From dce3b74f0eee68abf0d0f2505f851e88ffeb5e5a Mon Sep 17 00:00:00 2001
From: Xuhai Chang <xuhai.oerv@isrc.iscas.ac.cn>
Date: Thu, 14 Aug 2025 03:43:59 +0000
Subject: [PATCH] add support for riscv architecture

improve code quality
---
 Dockerfile                                    |  2 +-
 bootstrap.sh                                  | 49 +++++++++++++++++++
 build.sh                                      | 13 +++--
 mantle/platform/qemu.go                       |  7 +++
 riscv-notice.md                               |  7 +++
 src/cmd-buildextend-metal                     |  2 +-
 src/create_disk.sh                            | 34 ++++++++++---
 src/deps.txt                                  |  2 +-
 src/vmdeps-riscv64.txt                        |  8 +++
 .../vishvananda/netns/netns_linux_riscv64.go  |  7 +++
 10 files changed, 118 insertions(+), 13 deletions(-)
 create mode 100755 bootstrap.sh
 create mode 100644 riscv-notice.md
 create mode 100644 src/vmdeps-riscv64.txt
 create mode 100644 vendor/github.com/vishvananda/netns/netns_linux_riscv64.go

diff --git a/Dockerfile b/Dockerfile
index 620db5aa..5f366248 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM openeuler-22.03-lts-sp4:latest
+FROM openeuler-24.03-lts-sp2
 WORKDIR /root/containerbuild
 
 # Keep this Dockerfile idempotent for local development rebuild use cases.
diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 00000000..5121d2b6
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+set -e 
+set -o pipefail
+# 默认的 OCI 运行时
+RUNTIME="docker"
+
+# 解析命令行选项
+while [[ $# -gt 0 ]]; do
+  key="$1"
+  case $key in
+    -r|--runtime)
+      RUNTIME="$2"
+      shift # 移过参数名
+      shift # 移过参数值
+      ;;
+    *)
+      # 未知选项
+      echo "未知选项: $1"
+      exit 1
+      ;;
+  esac
+done
+
+# 验证运行时
+if [[ "$RUNTIME" != "docker" && "$RUNTIME" != "podman" ]]; then
+  echo "无效的运行时: '$RUNTIME'. 请使用 'docker' 或 'podman'."
+  exit 1
+fi
+
+arch=$(uname -m)
+if ! command -v curl &>/dev/null; then
+    echo "请先安装 curl"
+    exit 1
+fi
+if ! command -v xz &>/dev/null; then
+    echo "请先安装 xz"
+    exit 1
+fi
+if ! command -v "$RUNTIME" &>/dev/null; then
+    echo "未找到 '$RUNTIME'，请先安装它。"
+    exit 1
+fi
+
+echo "将使用 '$RUNTIME' 导入镜像..."
+# 下载、解压并导入镜像
+curl -L "https://repo.openeuler.org/openEuler-24.03-LTS-SP2/docker_img/${arch}/openEuler-docker.${arch}.tar.xz" | xz -d | "$RUNTIME" load
+echo "镜像导入完成 将启动构建"
+"$RUNTIME" build -t nestos-assembler:latest .
+echo "镜像构建完成 名称:nestos-assembler"
\ No newline at end of file
diff --git a/build.sh b/build.sh
index f0a2a58a..18d55eb9 100755
--- a/build.sh
+++ b/build.sh
@@ -28,10 +28,15 @@ configure_yum_repos() {
     rm -rf /etc/yum.repos.d/*
 
     # Consistent with the base image, current: openeuler 22.03-LTS-SP4
-    echo -e "[${version_id}-SP4-NestOS]\nname=NestOS\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/multi_version/NestOS/For-Container/20240628/$arch/\ngpgcheck=0\npriority=2\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
-    echo -e "[${version_id}-SP4-everything]\nname=everything\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/everything/$arch/\ngpgcheck=0\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
-    echo -e "[${version_id}-SP4-EPOL]\nname=EPOL\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/$arch/\ngpgcheck=0\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
-    echo -e "[${version_id}-SP4-extra]\nname=extra\nenabled=1\nmetadata_expire=1m\nbaseurl=https://nestos.org.cn/NestOS-22.03-LTS-SP4/For-Container/20240628/$arch/\ngpgcheck=0\npriority=1\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+#    echo -e "[${version_id}-SP4-NestOS]\nname=NestOS\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/multi_version/NestOS/For-Container/20240628/$arch/\ngpgcheck=0\npriority=2\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+ #   echo -e "[${version_id}-SP4-everything]\nname=everything\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/everything/$arch/\ngpgcheck=0\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+  #  echo -e "[${version_id}-SP4-EPOL]\nname=EPOL\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/$arch/\ngpgcheck=0\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+   echo -e "[${version_id}-patch]\nname=patch\nenabled=1\nmetadata_expire=1m\nbaseurl=https://build-repo.tarsier-infra.isrc.ac.cn/home:/mahno:/NestOS-patch/openEuler_24.03/\ngpgcheck=0\npriority=1\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+
+ echo -e "[${version_id}-NestOS]\nname=NestOS\nenabled=1\nmetadata_expire=1m\nbaseurl=https://build-repo.tarsier-infra.isrc.ac.cn/home:/mahno:/openEuler_24.03_LTS_SP1_Epol_Multi-Version_NestOS_For-Container/openEuler_24.03_SP2_Everything/\ngpgcheck=0\npriority=2\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+    echo -e "[${version_id}-everything]\nname=everything\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-24.03-LTS/everything/$arch/\ngpgcheck=0\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+    echo -e "[${version_id}-EPOL]\nname=EPOL\nenabled=1\nmetadata_expire=1m\nbaseurl=https://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$arch/\ngpgcheck=0\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
+    echo -e "[${version_id}-extra]\nname=extra\nenabled=1\nmetadata_expire=1m\nbaseurl=https://build-repo.tarsier-infra.isrc.ac.cn/home:/mahno:/NestOS-extra/openEuler_24.03/\ngpgcheck=0\npriority=1\nskip_if_unavailable=False\n" >> /etc/yum.repos.d/nestos-sp4.repo
 }
 
 install_rpms() {
diff --git a/mantle/platform/qemu.go b/mantle/platform/qemu.go
index 38e6bafc..995d2e54 100644
--- a/mantle/platform/qemu.go
+++ b/mantle/platform/qemu.go
@@ -592,6 +592,8 @@ func virtio(arch, device, args string) string {
 		suffix = "pci"
 	case "s390x":
 		suffix = "ccw"
+	case "riscv64":
+		suffix = "device"
 	default:
 		panic(fmt.Sprintf("RpmArch %s unhandled in virtio()", arch))
 	}
@@ -1357,6 +1359,11 @@ func baseQemuArgs(arch string, memoryMiB int) ([]string, error) {
 			// https://qemu.readthedocs.io/en/latest/system/ppc/pseries.html#switching-between-the-kvm-pr-and-kvm-hv-kernel-module
 			"-machine", "pseries,kvm-type=HV," + machineArg,
 		}
+	case "riscv64":
+		ret = []string{
+			"qemu-system-riscv64",
+			"-machine", "virt," + machineArg,
+		}
 	default:
 		return nil, fmt.Errorf("architecture %s not supported for qemu", arch)
 	}
diff --git a/riscv-notice.md b/riscv-notice.md
new file mode 100644
index 00000000..202d4a1b
--- /dev/null
+++ b/riscv-notice.md
@@ -0,0 +1,7 @@
+# 在RISC-V架构下的使用注意
+
+### KVM相关
+截至2025年8月，RISC-V尚未有支持硬件虚拟化的平台发布，KVM不可用。`nosa build`命令需要设置`COSA_NO_KVM`环境变量才能正常构建。
+
+### 安全启动相关
+截至2025年8月，shim软件包尚未正式支持RISC-V平台，UEFI安全启动支持尚不明确。若您当前的硬件平台要求安全启动，请将其关闭，或者联系社区完善这方面的支持。
\ No newline at end of file
diff --git a/src/cmd-buildextend-metal b/src/cmd-buildextend-metal
index 48af73c7..1da71d61 100755
--- a/src/cmd-buildextend-metal
+++ b/src/cmd-buildextend-metal
@@ -87,7 +87,7 @@ if [ $# -ne 0 ]; then
 fi
 
 case "$basearch" in
-    "x86_64"|"aarch64"|"s390x"|"ppc64le") ;;
+    "x86_64"|"aarch64"|"s390x"|"ppc64le"|"riscv64") ;;
     *) fatal "$basearch is not supported for this command" ;;
 esac
 
diff --git a/src/create_disk.sh b/src/create_disk.sh
index 1a562aae..56a99e55 100755
--- a/src/create_disk.sh
+++ b/src/create_disk.sh
@@ -157,7 +157,18 @@ if [ "${rootfs_size}" != "0" ]; then
 fi
 
 # shellcheck disable=SC2031
+# oh, we didn't make any partition here
 case "$arch" in
+    riscv64)
+        RESERVEDPN=1
+        EFIPN=2
+        sgdisk -Z "$disk" \
+        -U "${uninitialized_gpt_uuid}" \
+        -n ${RESERVEDPN}:0:+1M -c ${RESERVEDPN}:reserved -t ${RESERVEDPN}:8DA63339-0007-60C0-C436-083AC8230908 \
+        -n ${EFIPN}:0:+127M -c ${EFIPN}:EFI-SYSTEM -t ${EFIPN}:C12A7328-F81F-11D2-BA4B-00A0C93EC93B \
+        -n ${BOOTPN}:0:+384M -c ${BOOTPN}:boot \
+        -n ${ROOTPN}:0:"${rootfs_size}" -c ${ROOTPN}:root -t ${ROOTPN}:0FC63DAF-8483-4772-8E79-3D69D8477DE4
+        ;;
     x86_64)
         EFIPN=2
         sgdisk -Z "$disk" \
@@ -400,15 +411,23 @@ install_uefi() {
     # https://github.com/coreos/fedora-coreos-tracker/issues/510
     # See also https://github.com/ostreedev/ostree/pull/1873#issuecomment-524439883
     # Unshare mount ns to work around https://github.com/coreos/bootupd/issues/367
-    unshare -m /usr/bin/bootupctl backend install --src-root="${deploy_root}" "${rootfs}"
     # We have a "static" grub config file that basically configures grub to look
     # in the RAID called "md-boot", if it exists, or the partition labeled "boot".
     local target_efi="$rootfs/boot/efi"
-    local grubefi
-    grubefi=$(find "${target_efi}/EFI/" -maxdepth 1 -type d | grep -v BOOT)
-    local vendor_id="${grubefi##*/}"
-    local vendordir="${target_efi}/EFI/${vendor_id}"
-    mkdir -p "${vendordir}"
+    local vendordir
+    if [ "$arch" = riscv64 ]; then
+        vendordir="${target_efi}/EFI/BOOT"
+        # don't be so serious, just put local grub efi here and it's done
+        mkdir -p "${vendordir}"
+        cp /boot/efi/EFI/openEuler/grubriscv64.efi ${vendordir}/BOOTRISCV64.EFI
+    else
+        unshare -m /usr/bin/bootupctl backend install --src-root="${deploy_root}" "${rootfs}"
+        local grubefi
+        grubefi=$(find "${target_efi}/EFI/" -maxdepth 1 -type d | grep -v BOOT)
+        local vendor_id="${grubefi##*/}"
+        vendordir="${target_efi}/EFI/${vendor_id}"
+        mkdir -p "${vendordir}"
+    fi
     cat > "${vendordir}/grub.cfg" << 'EOF'
 if [ -e (md/md-boot) ]; then
   # The search command might pick a RAID component rather than the RAID,
@@ -475,6 +494,9 @@ generate_gpgkeys() {
 # Other arch-specific bootloader changes
 # shellcheck disable=SC2031
 case "$arch" in
+riscv64)
+    install_uefi
+    ;;
 x86_64)
     # UEFI
     install_uefi
diff --git a/src/deps.txt b/src/deps.txt
index 2185947e..a0704443 100644
--- a/src/deps.txt
+++ b/src/deps.txt
@@ -26,7 +26,7 @@ make git rpm-build
 guestfs-tools libguestfs virtiofsd /usr/bin/qemu-img qemu-kvm swtpm
 # And the main arch emulators for cross-arch testing
 # qemu-system-aarch64-core qemu-system-ppc-core qemu-system-s390x-core qemu-system-x86-core
-qemu-system-aarch64 qemu-system-x86_64
+qemu-system-aarch64 qemu-system-x86_64 qemu-system-riscv
 # cross-arch emulators need these,but openEuler did not provide these packages in every repo currently.
 # edk2-ovmf edk2-aarch64
 
diff --git a/src/vmdeps-riscv64.txt b/src/vmdeps-riscv64.txt
new file mode 100644
index 00000000..df5924dd
--- /dev/null
+++ b/src/vmdeps-riscv64.txt
@@ -0,0 +1,8 @@
+# For grub install when creating images and pxe install
+grub2 grub2-tools-extra
+bootupd
+
+# For creating bootable UEFI media on aarch64
+grub2-efi-riscv64
+
+edk2-ovmf-riscv64
\ No newline at end of file
diff --git a/vendor/github.com/vishvananda/netns/netns_linux_riscv64.go b/vendor/github.com/vishvananda/netns/netns_linux_riscv64.go
new file mode 100644
index 00000000..6ed687ce
--- /dev/null
+++ b/vendor/github.com/vishvananda/netns/netns_linux_riscv64.go
@@ -0,0 +1,7 @@
+// +build linux,riscv64
+
+package netns
+
+const (
+    SYS_SETNS = 268
+)
-- 
Gitee