diff options
Diffstat (limited to 'pkgs/os-specific/linux/firmware/fwupd/default.nix')
| -rw-r--r-- | pkgs/os-specific/linux/firmware/fwupd/default.nix | 547 |
1 files changed, 296 insertions, 251 deletions
diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index 24e23f2b7e9..f4914d84327 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -1,38 +1,35 @@ # Updating? Keep $out/etc synchronized with passthru keys -{ lib, stdenv -, fetchurl +{ stdenv +, lib , fetchFromGitHub -, substituteAll -, gtk-doc +, gi-docgen , pkg-config , gobject-introspection , gettext , libgudev +, libdrm , polkit , libxmlb +, glib , gusb , sqlite , libarchive +, libredirect , curl -, help2man , libjcat -, libxslt , elfutils -, libsmbios , efivar -, gnu-efi , valgrind , meson , libuuid , colord -, docbook_xml_dtd_43 -, docbook-xsl-nons , ninja -, gcab , gnutls +, protobufc , python3 -, wrapGAppsHook +, wrapGAppsNoGuiHook +, ensureNewerSourcesForZipFilesHook , json-glib , bash-completion , shared-mime-info @@ -40,33 +37,33 @@ , vala , makeFontsConf , freefont_ttf -, cairo -, freetype -, fontconfig , pango , tpm2-tss , bubblewrap , efibootmgr , flashrom , tpm2-tools +, fwupd-efi , nixosTests , runCommand +, unstableGitUpdater +, modemmanager +, libqmi +, libmbim +, libcbor +, xz +, enableFlashrom ? false +, enablePassim ? false }: let python = python3.withPackages (p: with p; [ + jinja2 pygobject3 - pycairo - pillow setuptools ]); - installedTestsPython = python3.withPackages (p: with p; [ - pygobject3 - requests - ]); - - isx86 = stdenv.isx86_64 || stdenv.isi686; + isx86 = stdenv.hostPlatform.isx86; # Dell isn't supported on Aarch64 haveDell = isx86; @@ -80,192 +77,238 @@ let # # Currently broken on Aarch64 # haveFlashrom = isx86; # Experimental - haveFlashrom = false; - - runPythonCommand = name: buildCommandPython: runCommand name { - nativeBuildInputs = [ python3 ]; - inherit buildCommandPython; - } '' - exec python3 -c "$buildCommandPython" - ''; - - self = stdenv.mkDerivation rec { - pname = "fwupd"; - version = "1.5.7"; - - # libfwupd goes to lib - # daemon, plug-ins and libfwupdplugin go to out - # CLI programs go to out - outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ]; + haveFlashrom = isx86 && enableFlashrom; + + runPythonCommand = + name: + buildCommandPython: + + runCommand + name + { + nativeBuildInputs = [ python3 ]; + inherit buildCommandPython; + } + '' + exec python3 -c "$buildCommandPython" + ''; - src = fetchurl { - url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz"; - sha256 = "16isrrv6zhdgccbfnz7km5g1cnvfnip7aiidkfhf5dlnrnyb2sxh"; + test-firmware = + let + version = "unstable-2022-04-02"; + src = fetchFromGitHub { + name = "fwupd-test-firmware-${version}"; + owner = "fwupd"; + repo = "fwupd-test-firmware"; + rev = "39954e434d63e20e85870dd1074818f48a0c08b7"; + hash = "sha256-d4qG3fKyxkfN91AplRYqARFz+aRr+R37BpE450bPxi0="; + passthru = { + inherit src version; # For update script + updateScript = unstableGitUpdater { + url = "${test-firmware.meta.homepage}.git"; + }; + }; + }; + in + src // { + meta = src.meta // { + # For update script + position = + let + pos = builtins.unsafeGetAttrPos "updateScript" test-firmware; + in + pos.file + ":" + toString pos.line; + }; }; +in +stdenv.mkDerivation (finalAttrs: { + pname = "fwupd"; + version = "1.9.7"; + + # libfwupd goes to lib + # daemon, plug-ins and libfwupdplugin go to out + # CLI programs go to out + outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ]; + + src = fetchFromGitHub { + owner = "fwupd"; + repo = "fwupd"; + rev = finalAttrs.version; + hash = "sha256-NhVCIjkwoTZptctIrkU9HgXzjr+KCUZfEKcjoYgAEdM="; + }; - patches = [ - # Do not try to create useless paths in /var. - ./fix-paths.patch - - # Allow installing - ./add-option-for-installation-sysconfdir.patch - - # Install plug-ins and libfwupdplugin to out, - # they are not really part of the library. - ./install-fwupdplugin-to-out.patch - - # Installed tests are installed to different output - # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle. - (substituteAll { - src = ./installed-tests-path.patch; - # Needs a different set of modules than po/make-images. - inherit installedTestsPython; - }) - ]; - - nativeBuildInputs = [ - meson - ninja - gtk-doc - pkg-config - gobject-introspection - gettext - shared-mime-info - valgrind - gcab - gnutls - docbook_xml_dtd_43 - docbook-xsl-nons - help2man - libxslt - python - wrapGAppsHook - vala - ]; - - buildInputs = [ - polkit - libxmlb - gusb - sqlite - libarchive - curl - elfutils - gnu-efi - libgudev - colord - libjcat - libuuid - json-glib - umockdev - bash-completion - cairo - freetype - fontconfig - pango - tpm2-tss - efivar - ] ++ lib.optionals haveDell [ - libsmbios - ]; - - mesonFlags = [ - "-Dgtkdoc=true" - "-Dplugin_dummy=true" - # We are building the official releases. - "-Dsupported_build=true" - # Would dlopen libsoup to preserve compatibility with clients linking against older fwupd. - # https://github.com/fwupd/fwupd/commit/173d389fa59d8db152a5b9da7cc1171586639c97 - "-Dsoup_session_compat=false" - "-Dudevdir=lib/udev" - "-Dsystemd_root_prefix=${placeholder "out"}" - "-Dinstalled_test_prefix=${placeholder "installedTests"}" - "-Defi-libdir=${gnu-efi}/lib" - "-Defi-ldsdir=${gnu-efi}/lib" - "-Defi-includedir=${gnu-efi}/include/efi" - "-Defi_sbat_distro_id=nixos" - "-Defi_sbat_distro_summary=NixOS" - "-Defi_sbat_distro_pkgname=fwupd" - "-Defi_sbat_distro_version=${version}" - "-Defi_sbat_distro_url=https://search.nixos.org/packages?channel=unstable&show=fwupd&from=0&size=50&sort=relevance&query=fwupd" - "--localstatedir=/var" - "--sysconfdir=/etc" - "-Dsysconfdir_install=${placeholder "out"}/etc" - - # We do not want to place the daemon into lib (cyclic reference) - "--libexecdir=${placeholder "out"}/libexec" - # Our builder only adds $lib/lib to rpath but some things link - # against libfwupdplugin which is in $out/lib. - "-Dc_link_args=-Wl,-rpath,${placeholder "out"}/lib" - ] ++ lib.optionals (!haveDell) [ - "-Dplugin_dell=false" - "-Dplugin_synaptics=false" - ] ++ lib.optionals (!haveRedfish) [ - "-Dplugin_redfish=false" - ] ++ lib.optionals haveFlashrom [ - "-Dplugin_flashrom=true" - ] ++ lib.optionals (!haveMSR) [ - "-Dplugin_msr=false" - ]; - - # TODO: wrapGAppsHook wraps efi capsule even though it is not ELF - dontWrapGApps = true; - - # /etc/os-release not available in sandbox - # doCheck = true; + patches = [ + # Since /etc is the domain of NixOS, not Nix, + # we cannot install files there. + # Let’s install the files to $prefix/etc + # while still reading them from /etc. + # NixOS module for fwupd will take take care of copying the files appropriately. + ./add-option-for-installation-sysconfdir.patch + + # Install plug-ins and libfwupdplugin to $out output, + # they are not really part of the library. + ./install-fwupdplugin-to-out.patch + + # Installed tests are installed to different output + # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle. + ./installed-tests-path.patch + + # EFI capsule is located in fwupd-efi now. + ./efi-app-path.patch + ]; + + nativeBuildInputs = [ + # required for firmware zipping + ensureNewerSourcesForZipFilesHook + meson + ninja + gi-docgen + pkg-config + gobject-introspection + gettext + shared-mime-info + valgrind + gnutls + protobufc # for protoc + python + wrapGAppsNoGuiHook + vala + ]; + + buildInputs = [ + polkit + libxmlb + gusb + sqlite + libarchive + libdrm + curl + elfutils + libgudev + colord + libjcat + libuuid + json-glib + umockdev + bash-completion + pango + tpm2-tss + efivar + fwupd-efi + protobufc + modemmanager + libmbim + libcbor + libqmi + xz # for liblzma + ] ++ lib.optionals haveFlashrom [ + flashrom + ]; + + mesonFlags = [ + "-Ddocs=enabled" + "-Dplugin_dummy=true" + # We are building the official releases. + "-Dsupported_build=enabled" + "-Dlaunchd=disabled" + "-Dudevdir=lib/udev" + "-Dsystemd_root_prefix=${placeholder "out"}" + "-Dinstalled_test_prefix=${placeholder "installedTests"}" + "--localstatedir=/var" + "--sysconfdir=/etc" + "-Dsysconfdir_install=${placeholder "out"}/etc" + "-Defi_os_dir=nixos" + "-Dplugin_modem_manager=enabled" + # We do not want to place the daemon into lib (cyclic reference) + "--libexecdir=${placeholder "out"}/libexec" + ] ++ lib.optionals (!enablePassim) [ + "-Dpassim=disabled" + ] ++ lib.optionals (!haveDell) [ + "-Dplugin_synaptics_mst=disabled" + ] ++ lib.optionals (!haveRedfish) [ + "-Dplugin_redfish=disabled" + ] ++ lib.optionals (!haveFlashrom) [ + "-Dplugin_flashrom=disabled" + ] ++ lib.optionals (!haveMSR) [ + "-Dplugin_msr=disabled" + ]; + + # TODO: wrapGAppsHook wraps efi capsule even though it is not ELF + dontWrapGApps = true; + + doCheck = true; + + # Environment variables + + # Fontconfig error: Cannot load default config file + FONTCONFIG_FILE = + let + fontsConf = makeFontsConf { + fontDirectories = [ freefont_ttf ]; + }; + in + fontsConf; + + # error: “PolicyKit files are missing” + # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428 + PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions"; + + # Phase hooks + + postPatch = '' + patchShebangs \ + contrib/generate-version-script.py \ + contrib/generate-man.py \ + po/test-deps + + substituteInPlace data/installed-tests/fwupdmgr-p2p.sh \ + --replace "gdbus" ${glib.bin}/bin/gdbus + + # tests fail with: Failed to load SMBIOS: neither SMBIOS or DT found + sed -i 's/test(.*)//' plugins/lenovo-thinklmi/meson.build + sed -i 's/test(.*)//' plugins/mtd/meson.build + # fails on amd cpu + sed -i 's/test(.*)//' libfwupdplugin/meson.build + # in nixos test tries to chmod 0777 $out/share/installed-tests/fwupd/tests/redfish.conf + sed -i "s/get_option('tests')/false/" plugins/redfish/meson.build + + # Device tests use device emulation and need to download emulation data from + # the internet, which does not work on our test VMs. + # It's probably better to disable these tests for NixOS by setting + # the device-tests directory to /dev/null. + # For more info on device emulation, see: + # https://github.com/fwupd/fwupd/blob/eeeac4e9ba8a6513428b456a551bffd95d533e50/docs/device-emulation.md + substituteInPlace data/installed-tests/meson.build \ + --replace "join_paths(datadir, 'fwupd', 'device-tests')" "'/dev/null'" + ''; - # Environment variables + preBuild = '' + # jcat-tool at buildtime requires a home directory + export HOME="$(mktemp -d)" + ''; - # Fontconfig error: Cannot load default config file - FONTCONFIG_FILE = - let - fontsConf = makeFontsConf { - fontDirectories = [ freefont_ttf ]; - }; - in fontsConf; - - # error: “PolicyKit files are missing” - # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428 - PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions"; - - # Phase hooks - - postPatch = '' - patchShebangs \ - contrib/get-version.py \ - contrib/generate-version-script.py \ - meson_post_install.sh \ - plugins/uefi-capsule/efi/generate_sbat.py \ - plugins/uefi-capsule/efi/generate_binary.py \ - po/make-images \ - po/make-images.sh \ - po/test-deps - ''; + preCheck = '' + addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share" - preCheck = '' - addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share" - ''; + echo "12345678901234567890123456789012" > machine-id + export NIX_REDIRECTS=/etc/machine-id=$(realpath machine-id) \ + LD_PRELOAD=${libredirect}/lib/libredirect.so + ''; - postInstall = - let - testFw = fetchFromGitHub { - owner = "fwupd"; - repo = "fwupd-test-firmware"; - rev = "c13bfb26cae5f4f115dd4e08f9f00b3cb9acc25e"; - sha256 = "US81i7mtLEe85KdWz5r+fQTk61IhqjVkzykBaBPuKL4="; - }; - in '' - # These files have weird licenses so they are shipped separately. - cp --recursive --dereference "${testFw}/installed-tests/tests" "$installedTests/libexec/installed-tests/fwupd" - ''; + postInstall = '' + # These files have weird licenses so they are shipped separately. + cp --recursive --dereference "${test-firmware}/installed-tests/tests" "$installedTests/libexec/installed-tests/fwupd" + ''; - preFixup = let + preFixup = + let binPath = [ efibootmgr bubblewrap tpm2-tools - ] ++ lib.optional haveFlashrom flashrom; - in '' + ]; + in + '' gappsWrapperArgs+=( --prefix XDG_DATA_DIRS : "${shared-mime-info}/share" # See programs reached with fu_common_find_program_in_path in source @@ -273,52 +316,56 @@ let ) ''; + postFixup = '' # Since we had to disable wrapGAppsHook, we need to wrap the executables manually. - postFixup = '' - find -L "$out/bin" "$out/libexec" -type f -executable -print0 \ - | while IFS= read -r -d ''' file; do - if [[ "$file" != *.efi ]]; then - echo "Wrapping program $file" - wrapGApp "$file" - fi - done - ''; + find -L "$out/bin" "$out/libexec" -type f -executable -print0 \ + | while IFS= read -r -d ''' file; do + if [[ "$file" != *.efi ]]; then + echo "Wrapping program $file" + wrapGApp "$file" + fi + done + + # Cannot be in postInstall, otherwise _multioutDocs hook in preFixup will move right back. + moveToOutput "share/doc" "$devdoc" + ''; - separateDebugInfo = true; - - passthru = { - filesInstalledToEtc = [ - "fwupd/daemon.conf" - "fwupd/remotes.d/lvfs-testing.conf" - "fwupd/remotes.d/lvfs.conf" - "fwupd/remotes.d/vendor.conf" - "fwupd/remotes.d/vendor-directory.conf" - "fwupd/thunderbolt.conf" - "fwupd/upower.conf" - "fwupd/uefi_capsule.conf" - "pki/fwupd/GPG-KEY-Hughski-Limited" - "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware" - "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service" - "pki/fwupd/LVFS-CA.pem" - "pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata" - "pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service" - "pki/fwupd-metadata/LVFS-CA.pem" - ] ++ lib.optionals haveDell [ - "fwupd/remotes.d/dell-esrt.conf" - ] ++ lib.optionals haveRedfish [ - "fwupd/redfish.conf" - ]; + separateDebugInfo = true; + + passthru = { + filesInstalledToEtc = [ + "fwupd/bios-settings.d/README.md" + "fwupd/fwupd.conf" + "fwupd/remotes.d/lvfs-testing.conf" + "fwupd/remotes.d/lvfs.conf" + "fwupd/remotes.d/vendor.conf" + "fwupd/remotes.d/vendor-directory.conf" + "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware" + "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service" + "pki/fwupd/LVFS-CA.pem" + "pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata" + "pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service" + "pki/fwupd-metadata/LVFS-CA.pem" + "grub.d/35_fwupd" + ]; - # DisabledPlugins key in fwupd/daemon.conf - defaultDisabledPlugins = [ - "test" - "test_ble" - "invalid" - ]; + # DisabledPlugins key in fwupd/daemon.conf + defaultDisabledPlugins = [ + "test" + "test_ble" + ]; + + # For updating. + inherit test-firmware; - tests = let + # For downstream consumers that need the fwupd-efi this was built with. + inherit fwupd-efi; + + tests = + let listToPy = list: "[${lib.concatMapStringsSep ", " (f: "'${f}'") list}]"; - in { + in + { installedTests = nixosTests.installed-tests.fwupd; passthruMatches = runPythonCommand "fwupd-test-passthru-matches" '' @@ -327,29 +374,27 @@ let import os import pathlib - etc = '${self}/etc' + etc = '${finalAttrs.finalPackage}/etc' package_etc = set(itertools.chain.from_iterable([[os.path.relpath(os.path.join(prefix, file), etc) for file in files] for (prefix, dirs, files) in os.walk(etc)])) - passthru_etc = set(${listToPy passthru.filesInstalledToEtc}) + passthru_etc = set(${listToPy finalAttrs.passthru.filesInstalledToEtc}) assert len(package_etc - passthru_etc) == 0, f'fwupd package contains the following paths in /etc that are not listed in passthru.filesInstalledToEtc: {package_etc - passthru_etc}' assert len(passthru_etc - package_etc) == 0, f'fwupd package lists the following paths in passthru.filesInstalledToEtc that are not contained in /etc: {passthru_etc - package_etc}' config = configparser.RawConfigParser() - config.read('${self}/etc/fwupd/daemon.conf') + config.read('${finalAttrs.finalPackage}/etc/fwupd/fwupd.conf') package_disabled_plugins = config.get('fwupd', 'DisabledPlugins').rstrip(';').split(';') - passthru_disabled_plugins = ${listToPy passthru.defaultDisabledPlugins} + passthru_disabled_plugins = ${listToPy finalAttrs.passthru.defaultDisabledPlugins} assert package_disabled_plugins == passthru_disabled_plugins, f'Default disabled plug-ins in the package {package_disabled_plugins} do not match those listed in passthru.defaultDisabledPlugins {passthru_disabled_plugins}' pathlib.Path(os.getenv('out')).touch() ''; }; - }; - - meta = with lib; { - homepage = "https://fwupd.org/"; - maintainers = with maintainers; [ jtojnar ]; - license = licenses.lgpl21Plus; - platforms = platforms.linux; - }; }; -in self + meta = with lib; { + homepage = "https://fwupd.org/"; + maintainers = with maintainers; [ rvdp ]; + license = licenses.lgpl21Plus; + platforms = platforms.linux; + }; +}) |