Unverified Commit 27e467d2 authored by Robert Scott's avatar Robert Scott Committed by GitHub
Browse files

chipsec: 1.10.6 -> 1.13.17 (#454660)

parents 695c875c 7b85e46e

pkgs/tools/security/chipsec/compile-ko.diff

deleted100644 → 0
+0 −13
Original line number Diff line number Diff line 
diff --git a/setup.py b/setup.py

index 3465765c..ae128922 100755

--- a/setup.py

+++ b/setup.py

@@ -137,7 +137,7 @@ class build_ext(_build_ext):

         elif platform.system().lower() == "windows":

             driver_build_function = self._build_win_driver

 

-        if not self.skip_driver:

+        if True:

             driver_build_function()

 

     def get_source_files(self):

pkgs/tools/security/chipsec/default.nix

+28 −33
Original line number Diff line number Diff line
@@ -11,28 +11,20 @@ 


python3.pkgs.buildPythonApplication rec {

  pname = "chipsec";

  version = "1.10.6";

  format = "setuptools";



  disabled = !stdenv.hostPlatform.isLinux;

  version = "1.13.17";

  pyproject = true;



  src = fetchFromGitHub {

    owner = "chipsec";

    repo = "chipsec";

    rev = version;

    hash = "sha256-+pbFG1SmSO/cnt1e+kel7ereC0I1OCJKKsS0KaJDWdc=";

    tag = version;

    hash = "sha256-8QiFIk9bq/yX26jw9aOd6wtt+WDUwfLBUVD5hL30RKE=";

  };



  patches = lib.optionals withDriver [

    ./ko-path.diff

    ./compile-ko.diff

  patches = [

    ./log-path.diff

  ];



  postPatch = ''

    substituteInPlace tests/software/util.py \

      --replace-fail "assertRegexpMatches" "assertRegex"

  '';



  KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";



  nativeBuildInputs = [
@@ -43,32 +35,34 @@ python3.pkgs.buildPythonApplication rec { 
  ]

  ++ lib.optionals withDriver kernel.moduleBuildDependencies;



  nativeCheckInputs = with python3.pkgs; [

    distro

    pytestCheckHook

  build-system = [ python3.pkgs.setuptools ];

  dependencies = with python3.pkgs; [

    brotli

  ];



  preBuild = lib.optionalString withDriver ''

    export CHIPSEC_BUILD_LIB=$(mktemp -d)

    mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux

    appendToVar setupPyBuildFlags "--build-lib=$CHIPSEC_BUILD_LIB"

  # Marker file preventing driver from being built

  preBuild = lib.optionals (!withDriver) ''

    touch README.NO_KERNEL_DRIVER

  '';



  env.NIX_CFLAGS_COMPILE = toString [

    # Needed with GCC 12

    "-Wno-error=dangling-pointer"

  nativeCheckInputs = with python3.pkgs; [

    distro

    pytestCheckHook

  ];



  preInstall = lib.optionalString withDriver ''

    mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux

    mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \

      $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko

  # Otherwise chipsec tries and fails import "tpm_cmd"

  postInstall = ''

    cp -R chipsec/library/tpm $out/${python3.pkgs.python.sitePackages}/chipsec/library/tpm

  ''

  # Allow the kernel module to be loaded manually

  + lib.optionalString withDriver ''

    pushd $out/${python3.pkgs.python.sitePackages}/chipsec/helper/linux/

      xz -k chipsec.ko

      install -Dm444 chipsec.ko.xz $out/lib/modules/${kernel.modDirVersion}/chipsec.ko.xz

      rm chipsec.ko.xz

    popd

  '';



  setupPyBuildFlags = lib.optionals (!withDriver) [

    "--skip-driver"

  ];



  pythonImportsCheck = [

    "chipsec"

  ];
@@ -88,8 +82,9 @@ python3.pkgs.buildPythonApplication rec { 
      johnazoidberg

      erdnaxe

    ];

    platforms = [ "x86_64-linux" ] ++ lib.optional (!withDriver) "x86_64-darwin";

    platforms = if withDriver then [ "x86_64-linux" ] else with lib.platforms; linux ++ darwin;

    # https://github.com/chipsec/chipsec/issues/1793

    broken = withDriver && kernel.kernelOlder "5.4" && kernel.isHardened;

    mainProgram = "chipsec_main";

  };

}

pkgs/tools/security/chipsec/ko-path.diff

deleted100644 → 0
+0 −13
Original line number Diff line number Diff line 
diff --git a/chipsec/helper/linux/linuxhelper.py b/chipsec/helper/linux/linuxhelper.py

index 2fd65140..f3f26bcb 100644

--- a/chipsec/helper/linux/linuxhelper.py

+++ b/chipsec/helper/linux/linuxhelper.py

@@ -153,7 +153,7 @@ class LinuxHelper(Helper):

             else:

                 a2 = f'a2=0x{phys_mem_access_prot}'

 

-        driver_path = os.path.join(chipsec.file.get_main_dir(), "chipsec", "helper", "linux", "chipsec.ko")

+        driver_path = os.path.join(chipsec.file.get_main_dir(), "drivers", "linux", "chipsec.ko")

         if not os.path.exists(driver_path):

             driver_path += ".xz"

             if not os.path.exists(driver_path):

pkgs/tools/security/chipsec/log-path.diff

0 → 100644
+22 −0
Original line number Diff line number Diff line 
diff --git a/chipsec/library/logger.py b/chipsec/library/logger.py

index dcba473..dd515a6 100644

--- a/chipsec/library/logger.py

+++ b/chipsec/library/logger.py

@@ -32,8 +32,6 @@ from time import localtime, strftime

 from typing import Tuple, Dict, List, Optional

 from enum import Enum



-dir_path = os.path.dirname(os.path.realpath(__file__))

-BASE_PATH = os.path.join(dir_path, os.pardir, os.pardir)

 LOGGER_NAME = 'CHIPSEC_LOGGER'





@@ -158,7 +156,7 @@ class Logger:

         self.mytime = localtime()

         self.logfile = None

         self.ALWAYS_FLUSH = False

-        self.LOG_PATH = os.path.join(BASE_PATH, "logs")

+        self.LOG_PATH = "/tmp/chipsec"

         self.logstream = logging.StreamHandler(sys.stdout)

         self.chipsecLogger = logging.getLogger(LOGGER_NAME)

         self.chipsecLogger.setLevel(logging.INFO)