1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
(define-module (ryan-packages bootloaders)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages efi)
#:use-module (gnu packages base)
#:use-module (gnu packages linux)
#:use-module (gnu packages gperf)
#:use-module (gnu packages crypto)
#:use-module (gnu packages python)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages python-crypto)
#:use-module (gnu packages pkg-config)
;below for cryptsetup
#:use-module (gnu packages password-utils)
#:use-module (gnu packages cryptsetup)
#:use-module (gnu packages security-token)
#:use-module (gnu packages web)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages tls)
#:use-module (guix gexp)
#:use-module (guix utils)
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system meson)
#:use-module (guix build-system python))
(define systemd-version "258")
(define systemd-source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/systemd/systemd")
(commit (string-append "v" systemd-version))))
(file-name (git-file-name "systemd" systemd-version))
(sha256
(base32
"18gnp45gl1154jra6qv95k8y7ny6phdm87yqi5jdq13cadlrklf6"))))
(define-public (systemd-stub-name)
(let ((arch (cond ((target-x86-32?) "ia32")
((target-x86-64?) "x64")
((target-arm32?) "arm")
((target-aarch64?) "aa64")
((target-riscv64?) "riscv64"))))
(string-append "linux" arch ".efi.stub")))
(define-public systemd-stub
(package
(name "systemd-stub")
(version systemd-version)
(source systemd-source)
(build-system meson-build-system)
(arguments
(list
#:configure-flags
`(list "-Defi=true" "-Dsbat-distro=guix"
"-Dsbat-distro-generation=1" ; package revision!
"-Dsbat-distro-summary=Guix System"
"-Dsbat-distro-url=https://guix.gnu.org"
,(string-append "-Dsbat-distro-pkgname=" name)
,(string-append "-Dsbat-distro-version=" version))
#:phases
#~(let ((stub #$(string-append "src/boot/" (systemd-stub-name))))
(modify-phases %standard-phases
(replace 'build
(lambda* (#:key parallel-build? #:allow-other-keys)
(invoke "ninja" stub
"-j" (if parallel-build?
(number->string (parallel-job-count)) "1"))))
(replace 'install
(lambda _
(install-file stub (string-append #$output "/libexec"))))
(delete 'check)))))
(inputs (list libcap python-pyelftools `(,util-linux "lib")))
(native-inputs (list libxcrypt gperf pkg-config python-3 python-jinja2))
(home-page "https://systemd.io")
(synopsis "Unified kernel image UEFI stub")
(description "Simple UEFi boot stub that loads a conjoined kernel image and
supporting data to their proper locations, before chainloading to the kernel.
Supports measured and/or verified boot environments.")
(license license:lgpl2.1+)))
(define-public ukify
(package
(name "ukify")
(version systemd-version)
(source systemd-source)
(build-system python-build-system)
(arguments
(list #:phases
#~(modify-phases %standard-phases
(replace 'build
(lambda _
(substitute* "src/ukify/ukify.py" ; added in python 3.11
(("datetime\\.UTC") "datetime.timezone.utc"))))
(delete 'check)
(replace 'install
(lambda* (#:key inputs #:allow-other-keys)
(let* ((bin (string-append #$output "/bin"))
(file (string-append bin "/ukify"))
(binutils (assoc-ref inputs "binutils"))
(sbsign (assoc-ref inputs "sbsigntools")))
(mkdir-p bin)
(copy-file "src/ukify/ukify.py" file)
(wrap-program file
`("PATH" ":" prefix
(,(string-append binutils "/bin")
,(string-append sbsign "/bin"))))))))))
(inputs (list binutils python-cryptography python-pefile sbsigntools))
(home-page "https://systemd.io")
(synopsis "Unified kernel image UEFI tool")
(description "@command{ukify} joins together a UKI stub, linux kernel, initrd,
kernel arguments, and optional secure boot signatures into a single, UEFI-bootable
image.")
(license license:lgpl2.1+)))
(define-public systemd-cryptsetup
(package
(name "systemd-cryptsetup")
(version systemd-version)
(source systemd-source)
(build-system meson-build-system)
(arguments
(list
#:build-type "release"
#:configure-flags
`(list "-Dlibcryptsetup=true" "-Dlibfido2=true"
"-Dopenssl=true")
#:phases
#~(modify-phases %standard-phases
(replace 'build
(lambda* (#:key parallel-build? #:allow-other-keys)
(invoke "ninja" "systemd-cryptsetup"
"-j" (if parallel-build?
(number->string (parallel-job-count)) "1"))))
(replace 'install
(lambda _
(install-file "systemd-cryptsetup" (string-append #$output "/libexec"))
(install-file "src/shared/libsystemd-shared-258.so" (string-append #$output "/lib"))))
(delete 'check))))
(native-inputs (list `(,util-linux "lib") eudev lvm2 cryptsetup libfido2 libxcrypt gperf pkg-config python-3 python-jinja2 libcap argon2 json-c libgcrypt openssl))
(home-page "test")
(synopsis "test")
(description "test")
(license license:lgpl2.1+)))
systemd-cryptsetup
|
