From 7f4a5d13bdf57fd99d5b4fff1ef877dfaa70b8c9 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 15 May 2023 01:12:35 +0200 Subject: [PATCH] lanzaboote-tool: init at 0.3.0 --- pkgs/by-name/la/lanzaboote-tool/package.nix | 55 +++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 pkgs/by-name/la/lanzaboote-tool/package.nix diff --git a/pkgs/by-name/la/lanzaboote-tool/package.nix b/pkgs/by-name/la/lanzaboote-tool/package.nix new file mode 100644 index 000000000000..919ab7d68f2c --- /dev/null +++ b/pkgs/by-name/la/lanzaboote-tool/package.nix @@ -0,0 +1,55 @@ +{ systemd +, stdenv +, makeWrapper +, binutils-unwrapped +, sbsigntool +, rustPlatform +, fetchFromGitHub +, lib +}: +rustPlatform.buildRustPackage rec { + pname = "lanzaboote-tool"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "nix-community"; + repo = "lanzaboote"; + rev = "v${version}"; + hash = "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs="; + }; + + sourceRoot = "source/rust/tool"; + cargoHash = "sha256-g4WzqfH6DZVUuNb0jV3MFdm3h7zy2bQ6d3agrXesWgc="; + + env.TEST_SYSTEMD = systemd; + doCheck = lib.meta.availableOn stdenv.hostPlatform systemd; + + nativeBuildInputs = [ + makeWrapper + ]; + + postInstall = '' + # Clean PATH to only contain what we need to do objcopy. + # This is still an unwrapped lanzaboote tool lacking of the + # UEFI stub location. + mv $out/bin/lzbt $out/bin/lzbt-unwrapped + wrapProgram $out/bin/lzbt-unwrapped \ + --set PATH ${lib.makeBinPath [ binutils-unwrapped sbsigntool ]} + ''; + + nativeCheckInputs = [ + binutils-unwrapped + sbsigntool + ]; + + meta = with lib; { + description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems"; + homepage = "https://github.com/nix-community/lanzaboote"; + license = licenses.gpl3Only; + mainProgram = "lzbt"; + maintainers = with maintainers; [ raitobezarius nikstur ]; + # Broken on aarch64-linux and any other architecture for now. + # Wait for 0.4.0. + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +}