diff --git a/flake.lock b/flake.lock
index 85be38f..3725da4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1739020877,
- "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
+ "lastModified": 1744932701,
+ "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
+ "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 9e92cc8..99fce5b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,12 +18,14 @@
pkgs = import nixpkgs { inherit system; };
patosPkgs = self.packages.${system};
version = "0.0.1";
+ secureBoot = "false";
+ cpuArch = "intel";
updateUrl = "http://10.0.2.2:8000/";
in
{
packages = {
default = patosPkgs.image;
- image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl; };
+ image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl cpuArch secureBoot; };
rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };
initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };
kernel = pkgs.callPackage ./pkgs/kernel { };
diff --git a/pkgs/busybox/default.nix b/pkgs/busybox/default.nix
index e318d8a..6f22641 100644
--- a/pkgs/busybox/default.nix
+++ b/pkgs/busybox/default.nix
@@ -1,6 +1,7 @@
{
stdenv,
lib,
+ pkgs,
buildPackages,
fetchurl,
fetchpatch,
@@ -57,15 +58,12 @@ in
stdenv.mkDerivation rec {
pname = "busybox";
- version = "1.36.1";
+ version = pkgs.busybox.version;
# Note to whoever is updating busybox: please verify that:
# nix-build pkgs/stdenv/linux/make-bootstrap-tools.nix -A test
# still builds after the update.
- src = fetchurl {
- url = "https://busybox.net/downloads/${pname}-${version}.tar.bz2";
- sha256 = "sha256-uMwkyVdNgJ5yecO+NJeVxdXOtv3xnKcJ+AzeUOR94xQ=";
- };
+ src = pkgs.busybox.src;
hardeningDisable = [
"format"
diff --git a/pkgs/dbus-broker/default.nix b/pkgs/dbus-broker/default.nix
index 809f3ce..0002d9c 100644
--- a/pkgs/dbus-broker/default.nix
+++ b/pkgs/dbus-broker/default.nix
@@ -100,14 +100,9 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "dbus-broker";
- version = "36";
+ version = pkgs.dbus-broker.version;
- src = fetchFromGitHub {
- owner = "bus1";
- repo = "dbus-broker";
- rev = "v${finalAttrs.version}";
- hash = "sha256-5dAMKjybqrHG57vArbtWEPR/svSj2ION75JrjvnnpVM=";
- };
+ src = pkgs.dbus-broker.src;
nativeBuildInputs = with pkgs; [
docutils
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index a248a09..05d9c72 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -1,16 +1,21 @@
{
+ lib,
pkgs,
patosPkgs,
version,
runCommand,
- updateUrl
+ updateUrl,
+ cpuArch ? "",
+ secureBoot ? "false"
}:
let
pname = "patos-image";
in
runCommand pname {
- inherit version;
- inherit updateUrl;
+ inherit version cpuArch updateUrl secureBoot;
+
+ microcode = lib.optionalString (cpuArch == "amd") "--microcode ${pkgs.microcode-amd}/amd-ucode.img"
+ + lib.optionalString (cpuArch == "intel") "--microcode ${pkgs.microcode-intel}/intel-ucode.img";
buildInputs = with pkgs; [
erofs-utils
@@ -25,7 +30,7 @@ runCommand pname {
SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
};
- kernelCmdLine = "console=ttyS0 patos.secureboot=false";
+ kernelCmdLine = "console=ttyS0 patos.secureboot=${secureBoot}";
}
''
mkdir -p $out/init.repart.d $out/final.repart.d
@@ -176,6 +181,7 @@ ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
${patosPkgs.systemd}/usr/bin/ukify build \
--linux ${patosPkgs.kernel}/bzImage \
--initrd ${patosPkgs.initrd}/initrd.xz \
+ $microcode \
--os-release @rootfs/etc/os-release \
--cmdline "$kernelCmdLine roothash=$roothash" \
-o patos_${version}.efi
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index a5f24db..1297825 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.13.7";
- hash = "sha256-Ojm2IDi3rC9D0mofhLQoPhl4BOHoF61jfpo9h0xHgB0=";
+ version = "6.14.2";
+ hash = "sha256-xcaCo1TqMZATk1elfTSnnlw3IhrOgjqTjhARa1d6Lhs=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
diff --git a/pkgs/lvm2/default.nix b/pkgs/lvm2/default.nix
index f211e26..8d18663 100644
--- a/pkgs/lvm2/default.nix
+++ b/pkgs/lvm2/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
fetchurl,
lib,
pkg-config,
@@ -7,17 +8,11 @@
udev,
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation {
pname = "lvm2";
- version = "2.03.30";
+ version = pkgs.lvm2.version;
- src = fetchurl {
- urls = [
- "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${version}.tgz"
- "ftp://sourceware.org/pub/lvm2/LVM2.${version}.tgz"
- ];
- hash = "sha256-rXar7LjciHcz4GxEnLmt0Eo1BvnweAwSiBem4aF87AU=";
- };
+ src = pkgs.lvm2.src;
nativeBuildInputs = [
pkg-config
diff --git a/pkgs/openssl/default.nix b/pkgs/openssl/default.nix
index bc833cc..08c1309 100644
--- a/pkgs/openssl/default.nix
+++ b/pkgs/openssl/default.nix
@@ -1,5 +1,6 @@
{
lib,
+ pkgs,
stdenv,
fetchurl,
perl,
@@ -18,13 +19,9 @@
stdenv.mkDerivation rec {
pname = "openssl";
- version = "3.4.1";
- hash = "sha256-ACotazC1i/S+pGxDvdljZar42qbEKHgqpP7uBtoZffM=";
+ version = pkgs.openssl.version;
- src = fetchurl {
- url = "https://github.com/openssl/openssl/releases/download/openssl-${version}/openssl-${version}.tar.gz";
- hash = hash;
- };
+ src = pkgs.openssl.src;
outputs = [ "out" ];
diff --git a/pkgs/rootfs/mkrootfs.nix b/pkgs/rootfs/mkrootfs.nix
index 235a70a..bda4c7d 100644
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@@ -21,11 +21,12 @@ runCommand "patos-rootfs"
''
### create directory structure
mkdir -p $out/etc/repart.d $out/dev $out/proc $out/sys \
- $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var/tmp
+ $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var
ln -sf /usr/bin $out/bin
ln -sf /usr/bin $out/sbin
ln -sf /usr/lib $out/lib
ln -sf /usr/lib $out/lib64
+ln -sf /tmp $out/var/tmp
ln -sf ../proc/self/mounts $out/etc/mtab
### install systemd
diff --git a/pkgs/systemd/default.nix b/pkgs/systemd/default.nix
index a1cb314..a93fd76 100644
--- a/pkgs/systemd/default.nix
+++ b/pkgs/systemd/default.nix
@@ -7,7 +7,7 @@
...
}:
let
- version = "257.4";
+ version = "257.5";
# Use the command below to update `releaseTimestamp` on every (major) version
# change. More details in the commentary at mesonFlags.
diff --git a/pkgs/tpm2-tools/default.nix b/pkgs/tpm2-tools/default.nix
index f447fe6..4bb14c1 100644
--- a/pkgs/tpm2-tools/default.nix
+++ b/pkgs/tpm2-tools/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
fetchurl,
lib,
pandoc,
@@ -10,19 +11,17 @@
libuuid,
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation {
pname = "tpm2-tools";
- version = "5.7";
+ version = pkgs.tpm2-tools.version;
- src = fetchurl {
- url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
- sha256 = "sha256-OBDTa1B5JW9PL3zlUuIiE9Q7EDHBMVON+KLbw8VwmDo=";
- };
+ src = pkgs.tpm2-tools.src;
nativeBuildInputs = [
pandoc
pkg-config
];
+
buildInputs = [
curl
openssl
diff --git a/pkgs/tpm2-tss/default.nix b/pkgs/tpm2-tss/default.nix
index 5e23100..5a6477a 100644
--- a/pkgs/tpm2-tss/default.nix
+++ b/pkgs/tpm2-tss/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
lib,
fetchFromGitHub,
autoreconfHook,
@@ -19,14 +20,9 @@
stdenv.mkDerivation rec {
pname = "tpm2-tss";
- version = "4.1.3";
+ version = pkgs.tpm2-tss.version;
- src = fetchFromGitHub {
- owner = "tpm2-software";
- repo = pname;
- rev = version;
- hash = "sha256-BP28utEUI9g1VNv3lCXuiKrDtEImFQxxZfIjLiE3Wr8=";
- };
+ src = pkgs.tpm2-tss.src;
patches = [
./no-shadow.patch