From ee4cfdda0a54567735e4c30662afd3f76e1c8a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 3 Oct 2022 22:21:02 +0200 Subject: crypto-wrapper: add and hopefully integrate the tools --- flake.lock | 6 +++--- pkgs/crypto-wrapper/default.nix | 18 +++++++++++++----- pkgs/default.nix | 15 ++++++++------- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 491c503..251532f 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1660817299, - "narHash": "sha256-0QZE5FYLOyTEpKobPk32gxAQBtYs/nAfGx3PK+x6bXI=", + "lastModified": 1664787379, + "narHash": "sha256-gfKKtflfRcyxUPeTQ1JwyF1vXdyVvjO6Zy7GVyDdPro=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b42e50fe36242b1b205a7d501b7911d698218086", + "rev": "2c2c0afe1b5b31ed6a559ec4687b58608fa9069d", "type": "github" }, "original": { diff --git a/pkgs/crypto-wrapper/default.nix b/pkgs/crypto-wrapper/default.nix index 3f431b2..1d4d20b 100644 --- a/pkgs/crypto-wrapper/default.nix +++ b/pkgs/crypto-wrapper/default.nix @@ -1,9 +1,15 @@ { stdenv, lib, fetchgit -, bash +, bash, openssl , makeWrapper +, libatsha204, mox-otp }: +let -stdenv.mkDerivation rec { + bins = [openssl] + ++ lib.optional (stdenv.system == "aarch64-linux") mox-otp + ++ lib.optional (stdenv.system == "armv7l-linux") libatsha204; + +in stdenv.mkDerivation rec { pname = "crypto-wrapper"; version = "0.4"; meta = with lib; { @@ -19,10 +25,12 @@ stdenv.mkDerivation rec { sha256 = "1ly37cajkmgqmlj230h5az9m2m1rgvf4r0bf94yipp80wl0z215s"; }; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' mkdir -p $out/bin - cp crypto-wrapper.sh $out/bin/crypto-wrapper - wrapProgram $out/bin/crypto-wrapper \ - --prefix PATH : ${lib.makeBinPath [ bash openssl coreutils ]} + makeWrapper crypto-wrapper.sh $out/bin/crypto-wrapper \ + --prefix PATH : ${lib.makeBinPath bins} ''; } diff --git a/pkgs/default.nix b/pkgs/default.nix index b16795d..41c28c8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -16,22 +16,23 @@ let # Crypto and certificates libatsha204 = callPackage ./libatsha204 { }; mox-otp = python3Packages.callPackage ./mox-otp { }; - #crypto-wrapper = callPackage ./crypto-wrapper { }; + crypto-wrapper = callPackage ./crypto-wrapper { }; #certgen = python3Packages.callPackage ./certgen { }; # NOR Firmwares - ubootTurrisMox = buildUBoot { - defconfig = "turris_mox_defconfig"; - extraMeta.platforms = ["aarch64-linux"]; - filesToInstall = ["u-boot.bin"]; - extraPatches = [ ./patches/include-configs-turris_mox-increase-space-for-the-ke.patch ]; - }; armTrustedFirmwareTurrisMox = buildArmTrustedFirmware rec { platform = "a3700"; extraMeta.platforms = ["aarch64-linux"]; extraMakeFlags = ["USE_COHERENT_MEM=0" "CM3_SYSTEM_RESET=1" "FIP_ALIGN=0x100"]; filesToInstall = ["build/${platform}/release/bl31.bin"]; }; + ubootTurrisMox = buildUBoot { + defconfig = "turris_mox_defconfig"; + extraMeta.platforms = ["aarch64-linux"]; + filesToInstall = ["u-boot.bin"]; + extraPatches = [ ./patches/include-configs-turris_mox-increase-space-for-the-ke.patch ]; + BL31 = "${armTrustedFirmwareTurrisMox}/bl31.bin"; + }; ubootTurrisOmnia = buildUBoot { defconfig = "turris_omnia_defconfig"; extraMeta.platforms = ["armv7l-linux"]; -- cgit v1.2.3