forked from linuxboot/heads
-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathflake.nix
156 lines (148 loc) · 5.19 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
{
description = "Optimized heads flake for Docker image with garbage collection protection";
# Inputs define external dependencies and their sources.
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Using the unstable channel for the latest packages, while flake.lock fixates the commit reused until changed.
flake-utils.url = "github:numtide/flake-utils"; # Utilities for flake functionality.
};
# Outputs are the result of the flake, including the development environment and Docker image.
outputs = {
self,
flake-utils,
nixpkgs,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; # Accessing the legacy package set.
lib = pkgs.lib; # The standard Nix packages library.
# Dependencies are the packages required for the Heads project.
# Organized into subsets for clarity and maintainability.
deps = with pkgs; [
# Core build utilities
autoconf
automake
bashInteractive
coreutils
bc
bison # Generate flashmap descriptor parser
bzip2
cacert
ccache
cmake
cpio
curl
diffutils
dtc
e2fsprogs
elfutils
findutils
flex
gawk
git
gnat # required for libgfxinit under coreboot, hacked around for kgpe-d16
gnugrep
gnumake
gnused
gnutar
gzip
imagemagick # For bootsplash manipulation
innoextract # ROM extraction for dGPU
libtool
m4
ncurses5 # make menuconfig and slang
nss
openssl # needed for talos-2 kernel build
parted
patch
perl
pkg-config
python3 # me_cleaner, coreboot
rsync # coreboot
sharutils
texinfo
unzip
wget
which
xz
zip
zlib
zlib.dev
] ++ [
qemu_full #Heavier then qemu + qemu_kvm, but contains qemu-img + kvm and everything else needed to do development/testing cycles under docker
] ++ [
# Additional tools for debugging/editing/testing
vim # Mostly used amongst us, sorry if you'd like something else, open issue
swtpm # QEMU requirement to emulate tpm1/tpm2
dosfstools # QEMU requirement to produce valid fs to store exported public key to be fused through inject_key on qemu (so qemu flashrom emulated SPI support).
diffoscopeMinimal # Not sure exactly what is packed here, let's try. Might need diffoscope if something is missing
gnupg #to inject public key inside of qemu create rom through inject_gpg target of targets/qemu.mk TODO: remove when pflash supported by flashrom + modify code
less # so 'git log' is usable
moreutils # so that 'make 2>&1 | ts' can give timestamps
] ++ [
# Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh)
bundler
p7zip
ruby
sudo # ( °-° )
upx
binwalk # Extract all components of a binary
uefi-firmware-parser #Parse and extract further hidden UEFI blobs from binaries
];
in {
# The development shell includes all the dependencies.
devShell = pkgs.mkShellNoCC {
buildInputs = deps;
};
# myDevShell outputs environment variables necessary for development.
packages.myDevShell =
pkgs.runCommand "my-dev-shell" {}
#bash
''
grep \
-e CMAKE_PREFIX_PATH \
-e NIX_CC_WRAPPER_TARGET_TARGET \
-e NIX_CFLAGS_COMPILE_FOR_TARGET \
-e NIX_LDFLAGS_FOR_TARGET \
-e PKG_CONFIG_PATH_FOR_TARGET \
-e ACLOCAL_PATH \
${self.devShell.${system}} >$out
'';
# Docker image configuration for the Heads project.
packages.dockerImage = pkgs.dockerTools.buildLayeredImage {
name = "linuxboot/heads";
tag = "dev-env";
config.Entrypoint = ["bash" "-c" ''source /devenv.sh; if (( $# == 0 )); then exec bash; else exec "$0" "$@"; fi''];
contents =
deps
++ [
pkgs.dockerTools.binSh
pkgs.dockerTools.caCertificates
pkgs.dockerTools.usrBinEnv
];
enableFakechroot = true;
fakeRootCommands =
#bash
''
set -e
# Environment setup for the development shell.
grep \
-e NIX_CC_WRAPPER_TARGET_TARGET \
-e NIX_CFLAGS_COMPILE_FOR_TARGET \
-e NIX_LDFLAGS_FOR_TARGET \
-e NIX_PKG_CONFIG_WRAPPER_TARGET \
-e PKG_CONFIG_PATH_FOR_TARGET \
-e ACLOCAL_PATH \
${self.devShell.${system}} >/devenv.sh
mkdir /tmp; # Temporary directory for various operations.
chmod 1777 /tmp
# Ensure /etc/passwd and /etc/group exist with root entries
echo "root:x:0:0:root:/root:/bin/bash" > /etc/passwd
echo "root:x:0:" > /etc/group
mkdir -p /root
chmod 700 /root
# Git configuration for safe directory access.
echo -e '[safe]\n\tdirectory = *\n' > /root/.gitconfig
'';
};
});
}