pkgs/tools/misc/grub/trusted.nix at 18.03-beta

pyrox.dev / nixpkgs
fork atom
lol
fork atom
nixpkgs / pkgs / tools / misc / grub / trusted.nix
at 18.03-beta 103 lines 3.2 kB view raw
wrap content
Robin Gloster trustedGroup: fix build 9y ago
86d9de38
  1{ stdenv, fetchurl, fetchgit, autogen, flex, bison, python, autoconf, automake
  2, gettext, ncurses, libusb, freetype, qemu, devicemapper
  3, for_HP_laptop ? false
  4}:
  5
  6with stdenv.lib;
  7let
  8  pcSystems = {
  9    "i686-linux".target = "i386";
 10    "x86_64-linux".target = "i386";
 11  };
 12
 13  inPCSystems = any (system: stdenv.system == system) (mapAttrsToList (name: _: name) pcSystems);
 14
 15  version = if for_HP_laptop then "1.2.1" else "1.2.0";
 16
 17  unifont_bdf = fetchurl {
 18    url = "http://unifoundry.com/unifont-5.1.20080820.bdf.gz";
 19    sha256 = "0s0qfff6n6282q28nwwblp5x295zd6n71kl43xj40vgvdqxv0fxx";
 20  };
 21
 22  po_src = fetchurl {
 23    name = "grub-2.02-beta2.tar.gz";
 24    url = "http://alpha.gnu.org/gnu/grub/grub-2.02~beta2.tar.gz";
 25    sha256 = "1lr9h3xcx0wwrnkxdnkfjwy08j7g7mdlmmbdip2db4zfgi69h0rm";
 26
 27  };
 28
 29in
 30
 31stdenv.mkDerivation rec {
 32  name = "trustedGRUB2-${version}";
 33
 34  src = if for_HP_laptop
 35        then fetchgit {
 36          url = "https://github.com/Sirrix-AG/TrustedGRUB2";
 37          rev = "ab483d389bda3115ca0ae4202fd71f2e4a31ad41";
 38          sha256 = "1760d9hsnqkdvlag9nn8f613mqhnsxmidgvdkpmb37b0yi7p6lhz";
 39        }
 40        else fetchgit {
 41          url = "https://github.com/Sirrix-AG/TrustedGRUB2";
 42          rev = "1ff54a5fbe02ea01df5a7de59b1e0201e08d4f76";
 43          sha256 = "0yrfwx67gpg9gij5raq0cfbx3jj769lkg3diqgb7i9n86hgcdh4k";
 44        };
 45
 46  nativeBuildInputs = [ autogen flex bison python autoconf automake ];
 47  buildInputs = [ ncurses libusb freetype gettext devicemapper ]
 48    ++ optional doCheck qemu;
 49
 50  hardeningDisable = [ "stackprotector" "pic" ];
 51
 52  NIX_CFLAGS_COMPILE = "-Wno-error"; # generated code redefines yyfree
 53
 54  preConfigure =
 55    '' for i in "tests/util/"*.in
 56       do
 57         sed -i "$i" -e's|/bin/bash|/bin/sh|g'
 58       done
 59
 60       # Apparently, the QEMU executable is no longer called
 61       # `qemu-system-i386', even on i386.
 62       #
 63       # In addition, use `-nodefaults' to avoid errors like:
 64       #
 65       #  chardev: opening backend "stdio" failed
 66       #  qemu: could not open serial device 'stdio': Invalid argument
 67       #
 68       # See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>.
 69       sed -i "tests/util/grub-shell.in" \
 70           -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g'
 71    '';
 72
 73  prePatch =
 74    '' tar zxf ${po_src} grub-2.02~beta2/po
 75       rm -rf po
 76       mv grub-2.02~beta2/po po
 77       sh autogen.sh
 78       gunzip < "${unifont_bdf}" > "unifont.bdf"
 79       sed -i "configure" \
 80           -e "s|/usr/src/unifont.bdf|$PWD/unifont.bdf|g"
 81    '';
 82
 83  patches = [ ./fix-bash-completion.patch ];
 84
 85  # save target that grub is compiled for
 86  grubTarget = if inPCSystems
 87               then "${pcSystems.${stdenv.system}.target}-pc"
 88               else "";
 89
 90  doCheck = false;
 91  enableParallelBuilding = true;
 92
 93  postInstall = ''
 94    paxmark pms $out/sbin/grub-{probe,bios-setup}
 95  '';
 96
 97  meta = with stdenv.lib; {
 98    description = "GRUB 2.0 extended with TCG (TPM) support for integrity measured boot process (trusted boot)";
 99    homepage = https://github.com/Sirrix-AG/TrustedGRUB2;
100    license = licenses.gpl3Plus;
101    platforms = platforms.gnu;
102  };
103}