diff options
author | nikstur <nikstur@outlook.com> | 2023-10-28 23:54:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-28 23:54:55 +0200 |
commit | 14e0dcb26dc75fdc112e0a631926f407dbc719ab (patch) | |
tree | 74a1db4618f574817f8e03e7a7152513cefab1a7 /pkgs/by-name | |
parent | b59bd02274e166da7098c58182979f4d0416b127 (diff) | |
parent | 7f4a5d13bdf57fd99d5b4fff1ef877dfaa70b8c9 (diff) | |
download | nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.tar nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.tar.gz nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.tar.bz2 nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.tar.lz nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.tar.xz nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.tar.zst nixlib-14e0dcb26dc75fdc112e0a631926f407dbc719ab.zip |
Merge pull request #263712 from RaitoBezarius/lanzaboote-tool
lanzaboote-tool: init at 0.3.0
Diffstat (limited to 'pkgs/by-name')
-rw-r--r-- | pkgs/by-name/la/lanzaboote-tool/package.nix | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/pkgs/by-name/la/lanzaboote-tool/package.nix b/pkgs/by-name/la/lanzaboote-tool/package.nix new file mode 100644 index 000000000000..919ab7d68f2c --- /dev/null +++ b/pkgs/by-name/la/lanzaboote-tool/package.nix @@ -0,0 +1,55 @@ +{ systemd +, stdenv +, makeWrapper +, binutils-unwrapped +, sbsigntool +, rustPlatform +, fetchFromGitHub +, lib +}: +rustPlatform.buildRustPackage rec { + pname = "lanzaboote-tool"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "nix-community"; + repo = "lanzaboote"; + rev = "v${version}"; + hash = "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs="; + }; + + sourceRoot = "source/rust/tool"; + cargoHash = "sha256-g4WzqfH6DZVUuNb0jV3MFdm3h7zy2bQ6d3agrXesWgc="; + + env.TEST_SYSTEMD = systemd; + doCheck = lib.meta.availableOn stdenv.hostPlatform systemd; + + nativeBuildInputs = [ + makeWrapper + ]; + + postInstall = '' + # Clean PATH to only contain what we need to do objcopy. + # This is still an unwrapped lanzaboote tool lacking of the + # UEFI stub location. + mv $out/bin/lzbt $out/bin/lzbt-unwrapped + wrapProgram $out/bin/lzbt-unwrapped \ + --set PATH ${lib.makeBinPath [ binutils-unwrapped sbsigntool ]} + ''; + + nativeCheckInputs = [ + binutils-unwrapped + sbsigntool + ]; + + meta = with lib; { + description = "Lanzaboote UEFI tooling for SecureBoot enablement on NixOS systems"; + homepage = "https://github.com/nix-community/lanzaboote"; + license = licenses.gpl3Only; + mainProgram = "lzbt"; + maintainers = with maintainers; [ raitobezarius nikstur ]; + # Broken on aarch64-linux and any other architecture for now. + # Wait for 0.4.0. + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} |