tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 stdenv,
4 fetchFromGitHub,
5 fetchurl,
6 flex,
7 bison,
8 bc,
9 cpio,
10 perl,
11 elfutils,
12 python3,
13 variant ? null,
14}:
15
16assert lib.elem variant [
17 null
18 "sev"
19 "tdx"
20];
21
22stdenv.mkDerivation (finalAttrs: {
23 pname = "libkrunfw" + lib.optionalString (variant != null) "-${variant}";
24 version = "5.1.0";
25
26 src = fetchFromGitHub {
27 owner = "containers";
28 repo = "libkrunfw";
29 tag = "v${finalAttrs.version}";
30 hash = "sha256-x9HQP+EqCteoCq2Sl/TQcfdzQC5iuE4gaSKe7tN5dAA=";
31 };
32
33 kernelSrc = fetchurl {
34 url = "mirror://kernel/linux/kernel/v6.x/linux-6.12.62.tar.xz";
35 hash = "sha256-E+LGhayPq13Zkt0QVzJVTa5RSu81DCqMdBjnt062LBM=";
36 };
37
38 postPatch = ''
39 substituteInPlace Makefile \
40 --replace 'curl $(KERNEL_REMOTE) -o $(KERNEL_TARBALL)' 'ln -s $(kernelSrc) $(KERNEL_TARBALL)'
41 '';
42
43 nativeBuildInputs = [
44 flex
45 bison
46 bc
47 cpio
48 perl
49 python3
50 python3.pkgs.pyelftools
51 ];
52
53 buildInputs = [
54 elfutils
55 ];
56
57 makeFlags = [
58 "PREFIX=${placeholder "out"}"
59 ]
60 ++ lib.optionals (variant == "sev") [
61 "SEV=1"
62 ]
63 ++ lib.optionals (variant == "tdx") [
64 "TDX=1"
65 ];
66
67 # Fixes https://github.com/containers/libkrunfw/issues/55
68 NIX_CFLAGS_COMPILE = lib.optionalString stdenv.targetPlatform.isAarch64 "-march=armv8-a+crypto";
69
70 enableParallelBuilding = true;
71
72 meta = {
73 description = "Dynamic library bundling the guest payload consumed by libkrun";
74 homepage = "https://github.com/containers/libkrunfw";
75 license = with lib.licenses; [
76 lgpl2Only
77 lgpl21Only
78 ];
79 maintainers = with lib.maintainers; [
80 nickcao
81 RossComputerGuy
82 nrabulinski
83 ];
84 platforms = [
85 "x86_64-linux"
86 ]
87 ++ lib.optionals (variant == null) [
88 "aarch64-linux"
89 "riscv64-linux"
90 ];
91 };
92})