rosenthal: Re-export bootloader modules.

* modules/rosenthal/bootloader/uki.scm: New file.

modules/rosenthal.scm

@@ -15,6 +15,9 @@
         (rosenthal utils packages)
         (rosenthal utils transformations)
 
+        (rosenthal bootloader grub)
+        (rosenthal bootloader uki)
+
         (gnu services desktop)
         (gnu services guix)
         (gnu services shepherd)

modules/rosenthal/bootloader/uki.scm

@@ -0,0 +1,66 @@
+;;; Copyright © 2024 Lilah Tascheter <lilah@lunabee.space>
+;;; Copyright © 2024, 2025 Hilton Chain <hako@ultrarare.space>
+;;; SPDX-License-Identifier: GPL-3.0-or-later
+
+(define-module (rosenthal bootloader uki)
+  #:use-module (srfi srfi-1)
+  #:use-module (guix gexp)
+  #:use-module (guix modules)
+  #:use-module (guix utils)
+  #:use-module (gnu bootloader)
+  #:use-module (rosenthal packages bootloaders)
+  #:export (uefi-uki-removable-bootloader))
+
+(define script-path "/boot/install-uki.scm")
+
+(define (uefi-uki-configuration-file config entries . rest)
+
+  (define (menu-entry->ukify-args entry)
+    (let* ((label     (menu-entry-label entry))
+           (linux     (menu-entry-linux entry))
+           (initrd    (menu-entry-initrd entry))
+           (arguments (menu-entry-linux-arguments entry))
+           (boot (bootloader-configuration-bootloader config))
+           (stub (bootloader-package boot)))
+      #~(list "--os-release" #$label
+              "--linux" #$linux
+              "--initrd" #$initrd
+              "--cmdline" (string-join (list #$@arguments))
+              "--stub" #$(file-append stub "/libexec/" (systemd-stub-name)))))
+
+  (program-file "install-uki"
+    (with-imported-modules (source-module-closure '((guix build utils)))
+      #~(begin
+          (use-modules (srfi srfi-1)
+                       (guix build utils))
+          (let* ((ukify #$(file-append ukify "/bin/ukify"))
+                 (installation-path
+                  (format #f "~a/EFI/BOOT/BOOT~a.EFI"
+                          (second (command-line))
+                          #$(cond
+                             ((target-x86-32?) "IA32")
+                             ((target-x86-64?) "X64")
+                             ((target-arm32?) "ARM")
+                             ((target-aarch64?) "AA64")
+                             ((target-riscv64?) "RISCV64")))))
+            (mkdir-p (dirname installation-path))
+            (apply invoke ukify "build" "--output" installation-path
+                   #$(menu-entry->ukify-args (first entries))))))))
+
+(define install-uefi-uki
+  #~(lambda (bootloader target mount-point)
+      (invoke (string-append mount-point #$script-path)
+              (string-append mount-point target))))
+
+;; ‘configuration-file’ here is actually an activation script to be invoked by
+;; ‘installer’.
+;; FIXME: Not expected by ‘reinstall-bootloader’ in (guix scripts system).
+;; NOTE: Faking name here to support rolling-back with '--no-bootloader' option.
+(define uefi-uki-removable-bootloader
+  (bootloader
+   (name 'grub-efi-removable-bootloader)
+   (package systemd-stub)
+   (installer install-uefi-uki)
+   (disk-image-installer #f)
+   (configuration-file script-path)
+   (configuration-file-generator uefi-uki-configuration-file)))

modules/rosenthal/packages/bootloaders.scm

@@ -1,15 +1,30 @@
-;;; SPDX-FileCopyrightText: 2023 Hilton Chain <hako@ultrarare.space>
+;;; SPDX-FileCopyrightText: 2023-2025 Hilton Chain <hako@ultrarare.space>
+;;; Copyright © 2024 Lilah Tascheter <lilah@lunabee.space>
 ;;;
 ;;; SPDX-License-Identifier: GPL-3.0-or-later
 
 (define-module (rosenthal packages bootloaders)
-  #:use-module (guix download)
   #:use-module (guix gexp)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system meson)
+  #:use-module (guix build-system pyproject)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages bootloaders)
-  #:use-module (gnu packages python))
+  #:use-module (gnu packages crypto)
+  #:use-module (gnu packages efi)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-build)
+  #:use-module (gnu packages python-crypto)
+  #:use-module (gnu packages python-xyz)
+  #:export (systemd-stub-name))
 
 ;; Patches obtained from:
 ;; <https://leo3418.github.io/collections/gentoo-config-luks2-grub-systemd/packages.html>
@@ -51,3 +66,94 @@
       (properties
        `(,@(package-properties base)
          (disable-updater? . #t))))))
+
+
+;;;
+;;; Unified Kernel Image support.
+;;;
+
+(define systemd-version "258")
+(define systemd-source
+  (origin
+    (method git-fetch)
+    (uri (git-reference
+           (url "https://github.com/systemd/systemd")
+           (commit (string-append "v" systemd-version))))
+    (file-name (git-file-name "systemd" systemd-version))
+    (sha256
+     (base32
+      "18gnp45gl1154jra6qv95k8y7ny6phdm87yqi5jdq13cadlrklf6"))))
+
+(define (systemd-stub-name)
+  (let ((arch (cond ((target-x86-32?) "ia32")
+                    ((target-x86-64?) "x64")
+                    ((target-arm32?) "arm")
+                    ((target-aarch64?) "aa64")
+                    ((target-riscv64?) "riscv64"))))
+    (string-append "linux" arch ".efi.stub")))
+
+(define-public systemd-stub
+  (package
+    (name "systemd-stub")
+    (version systemd-version)
+    (source systemd-source)
+    (build-system meson-build-system)
+    (arguments
+     (list #:tests? #f
+           #:configure-flags
+           `(list "-Defi=true" "-Dsbat-distro=guix"
+                  "-Dsbat-distro-generation=1" ; package revision!
+                  "-Dsbat-distro-summary=Guix System"
+                  "-Dsbat-distro-url=https://guix.gnu.org"
+                  ,(string-append "-Dsbat-distro-pkgname=" name)
+                  ,(string-append "-Dsbat-distro-version=" version))
+           #:phases
+           #~(let ((stub #$(string-append "src/boot/" (systemd-stub-name))))
+               (modify-phases %standard-phases
+                 (replace 'build
+                   (lambda* (#:key parallel-build? #:allow-other-keys)
+                     (invoke "ninja" stub
+                             "-j" (if parallel-build?
+                                      (number->string (parallel-job-count)) "1"))))
+                 (replace 'install
+                   (lambda _
+                     (install-file stub (string-append #$output "/libexec"))))))))
+    (inputs (list libcap libxcrypt python-pyelftools `(,util-linux "lib")))
+    (native-inputs (list gperf pkg-config python-minimal python-jinja2))
+    (home-page "https://systemd.io/")
+    (synopsis "Unified kernel image UEFI stub")
+    (description "Simple UEFi boot stub that loads a conjoined kernel image and
+supporting data to their proper locations, before chainloading to the kernel.
+Supports measured and/or verified boot environments.")
+    (license license:lgpl2.1+)))
+
+(define-public ukify
+  (package
+    (name "ukify")
+    (version systemd-version)
+    (source systemd-source)
+    (build-system pyproject-build-system)
+    (arguments
+     (list #:phases
+           #~(modify-phases %standard-phases
+               (delete 'check)
+               (replace 'install
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (let* ((bin (string-append #$output "/bin"))
+                          (file (string-append bin "/ukify"))
+                          (binutils (assoc-ref inputs "binutils"))
+                          (sbsign (assoc-ref inputs "sbsigntools")))
+                     (mkdir-p bin)
+                     (copy-file "src/ukify/ukify.py" file)
+                     (wrap-program file
+                       `("PATH" ":" prefix
+                         (,(string-append binutils "/bin")
+                          ,(string-append sbsign "/bin"))))))))))
+    (inputs (list binutils python-cryptography python-pefile sbsigntools))
+    (native-inputs (list python-setuptools))
+    (home-page "https://systemd.io")
+    (synopsis "Unified kernel image UEFI tool")
+    (description "@command{ukify} joins together a UKI stub, linux kernel, initrd,
+kernel arguments, and optional secure boot signatures into a single, UEFI-bootable
+image.")
+    (license license:lgpl2.1+)))