Heads: Add packaging & project metadata

[OPNA2608]

Closes #547

We're running upstream's build setup, which requires significant fetching & some patching to behave nicely.

• We can't download things at build-time, so most of the downloads that heads, and subproject that heads fetches & builds as part of its build process, are extracted & collected into deps.nix, and placed/patched in where needed before starting the build. Or in the case of subprojects that get unpacked during the build, have our patch files prepared & put into place for heads to apply during the build.
• Ahead of the build, heads inspects some things about the system and uses the information for scheduling the build, along with printing this information. For the sake of making it behave the same on different systems & at different times on the same system, we're patching some of those checks & outputs.
• A single board target has been allow-listed, qemu-coreboot-fbwhiptail-tpm1-hotp, because:
  • Allowing too many boards will make CI blow up (it's 50 targets, and CI doesn't do a great job at splitting up CPU cores among them, so 10 jobs running in parallel want to occupy all 16 cores of the CPU... and everything comes to a crawl
  • Alot of boards are broken because we're missing firmware data. And we're missing the firmware data because fetchSubmodules is currently incomplete: fetchgit: pass --checkout when fetching submodules NixOS/nixpkgs#286228
• A VM test has been added, to test booting the qemu-coreboot-fbwhiptail-tpm1-hotp ROM in qemu. We can't test full functionality, but we can at least test for successful booting & the first few menus

VM screenshots (menu images look broken, but OCR'd fine, so likely just an issue with the image taking in non-interactive sessions)

[eljamm]

Would it be possible to split this into smaller PRs? Both so that CI can build the packages properly without timing out and for us to review it better.

[OPNA2608]

Note: I am unhappy to announce that while deps.nix is still 100% generated, the new blobs attrset in package.nix likely belongs in there logically… It was just easier to extract those few downloads with their peculiarities by hand than to hack together an automatable solution for now.

Unlike the mountain of dependencies that is deps.nix, manually updating these by skimming the scripts in /blobs/* should at least be fairly doable.

[OPNA2608]

Would it be possible to split this into smaller PRs? Both so that CI can build the packages properly without timing out and for us to review it better.

To help with CI load, I've only allowed a single board target to be generated for now - heads.qemu-coreboot-fbwhiptail-tpm1-hotp.

The bulk of the code here is still necessary for building even this mostly-emulated board target. The only things I could cut for now are:

• All the blobs files, their collecting & patching of blobs-related code - that's only relevant for boards that have blobs
• Maybe some of the coreboot entries in patches - only need the one that's relevant for the currently allowed board
• I think the openssl patch is also not yet relevant for the board?

If you think cutting them for now is worth it, then I can go ahead with that.

[fricklerhandwerk]

We do have binary artefacts in our data model now! Ah, but complementing them with tests and examples seems not straightforward?

[OPNA2608]

This is used in the test, to have a fixed location where we can find the ROM at. @eljamm said that currently, it's not possible to refer to the binary attrset.

Also, referencing pkgs in binary (in order to point it at the artifact from the build), currently makes eval blow up, which is why it's commented out: #773

[eljamm]

@eljamm said that currently, it's not possible to refer to the binary attrset.

Because it's not mapped back, but we can do this if we need to.

[eljamm]

This looks good to me. As a next step, we need to fix the overview in #773 so we can use the binary type.