diff options
author | Luke Granger-Brown <git@lukegb.com> | 2021-05-01 18:03:56 +0000 |
---|---|---|
committer | Luke Granger-Brown <git@lukegb.com> | 2021-05-01 18:04:41 +0000 |
commit | f667c13b66ec4492fe12d8bf5c3b736ea17c72c5 (patch) | |
tree | 21c5e5de93f010615b4eab453b7b63e700af2d07 /pkgs/tools/security/clevis | |
parent | 48152d32cc5f46b6f6c61a2b60e8488bcffeeacd (diff) |
clevis: fix TPM2 encrypt/decrypt
This also fixes using the "clevis" entrypoint binary without making sure that all the other tooling is in the PATH.
Diffstat (limited to 'pkgs/tools/security/clevis')
-rw-r--r-- | pkgs/tools/security/clevis/default.nix | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/pkgs/tools/security/clevis/default.nix b/pkgs/tools/security/clevis/default.nix index e5415f6d09b62..753fd8a6395e0 100644 --- a/pkgs/tools/security/clevis/default.nix +++ b/pkgs/tools/security/clevis/default.nix @@ -1,5 +1,6 @@ { lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, asciidoc -, jansson, jose, cryptsetup, curl, libpwquality, luksmeta +, makeWrapper, jansson, jose, cryptsetup, curl, libpwquality, luksmeta +, coreutils, tpm2-tools }: stdenv.mkDerivation rec { @@ -13,8 +14,21 @@ stdenv.mkDerivation rec { sha256 = "sha256-m1UhyjD5ydSgCTBu6sECLlxFx0rnQxFnBA7frbdUqU8="; }; - nativeBuildInputs = [ meson ninja pkg-config asciidoc ]; - buildInputs = [ jansson jose cryptsetup curl libpwquality luksmeta ]; + postPatch = '' + for f in $(find src/ -type f); do + grep -q "/bin/cat" "$f" && substituteInPlace "$f" \ + --replace '/bin/cat' '${coreutils}/bin/cat' || true + done + ''; + + postInstall = '' + # We wrap the main clevis binary entrypoint but not the sub-binaries. + wrapProgram $out/bin/clevis \ + --prefix PATH ':' "${tpm2-tools}/bin:${jose}/bin:${placeholder "out"}/bin" + ''; + + nativeBuildInputs = [ meson ninja pkg-config asciidoc makeWrapper ]; + buildInputs = [ jansson jose cryptsetup curl libpwquality luksmeta tpm2-tools ]; outputs = [ "out" "man" ]; |