blob: 0989a37454ca7d154b4132cc6c35ab6aac51db3f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
{ stdenv, fetchFromGitHub, lib, elfutils, vendorCertFile ? null
, defaultLoader ? null }:
let
inherit (stdenv.hostPlatform) system;
throwSystem = throw "Unsupported system: ${system}";
target = {
x86_64-linux = "shimx64.efi";
aarch64-linux = "shimaa64.efi";
}.${system} or throwSystem;
in stdenv.mkDerivation rec {
pname = "shim";
version = "15.7";
src = fetchFromGitHub {
owner = "rhboot";
repo = pname;
rev = version;
hash = "sha256-CfUuq0anbXlCVo9r9NIb76oJzDqaPMIhL9cmXK1iqXo=";
fetchSubmodules = true;
};
buildInputs = [ elfutils ];
env.NIX_CFLAGS_COMPILE = toString [ "-I${toString elfutils.dev}/include" ];
makeFlags =
lib.optional (vendorCertFile != null) "VENDOR_CERT_FILE=${vendorCertFile}"
++ lib.optional (defaultLoader != null) "DEFAULT_LOADER=${defaultLoader}"
++ [ target ];
installPhase = ''
mkdir -p $out/share/shim
install -m 644 ${target} $out/share/shim/
'';
passthru = {
# Expose the target file name so that consumers
# (e.g. infrastructure for signing this shim) don't need to
# duplicate the logic from here
inherit target;
};
meta = with lib; {
description = "UEFI shim loader";
homepage = "https://github.com/rhboot/shim";
license = licenses.bsd1;
platforms = [ "x86_64-linux" "aarch64-linux" ];
maintainers = with maintainers; [ baloo raitobezarius ];
};
}
|