diff --git a/flake.lock b/flake.lock
index 85be38f..bac1c51 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1739020877,
- "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
+ "lastModified": 1747542820,
+ "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
+ "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 9e92cc8..3567477 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,12 +18,14 @@
pkgs = import nixpkgs { inherit system; };
patosPkgs = self.packages.${system};
version = "0.0.1";
+ secureBoot = "false";
+ cpuArch = "intel";
updateUrl = "http://10.0.2.2:8000/";
in
{
packages = {
default = patosPkgs.image;
- image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl; };
+ image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl cpuArch secureBoot; };
rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };
initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };
kernel = pkgs.callPackage ./pkgs/kernel { };
@@ -47,6 +49,13 @@
{ drv = pkgs.curl; path = "bin/curl"; }
{ drv = pkgs.bash; path = "bin/bash"; }
{ drv = patosPkgs.glibc; path = "bin/ldd"; }
+ { drv = pkgs.util-linux; path = "bin/sfdisk"; }
+ { drv = pkgs.readline.out; path = "lib/libreadline.so.8.2"; }
+ { drv = pkgs.readline.out; path = "lib/libreadline.so.8"; }
+ { drv = pkgs.readline.out; path = "lib/libhistory.so.8.2"; }
+ { drv = pkgs.readline.out; path = "lib/libhistory.so.8"; }
+ { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6.5"; }
+ { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6"; }
{ drv = pkgs.keyutils; path = "bin/keyctl"; }
{ drv = pkgs.gnutar; path = "bin/tar"; }
{ drv = pkgs.binutils-unwrapped; path = "bin/strings"; }
@@ -67,7 +76,7 @@
# shared lib required for binutils
{ drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1.0.0"; }
{ drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1"; }
- { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd-2.43.1.so"; }
+ { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd-2.44.so"; }
{ drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd.so"; }
# shared lib required for strace
{ drv = pkgs.elfutils.out; path = "lib/libdw-0.192.so"; }
diff --git a/pkgs/busybox/default.nix b/pkgs/busybox/default.nix
index e318d8a..6f22641 100644
--- a/pkgs/busybox/default.nix
+++ b/pkgs/busybox/default.nix
@@ -1,6 +1,7 @@
{
stdenv,
lib,
+ pkgs,
buildPackages,
fetchurl,
fetchpatch,
@@ -57,15 +58,12 @@ in
stdenv.mkDerivation rec {
pname = "busybox";
- version = "1.36.1";
+ version = pkgs.busybox.version;
# Note to whoever is updating busybox: please verify that:
# nix-build pkgs/stdenv/linux/make-bootstrap-tools.nix -A test
# still builds after the update.
- src = fetchurl {
- url = "https://busybox.net/downloads/${pname}-${version}.tar.bz2";
- sha256 = "sha256-uMwkyVdNgJ5yecO+NJeVxdXOtv3xnKcJ+AzeUOR94xQ=";
- };
+ src = pkgs.busybox.src;
hardeningDisable = [
"format"
diff --git a/pkgs/dbus-broker/default.nix b/pkgs/dbus-broker/default.nix
index 809f3ce..0002d9c 100644
--- a/pkgs/dbus-broker/default.nix
+++ b/pkgs/dbus-broker/default.nix
@@ -100,14 +100,9 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "dbus-broker";
- version = "36";
+ version = pkgs.dbus-broker.version;
- src = fetchFromGitHub {
- owner = "bus1";
- repo = "dbus-broker";
- rev = "v${finalAttrs.version}";
- hash = "sha256-5dAMKjybqrHG57vArbtWEPR/svSj2ION75JrjvnnpVM=";
- };
+ src = pkgs.dbus-broker.src;
nativeBuildInputs = with pkgs; [
docutils
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index 7407df1..05d9c72 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -5,282 +5,252 @@
version,
runCommand,
updateUrl,
+ cpuArch ? "",
+ secureBoot ? "false"
}:
let
pname = "patos-image";
-
- writeConf =
- name: attrs:
- pkgs.writeTextFile {
- name = name;
- text = lib.generators.toINI {
- mkKeyValue = lib.generators.mkKeyValueDefault {
- mkValueString =
- v:
- if v == true then
- ''"yes"''
- else if v == false then
- ''"no"''
- else if lib.isString v then
- ''"${v}"''
- else
- lib.generators.mkValueStringDefault { } v;
- } "=";
- } attrs;
- };
-
- secureBootImportKeys = writeConf "secure-boot-import-keys.service" {
- Unit = {
- Description = "Import Secure Boot keys";
- DefaultDependencies = false;
- RequiresMountsFor = "/var/lib/sbctl /boot";
- ConditionPathExists = "/boot/sbctl/keys";
- After = "local-fs.target";
- };
-
- Service = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "sbctl import-keys -d /boot/sbctl/keys";
- ExecStartPost = "rm -rf /boot/sbctl";
- };
- };
-
- ukiTransfer = writeConf "10-uki.transfer" {
- Source = {
- Path = updateUrl;
- MatchPattern = "patos_@v.efi";
- Type = "url-file";
- };
-
- Target = {
- InstancesMax = 2;
- MatchPattern = "patos_@v+@l-@d.efi patos_@v+@l.efi patos_@v.efi";
- Mode = "0444";
- Path = "/EFI/Linux";
- PathRelativeTo = "esp";
- TriesDone = 0;
- TriesLeft = 3;
- Type = "regular-file";
- };
-
- Transfer = {
- Verify = false;
- };
- };
-
- rootVerityTransfer = writeConf "22-root-verity.transfer" {
- Source = {
- Type = "url-file";
- Path = updateUrl;
- MatchPattern = "patos_@v_@u.verity";
- };
-
- Target = {
- Type = "partition";
- Path = "auto";
- MatchPattern = "verity-@v";
- MatchPartitionType = "root-verity";
- ReadOnly = "1";
- };
-
- Transfer = {
- Verify = false;
- };
- };
-
- rootTransfer = writeConf "22-root.transfer" {
- Source = {
- Type = "url-file";
- Path = updateUrl;
- MatchPattern = "patos_@v_@u.root";
- };
-
- Target = {
- Type = "partition";
- Path = "auto";
- MatchPattern = "root-@v";
- MatchPartitionType = "root";
- ReadOnly = 1;
- };
- Transfer = {
- Verify = false;
- };
- };
in
-runCommand pname
- {
- inherit version;
- inherit updateUrl;
+runCommand pname {
+ inherit version cpuArch updateUrl secureBoot;
- buildInputs = with pkgs; [
- erofs-utils
- dosfstools
- mtools
- jq
- ];
+ microcode = lib.optionalString (cpuArch == "amd") "--microcode ${pkgs.microcode-amd}/amd-ucode.img"
+ + lib.optionalString (cpuArch == "intel") "--microcode ${pkgs.microcode-intel}/intel-ucode.img";
- env = {
- # vfat options won't efi won't find the fs otherwise.
- SYSTEMD_REPART_MKFS_OPTIONS_VFAT = "-S 512 -c";
- SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
- };
+ buildInputs = with pkgs; [
+ erofs-utils
+ dosfstools
+ mtools
+ jq
+ ];
- kernelCmdLine = "console=ttyS0 patos.secureboot=false";
- }
- ''
- mkdir -p $out/init.repart.d $out/final.repart.d
- pushd $out
+ env = {
+ # vfat options won't efi won't find the fs otherwise.
+ SYSTEMD_REPART_MKFS_OPTIONS_VFAT = "-S 512 -c";
+ SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
+ };
- mkdir rootfs
- cp -prP ${patosPkgs.rootfs}/* rootfs/
- find rootfs/ -type d -exec chmod 755 {} \;
+ kernelCmdLine = "console=ttyS0 patos.secureboot=${secureBoot}";
+}
+''
+mkdir -p $out/init.repart.d $out/final.repart.d
+pushd $out
- # package kernel modules as sysext (will reduce the image size a little bit (~3MB))
- mkdir rootfs/etc/extensions
- rm -rf rootfs/usr/lib/modules
- cp ${patosPkgs.kernel}/patos-kernel-modules* rootfs/etc/extensions/
+mkdir rootfs
+cp -prP ${patosPkgs.rootfs}/* rootfs/
+find rootfs/ -type d -exec chmod 755 {} \;
- # set default target to multi-user
- ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
+# package kernel modules as sysext (will reduce the image size a little bit (~3MB))
+mkdir rootfs/etc/extensions
+rm -rf rootfs/usr/lib/modules
+cp ${patosPkgs.kernel}/patos-kernel-modules* rootfs/etc/extensions/
- # enable dbus
- ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
- ln -sf ../dbus.socket rootfs/usr/lib/systemd/system/sockets.target.wants/dbus.socket
+# set default target to multi-user
+ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
- # enable network services
- ln -sf ../systemd-networkd.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-networkd.service
- ln -sf ../systemd-resolved.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-resolved.service
- ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.target.wants/systemd-timesyncd.service
- # enable default network config
- mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
+# enable dbus
+ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
+ln -sf ../dbus.socket rootfs/usr/lib/systemd/system/sockets.target.wants/dbus.socket
- # enable confext/sysext services
- ln -sf ../systemd-confext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-confext.service
- ln -sf ../systemd-sysext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-sysext.service
+# enable network services
+ln -sf ../systemd-networkd.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-networkd.service
+ln -sf ../systemd-resolved.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-resolved.service
+ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.target.wants/systemd-timesyncd.service
+# enable default network config
+mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
- cp ${secureBootImportKeys} rootfs/usr/lib/systemd/system/secure-boot-import-keys.service
- ln -sf ../secure-boot-import-keys.service rootfs/usr/lib/systemd/system/sysinit.target.wants/secure-boot-import-keys.service
+# enable confext/sysext services
+ln -sf ../systemd-confext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-confext.service
+ln -sf ../systemd-sysext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-sysext.service
- # sysupdate
- mkdir -p rootfs/etc/sysupdate.d
- cp ${rootTransfer} ${rootVerityTransfer} ${ukiTransfer} rootfs/etc/sysupdate.d/
+cat <<EOF > rootfs/usr/lib/systemd/system/secure-boot-import-keys.service
+[Unit]
+Description=Import Secure Boot keys
+DefaultDependencies=no
+RequiresMountsFor=/var/lib/sbctl /boot
+ConditionPathExists=/boot/sbctl/keys
+After=local-fs.target
- # Initial partitioning
- cat <<EOF > init.repart.d/10-root.conf
- [Partition]
- Type=root
- Format=erofs
- Minimize=best
- CopyFiles=/rootfs:/
- Verity=data
- VerityMatchKey=root
- SplitName=root
- EOF
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=sbctl import-keys -d /boot/sbctl/keys
+ExecStartPost=rm -rf /boot/sbctl
+EOF
+ln -sf ../secure-boot-import-keys.service rootfs/usr/lib/systemd/system/sysinit.target.wants/secure-boot-import-keys.service
- cat <<EOF > init.repart.d/20-root-verity.conf
- [Partition]
- Type=root-verity
- Verity=hash
- VerityMatchKey=root
- Minimize=best
- SplitName=verity
- EOF
+# sysupdate
+mkdir -p rootfs/etc/sysupdate.d
+cat <<EOF > rootfs/etc/sysupdate.d/10-uki.transfer
+[Source]
+Path=${updateUrl}
+MatchPattern=patos_@v.efi
+Type=url-file
- #TODO: Add verity signature partition
+[Target]
+InstancesMax=2
+MatchPattern=patos_@v+@l-@d.efi patos_@v+@l.efi patos_@v.efi
+Mode=0444
+Path=/EFI/Linux
+PathRelativeTo=esp
+TriesDone=0
+TriesLeft=3
+Type=regular-file
- ${patosPkgs.systemd}/usr/bin/systemd-repart \
- --no-pager \
- --empty=create \
- --size=auto \
- --definitions=./init.repart.d \
- --split=true \
- --json=pretty \
- --root=$out \
- patos_$version.raw > init-repart-output.json && rm -f patos_$version.raw
+[Transfer]
+Verify=no
+EOF
- roothash=$(jq -r '.[0].roothash' init-repart-output.json)
- rootPart=$(jq -r '.[0].split_path' init-repart-output.json)
- rootUuid=$(jq -r '.[0].uuid' init-repart-output.json)
+cat <<EOF > rootfs/etc/sysupdate.d/20-root-verity.transfer
+[Source]
+Type=url-file
+Path=${updateUrl}
+MatchPattern=patos_@v_@u.verity
- verityPart=$(jq -r '.[1].split_path' init-repart-output.json)
- verityUuid=$(jq -r '.[1].uuid' init-repart-output.json)
+[Target]
+Type=partition
+Path=auto
+MatchPattern=verity-@v
+MatchPartitionType=root-verity
+ReadOnly=1
- ln -sf patos_$version.verity.raw patos_${version}_$verityUuid.verity
- ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
+[Transfer]
+Verify=no
+EOF
- ${patosPkgs.systemd}/usr/bin/ukify build \
- --linux ${patosPkgs.kernel}/bzImage \
- --initrd ${patosPkgs.initrd}/initrd.xz \
- --os-release @rootfs/etc/os-release \
- --cmdline "$kernelCmdLine roothash=$roothash" \
- -o patos_${version}.efi
+cat <<EOF > rootfs/etc/sysupdate.d/22-root.transfer
+[Source]
+Type=url-file
+Path=${updateUrl}
+MatchPattern=patos_@v_@u.root
- # install ESP
- SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root ./rootfs --esp-path /boot
+[Target]
+Type=partition
+Path=auto
+MatchPattern=root-@v
+MatchPartitionType=root
+ReadOnly=1
- # setup factory reset
- mkdir -p rootfs/boot/EFI/tools
- cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
+[Transfer]
+Verify=no
+EOF
- cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
- setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
- reset
- EOF
+# Initial partitioning
+cat <<EOF > init.repart.d/10-root.conf
+[Partition]
+Type=root
+Format=erofs
+Minimize=best
+CopyFiles=/rootfs:/
+Verity=data
+VerityMatchKey=root
+SplitName=root
+EOF
- cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
- title Enable Factory Reset
- options -nostartup -nomap
- options \EFI\tools\factoryreset.nsh L"t"
- efi EFI/tools/shell.efi
- EOF
+cat <<EOF > init.repart.d/20-root-verity.conf
+[Partition]
+Type=root-verity
+Verity=hash
+VerityMatchKey=root
+Minimize=best
+SplitName=verity
+EOF
- echo "timeout 2" > rootfs/boot/loader/loader.conf
+#TODO: Add verity signature partition
- # install UKI
- cp patos_${version}.efi rootfs/boot/EFI/Linux
+${patosPkgs.systemd}/usr/bin/systemd-repart \
+ --no-pager \
+ --empty=create \
+ --size=auto \
+ --definitions=./init.repart.d \
+ --split=true \
+ --json=pretty \
+ --root=$out \
+ patos_$version.raw > init-repart-output.json && rm -f patos_$version.raw
- # Final partitioning
- cat <<EOF > final.repart.d/10-esp.conf
- [Partition]
- Type=esp
- Format=vfat
- SizeMinBytes=128M
- SizeMaxBytes=128M
- CopyFiles=/rootfs/boot:/
- EOF
+roothash=$(jq -r '.[0].roothash' init-repart-output.json)
+rootPart=$(jq -r '.[0].split_path' init-repart-output.json)
+rootUuid=$(jq -r '.[0].uuid' init-repart-output.json)
- cat <<EOF > final.repart.d/20-root.conf
- [Partition]
- Type=root
- Label=root-${version}
- CopyBlocks=/$rootPart
- UUID=$rootUuid
- SizeMinBytes=64M
- SizeMaxBytes=64M
- ReadOnly=1
- EOF
+verityPart=$(jq -r '.[1].split_path' init-repart-output.json)
+verityUuid=$(jq -r '.[1].uuid' init-repart-output.json)
- cat <<EOF > final.repart.d/22-root-verity.conf
- [Partition]
- Type=root-verity
- Label=verity-${version}
- CopyBlocks=/$verityPart
- UUID=$verityUuid
- ReadOnly=1
- EOF
+ln -sf patos_$version.verity.raw patos_${version}_$verityUuid.verity
+ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
- # finalize image ready for boot
- ${patosPkgs.systemd}/usr/bin/systemd-repart \
- --no-pager \
- --empty=create \
- --size=auto \
- --definitions=./final.repart.d \
- --root=$out \
- patos_${version}.img > final-repart-output.json
+${patosPkgs.systemd}/usr/bin/ukify build \
+ --linux ${patosPkgs.kernel}/bzImage \
+ --initrd ${patosPkgs.initrd}/initrd.xz \
+ $microcode \
+ --os-release @rootfs/etc/os-release \
+ --cmdline "$kernelCmdLine roothash=$roothash" \
+ -o patos_${version}.efi
- rm -rf rootfs init.repart.d final.repart.d *.json
- sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
+# install ESP
+SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root ./rootfs --esp-path /boot
- popd
- ''
+# setup factory reset
+mkdir -p rootfs/boot/EFI/tools
+cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
+
+cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
+setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
+reset
+EOF
+
+cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
+title Enable Factory Reset
+options -nostartup -nomap
+options \EFI\tools\factoryreset.nsh L"t"
+efi EFI/tools/shell.efi
+EOF
+
+echo "timeout 2" > rootfs/boot/loader/loader.conf
+
+# install UKI
+cp patos_${version}.efi rootfs/boot/EFI/Linux
+
+# Final partitioning
+cat <<EOF > final.repart.d/10-esp.conf
+[Partition]
+Type=esp
+Format=vfat
+SizeMinBytes=128M
+SizeMaxBytes=128M
+CopyFiles=/rootfs/boot:/
+EOF
+
+cat <<EOF > final.repart.d/20-root.conf
+[Partition]
+Type=root
+Label=root-${version}
+CopyBlocks=/$rootPart
+UUID=$rootUuid
+SizeMinBytes=64M
+SizeMaxBytes=64M
+ReadOnly=1
+EOF
+
+cat <<EOF > final.repart.d/22-root-verity.conf
+[Partition]
+Type=root-verity
+Label=verity-${version}
+CopyBlocks=/$verityPart
+UUID=$verityUuid
+ReadOnly=1
+EOF
+
+# finalize image ready for boot
+${patosPkgs.systemd}/usr/bin/systemd-repart \
+ --no-pager \
+ --empty=create \
+ --size=auto \
+ --definitions=./final.repart.d \
+ --root=$out \
+ patos_${version}.img > final-repart-output.json
+
+rm -rf rootfs init.repart.d final.repart.d *.json
+sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
+
+popd
+''
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index a5f24db..27e4055 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.13.7";
- hash = "sha256-Ojm2IDi3rC9D0mofhLQoPhl4BOHoF61jfpo9h0xHgB0=";
+ version = "6.14.8";
+ hash = "sha256-YrEuzTB1o1frMgk1ZX3oTgFVKANxfa04P6fMOqSqKQU=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
diff --git a/pkgs/kexec-tools/default.nix b/pkgs/kexec-tools/default.nix
index 4ba15ba..7454821 100644
--- a/pkgs/kexec-tools/default.nix
+++ b/pkgs/kexec-tools/default.nix
@@ -14,8 +14,8 @@ stdenv.mkDerivation {
src = fetchFromGitHub {
owner = "horms";
repo = "kexec-tools";
- rev = "a7fcd424c4c80dea5a2fd5ffa274ffeb8129c790";
- hash = "sha256-QKE+KCkueA21zNunTMidP9OuZaw0IG5tFDF4UJITTTQ=";
+ rev = "v2.0.31";
+ hash = "sha256-Tgmc8mFlmzzRj7tEaBes7Udw4fRl6cSfe76iPNa3Ffs=";
};
dontPatchShebangs = true;
diff --git a/pkgs/lvm2/default.nix b/pkgs/lvm2/default.nix
index f211e26..8d18663 100644
--- a/pkgs/lvm2/default.nix
+++ b/pkgs/lvm2/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
fetchurl,
lib,
pkg-config,
@@ -7,17 +8,11 @@
udev,
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation {
pname = "lvm2";
- version = "2.03.30";
+ version = pkgs.lvm2.version;
- src = fetchurl {
- urls = [
- "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${version}.tgz"
- "ftp://sourceware.org/pub/lvm2/LVM2.${version}.tgz"
- ];
- hash = "sha256-rXar7LjciHcz4GxEnLmt0Eo1BvnweAwSiBem4aF87AU=";
- };
+ src = pkgs.lvm2.src;
nativeBuildInputs = [
pkg-config
diff --git a/pkgs/openssl/default.nix b/pkgs/openssl/default.nix
index bc833cc..08c1309 100644
--- a/pkgs/openssl/default.nix
+++ b/pkgs/openssl/default.nix
@@ -1,5 +1,6 @@
{
lib,
+ pkgs,
stdenv,
fetchurl,
perl,
@@ -18,13 +19,9 @@
stdenv.mkDerivation rec {
pname = "openssl";
- version = "3.4.1";
- hash = "sha256-ACotazC1i/S+pGxDvdljZar42qbEKHgqpP7uBtoZffM=";
+ version = pkgs.openssl.version;
- src = fetchurl {
- url = "https://github.com/openssl/openssl/releases/download/openssl-${version}/openssl-${version}.tar.gz";
- hash = hash;
- };
+ src = pkgs.openssl.src;
outputs = [ "out" ];
diff --git a/pkgs/rootfs/mkrootfs.nix b/pkgs/rootfs/mkrootfs.nix
index 235a70a..bda4c7d 100644
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@@ -21,11 +21,12 @@ runCommand "patos-rootfs"
''
### create directory structure
mkdir -p $out/etc/repart.d $out/dev $out/proc $out/sys \
- $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var/tmp
+ $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var
ln -sf /usr/bin $out/bin
ln -sf /usr/bin $out/sbin
ln -sf /usr/lib $out/lib
ln -sf /usr/lib $out/lib64
+ln -sf /tmp $out/var/tmp
ln -sf ../proc/self/mounts $out/etc/mtab
### install systemd
diff --git a/pkgs/systemd/default.nix b/pkgs/systemd/default.nix
index a1cb314..fea417a 100644
--- a/pkgs/systemd/default.nix
+++ b/pkgs/systemd/default.nix
@@ -7,7 +7,7 @@
...
}:
let
- version = "257.4";
+ version = "257.6";
# Use the command below to update `releaseTimestamp` on every (major) version
# change. More details in the commentary at mesonFlags.
@@ -27,7 +27,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "systemd";
repo = "systemd";
rev = "v${version}";
- hash = "sha256-6rxJUYRq785U6aik5VhQRqG+Ss67lBB6T3eQF+tkyhk=";
+ hash = "sha256-mn/JB/nrOz2TOobu2d+XBH2dVH3vn/HPvWN4Zz6s+SM=";
};
patches = [ ./skip-verify-esp.patch ];
diff --git a/pkgs/tpm2-tools/default.nix b/pkgs/tpm2-tools/default.nix
index f447fe6..4bb14c1 100644
--- a/pkgs/tpm2-tools/default.nix
+++ b/pkgs/tpm2-tools/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
fetchurl,
lib,
pandoc,
@@ -10,19 +11,17 @@
libuuid,
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation {
pname = "tpm2-tools";
- version = "5.7";
+ version = pkgs.tpm2-tools.version;
- src = fetchurl {
- url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
- sha256 = "sha256-OBDTa1B5JW9PL3zlUuIiE9Q7EDHBMVON+KLbw8VwmDo=";
- };
+ src = pkgs.tpm2-tools.src;
nativeBuildInputs = [
pandoc
pkg-config
];
+
buildInputs = [
curl
openssl
diff --git a/pkgs/tpm2-tss/default.nix b/pkgs/tpm2-tss/default.nix
index 5e23100..5a6477a 100644
--- a/pkgs/tpm2-tss/default.nix
+++ b/pkgs/tpm2-tss/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
lib,
fetchFromGitHub,
autoreconfHook,
@@ -19,14 +20,9 @@
stdenv.mkDerivation rec {
pname = "tpm2-tss";
- version = "4.1.3";
+ version = pkgs.tpm2-tss.version;
- src = fetchFromGitHub {
- owner = "tpm2-software";
- repo = pname;
- rev = version;
- hash = "sha256-BP28utEUI9g1VNv3lCXuiKrDtEImFQxxZfIjLiE3Wr8=";
- };
+ src = pkgs.tpm2-tss.src;
patches = [
./no-shadow.patch