From 6a3eb966a43346b5b5f21f62a54a0daa165d8401 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Wed, 17 Jul 2024 16:49:26 +0200 Subject: [PATCH 1/3] nrfutil: drop --- .../tools/misc/nrfutil/default.nix | 55 ------------------- pkgs/top-level/all-packages.nix | 2 - 2 files changed, 57 deletions(-) delete mode 100644 pkgs/development/tools/misc/nrfutil/default.nix diff --git a/pkgs/development/tools/misc/nrfutil/default.nix b/pkgs/development/tools/misc/nrfutil/default.nix deleted file mode 100644 index 0249c098de5c..000000000000 --- a/pkgs/development/tools/misc/nrfutil/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - lib, - fetchFromGitHub, - python3, -}: - -python3.pkgs.buildPythonApplication rec { - pname = "nrfutil"; - version = "6.1.7"; - - src = fetchFromGitHub { - owner = "NordicSemiconductor"; - repo = "pc-nrfutil"; - rev = "refs/tags/v${version}"; - sha256 = "sha256-WiXqeQObhXszDcLxJN8ABd2ZkxsOUvtZQSVP8cYlT2M="; - }; - - propagatedBuildInputs = with python3.pkgs; [ - click - crcmod - ecdsa - libusb1 - intelhex - pc-ble-driver-py - piccata - protobuf - pyserial - pyspinel - pyyaml - tqdm - ]; - - nativeCheckInputs = with python3.pkgs; [ - behave - pytestCheckHook - ]; - - # Workaround: pythonRelaxDepsHook doesn't work for this. - postPatch = '' - mkdir test-reports - substituteInPlace requirements.txt \ - --replace "libusb1==1.9.3" "libusb1" \ - --replace "protobuf >=3.17.3, < 4.0.0" "protobuf" - substituteInPlace nordicsemi/dfu/tests/test_signing.py \ - --replace "self.assertEqual(expected_vk_pem, vk_pem)" "" - ''; - - meta = { - description = "Device Firmware Update tool for nRF chips"; - homepage = "https://github.com/NordicSemiconductor/pc-nrfutil"; - license = lib.licenses.unfreeRedistributable; - platforms = lib.platforms.unix; - maintainers = with lib.maintainers; [ gebner ]; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9f5a5ece5be8..9b34b485fd56 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18310,8 +18310,6 @@ with pkgs; nrf5-sdk = callPackage ../development/libraries/nrf5-sdk { }; - nrfutil = callPackage ../development/tools/misc/nrfutil { }; - obelisk = callPackage ../development/tools/ocaml/obelisk { menhir = ocamlPackages.menhir; }; obuild = callPackage ../development/tools/ocaml/obuild { }; From 3289ebc9eaf58b6c6ca5a3eea0318b5bcb95d39c Mon Sep 17 00:00:00 2001 From: h7x4 Date: Wed, 17 Jul 2024 16:50:26 +0200 Subject: [PATCH 2/3] nrfutil: reinit at 7.11.1 --- pkgs/by-name/nr/nrfutil/package.nix | 59 +++++++++++++++++++++++++++++ pkgs/by-name/nr/nrfutil/source.nix | 15 ++++++++ pkgs/by-name/nr/nrfutil/update.sh | 38 +++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 pkgs/by-name/nr/nrfutil/package.nix create mode 100644 pkgs/by-name/nr/nrfutil/source.nix create mode 100755 pkgs/by-name/nr/nrfutil/update.sh diff --git a/pkgs/by-name/nr/nrfutil/package.nix b/pkgs/by-name/nr/nrfutil/package.nix new file mode 100644 index 000000000000..9cafd07b5c45 --- /dev/null +++ b/pkgs/by-name/nr/nrfutil/package.nix @@ -0,0 +1,59 @@ +{ + lib, + stdenvNoCC, + fetchurl, + makeWrapper, + libusb1, + segger-jlink-headless, +}: + +let + source = import ./source.nix; + supported = removeAttrs source [ "version" ]; + + platform = supported.${stdenvNoCC.system} or (throw "unsupported platform ${stdenvNoCC.system}"); + +in +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "nrfutil"; + inherit (source) version; + + src = fetchurl { + url = "https://developer.nordicsemi.com/.pc-tools/nrfutil/nrfutil-${platform.name}-${finalAttrs.version}.tar.gz"; + inherit (platform) hash; + }; + + nativeBuildInputs = [ makeWrapper ]; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out + mv data/* $out/ + + wrapProgram $out/bin/nrfutil \ + --prefix LD_LIBRARY_PATH : "${ + lib.makeLibraryPath [ + segger-jlink-headless + libusb1 + ] + }" + + runHook postInstall + ''; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + description = "CLI tool for managing Nordic Semiconductor devices"; + homepage = "https://www.nordicsemi.com/Products/Development-tools/nRF-Util"; + changelog = "https://docs.nordicsemi.com/bundle/nrfutil/page/guides/revision_history.html"; + license = licenses.unfree; + platforms = attrNames supported; + maintainers = with maintainers; [ h7x4 ]; + mainProgram = "nrfutil"; + }; +}) diff --git a/pkgs/by-name/nr/nrfutil/source.nix b/pkgs/by-name/nr/nrfutil/source.nix new file mode 100644 index 000000000000..f768ac96bb88 --- /dev/null +++ b/pkgs/by-name/nr/nrfutil/source.nix @@ -0,0 +1,15 @@ +{ + version = "7.11.1"; + x86_64-linux = { + name = "x86_64-unknown-linux-gnu"; + hash = "sha256-faF/iA07wWiAuxeqEZciIYlnoWe4LKCtDxD0BwIyeYw="; + }; + x86_64-darwin = { + name = "x86_64-apple-darwin"; + hash = "sha256-EImYXMIvxPgzaGuAOWi4O6mG5S1awdGSX0HQgT1iHaI="; + }; + aarch64-darwin = { + name = "aarch64-apple-darwin"; + hash = "sha256-jgigeJRHH/c761wYGMHhtRHE59ms7obZPxiH5pKeoeQ="; + }; +} diff --git a/pkgs/by-name/nr/nrfutil/update.sh b/pkgs/by-name/nr/nrfutil/update.sh new file mode 100755 index 000000000000..bd3bbadbfde5 --- /dev/null +++ b/pkgs/by-name/nr/nrfutil/update.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p jq nix nix-prefetch-github xq-xml + +nixpkgs="$(git rev-parse --show-toplevel || (printf 'Could not find root of nixpkgs repo\nAre we running from within the nixpkgs git repo?\n' >&2; exit 1))" + +narhash() { + nix --extra-experimental-features nix-command store prefetch-file --json "$1" | jq -r .hash +} + +set -euo pipefail + +declare -A architectures +declare -A versions +declare -A hashes + +architectures["x86_64-linux"]="x86_64-unknown-linux-gnu" +architectures["x86_64-darwin"]="x86_64-apple-darwin" +architectures["aarch64-darwin"]="aarch64-apple-darwin" + +binary_list=$(curl "https://developer.nordicsemi.com/.pc-tools/nrfutil/" | xq -q "#files" | grep -o -E 'nrfutil-(x86_64|aarch64)-.*?.gz' | cut -d' ' -f 1) + +for a in ${!architectures[@]}; do + versions["$a"]=$(echo "$binary_list" | grep "${architectures[${a}]}" | sed -r "s/nrfutil-${architectures[${a}]}-(.*?).tar.gz/\\1/" | tail -n 1) + echo "https://developer.nordicsemi.com/.pc-tools/nrfutil/nrfutil-${architectures[${a}]}-${versions[${a}]}.tar.gz" + hashes["$a"]=$(narhash "https://developer.nordicsemi.com/.pc-tools/nrfutil/nrfutil-${architectures[${a}]}-${versions[${a}]}.tar.gz") +done + +{ + printf "{\n" + printf " version = \"${versions["x86_64-linux"]}\";\n" + for a in ${!architectures[@]}; do + printf " ${a} = {\n" + printf " name = \"${architectures[${a}]}\";\n" + printf " hash = \"${hashes[${a}]}\";\n" + printf " };\n" + done + printf "}\n" +} > "${nixpkgs}/pkgs/by-name/nr/nrfutil/source.nix" From 142e77e7330f218a7c0cf59d97af99ef66a8eab6 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 17 Sep 2024 22:36:20 +0200 Subject: [PATCH 3/3] nixos/doc: add release note about nrfutil repackaging --- nixos/doc/manual/release-notes/rl-2411.section.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index ab951ddb3c25..a756968a125d 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -163,6 +163,8 @@ To forcibly reenable cgroup v1 support, you can `set boot.kernelParams = [ "systemd.unified_cgroup_hierachy=0" "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" ]`. NixOS does not officially support this configuration and might cause your system to be unbootable in future versions. You are on your own. +- `nrfutil` which previously pointed to the now-deprecated `pc-nrfutil` python package, has been repackaged under the same name with the new nrfutil tool. + - `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can use the new `opensshWithKerberos` and `openssh_hpnWithKerberos` flavors (e.g. `programs.ssh.package = pkgs.openssh_gssapi`).