Split native FreeBSD boot and runtime artifacts

tests/system/phase14-native-split-pid1-operating-system.scm.in

@@ -0,0 +1,71 @@
+(use-modules (fruix system freebsd)
+             (fruix packages freebsd))
+
+(define phase14-operating-system
+  (operating-system
+   #:host-name "fruix-freebsd"
+   #:kernel freebsd-native-kernel
+   #:bootloader freebsd-native-bootloader
+   #:base-packages %freebsd-native-system-packages
+   #:groups (list (user-group #:name "wheel" #:gid 0 #:system? #t)
+                  (user-group #:name "sshd" #:gid 22 #:system? #t)
+                  (user-group #:name "_dhcp" #:gid 65 #:system? #t)
+                  (user-group #:name "operator" #:gid 1000 #:system? #f))
+   #:users (list (user-account #:name "root"
+                               #:uid 0
+                               #:group "wheel"
+                               #:comment "Charlie &"
+                               #:home "/root"
+                               #:shell "/bin/sh"
+                               #:system? #t)
+                 (user-account #:name "sshd"
+                               #:uid 22
+                               #:group "sshd"
+                               #:comment "Secure Shell Daemon"
+                               #:home "/var/empty"
+                               #:shell "/usr/sbin/nologin"
+                               #:system? #t)
+                 (user-account #:name "_dhcp"
+                               #:uid 65
+                               #:group "_dhcp"
+                               #:comment "dhcp programs"
+                               #:home "/var/empty"
+                               #:shell "/usr/sbin/nologin"
+                               #:system? #t)
+                 (user-account #:name "operator"
+                               #:uid 1000
+                               #:group "operator"
+                               #:supplementary-groups '("wheel")
+                               #:comment "Fruix Operator"
+                               #:home "/home/operator"
+                               #:shell "/bin/sh"
+                               #:system? #f))
+   #:file-systems (list (file-system #:device "/dev/gpt/fruix-root"
+                                     #:mount-point "/"
+                                     #:type "ufs"
+                                     #:options "rw"
+                                     #:needed-for-boot? #t)
+                        (file-system #:device "devfs"
+                                     #:mount-point "/dev"
+                                     #:type "devfs"
+                                     #:options "rw"
+                                     #:needed-for-boot? #t)
+                        (file-system #:device "tmpfs"
+                                     #:mount-point "/tmp"
+                                     #:type "tmpfs"
+                                     #:options "rw,size=64m"))
+   #:services '(shepherd ready-marker sshd)
+   #:loader-entries '(("autoboot_delay" . "1")
+                      ("boot_multicons" . "YES")
+                      ("boot_serial" . "YES")
+                      ("console" . "comconsole,vidconsole"))
+   #:rc-conf-entries '(("clear_tmp_enable" . "NO")
+                       ("hostid_enable" . "NO")
+                       ("sendmail_enable" . "NONE")
+                       ("sshd_enable" . "YES")
+                       ("ifconfig_xn0" . "SYNCDHCP")
+                       ("ifconfig_em0" . "SYNCDHCP")
+                       ("ifconfig_vtnet0" . "SYNCDHCP"))
+   #:init-mode 'shepherd-pid1
+   #:ready-marker "/var/lib/fruix/ready"
+   #:root-authorized-keys '("__ROOT_AUTHORIZED_KEY__")))

tests/system/run-phase14-native-development-split.sh

@@ -0,0 +1,142 @@
+#!/bin/sh
+set -eu
+
+repo_root=${PROJECT_ROOT:-$(pwd)}
+store_dir=${STORE_DIR:-/frx/store}
+metadata_target=${METADATA_OUT:-}
+cleanup=0
+
+if [ -n "${WORKDIR:-}" ]; then
+  workdir=$WORKDIR
+  mkdir -p "$workdir"
+else
+  workdir=$(mktemp -d /tmp/fruix-phase14-native-development.XXXXXX)
+  cleanup=1
+fi
+if [ "${KEEP_WORKDIR:-0}" -eq 1 ]; then
+  cleanup=0
+fi
+
+metadata_file=$workdir/phase14-native-development-split-metadata.txt
+
+cleanup_workdir() {
+  if [ "$cleanup" -eq 1 ]; then
+    rm -rf "$workdir" 2>/dev/null || sudo rm -rf "$workdir"
+  fi
+}
+trap cleanup_workdir EXIT INT TERM
+
+action_env() {
+  sudo env \
+    HOME="$HOME" \
+    GUILE_AUTO_COMPILE=0 \
+    FRUIX_FREEBSD_BUILD_JOBS="${FRUIX_FREEBSD_BUILD_JOBS:-8}" \
+    GUIX_SOURCE_DIR="${GUIX_SOURCE_DIR:-$HOME/repos/guix}" \
+    GUILE_BIN="${GUILE_BIN:-/tmp/guile-freebsd-validate-install/bin/guile}" \
+    GUILE_EXTRA_PREFIX="${GUILE_EXTRA_PREFIX:-/tmp/guile-gnutls-freebsd-validate-install}" \
+    SHEPHERD_PREFIX="${SHEPHERD_PREFIX:-/tmp/shepherd-freebsd-validate-install}" \
+    "$@"
+}
+
+native_system_packages=$(GUILE_AUTO_COMPILE=0 /tmp/guile-freebsd-validate-install/bin/guile -L modules -L "$HOME/repos/guix" -c '
+(use-modules (fruix packages freebsd) (srfi srfi-13))
+(display (string-join (map freebsd-package-name %freebsd-native-system-packages) ","))
+(newline)')
+
+native_development_packages=$(GUILE_AUTO_COMPILE=0 /tmp/guile-freebsd-validate-install/bin/guile -L modules -L "$HOME/repos/guix" -c '
+(use-modules (fruix packages freebsd) (srfi srfi-13))
+(display (string-join (map freebsd-package-name %freebsd-native-development-profile-packages) ","))
+(newline)')
+
+materialize_native_package() {
+  package_name=$1
+  action_env env LD_LIBRARY_PATH="/tmp/guile-freebsd-validate-install/lib:/usr/local/lib" /tmp/guile-freebsd-validate-install/bin/guile -L modules -L "$HOME/repos/guix" -c '
+(use-modules (fruix packages freebsd) (ice-9 hash-table))
+(let* ((args (command-line))
+       (store-dir (list-ref args (- (length args) 2)))
+       (package-name (list-ref args (- (length args) 1)))
+       (pkg (case (string->symbol package-name)
+              ((freebsd-native-bootloader) freebsd-native-bootloader)
+              ((freebsd-native-headers) freebsd-native-headers)
+              (else (error "unsupported package" package-name))))
+       (system-module (resolve-module (quote (fruix system freebsd))))
+       (materialize (module-ref system-module (quote materialize-freebsd-package)))
+       (cache (make-hash-table))
+       (path (materialize pkg store-dir cache)))
+  (display "STORE_PATH=")
+  (display path)
+  (newline))' dummy "$store_dir" "$package_name"
+}
+
+bootloader_store=$(materialize_native_package freebsd-native-bootloader | sed -n 's/^STORE_PATH=//p' | tail -n 1)
+headers_store=$(materialize_native_package freebsd-native-headers | sed -n 's/^STORE_PATH=//p' | tail -n 1)
+
+case "$bootloader_store" in
+  /frx/store/*-freebsd-native-bootloader-15.0-STABLE) : ;;
+  *) echo "unexpected native bootloader store path: $bootloader_store" >&2; exit 1 ;;
+esac
+case "$headers_store" in
+  /frx/store/*-freebsd-native-headers-15.0-STABLE) : ;;
+  *) echo "unexpected native headers store path: $headers_store" >&2; exit 1 ;;
+esac
+
+for path in \
+  "$bootloader_store/boot/loader" \
+  "$bootloader_store/boot/loader.efi" \
+  "$bootloader_store/boot/device.hints" \
+  "$bootloader_store/boot/defaults/loader.conf" \
+  "$bootloader_store/boot/lua/loader.lua" \
+  "$headers_store/usr/include/stdio.h" \
+  "$headers_store/usr/include/sys/param.h" \
+  "$headers_store/usr/share/mk/bsd.prog.mk"
+do
+  [ -e "$path" ] || {
+    echo "expected native split artifact path missing: $path" >&2
+    exit 1
+  }
+done
+
+[ ! -e "$bootloader_store/usr/include" ] || { echo "native bootloader slice unexpectedly contains headers" >&2; exit 1; }
+[ ! -e "$headers_store/boot" ] || { echo "native headers slice unexpectedly contains /boot" >&2; exit 1; }
+[ ! -e "$headers_store/bin/sh" ] || { echo "native headers slice unexpectedly contains runtime binaries" >&2; exit 1; }
+
+case ",$native_system_packages," in
+  *,freebsd-native-runtime,*) : ;;
+  *) echo "native system package set does not include freebsd-native-runtime" >&2; exit 1 ;;
+esac
+case ",$native_development_packages," in
+  *,freebsd-native-runtime,*) : ;;
+  *) echo "native development package set does not include freebsd-native-runtime" >&2; exit 1 ;;
+esac
+case ",$native_development_packages," in
+  *,freebsd-native-headers,*) : ;;
+  *) echo "native development package set does not include freebsd-native-headers" >&2; exit 1 ;;
+esac
+case ",$native_development_packages," in
+  *,freebsd-clang-toolchain,*) : ;;
+  *) echo "native development package set does not retain the explicit toolchain artifact" >&2; exit 1 ;;
+esac
+
+cat >"$metadata_file" <<EOF
+workdir=$workdir
+store_dir=$store_dir
+bootloader_store=$bootloader_store
+headers_store=$headers_store
+native_system_packages=$native_system_packages
+native_development_packages=$native_development_packages
+runtime_vs_development_split=ok
+EOF
+
+if [ -n "$metadata_target" ]; then
+  mkdir -p "$(dirname "$metadata_target")"
+  cp "$metadata_file" "$metadata_target"
+fi
+
+printf 'PASS phase14-native-development-split\n'
+printf 'Work directory: %s\n' "$workdir"
+printf 'Metadata file: %s\n' "$metadata_file"
+if [ -n "$metadata_target" ]; then
+  printf 'Copied metadata to: %s\n' "$metadata_target"
+fi
+printf '%s\n' '--- metadata ---'
+cat "$metadata_file"

tests/system/run-phase14-native-split-qemu.sh

@@ -0,0 +1,129 @@
+#!/bin/sh
+set -eu
+
+repo_root=${PROJECT_ROOT:-$(pwd)}
+os_template=${OS_TEMPLATE:-$repo_root/tests/system/phase14-native-split-pid1-operating-system.scm.in}
+system_name=${SYSTEM_NAME:-phase14-operating-system}
+disk_capacity=${DISK_CAPACITY:-8g}
+root_size=${ROOT_SIZE:-6g}
+metadata_target=${METADATA_OUT:-}
+cleanup=0
+
+if [ -n "${WORKDIR:-}" ]; then
+  workdir=$WORKDIR
+  mkdir -p "$workdir"
+else
+  workdir=$(mktemp -d /tmp/fruix-phase14-native-split-qemu.XXXXXX)
+  cleanup=1
+fi
+if [ "${KEEP_WORKDIR:-0}" -eq 1 ]; then
+  cleanup=0
+fi
+
+inner_metadata=$workdir/phase14-native-split-qemu-inner-metadata.txt
+metadata_file=$workdir/phase14-native-split-qemu-metadata.txt
+
+cleanup_workdir() {
+  if [ "$cleanup" -eq 1 ]; then
+    rm -rf "$workdir" 2>/dev/null || sudo rm -rf "$workdir"
+  fi
+}
+trap cleanup_workdir EXIT INT TERM
+
+KEEP_WORKDIR=1 WORKDIR="$workdir/inner" METADATA_OUT="$inner_metadata" \
+  OS_TEMPLATE="$os_template" SYSTEM_NAME="$system_name" DISK_CAPACITY="$disk_capacity" ROOT_SIZE="$root_size" \
+  "$repo_root/tests/system/run-phase11-shepherd-pid1-qemu.sh"
+
+phase8_metadata=$(sed -n 's/^phase8_metadata=//p' "$inner_metadata")
+closure_path=$(sed -n 's/^closure_path=//p' "$inner_metadata")
+closure_base=$(sed -n 's/^closure_base=//p' "$inner_metadata")
+serial_log=$(sed -n 's/^serial_log=//p' "$inner_metadata")
+ssh_port=$(sed -n 's/^ssh_port=//p' "$inner_metadata")
+shepherd_pid=$(sed -n 's/^shepherd_pid=//p' "$inner_metadata")
+sshd_status=$(sed -n 's/^sshd_status=//p' "$inner_metadata")
+activate_log=$(sed -n 's/^activate_log=//p' "$inner_metadata")
+
+native_base_store_count=$(sed -n 's/^native_base_store_count=//p' "$phase8_metadata")
+native_base_stores=$(sed -n 's/^native_base_stores=//p' "$phase8_metadata")
+host_base_store_count=$(sed -n 's/^host_base_store_count=//p' "$phase8_metadata")
+host_base_stores=$(sed -n 's/^host_base_stores=//p' "$phase8_metadata")
+
+[ "$native_base_store_count" = 3 ] || { echo "expected 3 native base stores, got: $native_base_store_count" >&2; exit 1; }
+[ "$host_base_store_count" = 0 ] || { echo "expected 0 host base stores, got: $host_base_store_count" >&2; exit 1; }
+[ -z "$host_base_stores" ] || { echo "host base stores are not empty: $host_base_stores" >&2; exit 1; }
+printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-kernel-15.0-STABLE$' >/dev/null || {
+  echo "native base stores do not include the native kernel" >&2
+  exit 1
+}
+bootloader_store=$(printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-bootloader-15.0-STABLE$' | head -n 1)
+runtime_store=$(printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-runtime-15.0-STABLE$' | head -n 1)
+[ -n "$bootloader_store" ] || { echo "native base stores do not include the native bootloader slice" >&2; exit 1; }
+[ -n "$runtime_store" ] || { echo "native base stores do not include the native runtime slice" >&2; exit 1; }
+printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-world-15.0-STABLE$' >/dev/null && {
+  echo "broad native world artifact should no longer be part of the validated split-system closure" >&2
+  exit 1
+}
+for path in \
+  "$bootloader_store/boot/loader" \
+  "$bootloader_store/boot/loader.efi" \
+  "$bootloader_store/boot/device.hints" \
+  "$bootloader_store/boot/defaults/loader.conf" \
+  "$bootloader_store/boot/lua/loader.lua" \
+  "$runtime_store/bin/sh" \
+  "$runtime_store/sbin/init" \
+  "$runtime_store/etc/rc" \
+  "$runtime_store/usr/sbin/sshd" \
+  "$runtime_store/sbin/dhclient" \
+  "$runtime_store/usr/bin/ssh-keygen" \
+  "$runtime_store/usr/share/locale/C.UTF-8/LC_CTYPE"
+do
+  [ -e "$path" ] || {
+    echo "required native split path missing: $path" >&2
+    exit 1
+  }
+done
+[ ! -e "$runtime_store/boot" ] || { echo "native runtime still contains /boot" >&2; exit 1; }
+[ ! -e "$runtime_store/usr/include" ] || { echo "native runtime still contains /usr/include" >&2; exit 1; }
+[ "$shepherd_pid" = 1 ] || { echo "shepherd was not PID 1" >&2; exit 1; }
+[ "$sshd_status" = running ] || { echo "sshd is not running" >&2; exit 1; }
+case "$activate_log" in
+  *fruix-activate:done*) : ;;
+  *) echo "activation log does not show success" >&2; exit 1 ;;
+esac
+
+cat >"$metadata_file" <<EOF
+workdir=$workdir
+inner_metadata=$inner_metadata
+phase8_metadata=$phase8_metadata
+closure_path=$closure_path
+closure_base=$closure_base
+serial_log=$serial_log
+ssh_port=$ssh_port
+disk_capacity=$disk_capacity
+root_size=$root_size
+bootloader_store=$bootloader_store
+runtime_store=$runtime_store
+native_base_store_count=$native_base_store_count
+native_base_stores=$native_base_stores
+host_base_store_count=$host_base_store_count
+host_base_stores=$host_base_stores
+shepherd_pid=$shepherd_pid
+sshd_status=$sshd_status
+boot_backend=qemu-uefi-tcg
+init_mode=shepherd-pid1
+native_split_boot=ok
+EOF
+
+if [ -n "$metadata_target" ]; then
+  mkdir -p "$(dirname "$metadata_target")"
+  cp "$metadata_file" "$metadata_target"
+fi
+
+printf 'PASS phase14-native-split-qemu\n'
+printf 'Work directory: %s\n' "$workdir"
+printf 'Metadata file: %s\n' "$metadata_file"
+if [ -n "$metadata_target" ]; then
+  printf 'Copied metadata to: %s\n' "$metadata_target"
+fi
+printf '%s\n' '--- metadata ---'
+cat "$metadata_file"

tests/system/run-phase14-native-split-xcpng.sh

@@ -0,0 +1,135 @@
+#!/bin/sh
+set -eu
+
+repo_root=${PROJECT_ROOT:-$(pwd)}
+os_template=${OS_TEMPLATE:-$repo_root/tests/system/phase14-native-split-pid1-operating-system.scm.in}
+system_name=${SYSTEM_NAME:-phase14-operating-system}
+root_size=${ROOT_SIZE:-6g}
+metadata_target=${METADATA_OUT:-}
+cleanup=0
+
+if [ -n "${WORKDIR:-}" ]; then
+  workdir=$WORKDIR
+  mkdir -p "$workdir"
+else
+  workdir=$(mktemp -d /tmp/fruix-phase14-native-split-xcpng.XXXXXX)
+  cleanup=1
+fi
+if [ "${KEEP_WORKDIR:-0}" -eq 1 ]; then
+  cleanup=0
+fi
+
+inner_metadata=$workdir/phase14-native-split-xcpng-inner-metadata.txt
+metadata_file=$workdir/phase14-native-split-xcpng-metadata.txt
+
+cleanup_workdir() {
+  if [ "$cleanup" -eq 1 ]; then
+    rm -rf "$workdir"
+  fi
+}
+trap cleanup_workdir EXIT INT TERM
+
+KEEP_WORKDIR=1 WORKDIR="$workdir/inner" METADATA_OUT="$inner_metadata" \
+  OS_TEMPLATE="$os_template" SYSTEM_NAME="$system_name" ROOT_SIZE="$root_size" \
+  "$repo_root/tests/system/run-phase11-shepherd-pid1-xcpng.sh"
+
+phase8_metadata=$(sed -n 's/^phase8_metadata=//p' "$inner_metadata")
+closure_path=$(sed -n 's/^closure_path=//p' "$inner_metadata")
+closure_base=$(sed -n 's/^closure_base=//p' "$inner_metadata")
+guest_ip=$(sed -n 's/^guest_ip=//p' "$inner_metadata")
+vm_id=$(sed -n 's/^vm_id=//p' "$inner_metadata")
+vdi_id=$(sed -n 's/^vdi_id=//p' "$inner_metadata")
+shepherd_pid=$(sed -n 's/^shepherd_pid=//p' "$inner_metadata")
+sshd_status=$(sed -n 's/^sshd_status=//p' "$inner_metadata")
+compat_prefix_shims=$(sed -n 's/^compat_prefix_shims=//p' "$inner_metadata")
+guile_module_smoke=$(sed -n 's/^guile_module_smoke=//p' "$inner_metadata")
+activate_log=$(sed -n 's/^activate_log=//p' "$inner_metadata")
+
+native_base_store_count=$(sed -n 's/^native_base_store_count=//p' "$phase8_metadata")
+native_base_stores=$(sed -n 's/^native_base_stores=//p' "$phase8_metadata")
+host_base_store_count=$(sed -n 's/^host_base_store_count=//p' "$phase8_metadata")
+host_base_stores=$(sed -n 's/^host_base_stores=//p' "$phase8_metadata")
+
+[ "$native_base_store_count" = 3 ] || { echo "expected 3 native base stores, got: $native_base_store_count" >&2; exit 1; }
+[ "$host_base_store_count" = 0 ] || { echo "expected 0 host base stores, got: $host_base_store_count" >&2; exit 1; }
+[ -z "$host_base_stores" ] || { echo "host base stores are not empty: $host_base_stores" >&2; exit 1; }
+printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-kernel-15.0-STABLE$' >/dev/null || {
+  echo "native base stores do not include the native kernel" >&2
+  exit 1
+}
+bootloader_store=$(printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-bootloader-15.0-STABLE$' | head -n 1)
+runtime_store=$(printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-runtime-15.0-STABLE$' | head -n 1)
+[ -n "$bootloader_store" ] || { echo "native base stores do not include the native bootloader slice" >&2; exit 1; }
+[ -n "$runtime_store" ] || { echo "native base stores do not include the native runtime slice" >&2; exit 1; }
+printf '%s\n' "$native_base_stores" | tr ',' '\n' | grep 'freebsd-native-world-15.0-STABLE$' >/dev/null && {
+  echo "broad native world artifact should no longer be part of the validated split-system closure" >&2
+  exit 1
+}
+for path in \
+  "$bootloader_store/boot/loader" \
+  "$bootloader_store/boot/loader.efi" \
+  "$bootloader_store/boot/device.hints" \
+  "$bootloader_store/boot/defaults/loader.conf" \
+  "$bootloader_store/boot/lua/loader.lua" \
+  "$runtime_store/bin/sh" \
+  "$runtime_store/sbin/init" \
+  "$runtime_store/etc/rc" \
+  "$runtime_store/usr/sbin/sshd" \
+  "$runtime_store/sbin/dhclient" \
+  "$runtime_store/usr/bin/ssh-keygen" \
+  "$runtime_store/usr/share/locale/C.UTF-8/LC_CTYPE"
+do
+  [ -e "$path" ] || {
+    echo "required native split path missing: $path" >&2
+    exit 1
+  }
+done
+[ ! -e "$runtime_store/boot" ] || { echo "native runtime still contains /boot" >&2; exit 1; }
+[ ! -e "$runtime_store/usr/include" ] || { echo "native runtime still contains /usr/include" >&2; exit 1; }
+[ "$shepherd_pid" = 1 ] || { echo "shepherd was not PID 1" >&2; exit 1; }
+[ "$sshd_status" = running ] || { echo "sshd is not running" >&2; exit 1; }
+[ "$compat_prefix_shims" = absent ] || { echo "compatibility prefix shims reappeared" >&2; exit 1; }
+[ "$guile_module_smoke" = ok ] || { echo "guest Guile module smoke failed" >&2; exit 1; }
+case "$activate_log" in
+  *fruix-activate:done*) : ;;
+  *) echo "activation log does not show success" >&2; exit 1 ;;
+esac
+
+cat >"$metadata_file" <<EOF
+workdir=$workdir
+inner_metadata=$inner_metadata
+phase8_metadata=$phase8_metadata
+closure_path=$closure_path
+closure_base=$closure_base
+vm_id=$vm_id
+vdi_id=$vdi_id
+guest_ip=$guest_ip
+root_size=$root_size
+bootloader_store=$bootloader_store
+runtime_store=$runtime_store
+native_base_store_count=$native_base_store_count
+native_base_stores=$native_base_stores
+host_base_store_count=$host_base_store_count
+host_base_stores=$host_base_stores
+shepherd_pid=$shepherd_pid
+sshd_status=$sshd_status
+compat_prefix_shims=$compat_prefix_shims
+guile_module_smoke=$guile_module_smoke
+boot_backend=xcp-ng-xo-cli
+init_mode=shepherd-pid1
+native_split_boot=ok
+EOF
+
+if [ -n "$metadata_target" ]; then
+  mkdir -p "$(dirname "$metadata_target")"
+  cp "$metadata_file" "$metadata_target"
+fi
+
+printf 'PASS phase14-native-split-xcpng\n'
+printf 'Work directory: %s\n' "$workdir"
+printf 'Metadata file: %s\n' "$metadata_file"
+if [ -n "$metadata_target" ]; then
+  printf 'Copied metadata to: %s\n' "$metadata_target"
+fi
+printf '%s\n' '--- metadata ---'
+cat "$metadata_file"