diff --git a/pkgs/tools/security/chipsec/compile-ko.diff b/pkgs/tools/security/chipsec/compile-ko.diff new file mode 100644 index 000000000000..0ab2c80a6251 --- /dev/null +++ b/pkgs/tools/security/chipsec/compile-ko.diff @@ -0,0 +1,13 @@ +diff --git i/setup.py w/setup.py +index cfe2665..5795874 100755 +--- i/setup.py ++++ w/setup.py +@@ -179,7 +179,7 @@ class build_ext(_build_ext): + driver_build_function = self._build_win_driver + self._build_win_compression() + +- if not self.skip_driver: ++ if True: + driver_build_function() + + def get_source_files(self): diff --git a/pkgs/tools/security/chipsec/default.nix b/pkgs/tools/security/chipsec/default.nix index 7e00c0b07cf7..fbb9c421e353 100644 --- a/pkgs/tools/security/chipsec/default.nix +++ b/pkgs/tools/security/chipsec/default.nix @@ -1,29 +1,54 @@ -{ stdenv, lib, fetchFromGitHub, python2Packages, nasm, libelf -, kernel ? null, withDriver ? false }: -python2Packages.buildPythonApplication rec { +{ lib +, stdenv +, fetchFromGitHub +, kernel ? null +, libelf +, nasm +, python3 +, withDriver ? false +}: + +python3.pkgs.buildPythonApplication rec { pname = "chipsec"; - version = "1.5.1"; + version = "1.6.1"; + disabled = !stdenv.isLinux; src = fetchFromGitHub { owner = "chipsec"; repo = "chipsec"; rev = version; - sha256 = "1rxr9i08a22m15slvlkrhnki30jixi2ds096kmmc2nqzfr9yibmb"; + sha256 = "01sp24z63r3nqxx57zc4873b8i5dqipy7yrxzrwjns531vznhiy2"; }; - disabled = !stdenv.isLinux; + patches = lib.optionals withDriver [ ./ko-path.diff ./compile-ko.diff ]; + + KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; nativeBuildInputs = [ - nasm libelf + libelf + nasm ]; - setupPyBuildFlags = lib.optional (!withDriver) "--skip-driver"; + checkInputs = [ + python3.pkgs.distro + python3.pkgs.pytestCheckHook + ]; - checkPhase = "python setup.py build " - + lib.optionalString (!withDriver) "--skip-driver " - + "test"; + preBuild = lib.optionalString withDriver '' + export CHIPSEC_BUILD_LIB=$(mktemp -d) + mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux + ''; - KERNEL_SRC_DIR = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + preInstall = lib.optionalString withDriver '' + mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux + mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \ + $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko + ''; + + setupPyBuildFlags = [ "--build-lib=$CHIPSEC_BUILD_LIB" ] + ++ lib.optional (!withDriver) "--skip-driver"; + + pythonImportsCheck = [ "chipsec" ]; meta = with lib; { description = "Platform Security Assessment Framework"; @@ -34,7 +59,7 @@ python2Packages.buildPythonApplication rec { interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. ''; - license = licenses.gpl2; + license = licenses.gpl2Only; homepage = "https://github.com/chipsec/chipsec"; maintainers = with maintainers; [ johnazoidberg ]; platforms = if withDriver then [ "x86_64-linux" ] else platforms.all; diff --git a/pkgs/tools/security/chipsec/ko-path.diff b/pkgs/tools/security/chipsec/ko-path.diff new file mode 100644 index 000000000000..ad26d232d964 --- /dev/null +++ b/pkgs/tools/security/chipsec/ko-path.diff @@ -0,0 +1,13 @@ +diff --git c/chipsec/helper/linux/linuxhelper.py i/chipsec/helper/linux/linuxhelper.py +index c51b5e6..4be05ea 100644 +--- c/chipsec/helper/linux/linuxhelper.py ++++ i/chipsec/helper/linux/linuxhelper.py +@@ -152,7 +152,7 @@ class LinuxHelper(Helper): + else: + a2 = "a2=0x{}".format(phys_mem_access_prot) + +- driver_path = os.path.join(chipsec.file.get_main_dir(), "chipsec", "helper", "linux", "chipsec.ko" ) ++ driver_path = os.path.join(chipsec.file.get_main_dir(), "drivers", "linux", "chipsec.ko" ) + if not os.path.exists(driver_path): + driver_path += ".xz" + if not os.path.exists(driver_path):