From c3a6c8de88889c7679b88d867c618a250befec78 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Mon, 15 Jul 2019 17:35:30 +0300
Subject: edk2: 2017-12-05 -> 201905

* Move to stable version;
* Refactor `setup` to `mkDerivation`;
* Use flags instead of `sed`;
* Support Secure Boot builds.
---
 pkgs/applications/virtualization/OVMF/default.nix | 64 ++++++-----------------
 1 file changed, 17 insertions(+), 47 deletions(-)

(limited to 'pkgs/applications/virtualization/OVMF')

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index c858f4c4d6d3b..ecf6f1c54218e 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -1,4 +1,9 @@
-{ stdenv, lib, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }:
+{ stdenv, lib, edk2, utillinux, nasm, iasl
+, csmSupport ? false, seabios ? null
+, secureBoot ? false
+}:
+
+assert csmSupport -> seabios != null;
 
 let
 
@@ -12,60 +17,25 @@ let
     throw "Unsupported architecture";
 
   version = (builtins.parseDrvName edk2.name).version;
-
-  src = edk2.src;
 in
 
-stdenv.mkDerivation (edk2.setup projectDscPath {
+edk2.mkDerivation projectDscPath {
   name = "OVMF-${version}";
 
-  inherit src;
-
   outputs = [ "out" "fd" ];
 
-  # TODO: properly include openssl for secureBoot
-  buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];
-
-  hardeningDisable = [ "stackprotector" "pic" "fortify" ];
+  buildInputs = [ utillinux nasm iasl ];
 
-  unpackPhase = ''
-    # $fd is overwritten during the build
-    export OUTPUT_FD=$fd
+  hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ];
 
-    for file in \
-      "${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg};
-    do
-      ln -sv "$file" .
-    done
+  buildFlags =
+    lib.optional secureBoot "-DSECURE_BOOT_ENABLE=TRUE"
+    ++ lib.optionals csmSupport [ "-D CSM_ENABLE" "-D FD_SIZE_2MB" ];
 
-    ${if stdenv.isAarch64 then ''
-      ln -sv ${src}/ArmPkg .
-      ln -sv ${src}/ArmPlatformPkg .
-      ln -sv ${src}/ArmVirtPkg .
-      ln -sv ${src}/EmbeddedPkg .
-      ln -sv ${src}/OvmfPkg .
-    '' else if seabios != null then ''
-        cp -r ${src}/OvmfPkg .
-        chmod +w OvmfPkg/Csm/Csm16
-        cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin
-    '' else ''
-        ln -sv ${src}/OvmfPkg .
-    ''}
-
-    ${lib.optionalString secureBoot ''
-      ln -sv ${src}/SecurityPkg .
-      ln -sv ${src}/CryptoPkg .
-    ''}
+  postPatch = lib.optionalString csmSupport ''
+    cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin
   '';
 
-  buildPhase = if stdenv.isAarch64 then ''
-      build -n $NIX_BUILD_CORES
-    '' else if seabios == null then ''
-      build -n $NIX_BUILD_CORES ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}
-    '' else ''
-      build -n $NIX_BUILD_CORES -D CSM_ENABLE -D FD_SIZE_2MB ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}
-    '';
-
   postFixup = if stdenv.isAarch64 then ''
     mkdir -vp $fd/FV
     mkdir -vp $fd/AAVMF
@@ -77,8 +47,8 @@ stdenv.mkDerivation (edk2.setup projectDscPath {
     dd of=$fd/AAVMF/QEMU_EFI-pflash.raw       if=$fd/FV/QEMU_EFI.fd conv=notrunc
     dd of=$fd/AAVMF/vars-template-pflash.raw if=/dev/zero bs=1M    count=64
   '' else ''
-    mkdir -vp $OUTPUT_FD/FV
-    mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV
+    mkdir -vp $fd/FV
+    mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $fd/FV
   '';
 
   dontPatchELF = true;
@@ -89,4 +59,4 @@ stdenv.mkDerivation (edk2.setup projectDscPath {
     license = stdenv.lib.licenses.bsd2;
     platforms = ["x86_64-linux" "i686-linux" "aarch64-linux"];
   };
-})
+}
-- 
cgit 1.4.1