.init deleted file mode 100755 index b06a4ab7518f0af204475c41ee77ea5f8d657718..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-linux-init/scripts/rc.init +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2022, 2024 Alyssa Ross <hi@alyssa.is> - -if { s6-rc-init /run/service } - -if { mount --make-shared /run } -if { mount -a --mkdir } - -s6-rc change ok-all diff --git a/host/rootfs/etc/s6-rc/card0/type b/host/rootfs/etc/s6-rc/card0/type deleted file mode 100644 index bdd22a1850ae6c03a414eeb8084998679a2cdf92..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/card0/type +++ /dev/null @@ -1 +0,0 @@ -oneshot diff --git a/host/rootfs/etc/s6-rc/card0/type.license b/host/rootfs/etc/s6-rc/card0/type.license deleted file mode 100644 index c49c11b66262c7edc57ac06a486c1166d867c31d..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/card0/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/card0/up b/host/rootfs/etc/s6-rc/card0/up deleted file mode 100644 index 703562e5442aea45198350afe86a8f38c11ed072..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/card0/up +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> - -/etc/mdev/wait card0 diff --git a/host/rootfs/etc/s6-rc/core/type b/host/rootfs/etc/s6-rc/core/type deleted file mode 100644 index bdd22a1850ae6c03a414eeb8084998679a2cdf92..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/core/type +++ /dev/null @@ -1 +0,0 @@ -oneshot diff --git a/host/rootfs/etc/s6-rc/core/type.license b/host/rootfs/etc/s6-rc/core/type.license deleted file mode 100644 index 5a4063310c3d22dbf59b30792e8e6f55a57ec9c0..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/core/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/kvm/timeout-up b/host/rootfs/etc/s6-rc/kvm/timeout-up deleted file mode 100644 index c5da56ae490a8ab35074fdcb6644a0dbbd280e3b..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/kvm/timeout-up +++ /dev/null @@ -1 +0,0 @@ -40000 diff --git a/host/rootfs/etc/s6-rc/kvm/timeout-up.license b/host/rootfs/etc/s6-rc/kvm/timeout-up.license deleted file mode 100644 index d705e974a864074490588104a24a9ea789141572..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/kvm/timeout-up.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/kvm/type b/host/rootfs/etc/s6-rc/kvm/type deleted file mode 100644 index bdd22a1850ae6c03a414eeb8084998679a2cdf92..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/kvm/type +++ /dev/null @@ -1 +0,0 @@ -oneshot diff --git a/host/rootfs/etc/s6-rc/kvm/type.license b/host/rootfs/etc/s6-rc/kvm/type.license deleted file mode 100644 index a941ca495a4211cf6659eda03b30f83c02985fe6..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/kvm/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/kvm/up b/host/rootfs/etc/s6-rc/kvm/up deleted file mode 100644 index c02e3f90245e005b98b4de8245a1863fb49c1158..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/kvm/up +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is> - -/etc/mdev/wait kvm diff --git a/host/rootfs/etc/s6-rc/mdevd-coldplug/dependencies b/host/rootfs/etc/s6-rc/mdevd-coldplug/dependencies deleted file mode 100644 index 59b02b7356ea0d88ac446cea74791a9cd3303de4..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd-coldplug/dependencies +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: CC0-1.0 -# SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is> -# -mdevd diff --git a/host/rootfs/etc/s6-rc/mdevd-coldplug/type b/host/rootfs/etc/s6-rc/mdevd-coldplug/type deleted file mode 100644 index bdd22a1850ae6c03a414eeb8084998679a2cdf92..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd-coldplug/type +++ /dev/null @@ -1 +0,0 @@ -oneshot diff --git a/host/rootfs/etc/s6-rc/mdevd-coldplug/type.license b/host/rootfs/etc/s6-rc/mdevd-coldplug/type.license deleted file mode 100644 index 2b3b032142b7286bd317cf0abaa44fba3a9b8941..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd-coldplug/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/mdevd-coldplug/up b/host/rootfs/etc/s6-rc/mdevd-coldplug/up deleted file mode 100644 index 8698f7d7988a017786fb91a584eafbfb23b3165d..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd-coldplug/up +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is> - -mdevd-coldplug diff --git a/host/rootfs/etc/s6-rc/mdevd/notification-fd b/host/rootfs/etc/s6-rc/mdevd/notification-fd deleted file mode 100644 index 00750edc07d6415dcc07ae0351e9397b0222b7ba..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd/notification-fd +++ /dev/null @@ -1 +0,0 @@ -3 diff --git a/host/rootfs/etc/s6-rc/mdevd/notification-fd.license b/host/rootfs/etc/s6-rc/mdevd/notification-fd.license deleted file mode 100644 index 2b3b032142b7286bd317cf0abaa44fba3a9b8941..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd/notification-fd.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/mdevd/run b/host/rootfs/etc/s6-rc/mdevd/run deleted file mode 100644 index 55899bbe674426e4591e866a4d0617361ba34305..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/execlineb -P -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2022 Alyssa Ross <hi@alyssa.is> - -mdevd -D3 -O4 -b134217728 diff --git a/host/rootfs/etc/s6-rc/mdevd/type b/host/rootfs/etc/s6-rc/mdevd/type deleted file mode 100644 index 5883cff0cd1514b2836f4ffa39fdac769a5213cb..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd/type +++ /dev/null @@ -1 +0,0 @@ -longrun diff --git a/host/rootfs/etc/s6-rc/mdevd/type.license b/host/rootfs/etc/s6-rc/mdevd/type.license deleted file mode 100644 index 2b3b032142b7286bd317cf0abaa44fba3a9b8941..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/mdevd/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/ok-all/contents b/host/rootfs/etc/s6-rc/ok-all/contents index 9f8b0ed66ceedd591ed2f1a7e164d9abcc54cc53..f326ba25a545e5f235a65267c8a60f43f457cf1c 100644 --- a/host/rootfs/etc/s6-rc/ok-all/contents +++ b/host/rootfs/etc/s6-rc/ok-all/contents @@ -1,6 +1,5 @@ # SPDX-License-Identifier: CC0-1.0 # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> # -mdevd-coldplug sys-vmms -vm-env +weston diff --git a/host/rootfs/etc/s6-rc/static-nodes/type b/host/rootfs/etc/s6-rc/static-nodes/type deleted file mode 100644 index bdd22a1850ae6c03a414eeb8084998679a2cdf92..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/static-nodes/type +++ /dev/null @@ -1 +0,0 @@ -oneshot diff --git a/host/rootfs/etc/s6-rc/static-nodes/type.license b/host/rootfs/etc/s6-rc/static-nodes/type.license deleted file mode 100644 index c49c11b66262c7edc57ac06a486c1166d867c31d..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/static-nodes/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/static-nodes/up b/host/rootfs/etc/s6-rc/static-nodes/up deleted file mode 100644 index af908bb45a8e1076b3280d111a015b2b377e0014..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/static-nodes/up +++ /dev/null @@ -1,26 +0,0 @@ -# SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> - -pipeline { - elglob modules_devname /lib/modules/*/modules.devname - /etc/parse-devname $modules_devname -} - -cd /dev -forstdin -p line - -foreground { - backtick -E dirname { - backtick -E path { - importas -Si line - heredoc 0 $line - cut -d " " -f 1 - } - dirname $path - } - redirfd -w 2 /dev/null - mkdir $dirname -} - -importas -siu args line -mknod -- $args diff --git a/host/rootfs/etc/s6-rc/sys-vmms/dependencies b/host/rootfs/etc/s6-rc/sys-vmms/dependencies deleted file mode 100644 index cdc42d5beaa12ff5dfbccf07dacf33a0e5bef9ce..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/sys-vmms/dependencies +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: CC0-1.0 -# SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is> -# -vmm-env diff --git a/host/rootfs/etc/s6-rc/vm-env/contents b/host/rootfs/etc/s6-rc/vm-env/contents deleted file mode 100644 index 580795b1b02bb7a8dff7f872723c678141d4bb70..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/vm-env/contents +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: CC0-1.0 -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> -# -static-nodes -weston diff --git a/host/rootfs/etc/s6-rc/vm-env/type b/host/rootfs/etc/s6-rc/vm-env/type deleted file mode 100644 index 757b4221150de4f42f66a900d4f745404d1065e6..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/vm-env/type +++ /dev/null @@ -1 +0,0 @@ -bundle diff --git a/host/rootfs/etc/s6-rc/vm-env/type.license b/host/rootfs/etc/s6-rc/vm-env/type.license deleted file mode 100644 index 5a4063310c3d22dbf59b30792e8e6f55a57ec9c0..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/vm-env/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/vmm-env/contents b/host/rootfs/etc/s6-rc/vmm-env/contents deleted file mode 100644 index ee1e3cfc39d1a6545bbefc3692782b9de6b3ade3..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/vmm-env/contents +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: CC0-1.0 -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> -# -core -kvm -static-nodes diff --git a/host/rootfs/etc/s6-rc/vmm-env/type b/host/rootfs/etc/s6-rc/vmm-env/type deleted file mode 100644 index 757b4221150de4f42f66a900d4f745404d1065e6..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/vmm-env/type +++ /dev/null @@ -1 +0,0 @@ -bundle diff --git a/host/rootfs/etc/s6-rc/vmm-env/type.license b/host/rootfs/etc/s6-rc/vmm-env/type.license deleted file mode 100644 index d705e974a864074490588104a24a9ea789141572..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/vmm-env/type.license +++ /dev/null @@ -1,2 +0,0 @@ -SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is> diff --git a/host/rootfs/etc/s6-rc/weston/dependencies b/host/rootfs/etc/s6-rc/weston/dependencies deleted file mode 100644 index 8470c0fabc5c85b2529ee26ad82d3910e95f23cb..0000000000000000000000000000000000000000 --- a/host/rootfs/etc/s6-rc/weston/dependencies +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: CC0-1.0 -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> -# -card0 diff --git a/host/rootfs/etc/s6-rc/weston/run b/host/rootfs/etc/s6-rc/weston/run index 9c04eba471e6db7093a9004fd3ed7cfb8365eaf7..f077ca7027e591845366d4ef8792a0cea3856198 100644 --- a/host/rootfs/etc/s6-rc/weston/run +++ b/host/rootfs/etc/s6-rc/weston/run @@ -3,11 +3,6 @@ # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> unexport WAYLAND_DISPLAY - -foreground { - umask 077 - mkdir /run/user/0 -} unexport ? backtick USER { id -un } diff --git a/host/rootfs/etc/security/namespace.conf b/host/rootfs/etc/security/namespace.conf new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/host/rootfs/etc/s6-rc/core/up b/host/rootfs/etc/sysctl.d/spectrum.conf similarity index 51% rename from host/rootfs/etc/s6-rc/core/up rename to host/rootfs/etc/sysctl.d/spectrum.conf index 0199ae7f00b6cfc2a11ea19413caf2b1af79297c..3f4a6b79cc1c8e376f22fa2a492d991d5b303cee 100644 --- a/host/rootfs/etc/s6-rc/core/up +++ b/host/rootfs/etc/sysctl.d/spectrum.conf @@ -1,5 +1,4 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> -redirfd -w 1 /proc/sys/kernel/core_pattern -echo "|/bin/socat VSOCK-CONNECT:2:1129271877 -" +kernel.core_pattern=|/bin/socat VSOCK-CONNECT:2:1129271877 - diff --git a/host/rootfs/etc/systemd/system-generators/systemd-veritysetup-generator b/host/rootfs/etc/systemd/system-generators/systemd-veritysetup-generator new file mode 120000 index 0000000000000000000000000000000000000000..dc1dc0cde0f7dff7b7f7c9347fff75936d705cb8 --- /dev/null +++ b/host/rootfs/etc/systemd/system-generators/systemd-veritysetup-generator @@ -0,0 +1 @@ +/dev/null \ No newline at end of file diff --git a/host/rootfs/etc/systemd/system.conf.d/zspectrum.conf b/host/rootfs/etc/systemd/system.conf.d/zspectrum.conf new file mode 100644 index 0000000000000000000000000000000000000000..441dcc6e17193f2d7683c7d11eae5478e6c15683 --- /dev/null +++ b/host/rootfs/etc/systemd/system.conf.d/zspectrum.conf @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +[Manager] +# Ensure that programs can be found iff +# they were deliberately installed by being listed +# in "packages" or "usrPackages" in host/rootfs/default.nix. +DefaultEnvironment=PATH=/usr/bin +# Spectrum OS's host does not use files that are +# setuid, setgid, or have file capabilities. +# This is equivalent to having all filesystems +# mounted with nosetuid. This may need to change +# once SELinux starts to be used, as there may be +# programs that need to perform operations that +# SELinux should not allow their callers to perform. +# However, such programs should really be launched +# by the all-powerful init process instead. +NoNewPrivileges=yes +# Spectrum OS's host has no need for any program +# to be able to make system calls with non-native +# architectures. +SystemCallArchitectures=native +# Spectrum OS's host does not need the ability +# to compromise the kernel. Kernel lockdown +# blocks this anyway. +CapabilityBoundingSet=~CAP_SYS_RAWIO diff --git a/host/rootfs/etc/systemd/system/-.slice b/host/rootfs/etc/systemd/system/-.slice new file mode 100644 index 0000000000000000000000000000000000000000..cbaf24f46c7d7e3d168880b212989c2c86592878 --- /dev/null +++ b/host/rootfs/etc/systemd/system/-.slice @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +[Slice] +IPAddressDeny=any +RestrictNetworkInterfaces= diff --git a/host/rootfs/etc/systemd/system/default.target.requires/s6-init-start.service b/host/rootfs/etc/systemd/system/default.target.requires/s6-init-start.service new file mode 120000 index 0000000000000000000000000000000000000000..37a22bcc38aa99c8b9a1018434fa7a64c3c4af47 --- /dev/null +++ b/host/rootfs/etc/systemd/system/default.target.requires/s6-init-start.service @@ -0,0 +1 @@ +../s6-init-start.service \ No newline at end of file diff --git a/host/rootfs/etc/systemd/system/graphical.target.requires/s6-init-start.service b/host/rootfs/etc/systemd/system/graphical.target.requires/s6-init-start.service new file mode 120000 index 0000000000000000000000000000000000000000..37a22bcc38aa99c8b9a1018434fa7a64c3c4af47 --- /dev/null +++ b/host/rootfs/etc/systemd/system/graphical.target.requires/s6-init-start.service @@ -0,0 +1 @@ +../s6-init-start.service \ No newline at end of file diff --git a/host/rootfs/etc/systemd/system/multi-user.target.requires/s6-init-start.service b/host/rootfs/etc/systemd/system/multi-user.target.requires/s6-init-start.service new file mode 120000 index 0000000000000000000000000000000000000000..37a22bcc38aa99c8b9a1018434fa7a64c3c4af47 --- /dev/null +++ b/host/rootfs/etc/systemd/system/multi-user.target.requires/s6-init-start.service @@ -0,0 +1 @@ +../s6-init-start.service \ No newline at end of file diff --git a/host/rootfs/etc/systemd/system/s6-init-start.service b/host/rootfs/etc/systemd/system/s6-init-start.service new file mode 100644 index 0000000000000000000000000000000000000000..1d1d3af142c272e654fc5be547b4f5eb6a00ca20 --- /dev/null +++ b/host/rootfs/etc/systemd/system/s6-init-start.service @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +[Unit] +Description=Start s6 services +# for /run/s6 and /run/service symlinks +Requires=systemd-tmpfiles-setup.service +After=systemd-tmpfiles-setup.service +# Sadly necessary +After=systemd-udev-settle.service + +[Service] +User=root +PAMName=login +Type=exec +PrivateIPC=yes +RuntimeDirectory=s6 +Environment=XDG_RUNTIME_DIR=/run/user/%U PATH=/usr/bin +KeyringMode=inherit +Slice=user-%U.slice +ExecStartPre=/usr/bin/cp -a /usr/share/spectrum/service %t/s6/ +ExecStartPre=/usr/bin/mkfifo %t/s6/sync-fifo +ExecStart=/usr/bin/redirfd -w 3 %t/s6/sync-fifo /usr/bin/s6-svscan -d 3 -- %t/s6/service +ExecStartPost=/bin/sh -c 'read < "$1"' - %t/s6/sync-fifo +ExecStartPost=/usr/bin/s6-rc-init -l %t/s6/rc -- %t/s6/service +ExecStartPost=/usr/bin/s6-rc -l %t/s6/rc change ok-all diff --git a/host/rootfs/etc/systemd/system/serial-getty@.service.d/90_force.conf b/host/rootfs/etc/systemd/system/serial-getty@.service.d/90_force.conf new file mode 100644 index 0000000000000000000000000000000000000000..481f4992cd7f039e49efbb4e602ad50f748b8213 --- /dev/null +++ b/host/rootfs/etc/systemd/system/serial-getty@.service.d/90_force.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +# Automatically log root in, but only on the hypervisor-controlled hv0 console. +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin root -o '-f -- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM} diff --git a/host/rootfs/etc/systemd/system/systemd-tmpfiles-setup.service.d/90_spectrum.conf b/host/rootfs/etc/systemd/system/systemd-tmpfiles-setup.service.d/90_spectrum.conf new file mode 100644 index 0000000000000000000000000000000000000000..d34704dfaf57c1f3b16f63e2386e64e3069d0e4f --- /dev/null +++ b/host/rootfs/etc/systemd/system/systemd-tmpfiles-setup.service.d/90_spectrum.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +[Service] +SuccessExitStatus= diff --git a/host/rootfs/etc/systemd/system/user@.service.d/99_spectrum-uid.conf b/host/rootfs/etc/systemd/system/user@.service.d/99_spectrum-uid.conf new file mode 100644 index 0000000000000000000000000000000000000000..1e36811e0dd15a9e62079476950e59fa3f28d0bc --- /dev/null +++ b/host/rootfs/etc/systemd/system/user@.service.d/99_spectrum-uid.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +[Service] +Environment=XDG_RUNTIME_DIR=/run/user/%U PATH=/usr/bin diff --git a/host/rootfs/etc/tmpfiles.d/99-spectrum.conf b/host/rootfs/etc/tmpfiles.d/99-spectrum.conf new file mode 100644 index 0000000000000000000000000000000000000000..e3f277fa86c2d4babf3f564b4aefe0af3e171967 --- /dev/null +++ b/host/rootfs/etc/tmpfiles.d/99-spectrum.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +d /run/vm 0700 +d /run/vm/by-id 0700 +d /run/vm/by-name 0700 +L /run/opengl-driver - - - - ../usr +L /run/service - - - - s6/service +L /run/s6-rc - - - - s6/rc diff --git a/host/rootfs/etc/udev/rules.d/99-spectrum-kvm.rules b/host/rootfs/etc/udev/rules.d/99-spectrum-kvm.rules new file mode 100644 index 0000000000000000000000000000000000000000..d4e697752c63a940471d87d37b2b1a143ea0e795 --- /dev/null +++ b/host/rootfs/etc/udev/rules.d/99-spectrum-kvm.rules @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +ACTION!="remove", KERNEL=="kvm", ENV{SYSTEMD_READY}="1", TAG+="systemd" +ACTION!="remove", ENV{PCI_CLASS}=="2????", RUN+="/etc/mdev/net/add" +# Taken from Arch wiki. Should fall under fair use (1 line) in US at least +# (due to being too small and the only reasonable way to do this), but is +# the reason for the GFDL license. +ACTION!="remove", SUBSYSTEM=="tty", ENV{ID_BUS}=="usb", TAG+="systemd", ENV{SYSTEMD_WANTS}+="serial-getty@$kernel.service" diff --git a/host/rootfs/shell.nix b/host/rootfs/shell.nix index 74209f2933adeec0f478bf886e1f180280bb254f..bcd0de5ebf6f44596a4bfcf23358a0ce030ab6e8 100644 --- a/host/rootfs/shell.nix +++ b/host/rootfs/shell.nix @@ -5,6 +5,7 @@ import ../../lib/call-package.nix ( { callSpectrumPackage, rootfs, pkgsStatic, srcOnly, stdenv , bcachefs-tools, cryptsetup, jq, netcat, qemu_kvm, reuse, util-linux +, dbus, crosvm }: rootfs.overrideAttrs ( @@ -12,7 +13,7 @@ rootfs.overrideAttrs ( { nativeBuildInputs = nativeBuildInputs ++ [ - bcachefs-tools cryptsetup jq netcat qemu_kvm reuse util-linux + bcachefs-tools cryptsetup jq netcat qemu_kvm reuse util-linux crosvm ]; env = env // { diff --git a/host/rootfs/usr/bin/run-appimage b/host/rootfs/usr/bin/run-appimage index c1938df01189c26f6c7ffd4c0010fabdc5fb3405..45d956c9129e73196b6d8a5c4779394e64e1b1f9 100755 --- a/host/rootfs/usr/bin/run-appimage +++ b/host/rootfs/usr/bin/run-appimage @@ -29,7 +29,7 @@ background { } fdclose 4 -foreground { run-vmm $id } +if { run-vmm $id } fdclose 3 if { diff --git a/host/rootfs/usr/bin/vm-start b/host/rootfs/usr/bin/vm-start index 67480e5215d8a8260ce3f03c67f71ba8f210c291..9725ef5ec549ff191606282a7b0ae56838f53f03 100755 --- a/host/rootfs/usr/bin/vm-start +++ b/host/rootfs/usr/bin/vm-start @@ -2,7 +2,7 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2022-2023, 2025 Alyssa Ross <hi@alyssa.is> -foreground { s6-rc -bu change vm-env } +foreground { s6-rc -bu change weston } foreground { redirfd -w 2 /dev/null diff --git a/host/rootfs/usr/lib/spectrum/s6-start b/host/rootfs/usr/lib/spectrum/s6-start new file mode 100755 index 0000000000000000000000000000000000000000..4085fa55545e7309004967e443e47fc2b82b0663 --- /dev/null +++ b/host/rootfs/usr/lib/spectrum/s6-start @@ -0,0 +1,5 @@ +#!/bin/execlineb -s0 +# SPDX-License-Identifier: EUPL-1.2+ +# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> + +/bin/s6-linux-init -c /etc/s6-linux-init -s /run/param -- $@ diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/notification-fd b/host/rootfs/usr/share/spectrum/service/dbus/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/dbus/notification-fd rename to host/rootfs/usr/share/spectrum/service/dbus/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/notification-fd.license b/host/rootfs/usr/share/spectrum/service/dbus/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/dbus/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/dbus/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/run b/host/rootfs/usr/share/spectrum/service/dbus/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/dbus/run rename to host/rootfs/usr/share/spectrum/service/dbus/run diff --git a/host/rootfs/usr/share/spectrum/service/dbus/template/log/run b/host/rootfs/usr/share/spectrum/service/dbus/template/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/dbus/template/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/notification-fd b/host/rootfs/usr/share/spectrum/service/dbus/template/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/notification-fd rename to host/rootfs/usr/share/spectrum/service/dbus/template/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/notification-fd.license b/host/rootfs/usr/share/spectrum/service/dbus/template/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/dbus/template/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/run b/host/rootfs/usr/share/spectrum/service/dbus/template/run similarity index 86% rename from host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/run rename to host/rootfs/usr/share/spectrum/service/dbus/template/run index 205563454c33177741059c15672b6d246450b9d9..4d67836c1cd8b37a35480211ec0304274a676fdf 100755 --- a/host/rootfs/etc/s6-linux-init/run-image/service/dbus/template/run +++ b/host/rootfs/usr/share/spectrum/service/dbus/template/run @@ -6,6 +6,6 @@ export VM /run/vm/by-id/${1} dbus-daemon - --config-file /usr/share/dbus-1/session.conf + --session --print-address 3 --address unix:path=/run/vm/by-id/${1}/portal-bus diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/notification-fd b/host/rootfs/usr/share/spectrum/service/s6-svscan-log/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/notification-fd rename to host/rootfs/usr/share/spectrum/service/s6-svscan-log/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/notification-fd.license b/host/rootfs/usr/share/spectrum/service/s6-svscan-log/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/s6-svscan-log/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/s6-svscan-log/notification-fd.license diff --git a/host/rootfs/usr/share/spectrum/service/s6-svscan-log/run b/host/rootfs/usr/share/spectrum/service/s6-svscan-log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/s6-svscan-log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/notification-fd b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/notification-fd rename to host/rootfs/usr/share/spectrum/service/vhost-user-fs/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/notification-fd.license b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/vhost-user-fs/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/run b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/serial-getty/run rename to host/rootfs/usr/share/spectrum/service/vhost-user-fs/run diff --git a/host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/log/run b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/notification-fd b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/notification-fd rename to host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/template/notification-fd.license b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/template/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/template/run b/host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/template/run rename to host/rootfs/usr/share/spectrum/service/vhost-user-fs/template/run diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/template/notification-fd b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/template/notification-fd rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/notification-fd.license b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/run b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-fs/run rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/run diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/data/check b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/data/check similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/data/check rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/data/check diff --git a/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/log/run b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/notification-fd b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/notification-fd rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/notification-fd.license b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/run b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/run rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/run diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/type b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/type similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/type rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/type diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/type.license b/host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/type.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/type.license rename to host/rootfs/usr/share/spectrum/service/vhost-user-gpu/template/type.license diff --git a/host/rootfs/usr/share/spectrum/service/vmm/log/run b/host/rootfs/usr/share/spectrum/service/vmm/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/vmm/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/notification-fd b/host/rootfs/usr/share/spectrum/service/vmm/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/template/notification-fd rename to host/rootfs/usr/share/spectrum/service/vmm/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/notification-fd.license b/host/rootfs/usr/share/spectrum/service/vmm/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/vmm/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/run b/host/rootfs/usr/share/spectrum/service/vmm/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vhost-user-gpu/run rename to host/rootfs/usr/share/spectrum/service/vmm/run diff --git a/host/rootfs/usr/share/spectrum/service/vmm/template/log/run b/host/rootfs/usr/share/spectrum/service/vmm/template/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/vmm/template/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/notification-fd b/host/rootfs/usr/share/spectrum/service/vmm/template/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vmm/notification-fd rename to host/rootfs/usr/share/spectrum/service/vmm/template/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/notification-fd.license b/host/rootfs/usr/share/spectrum/service/vmm/template/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vmm/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/vmm/template/notification-fd.license diff --git a/host/rootfs/usr/share/spectrum/service/vmm/template/run b/host/rootfs/usr/share/spectrum/service/vmm/template/run new file mode 120000 index 0000000000000000000000000000000000000000..f53dd347b0f4d7f8ab342d4b235db66bb73de6ff --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/vmm/template/run @@ -0,0 +1 @@ +/usr/bin/run-vmm \ No newline at end of file diff --git a/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/log/run b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/notification-fd b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/notification-fd rename to host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/notification-fd.license b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vmm/template/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/vmm/run b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/vmm/run rename to host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/run diff --git a/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/log/run b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/log/run new file mode 100755 index 0000000000000000000000000000000000000000..aa9fcefa20146b34f8f8bd4d35dbc8fc7de3fd1a --- /dev/null +++ b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/log/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: CC0-1.0 +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> +logger diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/notification-fd b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/notification-fd similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/notification-fd rename to host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/notification-fd diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/notification-fd.license b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/notification-fd.license similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/notification-fd.license rename to host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/notification-fd.license diff --git a/host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/run b/host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/run similarity index 100% rename from host/rootfs/etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/run rename to host/rootfs/usr/share/spectrum/service/xdg-desktop-portal-spectrum-host/template/run diff --git a/img/app/Makefile b/img/app/Makefile index da70c65cdcde69ae39a543b396e3c566d9e49943..2da954d4c6c13d051b94c923fffc2318e7904be7 100644 --- a/img/app/Makefile +++ b/img/app/Makefile @@ -84,7 +84,7 @@ build/rootfs.erofs: ../../scripts/make-erofs.sh $(PACKAGES_FILE) $(VM_FILES) $(V for file in $(VM_BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\ printf 'build/empty\n%s\n' $(VM_DIRS) ;\ printf 'build/fifo\n%s\n' $(VM_FIFOS) ;\ - ) | ../../scripts/make-erofs.sh $@ + ) | ../../scripts/make-erofs.sh s6 $@ VM_S6_RC_FILES = \ etc/s6-rc/app/dependencies.d/dbus \ diff --git a/release/checks/integration/networking.c b/release/checks/integration/networking.c index 92462d5118d6cb066c486bfc83903c28e3472e49..8f56525d57aa8bd5836f42979777991ecdd0a855 100644 --- a/release/checks/integration/networking.c +++ b/release/checks/integration/networking.c @@ -117,7 +117,7 @@ void test(struct config c) if (fputs("set -euxo pipefail && " "mkdir /run/mnt && " "mount \"$(findfs UUID=a7834806-2f82-4faf-8ac4-4f8fd8a474ca)\" /run/mnt && " - "s6-rc -bu change vmm-env && " + "s6-rc -bu change weston && " "vm-import user /run/mnt/vms && " "vm-start \"$(basename \"$(readlink /run/vm/by-name/user.nc)\")\" && " "tail -Fc +0 /run/log/current /run/*.log &\n", diff --git a/release/checks/integration/portal.c b/release/checks/integration/portal.c index b6380c1c38fa67f8c4d11f1c95a98eaa7feb3dcc..d8fcadb973ba12745a5eccc30f2f074337f51da4 100644 --- a/release/checks/integration/portal.c +++ b/release/checks/integration/portal.c @@ -13,7 +13,7 @@ void test(struct config c) "(tail -Fc +0 /run/log/current &) && " "mkdir /run/mnt && " "mount \"$(findfs UUID=a7834806-2f82-4faf-8ac4-4f8fd8a474ca)\" /run/mnt && " - "s6-rc -bu change vmm-env && " + "s6-rc -bu change weston && " "vm-import user /run/mnt/vms && " "(tail -Fc +0 /run/*.log &) && " "s6-svc -O /run/vm/by-name/user.portal/service && " diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh index 5196394d405310971659b0dbc0c91cfcaaaf9118..3417a35488ebf0455f36ef604b45d60a3abc312c 100755 --- a/scripts/make-erofs.sh +++ b/scripts/make-erofs.sh @@ -10,10 +10,14 @@ umask 0022 # for permissions ex_usage() { - echo "Usage: make-erofs.sh [options]... img < srcdest.txt" >&2 + echo "Usage: make-erofs.sh [s6|systemd] [options]... img < srcdest.txt" >&2 exit 1 } +case ${1-bad} in +(s6|systemd) init_type=$1; shift;; +(*) ex_usage;; +esac for img; do :; done if [ -z "${img-}" ]; then ex_usage @@ -124,12 +128,8 @@ chmod 0755 "$root" # directories for reading. mkdir -m 0400 "$root/dev" "$root/proc" "$root/run" "$root/sys" "$root/tmp" -# Cause s6-linux-init to create /run/lock and /run/user -# with the correct mode (0755) and create /home, -# /var/cache, /var/log, and /var/spool directly. +# Create /var/cache, /var/log, and /var/spool directly. mkdir -m 0755 \ - "$root/etc/s6-linux-init/run-image/lock" \ - "$root/etc/s6-linux-init/run-image/user" \ "$root/home" \ "$root/var/cache" \ "$root/var/log" \ @@ -138,9 +138,28 @@ mkdir -m 0755 \ # Create symbolic links that are always expected to exist. chmod 0755 "$root/usr" ln -s ../proc/self/mounts "$root/etc/mtab" +case $init_type in +(s6) + # Create /var/tmp for programs that use it. + ln -s ../tmp "$root/var/tmp" + # Cause s6-linux-init to create /run/lock and /run/user + # with the correct mode (0755). + mkdir -m 0755 \ + "$root/etc/s6-linux-init/run-image/lock" \ + "$root/etc/s6-linux-init/run-image/user" + ;; +(systemd) + # systemd expects /srv to exist + # and creates /var/tmp itself + mkdir -m 0755 "$root/srv" + ;; +(*) + echo 'internal error: bad init type' >&2 + exit 1 + ;; +esac ln -s ../run "$root/var/run" ln -s ../run/lock "$root/var/lock" -ln -s ../tmp "$root/var/tmp" ln -s bin "$root/usr/sbin" ln -s lib "$root/usr/lib64" ln -s usr/bin "$root/bin" diff --git a/vm/sys/net/Makefile b/vm/sys/net/Makefile index b94d27d193e419291c72832f4a351c4ff099c33e..d570bae91f030b3e5a89138d5059a650a74ff4df 100644 --- a/vm/sys/net/Makefile +++ b/vm/sys/net/Makefile @@ -53,7 +53,7 @@ build/rootfs.erofs: ../../../scripts/make-erofs.sh $(PACKAGES_FILE) $(VM_FILES) for file in $(VM_FILES); do printf '%s\n%s\n' $$file $$file; done ;\ for file in $(VM_BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\ printf 'build/empty\n%s\n' $(VM_DIRS) ;\ - ) | ../../../scripts/make-erofs.sh $@ + ) | ../../../scripts/make-erofs.sh s6 $@ VM_S6_RC_FILES = \ etc/s6-rc/connman/dependencies \ -- 2.51.0