Received: (at 77110-done) by debbugs.gnu.org; 27 Mar 2025 12:24:17 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 08:24:17 2025 Received: from localhost ([127.0.0.1]:47990 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1txmHQ-0001yB-Ic for submit <at> debbugs.gnu.org; Thu, 27 Mar 2025 08:24:17 -0400 Received: from mail-pl1-x634.google.com ([2607:f8b0:4864:20::634]:48586) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1txmHO-0001wj-1I for 77110-done <at> debbugs.gnu.org; Thu, 27 Mar 2025 08:24:14 -0400 Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-224019ad9edso23922665ad.1 for <77110-done <at> debbugs.gnu.org>; Thu, 27 Mar 2025 05:24:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743078247; x=1743683047; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=AXBjiRqSB9PDUqO6etNj7E7sB0NQNYdox3vTHk2ixwI=; b=VqaQ9IML6yA/lyusiAIz5NXHZ4VGZ+yaCpLIOgfK6g27wrEA1nWkwZhRBKdnxJ7l33 buwYG6/OqGtQHNWJj16vzSzVFFWCv4SKE0UanzmEu7hzy89AjS25W3qiRtxAKHhHql5D y2ikDHkqLp1cTYcAwtIZ9noS3TQNHHpFDD24rClAqZ0Ql3hNDfZdoyfFLcLe2ainVvZq 5vb+QuuW/1QPkFqbz9Lk2NdpqpoHcVfton1u4RArSD4gcQ0hOtYM9QcYBpa2HLj9WHZp LLlNY0P59z+cRuGvguHU73hgZirSKIvkv+fwSeqoRC+rndGkjic2ouye3zTQ55y2zluG OYxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743078247; x=1743683047; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=AXBjiRqSB9PDUqO6etNj7E7sB0NQNYdox3vTHk2ixwI=; b=UYhXxqAy+jPacAXK44EqZu9SbEnzZ/g1mJQnponeeNDzXiHZjLOF823cp8FvOjrKdH 2NODBLuK44voOCSMpMmOpqKy/3ZrATPWP4NS5F5QY/xT1aXMoxjFf8C35VZt/wTGREug flN3nopsxm9s4CX41hCtNGPtJoNY3o+KDe1TssN+FnRSG2GM0vaciH2QBUurEJeCloau Uz4Flz2mMtYV5Cxv+UMuQHUYo6hPv0ZuYFmqVXDV//pVofY0GT/X3HFkJ+xatiOyECuu A1VhT8Kpq9scwO+MYmZATZh24CK+lHpNNCp2Oxpr5hvX6DhhZZ4wcRYIWz1j3MA3sYth LQjQ== X-Forwarded-Encrypted: i=1; AJvYcCXFLje3pOpukagwBSbO9Mu9xyFdwHf+kLDG3EUzetWlHwQyciMwKddZG0WWHtOK3Z9zuGX9Y2z6iVso <at> debbugs.gnu.org X-Gm-Message-State: AOJu0YwLmn+fiFEwDq7EGfU6hbIA8zG4SWV0Dt+SN+07HBEJYt3FlXSF xZDpGsNSLRxuYjq+LLx91h5mvS55lUdzxVCD0U7L7CoMh+K0HA5rhAJ3UQ== X-Gm-Gg: ASbGncu27Rutatu7+jkFA5PCDM2Yw2CI6N8UH8MK8cUYRT9fJ4DgqrzJlG5TK0Ixt8E T1tDTcgkLUivO6QmMsCB5pZ4uBwDZZO/nymtskghE6HcTsDyZVJKtrZu2TAsWui9NBdF0AqxFkM Szk0iki9Hb5TeAsewSF5pO8IIkykhTy/6BHsdUidSDWmmDMeCBmOLYA9vvO0jynMHzwYFwDo7YO pNjx5+S8JxaJB5lsv/yUHpGpwfVk/VYRm41+nfbJUfx2UMCKX0zBxntf1HKaV9zVRnC4tyR0YYP FWfXP7U0nLghR9I1CGGIDCgWZM8+vWuZQgznJGMiB88= X-Google-Smtp-Source: AGHT+IE6ycSc4+2xInuITIbkRLbYx29lSaL9gWQFOj2txez19D4G7eDh78Blbq9gSA/zXREmCKbWNQ== X-Received: by 2002:a17:902:e550:b0:220:d078:eb33 with SMTP id d9443c01a7336-2280495a074mr50027785ad.36.1743078246861; Thu, 27 Mar 2025 05:24:06 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-227811bd195sm126910375ad.132.2025.03.27.05.24.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Mar 2025 05:24:06 -0700 (PDT) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Efraim Flashner <efraim@HIDDEN> Subject: Re: [bug#77110] [PATCH 1/2] gnu: ovmf-x86-64: Install QEMU firmware metadata file. In-Reply-To: <87ldszn504.fsf@HIDDEN> (Maxim Cournoyer's message of "Thu, 20 Mar 2025 23:36:27 +0900") References: <cover.1742368386.git.maxim.cournoyer@HIDDEN> <b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN> <Z9rcsovYB33unETT@3900XT> <87zfhgnqnx.fsf@HIDDEN> <Z9vzzZ9VC9ErVoMK@3900XT> <87ldszn504.fsf@HIDDEN> Date: Thu, 27 Mar 2025 21:23:50 +0900 Message-ID: <87o6xmwtk9.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77110-done Cc: Vagrant Cascadian <vagrant@HIDDEN>, 77110-done <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, I've now applied this series, thank you for reviewing it! -- Thanks, Maxim
Maxim Cournoyer <maxim.cournoyer@HIDDEN>:Maxim Cournoyer <maxim.cournoyer@HIDDEN>:Received: (at 77110) by debbugs.gnu.org; 20 Mar 2025 14:36:57 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 20 10:36:57 2025 Received: from localhost ([127.0.0.1]:58426 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tvH0y-0001pu-MG for submit <at> debbugs.gnu.org; Thu, 20 Mar 2025 10:36:57 -0400 Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]:61943) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1tvH0r-0001pW-7V for 77110 <at> debbugs.gnu.org; Thu, 20 Mar 2025 10:36:53 -0400 Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-2260c915749so11154025ad.3 for <77110 <at> debbugs.gnu.org>; Thu, 20 Mar 2025 07:36:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742481403; x=1743086203; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xgP29D05BcC7apoK5V0bIJEp6a2kXxoV1LDx0woGfYk=; b=A8JI3VP7YOwtQlmJKxdRpY9n8VCl7R0IhQSGJT4fQg0CmnVvfJovPSdcRvx1tObSVT 0M0CRjK2s1FpkYaV2yCpPFhKkLrSdmzkZveKu6Fg3zrreqLR0U2utzNT6nBLlYteaMBE DNHOj84s9RNbEoUVcHg7K9O8O9ynoeCtmU3GmLPOGhPIsjTfw0K7dLMr/XKUQLhNeoiT acKEE2w5EOM+EJ3wau8NokztWfXCMkInG/CwHU95RzVRjxSUOb6zEQbfY138VeTnohw1 j2tfzC3pHOQz4/VCswsYVQhi9Su2CpGBr7O8UifV4e0Nmf/2mKLxHO7TPr8MmyRJqW/P jcXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742481403; x=1743086203; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xgP29D05BcC7apoK5V0bIJEp6a2kXxoV1LDx0woGfYk=; b=FI7KM+x/p0s7gE+NvXxWlo3EgDIss/h0pfx7KUBo/qiBib/MgtMgrGfPNdPk8RySOk QoIdiaKgXBgVO+oUiS8yzny+vGCE8xPhGoCMU02gkHFzDD6m4WqJOTzkLXTVMc0d/CU7 7SuOqoYU/Zyel7QEPaOZCtPEdzq9ODjFjGjqHQVW09D53B0Tg9y5iRfyflyoiODBOQQ0 aTExrJdsyFUJLavLLjfWMVm8rjvOT/FVR02gbpN7GujoTOafPTTub6J79e6fsi/tmfWw UxzTz3LZ7eriQozL9hMcIE8yyXHPF13YOwNHuYbaV9KvjMOFkJcujWZ83JGHDc90tNsr 9zIg== X-Gm-Message-State: AOJu0YyJMr48QIvlZQTY35JSwx5YrFMd65oEg8KafGI6DDl4L4PWCxU2 4SULRau4HMkHaVee6e50+KINNmfPYFBHgq0dWVNk7rSWlfuZ1LEntUIXvDfEagg= X-Gm-Gg: ASbGncuzUSeRI4oij8GA9pPd2rGr1mPyMhPX5MprNU1wrhDC3oC7OH9YfXFgkI5qXdB 2Stdz7pWfxWa/9BoTS7vgr8YkdZOckEgtvqlFwgJwzR2BlOkSrE96X9/ziuegW4Vj67/pFxzCsL uredCu0DXhc+HUj806NG3DPbnHFau03JVmRKuQJm3Cgot+NnKl0ChvrunktWvoInYhe3RUayx3M jOcy5OOwZ4ZxrhKFEtRIww52MrGzmrau5dL8W5+D05fC3kK3TppFUu8jQhB3wJcdj5NlLAcqyvY 4GtvNWdLoOAyyZZaBucKV7t62XaXo4qOJ4NHI6YscAI= X-Google-Smtp-Source: AGHT+IE+J/tubh4PT9MoD++XwQzxWVLmxW1nxZnPjs1qDkKjqLEyPIibtZkp/ORN24bmf6MixOj84A== X-Received: by 2002:a05:6a21:1084:b0:1f5:862b:a583 with SMTP id adf61e73a8af0-1fd116ff3c3mr7079595637.34.1742481402504; Thu, 20 Mar 2025 07:36:42 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7371167e0b1sm14246286b3a.97.2025.03.20.07.36.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Mar 2025 07:36:41 -0700 (PDT) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Efraim Flashner <efraim@HIDDEN> Subject: Re: [bug#77110] [PATCH 1/2] gnu: ovmf-x86-64: Install QEMU firmware metadata file. In-Reply-To: <Z9vzzZ9VC9ErVoMK@3900XT> (Efraim Flashner's message of "Thu, 20 Mar 2025 12:54:05 +0200") References: <cover.1742368386.git.maxim.cournoyer@HIDDEN> <b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN> <Z9rcsovYB33unETT@3900XT> <87zfhgnqnx.fsf@HIDDEN> <Z9vzzZ9VC9ErVoMK@3900XT> Date: Thu, 20 Mar 2025 23:36:27 +0900 Message-ID: <87ldszn504.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77110 Cc: Vagrant Cascadian <vagrant@HIDDEN>, 77110 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi Efraim, Efraim Flashner <efraim@HIDDEN> writes: > On Thu, Mar 20, 2025 at 03:48:34PM +0900, Maxim Cournoyer wrote: >> Hi Efraim, >>=20 >> Efraim Flashner <efraim@HIDDEN> writes: >>=20 >> > 51-edk2-ovmf-2m-raw-x64-nosb.json is very similar to a file shipped by >> > qemu, in the sources in pc-bios/descriptors=C2=B9. >>=20 >> Indeed, I found out the firmwares currently bundled with QEMU (see >> bug#77092) come with firmware descriptors. Are you suggesting we use >> these instead? I don't mind too much, except that's a lot of source to >> unpack to grab a template file, which seems inefficient to me, and that >> accessing source archives is a bit annoying currently in Guix (because >> it may be a tarball, or a directory, or it may change if patches get >> later added... but that's an issue for another time). > > It looks like they're also installed in $out/share/qemu/firmware. At > that point they have their paths pointing to qemu's location for the > firmware, but we could change that at build time to point to firmware > we've built or as part of a service to point to a different location. > > Reminding myself again that we're looking at the firmware itself, I > think we shouldn't install a VM configuration file as part of the > firmware. That's what most distributions appears to do, for example Fedora [0], and it makes sense to me. QEMU itself should come without firmwares if we want to keep its size in check, and it can't include the descriptor files if it doesn't ship the firmware as the descriptor files reference the file names (well, we could point to some place where they eventually land, and have this provisioned by a service, but that's inelegant). [0] https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/edk2.spec#_569 [...] >> Libvirt has no search path for that. IIRC, it uses >> $XDG_CONFIG_HOME/qemu/firmware if you run it as a simple user, and >> otherwise /usr/share/qemu/firmware on FHS, with /etc/qemu/firmware as a >> fallback to discover the firmware metadata files for QEMU. > > The libvirt service does have a qemu field. Perhaps we could make use of > that somehow? It's useful to have qemu a distinct field to firmwares; it points to the qemu package/binary used by libvirt while firmwares allow you to specify which firmware files are made available. Note that since QEMU currently bundles many firmwares with their descriptors, you can currently add 'qemu' to the list of firmwares and it'll make them available to libvirt (though I wouldn't advertise this too much as the goal should be to move them to their own distinct packages). --=20 Thanks, Maxim
guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.
Received: (at 77110) by debbugs.gnu.org; 20 Mar 2025 10:54:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 20 06:54:20 2025
Received: from localhost ([127.0.0.1]:55538 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tvDXY-0004Pq-8S
for submit <at> debbugs.gnu.org; Thu, 20 Mar 2025 06:54:20 -0400
Received: from mail-ej1-x62d.google.com ([2a00:1450:4864:20::62d]:56413)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <efraim.flashner@HIDDEN>)
id 1tvDXT-0004PX-9z
for 77110 <at> debbugs.gnu.org; Thu, 20 Mar 2025 06:54:17 -0400
Received: by mail-ej1-x62d.google.com with SMTP id
a640c23a62f3a-ac2bdea5a38so109614266b.0
for <77110 <at> debbugs.gnu.org>; Thu, 20 Mar 2025 03:54:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742468049; x=1743072849; darn=debbugs.gnu.org;
h=in-reply-to:content-disposition:mime-version:references
:mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to
:cc:subject:date:message-id:reply-to;
bh=+mygLwY0e2G5UCJykJWORZ2T6QbGBcVCYipEIBEMTTM=;
b=EydVE/Rph5b5ybnAJ9N9Op3bHvpvRdPT0eS2Ifd9cl92WO+YtKzwgpVN2T2j6iIlGj
xPqe0OF6WV7nbqLMKwRmEN+4mbabGDtViG7BEp1pPZMJF4uXw7iHlvP5AbiPYR77ch1N
DPzP06zDYYZiCz9850PIO3rvxxKyKkn0bXMr+lSECzuKptqyOKNg41iwxCx/tFw2k/NG
Z+2TqYw+7SyCqtnX2D0aoubpI36Fgsb+/YgVPJAAtj5zSee5b9H+wfmTVc9eCWqLDFjT
MKNDsNorZ5l4aUhonC83M2Cjc/B4iDTcQ4A3ZYJ3Qf2Jof0so2OhT5GY0YAsp5M9JKbS
k1wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742468049; x=1743072849;
h=in-reply-to:content-disposition:mime-version:references
:mail-followup-to:message-id:subject:cc:to:from:date:sender
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=+mygLwY0e2G5UCJykJWORZ2T6QbGBcVCYipEIBEMTTM=;
b=i52FCCefek3pBoUP6iDrXivComRlEDJDp/dueHj/YNGt5ICsf+wCTYJIFbGPs0jP/t
gAf/BXjVPweh0wqCm7doeMeXfKh9JynD7cKxn7hcMvlFJewY8Jt19Xsbp/X01LVPkJkV
WGHCL6lFP/SbCi0jEFLizF03cr1/uR7QpgpvcopLvAhUT7VM7yy6BAq3Bik0Fwex2Hyd
eT/xyYZkHIKUsBO/BNhiMOvbLskMP+7YuCUIujDn/nv+MYdjeEdpBkkS585mzfqw2inQ
LdNcIqdQqPccjXJknya75/ng8dADCIXuuQjCTcDEVqdLDopwyT4o7xNaCOkKG8sFt99C
ZS2A==
X-Gm-Message-State: AOJu0Yz00V+FSLoBPmzVlio0Wr9bTfE7iFB9jclk3yflT5mCETS9Mxvb
IsEKixNTilSyjaDeZvsppPST0pAaa7JvRS529vXTR4Lou8iKQmo3ad1j8BdV
X-Gm-Gg: ASbGnctXAO056R/jl0Z6MUB3w1DmufN3CsnqBDVd6mq5EfTZzD5WsDuVn7JukRJkER6
C5KDcNf87gVmpyFD2zJNzQGMuPtSz4ZnbuYcFRjjgnV2DNWVV84gxYAzzROXEvjBH6iBQCGiUwk
JxTenQCG7HqDtdrUstWw/3LVJBZt/iTjqLIw8Jc22g9e0+NIpErqDkyXoFfs6/5DjexXjh0nByj
heoG4x66m0BTKHyoLSfee6uA3HeUoBLJkjFyEGuPGTEhoWblFHjA6GBeJsynuRTcTBd67w7ggmK
5ax2Cub7bdU7hRwyn0HDDD8d/FhNjJoEHjz85y5P03U=
X-Google-Smtp-Source: AGHT+IFMvIDMP11j29gSEcI6rB0Pn7dE1e/3aThxLU/qcj42OIfk1NvX/UXJRjM5kcgxafMdrhYq2w==
X-Received: by 2002:a17:907:86a4:b0:abf:c20d:501a with SMTP id
a640c23a62f3a-ac3cdfba22dmr338397966b.16.1742468048276;
Thu, 20 Mar 2025 03:54:08 -0700 (PDT)
Received: from localhost ([31.210.181.32]) by smtp.gmail.com with ESMTPSA id
a640c23a62f3a-ac3147ec3bcsm1161823066b.62.2025.03.20.03.54.06
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 20 Mar 2025 03:54:07 -0700 (PDT)
Date: Thu, 20 Mar 2025 12:54:05 +0200
From: Efraim Flashner <efraim@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#77110] [PATCH 1/2] gnu: ovmf-x86-64: Install QEMU firmware
metadata file.
Message-ID: <Z9vzzZ9VC9ErVoMK@3900XT>
Mail-Followup-To: Efraim Flashner <efraim@HIDDEN>,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 77110 <at> debbugs.gnu.org,
Vagrant Cascadian <vagrant@HIDDEN>
References: <cover.1742368386.git.maxim.cournoyer@HIDDEN>
<b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
<Z9rcsovYB33unETT@3900XT> <87zfhgnqnx.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="xYwWAC8JJtIVPrLm"
Content-Disposition: inline
In-Reply-To: <87zfhgnqnx.fsf@HIDDEN>
x-ms-reactions: disallow
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
X-TUID: XifGAwEFHFNs
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77110
Cc: Vagrant Cascadian <vagrant@HIDDEN>, 77110 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--xYwWAC8JJtIVPrLm
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 20, 2025 at 03:48:34PM +0900, Maxim Cournoyer wrote:
> Hi Efraim,
>=20
> Efraim Flashner <efraim@HIDDEN> writes:
>=20
> > 51-edk2-ovmf-2m-raw-x64-nosb.json is very similar to a file shipped by
> > qemu, in the sources in pc-bios/descriptors=C2=B9.
>=20
> Indeed, I found out the firmwares currently bundled with QEMU (see
> bug#77092) come with firmware descriptors. Are you suggesting we use
> these instead? I don't mind too much, except that's a lot of source to
> unpack to grab a template file, which seems inefficient to me, and that
> accessing source archives is a bit annoying currently in Guix (because
> it may be a tarball, or a directory, or it may change if patches get
> later added... but that's an issue for another time).
It looks like they're also installed in $out/share/qemu/firmware. At
that point they have their paths pointing to qemu's location for the
firmware, but we could change that at build time to point to firmware
we've built or as part of a service to point to a different location.
Reminding myself again that we're looking at the firmware itself, I
think we shouldn't install a VM configuration file as part of the
firmware.
> [...]
>=20
> >> diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
> >> index 63f767f72b..c1d8ba3719 100644
> >> --- a/gnu/packages/firmware.scm
> >> +++ b/gnu/packages/firmware.scm
> >> @@ -1001,6 +1001,10 @@ (define* (make-ovmf-firmware arch)
> >> (license (list license:expat
> >> license:bsd-2 license:bsd-3 license:bsd-4)))))
> >> =20
> >> +(define (ovmf-aux-file name)
> >> + "Return as a gexp the auxiliary OVMF file corresponding to NAME."
> >> + (local-file (search-auxiliary-file (string-append "ovmf/" name))))
> >> +
> >> (define-public ovmf-x86-64
> >> (let ((base (make-ovmf-firmware "x86_64")))
> >> (package
> >> @@ -1022,7 +1026,25 @@ (define-public ovmf-x86-64
> >> (string-append fmw "/" (string-downcase file)=
"_x64.bin")))
> >> (list "OVMF"
> >> "OVMF_CODE"
> >> - "OVMF_VARS"))))))))))))
> >> + "OVMF_VARS")))))
> >
> > These 3 files we rename from OVMF* to ovmf*_x64.bin, but based on
> > roms/edk2-build.config from the qemu sources=C2=B2 OVMF_CODE would beco=
me
> > edk2-x86_64-code.fd. I think we should standardize on using Qemu's
> > naming scheme for the files.
>=20
> I think we should go ever farther and standardize on *not* renaming them
> at all. This would remove the arbitrary nature of renaming them to
> something else that is bound to surprise users. On most distributions
> they are kept under their original names. The JSON firmware
> metadata/descriptors files can refer to any name anyway, so outside of
> following conventions, the name is not too important.
>=20
> But I'd prefer to keep this renaming business for another time, perhaps
> when I get to add more UEFI firmware variants (at which point it may be
> more efficient to build them all at once and split them in various
> outputs).
Sounds like a good idea.
> > Also we currently install these files to %output/share/firmware and
> > there are other files we install to %output/share/qemu and we should
> > probably standardize between them.
>=20
> The location of the files should match the prevalent convention, which I
> think is share/firmware. QEMU firmware metadata files on the other hand
> must be under share/qemu/firmware/, as this is where libvirt expects to
> find them (actually it won't because we aren't FHS, but that's where it
> would otherwise :-)).
>=20
> >> + (add-after 'install 'install-qemu-firmware-metadata
> >> + (lambda _
> >> + ;; The QEMU firmware metadata files are taken from =
the
> >> + ;; Fedora project (see:
> >> + ;; https://src.fedoraproject.org/rpms/edk2/tree/raw=
hide).
> >> + (let ((51-edk2-ovmf-2m-raw-x64-nosb.json-source
> >> + #$(ovmf-aux-file "51-edk2-ovmf-2m-raw-x64-no=
sb.json"))
> >> + (51-edk2-ovmf-2m-raw-x64-nosb.json-dest
> >> + (string-append #$output "/share/qemu/firmwar=
e/"
> >> + "51-edk2-ovmf-2m-raw-x64-nosb=
=2Ejson")))
> >> + (mkdir-p (dirname 51-edk2-ovmf-2m-raw-x64-nosb.js=
on-dest))
> >> + (copy-file 51-edk2-ovmf-2m-raw-x64-nosb.json-sour=
ce
> >> + 51-edk2-ovmf-2m-raw-x64-nosb.json-dest)
> >> + (substitute* 51-edk2-ovmf-2m-raw-x64-nosb.json-de=
st
> >> + (("/usr/share/edk2/ovmf/OVMF_(CODE|VARS).fd" _ =
kind)
> >> + (string-append
> >> + #$output "/share/firmware/ovmf_"
> >> + (string-downcase kind) "_x64.bin")))))))))))))
> >
> > Would it be possible to instead use the search-path to find the
> > firmwares or is that not really possible?
>=20
> Libvirt has no search path for that. IIRC, it uses
> $XDG_CONFIG_HOME/qemu/firmware if you run it as a simple user, and
> otherwise /usr/share/qemu/firmware on FHS, with /etc/qemu/firmware as a
> fallback to discover the firmware metadata files for QEMU.
The libvirt service does have a qemu field. Perhaps we could make use of
that somehow?
> --=20
> Thanks,
> Maxim
--=20
Efraim Flashner <efraim@HIDDEN> =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
--xYwWAC8JJtIVPrLm
Content-Type: application/pgp-signature; name=signature.asc
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmfb88kACgkQQarn3Mo9
g1EoNQ/9G1P1VRA+qabU/MrdMVJxNsFMpoPd62U3a+qf0UcVkEccUHqPFdiFyMC6
Y8sma+uNDqCIaoH/7lj5YShlw87oWQkrJBTyD9yxdbx8hPiW7qoCttb6d0eFynDV
jzsKynVL/dBYrvZVKG3PGbiWgIFqKX34gQXnYGFqrFyHOmmYVQr2bTjWODET6e8i
PSmwW+QOUSnNiBx4MyUKdcUUiIGkJlbiw4sUj/T+WtFBbe0KH+R5jDgjYXmTL5yA
3YQs8lux8+1kRuxQe5rQ1bZSf0x6l+j5tI67/k8K6eaY/VdsKp+6LNdWoTzPLzEu
QC1rHVT7E7hpNGqrEkHCk2NKTj5QV4FypVlPUNMV8zbOyfRqZzjkZHzsIw/dSPbX
N2fNnlUJuuezZ14f6DRtzpioH1DL1Px9OhejTkg16lBU00YauihdhHqGydn4LHp0
FOJupmB5Q58sbcCPRrlwRrLsxCalprEssEGT917CZI4546/reUt1EuTiSRsoELhY
SOoITDqxLbQAtn3rKnnEgJ251wCGQDdxHoGMvjLDRddXB8rv1qXZIQIrnQ7gxGmm
A+ghFYY9t4FgBXfzlR6ELpEN2wAw+MPBqhZSHyEFb3eJpnnB9CzkY5NGDE5Xs72R
J7Hx2OiooP7aGv0VnQ26d4B3jc8eZ5eUs23/U636aHLbhpsmpE0=
=m02T
-----END PGP SIGNATURE-----
--xYwWAC8JJtIVPrLm--
guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.
Received: (at 77110) by debbugs.gnu.org; 20 Mar 2025 06:48:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 20 02:48:58 2025
Received: from localhost ([127.0.0.1]:54970 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tv9i6-0001ct-Eb
for submit <at> debbugs.gnu.org; Thu, 20 Mar 2025 02:48:58 -0400
Received: from mail-pl1-x630.google.com ([2607:f8b0:4864:20::630]:47577)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1tv9i3-0001cb-Ki
for 77110 <at> debbugs.gnu.org; Thu, 20 Mar 2025 02:48:56 -0400
Received: by mail-pl1-x630.google.com with SMTP id
d9443c01a7336-224341bbc1dso5711185ad.3
for <77110 <at> debbugs.gnu.org>; Wed, 19 Mar 2025 23:48:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742453329; x=1743058129; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=L+B44dCfiq+xTEst6S3XHzWIGNLwcFsMiQjo4Gb9ZzM=;
b=K1UOWLYJ9Wb+to9csqg4ksN5eIjt6OPuqTpCn3W09SZnpG46YgyYOTFm74q4b/hYZP
r57eTgdqj8DykC4lHSDFxsera/X3lqFbs6e8UoILPVqiF9K0mnGIEnx41OabbgCTxjv8
rzD1m3bvJaf6zdOyFohfTtJfW3zVcsaEkzJ5PV9vxSjte9D1MdbJZh+QcPJn6Xa3AFfo
8ZaLfoaTrKMcVPHKb1lCtZnlPgQ8T+YLKnk4iTCesn3bKAz8bMgVvshqdu43r69iBEYo
31bt2wCNcYfP8233zRVctSl9Rxmt0gbyVAIWVNQELnjBPm1dyX4VTApOdoDLzpZYCj7/
waKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742453329; x=1743058129;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
:to:cc:subject:date:message-id:reply-to;
bh=L+B44dCfiq+xTEst6S3XHzWIGNLwcFsMiQjo4Gb9ZzM=;
b=LMVffnbmUo90H9KgVegXLG3I/HQRq7Xomzo4ds8NcptxVsklLScCWXg6UfYxOV+LFP
auSu+rmW8MkvNDhfvu9NEWFvatJOgTnTvg6iSr58yjMASZ938TPqfYMSnzctOTYJD9h9
Hc4CnLlL5tyWVJn8kP6ylNzPSZrkMYWZRrgouhST8U2ZFUer5wNedHU7qBQ7ATnJEeod
OJC1c/Y+Jx3prFQPpVkRv43yot3SkfYxscdC3swwNNWcqyAemphGJwnc7DFSret/xf68
mFLyFI5fV2EnhDq5yqjuXQYp99F3Yp+3FA2UNo7Z3lyganYjXpPRNxtjj5ICmB4jUbpU
zoLw==
X-Gm-Message-State: AOJu0Yx69tjQZw1JT6u8ftTFhf6ch82A5mKWFj0yiiKsfjk++QcvbY0Y
HzwVGcWFUPDK33bcSrbpCXJqqUnAw011xKU9sfsKV9iupMJGVrfOuIhcgv8RJsE=
X-Gm-Gg: ASbGncs84G8qP+2eBqUhZQJ1CQJ0kal/If2FE4DVW5bwJNA2dRqVary19mCHh0+F3BC
lyUCruUZX+hL2cdz/uioyohcYMs+HJ1rUamctRfSLsm3FSraZ/l/vsTW7u5By6Ni71rgEz+zda2
LalxQyGeJ7Ip1QGXAsqip0geQdi1C/J0mfH4yFpcTjHHZ7gvtFtVxdVKqPOi+LxCq0ue86BXe2S
DW4MR/yhVXUg7qOZWQOZKbMS4FFuXnPgnEW/SEU2CM935rHHjJW/L+N5eZif297K4so4xCN2DWQ
ORWi0YUbDN/vdDH3p3JgkrCWKHEHxcOlTJ7zQvdV6t0=
X-Google-Smtp-Source: AGHT+IH9ME673r0OqgfayzvfmE7zZamC104EBD2cXTw1O0HAxCBMewB4mDxCURkLA6CuxHiou6mKLQ==
X-Received: by 2002:a17:903:32cc:b0:224:1ec0:8a0c with SMTP id
d9443c01a7336-22649925924mr81253625ad.29.1742453329343;
Wed, 19 Mar 2025 23:48:49 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-225c6bd3d45sm127221565ad.220.2025.03.19.23.48.47
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 19 Mar 2025 23:48:48 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Efraim Flashner <efraim@HIDDEN>
Subject: Re: [bug#77110] [PATCH 1/2] gnu: ovmf-x86-64: Install QEMU firmware
metadata file.
In-Reply-To: <Z9rcsovYB33unETT@3900XT> (Efraim Flashner's message of "Wed, 19
Mar 2025 17:03:14 +0200")
References: <cover.1742368386.git.maxim.cournoyer@HIDDEN>
<b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
<Z9rcsovYB33unETT@3900XT>
Date: Thu, 20 Mar 2025 15:48:34 +0900
Message-ID: <87zfhgnqnx.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77110
Cc: Vagrant Cascadian <vagrant@HIDDEN>, 77110 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Efraim,
Efraim Flashner <efraim@HIDDEN> writes:
> 51-edk2-ovmf-2m-raw-x64-nosb.json is very similar to a file shipped by
> qemu, in the sources in pc-bios/descriptors=C2=B9.
Indeed, I found out the firmwares currently bundled with QEMU (see
bug#77092) come with firmware descriptors. Are you suggesting we use
these instead? I don't mind too much, except that's a lot of source to
unpack to grab a template file, which seems inefficient to me, and that
accessing source archives is a bit annoying currently in Guix (because
it may be a tarball, or a directory, or it may change if patches get
later added... but that's an issue for another time).
[...]
>> diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
>> index 63f767f72b..c1d8ba3719 100644
>> --- a/gnu/packages/firmware.scm
>> +++ b/gnu/packages/firmware.scm
>> @@ -1001,6 +1001,10 @@ (define* (make-ovmf-firmware arch)
>> (license (list license:expat
>> license:bsd-2 license:bsd-3 license:bsd-4)))))
>>=20=20
>> +(define (ovmf-aux-file name)
>> + "Return as a gexp the auxiliary OVMF file corresponding to NAME."
>> + (local-file (search-auxiliary-file (string-append "ovmf/" name))))
>> +
>> (define-public ovmf-x86-64
>> (let ((base (make-ovmf-firmware "x86_64")))
>> (package
>> @@ -1022,7 +1026,25 @@ (define-public ovmf-x86-64
>> (string-append fmw "/" (string-downcase file) "=
_x64.bin")))
>> (list "OVMF"
>> "OVMF_CODE"
>> - "OVMF_VARS"))))))))))))
>> + "OVMF_VARS")))))
>
> These 3 files we rename from OVMF* to ovmf*_x64.bin, but based on
> roms/edk2-build.config from the qemu sources=C2=B2 OVMF_CODE would become
> edk2-x86_64-code.fd. I think we should standardize on using Qemu's
> naming scheme for the files.
I think we should go ever farther and standardize on *not* renaming them
at all. This would remove the arbitrary nature of renaming them to
something else that is bound to surprise users. On most distributions
they are kept under their original names. The JSON firmware
metadata/descriptors files can refer to any name anyway, so outside of
following conventions, the name is not too important.
But I'd prefer to keep this renaming business for another time, perhaps
when I get to add more UEFI firmware variants (at which point it may be
more efficient to build them all at once and split them in various
outputs).
> Also we currently install these files to %output/share/firmware and
> there are other files we install to %output/share/qemu and we should
> probably standardize between them.
The location of the files should match the prevalent convention, which I
think is share/firmware. QEMU firmware metadata files on the other hand
must be under share/qemu/firmware/, as this is where libvirt expects to
find them (actually it won't because we aren't FHS, but that's where it
would otherwise :-)).
>> + (add-after 'install 'install-qemu-firmware-metadata
>> + (lambda _
>> + ;; The QEMU firmware metadata files are taken from the
>> + ;; Fedora project (see:
>> + ;; https://src.fedoraproject.org/rpms/edk2/tree/rawhi=
de).
>> + (let ((51-edk2-ovmf-2m-raw-x64-nosb.json-source
>> + #$(ovmf-aux-file "51-edk2-ovmf-2m-raw-x64-nosb=
.json"))
>> + (51-edk2-ovmf-2m-raw-x64-nosb.json-dest
>> + (string-append #$output "/share/qemu/firmware/"
>> + "51-edk2-ovmf-2m-raw-x64-nosb.j=
son")))
>> + (mkdir-p (dirname 51-edk2-ovmf-2m-raw-x64-nosb.json=
-dest))
>> + (copy-file 51-edk2-ovmf-2m-raw-x64-nosb.json-source
>> + 51-edk2-ovmf-2m-raw-x64-nosb.json-dest)
>> + (substitute* 51-edk2-ovmf-2m-raw-x64-nosb.json-dest
>> + (("/usr/share/edk2/ovmf/OVMF_(CODE|VARS).fd" _ ki=
nd)
>> + (string-append
>> + #$output "/share/firmware/ovmf_"
>> + (string-downcase kind) "_x64.bin")))))))))))))
>
> Would it be possible to instead use the search-path to find the
> firmwares or is that not really possible?
Libvirt has no search path for that. IIRC, it uses
$XDG_CONFIG_HOME/qemu/firmware if you run it as a simple user, and
otherwise /usr/share/qemu/firmware on FHS, with /etc/qemu/firmware as a
fallback to discover the firmware metadata files for QEMU.
--=20
Thanks,
Maxim
guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.
Received: (at 77110) by debbugs.gnu.org; 19 Mar 2025 15:07:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 19 11:07:02 2025
Received: from localhost ([127.0.0.1]:52210 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tuv0U-00043X-DF
for submit <at> debbugs.gnu.org; Wed, 19 Mar 2025 11:07:02 -0400
Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]:51271)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <efraim.flashner@HIDDEN>)
id 1tuux6-0003TX-La
for 77110 <at> debbugs.gnu.org; Wed, 19 Mar 2025 11:03:32 -0400
Received: by mail-ej1-x629.google.com with SMTP id
a640c23a62f3a-ac2c663a3daso707279466b.2
for <77110 <at> debbugs.gnu.org>; Wed, 19 Mar 2025 08:03:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742396602; x=1743001402; darn=debbugs.gnu.org;
h=in-reply-to:content-disposition:mime-version:references
:mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to
:cc:subject:date:message-id:reply-to;
bh=t4ewjpn8qsmgbUg5//Z9diZvDs3FACfoiLkmXuyf3Mk=;
b=E4JlQtCR+36jEJGN42QqyXVOAAppTvzODOSpHaDgfDJy5nysleuWxbbss2rAb4/zp4
lcphWtInlPZ49aZmPxLwbmc2rEWh718u3LlxiHDH04A0gyJDrieY8t4MTlP5SE5JtHPm
xLe8DMvcrUxhxaoHJQP0aDwUtq7Cu6lGa7EfkW6UCCIOe8IVQvvXJPuo0RmafFB78MkV
7z4kNsulRbmBzrW59Gdpw9zr014rKpXBW3Ep0NDPf/+oeyWc7+1N932ttVznW6S8HQZN
h+kbPYUtR2Kd/tF0a0NQnbYKqPERTcg537s1DvNhdCzXcjY06O21I9j/pjhPcw5ZZMDF
HSkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742396602; x=1743001402;
h=in-reply-to:content-disposition:mime-version:references
:mail-followup-to:message-id:subject:cc:to:from:date:sender
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=t4ewjpn8qsmgbUg5//Z9diZvDs3FACfoiLkmXuyf3Mk=;
b=EuMZVHuezrMAkLhNTNXvXSdUb5WyklFpQWVflBQagrvBte/G+fj06JtEUSt60ah3xn
vCyVid3dpZQ9l8JuHLAVqzCT0l7PG9rOx/klp/F1oNGRNN/gfjSRoIsR3n5ehwMPEtME
Reo30DNlWtnMyFntUEGLd/jF36xNpkv4GIoW/fRljxiXswrzEt6tOlO5p+Ia75bW1B8s
Uu7BkTE5f6gDfJgwl7pE9uXRuX5EcShJqo7dfCrL/JgLT/vxrVND0rk7zCruz8FUyk6R
5GdHmII2hdGrzhyK/OUqwzkDocJ1l//+5bFBJN1ne60sz+kQJKm31HjKiVbivjAB9ePR
I77w==
X-Gm-Message-State: AOJu0YxCRd2YJCK1Cp9sQ0Gz6v9bEQ0U4IDrAy4bRzu2rP6iTnBWRL9F
OcsOW0Yst9ay2bAu07aq5nvssthBfB+BEXfZWTzAeiS85TJ8qzKb
X-Gm-Gg: ASbGncv28pPbPR6FojmJstKe8DgVjB86xqIWstVPz11Mv2p9k+DK1nXFTPSp7qffJND
4hOntg9AhEFa2TX3e/REQc8SfRrkSvxh5jdTHAINvnO3TwphJ10Ug18ToHn1VzEUWW7bhUZX/VC
d9UMjZBYUWb7Z9q7cvDsS2soTx4N5efRtsdECoEz2gvoKejgt/hc9LL+L4mON1bpthys16A3I1b
BuhSB1k7bxnuhHAXLd95VG4rl+UlirEJleSOOzsGVvcPoV0qXy8M8F9CRsf4uTQL2R9f1MKTAbf
V1MOZagvmNKgQZJnY6923Pg7JUIthNWtsc0W19BQ4rU=
X-Google-Smtp-Source: AGHT+IED5UM9le/8+Oy1XqvxP6iZY1qDHC5AD6pHfOK+jPyeRwXcTw3+K9Xg40HnL/6UncvaXh3wag==
X-Received: by 2002:a17:907:c88a:b0:ac3:bdd2:e70c with SMTP id
a640c23a62f3a-ac3bdd2f5d8mr297482566b.35.1742396597463;
Wed, 19 Mar 2025 08:03:17 -0700 (PDT)
Received: from localhost ([31.210.181.32]) by smtp.gmail.com with ESMTPSA id
a640c23a62f3a-ac3146aeb2fsm1047457766b.15.2025.03.19.08.03.16
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 19 Mar 2025 08:03:16 -0700 (PDT)
Date: Wed, 19 Mar 2025 17:03:14 +0200
From: Efraim Flashner <efraim@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#77110] [PATCH 1/2] gnu: ovmf-x86-64: Install QEMU firmware
metadata file.
Message-ID: <Z9rcsovYB33unETT@3900XT>
Mail-Followup-To: Efraim Flashner <efraim@HIDDEN>,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 77110 <at> debbugs.gnu.org,
Vagrant Cascadian <vagrant@HIDDEN>
References: <cover.1742368386.git.maxim.cournoyer@HIDDEN>
<b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="oeMJxUSNHFmtIW1M"
Content-Disposition: inline
In-Reply-To: <b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77110
Cc: Vagrant Cascadian <vagrant@HIDDEN>, 77110 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--oeMJxUSNHFmtIW1M
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
51-edk2-ovmf-2m-raw-x64-nosb.json is very similar to a file shipped by
qemu, in the sources in pc-bios/descriptors=C2=B9.
On Wed, Mar 19, 2025 at 09:45:12PM +0900, Maxim Cournoyer wrote:
> * gnu/packages/firmware.scm (ovmf-x86-64)
> [phases] {install-qemu-firmware-metadata}: New phase.
> (ovmf-aux-file): New procedure.
> * gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json: New file.
> * Makefile.am (AUX_FILES): Register it.
>=20
> Change-Id: I301eac8b79aed523f3b4cdedb7b3925d8fd0ad3d
> ---
>=20
> Makefile.am | 1 +
> .../ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json | 36 +++++++++++++++++++
> gnu/packages/firmware.scm | 24 ++++++++++++-
> 3 files changed, 60 insertions(+), 1 deletion(-)
> create mode 100644 gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-n=
osb.json
>=20
> diff --git a/Makefile.am b/Makefile.am
> index c668b96a37..f2f4a9643e 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -472,6 +472,7 @@ AUX_FILES =3D \
> gnu/packages/aux-files/linux-libre/5.4-arm64.conf \
> gnu/packages/aux-files/linux-libre/5.4-i686.conf \
> gnu/packages/aux-files/linux-libre/5.4-x86_64.conf \
> + gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json \
> gnu/packages/aux-files/pack-audit.c \
> gnu/packages/aux-files/python/sanity-check.py \
> gnu/packages/aux-files/python/sitecustomize.py \
> diff --git a/gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.jso=
n b/gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json
> new file mode 100644
> index 0000000000..050853e2b8
> --- /dev/null
> +++ b/gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json
> @@ -0,0 +1,36 @@
> +{
> + "description": "OVMF without SB+SMM, empty varstore",
> + "interface-types": [
> + "uefi"
> + ],
> + "mapping": {
> + "device": "flash",
> + "mode" : "split",
> + "executable": {
> + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
> + "format": "raw"
> + },
> + "nvram-template": {
> + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
> + "format": "raw"
> + }
> + },
> + "targets": [
> + {
> + "architecture": "x86_64",
> + "machines": [
> + "pc-i440fx-*",
> + "pc-q35-*"
> + ]
> + }
> + ],
> + "features": [
> + "acpi-s3",
> + "amd-sev",
> + "amd-sev-es",
> + "verbose-dynamic"
> + ],
> + "tags": [
> +
> + ]
> +}
> diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
> index 63f767f72b..c1d8ba3719 100644
> --- a/gnu/packages/firmware.scm
> +++ b/gnu/packages/firmware.scm
> @@ -1001,6 +1001,10 @@ (define* (make-ovmf-firmware arch)
> (license (list license:expat
> license:bsd-2 license:bsd-3 license:bsd-4)))))
> =20
> +(define (ovmf-aux-file name)
> + "Return as a gexp the auxiliary OVMF file corresponding to NAME."
> + (local-file (search-auxiliary-file (string-append "ovmf/" name))))
> +
> (define-public ovmf-x86-64
> (let ((base (make-ovmf-firmware "x86_64")))
> (package
> @@ -1022,7 +1026,25 @@ (define-public ovmf-x86-64
> (string-append fmw "/" (string-downcase file) "_=
x64.bin")))
> (list "OVMF"
> "OVMF_CODE"
> - "OVMF_VARS"))))))))))))
> + "OVMF_VARS")))))
These 3 files we rename from OVMF* to ovmf*_x64.bin, but based on
roms/edk2-build.config from the qemu sources=C2=B2 OVMF_CODE would become
edk2-x86_64-code.fd. I think we should standardize on using Qemu's
naming scheme for the files.
Also we currently install these files to %output/share/firmware and
there are other files we install to %output/share/qemu and we should
probably standardize between them.
> + (add-after 'install 'install-qemu-firmware-metadata
> + (lambda _
> + ;; The QEMU firmware metadata files are taken from the
> + ;; Fedora project (see:
> + ;; https://src.fedoraproject.org/rpms/edk2/tree/rawhid=
e).
> + (let ((51-edk2-ovmf-2m-raw-x64-nosb.json-source
> + #$(ovmf-aux-file "51-edk2-ovmf-2m-raw-x64-nosb.=
json"))
> + (51-edk2-ovmf-2m-raw-x64-nosb.json-dest
> + (string-append #$output "/share/qemu/firmware/"
> + "51-edk2-ovmf-2m-raw-x64-nosb.js=
on")))
> + (mkdir-p (dirname 51-edk2-ovmf-2m-raw-x64-nosb.json-=
dest))
> + (copy-file 51-edk2-ovmf-2m-raw-x64-nosb.json-source
> + 51-edk2-ovmf-2m-raw-x64-nosb.json-dest)
> + (substitute* 51-edk2-ovmf-2m-raw-x64-nosb.json-dest
> + (("/usr/share/edk2/ovmf/OVMF_(CODE|VARS).fd" _ kin=
d)
> + (string-append
> + #$output "/share/firmware/ovmf_"
> + (string-downcase kind) "_x64.bin")))))))))))))
Would it be possible to instead use the search-path to find the
firmwares or is that not really possible?
> =20
> (define-public ovmf-i686
> (let ((base (make-ovmf-firmware "i686")))
>=20
> base-commit: fa39695bbc0c5f79838cbca55d55eebd821a8efa
> --=20
> 2.48.1
>=20
=C2=B9 https://gitlab.com/qemu-project/qemu/-/blob/v9.1.3/pc-bios/descripto=
rs/60-edk2-x86_64.json
=C2=B2 https://gitlab.com/qemu-project/qemu/-/blob/v9.1.3/roms/edk2-build.c=
onfig#L62
--=20
Efraim Flashner <efraim@HIDDEN> =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
--oeMJxUSNHFmtIW1M
Content-Type: application/pgp-signature; name=signature.asc
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmfa3K8ACgkQQarn3Mo9
g1GV/hAAvPYg427KDdPrYFX7WPwV07gxY9zFucntkf1yfkmGYqKh4ywNoPjmNg2B
Yllp0ifP+K895jue6stAtPVWkh0bWbI5oaxCd1sMdyyQLIQmynj2H025w2FGQ+HF
44rsVrs7sVrdRMudZDoZ1dGQdg/bWGN4DtFmjUorZbaQYaqI7SkYO94ivPQNLg+L
cTLfSJzv2AHqkWnO/EVaQn/UWy6TP2XBoooykRdfo/5PDGSI74w6WRPTd/z1pbks
QKBHIQZ5wzFKuEtPye9u0zFIUVSo42gNoTFtPNN1anC3hgTvbLWN0C8JWl8m3Vwq
C+3nCOrpf0IP5NQKjk9KChfi0oLisZYT6pohS6B85YbQoafzbcTBCqBFEieEulUI
yeufAY7jje4V1uyjLi1SxMddB2ARPtYHuMyVsjQ1i6GHX53j41b/VFDEE7wqWfJV
czdw02qvwEArr0CcFtmWdqjMuvyvh+UdqEQ228jwFlqjuFDC7+DXx5gvzfsAxmhk
ngn2Aq2TeUHlKYMrDYCz9sIWu8zc5HgKGDcvhXHy0tsFvm5o0yxRb/FtCnDv2JAZ
63JreAz2HB6tuC+5srNzDP3wAamJKoMAvvfbM0FG3SAYAayHYIw+Nsp0rRl46csa
mroGo7GgzRnIulaIkBeiN82YsF7ZKn1xfyps3qMf5GIGrY/p7as=
=/OiD
-----END PGP SIGNATURE-----
--oeMJxUSNHFmtIW1M--
guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.
Received: (at 77110) by debbugs.gnu.org; 19 Mar 2025 12:46:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 19 08:46:11 2025
Received: from localhost ([127.0.0.1]:49348 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tusoD-0003Kv-6b
for submit <at> debbugs.gnu.org; Wed, 19 Mar 2025 08:46:11 -0400
Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]:61950)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1tuso7-0003K8-O1
for 77110 <at> debbugs.gnu.org; Wed, 19 Mar 2025 08:46:05 -0400
Received: by mail-pl1-x62d.google.com with SMTP id
d9443c01a7336-2260c915749so48245965ad.3
for <77110 <at> debbugs.gnu.org>; Wed, 19 Mar 2025 05:46:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742388357; x=1742993157; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=4e8Ktcnql/Tq/L48R9uVthsZAO/H47c+VcIutrwnx5s=;
b=ZI+mVVHX8U193xPp8Wj7QajrIpRKXYIHFxbggnUV8uzCV7ro+nYMgR7IA2zhOlCstf
+ZreLqJ63A4SWPESHdYQDloG8X42/rawVQwKiwG++4vjnb/++AGGwSz1FvB4QgJg2KuT
6jMGn0GtU7K5P34HYdCA5pANacmGtWdpa7qs8mykUeeFYillfqrco8xlGuHifxB/vHLn
3R4AxcKnOoBMdCJBzL72T3ReCdKQ20+D/4AZe7ngf69fjf4cdEKL68jomj6RdRHHUb6R
OuqI4V2qXqzsnotoYxF1RMYvhCXD1WRxnbfh9m+o2xfTf0joJ7rf0dJMwv5tZH8NoKF8
VlZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742388357; x=1742993157;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=4e8Ktcnql/Tq/L48R9uVthsZAO/H47c+VcIutrwnx5s=;
b=Xzc/osHUAW+7sQl1vFyhuhhF2FPKsjclR1eanRqmMLLxTzRltNJDPbxbfUpc9ofxQM
4vQkCPt/ZzAc+QdvAtthWpROBvWz8DEF+HOoEG0sN6G2pi4nBD6Rm3cvXtMouOhZGEIb
ebHVb3xse4HuuYEA8KlbbV2HSQdjMqLd3DQyb/KZUZc3TfXPIQV+fpRGbSRz9Za4BBkg
4XTSmpqlT8QrDbTuz4odQRwZ5JECx84eLwSzFqhcaTZ1fRKvROJZX/CyxpoHQWXivZdR
j+/9W/v9DKwxuBeThDnoHmBcALIfTW1Pqg6FAROFO/q2oy83PDMHZsQ2N45dfA7rsJLK
KcMw==
X-Gm-Message-State: AOJu0Yxaybssxj4rEfPtyWfb3OMpMtlR6JrbADhuWhzRXRfNvRfMcSsW
B4xGy1IYYgMpVA3mG6dkkNVswuYcgDuxNlt1+tYD4Oy0SPoM0DTS/x5ZdyJ2
X-Gm-Gg: ASbGncvPviwiHniXXl8NCzP/ybz10O6ieCNnILR3phKiL25TkZpF3DfYBnjA/T3mgqA
prkB9bpNJ0WFqv+biqMSR1mwked8QRmN9RXOhS6wIpKTLDBQ65XRf8LCW7xunFjO8A1l2itp42G
5GFb5p1YMlU8gbHSGSbLDSLUcnUpEOiKmuZ4ExV+0APy+S1eHaDWu7TMdSwjvNmzA7GFRupxPYL
kh2yFgHf62znqyS8jH6WCklOhj5gxCQsU8pVaKrZAdqaVdDrHw9xn7THMo0/fu47hW+cZlzUK8W
vLLk/OguXNhrr6e3SY+icGKdtK36daI5AbTZmCezdriRGGYNB1jIdx62d9dWLXrb
X-Google-Smtp-Source: AGHT+IEbeP23ifEEicxpE0CO7eEGohPHixWHH8uspW+JxjZgsnE8p+6DViEpauFVajaJpulQDBiapg==
X-Received: by 2002:a05:6a00:2350:b0:736:53c5:33ba with SMTP id
d2e1a72fcca58-7376d6f2168mr4381069b3a.16.1742388356233;
Wed, 19 Mar 2025 05:45:56 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-73711578a5csm11472600b3a.74.2025.03.19.05.45.54
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 19 Mar 2025 05:45:55 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 77110 <at> debbugs.gnu.org
Subject: [PATCH 2/2] services: libvirt: Add UEFI firmware support.
Date: Wed, 19 Mar 2025 21:45:13 +0900
Message-ID: <75bedfb1eb523c75eb913ff7967528f93a8f8e70.1742388313.git.maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
References: <b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77110
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
This makes libvirt able to boot images that require a UEFI bootloader, with
the available firmwares exposed to libvirt made configurable via a new
configuration field. For more background on the problem this fixes, see the
same issue that was reported in NixOS (see:
https://github.com/NixOS/nixpkgs/issues/115996).
* gnu/services/virtualization.scm: (list-of-file-likes?): New predicate.
(libvirt-configuration): [firmwares]: New field.
(/etc/qemu/firmware): New procedure.
(libvirt-service-type): Extend the etc-service-type with it.
(generate-libvirt-documentation): Delete obsolete procedure.
* doc/guix.texi: Re-generate doc.
* gnu/tests/virtualization.scm (run-libvirt-test): Augment memory from 256 to
512 MiB. Test it.
Change-Id: I40694964405f13681520bf1e28b7365b0200d8f7
---
doc/guix.texi | 506 ++++++++------------------------
gnu/services/virtualization.scm | 76 +++--
gnu/tests/virtualization.scm | 33 ++-
3 files changed, 211 insertions(+), 404 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0488559332..e36fbad19f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -37895,406 +37895,220 @@ Virtualization Services
@end lisp
@end defvar
-@c Auto-generated with (generate-libvirt-documentation)
+@c Auto-generated with (configuration->documentation 'libvirt-configuration)
+@c %start of fragment
+@deftp {Data Type} libvirt-configuration
Available @code{libvirt-configuration} fields are:
-@deftypevr {@code{libvirt-configuration} parameter} package libvirt
+@table @asis
+@item @code{libvirt} (default: @code{libvirt}) (type: file-like)
Libvirt package.
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tls?
-Flag listening for secure TLS connections on the public TCP/IP port.
-You must set @code{listen} for this to have any effect.
-
-It is necessary to setup a CA and issue server certificates before using
-this capability.
-
-Defaults to @samp{#t}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tcp?
-Listen for unencrypted TCP connections on the public TCP/IP port. You must
-set @code{listen} for this to have any effect.
-
-Using the TCP socket requires SASL authentication by default. Only SASL
-mechanisms which support data encryption are allowed. This is
-DIGEST_MD5 and GSSAPI (Kerberos5).
-
-Defaults to @samp{#f}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string tls-port
-Port for accepting secure TLS connections. This can be a port number,
-or service name.
+@item @code{qemu} (default: @code{qemu}) (type: file-like)
+Qemu package.
-Defaults to @samp{"16514"}.
+@item @code{firmwares} (default: @code{(ovmf-x86-64)}) (type: list-of-file-likes)
+List of UEFI/BIOS firmware packages to make available. Each firmware
+package should contain a @file{share/qemu/firmware/@var{NAME}.json} QEMU
+firmware metadata file.
-@end deftypevr
+@item @code{listen-tls?} (default: @code{#t}) (type: boolean)
+Flag listening for secure TLS connections on the public TCP/IP port.
+must set @code{listen} for this to have any effect. It is necessary to
+setup a CA and issue server certificates before using this capability.
-@deftypevr {@code{libvirt-configuration} parameter} string tcp-port
-Port for accepting insecure TCP connections. This can be a port number,
-or service name.
+@item @code{listen-tcp?} (default: @code{#f}) (type: boolean)
+Listen for unencrypted TCP connections on the public TCP/IP port. must
+set @code{listen} for this to have any effect. Using the TCP socket
+requires SASL authentication by default. Only SASL mechanisms which
+support data encryption are allowed. This is DIGEST_MD5 and GSSAPI
+(Kerberos5)
-Defaults to @samp{"16509"}.
+@item @code{tls-port} (default: @code{"16514"}) (type: string)
+Port for accepting secure TLS connections This can be a port number, or
+service name
-@end deftypevr
+@item @code{tcp-port} (default: @code{"16509"}) (type: string)
+Port for accepting insecure TCP connections This can be a port number,
+or service name
-@deftypevr {@code{libvirt-configuration} parameter} string listen-addr
+@item @code{listen-addr} (default: @code{"0.0.0.0"}) (type: string)
IP address or hostname used for client connections.
-Defaults to @samp{"0.0.0.0"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} boolean mdns-adv?
-Flag toggling mDNS advertisement of the libvirt service.
-
-Alternatively can disable for all services on a host by stopping the
-Avahi daemon.
+@item @code{mdns-adv?} (default: @code{#f}) (type: boolean)
+Flag toggling mDNS advertisement of the libvirt service. Alternatively
+can disable for all services on a host by stopping the Avahi daemon.
-Defaults to @samp{#f}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string mdns-name
+@item @code{mdns-name} (default: @code{"Virtualization Host terra"}) (type: string)
Default mDNS advertisement name. This must be unique on the immediate
broadcast network.
-Defaults to @samp{"Virtualization Host <hostname>"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-group
+@item @code{unix-sock-group} (default: @code{"libvirt"}) (type: string)
UNIX domain socket group ownership. This can be used to allow a
'trusted' set of users access to management capabilities without
becoming root.
-Defaults to @samp{"libvirt"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-ro-perms
+@item @code{unix-sock-ro-perms} (default: @code{"0777"}) (type: string)
UNIX socket permissions for the R/O socket. This is used for monitoring
VM status only.
-Defaults to @samp{"0777"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-rw-perms
+@item @code{unix-sock-rw-perms} (default: @code{"0770"}) (type: string)
UNIX socket permissions for the R/W socket. Default allows only root.
If PolicyKit is enabled on the socket, the default will change to allow
everyone (eg, 0777)
-Defaults to @samp{"0770"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-admin-perms
+@item @code{unix-sock-admin-perms} (default: @code{"0777"}) (type: string)
UNIX socket permissions for the admin socket. Default allows only owner
(root), do not change it unless you are sure to whom you are exposing
the access to.
-Defaults to @samp{"0777"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-dir
+@item @code{unix-sock-dir} (default: @code{"/var/run/libvirt"}) (type: string)
The directory in which sockets will be found/created.
-Defaults to @samp{"/var/run/libvirt"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-ro
+@item @code{auth-unix-ro} (default: @code{"polkit"}) (type: string)
Authentication scheme for UNIX read-only sockets. By default socket
permissions allow anyone to connect
-Defaults to @samp{"polkit"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-rw
+@item @code{auth-unix-rw} (default: @code{"polkit"}) (type: string)
Authentication scheme for UNIX read-write sockets. By default socket
permissions only allow root. If PolicyKit support was compiled into
libvirt, the default will be to use 'polkit' auth.
-Defaults to @samp{"polkit"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string auth-tcp
+@item @code{auth-tcp} (default: @code{"sasl"}) (type: string)
Authentication scheme for TCP sockets. If you don't enable SASL, then
all TCP traffic is cleartext. Don't do this outside of a dev/test
scenario.
-Defaults to @samp{"sasl"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string auth-tls
+@item @code{auth-tls} (default: @code{"none"}) (type: string)
Authentication scheme for TLS sockets. TLS sockets already have
encryption provided by the TLS layer, and limited authentication is done
-by certificates.
-
-It is possible to make use of any SASL authentication mechanism as well,
-by using 'sasl' for this option
+by certificates. It is possible to make use of any SASL authentication
+mechanism as well, by using 'sasl' for this option
-Defaults to @samp{"none"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} optional-list access-drivers
-API access control scheme.
-
-By default an authenticated user is allowed access to all APIs. Access
-drivers can place restrictions on this.
-
-Defaults to @samp{'()}.
-
-@end deftypevr
+@item @code{access-drivers} (default: @code{()}) (type: optional-list)
+API access control scheme. By default an authenticated user is allowed
+access to all APIs. Access drivers can place restrictions on this.
-@deftypevr {@code{libvirt-configuration} parameter} string key-file
+@item @code{key-file} (default: @code{""}) (type: string)
Server key file path. If set to an empty string, then no private key is
loaded.
-Defaults to @samp{""}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string cert-file
+@item @code{cert-file} (default: @code{""}) (type: string)
Server key file path. If set to an empty string, then no certificate is
loaded.
-Defaults to @samp{""}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string ca-file
+@item @code{ca-file} (default: @code{""}) (type: string)
Server key file path. If set to an empty string, then no CA certificate
is loaded.
-Defaults to @samp{""}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string crl-file
+@item @code{crl-file} (default: @code{""}) (type: string)
Certificate revocation list path. If set to an empty string, then no
CRL is loaded.
-Defaults to @samp{""}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-sanity-cert
-Disable verification of our own server certificates.
+@item @code{tls-no-sanity-cert} (default: @code{#f}) (type: boolean)
+Disable verification of our own server certificates. When libvirtd
+starts it performs some sanity checks against its own certificates.
-When libvirtd starts it performs some sanity checks against its own
-certificates.
+@item @code{tls-no-verify-cert} (default: @code{#f}) (type: boolean)
+Disable verification of client certificates. Client certificate
+verification is the primary authentication mechanism. Any client which
+does not present a certificate signed by the CA will be rejected.
-Defaults to @samp{#f}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-verify-cert
-Disable verification of client certificates.
-
-Client certificate verification is the primary authentication mechanism.
-Any client which does not present a certificate signed by the CA will be
-rejected.
-
-Defaults to @samp{#f}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} optional-list tls-allowed-dn-list
+@item @code{tls-allowed-dn-list} (default: @code{()}) (type: optional-list)
Whitelist of allowed x509 Distinguished Name.
-Defaults to @samp{'()}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} optional-list sasl-allowed-usernames
+@item @code{sasl-allowed-usernames} (default: @code{()}) (type: optional-list)
Whitelist of allowed SASL usernames. The format for username depends on
the SASL authentication mechanism.
-Defaults to @samp{'()}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string tls-priority
+@item @code{tls-priority} (default: @code{"NORMAL"}) (type: string)
Override the compile time default TLS priority string. The default is
-usually @samp{"NORMAL"} unless overridden at build time. Only set this is it
+usually "NORMAL" unless overridden at build time. Only set this is it
is desired for libvirt to deviate from the global default settings.
-Defaults to @samp{"NORMAL"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer max-clients
+@item @code{max-clients} (default: @code{5000}) (type: integer)
Maximum number of concurrent client connections to allow over all
sockets combined.
-Defaults to @samp{5000}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer max-queued-clients
+@item @code{max-queued-clients} (default: @code{1000}) (type: integer)
Maximum length of queue of connections waiting to be accepted by the
daemon. Note, that some protocols supporting retransmission may obey
this so that a later reattempt at connection succeeds.
-Defaults to @samp{1000}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer max-anonymous-clients
+@item @code{max-anonymous-clients} (default: @code{20}) (type: integer)
Maximum length of queue of accepted but not yet authenticated clients.
Set this to zero to turn this feature off
-Defaults to @samp{20}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer min-workers
+@item @code{min-workers} (default: @code{5}) (type: integer)
Number of workers to start up initially.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer max-workers
-Maximum number of worker threads.
-
-If the number of active clients exceeds @code{min-workers}, then more
-threads are spawned, up to max_workers limit. Typically you'd want
-max_workers to equal maximum number of clients allowed.
-
-Defaults to @samp{20}.
-
-@end deftypevr
+@item @code{max-workers} (default: @code{20}) (type: integer)
+Maximum number of worker threads. If the number of active clients
+exceeds @code{min-workers}, then more threads are spawned, up to
+max_workers limit. Typically you'd want max_workers to equal maximum
+number of clients allowed.
-@deftypevr {@code{libvirt-configuration} parameter} integer prio-workers
+@item @code{prio-workers} (default: @code{5}) (type: integer)
Number of priority workers. If all workers from above pool are stuck,
some calls marked as high priority (notably domainDestroy) can be
executed in this pool.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer max-requests
+@item @code{max-requests} (default: @code{20}) (type: integer)
Total global limit on concurrent RPC calls.
-Defaults to @samp{20}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer max-client-requests
+@item @code{max-client-requests} (default: @code{5}) (type: integer)
Limit on concurrent requests from a single client connection. To avoid
one client monopolizing the server this should be a small fraction of
the global max_requests and max_workers parameter.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-min-workers
+@item @code{admin-min-workers} (default: @code{1}) (type: integer)
Same as @code{min-workers} but for the admin interface.
-Defaults to @samp{1}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-workers
+@item @code{admin-max-workers} (default: @code{5}) (type: integer)
Same as @code{max-workers} but for the admin interface.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-clients
+@item @code{admin-max-clients} (default: @code{5}) (type: integer)
Same as @code{max-clients} but for the admin interface.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-queued-clients
+@item @code{admin-max-queued-clients} (default: @code{5}) (type: integer)
Same as @code{max-queued-clients} but for the admin interface.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-client-requests
+@item @code{admin-max-client-requests} (default: @code{5}) (type: integer)
Same as @code{max-client-requests} but for the admin interface.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer log-level
+@item @code{log-level} (default: @code{3}) (type: integer)
Logging level. 4 errors, 3 warnings, 2 information, 1 debug.
-Defaults to @samp{3}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string log-filters
-Logging filters.
-
-A filter allows to select a different logging level for a given category
-of logs. The format for a filter is one of:
+@item @code{log-filters} (default: @code{"3:remote 4:event"}) (type: string)
+Logging filters. A filter allows selecting a different logging level
+for a given category of logs The format for a filter is one of:
@itemize @bullet
-@item
-x:name
-
-@item
-x:+name
-
+@item x:name
+@item x:+name
@end itemize
where @code{name} is a string which is matched against the category
given in the @code{VIR_LOG_INIT()} at the top of each libvirt source
-file, e.g., @samp{"remote"}, @samp{"qemu"}, or @samp{"util.json"} (the
-name in the filter can be a substring of the full category name, in
-order to match multiple similar categories), the optional @samp{"+"}
-prefix tells libvirt to log stack trace for each message matching name,
-and @code{x} is the minimal level where matching messages should be
-logged:
+file, e.g., "remote", "qemu", or "util.json" (the name in the filter can
+be a substring of the full category name, in order to match multiple
+similar categories), the optional "+" prefix tells libvirt to log stack
+trace for each message matching name, and @code{x} is the minimal level
+where matching messages should be logged:
@itemize @bullet
-@item
-1: DEBUG
-
-@item
-2: INFO
-
-@item
-3: WARNING
-
-@item
-4: ERROR
-
+@item 1: DEBUG
+@item 2: INFO
+@item 3: WARNING
+@item 4: ERROR
@end itemize
Multiple filters can be defined in a single filters statement, they just
need to be separated by spaces.
-Defaults to @samp{"3:remote 4:event"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} string log-outputs
-Logging outputs.
-
-An output is one of the places to save logging information. The format
-for an output can be:
+@item @code{log-outputs} (default: @code{"3:syslog:libvirtd"}) (type: string)
+Logging outputs. An output is one of the places to save logging
+information The format for an output can be:
@table @code
@item x:stderr
@@ -38308,137 +38122,77 @@ Virtualization Services
@item x:journald
output to journald logging system
-
@end table
-In all case the x prefix is the minimal level, acting as a filter
+In all case the x prefix is the minimal level, acting as a
+filter
@itemize @bullet
-@item
-1: DEBUG
-
-@item
-2: INFO
-
-@item
-3: WARNING
-
-@item
-4: ERROR
-
+@item 1: DEBUG
+@item 2: INFO
+@item 3: WARNING
+@item 4: ERROR
@end itemize
Multiple outputs can be defined, they just need to be separated by
spaces.
-Defaults to @samp{"3:stderr"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer audit-level
+@item @code{audit-level} (default: @code{1}) (type: integer)
Allows usage of the auditing subsystem to be altered
@itemize @bullet
-@item
-0: disable all auditing
-
-@item
-1: enable auditing, only if enabled on host
-
-@item
-2: enable auditing, and exit if disabled on host.
-
+@item 0: disable all auditing
+@item 1: enable auditing, only if enabled on host
+@item 2: enable auditing, and exit if disabled on host.
@end itemize
-Defaults to @samp{1}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} boolean audit-logging
+@item @code{audit-logging} (default: @code{#f}) (type: boolean)
Send audit messages via libvirt logging infrastructure.
-Defaults to @samp{#f}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} optional-string host-uuid
-Host UUID@. UUID must not have all digits be the same.
-
-Defaults to @samp{""}.
-
-@end deftypevr
+@item @code{host-uuid} (default: @code{""}) (type: optional-string)
+Host UUID. UUID must not have all digits be the same.
-@deftypevr {@code{libvirt-configuration} parameter} string host-uuid-source
+@item @code{host-uuid-source} (default: @code{"smbios"}) (type: string)
Source to read host UUID.
@itemize @bullet
-@item
-@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid}
-
-@item
-@code{machine-id}: fetch the UUID from @code{/etc/machine-id}
-
+@item @code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid}
+@item @code{machine-id}: fetch the UUID from @code{/etc/machine-id}
@end itemize
If @code{dmidecode} does not provide a valid UUID a temporary UUID will
be generated.
-Defaults to @samp{"smbios"}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-interval
+@item @code{keepalive-interval} (default: @code{5}) (type: integer)
A keepalive message is sent to a client after @code{keepalive_interval}
seconds of inactivity to check if the client is still responding. If
set to -1, libvirtd will never send keepalive requests; however clients
can still send them and the daemon will send responses.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-count
+@item @code{keepalive-count} (default: @code{5}) (type: integer)
Maximum number of keepalive messages that are allowed to be sent to the
client without getting any response before the connection is considered
-broken.
-
-In other words, the connection is automatically closed approximately
-after @code{keepalive_interval * (keepalive_count + 1)} seconds since
-the last message received from the client. When @code{keepalive-count}
-is set to 0, connections will be automatically closed after
-@code{keepalive-interval} seconds of inactivity without sending any
-keepalive messages.
-
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-interval
+broken. In other words, the connection is automatically closed
+approximately after @code{keepalive_interval * (keepalive_count + 1)}
+seconds since the last message received from the client. When
+@code{keepalive-count} is set to 0, connections will be automatically
+closed after @code{keepalive-interval} seconds of inactivity without
+sending any keepalive messages.
+
+@item @code{admin-keepalive-interval} (default: @code{5}) (type: integer)
Same as above but for admin interface.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-count
+@item @code{admin-keepalive-count} (default: @code{5}) (type: integer)
Same as above but for admin interface.
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@deftypevr {@code{libvirt-configuration} parameter} integer ovs-timeout
-Timeout for Open vSwitch calls.
+@item @code{ovs-timeout} (default: @code{5}) (type: integer)
+Timeout for Open vSwitch calls. The @code{ovs-vsctl} utility is used
+for the configuration and its timeout option is set by default to 5
+seconds to avoid potential infinite waits blocking libvirt.
-The @code{ovs-vsctl} utility is used for the configuration and its
-timeout option is set by default to 5 seconds to avoid potential
-infinite waits blocking libvirt.
-
-Defaults to @samp{5}.
-
-@end deftypevr
-
-@c %end of autogenerated docs
+@end table
+@end deftp
+@c %end of fragment
@subsubheading Virtlog daemon
The virtlogd service is a server side daemon component of libvirt that is
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 555c0be55e..40dad7dc1e 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2022 Leo Nikkilä <hello@HIDDEN>
;;; Copyright © 2023 Efraim Flashner <efraim@HIDDEN>
;;; Copyright © 2024 Raven Hallsby <karl@HIDDEN>
+;;; Copyright © 2025 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -29,6 +30,7 @@ (define-module (gnu services virtualization)
#:use-module (gnu image)
#:use-module (gnu packages admin)
#:use-module (gnu packages bash)
+ #:use-module (gnu packages firmware)
#:use-module (gnu packages gdb)
#:autoload (gnu packages gnupg) (guile-gcrypt)
#:use-module (gnu packages package-management)
@@ -107,6 +109,7 @@ (define-module (gnu services virtualization)
libvirt-configuration-ca-file
libvirt-configuration-cert-file
libvirt-configuration-crl-file
+ libvirt-configuration-firmwares
libvirt-configuration-host-uuid
libvirt-configuration-host-uuid-source
libvirt-configuration-keepalive-count
@@ -205,6 +208,9 @@ (define (serialize-optional-string field-name val)
(format #t "# ~a = \"\"\n" (uglify-field-name field-name))
(serialize-string field-name val)))
+(define list-of-file-likes?
+ (list-of file-like?))
+
(define-configuration libvirt-configuration
(libvirt
(file-like libvirt)
@@ -212,7 +218,12 @@ (define-configuration libvirt-configuration
(qemu
(file-like qemu)
"Qemu package.")
-
+ (firmwares
+ (list-of-file-likes (list ovmf-x86-64))
+ "List of UEFI/BIOS firmware packages to make available. Each firmware
+package should contain a @file{share/qemu/firmware/@var{NAME}.json} QEMU
+firmware metadata file."
+ (serializer empty-serializer))
(listen-tls?
(boolean #t)
"Flag listening for secure TLS connections on the public TCP/IP port.
@@ -540,7 +551,6 @@ (define (%libvirt-activation config)
(use-modules (guix build utils))
(mkdir-p #$sock-dir))))
-
(define (libvirt-shepherd-service config)
(let* ((config-file (libvirt-conf-file config))
(libvirt (libvirt-configuration-libvirt config))
@@ -553,7 +563,8 @@ (define (libvirt-shepherd-service config)
(list (string-append #$libvirt "/sbin/libvirtd")
"-f" #$config-file
#$@(if listen-tcp? '("--listen") '()))
- ;; For finding qemu, ip binaries and kernel modules.
+ ;; For finding qemu, firmwares, the 'ip' command and
+ ;; kernel modules.
#:environment-variables
(list
(string-append
@@ -564,29 +575,45 @@ (define (libvirt-shepherd-service config)
"/run/booted-system/kernel/lib/modules"))))
(stop #~(make-kill-destructor))))))
+(define (/etc/qemu/firmware config)
+ (let ((firmwares (libvirt-configuration-firmwares config)))
+ `(("qemu"
+ ,(computed-file
+ "etc-qemu-firmware"
+ (with-imported-modules '((guix build union))
+ #~(begin
+ (use-modules (guix build union) (srfi srfi-26))
+ (mkdir #$output)
+ (union-build (string-append #$output "/firmware")
+ (map (cut string-append <> "/share/qemu/firmware")
+ (list #$@firmwares))))))))))
+
(define libvirt-service-type
- (service-type (name 'libvirt)
- (extensions
- (list
- (service-extension polkit-service-type
- (compose list libvirt-configuration-libvirt))
- (service-extension profile-service-type
- (lambda (config)
- (list
- (libvirt-configuration-libvirt config)
- (libvirt-configuration-qemu config))))
- (service-extension activation-service-type
- %libvirt-activation)
- (service-extension shepherd-root-service-type
- libvirt-shepherd-service)
- (service-extension account-service-type
- (const %libvirt-accounts))))
- (default-value (libvirt-configuration))
- (description "Run @command{libvirtd}, a daemon of the libvirt
+ (service-type
+ (name 'libvirt)
+ (extensions
+ (list
+ (service-extension polkit-service-type
+ (compose list libvirt-configuration-libvirt))
+ (service-extension profile-service-type
+ (lambda (config)
+ (list (libvirt-configuration-libvirt config)
+ (libvirt-configuration-qemu config))))
+ ;; Libvirt only considers the $libvirt/share/qemu/firmware and
+ ;; /etc/qemu/firmware directories to locate the QEMU firmware metadata
+ ;; specifications.
+ (service-extension etc-service-type /etc/qemu/firmware)
+ (service-extension activation-service-type
+ %libvirt-activation)
+ (service-extension shepherd-root-service-type
+ libvirt-shepherd-service)
+ (service-extension account-service-type
+ (const %libvirt-accounts))))
+ (default-value (libvirt-configuration))
+ (description "Run @command{libvirtd}, a daemon of the libvirt
virtualization management system. This daemon runs on host servers and
performs required management tasks for virtualized guests.")))
-
(define-record-type* <virtlog-configuration>
virtlog-configuration make-virtlog-configuration
virtlog-configuration?
@@ -638,11 +665,6 @@ (define virtlog-service-type
(description "Run @command{virtlogd}, a daemon libvirt that is
used to manage logs from @acronym{VM, virtual machine} consoles.")))
-(define (generate-libvirt-documentation)
- (generate-documentation
- `((libvirt-configuration ,libvirt-configuration-fields))
- 'libvirt-configuration))
-
;;;
;;; Transparent QEMU emulation via binfmt_misc.
diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm
index a3c9c4014b..e08f66eb28 100644
--- a/gnu/tests/virtualization.scm
+++ b/gnu/tests/virtualization.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2021 Pierre Langlois <pierre.langlois@HIDDEN>
;;; Copyright © 2022 Marius Bakke <marius@HIDDEN>
+;;; Copyright © 2025 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -69,7 +70,8 @@ (define (run-libvirt-test)
(define vm
(virtual-machine
(operating-system os)
- (port-forwardings '())))
+ (port-forwardings '())
+ (memory-size 512)))
(define test
(with-imported-modules '((gnu build marionette))
@@ -135,6 +137,35 @@ (define (run-libvirt-test)
"-c" "qemu:///system" "net-start" "default"))
marionette))
+ (test-assert "configured firmwares are available to libvirt"
+ (marionette-eval
+ '(begin
+ (use-modules (ice-9 popen)
+ (ice-9 textual-ports)
+ (srfi srfi-1)
+ (srfi srfi-26))
+ (let* ((conf-firmwares (list #$@(libvirt-configuration-firmwares
+ (libvirt-configuration))))
+ (virsh #$(file-append libvirt "/bin/virsh"))
+ (input-pipe (open-pipe*
+ OPEN_READ
+ virsh "-c" "qemu:///system"
+ "domcapabilities" "--xpath"
+ "/domainCapabilities/os/loader/value/text()"))
+ (output (get-string-all input-pipe))
+ (found-firmwares (string-split (string-trim-both output)
+ #\newline)))
+ (close-pipe input-pipe)
+ ;; Check that every configured firmware package is covered
+ ;; by at least by one firmware file available to libvirt.
+ (every (lambda (conf-firmware)
+ ;; The firmwares listed by virsh contains their
+ ;; full file names, not just their package output.
+ (any (cut string-prefix? conf-firmware <>)
+ found-firmwares))
+ conf-firmwares)))
+ marionette))
+
(test-end))))
(gexp->derivation "libvirt-test" test))
--
2.48.1
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.
Received: (at 77110) by debbugs.gnu.org; 19 Mar 2025 12:46:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 19 08:46:04 2025
Received: from localhost ([127.0.0.1]:49345 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tuso7-0003Ke-JJ
for submit <at> debbugs.gnu.org; Wed, 19 Mar 2025 08:46:04 -0400
Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]:59757)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1tuso5-0003K4-23
for 77110 <at> debbugs.gnu.org; Wed, 19 Mar 2025 08:46:01 -0400
Received: by mail-pl1-x633.google.com with SMTP id
d9443c01a7336-22548a28d0cso31359105ad.3
for <77110 <at> debbugs.gnu.org>; Wed, 19 Mar 2025 05:46:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742388354; x=1742993154; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=FSW+uewhzV8F/N6LVjsTu2pfCmQGn3c2Gw+W1+NmTgg=;
b=FEp/saNqgtvNZq3KO9PWJ8ltWjptyB0sZ+sjNeMEknKFYMsN5iHs1EolXUpKtqwF6u
zxOzq2kZB9ANeXTPrG9N2Ew20T4QkRhO9JfsxYAFuprpNFO5f4NFxHUbY5/QwbtG96xd
Asq4T6cBIYSUhI097hrz3BCtp0qBUxhxZME/s5imYQnDU9bMTY5Oo2SJqSef+pbl5xM3
KdRBgN2L4MqxY64kT/PLEHBFDbVolPl9lCDprflKEeBD1aH5clGKyQL0ZJj18OWpqyNk
7G8tvs0uny+djIr7QjGzqJXtEHNQRKAtdPrkYlp2LMg+xrh4/8cttI2E+2Bg9fbmRiH5
dzcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742388354; x=1742993154;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=FSW+uewhzV8F/N6LVjsTu2pfCmQGn3c2Gw+W1+NmTgg=;
b=kEmBER74DMvz7v0gQ8DmOxHzDHc1jZe+1QRFKWeuoq87Sne9UOi+GN2Sfpu+cPvs9f
nj2ANG1csOpjGmoPLMSzPR4N8YUloXt4t+Pm+WHs4+OJp5P6ETJh1zxfyijNOj/jTsKo
ZruwZnE/Mx8+UgNZV26RnG09o9Wg/m8Jii3wvbnPwqP62MW35EMc/8qJM7czQZ4E7sYa
jysItbeO37Ls/N0DRb3ov91eMH8BbYQlIj8Go8VB23ySOTM31NiqSlHtmrjMH9D40Wfl
l38Stl1M0fkl5l1IrL5iO79unq+ZiurdWkFrDf+Dfy6CjgpX/ejmSQiKMcteMJSnqxrf
LDmA==
X-Gm-Message-State: AOJu0YyzWjxWNpIKQrihGvFV3bzFoUZ5fV/9tI9LaVWz/KqLanO/mIAo
4fj+KTOTf5f+dHvila2jIyr12Ixzc9kVVDNZV6HriaUDgxfuDw4XlnZlMA43
X-Gm-Gg: ASbGncuTztevvc4HS0M9KEuLRPMOytklotQdDqw7DQ2P3VfDu+Xdqr2Twjoyh9m5a//
VRwUDGLVU7CuGzaXYhCc4dJpFVCYxGQ/8gBy3a8ecpk2abVnsZuVQgqN/y1Nq21WfStixlhYUnu
+bAMJHYzuo3ZUDd0AV7XRsO1NFZZSYF1qA7VTaoTAflGwMsyF5LDtxVYUIXNM1CJOnw3V8hfuFJ
8+09oWCSEz+bjMQ1JvuVHsJyNEb4OCeB60eeai3twuOII4vB2MNRxAI6+DvT/FRGFd4YdCb1mYy
DlOoXaNP0GoB/I+mGjwL3ZqSo7rejF4nILLPmodcz1/G3MjTxhGNGzthAEILQWd3
X-Google-Smtp-Source: AGHT+IEy90Qk1Q/0J3eNlffqvT7X5XHjhaKNNAJWFOoSszVYGUAyFXBVSft/2o7EiUdTXUsESGReaw==
X-Received: by 2002:a05:6a00:3a03:b0:736:5b85:a911 with SMTP id
d2e1a72fcca58-7376d61034bmr4121670b3a.8.1742388354333;
Wed, 19 Mar 2025 05:45:54 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-73711578a5csm11472600b3a.74.2025.03.19.05.45.52
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 19 Mar 2025 05:45:53 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 77110 <at> debbugs.gnu.org
Subject: [PATCH 1/2] gnu: ovmf-x86-64: Install QEMU firmware metadata file.
Date: Wed, 19 Mar 2025 21:45:12 +0900
Message-ID: <b4dd8d72d2feadb91dcd393e9f9a48b42e30f79c.1742388313.git.maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Efraim Flashner <efraim@HIDDEN>,
Vagrant Cascadian <vagrant@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77110
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* gnu/packages/firmware.scm (ovmf-x86-64)
[phases] {install-qemu-firmware-metadata}: New phase.
(ovmf-aux-file): New procedure.
* gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json: New file.
* Makefile.am (AUX_FILES): Register it.
Change-Id: I301eac8b79aed523f3b4cdedb7b3925d8fd0ad3d
---
Makefile.am | 1 +
.../ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json | 36 +++++++++++++++++++
gnu/packages/firmware.scm | 24 ++++++++++++-
3 files changed, 60 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json
diff --git a/Makefile.am b/Makefile.am
index c668b96a37..f2f4a9643e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -472,6 +472,7 @@ AUX_FILES = \
gnu/packages/aux-files/linux-libre/5.4-arm64.conf \
gnu/packages/aux-files/linux-libre/5.4-i686.conf \
gnu/packages/aux-files/linux-libre/5.4-x86_64.conf \
+ gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json \
gnu/packages/aux-files/pack-audit.c \
gnu/packages/aux-files/python/sanity-check.py \
gnu/packages/aux-files/python/sitecustomize.py \
diff --git a/gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json b/gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json
new file mode 100644
index 0000000000..050853e2b8
--- /dev/null
+++ b/gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json
@@ -0,0 +1,36 @@
+{
+ "description": "OVMF without SB+SMM, empty varstore",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "mode" : "split",
+ "executable": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-i440fx-*",
+ "pc-q35-*"
+ ]
+ }
+ ],
+ "features": [
+ "acpi-s3",
+ "amd-sev",
+ "amd-sev-es",
+ "verbose-dynamic"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 63f767f72b..c1d8ba3719 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -1001,6 +1001,10 @@ (define* (make-ovmf-firmware arch)
(license (list license:expat
license:bsd-2 license:bsd-3 license:bsd-4)))))
+(define (ovmf-aux-file name)
+ "Return as a gexp the auxiliary OVMF file corresponding to NAME."
+ (local-file (search-auxiliary-file (string-append "ovmf/" name))))
+
(define-public ovmf-x86-64
(let ((base (make-ovmf-firmware "x86_64")))
(package
@@ -1022,7 +1026,25 @@ (define-public ovmf-x86-64
(string-append fmw "/" (string-downcase file) "_x64.bin")))
(list "OVMF"
"OVMF_CODE"
- "OVMF_VARS"))))))))))))
+ "OVMF_VARS")))))
+ (add-after 'install 'install-qemu-firmware-metadata
+ (lambda _
+ ;; The QEMU firmware metadata files are taken from the
+ ;; Fedora project (see:
+ ;; https://src.fedoraproject.org/rpms/edk2/tree/rawhide).
+ (let ((51-edk2-ovmf-2m-raw-x64-nosb.json-source
+ #$(ovmf-aux-file "51-edk2-ovmf-2m-raw-x64-nosb.json"))
+ (51-edk2-ovmf-2m-raw-x64-nosb.json-dest
+ (string-append #$output "/share/qemu/firmware/"
+ "51-edk2-ovmf-2m-raw-x64-nosb.json")))
+ (mkdir-p (dirname 51-edk2-ovmf-2m-raw-x64-nosb.json-dest))
+ (copy-file 51-edk2-ovmf-2m-raw-x64-nosb.json-source
+ 51-edk2-ovmf-2m-raw-x64-nosb.json-dest)
+ (substitute* 51-edk2-ovmf-2m-raw-x64-nosb.json-dest
+ (("/usr/share/edk2/ovmf/OVMF_(CODE|VARS).fd" _ kind)
+ (string-append
+ #$output "/share/firmware/ovmf_"
+ (string-downcase kind) "_x64.bin")))))))))))))
(define-public ovmf-i686
(let ((base (make-ovmf-firmware "i686")))
base-commit: fa39695bbc0c5f79838cbca55d55eebd821a8efa
--
2.48.1
efraim@HIDDEN, vagrant@HIDDEN, guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.Received: (at submit) by debbugs.gnu.org; 19 Mar 2025 07:16:45 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 19 03:16:45 2025 Received: from localhost ([127.0.0.1]:47114 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tunfQ-0000b6-5H for submit <at> debbugs.gnu.org; Wed, 19 Mar 2025 03:16:45 -0400 Received: from lists.gnu.org ([2001:470:142::17]:52612) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1tunfM-0000Xm-QO for submit <at> debbugs.gnu.org; Wed, 19 Mar 2025 03:16:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <maxim.cournoyer@HIDDEN>) id 1tunej-000723-2a for guix-patches@HIDDEN; Wed, 19 Mar 2025 03:16:03 -0400 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <maxim.cournoyer@HIDDEN>) id 1tuneh-0000Qo-8r for guix-patches@HIDDEN; Wed, 19 Mar 2025 03:16:00 -0400 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-223fd89d036so130090085ad.1 for <guix-patches@HIDDEN>; Wed, 19 Mar 2025 00:15:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742368557; x=1742973357; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=N+y6rKdo8qgJ8IIZwXfgVjf7+dmbB3h2Ih3ya2p/ws8=; b=OOep8Fwh8cslef2NzqC2fSQmihYPkPUb+kWiiySj85ytk+JZUC+ccX3z8+ikq0j8Ut +r8oIEnyce0dVECe8EL5uomcnTaZMfo605HrUn2jCdg37cClA0jeWuFo7kXrnunw2FIK ViKo71Gwo6GLBZzQTCxHmgDQ5/HY283dtRlJTnsVp76HolZ6b6dqVYP9ma4WGguWTwb+ pw/12vz3ulH1Se27HfuLIfkkm9Nf0PBWB2+yBQWuaaKcyLBHCOuXo1eGeI3LO4atYk4c glRcpWH74x8hAuGe9QO90pZOEoQxMIZt/amtVZfFYjFa//RenEhqcZDe/mTosvatYjf4 VURw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742368557; x=1742973357; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N+y6rKdo8qgJ8IIZwXfgVjf7+dmbB3h2Ih3ya2p/ws8=; b=Ib+/Xx7WTUTdDe5Sx4I28EoeMsmcd+5/fzsNyh0yDDKweT6PI9YyT7TGmejm8wHo1j g4sA+p9SnlJBAHADc2K2p1+xJXylEoIQv8HZyMEW5U9/02YgRY9fx5h499B3XIQSYKAL prKiPORLGSA3R58n6iHnxyVv08XgFR2vK0nlZQooUvk58jhrUEsewE5me8+vbbP7A8sv ZnI+j5W7ZuSfz+ufPH5+SX8k7NDlx4jDyWHs4Md+XzWQFvf6iYVBkKXz9ykTdOQIMnyy cX6zQkVYypqzDHNGonhNgmKAki+huyyjl2Fh2CT39DSw0kAvNhQK6mdrrMwQN21dk8Vp GhQQ== X-Gm-Message-State: AOJu0Yz6QzYjWv78jIJNrg0lVFuAU3kehbDLhFhz1MagCZLmI/GGY3ut pwx0mik7qrmQw7uRHBZMnPNxcyP9XNe6URiVCziAcjDUTswFYzbLiEb2ody+ X-Gm-Gg: ASbGncueOHb26lcH4do43CldtYqzV4j3pP24wvDuRV69wUETosmgrW1+5+cSLq2wxgp N4TQ7+c92o6PV/XGGJXbwsGLp7+e5i9E4lbKL9X9raJvxnQsNAqdcqe9wbJBCoira+VbqoiKUMd DRkG05FGZE3okrRwwxb07fxu3WLWoIszcj7QvoAZFMKPMJ5fbGGDw5N3JRyKr44CzKQPzE9OkJ8 qj9pfleWl4jq5XOeANvAxB4MHPpFqNInm+TxMmQ2dffuJkPO8jQFbBLYBl0rSEc4PrJW7RSaYxy ikutSCRvfkiYnBqLSqrpsqmsiDI+ROiDOb41ud/GlbkU0VeTJ/13MAIaY1sYQaChWD+hF4BEgyQ = X-Google-Smtp-Source: AGHT+IFrxm4E7BlNBiBpRxQcz+gQFo8tPrGyKE/i9Xyp59076duYvrwUjXxKHOa2zueWeIANIcpmHQ== X-Received: by 2002:a05:6a00:1746:b0:737:5edd:9805 with SMTP id d2e1a72fcca58-7376d6e5918mr2873101b3a.19.1742368557031; Wed, 19 Mar 2025 00:15:57 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7371167df97sm10855169b3a.114.2025.03.19.00.15.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Mar 2025 00:15:56 -0700 (PDT) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: guix-patches@HIDDEN Subject: [PATCH 0/2] Add UEFI firmware support in libvirt. Date: Wed, 19 Mar 2025 16:15:31 +0900 Message-ID: <cover.1742368386.git.maxim.cournoyer@HIDDEN> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN> Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::636; envelope-from=maxim.cournoyer@HIDDEN; helo=mail-pl1-x636.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.0 (/) Previously, our availabe UEFI firmware would not be detected by libvirt, even when it was added to the system profile. This change fixes that, and enables customizing which firmwares are exposed to the QEMU backend of libvirt. Maxim Cournoyer (2): gnu: ovmf-x86-64: Install QEMU firmware metadata file. services: libvirt: Add UEFI firmware support. Makefile.am | 1 + doc/guix.texi | 506 +++++------------- .../ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json | 36 ++ gnu/packages/firmware.scm | 24 +- gnu/services/virtualization.scm | 76 ++- gnu/tests/virtualization.scm | 33 +- 6 files changed, 271 insertions(+), 405 deletions(-) create mode 100644 gnu/packages/aux-files/ovmf/51-edk2-ovmf-2m-raw-x64-nosb.json base-commit: fa39695bbc0c5f79838cbca55d55eebd821a8efa -- 2.48.1
Maxim Cournoyer <maxim.cournoyer@HIDDEN>:ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN.
Full text available.ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77110; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.