148 lines
3.7 KiB
Nix
148 lines
3.7 KiB
Nix
{
|
|
stdenv,
|
|
lib,
|
|
fetchFromGitHub,
|
|
unstableGitUpdater,
|
|
buildPackages,
|
|
gnu-efi,
|
|
mtools,
|
|
openssl,
|
|
perl,
|
|
xorriso,
|
|
xz,
|
|
syslinux,
|
|
embedScript ? null,
|
|
additionalTargets ? { },
|
|
additionalOptions ? [ ],
|
|
firmwareBinary ? "ipxe.efirom",
|
|
}:
|
|
|
|
let
|
|
targets =
|
|
additionalTargets
|
|
// lib.optionalAttrs stdenv.hostPlatform.isx86_64 {
|
|
"bin-x86_64-efi/ipxe.efi" = null;
|
|
"bin-x86_64-efi/ipxe.efirom" = null;
|
|
"bin-x86_64-efi/ipxe.usb" = "ipxe-efi.usb";
|
|
"bin-x86_64-efi/snp.efi" = null;
|
|
}
|
|
// lib.optionalAttrs stdenv.hostPlatform.isx86 {
|
|
"bin/ipxe.dsk" = null;
|
|
"bin/ipxe.usb" = null;
|
|
"bin/ipxe.iso" = null;
|
|
"bin/ipxe.lkrn" = null;
|
|
"bin/undionly.kpxe" = null;
|
|
}
|
|
// lib.optionalAttrs stdenv.hostPlatform.isAarch32 {
|
|
"bin-arm32-efi/ipxe.efi" = null;
|
|
"bin-arm32-efi/ipxe.efirom" = null;
|
|
"bin-arm32-efi/ipxe.usb" = "ipxe-efi.usb";
|
|
"bin-arm32-efi/snp.efi" = null;
|
|
}
|
|
// lib.optionalAttrs stdenv.hostPlatform.isAarch64 {
|
|
"bin-arm64-efi/ipxe.efi" = null;
|
|
"bin-arm64-efi/ipxe.efirom" = null;
|
|
"bin-arm64-efi/ipxe.usb" = "ipxe-efi.usb";
|
|
"bin-arm64-efi/snp.efi" = null;
|
|
};
|
|
in
|
|
|
|
stdenv.mkDerivation (finalAttrs: {
|
|
pname = "ipxe";
|
|
version = "1.21.1-unstable-2024-12-03";
|
|
|
|
nativeBuildInputs = [
|
|
gnu-efi
|
|
mtools
|
|
openssl
|
|
perl
|
|
xorriso
|
|
xz
|
|
] ++ lib.optional stdenv.hostPlatform.isx86 syslinux;
|
|
|
|
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
|
|
|
strictDeps = true;
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "ipxe";
|
|
repo = "ipxe";
|
|
rev = "24db39fb2983ca83ab5c6ee37cb57a4f7f6f94e6";
|
|
hash = "sha256-RuJRtrjM2gyPBVAC9FeVDu+CksXY8XiNstLb1/QiUCw=";
|
|
};
|
|
|
|
# Calling syslinux on a FAT image isn't going to work on Aarch64.
|
|
postPatch = lib.optionalString stdenv.hostPlatform.isAarch64 ''
|
|
substituteInPlace src/util/genfsimg --replace " syslinux " " true "
|
|
'';
|
|
|
|
# Hardening is not possible due to assembler code.
|
|
hardeningDisable = [
|
|
"pic"
|
|
"stackprotector"
|
|
];
|
|
|
|
makeFlags = [
|
|
"ECHO_E_BIN_ECHO=echo"
|
|
"ECHO_E_BIN_ECHO_E=echo" # No /bin/echo here.
|
|
"CROSS=${stdenv.cc.targetPrefix}"
|
|
] ++ lib.optional (embedScript != null) "EMBED=${embedScript}";
|
|
|
|
enabledOptions = [
|
|
"PING_CMD"
|
|
"IMAGE_TRUST_CMD"
|
|
"DOWNLOAD_PROTO_HTTP"
|
|
"DOWNLOAD_PROTO_HTTPS"
|
|
] ++ additionalOptions;
|
|
|
|
configurePhase =
|
|
''
|
|
runHook preConfigure
|
|
for opt in ${lib.escapeShellArgs finalAttrs.enabledOptions}; do echo "#define $opt" >> src/config/general.h; done
|
|
substituteInPlace src/Makefile.housekeeping --replace '/bin/echo' echo
|
|
''
|
|
+ lib.optionalString stdenv.hostPlatform.isx86 ''
|
|
substituteInPlace src/util/genfsimg --replace /usr/lib/syslinux ${syslinux}/share/syslinux
|
|
''
|
|
+ ''
|
|
runHook postConfigure
|
|
'';
|
|
|
|
preBuild = "cd src";
|
|
|
|
buildFlags = lib.attrNames targets;
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
|
|
mkdir -p $out
|
|
${lib.concatStringsSep "\n" (
|
|
lib.mapAttrsToList (
|
|
from: to: if to == null then "cp -v ${from} $out" else "cp -v ${from} $out/${to}"
|
|
) targets
|
|
)}
|
|
|
|
# Some PXE constellations especially with dnsmasq are looking for the file with .0 ending
|
|
# let's provide it as a symlink to be compatible in this case.
|
|
ln -s undionly.kpxe $out/undionly.kpxe.0
|
|
|
|
runHook postInstall
|
|
'';
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
passthru = {
|
|
firmware = "${finalAttrs.finalPackage}/${firmwareBinary}";
|
|
updateScript = unstableGitUpdater {
|
|
tagPrefix = "v";
|
|
};
|
|
};
|
|
|
|
meta = {
|
|
description = "Network boot firmware";
|
|
homepage = "https://ipxe.org/";
|
|
license = lib.licenses.gpl2Only;
|
|
platforms = lib.platforms.linux;
|
|
maintainers = with lib.maintainers; [ sigmasquadron ];
|
|
};
|
|
})
|