348 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			348 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| User Manual
 | |
| ###########
 | |
| 
 | |
| This manual is an early work in progress, not least because Liminix is
 | |
| not yet really ready for users who are not also developers. Your
 | |
| feedback to improve it is very welcome.
 | |
| 
 | |
| Installation
 | |
| ************
 | |
| 
 | |
| The Liminix installation process is not quite like installing NixOS on
 | |
| a real computer, but some NixOS experience will nevertheless be
 | |
| helpful in understanding it.  The steps are as follows:
 | |
| 
 | |
| * Decide whether you want the device to be updatable in-place (there
 | |
|   are advantages and disadvantages), or if you are happy to generate
 | |
|   and flash a new image whenever changes are required.
 | |
| 
 | |
| * Create a :file:`configuration.nix` describing the system you want
 | |
| 
 | |
| * Build an image
 | |
| 
 | |
| * Flash it to the device
 | |
| 
 | |
| Supported devices
 | |
| =================
 | |
| 
 | |
| For a list of devices that Liminix (present or previous versions)
 | |
| has run on, refer to `devices/ in the source repo <https://gti.telent.net/dan/liminix/src/branch/main/devices>`_. For devices that _currently_ build,
 | |
| cross-reference it with `the CI status <https://build.liminix.org/jobset/liminix/build#tabs-jobs>`_. Everything that builds is (usually) expected
 | |
| to run, so if you end up with an image that builds but doesn't
 | |
| boot, please report it as a bug.
 | |
| 
 | |
| As of June 2023 the device list is a little thin. Adding devices based
 | |
| on the Atheros or Mediatek (Ralink) platform should be quite
 | |
| straightforward if you have some C/Linux kernel experience and are
 | |
| prepared to open it up and attach serial wires: please refer to the
 | |
| Developer Manual.
 | |
| 
 | |
| 
 | |
| Choosing a flavour (read-only or updatable)
 | |
| ===========================================
 | |
| 
 | |
| Liminix installations come in two "flavours"- read-only or in-place
 | |
| updatable:
 | |
| 
 | |
| * a read-only installation can't be updated once it is flashed to your
 | |
|   device, and so must be reinstalled in its entirety every time you
 | |
|   want to change it.  It uses the ``squashfs`` filesystem which has
 | |
|   very good compression ratios and so you can pack quite a lot of
 | |
|   useful stuff onto your device.  This is good if you don't expect
 | |
|   to change it often.
 | |
| 
 | |
| * an updatable installation has a writable filesystem so that you can
 | |
|   update configuration, upgrade packages and install new packages over
 | |
|   the network after installation. This uses the `jffs2
 | |
|   <http://www.linux-mtd.infradead.org/doc/jffs2.html>`_ filesystem:
 | |
|   although it does compress the data, the need to support writes means
 | |
|   that it can't pack quite as small as squashfs, so you will not have
 | |
|   as much space to play with.
 | |
| 
 | |
| Updatability caveats
 | |
| ~~~~~~~~~~~~~~~~~~~~
 | |
| 
 | |
| At the time of writing this manual the read-only squashfs support is
 | |
| much more mature. Consider also that it may not be possible to perform
 | |
| "larger" updates in-place even if you do opt for updatability.  If you
 | |
| have (for example) an 11MB system on a 16MB device, you won't be able
 | |
| to do an in-place update of something fundamental like the C library
 | |
| (libc), as this will temporarily require 22MB to install all the
 | |
| packages needing the new library before the packages using the old
 | |
| library can be removed. A writable system will be more useful for
 | |
| smaller updates such as installing a new package (perhaps you
 | |
| temporarily need tcpdump to diagnose a network problem) or for
 | |
| changing configuration files.
 | |
| 
 | |
| Note also that the kernel is not part of the filesystem so cannot be
 | |
| updated this way. Kernel changes require a full reflash.
 | |
| 
 | |
| 
 | |
| 
 | |
| Creating configuration.nix
 | |
| ==========================
 | |
| 
 | |
| 
 | |
| You need to create a :file:`configuration.nix` that describes your
 | |
| device and the services that you want to run on it. The best way to
 | |
| get started is by reading one of the examples such as
 | |
| :file:`examples/rotuer.nix` and modifying it to your needs.
 | |
| 
 | |
| :file:`configuration.nix` conventionally describes the packages, services,
 | |
| user accounts etc of the device. It does not describe the hardware
 | |
| itself, which is specified separately in the build command (as you
 | |
| will see below).
 | |
| 
 | |
| Most of the functionality of a Liminix system is driven by *services*
 | |
| which are declared by *modules*: thus, to add for example an NTP service
 | |
| you first add :file:`modules/ntp` to your ``imports`` list, then
 | |
| you create a service by calling :code:`config.system.service.ntp.build { .... }`
 | |
| with the appropriate service-dependent configuration parameters.
 | |
| 
 | |
| .. code-block:: nix
 | |
| 
 | |
|   let svc = config.system.service;
 | |
|   in {
 | |
|     # ...
 | |
|     imports = [
 | |
|       ./modules/ntp
 | |
|       # ....
 | |
|     ];
 | |
|     config.services.ntp = svc.ntp.build {
 | |
|       pools = { "pool.ntp.org" = ["iburst"]; };
 | |
|       makestep = { threshold = 1.0; limit = 3; };
 | |
|     };
 | |
| 
 | |
| A :ref:`full list of module options <module-options>` is provided
 | |
| later in this manual.
 | |
| 
 | |
| You *most likely* want to include the ``standard`` module unless you
 | |
| have a quite unusual use case for a very minimal system, in which case
 | |
| you will understand what it does and what happens if you leave it out.
 | |
| 
 | |
| .. code-block:: nix
 | |
| 
 | |
|     imports = [
 | |
|       ./modules/standard.nix
 | |
|     ]
 | |
|     configuration.rootfsType = "jffs2"; # or "squashfs"
 | |
| 
 | |
| 
 | |
| 
 | |
| Building
 | |
| ========
 | |
| 
 | |
| Build Liminix using the :file:`default.nix` in the project toplevel
 | |
| directory, passing it arguments for configuration and hardware. For
 | |
| example:
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|     nix-build -I liminix-config=./tests/smoke/configuration.nix \
 | |
|      --arg device "import ./devices/qemu" -A outputs.default
 | |
| 
 | |
| In this command ``<liminix-config>`` points to your
 | |
| :file:`configuration.nix`, ``device`` is the file for your hardware device
 | |
| definition, and ``outputs.default`` will generate some kind of
 | |
| Liminix image output appropriate to that device.
 | |
| 
 | |
| For the qemu device in this example, ``outputs.default`` is an alias
 | |
| for ``outputs.vmbuild``, which creates a directory containing a
 | |
| squashfs root image and a kernel. You can use the :command:`mips-vm` command to
 | |
| run this.
 | |
| 
 | |
| For the currently supported hardware devices, ``outputs.default``
 | |
| creates a directory containing a file called ``firmware.bin``.  This
 | |
| is a raw image file that can be written directly to the firmware flash
 | |
| partition.
 | |
| 
 | |
| 
 | |
| Flashing
 | |
| ========
 | |
| 
 | |
| 
 | |
| Flashing from the boot monitor
 | |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | |
| 
 | |
| If you are prepared to open the device and have a TTL serial adaptor
 | |
| of some kind to connect it to, you can probably flash it using U-Boot.
 | |
| This is quite hardware-specific, and sometimes involves soldering:
 | |
| please refer to the Developer Manual.
 | |
| 
 | |
| 
 | |
| Flashing from an existing Liminix system with :command:`flashcp`
 | |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | |
| 
 | |
| The flash procedure from an existing Liminix-system is two-step.
 | |
| First we reboot the device (using "kexec") into an "ephemeral"
 | |
| RAM-based version of the new configuration, then when we're happy it
 | |
| works we can flash the image - and if it doesn't work we can reboot
 | |
| the device again and it will boot from the old image.
 | |
| 
 | |
| 
 | |
| 
 | |
| Building the RAM-based image
 | |
| ............................
 | |
| 
 | |
| To create the ephemeral image, build ``outputs.kexecboot`` instead of
 | |
| ``outputs.default``.  This generates a directory containing the root
 | |
| filesystem image and kernel, along with an executable called `kexec`
 | |
| and a `boot.sh` script that runs it with appropriate arguments.
 | |
| 
 | |
| For example
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|    nix-build --show-trace -I liminix-config=./examples/arhcive.nix \
 | |
|      --arg device "import ./devices/gl-ar750"
 | |
|      -A outputs.kexecboot && \
 | |
|      (tar chf - result | ssh root@the-device tar -C /run -xvf -)
 | |
| 
 | |
| and then login to the device and run
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|    cd /run/result
 | |
|    sh ./boot.sh .
 | |
| 
 | |
| 
 | |
| This will load the new kernel and map the root filesystem into a RAM
 | |
| disk, then start executing the new kernel. *This is effectively a
 | |
| reboot - be sure to close all open files and finish anything else
 | |
| you were doing first.*
 | |
| 
 | |
| If the new system crashes or is rebooted, then the device will revert
 | |
| to the old configuration it finds in flash.
 | |
| 
 | |
| 
 | |
| Building the second (permanent) image
 | |
| .....................................
 | |
| 
 | |
| While running in the kexecboot system, you can copy the permanent
 | |
| image to the device with :command:`ssh`
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|    build-machine$ tar chf - result/firmware.bin | \
 | |
|     ssh root@the-device tar -C /run -xvf -
 | |
| 
 | |
| Next you need to connect to the device and locate the "firmware"
 | |
| partition, which you can do with a combination of :command:`dmesg`
 | |
| output and the contents of :file:`/proc/mtd`
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|    <5>[    0.469841] Creating 4 MTD partitions on "spi0.0":
 | |
|    <5>[    0.474837] 0x000000000000-0x000000040000 : "u-boot"
 | |
|    <5>[    0.480796] 0x000000040000-0x000000050000 : "u-boot-env"
 | |
|    <5>[    0.487056] 0x000000050000-0x000000060000 : "art"
 | |
|    <5>[    0.492753] 0x000000060000-0x000001000000 : "firmware"
 | |
| 
 | |
|    # cat /proc/mtd
 | |
|    dev:    size   erasesize  name
 | |
|    mtd0: 00040000 00001000 "u-boot"
 | |
|    mtd1: 00010000 00001000 "u-boot-env"
 | |
|    mtd2: 00010000 00001000 "art"
 | |
|    mtd3: 00fa0000 00001000 "firmware"
 | |
|    mtd4: 002a0000 00001000 "kernel"
 | |
|    mtd5: 00d00000 00001000 "rootfs"
 | |
| 
 | |
| Now run (in this example)
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|    flashcp -v firmware.bin /dev/mtd3
 | |
| 
 | |
| 
 | |
| "I know my new image is good, can I skip the intemediate step?"
 | |
| ```````````````````````````````````````````````````````````````
 | |
| 
 | |
| In addition to giving you a chance to see if the new image works, this
 | |
| two-step process ensures that you're not copying the new image over
 | |
| the top of the active root filesystem. It might work, or it might
 | |
| crash in surprising ways.
 | |
| 
 | |
| 
 | |
| 
 | |
| Flashing from OpenWrt (not currently advised!)
 | |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | |
| 
 | |
| .. CAUTION:: At your own risk! This will (at least in some
 | |
|              circumstances) lead to bricking the device: we think this
 | |
|              flash method is currently incompatible with use of a
 | |
|              writeable (jffs2) filesystem.
 | |
| 
 | |
| If your device is running OpenWrt then it probably has the
 | |
| :command:`mtd` command installed. After transferring the image onto the
 | |
| device using e.g. :command:`ssh`,  you can run it as follows:
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|    mtd -r write /tmp/firmware.bin firmware
 | |
| 
 | |
| For more information, please see the `OpenWrt manual <https://openwrt.org/docs/guide-user/installation/sysupgrade.cli>`_ which may also contain (hardware-dependent) instructions on how to flash an image using the vendor firmware - perhaps even from a web interface.
 | |
| 
 | |
| 
 | |
| Updating an installed system (JFFS2)
 | |
| ************************************
 | |
| 
 | |
| Adding packages
 | |
| ===============
 | |
| 
 | |
| 
 | |
| If your device is running a JFFS2 root filesystem, you can build
 | |
| extra packages for it on your build system and copy them to the
 | |
| device: any package in Nixpkgs or in the Liminix overlay is available
 | |
| with the ``pkgs`` prefix:
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|     nix-build -I liminix-config=./my-configuration.nix \
 | |
|      --arg device "import ./devices/mydevice" -A pkgs.tcpdump
 | |
| 
 | |
|     nix-shell -p min-copy-closure root@the-device result/
 | |
| 
 | |
| Note that this only copies the package to the device: it doesn't update
 | |
| any profile to add it to ``$PATH``
 | |
| 
 | |
| 
 | |
| Rebuilding the system
 | |
| =====================
 | |
| 
 | |
| :command:`liminix-rebuild` is the Liminix analogue of :command:`nixos-rebuild`, although its operation is a bit different because it expects to run on a build machine and then copy to the host device. Run it with the same ``liminix-config`` and ``device`` parameters as you would run :command:`nix-build`, and it will build any new/changed packages and then copy them to the device using SSH. For example:
 | |
| 
 | |
| .. code-block:: console
 | |
| 
 | |
|      liminix-rebuild root@the-device  -I liminix-config=./examples/rotuer.nix --arg device "import ./devices/gl-ar750"
 | |
| 
 | |
| This will
 | |
| 
 | |
| * build anything that needs building
 | |
| * copy new or changed packages to the device
 | |
| * reboot the device
 | |
| 
 | |
| It doesn't delete old packages automatically: to do that run
 | |
| :command:`min-collect-garbage`, which will delete any packages not in
 | |
| the current system closure. Note that Liminix does not have the NixOS
 | |
| concept of environments or generations, and there is no way back from
 | |
| this except for building the previous configuration again.
 | |
| 
 | |
| 
 | |
| 
 | |
| Caveats
 | |
| ~~~~~~~
 | |
| 
 | |
| * it needs there to be enough free space on the device for all the new
 | |
|   packages in addition to all the packages already on it - which may be
 | |
|   a problem if a lot of things have changed (e.g. a new version of
 | |
|   nixpkgs).
 | |
| 
 | |
| * it cannot upgrade the kernel, only userland
 | |
| 
 | |
| Configuration options
 | |
| *********************
 | |
| 
 | |
| .. _module-options:
 | |
| 
 | |
| .. include:: modules.rst
 | 
