From adc7420ece22c75bb2286cb65a0e167a3f8dc318 Mon Sep 17 00:00:00 2001 From: Julian Stecklina Date: Thu, 19 Oct 2023 18:21:36 +0200 Subject: [PATCH 1/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'crane': 'github:ipetkov/crane/8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e' (2023-07-07) → 'github:ipetkov/crane/bc5fa8cd53ef32b9b827f24b993c42a8c4dd913b' (2023-10-19) • Removed input 'crane/flake-compat' • Removed input 'crane/flake-utils' • Removed input 'crane/rust-overlay' • Updated input 'flake-compat': 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17) → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/8e8d955c22df93dbe24f19ea04f47a74adbdc5ec' (2023-07-04) → 'github:hercules-ci/flake-parts/c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4' (2023-10-03) • Updated input 'flake-utils': 'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11) → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/248a83fffc10b627da67fa6b25d2c13fc7542628' (2023-09-28) → 'github:NixOS/nixpkgs/6be2c349a30fcb489a3153dd331e9df387ab6449' (2023-10-19) • Updated input 'pre-commit-hooks-nix': 'github:cachix/pre-commit-hooks.nix/eb433bff05b285258be76513add6f6c57b441775' (2023-07-18) → 'github:cachix/pre-commit-hooks.nix/42e1b6095ef80a51f79595d9951eb38e91c4e6ca' (2023-10-09) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/7c4f46f0b3597e3c4663285e6794194e55574879' (2023-09-14) → 'github:oxalica/rust-overlay/d5977a020c216526144dbf08ab0825b6c1121593' (2023-10-19) --- flake.lock | 51 +++++++++++++++++++++------------------------------ 1 file changed, 21 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 8be1779..5e60451 100644 --- a/flake.lock +++ b/flake.lock @@ -2,25 +2,16 @@ "nodes": { "crane": { "inputs": { - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], "nixpkgs": [ "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" ] }, "locked": { - "lastModified": 1688772518, - "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "lastModified": 1697677553, + "narHash": "sha256-ozj7HFo/1iQdzZ2U6tHP4QBW59eUbDZ/5HI8lLe9wos=", "owner": "ipetkov", "repo": "crane", - "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", + "rev": "bc5fa8cd53ef32b9b827f24b993c42a8c4dd913b", "type": "github" }, "original": { @@ -32,11 +23,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -52,11 +43,11 @@ ] }, "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "lastModified": 1696343447, + "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", "type": "github" }, "original": { @@ -70,11 +61,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -106,11 +97,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695859332, - "narHash": "sha256-w2a7NW3VtI5FgFPUKslYRGAj5Qb7y4i0I2QO0S/lBMQ=", + "lastModified": 1697713104, + "narHash": "sha256-DN7YOyKMCpAVeZ44N42LrujtTkoerkS9+kTufQiuntY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "248a83fffc10b627da67fa6b25d2c13fc7542628", + "rev": "6be2c349a30fcb489a3153dd331e9df387ab6449", "type": "github" }, "original": { @@ -151,11 +142,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1689668210, - "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=", + "lastModified": 1696846637, + "narHash": "sha256-0hv4kbXxci2+pxhuXlVgftj/Jq79VSmtAyvfabCCtYk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "eb433bff05b285258be76513add6f6c57b441775", + "rev": "42e1b6095ef80a51f79595d9951eb38e91c4e6ca", "type": "github" }, "original": { @@ -185,11 +176,11 @@ ] }, "locked": { - "lastModified": 1694657451, - "narHash": "sha256-cRZa9ZmUi0EFKcmzpsOXLVhiMQD8XLrku8v+U1YiGm8=", + "lastModified": 1697681535, + "narHash": "sha256-vVkqg+qTgTQ/YEreZyi/eyxoj26yyowI4/5ffTGT90w=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7c4f46f0b3597e3c4663285e6794194e55574879", + "rev": "d5977a020c216526144dbf08ab0825b6c1121593", "type": "github" }, "original": { From 0c7ca2b1801fc72e4de8f64adba60feb54a489d9 Mon Sep 17 00:00:00 2001 From: Julian Stecklina Date: Thu, 19 Oct 2023 19:23:59 +0200 Subject: [PATCH 2/3] nix: remove unused follows --- flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/flake.nix b/flake.nix index 336ca75..2e1abdd 100644 --- a/flake.nix +++ b/flake.nix @@ -21,9 +21,6 @@ crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - inputs.flake-utils.follows = "flake-utils"; - inputs.flake-compat.follows = "flake-compat"; }; rust-overlay = { From 65003165c81b74367787be1408778ad4bc46e14b Mon Sep 17 00:00:00 2001 From: Julian Stecklina Date: Thu, 19 Oct 2023 19:24:25 +0200 Subject: [PATCH 3/3] tests: downgrade from edk2 202308 to 202305 --- nix/tests/lanzaboote.nix | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/nix/tests/lanzaboote.nix b/nix/tests/lanzaboote.nix index e1888d3..3599e79 100644 --- a/nix/tests/lanzaboote.nix +++ b/nix/tests/lanzaboote.nix @@ -86,8 +86,7 @@ let ${testScript} ''; - - nodes.machine = { lib, ... }: { + nodes.machine = { pkgs, lib, ... }: { imports = [ lanzabooteModule machine @@ -97,11 +96,35 @@ let useBootLoader = true; useEFIBoot = true; - efi.OVMF = pkgs.OVMF.override { - secureBoot = useSecureBoot; - tpmSupport = useTPM2; # This is needed otherwise OVMF won't initialize the TPM2 protocol. - }; + # We actually only want to enable features in OVMF, but at + # the moment edk2 202308 is also broken. So we downgrade it + # here as well. How painful! + # + # See #240. + efi.OVMF = + let + edk2Version = "202305"; + edk2Src = pkgs.fetchFromGitHub { + owner = "tianocore"; + repo = "edk2"; + rev = "edk2-stable${edk2Version}"; + fetchSubmodules = true; + hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s="; + }; + edk2 = pkgs.edk2.overrideAttrs (old: rec { + version = edk2Version; + src = edk2Src; + }); + in + (pkgs.OVMF.override { + secureBoot = useSecureBoot; + tpmSupport = useTPM2; # This is needed otherwise OVMF won't initialize the TPM2 protocol. + + edk2 = edk2; + }).overrideAttrs (old: { + src = edk2Src; + }); qemu.options = lib.mkIf useTPM2 [ "-chardev socket,id=chrtpm,path=${tpmSocketPath}"