chore(deps): bump log from 0.4.28 to 0.4.29 in the cargo-updates group

Bumps the cargo-updates group with 1 update: [log](https://github.com/rust-lang/log).


Updates `log` from 0.4.28 to 0.4.29
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.28...0.4.29)

---
updated-dependencies:
- dependency-name: log
  dependency-version: 0.4.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo-updates
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/ci-actions.yml

@@ -25,7 +25,7 @@ jobs:
       actions: read # Needed to analyze action metadata.
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 

.github/workflows/ci-code.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 
@@ -51,7 +51,7 @@ jobs:
     name: 'build ${{ matrix.arch }}'
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 
@@ -80,7 +80,7 @@ jobs:
     name: 'clippy ${{ matrix.arch }}'
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 

.github/workflows/codeql.yml

@@ -37,7 +37,7 @@ jobs:
           build-mode: none
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 

.github/workflows/publish.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 
@@ -53,3 +53,4 @@ jobs:
       with:
         subject-name: artifacts.zip
         subject-digest: "sha256:${{ steps.upload.outputs.artifact-digest }}"
+      if: github.event_name != 'pull_request'

.github/workflows/release.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
       with:
         egress-policy: audit
 

Cargo.lock

@@ -123,9 +123,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
 [[package]]
 name = "jaarg"
-version = "0.2.1"
+version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b216e5405f7e759ee0d16007f9d5c3346f9803a2e86cf01fc8df8baac43d0fa"
+checksum = "534d589df1ef528a238f4bc4b1db081a1280f3aedf2695fd8971e9853a7fa4f6"
 
 [[package]]
 name = "libc"
@@ -144,9 +144,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.28"
+version = "0.4.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
 
 [[package]]
 name = "proc-macro2"

Cargo.toml

@@ -16,7 +16,7 @@ edition = "2024"
 
 [workspace.dependencies]
 bitflags = "2.10.0"
-log = "0.4.28"
+log = "0.4.29"
 spin = "0.10.0"
 uefi-raw = "0.13.0"
 
@@ -30,7 +30,7 @@ default-features = false
 features = ["alloc"]
 
 [workspace.dependencies.jaarg]
-version = "0.2.1"
+version = "0.2.2"
 default-features = false
 features = ["alloc"]
 

crates/boot/src/options.rs

@@ -1,10 +1,9 @@
 use alloc::string::{String, ToString};
-use anyhow::{Context, Result, bail};
+use anyhow::Result;
 use core::ptr::null_mut;
-use jaarg::alloc::ParseMapResult;
 use jaarg::{
     ErrorUsageWriter, ErrorUsageWriterContext, HelpWriter, HelpWriterContext, Opt, Opts,
-    StandardErrorUsageWriter, StandardFullHelpWriter,
+    ParseControl, ParseResult, StandardErrorUsageWriter, StandardFullHelpWriter,
 };
 use log::{error, info};
 use uefi_raw::Status;
@@ -45,32 +44,71 @@ impl SproutOptions {
     /// Produces [SproutOptions] from the arguments provided by the UEFI core.
     /// Internally we utilize the `jaarg` argument parser which has excellent no_std support.
     pub fn parse() -> Result<Self> {
+        enum ArgID {
+            Help,
+            AutoConfigure,
+            Config,
+            Boot,
+            ForceMenu,
+            MenuTimeout,
+        }
+
         // All the options for the Sprout executable.
-        const OPTIONS: Opts<&str> = Opts::new(&[
-            Opt::help_flag("help", &["--help"]).help_text("Display Sprout Help"),
-            Opt::flag("autoconfigure", &["--autoconfigure"])
+        const OPTIONS: Opts<ArgID> = Opts::new(&[
+            Opt::help_flag(ArgID::Help, &["--help"]).help_text("Display Sprout Help"),
+            Opt::flag(ArgID::AutoConfigure, &["--autoconfigure"])
                 .help_text("Enable Sprout autoconfiguration"),
-            Opt::value("config", &["--config"], "PATH")
+            Opt::value(ArgID::Config, &["--config"], "PATH")
                 .help_text("Path to Sprout configuration file"),
-            Opt::value("boot", &["--boot"], "ENTRY").help_text("Entry to boot, bypassing the menu"),
-            Opt::flag("force-menu", &["--force-menu"]).help_text("Force showing the boot menu"),
-            Opt::value("menu-timeout", &["--menu-timeout"], "TIMEOUT")
+            Opt::value(ArgID::Boot, &["--boot"], "ENTRY")
+                .help_text("Entry to boot, bypassing the menu"),
+            Opt::flag(ArgID::ForceMenu, &["--force-menu"]).help_text("Force showing the boot menu"),
+            Opt::value(ArgID::MenuTimeout, &["--menu-timeout"], "TIMEOUT")
                 .help_text("Boot menu timeout, in seconds"),
         ]);
 
         // Acquire the arguments as determined by the UEFI core.
         let args = eficore::env::args()?;
 
+        // Use the default value of sprout options and have the raw options be parsed into it.
+        let mut result = Self::default();
+
         // Parse the OPTIONS into a map using jaarg.
-        let parsed = match OPTIONS.parse_map(
+        match OPTIONS.parse(
             "sprout",
             args.iter(),
-            |program_name| {
-                let ctx = HelpWriterContext {
-                    options: &OPTIONS,
-                    program_name,
-                };
-                info!("{}", StandardFullHelpWriter::new(ctx));
+            |program_name, id, _opt, _name, value| {
+                match id {
+                    ArgID::AutoConfigure => {
+                        // Enable autoconfiguration.
+                        result.autoconfigure = true;
+                    }
+                    ArgID::Config => {
+                        // The configuration file to load.
+                        result.config = value.into();
+                    }
+                    ArgID::Boot => {
+                        // The entry to boot.
+                        result.boot = Some(value.into());
+                    }
+                    ArgID::ForceMenu => {
+                        // Force showing of the boot menu.
+                        result.force_menu = true;
+                    }
+                    ArgID::MenuTimeout => {
+                        // The timeout for the boot menu in seconds.
+                        result.menu_timeout = Some(value.parse::<u64>()?);
+                    }
+                    ArgID::Help => {
+                        let ctx = HelpWriterContext {
+                            options: &OPTIONS,
+                            program_name,
+                        };
+                        info!("{}", StandardFullHelpWriter::new(ctx));
+                        return Ok(ParseControl::Quit);
+                    }
+                }
+                Ok(ParseControl::Continue)
             },
             |program_name, error| {
                 let ctx = ErrorUsageWriterContext {
@@ -81,52 +119,14 @@ impl SproutOptions {
                 error!("{}", StandardErrorUsageWriter::new(ctx));
             },
         ) {
-            ParseMapResult::Map(map) => map,
-            ParseMapResult::ExitSuccess => unsafe {
+            ParseResult::ContinueSuccess => Ok(result),
+            ParseResult::ExitSuccess => unsafe {
                 uefi::boot::exit(uefi::boot::image_handle(), Status::SUCCESS, 0, null_mut());
             },
 
-            ParseMapResult::ExitFailure => unsafe {
+            ParseResult::ExitError => unsafe {
                 uefi::boot::exit(uefi::boot::image_handle(), Status::ABORTED, 0, null_mut());
             },
-        };
-
-        // Use the default value of sprout options and have the raw options be parsed into it.
-        let mut result = Self::default();
-
-        for (key, value) in parsed {
-            match key {
-                "autoconfigure" => {
-                    // Enable autoconfiguration.
-                    result.autoconfigure = true;
-                }
-
-                "config" => {
-                    // The configuration file to load.
-                    result.config = value;
-                }
-
-                "boot" => {
-                    // The entry to boot.
-                    result.boot = Some(value);
-                }
-
-                "force-menu" => {
-                    // Force showing of the boot menu.
-                    result.force_menu = true;
-                }
-
-                "menu-timeout" => {
-                    // The timeout for the boot menu in seconds.
-                    let value = value
-                        .parse::<u64>()
-                        .context("menu-timeout must be a number")?;
-                    result.menu_timeout = Some(value);
-                }
-
-                _ => bail!("unknown option: --{key}"),
-            }
         }
-        Ok(result)
     }
 }

hack/dev/boot.sh

@@ -40,9 +40,9 @@ else
 			set -- "${@}" -serial stdio
 		else
 			set -- "${@}" \
-				-device virtio-serial-pci,id=vs0 \
-				-chardev stdio,id=stdio0,signal=off \
-				-device virtconsole,chardev=stdio0,id=console0
+				-device 'virtio-serial-pci,id=vs0' \
+				-chardev 'stdio,id=stdio0,signal=off' \
+				-device 'virtconsole,chardev=stdio0,id=console0,name=alpine'
 		fi
 	fi
 
@@ -64,8 +64,8 @@ fi
 
 if [ "${NO_NETWORK}" != "1" ]; then
 	set -- "${@}" \
-		-netdev user,id=network0 \
-		-device virtio-net-pci,netdev=network0
+		-netdev 'user,id=network0' \
+		-device 'virtio-net-pci,netdev=network0'
 fi
 
 rm -f "${FINAL_DIR}/ovmf-boot.fd"
@@ -76,7 +76,7 @@ fi
 # shellcheck disable=SC2086
 set -- "${@}" \
 	-drive "if=pflash,file=${FINAL_DIR}/ovmf-boot.fd,format=raw,readonly=on" \
-	-device nvme,drive=disk1,serial=cafebabe
+	-device 'nvme,drive=disk1,serial=cafebabe'
 
 set -- "${@}" \
 	-drive "if=none,file=${FINAL_DIR}/sprout.img,format=raw,id=disk1,readonly=on"

hack/dev/build.sh

@@ -72,6 +72,7 @@ if [ "${SKIP_KERNEL_BUILD}" != "1" ]; then
 	fi
 
 	copy_from_image "${DOCKER_PREFIX}/sprout-kernel-${TARGET_ARCH}" "kernel.efi" "${FINAL_DIR}/kernel.efi"
+	copy_from_image "${DOCKER_PREFIX}/sprout-kernel-${TARGET_ARCH}" "kernel.modules.tgz" "${FINAL_DIR}/kernel.modules.tgz"
 fi
 
 if [ "${SKIP_VM_BUILD}" != "1" ]; then
@@ -80,8 +81,12 @@ if [ "${SKIP_VM_BUILD}" != "1" ]; then
 		-f hack/dev/vm/Dockerfile.ovmf "${FINAL_DIR}"
 	copy_from_image "${DOCKER_PREFIX}/sprout-ovmf-${TARGET_ARCH}" "ovmf.fd" "${FINAL_DIR}/ovmf.fd"
 	copy_from_image "${DOCKER_PREFIX}/sprout-ovmf-${TARGET_ARCH}" "shell.efi" "${FINAL_DIR}/shell.efi"
+	rm -rf "${FINAL_DIR}/initramfs.build"
+	mkdir -p "${FINAL_DIR}/initramfs.build"
+	cp -r "hack/dev/vm/files" "${FINAL_DIR}/initramfs.build/files"
+	cp "${FINAL_DIR}/kernel.modules.tgz" "${FINAL_DIR}/initramfs.build/kernel.modules.tgz"
 	docker build --platform="${DOCKER_TARGET}" -t "${DOCKER_PREFIX}/sprout-initramfs-${TARGET_ARCH}:${DOCKER_TAG}" \
-		-f hack/dev/vm/Dockerfile.initramfs "hack/dev/vm"
+		-f hack/dev/vm/Dockerfile.initramfs "${FINAL_DIR}/initramfs.build"
 	copy_from_image "${DOCKER_PREFIX}/sprout-initramfs-${TARGET_ARCH}" "initramfs" "${FINAL_DIR}/initramfs"
 
 	if [ -n "${SPROUT_XEN_EFI_OVERRIDE}" ]; then

hack/dev/kernel/Dockerfile

@@ -32,6 +32,9 @@ ENV BUILDPLATFORM=${BUILDPLATFORM}
 ENV TARGETPLATFORM=${TARGETPLATFORM}
 WORKDIR /build/src
 RUN /build/docker-build.sh
+COPY --chown=build:build docker-install.sh /build/docker-install.sh
+RUN /build/docker-install.sh
 
 FROM scratch AS final
 COPY --from=build /build/src/kernel.image /kernel.efi
+COPY --from=build /build/src/kernel.modules.tgz /kernel.modules.tgz

hack/dev/kernel/docker-build.sh

@@ -28,13 +28,17 @@ else
 	exit 1
 fi
 
+echo "CROSS_COMPILE=${MAYBE_CROSS_COMPILE}" > kernel.buildenv
+echo "TARGET_KARCH=${TARGET_KARCH}" >> kernel.buildenv
+
 make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" defconfig
 if [ "${TARGET_KARCH}" = "x86_64" ]; then
 	make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" xen.config
 	./scripts/config -e XEN_PV
 	./scripts/config -e XEN_PV_DOM0
 fi
-make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" mod2yesconfig
+
+./scripts/config -e BPF_SYSCALL
 
 ./scripts/config -e UEVENT_HELPER
 ./scripts/config --set-str UEVENT_HELPER_PATH "/sbin/hotplug"
@@ -46,8 +50,11 @@ make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" mod2yesconfig
 
 ./scripts/config -e XEN_DOM0
 
+make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" mod2noconfig
+
 make "-j$(nproc)" CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}"
 
 [ -f "arch/x86/boot/bzImage" ] && cp "arch/x86/boot/bzImage" kernel.image
 [ -f "arch/arm64/boot/Image.gz" ] && gzip -d <"arch/arm64/boot/Image.gz" >kernel.image
+
 exit 0

hack/dev/kernel/docker-install.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+. /build/src/kernel.buildenv
+
+[ -f "arch/x86/boot/bzImage" ] && cp "arch/x86/boot/bzImage" kernel.image
+[ -f "arch/arm64/boot/Image.gz" ] && gzip -d <"arch/arm64/boot/Image.gz" >kernel.image
+
+make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" INSTALL_MOD_PATH="/build/install" modules_install
+cd /build/install
+tar czpf /build/src/kernel.modules.tgz .

hack/dev/vm/Dockerfile.initramfs

@@ -1,5 +1,5 @@
 FROM alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 AS rootfs
-RUN apk --no-cache add alpine-base tzdata ifupdown-ng agetty
+RUN apk --no-cache add alpine-base tzdata wireless-regdb ifupdown-ng agetty
 RUN rc-update add devfs sysinit && \
     rc-update add dmesg sysinit && \
     rc-update add mdev sysinit && \
@@ -18,6 +18,7 @@ RUN rc-update add devfs sysinit && \
     rm /etc/motd && \
     ln -s /usr/share/zoneinfo/UTC /etc/localtime && \
     echo 'hvc0::respawn:/sbin/agetty --autologin root -L hvc0 115200 vt100' >> /etc/inittab
+ADD kernel.modules.tgz /
 COPY files/interfaces /etc/network/interfaces
 
 FROM alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 AS build