The instability was not caused by kexec-fiwix logic itself but by oversized early-stage payload pressure in kernel-bootstrap mode.
When too many distfiles are injected before the Fiwix handoff, the early memory/file-table assumptions become fragile and KVM can fail during transition.
This change restores kexec-fiwix.c to the known baseline (matching commit 984b8322...) and fixes the actual failure mode by moving non-early distfiles out of the initial image.
What changed:
- Keep only bootstrap-required distfiles in early init image.
- Generate a separate raw payload image (LBPAYLD1 format) for the remaining distfiles.
- Attach payload image as an extra disk in QEMU/bare-metal kernel-bootstrap flow.
- Add a dedicated C89/tcc-compatible importer (payload-import) that scans payload disks and copies files into /external/distfiles after jump: fiwix.
- Insert improve: import_payload immediately after jump: fiwix so the full distfile set is restored before heavy build steps continue.
- Add PAYLOAD_REQUIRED config gating so this behavior is active only in kernel-bootstrap paths that need it.
Why this design:
- Preserves minimal early environment assumptions (no dependency on full shell utilities for the copy operation itself).
- Avoids adding filesystem-construction toolchain dependencies for the payload container by using a simple length-prefixed raw format.
- Keeps bare-metal and QEMU behavior aligned: both can carry full build artifacts without overloading the early handoff stage.
- Leaves kexec-fiwix behavior deterministic and auditable by reverting to a known-good baseline implementation.
- add --stage0-image in rootfs.py for qemu to boot an existing kernel-bootstrap image
- when --stage0-image is combined with --build-guix-also, update BUILD_GUIX_ALSO in image config and sync /steps-guix into the image
- require stage0 /init to contain guix handoff marker instead of patching /init implicitly
- add run_steps_guix_if_requested() to make_bootable-generated /init so rebooted stage0 images can enter steps-guix directly
- run /steps-guix/0.sh with bash in after.sh
- make script-generator start mode convention-based: /steps stays kaem-first, alternate roots (e.g. /steps-guix) start in bash
- remove redundant explicit /steps config-root argument from seed/preseeded/reconfigure script-generator calls
The Linux kernel is already built with CONFIG_M686=y, which suggests that the bootstrap is not supported on anything older thant i686. So, use i686 on userspace too. Some software, such as gettext, cmake or elfutils, has trouble building for i386 due to missing atomic intrinsics.
For example, building gettext 0.26 would fail with:
```
/usr/lib/i386-unknown-linux-musl/gcc/i386-unknown-linux-musl/13.3.0/../../../../../i386-unknown-linux-musl/bin/ld: /build/gettext-0.26_1/gettext-0.26/build/gettext-tools/gnulib-lib/.libs/libgettextlib.so: undefined reference to `__atomic_compare_exchange_4'
```
Failures in "after" scripts do not currently result in bootstrap
failures since "find" ignores the exit code of commands that it
executes.
There are no simple options in "find" to both propagate non-0 exit
statuses of executed commands and also abort its command execution
sequence in such an event. As such, use "find" only for listing
script names and otherwise use a simple loop to execute them.
While at it, execute scripts in numerical order according to their
basename. This gives consumers control over the execution order of
their scripts. For example, 50-sign.sh will be executed before
51-upload.sh.
Without this, one of my boards fails to reboot from USB drive due to
slow USB enumeration. Rootwait is not needed during the Fiwix -> Linux
jump, because we use an initramfs there, and the init scripts already
wait for USB drives to show up. Linux->Linux kexec, used with a custom
early kernel, might need it, so add it there as well to be safe.
This is the last LTS version buildable using GCC 4.0.x. The next one,
version 4.19, requires at least GCC 4.6.
Fortunately, this is also the first version of the Linux kernel
without firmware blobs being included in /firmware, so the FSFLA
deblob scripts aren't needed anymore to ensure a fully auditable
kernel - the 3 remaining drivers that do include blobs masquerading
as source code are removed via a patch, avoiding all the other side
effects of the deblob scripts.
This doesn't compromise the trustworthiness of the bootstrapped
environment, since all the other drivers deblob would remove use
the firmware loader mechanism, which does nothing when the actual
firmware blobs aren't installed on the system separately. Features
dependent on firmware still won't work, but many drivers that load
firmware do so only optionally. This includes r8169, the driver for
the Realtek gigabit NICs found on many x86 motherboards.
This kernel is considerably larger than 4.9.10, and we build more
of it (including drivers that would previously get stripped away by
the deblob script, such as r8169), so to accommodate that, Fiwix
initrd size is increased by 64MiB, while lowering kexec space by
the same amount to ensure enough userspace memory available in Fiwix.
Fiwix's maximum open file count is also bumped from 1.5K to 2.5K.
The Documentation folder is deleted before build, to further save
space in the ramdisk.
Parts built before bash and the repo system are available aren't
stored in a clean repository tarball, so if any early file is
overwritten, it's lost. Fix this by creating a base.tar.bz2 right
after the repo is set up, to hold reference copies of early files.
This tarball isn't checksummed, since it varies considerably with
bootstrap options, but the binaries inside are protected by their
own checksums.
By wrapping $(cat) in an eval, redirections and other advanced
syntax can now work in the early prompts.
Also, since "set -E" is broken is the early bash, fall back to
using "set -e" and an EXIT trap, until we can upgrade to a bash
version that already has working "set -E", or perhaps backport
it to 2.05b.
We spawn a shell:
- When Bash is first built, on tty2. This shell uses the old Bash,
so interactive mode needs to be emulated using redirection. Thus,
entering commands needs to be done using Enter followed by Ctrl+D,
and certain redirection features are unavailable.
- After moving the system to disk, on tty2. Old Bash, same limitations.
- After 2nd Bash is built, on tty3. This is a fully functional shell.
This is disabled in chroot-like bootstrap modes, or when -i is not set.
The Linux kernel won't autocreate /dev/shm inside devtmpfs.
Without it, semaphores won't work properly in Python.
Previously, /dev/shm was set up in populate_device_nodes, but we
no longer run that after booting into Linux.
The sysrq shutdown trigger takes some time to fully shut down the system,
during which init is expected to continue running. Since after.sh is the
last step in our init, if it quits before shutdown is complete, Linux will
panic with "Attempted to kill init".
Add an infinite loop after shutdown is issued via sysrq to prevent this.
This was removed as part of the simplify refactor, severely slowing
down qemu and bare-metal builds. Restoring it brings us back to the
same build times that we saw before the refactor.
Perform variable substitution at runtime, rather than at generation
time. This way, if bootstrap.cfg changes after update_env, the new
values there take effect immediately.
With this, finalize_fhs.sh can be rerun as needed, e.g. when rebooting.
Also, the preferred nameserver will persist after DHCP.
Thanks to devtmpfs, we no longer need to manage /dev once Linux is up.
