Merge pull request #90539 from r-ryantm/auto-update/fwupd

nixos/modules/services/hardware/fwupd.nix

@@ -6,6 +6,23 @@ with lib;
 
 let
   cfg = config.services.fwupd;
+
+  customEtc = {
+    "fwupd/daemon.conf" = {
+      source = pkgs.writeText "daemon.conf" ''
+        [fwupd]
+        BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
+        BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
+      '';
+    };
+    "fwupd/uefi.conf" = {
+      source = pkgs.writeText "uefi.conf" ''
+        [uefi]
+        OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
+      '';
+    };
+  };
+
   originalEtc =
     let
       mkEtcFile = n: nameValuePair n { source = "${cfg.package}/etc/${n}"; };
@@ -96,22 +113,8 @@ in {
 
     environment.systemPackages = [ cfg.package ];
 
-    environment.etc = {
+    # customEtc overrides some files from the package
-      "fwupd/daemon.conf" = {
+    environment.etc = originalEtc // customEtc // extraTrustedKeys // testRemote;
-        source = pkgs.writeText "daemon.conf" ''
-          [fwupd]
-          BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
-          BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
-        '';
-      };
-      "fwupd/uefi.conf" = {
-        source = pkgs.writeText "uefi.conf" ''
-          [uefi]
-          OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
-        '';
-      };
-
-    } // originalEtc // extraTrustedKeys // testRemote;
 
     services.dbus.packages = [ cfg.package ];
 

pkgs/os-specific/linux/firmware/fwupd/default.nix

@@ -51,6 +51,7 @@
 , flashrom
 , tpm2-tools
 , nixosTests
+, runCommand
 }:
 
 let
@@ -83,203 +84,232 @@ let
   # Experimental
   haveFlashrom = false;
 
-in
+  runPythonCommand = name: buildCommandPython: runCommand name {
-
+    nativeBuildInputs = [ python3 ];
-stdenv.mkDerivation rec {
+      inherit buildCommandPython;
-  pname = "fwupd";
+  } ''
-  version = "1.4.2";
+    exec python3 -c "$buildCommandPython"
-
-  src = fetchurl {
-    url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz";
-    sha256 = "1wch1n0z89ymfxx7ganiab4h64rdxr54rcg37n5nshw35bc3f390";
-  };
-
-  # libfwupd goes to lib
-  # daemon, plug-ins and libfwupdplugin go to out
-  # CLI programs go to out
-  outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    gtk-doc
-    pkgconfig
-    gobject-introspection
-    intltool
-    shared-mime-info
-    valgrind
-    gcab
-    docbook_xml_dtd_43
-    docbook_xsl
-    help2man
-    libxslt
-    python
-    wrapGAppsHook
-    vala
-  ];
-
-  buildInputs = [
-    polkit
-    libxmlb
-    gusb
-    sqlite
-    libarchive
-    libsoup
-    elfutils
-    gnu-efi
-    libyaml
-    libgudev
-    colord
-    libjcat
-    libuuid
-    glib-networking
-    json-glib
-    umockdev
-    bash-completion
-    cairo
-    freetype
-    fontconfig
-    pango
-    tpm2-tss
-    efivar
-  ] ++ stdenv.lib.optionals haveDell [
-    libsmbios
-  ];
-
-  patches = [
-    ./fix-paths.patch
-    ./add-option-for-installation-sysconfdir.patch
-
-    # Install plug-ins and libfwupdplugin to out,
-    # they are not really part of the library.
-    ./install-fwupdplugin-to-out.patch
-
-    # Installed tests are installed to different output
-    # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle.
-    (substituteAll {
-      src = ./installed-tests-path.patch;
-      # Needs a different set of modules than po/make-images.
-      inherit installedTestsPython;
-    })
-  ];
-
-  postPatch = ''
-    patchShebangs \
-      contrib/get-version.py \
-      contrib/generate-version-script.py \
-      meson_post_install.sh \
-      po/make-images \
-      po/make-images.sh \
-      po/test-deps
   '';
 
-  # /etc/os-release not available in sandbox
+  self = stdenv.mkDerivation rec {
-  # doCheck = true;
+    pname = "fwupd";
+    version = "1.4.4";
 
-  preFixup = let
+    src = fetchurl {
-    binPath = [
+      url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz";
-      efibootmgr
+      sha256 = "03yn96kxs53vxcbza17y99rdhbjlybv44gkc90vaj6301grxahnp";
-      bubblewrap
+    };
-      tpm2-tools
-    ] ++ stdenv.lib.optional haveFlashrom flashrom;
-  in ''
-    gappsWrapperArgs+=(
-      --prefix XDG_DATA_DIRS : "${shared-mime-info}/share"
-      # See programs reached with fu_common_find_program_in_path in source
-      --prefix PATH : "${stdenv.lib.makeBinPath binPath}"
-    )
-  '';
 
-  mesonFlags = [
+    # libfwupd goes to lib
-    "-Dgtkdoc=true"
+    # daemon, plug-ins and libfwupdplugin go to out
-    "-Dplugin_dummy=true"
+    # CLI programs go to out
-    "-Dudevdir=lib/udev"
+    outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ];
-    "-Dsystemd_root_prefix=${placeholder "out"}"
-    "-Dinstalled_test_prefix=${placeholder "installedTests"}"
-    "-Defi-libdir=${gnu-efi}/lib"
-    "-Defi-ldsdir=${gnu-efi}/lib"
-    "-Defi-includedir=${gnu-efi}/include/efi"
-    "--localstatedir=/var"
-    "--sysconfdir=/etc"
-    "-Dsysconfdir_install=${placeholder "out"}/etc"
 
-    # We do not want to place the daemon into lib (cyclic reference)
+    nativeBuildInputs = [
-    "--libexecdir=${placeholder "out"}/libexec"
+      meson
-    # Our builder only adds $lib/lib to rpath but some things link
+      ninja
-    # against libfwupdplugin which is in $out/lib.
+      gtk-doc
-    "-Dc_link_args=-Wl,-rpath,${placeholder "out"}/lib"
+      pkgconfig
-  ] ++ stdenv.lib.optionals (!haveDell) [
+      gobject-introspection
-    "-Dplugin_dell=false"
+      intltool
-    "-Dplugin_synaptics=false"
+      shared-mime-info
-  ] ++ stdenv.lib.optionals (!haveRedfish) [
+      valgrind
-    "-Dplugin_redfish=false"
+      gcab
-  ] ++ stdenv.lib.optionals haveFlashrom [
+      docbook_xml_dtd_43
-    "-Dplugin_flashrom=true"
+      docbook_xsl
-  ];
+      help2man
+      libxslt
+      python
+      wrapGAppsHook
+      vala
+    ];
 
-  FONTCONFIG_FILE = fontsConf; # Fontconfig error: Cannot load default config file
+    buildInputs = [
-
+      polkit
-  # error: “PolicyKit files are missing”
+      libxmlb
-  # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428
+      gusb
-  PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions";
+      sqlite
-
+      libarchive
-  # TODO: wrapGAppsHook wraps efi capsule even though it is not elf
+      libsoup
-  dontWrapGApps = true;
+      elfutils
-
+      gnu-efi
-  preCheck = ''
+      libyaml
-    addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share"
+      libgudev
-  '';
+      colord
-
+      libjcat
-  # so we need to wrap the executables manually
+      libuuid
-  postFixup = ''
+      glib-networking
-    find -L "$out/bin" "$out/libexec" -type f -executable -print0 \
+      json-glib
-      | while IFS= read -r -d ''' file; do
+      umockdev
-      if [[ "$file" != *.efi ]]; then
+      bash-completion
-        echo "Wrapping program $file"
+      cairo
-        wrapGApp "$file"
+      freetype
-      fi
+      fontconfig
-    done
+      pango
-  '';
+      tpm2-tss
-
+      efivar
-  # /etc/fwupd/uefi.conf is created by the services.hardware.fwupd NixOS module
-  passthru = {
-    filesInstalledToEtc = [
-      "fwupd/ata.conf"
-      # "fwupd/daemon.conf" # already created by the module
-      "fwupd/redfish.conf"
-      "fwupd/remotes.d/lvfs-testing.conf"
-      "fwupd/remotes.d/lvfs.conf"
-      "fwupd/remotes.d/vendor.conf"
-      "fwupd/remotes.d/vendor-directory.conf"
-      "fwupd/thunderbolt.conf"
-      "fwupd/upower.conf"
-      # "fwupd/uefi.conf" # already created by the module
-      "pki/fwupd/GPG-KEY-Hughski-Limited"
-      "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware"
-      "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service"
-      "pki/fwupd/LVFS-CA.pem"
-      "pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata"
-      "pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service"
-      "pki/fwupd-metadata/LVFS-CA.pem"
     ] ++ stdenv.lib.optionals haveDell [
-      "fwupd/remotes.d/dell-esrt.conf"
+      libsmbios
     ];
 
-    # BlacklistPlugins key in fwupd/daemon.conf
+    patches = [
-    defaultBlacklistedPlugins = [
+      ./fix-paths.patch
-      "test"
+      ./add-option-for-installation-sysconfdir.patch
-      "invalid"
+
+      # Install plug-ins and libfwupdplugin to out,
+      # they are not really part of the library.
+      ./install-fwupdplugin-to-out.patch
+
+      # Installed tests are installed to different output
+      # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle.
+      (substituteAll {
+        src = ./installed-tests-path.patch;
+        # Needs a different set of modules than po/make-images.
+        inherit installedTestsPython;
+      })
     ];
 
-    tests = {
+    postPatch = ''
-      installedTests = nixosTests.installed-tests.fwupd;
+      patchShebangs \
+        contrib/get-version.py \
+        contrib/generate-version-script.py \
+        meson_post_install.sh \
+        po/make-images \
+        po/make-images.sh \
+        po/test-deps
+    '';
+
+    # /etc/os-release not available in sandbox
+    # doCheck = true;
+
+    preFixup = let
+      binPath = [
+        efibootmgr
+        bubblewrap
+        tpm2-tools
+      ] ++ stdenv.lib.optional haveFlashrom flashrom;
+    in ''
+      gappsWrapperArgs+=(
+        --prefix XDG_DATA_DIRS : "${shared-mime-info}/share"
+        # See programs reached with fu_common_find_program_in_path in source
+        --prefix PATH : "${stdenv.lib.makeBinPath binPath}"
+      )
+    '';
+
+    mesonFlags = [
+      "-Dgtkdoc=true"
+      "-Dplugin_dummy=true"
+      "-Dudevdir=lib/udev"
+      "-Dsystemd_root_prefix=${placeholder "out"}"
+      "-Dinstalled_test_prefix=${placeholder "installedTests"}"
+      "-Defi-libdir=${gnu-efi}/lib"
+      "-Defi-ldsdir=${gnu-efi}/lib"
+      "-Defi-includedir=${gnu-efi}/include/efi"
+      "--localstatedir=/var"
+      "--sysconfdir=/etc"
+      "-Dsysconfdir_install=${placeholder "out"}/etc"
+
+      # We do not want to place the daemon into lib (cyclic reference)
+      "--libexecdir=${placeholder "out"}/libexec"
+      # Our builder only adds $lib/lib to rpath but some things link
+      # against libfwupdplugin which is in $out/lib.
+      "-Dc_link_args=-Wl,-rpath,${placeholder "out"}/lib"
+    ] ++ stdenv.lib.optionals (!haveDell) [
+      "-Dplugin_dell=false"
+      "-Dplugin_synaptics=false"
+    ] ++ stdenv.lib.optionals (!haveRedfish) [
+      "-Dplugin_redfish=false"
+    ] ++ stdenv.lib.optionals haveFlashrom [
+      "-Dplugin_flashrom=true"
+    ];
+
+    FONTCONFIG_FILE = fontsConf; # Fontconfig error: Cannot load default config file
+
+    # error: “PolicyKit files are missing”
+    # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428
+    PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions";
+
+    # TODO: wrapGAppsHook wraps efi capsule even though it is not elf
+    dontWrapGApps = true;
+
+    preCheck = ''
+      addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share"
+    '';
+
+    # so we need to wrap the executables manually
+    postFixup = ''
+      find -L "$out/bin" "$out/libexec" -type f -executable -print0 \
+        | while IFS= read -r -d ''' file; do
+        if [[ "$file" != *.efi ]]; then
+          echo "Wrapping program $file"
+          wrapGApp "$file"
+        fi
+      done
+    '';
+
+    passthru = {
+      filesInstalledToEtc = [
+        "fwupd/ata.conf"
+        "fwupd/daemon.conf"
+        "fwupd/redfish.conf"
+        "fwupd/remotes.d/lvfs-testing.conf"
+        "fwupd/remotes.d/lvfs.conf"
+        "fwupd/remotes.d/vendor.conf"
+        "fwupd/remotes.d/vendor-directory.conf"
+        "fwupd/thunderbolt.conf"
+        "fwupd/upower.conf"
+        "fwupd/uefi.conf"
+        "pki/fwupd/GPG-KEY-Hughski-Limited"
+        "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware"
+        "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service"
+        "pki/fwupd/LVFS-CA.pem"
+        "pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata"
+        "pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service"
+        "pki/fwupd-metadata/LVFS-CA.pem"
+      ] ++ stdenv.lib.optionals haveDell [
+        "fwupd/remotes.d/dell-esrt.conf"
+      ];
+
+      # BlacklistPlugins key in fwupd/daemon.conf
+      defaultBlacklistedPlugins = [
+        "test"
+        "invalid"
+      ];
+
+      tests = let
+        listToPy = list: "[${stdenv.lib.concatMapStringsSep ", " (f: "'${f}'") list}]";
+      in {
+        installedTests = nixosTests.installed-tests.fwupd;
+
+        passthruMatches = runPythonCommand "fwupd-test-passthru-matches" ''
+          import itertools
+          import configparser
+          import os
+          import pathlib
+
+          etc = '${self}/etc'
+          package_etc = set(itertools.chain.from_iterable([[os.path.relpath(os.path.join(prefix, file), etc) for file in files] for (prefix, dirs, files) in os.walk(etc)]))
+          passthru_etc = set(${listToPy passthru.filesInstalledToEtc})
+          assert len(package_etc - passthru_etc) == 0, f'fwupd package contains the following paths in /etc that are not listed in passthru.filesInstalledToEtc: {package_etc - passthru_etc}'
+          assert len(passthru_etc - package_etc) == 0, f'fwupd package lists the following paths in passthru.filesInstalledToEtc that are not contained in /etc: {passthru_etc - package_etc}'
+
+          config = configparser.RawConfigParser()
+          config.read('${self}/etc/fwupd/daemon.conf')
+          package_blacklisted_plugins = config.get('fwupd', 'BlacklistPlugins').rstrip(';').split(';')
+          passthru_blacklisted_plugins = ${listToPy passthru.defaultBlacklistedPlugins}
+          assert package_blacklisted_plugins == passthru_blacklisted_plugins, f'Default blacklisted plug-ins in the package {package_blacklisted_plugins} do not match those listed in passthru.defaultBlacklistedPlugins {passthru_blacklisted_plugins}'
+
+          pathlib.Path(os.getenv('out')).touch()
+        '';
+      };
+    };
+
+    meta = with stdenv.lib; {
+      homepage = "https://fwupd.org/";
+      maintainers = with maintainers; [ jtojnar ];
+      license = [ licenses.gpl2 ];
+      platforms = platforms.linux;
     };
   };
 
-  meta = with stdenv.lib; {
+in self
-    homepage = "https://fwupd.org/";
-    maintainers = with maintainers; [ jtojnar ];
-    license = [ licenses.gpl2 ];
-    platforms = platforms.linux;
-  };
-}