diff options
author | Mx Kookie <kookie@spacekookie.de> | 2021-01-03 17:15:41 +0100 |
---|---|---|
committer | Mx Kookie <kookie@spacekookie.de> | 2021-01-03 17:15:41 +0100 |
commit | 5a380913988033c25c7240ab677dcc549327357f (patch) | |
tree | 1de1c5febb2700095bacd3a2a2f3b6a8168115d9 | |
parent | 01ebfa7aac8c18965df1a089c50bffcf0052e967 (diff) | |
parent | aeac2f8adcd683ade3be74a4680d4e96f39aef49 (diff) |
Merge commit 'aeac2f8adcd683ade3be74a4680d4e96f39aef49' into main
-rw-r--r-- | infra/corenix/README.md | 4 | ||||
-rw-r--r-- | infra/corenix/configs/milan/milan-x230-fhd.nix | 2 | ||||
-rw-r--r-- | infra/corenix/default.nix | 38 | ||||
-rw-r--r-- | infra/corenix/flake.lock | 27 | ||||
-rw-r--r-- | infra/corenix/flake.nix | 49 | ||||
-rw-r--r-- | infra/corenix/modules/grub2/default.nix | 14 | ||||
-rw-r--r-- | infra/corenix/nix/sources.json | 26 | ||||
-rw-r--r-- | infra/corenix/nix/sources.nix | 171 | ||||
-rw-r--r-- | infra/corenix/pkgs/coreboot-payload-tianocore/default.nix | 17 | ||||
-rw-r--r-- | infra/corenix/pkgs/coreboot-payload-tint/default.nix | 6 | ||||
-rw-r--r-- | infra/corenix/pkgs/coreboot/default.nix | 88 | ||||
-rw-r--r-- | infra/corenix/pkgs/coreboot/files.nix | 142 | ||||
-rw-r--r-- | infra/corenix/pkgs/coreboot/update-shell.nix | 11 | ||||
-rwxr-xr-x | infra/corenix/pkgs/coreboot/update.sh | 34 |
14 files changed, 438 insertions, 191 deletions
diff --git a/infra/corenix/README.md b/infra/corenix/README.md index 5a70e2b7ce9b..339aa695cd29 100644 --- a/infra/corenix/README.md +++ b/infra/corenix/README.md @@ -5,8 +5,8 @@ *How to use:* 1. Create a configuration file for your device in `configs/` -2. Add an entry to flake.nix, i.e. `my-device = makeDevice ./configs/my-device.nix;` -3. Build the coreboot rom: `nix build -A pkgs.my-device` +2. Add an entry to default.nix, i.e. `my-device = makeDevice ./configs/my-device.nix;` +3. Build the coreboot rom: `nix build -A my-device` *Features* diff --git a/infra/corenix/configs/milan/milan-x230-fhd.nix b/infra/corenix/configs/milan/milan-x230-fhd.nix index f4d42a81452d..5ebea5452e6e 100644 --- a/infra/corenix/configs/milan/milan-x230-fhd.nix +++ b/infra/corenix/configs/milan/milan-x230-fhd.nix @@ -6,7 +6,7 @@ corenix.corebootConfig = { CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH = "1920"; CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT = "1080"; - CONFIG_CBFS_SIZE = "0xbe5000"; + CONFIG_CBFS_SIZE = "0xbe5000"; # DON'T copy this unless you know what you're doing }; tianocore.enable = true; diff --git a/infra/corenix/default.nix b/infra/corenix/default.nix index 1fbe54326228..44da28b62d67 100644 --- a/infra/corenix/default.nix +++ b/infra/corenix/default.nix @@ -1,6 +1,34 @@ -(import (fetchTarball { - url = - "https://github.com/edolstra/flake-compat/archive/94cf59784c73ecec461eaa291918eff0bfb538ac.tar.gz"; - sha256 = "03qz7h3hpb7jhlyidd4jxxncns40kvw8aqsq5l8d0rsdq9nj02qj"; -}) { src = ./.; }).defaultNix +{ ... }: +let + sources = import ./nix/sources.nix; + nixpkgsOptions = { + system = "x86_64-linux"; + overlays = [ (import ./pkgs/overlay.nix) ]; + }; + pkgs = import sources.nixpkgs nixpkgsOptions; + inherit (pkgs) lib; + + makeDevice = configFile: + (lib.evalModules { + modules = [ + ({ ... }: { nixpkgs = nixpkgsOptions; }) + ("${sources.nixpkgs}/nixos/modules/misc/assertions.nix") + ("${sources.nixpkgs}/nixos/modules/misc/nixpkgs.nix") + ./modules + configFile + ]; + }).config.corenix.rom; + +in rec { + inherit makeDevice; + + inherit (pkgs) + coreboot coreboot-payload-grub2 coreboot-payload-tianocore + coreboot-payload-seabios coreboot-payload-tint + coreboot-payload-nvramcui coreboot-payload-coreinfo; + + milan-x1c = makeDevice ./configs/milan/milan-x1c.nix; + milan-x230t = makeDevice ./configs/milan/milan-x230t.nix; + milan-x230-fhd = makeDevice ./configs/milan/milan-x230-fhd.nix; +} diff --git a/infra/corenix/flake.lock b/infra/corenix/flake.lock deleted file mode 100644 index dcfe647d911c..000000000000 --- a/infra/corenix/flake.lock +++ /dev/null @@ -1,27 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1604414673, - "narHash": "sha256-Z8yNdN5G17J8Ro9Go9LGN5NtEwL2oleZAZkEhdC4q7I=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "a9f4945fa4e0ec655554149e82bdac935c9ba747", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/infra/corenix/flake.nix b/infra/corenix/flake.nix deleted file mode 100644 index 6864f3840909..000000000000 --- a/infra/corenix/flake.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - inputs.nixpkgs = { - type = "github"; - owner = "nixos"; - repo = "nixpkgs"; - ref = "master"; - }; - - description = "A collections of derivations for coreboot and payloads"; - outputs = { self, nixpkgs }: - let - nixpkgsOptions = { - system = "x86_64-linux"; - overlays = [ (import ./pkgs/overlay.nix) ]; - }; - pkgs = import nixpkgs nixpkgsOptions; - inherit (pkgs) lib; - - makeDevice = configFile: - (lib.evalModules { - modules = [ - ({ ... }: { nixpkgs = nixpkgsOptions; }) - ("${nixpkgs}/nixos/modules/misc/assertions.nix") - ("${nixpkgs}/nixos/modules/misc/nixpkgs.nix") - ./modules - configFile - ]; - }).config.corenix.rom; - - exportedPkgs = { - inherit (pkgs) - coreboot coreboot-payload-grub2 coreboot-payload-tianocore - coreboot-payload-seabios coreboot-payload-tint - coreboot-payload-nvramcui coreboot-payload-coreinfo; - - milan-x1c = makeDevice ./configs/milan/milan-x1c.nix; - milan-x230t = makeDevice ./configs/milan/milan-x230t.nix; - milan-x230-fhd = makeDevice ./configs/milan/milan-x230-fhd.nix; - }; - - in { - lib = { inherit makeDevice; }; - - packages.x86_64-linux = exportedPkgs; - - # shortcut for use with flake-compat - pkgs = exportedPkgs; - }; -} diff --git a/infra/corenix/modules/grub2/default.nix b/infra/corenix/modules/grub2/default.nix index 39fa13f73026..fb84c7726f40 100644 --- a/infra/corenix/modules/grub2/default.nix +++ b/infra/corenix/modules/grub2/default.nix @@ -8,7 +8,10 @@ let if cfg.asSecondaryPayload then "img/grub2" else "fallback/payload"; configText = (readFile ./files/grub.cfg) + cfg.extraConfig - + (optionalString (cfg.scanDevices) (readFile ./files/grub-scan.cfg)) + + (optionalString (cfg.signKey != null) '' + trust (cbfsdisk)/etc/trusted.key + set check_signatures=enforce + '') + (optionalString (cfg.scanDevices) (readFile ./files/grub-scan.cfg)) + (optionalString (cfg.users != { }) ((concatStringsSep "\n" (mapAttrsToList (n: u: '' ${ @@ -86,6 +89,11 @@ in { default = pkgs.coreboot-payload-grub2; }; + signKey = mkOption { + type = types.nullOr types.path; + default = null; + }; + extraPayloadModules = mkOption { type = types.listOf types.str; default = [ ]; @@ -118,6 +126,8 @@ in { "grub-mkfont --range=0x20-0x7E,0x2501-0x251F,0x2191-0x2193 --size=14 -o $out ${cfg.font}"); "etc/grub.cfg".src = cfg.configFile; "background.png".src = ./files/background.png; - }; + } // (optionalAttrs (cfg.signKey != null) { + "etc/trusted.key".src = cfg.signKey; + }); }; } diff --git a/infra/corenix/nix/sources.json b/infra/corenix/nix/sources.json new file mode 100644 index 000000000000..7d4eea5c2f65 --- /dev/null +++ b/infra/corenix/nix/sources.json @@ -0,0 +1,26 @@ +{ + "niv": { + "branch": "master", + "description": "Easy dependency management for Nix projects", + "homepage": "https://github.com/nmattia/niv", + "owner": "nmattia", + "repo": "niv", + "rev": "ba57d5a29b4e0f2085917010380ef3ddc3cf380f", + "sha256": "1kpsvc53x821cmjg1khvp1nz7906gczq8mp83664cr15h94sh8i4", + "type": "tarball", + "url": "https://github.com/nmattia/niv/archive/ba57d5a29b4e0f2085917010380ef3ddc3cf380f.tar.gz", + "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" + }, + "nixpkgs": { + "branch": "master", + "description": "Nix Packages collection", + "homepage": "", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30f4aedd0ef8ef9b1cc007519e3e7536201055af", + "sha256": "1am8zhhnrhxvl7siw50lilnrpvc35lzs8kvky7ms7gs8a1mj4sbn", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/30f4aedd0ef8ef9b1cc007519e3e7536201055af.tar.gz", + "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" + } +} diff --git a/infra/corenix/nix/sources.nix b/infra/corenix/nix/sources.nix new file mode 100644 index 000000000000..b796fffacd53 --- /dev/null +++ b/infra/corenix/nix/sources.nix @@ -0,0 +1,171 @@ +# This file has been generated by Niv. + +let + + # + # The fetchers. fetch_<type> fetches specs of type <type>. + # + + fetch_file = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchurl { inherit (spec) url sha256; name = name'; } + else + pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; + + fetch_tarball = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchTarball { name = name'; inherit (spec) url sha256; } + else + pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; + + fetch_git = name: spec: + let + ref = + if spec ? ref then spec.ref else + if spec ? branch then "refs/heads/${spec.branch}" else + if spec ? tag then "refs/tags/${spec.tag}" else + abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; + in + builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; + + fetch_local = spec: spec.path; + + fetch_builtin-tarball = name: throw + ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=tarball -a builtin=true''; + + fetch_builtin-url = name: throw + ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=file -a builtin=true''; + + # + # Various helpers + # + + # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 + sanitizeName = name: + ( + concatMapStrings (s: if builtins.isList s then "-" else s) + ( + builtins.split "[^[:alnum:]+._?=-]+" + ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) + ) + ); + + # The set of packages used when specs are fetched using non-builtins. + mkPkgs = sources: system: + let + sourcesNixpkgs = + import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; + hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; + hasThisAsNixpkgsPath = <nixpkgs> == ./.; + in + if builtins.hasAttr "nixpkgs" sources + then sourcesNixpkgs + else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then + import <nixpkgs> {} + else + abort + '' + Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; + + # The actual fetching function. + fetch = pkgs: name: spec: + + if ! builtins.hasAttr "type" spec then + abort "ERROR: niv spec ${name} does not have a 'type' attribute" + else if spec.type == "file" then fetch_file pkgs name spec + else if spec.type == "tarball" then fetch_tarball pkgs name spec + else if spec.type == "git" then fetch_git name spec + else if spec.type == "local" then fetch_local spec + else if spec.type == "builtin-tarball" then fetch_builtin-tarball name + else if spec.type == "builtin-url" then fetch_builtin-url name + else + abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + + # If the environment variable NIV_OVERRIDE_${name} is set, then use + # the path directly as opposed to the fetched source. + replace = name: drv: + let + saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; + ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; + in + if ersatz == "" then drv else ersatz; + + # Ports of functions for older nix versions + + # a Nix version of mapAttrs if the built-in doesn't exist + mapAttrs = builtins.mapAttrs or ( + f: set: with builtins; + listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) + ); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 + range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 + stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 + stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); + concatMapStrings = f: list: concatStrings (map f list); + concatStrings = builtins.concatStringsSep ""; + + # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 + optionalAttrs = cond: as: if cond then as else {}; + + # fetchTarball version that is compatible between all the versions of Nix + builtins_fetchTarball = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchTarball; + in + if lessThan nixVersion "1.12" then + fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchTarball attrs; + + # fetchurl version that is compatible between all the versions of Nix + builtins_fetchurl = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchurl; + in + if lessThan nixVersion "1.12" then + fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchurl attrs; + + # Create the final "sources" from the config + mkSources = config: + mapAttrs ( + name: spec: + if builtins.hasAttr "outPath" spec + then abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = replace name (fetch config.pkgs name spec); } + ) config.sources; + + # The "config" used by the fetchers + mkConfig = + { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null + , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) + , system ? builtins.currentSystem + , pkgs ? mkPkgs sources system + }: rec { + # The sources, i.e. the attribute set of spec name to spec + inherit sources; + + # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers + inherit pkgs; + }; + +in +mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } diff --git a/infra/corenix/pkgs/coreboot-payload-tianocore/default.nix b/infra/corenix/pkgs/coreboot-payload-tianocore/default.nix index 5c3e5362462f..ce82ed6e1d32 100644 --- a/infra/corenix/pkgs/coreboot-payload-tianocore/default.nix +++ b/infra/corenix/pkgs/coreboot-payload-tianocore/default.nix @@ -1,4 +1,11 @@ -{ fetchFromGitHub, python2, stdenv, libuuid, bc, utillinux, nasm, iasl, seabios +{ fetchFromGitHub +, python2 +, stdenv +, libuuid +, bc +, utillinux +, nasm +, iasl }: # we can not override the source in edk2, so we had to copy the entire thing @@ -58,7 +65,7 @@ in stdenv.mkDerivation { buildPhase = '' runHook preBuild - build -a X64 -a IA32 -b RELEASE -t GCC5 -p CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc -n $NIX_BUILD_CORES -D CSM_ENABLE + build -a X64 -a IA32 -b RELEASE -t GCC5 -p CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc -n $NIX_BUILD_CORES runHook postBuild ''; @@ -68,11 +75,5 @@ in stdenv.mkDerivation { runHook postInstall ''; - hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ]; - - postPatch = '' - cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin - ''; - dontPatchELF = true; } diff --git a/infra/corenix/pkgs/coreboot-payload-tint/default.nix b/infra/corenix/pkgs/coreboot-payload-tint/default.nix index b953c773336d..be5e64d327fd 100644 --- a/infra/corenix/pkgs/coreboot-payload-tint/default.nix +++ b/infra/corenix/pkgs/coreboot-payload-tint/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { pname = "coreboot-payload-tint"; - version = "0.04+nmu1"; + version = "0.05"; inherit (coreboot.drvAttrs) src postPatch; preConfigure = "cd payloads/external/tint"; @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { tar -xf ${ fetchurl { url = - "https://mirror.fsf.org/trisquel/pool/main/t/tint/tint_${version}.tar.gz"; - sha256 = "17gbga1lha9yp5hpyr5vn1sc93fx413cksxmpyl8zv3b5rjvzsy1"; + "https://mirror.fsf.org/trisquel/pool/main/t/tint/tint_${version}.tar.xz"; + sha256 = "1pfp3pqwci4wsjxhqik49v74hlgyg78j98x0g5disfcv37hpxb6r"; } } mv tint{-${version},} diff --git a/infra/corenix/pkgs/coreboot/default.nix b/infra/corenix/pkgs/coreboot/default.nix index cc0c2f39b209..d5dc4919d683 100644 --- a/infra/corenix/pkgs/coreboot/default.nix +++ b/infra/corenix/pkgs/coreboot/default.nix @@ -2,61 +2,63 @@ , callPackage, lib, corebootConfig ? { CONFIG_PAYLOAD_NONE = "y"; } }: let - version = "4.12"; - src = fetchgit { - url = "https://review.coreboot.org/coreboot.git"; - rev = "${version}"; - fetchSubmodules = true; - sha256 = "1l140zbvn6pkbrr55lymhi4lycimhpy8xgm45shl4zv6a9vjd66z"; - }; - toolchain = stdenv.mkDerivation rec { pname = "coreboot-toolchain"; - inherit version src; + inherit (coreboot) version src; + nativeBuildInputs = [ curl stdenv m4 flex bison zlib gnat ]; + buildPhase = '' mkdir -p util/crossgcc/tarballs ${lib.concatMapStringsSep "\n" (file: "ln -s ${file.archive} util/crossgcc/tarballs/${file.name}") (callPackage ./files.nix { })} - NIX_HARDENING_ENABLE="$\{NIX_HARDENING_ENABLE/ format/\}" make crossgcc-i386 CPUS=$NIX_BUILD_CORES + make crossgcc-i386 CPUS=$NIX_BUILD_CORES ''; + installPhase = '' cp -r util/crossgcc $out ''; }; - writeConfig = config: - let - filteredConfig = lib.filterAttrs (n: v: v != null) config; - lines = - lib.mapAttrsToList (name: value: "${name}=${value}") filteredConfig; + writeConfig = config: let + filteredConfig = lib.filterAttrs (n: v: v != null) config; + lines = + lib.mapAttrsToList (name: value: "${name}=${value}") filteredConfig; configFile = writeText "config" (lib.concatStringsSep "\n" lines); - in configFile; - -in stdenv.mkDerivation rec { - - pname = "coreboot"; - inherit version src; - - postPatch = '' - rm -rf util/crossgcc - cp -r ${toolchain} util/crossgcc - chmod u+rwX -R util/crossgcc - patchShebangs util/xcompile/xcompile - ''; - - configurePhase = '' - runHook preConfigure - cp ${writeConfig corebootConfig} .config - make olddefconfig - runHook postConfigure - ''; - - installPhase = '' - mkdir -p $out - cp build/coreboot.rom $out - ''; - - passthru = { inherit toolchain writeConfig corebootConfig; }; -} + in configFile; + + coreboot = stdenv.mkDerivation rec { + pname = "coreboot"; + version = "4.13"; + + src = fetchgit { + url = "https://review.coreboot.org/coreboot.git"; + rev = version; + sha256 = "sha256-O5udH6RAfs5IPqzvluXAApU7TDow39aOEewL5+nln3c="; + fetchSubmodules = true; + }; + + postPatch = '' + rm -rf util/crossgcc + cp -r ${toolchain} util/crossgcc + chmod u+rwX -R util/crossgcc + patchShebangs util/xcompile/xcompile + ''; + + configurePhase = '' + runHook preConfigure + cp ${writeConfig corebootConfig} .config + make olddefconfig + runHook postConfigure + ''; + + installPhase = '' + mkdir -p $out + cp build/coreboot.rom $out + ''; + + passthru = { inherit toolchain writeConfig corebootConfig; }; + }; + +in coreboot diff --git a/infra/corenix/pkgs/coreboot/files.nix b/infra/corenix/pkgs/coreboot/files.nix index f5d71ec46b53..5306b22bb674 100644 --- a/infra/corenix/pkgs/coreboot/files.nix +++ b/infra/corenix/pkgs/coreboot/files.nix @@ -1,67 +1,107 @@ -{ fetchurl }: - -# from util/crossgcc/buildgcc -[ - (rec { - version = "6.1.2"; - name = "gmp-${version}.tar.xz"; +{ fetchurl }: [ + { + name = "gmp-6.2.0.tar.xz"; archive = fetchurl { - sha256 = "04hrwahdxyqdik559604r7wrj9ffklwvipgfxgj4ys4skbl6bdc7"; - url = "mirror://gnu/gmp/${name}"; + sha256 = "09hmg8k63mbfrx1x3yy6y1yzbbq85kw5avbibhcgrg9z3ganr3i5"; + url = "https://ftpmirror.gnu.org/gmp/gmp-6.2.0.tar.xz"; }; - }) - - (rec { - version = "4.0.2"; - name = "mpfr-${version}.tar.xz"; + } + { + name = "mpfr-4.1.0.tar.xz"; archive = fetchurl { - sha256 = "12m3amcavhpqygc499s3fzqlb8f2j2rr7fkqsm10xbjfc04fffqx"; - url = "mirror://gnu/mpfr/${name}"; + sha256 = "0zwaanakrqjf84lfr5hfsdr7hncwv9wj0mchlr7cmxigfgqs760c"; + url = "https://ftpmirror.gnu.org/mpfr/mpfr-4.1.0.tar.xz"; }; - }) - - (rec { - version = "1.1.0"; - name = "mpc-${version}.tar.gz"; + } + { + name = "mpc-1.2.0.tar.gz"; archive = fetchurl { - sha256 = "0biwnhjm3rx3hc0rfpvyniky4lpzsvdcwhmcn7f0h4iw2hwcb1b9"; - url = "mirror://gnu/mpc/${name}"; + sha256 = "19pxx3gwhwl588v496g3aylhcw91z1dk1d5x3a8ik71sancjs3z9"; + url = "https://ftpmirror.gnu.org/mpc/mpc-1.2.0.tar.gz"; }; - }) - - (rec { - version = "8.3.0"; - name = "gcc-${version}.tar.xz"; + } + { + name = "gcc-8.3.0.tar.xz"; archive = fetchurl { sha256 = "0b3xv411xhlnjmin2979nxcbnidgvzqdf4nbhix99x60dkzavfk4"; - url = "mirror://gnu/gcc/${name}"; + url = "https://ftpmirror.gnu.org/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz"; }; - }) - - (rec { - version = "2.33.1"; - name = "binutils-${version}.tar.xz"; + } + { + name = "binutils-2.35.tar.xz"; archive = fetchurl { - sha256 = "1grcf8jaw3i0bk6f9xfzxw3qfgmn6fgkr108isdkbh1y3hnzqrmb"; - url = "mirror://gnu/binutils/${name}"; + sha256 = "119g6340ksv1jkg6bwaxdp2whhlly22l9m30nj6y284ynjgna48v"; + url = "https://ftpmirror.gnu.org/binutils/binutils-2.35.tar.xz"; }; - }) - - (rec { - version = "20200110"; - name = "acpica-unix2-${version}.tar.gz"; + } + { + name = "gdb-9.2.tar.xz"; archive = fetchurl { - sha256 = "1hb4g6r7w8s4bhlkk36fmb4qxghnrwvad7f18cpn6zz0b4sjs7za"; - url = "https://acpica.org/sites/acpica/files/${name}"; + sha256 = "0mf5fn8v937qwnal4ykn3ji1y2sxk0fa1yfqi679hxmpg6pdf31n"; + url = "https://ftpmirror.gnu.org/gdb/gdb-9.2.tar.xz"; }; - }) - - (rec { - version = "2.14.02"; - name = "nasm-${version}.tar.bz2"; + } + { + name = "acpica-unix2-20200717.tar.gz"; archive = fetchurl { - sha256 = "1g409sr1kj7v1089s9kv0i4azvddkcwcypnbakfryyi71b3jdz9l"; - url = "https://www.nasm.us/pub/nasm/releasebuilds/${version}/${name}"; + sha256 = "0jyy71szjr40c8v40qqw6yh3gfk8d6sl3nay69zrn5d88i3r0jca"; + url = "https://acpica.org/sites/acpica/files/acpica-unix2-20200717.tar.gz"; }; - }) + } + { + name = "Python-3.8.5.tar.xz"; + archive = fetchurl { + sha256 = "1c43dbv9lvlp3ynqmgdi4rh8q94swanhqarqrdx62zmigpakw073"; + url = "https://www.python.org/ftp/python/3.8.5/Python-3.8.5.tar.xz"; + }; + } + { + name = "expat-2.2.9.tar.bz2"; + archive = fetchurl { + sha256 = "0dx2m58gkj7cadk51lmp54ma7cqjhff4kjmwv8ks80j3vj2301pi"; + url = "https://downloads.sourceforge.net/sourceforge/expat/expat-2.2.9.tar.bz2"; + }; + } + { + name = "llvm-10.0.1.src.tar.xz"; + archive = fetchurl { + sha256 = "1wydhbp9kyjp5y0rc627imxgkgqiv3dfirbqil9dgpnbaw5y7n65"; + url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/llvm-10.0.1.src.tar.xz"; + }; + } + { + name = "clang-10.0.1.src.tar.xz"; + archive = fetchurl { + sha256 = "091bvcny2lh32zy8f3m9viayyhb2zannrndni7325rl85cwgr6pr"; + url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/clang-10.0.1.src.tar.xz"; + }; + } + { + name = "compiler-rt-10.0.1.src.tar.xz"; + archive = fetchurl { + sha256 = "1yjqjri753w0fzmxcyz687nvd97sbc9rsqrxzpq720na47hwh3fr"; + url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/compiler-rt-10.0.1.src.tar.xz"; + }; + } + { + name = "clang-tools-extra-10.0.1.src.tar.xz"; + archive = fetchurl { + sha256 = "06n1yp638rh24xdxv9v2df0qajxbjz4w59b7dd4ky36drwmpi4yh"; + url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/clang-tools-extra-10.0.1.src.tar.xz"; + }; + } + { + name = "cmake-3.18.1.tar.gz"; + archive = fetchurl { + sha256 = "0215srmc9l7ygwdpfms8yx0wbd96qgz2d58ykmdiarvysf5k7qy0"; + url = "https://cmake.org/files/v3.18/cmake-3.18.1.tar.gz"; + }; + } + { + name = "nasm-2.15.03.tar.bz2"; + archive = fetchurl { + sha256 = "0y6p3d5lhmwzvgi85f00sz6c485ir33zd1nskzxby4pikcyk9rq4"; + url = "https://www.nasm.us/pub/nasm/releasebuilds/2.15.03/nasm-2.15.03.tar.bz2"; + }; + } ] diff --git a/infra/corenix/pkgs/coreboot/update-shell.nix b/infra/corenix/pkgs/coreboot/update-shell.nix new file mode 100644 index 000000000000..a2f2da23b6f8 --- /dev/null +++ b/infra/corenix/pkgs/coreboot/update-shell.nix @@ -0,0 +1,11 @@ +let + sources = import ../../nix/sources.nix; + pkgs = import sources.nixpkgs {}; +in + +with pkgs; + +mkShell { + buildInputs = [ nix git cacert getopt ]; + NIX_PATH = "nixpkgs=${sources.nixpkgs}"; +} diff --git a/infra/corenix/pkgs/coreboot/update.sh b/infra/corenix/pkgs/coreboot/update.sh new file mode 100755 index 000000000000..d73f21404cd7 --- /dev/null +++ b/infra/corenix/pkgs/coreboot/update.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env nix-shell +#!nix-shell --pure -i bash update-shell.nix + +set -xe + +cd "$(dirname "$0")/../.." + +export PATH="/nix/store/yhr5cl61hqqx12zgfq8i3pkg0diq9v5k-nix-update/bin:$PATH" +nix-update coreboot $@ + +src="$(nix-build --no-out-link -A coreboot.src)" +urls=$($src/util/crossgcc/buildgcc -u) + +echo '{ fetchurl }: [' > pkgs/coreboot/.files.nix.tmp + +for url in $urls +do + name="$(basename $url)" + hash="$(nix-prefetch-url "$url")" + + cat << EOF >> pkgs/coreboot/.files.nix.tmp + { + name = "$name"; + archive = fetchurl { + sha256 = "$hash"; + url = "$url"; + }; + } +EOF + +done + +echo ']' >> pkgs/coreboot/.files.nix.tmp +mv pkgs/coreboot/.files.nix.tmp pkgs/coreboot/files.nix |