From 2285ad1bfa20714daac8ab2f1d3c933598af9c13 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Sat, 4 Jul 2015 23:39:28 +0200 Subject: [PATCH] trustedGRUB: GRUB 1 based -> GRUB 2 based --- pkgs/tools/misc/grub/trusted.nix | 100 +++++++++++++++++++++++++------ pkgs/top-level/all-packages.nix | 5 +- 2 files changed, 84 insertions(+), 21 deletions(-) diff --git a/pkgs/tools/misc/grub/trusted.nix b/pkgs/tools/misc/grub/trusted.nix index 9f897d7e93a..790870cf302 100644 --- a/pkgs/tools/misc/grub/trusted.nix +++ b/pkgs/tools/misc/grub/trusted.nix @@ -1,26 +1,92 @@ -{stdenv, fetchgit, autoconf, automake, buggyBiosCDSupport ? true}: +{ stdenv, fetchurl, fetchgit, autogen, flex, bison, python, autoconf, automake +, gettext, ncurses, libusb, freetype, qemu, devicemapper +}: -stdenv.mkDerivation { - name = "trustedGRUB-1.1.5"; +with stdenv.lib; +let + pcSystems = { + "i686-linux".target = "i386"; + "x86_64-linux".target = "i386"; + }; + + inPCSystems = any (system: stdenv.system == system) (mapAttrsToList (name: _: name) pcSystems); + + version = "2.0-git-2015-07-04"; + + unifont_bdf = fetchurl { + url = "http://unifoundry.com/unifont-5.1.20080820.bdf.gz"; + sha256 = "0s0qfff6n6282q28nwwblp5x295zd6n71kl43xj40vgvdqxv0fxx"; + }; + + po_src = fetchurl { + name = "grub-2.02-beta2.tar.gz"; + url = "http://alpha.gnu.org/gnu/grub/grub-2.02~beta2.tar.gz"; + sha256 = "1lr9h3xcx0wwrnkxdnkfjwy08j7g7mdlmmbdip2db4zfgi69h0rm"; + + }; + +in ( + +stdenv.mkDerivation rec { + name = "trustedGRUB-${version}"; src = fetchgit { - url = "https://github.com/ts468/TrustedGRUB"; - rev = "954941c17e14c8f7b18e6cd3043ef5f946866f1c"; - sha256 = "30c21765dc44f02275e66220d6724ec9cd45496226ca28c6db59a9147aa22685"; + url = "https://github.com/Sirrix-AG/TrustedGRUB2"; + rev = "1865d07bdef7f39916790c77103fb85e99de14a4"; + sha256 = "e6bd9edfeb653e98e585fd691a31533b649b2fca1f4a903c70f6ea371014c9f7"; }; - # Autoconf/automake required for the splashimage patch. - buildInputs = [autoconf automake]; + nativeBuildInputs = [ autogen flex bison python autoconf automake ]; + buildInputs = [ ncurses libusb freetype gettext devicemapper ] + ++ optional doCheck qemu; - preConfigure = '' - autoreconf + preConfigure = + '' for i in "tests/util/"*.in + do + sed -i "$i" -e's|/bin/bash|/bin/sh|g' + done + + # Apparently, the QEMU executable is no longer called + # `qemu-system-i386', even on i386. + # + # In addition, use `-nodefaults' to avoid errors like: + # + # chardev: opening backend "stdio" failed + # qemu: could not open serial device 'stdio': Invalid argument + # + # See . + sed -i "tests/util/grub-shell.in" \ + -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g' + ''; + + prePatch = + '' tar zxf ${po_src} grub-2.02~beta2/po + rm -rf po + mv grub-2.02~beta2/po po + sh autogen.sh + gunzip < "${unifont_bdf}" > "unifont.bdf" + sed -i "configure" \ + -e "s|/usr/src/unifont.bdf|$PWD/unifont.bdf|g" + ''; + + patches = [ ./fix-bash-completion.patch ]; + + # save target that grub is compiled for + grubTarget = if inPCSystems + then "${pcSystems.${stdenv.system}.target}-pc" + else ""; + + doCheck = false; + enableParallelBuilding = true; + + postInstall = '' + paxmark pms $out/sbin/grub-{probe,bios-setup} ''; - meta = { - homepage = "http://sourceforge.net/projects/trustedgrub/"; - repositories.git = https://github.com/ts468/TrustedGRUB; - description = "Legacy GRUB bootloader extended with TCG support"; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ tstrobel ]; + meta = with stdenv.lib; { + description = "GRUB 2.0 extended with TCG (TPM) support for integrity measured boot process (trusted boot)"; + homepage = https://github.com/Sirrix-AG/TrustedGRUB2; + license = licenses.gpl3Plus; + platforms = platforms.gnu; }; -} +}) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e90ff4984b8..1d317a30ad7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1702,10 +1702,7 @@ let automake = automake112x; # fails with 13 and 14 }; - trustedGrub = callPackage_i686 ../tools/misc/grub/trusted.nix { - buggyBiosCDSupport = config.grub.buggyBiosCDSupport or true; - automake = automake112x; # fails with 13 and 14 - }; + trustedGrub = callPackage_i686 ../tools/misc/grub/trusted.nix { }; grub2 = grub2_full;