1 files changed, 128 insertions, 88 deletions

diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix
index 0783fb79296..24e23f2b7e9 100644
--- a/pkgs/os-specific/linux/firmware/fwupd/default.nix
+++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix
@@ -1,21 +1,20 @@
 # Updating? Keep $out/etc synchronized with passthru keys
 
-{ stdenv
+{ lib, stdenv
 , fetchurl
-, fetchpatch
+, fetchFromGitHub
 , substituteAll
 , gtk-doc
-, pkgconfig
+, pkg-config
 , gobject-introspection
-, intltool
+, gettext
 , libgudev
 , polkit
 , libxmlb
 , gusb
 , sqlite
 , libarchive
-, glib-networking
-, libsoup
+, curl
 , help2man
 , libjcat
 , libxslt
@@ -23,15 +22,15 @@
 , libsmbios
 , efivar
 , gnu-efi
-, libyaml
 , valgrind
 , meson
 , libuuid
 , colord
 , docbook_xml_dtd_43
-, docbook_xsl
+, docbook-xsl-nons
 , ninja
 , gcab
+, gnutls
 , python3
 , wrapGAppsHook
 , json-glib
@@ -67,10 +66,6 @@ let
     requests
   ]);
 
-  fontsConf = makeFontsConf {
-    fontDirectories = [ freefont_ttf ];
-  };
-
   isx86 = stdenv.isx86_64 || stdenv.isi686;
 
   # Dell isn't supported on Aarch64
@@ -79,6 +74,9 @@ let
   # only redfish for x86_64
   haveRedfish = stdenv.isx86_64;
 
+  # only use msr if x86 (requires cpuid)
+  haveMSR = isx86;
+
   # # Currently broken on Aarch64
   # haveFlashrom = isx86;
   # Experimental
@@ -93,30 +91,51 @@ let
 
   self = stdenv.mkDerivation rec {
     pname = "fwupd";
-    version = "1.4.5";
-
-    src = fetchurl {
-      url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz";
-      sha256 = "0hpqxwqbbqn440c2swpnc06z8dskisrli4ynsxrzzqyp0dan46xw";
-    };
+    version = "1.5.7";
 
     # libfwupd goes to lib
     # daemon, plug-ins and libfwupdplugin go to out
     # CLI programs go to out
     outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ];
 
+    src = fetchurl {
+      url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz";
+      sha256 = "16isrrv6zhdgccbfnz7km5g1cnvfnip7aiidkfhf5dlnrnyb2sxh";
+    };
+
+    patches = [
+      # Do not try to create useless paths in /var.
+      ./fix-paths.patch
+
+      # Allow installing
+      ./add-option-for-installation-sysconfdir.patch
+
+      # Install plug-ins and libfwupdplugin to out,
+      # they are not really part of the library.
+      ./install-fwupdplugin-to-out.patch
+
+      # Installed tests are installed to different output
+      # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle.
+      (substituteAll {
+        src = ./installed-tests-path.patch;
+        # Needs a different set of modules than po/make-images.
+        inherit installedTestsPython;
+      })
+    ];
+
     nativeBuildInputs = [
       meson
       ninja
       gtk-doc
-      pkgconfig
+      pkg-config
       gobject-introspection
-      intltool
+      gettext
       shared-mime-info
       valgrind
       gcab
+      gnutls
       docbook_xml_dtd_43
-      docbook_xsl
+      docbook-xsl-nons
       help2man
       libxslt
       python
@@ -130,15 +149,13 @@ let
       gusb
       sqlite
       libarchive
-      libsoup
+      curl
       elfutils
       gnu-efi
-      libyaml
       libgudev
       colord
       libjcat
       libuuid
-      glib-networking
       json-glib
       umockdev
       bash-completion
@@ -148,63 +165,29 @@ let
       pango
       tpm2-tss
       efivar
-    ] ++ stdenv.lib.optionals haveDell [
+    ] ++ lib.optionals haveDell [
       libsmbios
     ];
 
-    patches = [
-      ./fix-paths.patch
-      ./add-option-for-installation-sysconfdir.patch
-
-      # Install plug-ins and libfwupdplugin to out,
-      # they are not really part of the library.
-      ./install-fwupdplugin-to-out.patch
-
-      # Installed tests are installed to different output
-      # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle.
-      (substituteAll {
-        src = ./installed-tests-path.patch;
-        # Needs a different set of modules than po/make-images.
-        inherit installedTestsPython;
-      })
-    ];
-
-    postPatch = ''
-      patchShebangs \
-        contrib/get-version.py \
-        contrib/generate-version-script.py \
-        meson_post_install.sh \
-        po/make-images \
-        po/make-images.sh \
-        po/test-deps
-    '';
-
-    # /etc/os-release not available in sandbox
-    # doCheck = true;
-
-    preFixup = let
-      binPath = [
-        efibootmgr
-        bubblewrap
-        tpm2-tools
-      ] ++ stdenv.lib.optional haveFlashrom flashrom;
-    in ''
-      gappsWrapperArgs+=(
-        --prefix XDG_DATA_DIRS : "${shared-mime-info}/share"
-        # See programs reached with fu_common_find_program_in_path in source
-        --prefix PATH : "${stdenv.lib.makeBinPath binPath}"
-      )
-    '';
-
     mesonFlags = [
       "-Dgtkdoc=true"
       "-Dplugin_dummy=true"
+      # We are building the official releases.
+      "-Dsupported_build=true"
+      # Would dlopen libsoup to preserve compatibility with clients linking against older fwupd.
+      # https://github.com/fwupd/fwupd/commit/173d389fa59d8db152a5b9da7cc1171586639c97
+      "-Dsoup_session_compat=false"
       "-Dudevdir=lib/udev"
       "-Dsystemd_root_prefix=${placeholder "out"}"
       "-Dinstalled_test_prefix=${placeholder "installedTests"}"
       "-Defi-libdir=${gnu-efi}/lib"
       "-Defi-ldsdir=${gnu-efi}/lib"
       "-Defi-includedir=${gnu-efi}/include/efi"
+      "-Defi_sbat_distro_id=nixos"
+      "-Defi_sbat_distro_summary=NixOS"
+      "-Defi_sbat_distro_pkgname=fwupd"
+      "-Defi_sbat_distro_version=${version}"
+      "-Defi_sbat_distro_url=https://search.nixos.org/packages?channel=unstable&show=fwupd&from=0&size=50&sort=relevance&query=fwupd"
       "--localstatedir=/var"
       "--sysconfdir=/etc"
       "-Dsysconfdir_install=${placeholder "out"}/etc"
@@ -214,29 +197,83 @@ let
       # Our builder only adds $lib/lib to rpath but some things link
       # against libfwupdplugin which is in $out/lib.
       "-Dc_link_args=-Wl,-rpath,${placeholder "out"}/lib"
-    ] ++ stdenv.lib.optionals (!haveDell) [
+    ] ++ lib.optionals (!haveDell) [
       "-Dplugin_dell=false"
       "-Dplugin_synaptics=false"
-    ] ++ stdenv.lib.optionals (!haveRedfish) [
+    ] ++ lib.optionals (!haveRedfish) [
       "-Dplugin_redfish=false"
-    ] ++ stdenv.lib.optionals haveFlashrom [
+    ] ++ lib.optionals haveFlashrom [
       "-Dplugin_flashrom=true"
+    ] ++ lib.optionals (!haveMSR) [
+      "-Dplugin_msr=false"
     ];
 
-    FONTCONFIG_FILE = fontsConf; # Fontconfig error: Cannot load default config file
+    # TODO: wrapGAppsHook wraps efi capsule even though it is not ELF
+    dontWrapGApps = true;
+
+    # /etc/os-release not available in sandbox
+    # doCheck = true;
+
+    # Environment variables
+
+    # Fontconfig error: Cannot load default config file
+    FONTCONFIG_FILE =
+      let
+        fontsConf = makeFontsConf {
+          fontDirectories = [ freefont_ttf ];
+        };
+      in fontsConf;
 
     # error: “PolicyKit files are missing”
     # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428
     PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions";
 
-    # TODO: wrapGAppsHook wraps efi capsule even though it is not elf
-    dontWrapGApps = true;
+    # Phase hooks
+
+    postPatch = ''
+      patchShebangs \
+        contrib/get-version.py \
+        contrib/generate-version-script.py \
+        meson_post_install.sh \
+        plugins/uefi-capsule/efi/generate_sbat.py \
+        plugins/uefi-capsule/efi/generate_binary.py \
+        po/make-images \
+        po/make-images.sh \
+        po/test-deps
+    '';
 
     preCheck = ''
       addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share"
     '';
 
-    # so we need to wrap the executables manually
+    postInstall =
+      let
+        testFw = fetchFromGitHub {
+          owner = "fwupd";
+          repo = "fwupd-test-firmware";
+          rev = "c13bfb26cae5f4f115dd4e08f9f00b3cb9acc25e";
+          sha256 = "US81i7mtLEe85KdWz5r+fQTk61IhqjVkzykBaBPuKL4=";
+        };
+      in ''
+        # These files have weird licenses so they are shipped separately.
+        cp --recursive --dereference "${testFw}/installed-tests/tests" "$installedTests/libexec/installed-tests/fwupd"
+      '';
+
+    preFixup = let
+      binPath = [
+        efibootmgr
+        bubblewrap
+        tpm2-tools
+      ] ++ lib.optional haveFlashrom flashrom;
+    in ''
+      gappsWrapperArgs+=(
+        --prefix XDG_DATA_DIRS : "${shared-mime-info}/share"
+        # See programs reached with fu_common_find_program_in_path in source
+        --prefix PATH : "${lib.makeBinPath binPath}"
+      )
+    '';
+
+    # Since we had to disable wrapGAppsHook, we need to wrap the executables manually.
     postFixup = ''
       find -L "$out/bin" "$out/libexec" -type f -executable -print0 \
         | while IFS= read -r -d ''' file; do
@@ -247,18 +284,18 @@ let
       done
     '';
 
+    separateDebugInfo = true;
+
     passthru = {
       filesInstalledToEtc = [
-        "fwupd/ata.conf"
         "fwupd/daemon.conf"
-        "fwupd/redfish.conf"
         "fwupd/remotes.d/lvfs-testing.conf"
         "fwupd/remotes.d/lvfs.conf"
         "fwupd/remotes.d/vendor.conf"
         "fwupd/remotes.d/vendor-directory.conf"
         "fwupd/thunderbolt.conf"
         "fwupd/upower.conf"
-        "fwupd/uefi.conf"
+        "fwupd/uefi_capsule.conf"
         "pki/fwupd/GPG-KEY-Hughski-Limited"
         "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware"
         "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service"
@@ -266,18 +303,21 @@ let
         "pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata"
         "pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service"
         "pki/fwupd-metadata/LVFS-CA.pem"
-      ] ++ stdenv.lib.optionals haveDell [
+      ] ++ lib.optionals haveDell [
         "fwupd/remotes.d/dell-esrt.conf"
+      ] ++ lib.optionals haveRedfish [
+        "fwupd/redfish.conf"
       ];
 
-      # BlacklistPlugins key in fwupd/daemon.conf
-      defaultBlacklistedPlugins = [
+      # DisabledPlugins key in fwupd/daemon.conf
+      defaultDisabledPlugins = [
         "test"
+        "test_ble"
         "invalid"
       ];
 
       tests = let
-        listToPy = list: "[${stdenv.lib.concatMapStringsSep ", " (f: "'${f}'") list}]";
+        listToPy = list: "[${lib.concatMapStringsSep ", " (f: "'${f}'") list}]";
       in {
         installedTests = nixosTests.installed-tests.fwupd;
 
@@ -295,19 +335,19 @@ let
 
           config = configparser.RawConfigParser()
           config.read('${self}/etc/fwupd/daemon.conf')
-          package_blacklisted_plugins = config.get('fwupd', 'BlacklistPlugins').rstrip(';').split(';')
-          passthru_blacklisted_plugins = ${listToPy passthru.defaultBlacklistedPlugins}
-          assert package_blacklisted_plugins == passthru_blacklisted_plugins, f'Default blacklisted plug-ins in the package {package_blacklisted_plugins} do not match those listed in passthru.defaultBlacklistedPlugins {passthru_blacklisted_plugins}'
+          package_disabled_plugins = config.get('fwupd', 'DisabledPlugins').rstrip(';').split(';')
+          passthru_disabled_plugins = ${listToPy passthru.defaultDisabledPlugins}
+          assert package_disabled_plugins == passthru_disabled_plugins, f'Default disabled plug-ins in the package {package_disabled_plugins} do not match those listed in passthru.defaultDisabledPlugins {passthru_disabled_plugins}'
 
           pathlib.Path(os.getenv('out')).touch()
         '';
       };
     };
 
-    meta = with stdenv.lib; {
+    meta = with lib; {
       homepage = "https://fwupd.org/";
       maintainers = with maintainers; [ jtojnar ];
-      license = [ licenses.gpl2 ];
+      license = licenses.lgpl21Plus;
       platforms = platforms.linux;
     };
   };