From 5545bc9334614c9e0b923d5d1e3d02c92fcd4223 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 16 Sep 2024 15:26:08 -0700
Subject: [PATCH] feat: bump qemu w/ new firmware deps

---
 packages/acpica/Containerfile |  20 +++---
 packages/edk2/Containerfile   | 125 ++++++++++++++++++++++++----------
 packages/ipxe/Containerfile   |  86 +++++++++++++++++++++++
 packages/nasm/Containerfile   |  25 +++----
 packages/qemu/Containerfile   |  78 +++++++++------------
 5 files changed, 227 insertions(+), 107 deletions(-)
 create mode 100644 packages/ipxe/Containerfile

diff --git a/packages/acpica/Containerfile b/packages/acpica/Containerfile
index 364d947..b098932 100644
--- a/packages/acpica/Containerfile
+++ b/packages/acpica/Containerfile
@@ -1,30 +1,28 @@
-FROM scratch as base
+FROM scratch AS base
 ENV VERSION=20230628
 ENV SRC_HASH=86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce
 ENV SRC_FILE=acpica-unix-${VERSION}.tar.gz
 ENV SRC_SITE=https://downloadmirror.intel.com/783549/${SRC_FILE}
 
-FROM base as fetch
+FROM base AS fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
 
-FROM fetch as build
+FROM fetch AS build
 COPY --from=stagex/busybox . /
 COPY --from=stagex/gcc . /
 COPY --from=stagex/musl . /
 COPY --from=stagex/binutils . /
 COPY --from=stagex/make . /
 COPY --from=stagex/bison . /
-COPY --from=stage/flex . /
+COPY --from=stagex/flex . /
+COPY --from=stagex/m4 . /
 RUN tar -xf ${SRC_FILE}
-WORKDIR acpica-unix-${VERSION}
-RUN --network=none <<-EOF
-	set -eux
-	export LDFLAGS="${LDFLAGS/-Wl,-z,pack-relative-relocs}"
-	make NOWERROR=TRUE -j "$(nproc)"
-EOF
+WORKDIR /acpica-unix-${VERSION}
+ENV LDFLAGS="-Wl,-z,pack-relative-relocs"
+RUN --network=none make NOWERROR=TRUE -j "$(nproc)"
 
 FROM build AS install
 RUN --network=none DESTDIR=/rootfs make install
 
 FROM stagex/filesystem AS package
-COPY --from=install /rootfs/. /
\ No newline at end of file
+COPY --from=install /rootfs/. /
diff --git a/packages/edk2/Containerfile b/packages/edk2/Containerfile
index c5d3aa8..8d897bf 100644
--- a/packages/edk2/Containerfile
+++ b/packages/edk2/Containerfile
@@ -1,16 +1,42 @@
-FROM scratch as base
+FROM scratch AS base
 ARG ARCH=x86_64
 ENV VERSION=202408
+ENV VERSION_OPENSSL=3.0.9
+ENV VERSION_SOFTFLOAT=3e
+ENV VERSION_MIPISYST=370b5944c046bab043dd8b133727b2135af7747a
+ENV VERSION_MBEDTLS=8c89224991adff88d53cd380f42a2baa36f91454
+ENV VERSION_LIBSPDM=50924a4c8145fc721e17208f55814d2b38766fe6
 ENV SRC_HASH=63c99b6f9f7aa94e8d76c432bea05d0d4dd6600af78d6fd59a1aec5ce9cea8ce
+ENV SRC_HASH_MIPISYST=9fda3b9a78343ab2be6f06ce6396536e7e065abac29b47c8eb2e42cbb4c4f00b
+ENV SRC_HASH_SOFTFLOAT=21130ce885d35c1fe73fc1e1bf2244178167e05c6747cad5f450cc991714c746
+ENV SRC_HASH_OPENSSL=eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90
+ENV SRC_HASH_MBEDTLS=b5c7e7c54e013c168f4aae036e59912785f11b4aeebd57f6165a14e879b9a82c
+ENV SRC_HASH_LIBSPDM=962aefeeddb130deeb68c6c60c4848ddedd09d7715ed1ba8a8dadabd032d6232
 ENV SRC_FILE=edk2-stable${VERSION}.tar.gz
-ENV SRC_SITE=https://github.com/tianocore/edk2/archive/refs/tags/${SRC_FILE}}
+ENV SRC_SITE=https://github.com/tianocore/edk2/archive/refs/tags/${SRC_FILE}
+ENV SRC_FILE_MIPISYST=${VERSION_MIPISYST}.tar.gz
+ENV SRC_SITE_MIPISYST=https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${SRC_FILE_MIPISYST}
+ENV SRC_FILE_SOFTFLOAT=SoftFloat-${VERSION_SOFTFLOAT}.zip
+ENV SRC_SITE_SOFTFLOAT=https://www.jhauser.us/arithmetic/${SRC_FILE_SOFTFLOAT}
+ENV SRC_FILE_OPENSSL=openssl-${VERSION_OPENSSL}.tar.gz
+ENV SRC_SITE_OPENSSL=https://www.openssl.org/source/${SRC_FILE_OPENSSL}
+ENV SRC_FILE_MBEDTLS=${VERSION_MBEDTLS}.tar.gz
+ENV SRC_SITE_MBEDTLS=https://github.com/Mbed-TLS/mbedtls/archive/${SRC_FILE_MBEDTLS}
+ENV SRC_FILE_LIBSPDM=${VERSION_LIBSPDM}.tar.gz
+ENV SRC_SITE_LIBSPDM=https://github.com/DMTF/libspdm/archive/${SRC_FILE_LIBSPDM}
 
-FROM base as fetch
+FROM base AS fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+ADD --checksum=sha256:${SRC_HASH_OPENSSL} ${SRC_SITE_OPENSSL} .
+ADD --checksum=sha256:${SRC_HASH_SOFTFLOAT} ${SRC_SITE_SOFTFLOAT} .
+ADD --checksum=sha256:${SRC_HASH_MIPISYST} ${SRC_SITE_MIPISYST} .
+ADD --checksum=sha256:${SRC_HASH_MBEDTLS} ${SRC_SITE_MBEDTLS} .
+ADD --checksum=sha256:${SRC_HASH_LIBSPDM} ${SRC_SITE_LIBSPDM} .
 
-FROM fetch as build
+FROM fetch AS build
 COPY --from=stagex/busybox . /
 COPY --from=stagex/binutils . /
+COPY --from=stagex/pkgconf . /
 COPY --from=stagex/musl . /
 COPY --from=stagex/make . /
 COPY --from=stagex/gcc . /
@@ -18,40 +44,69 @@ COPY --from=stagex/git . /
 COPY --from=stagex/python . /
 COPY --from=stagex/nasm . /
 COPY --from=stagex/acpica . /
-
+COPY --from=stagex/bash . /
+COPY --from=stagex/util-linux . /
+COPY --from=stagex/zlib . /
 RUN tar -xf ${SRC_FILE}
-WORKDIR edk2-edk2-stable${VERSION}
-
-ENV PLATFORM = "ShellPkg/ShellPkg.dsc OvmfPkg/OvmfPkgX64.dsc OvmfPkg/OvmfXen.dsc"
-ENV TOOLCHAIN = "GCC5"
-ENV RELEASE = "RELEASE"
+RUN tar -xf ${SRC_FILE_OPENSSL}
+RUN tar -xf ${SRC_FILE_MIPISYST}
+RUN tar -xf ${SRC_FILE_MBEDTLS}
+RUN tar -xf ${SRC_FILE_LIBSPDM}
+RUN unzip ${SRC_FILE_SOFTFLOAT}
+WORKDIR /edk2-edk2-stable${VERSION}
+ENV WORKDIR=/edk2-edk2-stable${VERSION}
+ENV PACKAGES_PATH=$WORKDIR
+ENV WORKSPACE=$WORKDIR
+ENV EDK_TOOLS_PATH=${WORKDIR}/BaseTools
+ENV PATH=${EDK_TOOLS_PATH}/BinWrappers/PosixLike/:$PATH
+ENV PYTHON_COMMAND=python3
+ENV PLATFORMS="ShellPkg/ShellPkg.dsc OvmfPkg/OvmfPkgX64.dsc OvmfPkg/OvmfXen.dsc"
+ENV TOOLCHAIN="GCC5"
+ENV RELEASE="RELEASE"
+ENV TARGET_ARCH=X64
 RUN --network=none <<-EOF
-	set -ex
-    export PYTHON_COMMAND=python3
-	export WORKSPACE=$PWD
-	export PACKAGES_PATH=$PWD
-	export EDK_TOOLS_PATH=$PWD/BaseTools/
-	export PATH=$PWD/BaseTools/BinWrappers/PosixLike/:$PATH
-	# parallel build fails
-	unset MAKEFLAGS
-
-	bash -c ". edksetup.sh"
-	make -C BaseTools
-
-	for _p in $PLATFORM; do
-		msg "Building Plaform Files $_p"
-		command build -b $RELEASE \
-			-a $TARGET_ARCH  \
-			-t $TOOLCHAIN \
-			-p $_p \
-			-n ${JOBS:-2} \
-			-DSECURE_BOOT_ENABLE=TRUE \
-			-DTPM2_ENABLE=TRUE
-	done
+    set -ex
+    rm -rf CryptoPkg/Library/OpensslLib/openssl
+    ln -s /openssl-${VERSION_OPENSSL} CryptoPkg/Library/OpensslLib/openssl
+    rm -rf CryptoPkg/Library/MbedTlsLib/mbedtls
+    ln -s /mbedtls-${VERSION_MBEDTLS} CryptoPkg/Library/MbedTlsLib/mbedtls
+    rm -rf SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+    ln -s /libspdm-${VERSION_LIBSPDM} SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+    rm -rf ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
+    ln -s /SoftFloat-${VERSION_SOFTFLOAT} \
+        ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
+    rm -rf MdePkg/Library/MipiSysTLib/mipisyst
+    ln -s /public-mipi-sys-t-${VERSION_MIPISYST} \
+        MdePkg/Library/MipiSysTLib/mipisyst
+    sed -e '/BrotliCompress/d' -i BaseTools/Source/C/GNUmakefile
+    sed -e '/BrotliCustomDecompressLib/d' -i MdeModulePkg/MdeModulePkg.dec
+    sed -e 's/\r$//' -i BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp \
+        BaseTools/Source/C/VolInfo/VolInfo.c
+    bash -c ". edksetup.sh"
+    make -C BaseTools
+    for platform in $PLATFORMS; do
+        echo "Building Plaform Files: $platform"
+        command build -b $RELEASE \
+            -a $TARGET_ARCH  \
+            -t $TOOLCHAIN \
+            -p $platform \
+            -n "$(nproc)" \
+            -DSECURE_BOOT_ENABLE=TRUE \
+            -DTPM2_ENABLE=TRUE
+    done
 EOF
 
-FROM build as install
-RUN make DESTDIR="/rootfs" install
+FROM build AS install
+RUN <<-EOF
+    mkdir -p /rootfs/usr/bin \
+    /rootfs/usr/share/edk2/Conf \
+    /rootfs/usr/share/edk2/Scripts
+    install BaseTools/Source/C/bin/* BaseTools/BinWrappers/PosixLike/LzmaF86Compress \
+        /rootfs/usr/bin
+    install BaseTools/BuildEnv /rootfs/usr/share/edk2/
+    install BaseTools/Conf/*.template /rootfs/usr/share/edk2/Conf
+    install BaseTools/Scripts/GccBase.lds /rootfs/usr/share/edk2/Scripts
+EOF
 
-FROM stagex/filesystem as package
+FROM stagex/filesystem AS package
 COPY --from=install /rootfs/. /
diff --git a/packages/ipxe/Containerfile b/packages/ipxe/Containerfile
new file mode 100644
index 0000000..377c427
--- /dev/null
+++ b/packages/ipxe/Containerfile
@@ -0,0 +1,86 @@
+FROM scratch AS base
+ENV VERSION=6ca597eee9f95b846a3c2dc1231e63cfc02272c1
+ENV SRC_FILE=${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/ipxe/ipxe/archive/${SRC_FILE}
+ENV SRC_HASH=f90cc9024d90e3fcbd738a3a1904dd552f276fcc52d177ebdd4e78d17e5c5b44
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/coreutils . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/openssl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/edk2 . /
+COPY --from=stagex/syslinux . /
+COPY --from=stagex/xorriso . /
+COPY --from=stagex/xz . /
+RUN tar -xf ${SRC_FILE}
+WORKDIR /ipxe-${VERSION}/src
+ENV SOURCE_DATE_EPOCH=1
+RUN --network=none <<-EOF
+    set -ex
+    mkdir -p out
+	make \
+        -j "$(nproc)" \
+    	CC=x86_64-linux-musl-gcc \
+    	NO_WERROR=1 \
+    	EXTRA_CFLAGS="-fcommon"  \
+        bin/ipxe.iso \
+        bin/ipxe.lkrn \
+        bin/ipxe.pxe \
+        bin/undionly.kpxe \
+        bin/ipxe.usb \
+        bin/ipxe.dsk \
+        bin-x86_64-efi/ipxe.efi
+    printf " \
+    e1000 8086 100e \n \
+    e1000e 8086 10d3 \n \
+    eepro100 8086 1209 \n \
+    ne2k_pci 1050 0940 \n \
+    pcnet 1022 2000 \n \
+    rtl8139 10ec 8139 \n \
+    virtio 1af4 1000 \n \
+    vmxnet3 15ad 07b0" \
+    | while IFS= read -r line; do
+        set -- $line;
+        target="$1";
+        vid="$2";
+        did="$3";
+        make \
+            -j "$(nproc)" \
+            CONFIG=qemu \
+       		CC=x86_64-linux-musl-gcc \
+            NO_WERROR=1 \
+            EXTRA_CFLAGS="-fcommon"  \
+            bin-x86_64-efi/${vid}${did}.efidrv \
+            bin/${vid}${did}.rom;
+        EfiRom \
+            -f "0x${vid}" \
+            -i "0x${did}" \
+            -l 0x02 \
+            -b bin/${vid}${did}.rom \
+            -ec bin-x86_64-efi/${vid}${did}.efidrv \
+            -o out/efi-${target}.rom;
+    done
+EOF
+
+FROM build AS install
+RUN <<-EOF
+    set -eux
+    install -vDm 644 bin/*.lkrn -t /rootfs/usr/share/ipxe/
+    install -vDm 644 bin/*.dsk -t /rootfs/usr/share/ipxe/
+    install -vDm 644 bin/*.iso -t /rootfs/usr/share/ipxe/
+    install -vDm 644 bin/*.pxe -t /rootfs/usr/share/ipxe/
+    install -vDm 644 bin/*.kpxe -t /rootfs/usr/share/ipxe/
+    install -vDm 644 bin-x86_64-efi/*.efi -t /rootfs/usr/share/ipxe/x86_64/
+    install -vDm 644 out/efi-*.rom -t /rootfs/usr/share/qemu/
+EOF
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /
diff --git a/packages/nasm/Containerfile b/packages/nasm/Containerfile
index 64fc954..dfb4784 100644
--- a/packages/nasm/Containerfile
+++ b/packages/nasm/Containerfile
@@ -1,35 +1,32 @@
-FROM scratch as base
+FROM scratch AS base
 ENV VERSION=2.16.03
-ENV SRC_HASH=86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce
+ENV SRC_HASH=1412a1c760bbd05db026b6c0d1657affd6631cd0a63cddb6f73cc6d4aa616148
 ENV SRC_FILE=nasm-${VERSION}.tar.xz
-ENV SRC_SITE=https://www.nasm.us/pub/nasm/releasebuilds/${VERSION}/${SRC_FILE}}
+ENV SRC_SITE=https://www.nasm.us/pub/nasm/releasebuilds/${VERSION}/${SRC_FILE}
 
-FROM base as fetch
+FROM base AS fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
 
-FROM fetch as build
+FROM fetch AS build
 COPY --from=stagex/busybox . /
 COPY --from=stagex/gcc . /
 COPY --from=stagex/binutils . /
 COPY --from=stagex/make . /
-COPY --from=stagex/bison . /
-COPY --from=stage/flex . /
 COPY --from=stagex/musl . /
 COPY --from=stagex/perl . /
 RUN tar -xf ${SRC_FILE}
-WORKDIR nasm-${VERSION}
+WORKDIR /nasm-${VERSION}
 RUN --network=none <<-EOF
-	set -eux
-		CFLAGS="$CFLAGS -O2 -flto=auto" \
-	./configure \
+    set -eux
+    ./configure \
         --build=x86_64-linux-musl \
         --host=x86_64-linux-musl \
-		--prefix=/usr
-	make -j "$(nproc)"
+        --prefix=/usr
+    make -j "$(nproc)"
 EOF
 
 FROM build AS install
 RUN --network=none DESTDIR=/rootfs make install
 
 FROM stagex/filesystem AS package
-COPY --from=install /rootfs/. /
\ No newline at end of file
+COPY --from=install /rootfs/. /
diff --git a/packages/qemu/Containerfile b/packages/qemu/Containerfile
index 7a4521c..c7f55fb 100644
--- a/packages/qemu/Containerfile
+++ b/packages/qemu/Containerfile
@@ -1,6 +1,6 @@
 FROM scratch AS base
-ENV VERSION=9.0.2
-ENV SRC_HASH=a8c3f596aece96da3b00cafb74baafa0d14515eafb8ed1ee3f7f5c2d0ebf02b6
+ENV VERSION=9.1.0
+ENV SRC_HASH=816b7022a8ba7c2ac30e2e0cf973e826f6bcc8505339603212c5ede8e94d7834
 ENV SRC_FILE=qemu-${VERSION}.tar.xz
 ENV SRC_SITE=https://download.qemu.org/${SRC_FILE}
 
@@ -84,11 +84,37 @@ ENV CFLAGS=" \
     -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
 ENV CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
 ENV LTOFLAGS="-flto=auto"
+ENV TARGET_LIST="x86_64-softmmu,x86_64-linux-user,i386-softmmu,i386-linux-user"
+COPY <<-EOF pc-bios/optionrom/config.mak
+    TOPSRC_DIR=/qemu-${VERSION}
+    CC=gcc
+    CCAS=gcc
+    AR=ar
+    AS=as
+    LD=ld
+    NM=nm
+    OBJCOPY=objcopy
+    RANLIB=ranlib
+    STRIP=strip
+EOF
 RUN --network=none <<-EOF
     set -eux
+    # rm -rf pc-bios/*.bz2
+    rm -rf \
+        pc-bios/*.bin \
+        pc-bios/*.rom \
+        pc-bios/*.img \
+        pc-bios/*.e500 \
+        pc-bios/*.dtb \
+        pc-bios/*.lid \
+        pc-bios/*.ndrv \
+        pc-bios/palcode-clipper \
+        pc-bios/openbios-*
+    make -j "$(nproc)" -C pc-bios/optionrom all
     ./configure \
         --build="x86_64-linux-musl" \
         --host="x86_64-linux-musl" \
+        --target-list="$TARGET_LIST" \
         --prefix=/usr \
         --sysconfdir=/etc \
         --localstatedir=/var \
@@ -127,7 +153,7 @@ RUN --network=none <<-EOF
         --disable-vnc \
         --disable-vnc-jpeg \
         --disable-xen
-    make ARFLAGS="rc"
+    make ARFLAGS="rc" -j "$(nproc)"
 EOF
 
 FROM build AS install
@@ -135,50 +161,8 @@ RUN --network=none <<-EOF
     make DESTDIR=/rootfs install
     rm -rf /rootfs/var/run
     strip /rootfs/usr/bin/qemu-*
-    # These are not currently deterministic so we can't release them yet
-    rm -rf /rootfs/usr/bin/qemu-aarch64
-    rm -rf /rootfs/usr/bin/qemu-aarch64_be
-    rm -rf /rootfs/usr/bin/qemu-arm
-    rm -rf /rootfs/usr/bin/qemu-armeb
-    rm -rf /rootfs/usr/bin/qemu-hexagon
-    rm -rf /rootfs/usr/bin/qemu-hppa
-    rm -rf /rootfs/usr/bin/qemu-loongarch64
-    rm -rf /rootfs/usr/bin/qemu-microblaze
-    rm -rf /rootfs/usr/bin/qemu-microblazeel
-    rm -rf /rootfs/usr/bin/qemu-mips
-    rm -rf /rootfs/usr/bin/qemu-mips64
-    rm -rf /rootfs/usr/bin/qemu-mips64el
-    rm -rf /rootfs/usr/bin/qemu-mipsel
-    rm -rf /rootfs/usr/bin/qemu-mipsn32
-    rm -rf /rootfs/usr/bin/qemu-mipsn32el
-    rm -rf /rootfs/usr/bin/qemu-or1k
-    rm -rf /rootfs/usr/bin/qemu-ppc
-    rm -rf /rootfs/usr/bin/qemu-ppc64
-    rm -rf /rootfs/usr/bin/qemu-ppc64le
-    rm -rf /rootfs/usr/bin/qemu-riscv32
-    rm -rf /rootfs/usr/bin/qemu-riscv64
-    rm -rf /rootfs/usr/bin/qemu-sparc
-    rm -rf /rootfs/usr/bin/qemu-sparc32plus
-    rm -rf /rootfs/usr/bin/qemu-sparc64
-    rm -rf /rootfs/usr/bin/qemu-system-aarch64
-    rm -rf /rootfs/usr/bin/qemu-system-arm
-    rm -rf /rootfs/usr/bin/qemu-system-avr
-    rm -rf /rootfs/usr/bin/qemu-system-hppa
-    rm -rf /rootfs/usr/bin/qemu-system-loongarch64
-    rm -rf /rootfs/usr/bin/qemu-system-microblaze
-    rm -rf /rootfs/usr/bin/qemu-system-microblazeel
-    rm -rf /rootfs/usr/bin/qemu-system-mips
-    rm -rf /rootfs/usr/bin/qemu-system-mips64
-    rm -rf /rootfs/usr/bin/qemu-system-mips64el
-    rm -rf /rootfs/usr/bin/qemu-system-mipsel
-    rm -rf /rootfs/usr/bin/qemu-system-or1k
-    rm -rf /rootfs/usr/bin/qemu-system-ppc
-    rm -rf /rootfs/usr/bin/qemu-system-ppc64
-    rm -rf /rootfs/usr/bin/qemu-system-riscv32
-    rm -rf /rootfs/usr/bin/qemu-system-riscv64
-    rm -rf /rootfs/usr/bin/qemu-system-rx
-    rm -rf /rootfs/usr/bin/qemu-system-sparc
-    rm -rf /rootfs/usr/bin/qemu-system-sparc64
+    install -vDm 644 pc-bios/optionrom/*.bin -t /rootfs/usr/share/qemu
+    install -vDm 644 pc-bios/optionrom/*.img -t /rootfs/usr/share/qemu
 EOF
 
 FROM stagex/filesystem AS package