pkgs/tools/misc/grub/trusted.nix at release-16.03-start

pyrox.dev / nixpkgs
fork
lol
fork
nixpkgs / pkgs / tools / misc / grub / trusted.nix
at release-16.03-start 99 lines 3.1 kB view raw
wrap content
Thomas Strobel nixos trustedGRUB: add support for HP laptops 10y ago
d856841b
 1{ stdenv, fetchurl, fetchgit, autogen, flex, bison, python, autoconf, automake
 2, gettext, ncurses, libusb, freetype, qemu, devicemapper
 3, for_HP_laptop ? false
 4}:
 5
 6with stdenv.lib;
 7let
 8  pcSystems = {
 9    "i686-linux".target = "i386";
10    "x86_64-linux".target = "i386";
11  };
12
13  inPCSystems = any (system: stdenv.system == system) (mapAttrsToList (name: _: name) pcSystems);
14
15  version = if for_HP_laptop then "1.2.1" else "1.2.0";
16
17  unifont_bdf = fetchurl {
18    url = "http://unifoundry.com/unifont-5.1.20080820.bdf.gz";
19    sha256 = "0s0qfff6n6282q28nwwblp5x295zd6n71kl43xj40vgvdqxv0fxx";
20  };
21
22  po_src = fetchurl {
23    name = "grub-2.02-beta2.tar.gz";
24    url = "http://alpha.gnu.org/gnu/grub/grub-2.02~beta2.tar.gz";
25    sha256 = "1lr9h3xcx0wwrnkxdnkfjwy08j7g7mdlmmbdip2db4zfgi69h0rm";
26
27  };
28
29in
30
31stdenv.mkDerivation rec {
32  name = "trustedGRUB2-${version}";
33
34  src = if for_HP_laptop
35        then fetchgit {
36          url = "https://github.com/Sirrix-AG/TrustedGRUB2";
37          rev = "ab483d389bda3115ca0ae4202fd71f2e4a31ad41";
38          sha256 = "4b715837f8632278720d8b29aec06332f5302c6ba78183ced5f48d3c376d89c0";
39        }
40        else fetchgit {
41          url = "https://github.com/Sirrix-AG/TrustedGRUB2";
42          rev = "1ff54a5fbe02ea01df5a7de59b1e0201e08d4f76";
43          sha256 = "8c17bd7e14dd96ae9c4e98723f4e18ec6b21d45ac486ecf771447649829d0b34";
44        };
45
46  nativeBuildInputs = [ autogen flex bison python autoconf automake ];
47  buildInputs = [ ncurses libusb freetype gettext devicemapper ]
48    ++ optional doCheck qemu;
49
50  preConfigure =
51    '' for i in "tests/util/"*.in
52       do
53         sed -i "$i" -e's|/bin/bash|/bin/sh|g'
54       done
55
56       # Apparently, the QEMU executable is no longer called
57       # `qemu-system-i386', even on i386.
58       #
59       # In addition, use `-nodefaults' to avoid errors like:
60       #
61       #  chardev: opening backend "stdio" failed
62       #  qemu: could not open serial device 'stdio': Invalid argument
63       #
64       # See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>.
65       sed -i "tests/util/grub-shell.in" \
66           -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g'
67    '';
68
69  prePatch =
70    '' tar zxf ${po_src} grub-2.02~beta2/po
71       rm -rf po
72       mv grub-2.02~beta2/po po
73       sh autogen.sh
74       gunzip < "${unifont_bdf}" > "unifont.bdf"
75       sed -i "configure" \
76           -e "s|/usr/src/unifont.bdf|$PWD/unifont.bdf|g"
77    '';
78
79  patches = [ ./fix-bash-completion.patch ];
80
81  # save target that grub is compiled for
82  grubTarget = if inPCSystems
83               then "${pcSystems.${stdenv.system}.target}-pc"
84               else "";
85
86  doCheck = false;
87  enableParallelBuilding = true;
88
89  postInstall = ''
90    paxmark pms $out/sbin/grub-{probe,bios-setup}
91  '';
92
93  meta = with stdenv.lib; {
94    description = "GRUB 2.0 extended with TCG (TPM) support for integrity measured boot process (trusted boot)";
95    homepage = https://github.com/Sirrix-AG/TrustedGRUB2;
96    license = licenses.gpl3Plus;
97    platforms = platforms.gnu;
98  };
99}
Configure Feed

Configure Feed
