Merge pull request #62 from nix-community/rename-subprojects

Rename subprojects

README.md

@@ -53,21 +53,24 @@ Boot effective:
 
 These steps will not be covered here.
 
-### Lanzatool
+### `lzbt`, the Lanzaboote tool
 
 At the moment, boot loaders, kernels and initrds on NixOS are signed
 on the current system. These then need to be prepared as [Unified
 Kernel Images
 (UKI)](https://uapi-group.org/specifications/specs/boot_loader_specification/#type-2-efi-unified-kernel-images) and placed on the [EFI System Partition (ESP)](https://en.wikipedia.org/wiki/EFI_system_partition).
 
-`lanzatool` is a Linux command line application that takes care of
+`lzbt` is a Linux command line application that takes care of
 this flow. It takes a [NixOS
 bootspec](https://github.com/NixOS/rfcs/pull/125) document, signs the
-relevant files, creates a UKI using lanzaboote (see below) and
+relevant files, creates a UKI using the stub (see below) and
 installs the UKI along with other required files to the
-ESP. `lanzatool` is also aware of multiple NixOS generations and will
+ESP. `lzbt` is also aware of multiple NixOS generations and will
 sign all configurations that should be bootable.
-### Lanzaboote
+
+`lzbt` lives in `rust/tool`.
+
+### Stub 
 
 When the Linux kernel and initrd are packed into a UKI, they need an
 UEFI application stub. This role is typically filled by
@@ -78,13 +81,13 @@ initrd to be packed into the UKI, which makes it pretty large. As we
 need one UKI per NixOS configuration, systems with many configurations
 quickly run out of the limited disk space in the ESP.
 
-`lanzaboote` is a UEFI stub that solves the same problem as
+The Lanzaboote stub is a UEFI stub that solves the same problem as
 `systemd-stub`, but allows kernel and initrd to be stored separately
 on the ESP. The chain of trust is maintained by validating the
 signature on the Linux kernel and embedding a cryptographic hash of
 the initrd into the signed UKI.
 
-`lanzaboote` lives in `rust/lanzaboote`.
+The stub lives in `rust/stub`.
 
 ## State of Upstreaming to Nixpkgs
 

docs/QUICK_START.md

@@ -82,7 +82,7 @@ secret key so that only root can read it.
 
 ### Switching to bootspec
 
-Lanzatool currently doesn't handle
+`lzbt` currently doesn't handle
 non-[bootspec](https://github.com/grahamc/rfcs/blob/bootspec/rfcs/0125-bootspec.md)
 generations well
 ([#55](https://github.com/nix-community/lanzaboote/issues/55)). As

flake.nix

@@ -53,7 +53,7 @@
             ./nix/modules/lanzaboote.nix
           ];
 
-          boot.lanzaboote.package = perSystem.config.packages.lanzatool;
+          boot.lanzaboote.package = perSystem.config.packages.tool;
         }
       );
 
@@ -77,7 +77,7 @@
 
           inherit (pkgs) lib;
 
-          rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/lanzaboote/rust-toolchain.toml;
+          rust-nightly = pkgs.rust-bin.fromRustupToolchainFile ./rust/stub/rust-toolchain.toml;
           craneLib = crane.lib.x86_64-linux.overrideToolchain rust-nightly;
 
           # Build attributes for a Rust application.
@@ -107,16 +107,16 @@
               });
             };
 
-          lanzabooteCrane = buildRustApp {
+          stubCrane = buildRustApp {
-            src = craneLib.cleanCargoSource ./rust/lanzaboote;
+            src = craneLib.cleanCargoSource ./rust/stub;
             target = "x86_64-unknown-uefi";
             doCheck = false;
           };
 
-          lanzaboote = lanzabooteCrane.package;
+          stub = stubCrane.package;
 
-          lanzatoolCrane = buildRustApp {
+          toolCrane = buildRustApp {
-            src = ./rust/lanzatool;
+            src = ./rust/tool;
             extraArgs = {
               TEST_SYSTEMD = pkgs.systemd;
               checkInputs = with pkgs; [
@@ -126,13 +126,9 @@
             };
           };
 
-          lanzatool-unwrapped = lanzatoolCrane.package;
+          tool = toolCrane.package;
-        in
-        {
-          packages = {
-            inherit lanzaboote;
 
-            lanzatool = pkgs.runCommand "lanzatool"
+          wrappedTool = pkgs.runCommand "lzbt"
             {
               nativeBuildInputs = [ pkgs.makeWrapper ];
             } ''
@@ -140,20 +136,26 @@
 
             # Clean PATH to only contain what we need to do objcopy. Also
             # tell lanzatool where to find our UEFI binaries.
-              makeWrapper ${lanzatool-unwrapped}/bin/lanzatool $out/bin/lanzatool \
+            makeWrapper ${tool}/bin/lzbt $out/bin/lzbt \
               --set PATH ${lib.makeBinPath [ pkgs.binutils-unwrapped pkgs.sbsigntool ]} \
               --set RUST_BACKTRACE full \
-                --set LANZABOOTE_STUB ${lanzaboote}/bin/lanzaboote.efi
+              --set LANZABOOTE_STUB ${stub}/bin/lanzaboote_stub.efi
           '';
+        in
+        {
+          packages = {
+            inherit stub;
+            tool = wrappedTool;
+            lzbt = wrappedTool;
           };
 
           overlayAttrs = {
-            inherit (config.packages) lanzatool;
+            inherit (config.packages) tool;
           };
 
           checks = {
-            lanzatool-clippy = lanzatoolCrane.clippy;
+            toolClippy = toolCrane.clippy;
-            lanzaboote-clippy = lanzabooteCrane.clippy;
+            stubClippy = stubCrane.clippy;
           } // (import ./nix/tests/lanzaboote.nix {
             inherit pkgs testPkgs;
             lanzabooteModule = self.nixosModules.lanzaboote;
@@ -193,8 +195,8 @@
               ];
 
             inputsFrom = [
-              config.packages.lanzaboote
+              config.packages.stub
-              config.packages.lanzatool
+              config.packages.tool
             ];
 
             TEST_SYSTEMD = pkgs.systemd;

nix/modules/lanzaboote.nix

@@ -39,8 +39,8 @@ in
     };
     package = mkOption {
       type = types.package;
-      default = pkgs.lanzatool;
+      default = pkgs.lzbt;
-      description = "Lanzatool package";
+      description = "Lanzaboote tool (lzbt) package";
     };
   };
 
@@ -58,7 +58,7 @@ in
           ${sbctlWithPki}/bin/sbctl enroll-keys --yes-this-might-brick-my-machine
         ''}
   
-        ${cfg.package}/bin/lanzatool install \
+        ${cfg.package}/bin/lzbt install \
           --public-key ${cfg.publicKeyFile} \
           --private-key ${cfg.privateKeyFile} \
           --configuration-limit ${toString configurationLimit} \

rust/stub/Cargo.lock

@@ -86,7 +86,7 @@ dependencies = [
 ]
 
 [[package]]
-name = "lanzaboote"
+name = "lanzaboote_stub"
 version = "0.1.0"
 dependencies = [
  "ed25519-compact",

rust/stub/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "lanzaboote"
+name = "lanzaboote_stub"
 version = "0.1.0"
 edition = "2021"
 publish = false

rust/tool/Cargo.lock

@@ -274,7 +274,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc"
 
 [[package]]
-name = "lanzatool"
+name = "lanzaboote_tool"
 version = "0.1.0"
 dependencies = [
  "anyhow",

rust/tool/Cargo.toml

@@ -1,8 +1,12 @@
 [package]
-name = "lanzatool"
+name = "lanzaboote_tool"
 version = "0.1.0"
 edition = "2021"
 
+[[bin]]
+name = "lzbt"
+path = "src/main.rs"
+
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]

rust/tool/tests/common/mod.rs

@@ -110,7 +110,7 @@ pub fn lanzaboote_install(
     let test_systemd = systemd_location_from_env()?;
     let test_systemd_stub = format!("{test_systemd}/lib/systemd/boot/efi/linuxx64.efi.stub");
 
-    let mut cmd = Command::cargo_bin("lanzatool")?;
+    let mut cmd = Command::cargo_bin("lzbt")?;
     let output = cmd
         .env("LANZABOOTE_STUB", test_systemd_stub)
         .arg("install")