pkgs/tools/security/chipsec/default.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / tools / security / chipsec / default.nix
at master 2.5 kB view raw
 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  kernel ? null,
 6  elfutils,
 7  nasm,
 8  python3,
 9  withDriver ? false,
10}:
11
12python3.pkgs.buildPythonApplication rec {
13  pname = "chipsec";
14  version = "1.10.6";
15  format = "setuptools";
16
17  disabled = !stdenv.hostPlatform.isLinux;
18
19  src = fetchFromGitHub {
20    owner = "chipsec";
21    repo = "chipsec";
22    rev = version;
23    hash = "sha256-+pbFG1SmSO/cnt1e+kel7ereC0I1OCJKKsS0KaJDWdc=";
24  };
25
26  patches = lib.optionals withDriver [
27    ./ko-path.diff
28    ./compile-ko.diff
29  ];
30
31  postPatch = ''
32    substituteInPlace tests/software/util.py \
33      --replace-fail "assertRegexpMatches" "assertRegex"
34  '';
35
36  KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
37
38  nativeBuildInputs = [
39    nasm
40  ]
41  ++ lib.optionals (lib.meta.availableOn stdenv.buildPlatform elfutils) [
42    elfutils
43  ]
44  ++ lib.optionals withDriver kernel.moduleBuildDependencies;
45
46  nativeCheckInputs = with python3.pkgs; [
47    distro
48    pytestCheckHook
49  ];
50
51  preBuild = lib.optionalString withDriver ''
52    export CHIPSEC_BUILD_LIB=$(mktemp -d)
53    mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux
54    appendToVar setupPyBuildFlags "--build-lib=$CHIPSEC_BUILD_LIB"
55  '';
56
57  env.NIX_CFLAGS_COMPILE = toString [
58    # Needed with GCC 12
59    "-Wno-error=dangling-pointer"
60  ];
61
62  preInstall = lib.optionalString withDriver ''
63    mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux
64    mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \
65      $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko
66  '';
67
68  setupPyBuildFlags = lib.optionals (!withDriver) [
69    "--skip-driver"
70  ];
71
72  pythonImportsCheck = [
73    "chipsec"
74  ];
75
76  meta = with lib; {
77    description = "Platform Security Assessment Framework";
78    longDescription = ''
79      CHIPSEC is a framework for analyzing the security of PC platforms
80      including hardware, system firmware (BIOS/UEFI), and platform components.
81      It includes a security test suite, tools for accessing various low level
82      interfaces, and forensic capabilities. It can be run on Windows, Linux,
83      Mac OS X and UEFI shell.
84    '';
85    license = licenses.gpl2Only;
86    homepage = "https://github.com/chipsec/chipsec";
87    maintainers = with maintainers; [
88      johnazoidberg
89      erdnaxe
90    ];
91    platforms = [ "x86_64-linux" ] ++ lib.optional (!withDriver) "x86_64-darwin";
92    # https://github.com/chipsec/chipsec/issues/1793
93    broken = withDriver && kernel.kernelOlder "5.4" && kernel.isHardened;
94  };
95}