1 files changed, 64 insertions, 15 deletions
diff --git a/pkgs/tools/virtualization/mkosi/default.nix b/pkgs/tools/virtualization/mkosi/default.nix
index 8fc5376e4c2..3b1a4988f47 100644
--- a/pkgs/tools/virtualization/mkosi/default.nix
+++ b/pkgs/tools/virtualization/mkosi/default.nix
@@ -1,44 +1,86 @@
 { lib
 , fetchFromGitHub
+, fetchpatch
+, stdenv
+, python3
+, bubblewrap
+, systemd
+
+  # Python packages
 , setuptools
 , setuptools-scm
 , wheel
 , buildPythonApplication
 , pytestCheckHook
-, bubblewrap
-, systemd
-, stdenv
+, pefile
+
+  # Optional dependencies
+, withQemu ? false
+, qemu
+, OVMF
 }:
 let
   # For systemd features used by mkosi, see
   # https://github.com/systemd/mkosi/blob/19bb5e274d9a9c23891905c4bcbb8f68955a701d/action.yaml#L64-L72
-  systemdForMkosi = systemd.override {
-    # Will be added in #243242
-    # withRepart = true;
-    # withBootloader = true;
+  systemdForMkosi = (systemd.overrideAttrs (oldAttrs: {
+    patches = oldAttrs.patches ++ [
+      # Enable setting a deterministic verity seed for systemd-repart. Remove when upgrading to systemd 255.
+      (fetchpatch {
+        url = "https://github.com/systemd/systemd/commit/81e04781106e3db24e9cf63c1d5fdd8215dc3f42.patch";
+        hash = "sha256-KO3poIsvdeepPmXWQXNaJJCPpmBb4sVmO+ur4om9f5k=";
+      })
+      # Propagate SOURCE_DATE_EPOCH to mcopy. Remove when upgrading to systemd 255.
+      (fetchpatch {
+        url = "https://github.com/systemd/systemd/commit/4947de275a5553399854cc748f4f13e4ae2ba069.patch";
+        hash = "sha256-YIZZyc3f8pQO9fMAxiNhDdV8TtL4pXoh+hwHBzRWtfo=";
+      })
+      # repart: make sure rewinddir() is called before readdir() when performing rm -rf. Remove when upgrading to systemd 255.
+      (fetchpatch {
+        url = "https://github.com/systemd/systemd/commit/6bbb893b90e2dcb05fb310ba4608f9c9dc587845.patch";
+        hash = "sha256-A6cF2QAeYHGc0u0V1JMxIcV5shzf5x3Q6K+blZOWSn4=";
+      })
+      # Set timezone to UTC when invoking mcopy. Remove when upgrading to systemd 255.
+      (fetchpatch {
+        url = "https://github.com/systemd/systemd/commit/b2942c76adc5bb6a3e073aa5cee57834ee3a9813.patch";
+        hash = "sha256-phGln3Gs9p8CsEe+1laGrm9xcUJWVbNBW0W8oR9/7YU=";
+      })
+    ];
+  })).override {
+    withRepart = true;
+    withBootloader = true;
+    withSysusers = true;
+    withFirstboot = true;
     withEfi = true;
     withUkify = true;
   };
+
+  python3pefile = python3.withPackages (ps: with ps; [
+    pefile
+  ]);
 in
 buildPythonApplication rec {
   pname = "mkosi";
-  version = "15.2-pre"; # 15.1 is the latest release, but we require a newer commit
+  version = "18";
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "systemd";
     repo = "mkosi";
-    # Fix from the commit is needed to run on NixOS,
-    # see https://github.com/systemd/mkosi/issues/1792
-    rev = "ca9673cbcbd9f293e5566cec4a1ba14bbcd075b8";
-    hash = "sha256-y5gG/g33HBpH1pTXfjHae25bc5p/BvlCm9QxOIYtcA8=";
+    rev = "v${version}";
+    hash = "sha256-bnd2P6lq1XqKed3m4hDYrR9IcdrPaJxNBL2Z6jCruV4=";
   };
 
   # Fix ctypes finding library
   # https://github.com/NixOS/nixpkgs/issues/7307
-  patchPhase = lib.optionalString stdenv.isLinux ''
-    substituteInPlace mkosi/run.py --replace \
-      'ctypes.util.find_library("c")' "'${stdenv.cc.libc}/lib/libc.so.6'"
+  postPatch = lib.optionalString stdenv.isLinux ''
+    substituteInPlace mkosi/run.py \
+      --replace 'ctypes.util.find_library("c")' "'${stdenv.cc.libc}/lib/libc.so.6'"
+    substituteInPlace mkosi/__init__.py \
+      --replace '/usr/lib/systemd/ukify' "${systemdForMkosi}/lib/systemd/ukify"
+  '' + lib.optionalString withQemu ''
+    substituteInPlace mkosi/qemu.py \
+      --replace '/usr/share/ovmf/x64/OVMF_VARS.fd' "${OVMF.variables}" \
+      --replace '/usr/share/ovmf/x64/OVMF_CODE.fd' "${OVMF.firmware}"
   '';
 
   nativeBuildInputs = [
@@ -47,9 +89,15 @@ buildPythonApplication rec {
     wheel
   ];
 
+  makeWrapperArgs = [
+    "--set MKOSI_INTERPRETER ${python3pefile}/bin/python3"
+  ];
+
   propagatedBuildInputs = [
     systemdForMkosi
     bubblewrap
+  ] ++ lib.optional withQemu [
+    qemu
   ];
 
   postInstall = ''
@@ -64,6 +112,7 @@ buildPythonApplication rec {
   meta = with lib; {
     description = "Build legacy-free OS images";
     homepage = "https://github.com/systemd/mkosi";
+    changelog = "https://github.com/systemd/mkosi/releases/tag/v${version}";
     license = licenses.lgpl21Only;
     mainProgram = "mkosi";
     maintainers = with maintainers; [ malt3 katexochen ];