liminix/overlay.nix

383 lines
11 KiB
Nix

final: prev:
let
isCross = final.stdenv.buildPlatform != final.stdenv.hostPlatform;
crossOnly = pkg : amendFn : if isCross then (amendFn pkg) else pkg;
extraPkgs = import ./pkgs/default.nix {
inherit (final) lib callPackage;
};
inherit (final) fetchpatch;
luaHost =
let
l = prev.lua5_3.overrideAttrs(o: {
name = "lua-tty";
preBuild = ''
makeFlagsArray+=(PLAT="posix" SYSLIBS="-Wl,-E -ldl" CFLAGS="-O2 -fPIC -DLUA_USE_POSIX -DLUA_USE_DLOPEN")
'';
# lua in nixpkgs has a postInstall stanza that assumes only
# one output, we need to override that if we're going to
# convert to multi-output
# outputs = ["bin" "man" "out"];
makeFlags =
builtins.filter (x: (builtins.match "(PLAT|MYLIBS).*" x) == null)
o.makeFlags;
});
in l.override { self = l; };
s6 = prev.s6.overrideAttrs(o:
let
patch = fetchpatch {
# add "p" directive in s6-log
url = "https://github.com/skarnet/s6/commit/ddc76841398dfd5e18b22943727ad74b880236d3.patch";
hash = "sha256-fBtUinBdp5GqoxgF6fcR44Tu8hakxs/rOShhuZOgokc=";
};
patch_needed = builtins.compareVersions o.version "2.11.1.2" <= 0;
in {
configureFlags = (builtins.filter
(x: (builtins.match ".*shared.*" x) == null)
o.configureFlags) ++
[
"--disable-allstatic"
"--disable-static"
"--enable-shared"
];
hardeningDisable = ["all"];
stripAllList = [ "sbin" "bin" ];
patches =
(if o ? patches then o.patches else []) ++
(if patch_needed then [ patch ] else []);
});
in
extraPkgs // {
# liminix library functions
lim = {
parseInt = s: (builtins.fromTOML "r=${s}").r;
orEmpty = x: if x != null then x else [];
};
# keep these alphabetical
btrfs-progs = crossOnly prev.btrfs-progs (
d: d.override {
udevSupport = false;
udev = null;
}
);
chrony =
let chrony' = prev.chrony.overrideAttrs(o: {
configureFlags = [
"--chronyvardir=$(out)/var/lib/chrony"
"--disable-readline"
"--disable-editline"
];
});
in chrony'.override {
gnutls = null;
nss = null;
nspr = null;
readline = null;
libedit = null;
libseccomp = null;
# should texinfo be in nativeBuildInputs instead of
# buildInputs?
texinfo = null;
};
# clevis without luks/tpm
clevis = crossOnly prev.clevis
(d: let c = d.overrideAttrs(o: {
outputs = ["out"];
preConfigure = ''
rm -rf src/luks
sed -i -e '/luks/d' src/meson.build
'';
}); in c.override {
asciidoc = null;
cryptsetup = null;
luksmeta = null;
tpm2-tools = null;
});
# luarocks wants a cross-compiled cmake (which seems like a bug,
# we're never going to run luarocks on the device, but ...)
# but https://github.com/NixOS/nixpkgs/issues/284734
# so we do surgery on the cmake derivation until that's fixed
cmake = crossOnly prev.cmake
(d: d.overrideAttrs(o: {
preConfigure =
builtins.replaceStrings
["$configureFlags"] ["$configureFlags $cmakeFlags"] o.preConfigure;
}
));
dnsmasq =
let d = prev.dnsmasq.overrideAttrs(o: {
preBuild = ''
makeFlagsArray=("COPTS=")
'';
});
in d.override {
dbusSupport = false;
nettle = null;
};
dropbear = crossOnly prev.dropbear
(d: d.overrideAttrs (o: rec {
version = "2024.85";
src = final.fetchurl {
url = "https://matt.ucc.asn.au/dropbear/releases/dropbear-${version}.tar.bz2";
sha256 = "sha256-hrA2xDOmnYnOUeuuM11lxHc4zPkNE+XrD+qDLlVtpQI=";
};
patches =
# need to update nixpkgs patch for new version of dropbear
let passPath = final.runCommand "pass-path" {} ''
sed < ${builtins.head o.patches} -e 's,svr-chansession.c,src/svr-chansession.c,g' > $out
'';
in [
passPath
./pkgs/dropbear/add-authkeyfile-option.patch
];
postPatch = ''
(echo '#define DSS_PRIV_FILENAME "/run/dropbear/dropbear_dss_host_key"'
echo '#define RSA_PRIV_FILENAME "/run/dropbear/dropbear_rsa_host_key"'
echo '#define ECDSA_PRIV_FILENAME "/run/dropbear/dropbear_ecdsa_host_key"'
echo '#define ED25519_PRIV_FILENAME "/run/dropbear/dropbear_ed25519_host_key"') > localoptions.h
'';
}));
elfutils = crossOnly prev.elfutils
(d: let e = d.overrideAttrs(o: {
configureFlags = o.configureFlags ++[
"ac_cv_has_stdatomic=no"
];
});
in e.override {
enableDebuginfod = false;
});
hostapd =
let
config = [
"CONFIG_DRIVER_NL80211=y"
"CONFIG_IAPP=y"
"CONFIG_IEEE80211AC=y"
"CONFIG_IEEE80211AX=y"
"CONFIG_IEEE80211N=y"
"CONFIG_IEEE80211W=y"
"CONFIG_INTERNAL_LIBTOMMATH=y"
"CONFIG_INTERNAL_LIBTOMMATH_FAST=y"
"CONFIG_IPV6=y"
"CONFIG_LIBNL32=y"
"CONFIG_PKCS12=y"
"CONFIG_RSN_PREAUTH=y"
"CONFIG_TLS=internal"
];
h = prev.hostapd.overrideAttrs(o: {
extraConfig = "";
configurePhase = ''
cat > hostapd/defconfig <<EOF
${builtins.concatStringsSep "\n" config}
EOF
${o.configurePhase}
'';
});
in h.override { openssl = null; sqlite = null; };
# berlekey db needs libatomic which we haven't figured out yet.
# disabling it means we don't have arpd
iproute2 = crossOnly prev.iproute2 (d: d.override { db = null; });
kexec-tools-static = prev.kexec-tools.overrideAttrs(o: {
# For kexecboot we copy kexec into a ramdisk on the system being
# upgraded from. This is more likely to work if kexec is
# statically linked so doesn't have dependencies on store paths that
# may not exist on that machine. (We can't nix-copy-closure as
# the store may not be on a writable filesystem)
LDFLAGS = "-static";
patches = o.patches ++ [
(fetchpatch {
# merge user command line options into DTB chosen
url = "https://patch-diff.githubusercontent.com/raw/horms/kexec-tools/pull/3.patch";
hash = "sha256-MvlJhuex9dlawwNZJ1sJ33YPWn1/q4uKotqkC/4d2tk=";
})
pkgs/kexec-map-file.patch
];
});
lua = crossOnly prev.lua5_3 (_: luaHost);
luaossl' = luaHost.pkgs.luaossl.overrideAttrs(o: {
patches = [
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/wahern/luaossl/pull/218.patch";
hash = "sha256-2GOliY4/RUzOgx3rqee3X3szCdUVxYDut7d+XFcUTJw=";
})
] ++ final.lib.optionals (o ? patches) o.patches;
});
mtdutils = prev.mtdutils.overrideAttrs(o: {
patches = (if o ? patches then o.patches else []) ++ [
./pkgs/mtdutils/0001-mkfs.jffs2-add-graft-option.patch
];
});
nftables = prev.nftables.overrideAttrs(o: {
configureFlags = [
"--disable-debug"
"--disable-python"
"--with-mini-gmp"
"--without-cli"
];
});
openssl = crossOnly prev.openssl
(d: d.overrideAttrs (o:
with final; {
# we want to apply
# https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/20273.patch";
# which disables overriding the -march cflags to the wrong values,
# but openssl is used for bootstrapping so that's easier said than
# done. Do it the ugly way..
postPatch =
o.postPatch
+ ''
sed -i.bak 's/linux.*-mips/linux-mops/' Configure
'';
# openssl with threads requires stdatomic which drags in libgcc
# as a dependency
configureFlags = ["no-threads"] ++ o.configureFlags;
# don't need or want this bash script
postInstall = o.postInstall + "rm $bin/bin/c_rehash\n";
}
));
pppBuild = prev.ppp;
qemuLim =
let
inherit (final) lib;
q = prev.qemu.overrideAttrs (o: {
patches = o.patches ++ [
./pkgs/qemu/arm-image-friendly-load-addr.patch
(final.fetchpatch {
url = "https://lore.kernel.org/qemu-devel/20220322154658.1687620-1-raj.khem@gmail.com/raw";
hash = "sha256-jOsGka7xLkJznb9M90v5TsJraXXTAj84lcphcSxjYLU=";
})
];
});
overrides = {
nixosTestRunner = true;
hostCpuTargets = map (f: "${f}-softmmu") [
"arm" "aarch64" "mips" "mipsel"
];
sdlSupport = false;
numaSupport = false;
seccompSupport = false;
usbredirSupport = false;
libiscsiSupport = false;
tpmSupport = false;
uringSupport = false;
capstoneSupport = false;
} // lib.optionalAttrs (lib.versionOlder lib.version "24.10") {
texinfo = null;
};
in q.override overrides;
rsyncSmall =
let
r = prev.rsync.overrideAttrs (o: {
configureFlags = o.configureFlags ++ [ "--disable-openssl" ];
});
in
r.override { openssl = null; };
inherit s6;
s6-linux-init = prev.s6-linux-init.override {
skawarePackages = prev.skawarePackages // {
inherit s6;
};
};
s6-rc = prev.s6-rc.override {
skawarePackages = prev.skawarePackages // {
inherit s6;
};
};
strace = prev.strace.override { libunwind = null; };
ubootQemuAarch64 = final.buildUBoot {
defconfig = "qemu_arm64_defconfig";
extraMeta.platforms = [ "aarch64-linux" ];
filesToInstall = [ "u-boot.bin" ];
};
ubootQemuArm = final.buildUBoot {
defconfig = "qemu_arm_defconfig";
extraMeta.platforms = [ "armv7l-linux" ];
filesToInstall = [ "u-boot.bin" ];
extraConfig = ''
CONFIG_CMD_UBI=y
CONFIG_CMD_UBIFS=y
CONFIG_BOOTSTD=y
CONFIG_BOOTMETH_DISTRO=y
CONFIG_LZMA=y
CONFIG_CMD_LZMADEC=y
CONFIG_SYS_BOOTM_LEN=0x1000000
'';
};
ubootQemuMips = final.buildUBoot {
defconfig = "malta_defconfig";
extraMeta.platforms = [ "mips-linux" ];
filesToInstall = [ "u-boot.bin" ];
# define the prompt to be the same as arm{32,64} so
# we can use the same expect script for both
extraPatches = [ ./pkgs/u-boot/0002-virtio-init-for-malta.patch ];
extraConfig = ''
CONFIG_SYS_PROMPT="=> "
CONFIG_VIRTIO=y
CONFIG_AUTOBOOT=y
CONFIG_DM_PCI=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_NET=y
CONFIG_VIRTIO_BLK=y
CONFIG_VIRTIO_MMIO=y
CONFIG_QFW_MMIO=y
CONFIG_FIT=y
CONFIG_LZMA=y
CONFIG_CMD_LZMADEC=y
CONFIG_SYS_BOOTM_LEN=0x1000000
CONFIG_SYS_MALLOC_LEN=0x400000
CONFIG_MIPS_BOOT_FDT=y
CONFIG_OF_LIBFDT=y
CONFIG_OF_STDOUT_VIA_ALIAS=y
'';
};
libusb1 = crossOnly prev.libusb1 (
d: let u = d.overrideAttrs(o: {
# don't use gcc libatomic because it vastly increases the
# closure size
preConfigure = "sed -i.bak /__atomic_fetch_add_4/c\: configure.ac";
});
in u.override {
enableUdev = false;
withDocs = false;
});
util-linux-small = prev.util-linux.override {
ncursesSupport = false;
pamSupport = false;
systemdSupport = false;
nlsSupport = false;
translateManpages = false;
capabilitiesSupport = false;
};
xl2tpd = prev.xl2tpd.overrideAttrs(o: {
patches = [ ./pkgs/xl2tpd-exit-on-close.patch ];
});
}