edk2: 202402 -> 202408 (#329338)
This commit is contained in:
commit
ef984827d8
@ -1,5 +1,5 @@
|
||||
{ stdenv, nixosTests, lib, edk2, util-linux, nasm, acpica-tools, llvmPackages
|
||||
, fetchurl, python3, pexpect, xorriso, qemu, dosfstools, mtools
|
||||
, fetchFromGitLab, python3, pexpect, xorriso, qemu, dosfstools, mtools
|
||||
, fdSize2MB ? false
|
||||
, fdSize4MB ? secureBoot
|
||||
, secureBoot ? false
|
||||
@ -12,7 +12,7 @@
|
||||
# to use as the PK and first KEK for the keystore.
|
||||
#
|
||||
# By default, we use Debian's cert. This default
|
||||
# should chnage to a NixOS cert once we have our
|
||||
# should change to a NixOS cert once we have our
|
||||
# own secure boot signing infrastructure.
|
||||
#
|
||||
# Ignored if msVarsTemplate is false.
|
||||
@ -66,9 +66,18 @@ let
|
||||
|
||||
OvmfPkKek1AppPrefix = "4e32566d-8e9e-4f52-81d3-5bb9715f9727";
|
||||
|
||||
debian-edk-src = fetchurl {
|
||||
url = "http://deb.debian.org/debian/pool/main/e/edk2/edk2_2023.11-5.debian.tar.xz";
|
||||
sha256 = "1yxlab4md30pxvjadr6b4xn6cyfw0c292q63pyfv4vylvhsb24g4";
|
||||
debian-edk-src = fetchFromGitLab {
|
||||
domain = "salsa.debian.org";
|
||||
owner = "qemu-team";
|
||||
repo = "edk2";
|
||||
nonConeMode = true;
|
||||
sparseCheckout = [
|
||||
"debian/edk2-vars-generator.py"
|
||||
"debian/python"
|
||||
"debian/PkKek-1-*.pem"
|
||||
];
|
||||
rev = "refs/tags/debian/2024.05-1";
|
||||
hash = "sha256-uAjXJaHOVh944ZxcA2IgCsrsncxuhc0JKlsXs0E03s0=";
|
||||
};
|
||||
|
||||
buildPrefix = "Build/*/*";
|
||||
@ -111,7 +120,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
|
||||
env.PYTHON_COMMAND = "python3";
|
||||
|
||||
postUnpack = lib.optionalDrvAttr msVarsTemplate ''
|
||||
unpackFile ${debian-edk-src}
|
||||
ln -s ${debian-edk-src}/debian
|
||||
'';
|
||||
|
||||
postConfigure = lib.optionalDrvAttr msVarsTemplate ''
|
||||
@ -138,7 +147,8 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
|
||||
'' + lib.optionalString msVarsTemplate ''
|
||||
(
|
||||
cd ${buildPrefix}
|
||||
python3 $NIX_BUILD_TOP/debian/edk2-vars-generator.py \
|
||||
# locale must be set on Darwin for invocations of mtools to work correctly
|
||||
LC_ALL=C python3 $NIX_BUILD_TOP/debian/edk2-vars-generator.py \
|
||||
--flavor ${msVarsArgs.flavor} \
|
||||
--enrolldefaultkeys ${msVarsArgs.archDir}/EnrollDefaultKeys.efi \
|
||||
--shell ${msVarsArgs.archDir}/Shell.efi \
|
||||
@ -165,7 +175,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
|
||||
ln -sv $fd/FV/${fwPrefix}_CODE{,.ms}.fd
|
||||
'' + lib.optionalString stdenv.hostPlatform.isAarch ''
|
||||
mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV
|
||||
# Add symlinks for Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
|
||||
# Add symlinks for Fedora dir layout: https://src.fedoraproject.org/rpms/edk2/blob/main/f/edk2.spec
|
||||
mkdir -vp $fd/AAVMF
|
||||
ln -s $fd/FV/AAVMF_CODE.fd $fd/AAVMF/QEMU_EFI-pflash.raw
|
||||
ln -s $fd/FV/AAVMF_VARS.fd $fd/AAVMF/vars-template-pflash.raw
|
||||
@ -179,6 +189,9 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
|
||||
in {
|
||||
firmware = "${prefix}_CODE.fd";
|
||||
variables = "${prefix}_VARS.fd";
|
||||
variablesMs =
|
||||
assert msVarsTemplate;
|
||||
"${prefix}_VARS.ms.fd";
|
||||
# This will test the EFI firmware for the host platform as part of the NixOS Tests setup.
|
||||
tests.basic-systemd-boot = nixosTests.systemd-boot.basic;
|
||||
tests.secureBoot-systemd-boot = nixosTests.systemd-boot.secureBoot;
|
||||
@ -190,7 +203,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
|
||||
homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF";
|
||||
license = lib.licenses.bsd2;
|
||||
platforms = metaPlatforms;
|
||||
maintainers = with lib.maintainers; [ adamcstephens raitobezarius ];
|
||||
broken = stdenv.isDarwin;
|
||||
maintainers = with lib.maintainers; [ adamcstephens raitobezarius mjoerg ];
|
||||
broken = stdenv.isDarwin && stdenv.isAarch64;
|
||||
};
|
||||
})
|
||||
|
@ -1,12 +1,12 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, applyPatches
|
||||
, libuuid
|
||||
, bc
|
||||
, lib
|
||||
, buildPackages
|
||||
, nixosTests
|
||||
, runCommand
|
||||
, writeScript
|
||||
}:
|
||||
|
||||
@ -31,45 +31,68 @@ buildType = if stdenv.isDarwin then
|
||||
else
|
||||
"GCC5";
|
||||
|
||||
edk2 = stdenv.mkDerivation rec {
|
||||
edk2 = stdenv.mkDerivation {
|
||||
pname = "edk2";
|
||||
version = "202402";
|
||||
|
||||
patches = [
|
||||
# pass targetPrefix as an env var
|
||||
(fetchpatch {
|
||||
url = "https://src.fedoraproject.org/rpms/edk2/raw/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/0021-Tweak-the-tools_def-to-support-cross-compiling.patch";
|
||||
hash = "sha256-E1/fiFNVx0aB1kOej2DJ2DlBIs9tAAcxoedym2Zhjxw=";
|
||||
})
|
||||
# https://github.com/tianocore/edk2/pull/5658
|
||||
(fetchpatch {
|
||||
url = "https://github.com/tianocore/edk2/commit/a34ff4a8f69a7b8a52b9b299153a8fac702c7df1.patch";
|
||||
hash = "sha256-u+niqwjuLV5tNPykW4xhb7PW2XvUmXhx5uvftG1UIbU=";
|
||||
})
|
||||
];
|
||||
version = "202408";
|
||||
|
||||
srcWithVendoring = fetchFromGitHub {
|
||||
owner = "tianocore";
|
||||
repo = "edk2";
|
||||
rev = "edk2-stable${edk2.version}";
|
||||
fetchSubmodules = true;
|
||||
hash = "sha256-Nurm6QNKCyV6wvbj0ELdYAL7mbZ0yg/tTwnEJ+N18ng=";
|
||||
hash = "sha256-2odaTqiAZD5xduT0dwIYWj3gY/aFPVsTFbblIsEhBiA=";
|
||||
};
|
||||
|
||||
# We don't want EDK2 to keep track of OpenSSL,
|
||||
# they're frankly bad at it.
|
||||
src = runCommand "edk2-unvendored-src" { } ''
|
||||
cp --no-preserve=mode -r ${srcWithVendoring} $out
|
||||
rm -rf $out/CryptoPkg/Library/OpensslLib/openssl
|
||||
mkdir -p $out/CryptoPkg/Library/OpensslLib/openssl
|
||||
tar --strip-components=1 -xf ${buildPackages.openssl.src} -C $out/CryptoPkg/Library/OpensslLib/openssl
|
||||
chmod -R +w $out/
|
||||
src = applyPatches {
|
||||
name = "edk2-${edk2.version}-unvendored-src";
|
||||
src = edk2.srcWithVendoring;
|
||||
|
||||
# Fix missing INT64_MAX include that edk2 explicitly does not provide
|
||||
# via it's own <stdint.h>. Let's pull in openssl's definition instead:
|
||||
sed -i $out/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c \
|
||||
-e '1i #include "internal/numbers.h"'
|
||||
'';
|
||||
patches = [
|
||||
# pass targetPrefix as an env var
|
||||
(fetchpatch {
|
||||
url = "https://src.fedoraproject.org/rpms/edk2/raw/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/0021-Tweak-the-tools_def-to-support-cross-compiling.patch";
|
||||
hash = "sha256-E1/fiFNVx0aB1kOej2DJ2DlBIs9tAAcxoedym2Zhjxw=";
|
||||
})
|
||||
# https://github.com/tianocore/edk2/pull/5658
|
||||
(fetchpatch {
|
||||
name = "fix-cross-compilation-antlr-dlg.patch";
|
||||
url = "https://github.com/tianocore/edk2/commit/a34ff4a8f69a7b8a52b9b299153a8fac702c7df1.patch";
|
||||
hash = "sha256-u+niqwjuLV5tNPykW4xhb7PW2XvUmXhx5uvftG1UIbU=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# We don't want EDK2 to keep track of OpenSSL, they're frankly bad at it.
|
||||
rm -r CryptoPkg/Library/OpensslLib/openssl
|
||||
mkdir -p CryptoPkg/Library/OpensslLib/openssl
|
||||
(
|
||||
cd CryptoPkg/Library/OpensslLib/openssl
|
||||
tar --strip-components=1 -xf ${buildPackages.openssl.src}
|
||||
|
||||
# Apply OpenSSL patches.
|
||||
${lib.pipe buildPackages.openssl.patches [
|
||||
(builtins.filter (
|
||||
patch:
|
||||
!builtins.elem (baseNameOf patch) [
|
||||
# Exclude patches not required in this context.
|
||||
"nix-ssl-cert-file.patch"
|
||||
"openssl-disable-kernel-detection.patch"
|
||||
"use-etc-ssl-certs-darwin.patch"
|
||||
"use-etc-ssl-certs.patch"
|
||||
]
|
||||
))
|
||||
(map (patch: "patch -p1 < ${patch}\n"))
|
||||
lib.concatStrings
|
||||
]}
|
||||
)
|
||||
|
||||
# enable compilation using Clang
|
||||
# https://bugzilla.tianocore.org/show_bug.cgi?id=4620
|
||||
substituteInPlace BaseTools/Conf/tools_def.template --replace-fail \
|
||||
'DEFINE CLANGPDB_WARNING_OVERRIDES = ' \
|
||||
'DEFINE CLANGPDB_WARNING_OVERRIDES = -Wno-unneeded-internal-declaration '
|
||||
'';
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pythonEnv ];
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.bash ];
|
||||
@ -100,12 +123,13 @@ edk2 = stdenv.mkDerivation rec {
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = with lib; {
|
||||
meta = {
|
||||
description = "Intel EFI development kit";
|
||||
homepage = "https://github.com/tianocore/tianocore.github.io/wiki/EDK-II/";
|
||||
changelog = "https://github.com/tianocore/edk2/releases/tag/edk2-stable${edk2.version}";
|
||||
license = licenses.bsd2;
|
||||
platforms = with platforms; aarch64 ++ arm ++ i686 ++ x86_64 ++ riscv64;
|
||||
license = lib.licenses.bsd2;
|
||||
platforms = with lib.platforms; aarch64 ++ arm ++ i686 ++ x86_64 ++ riscv64;
|
||||
maintainers = [ lib.maintainers.mjoerg ];
|
||||
};
|
||||
|
||||
passthru = {
|
||||
|
@ -37,6 +37,7 @@ edk2.mkDerivation "ShellPkg/ShellPkg.dsc" (finalAttrs: {
|
||||
inherit (edk2.meta) license platforms;
|
||||
description = "UEFI Shell from Tianocore EFI development kit";
|
||||
homepage = "https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg";
|
||||
maintainers = with lib.maintainers; [ LunNova ];
|
||||
maintainers = with lib.maintainers; [ LunNova mjoerg ];
|
||||
broken = stdenv.isDarwin && stdenv.isAarch64;
|
||||
};
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user