nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 23:13:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

amtterm: enable SSL support

Browse Source 
Current versions of Intel AMT/vPro only support connecting over SSL, but
our current amtterm version isn't built with SSL support.

Set the `USE_OPENSSL=1` makeFlag and add openssl and pkg-config.

It adds an additional `-C cacert` parameter, which needs to point to
a previously downloaded server certificate.

The server certificate can be retrieved with
`openssl s_client -showcerts -connect $host:16995`.

However, due to the use of `UnsafeLegacyRenegotiation`, `OPENSSL_CONF`
needs to point to a text file explicitly allowing this:

```
openssl_conf = default_conf

[ default_conf ]
ssl_conf = ssl_sect

[ssl_sect]
system_default = ssl_default_sect

[ssl_default_sect]
Options = UnsafeLegacyRenegotiation
```

With this, I'm able to connect to `/dev/ttyS2` inside the host:

```
❯ AMT_PASSWORD='supersecret' amtterm $host 16995 -C cert.pem
amtterm: NONE -> CONNECT (connection to host)
ipv4 $ip [$ip] 16995 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> AUTH (session authentication)
amtterm: AUTH -> INIT_SOL (serial-over-lan initialization)
amtterm: INIT_SOL -> RUN_SOL (serial-over-lan active)
serial-over-lan redirection ok
connected now, use ^] to escape
Hello World
```
This commit is contained in:
Florian Klink 2024-08-31 20:51:09 +03:00
parent 12228ff175
commit cbc93ea250
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
pkgs/tools/system/amtterm/default.nix
View File

@ -1,27 +1,29 @@
{ fetchurl, lib, stdenv, makeWrapper, perl, perlPackages }:
{ fetchFromGitHub, lib, stdenv, makeWrapper, openssl, perl, perlPackages, pkg-config }:
stdenv.mkDerivation (finalAttrs: {
pname = "amtterm";
version = "1.7-1";
version = "1.7-1-unstable-2023-10-27";
buildInputs = with perlPackages; [ perl SOAPLite ];
nativeBuildInputs = [ makeWrapper ];
buildInputs = (with perlPackages; [ perl SOAPLite ]) ++ [ openssl ];
nativeBuildInputs = [ makeWrapper pkg-config ];
src = fetchurl {
url = "https://www.kraxel.org/cgit/amtterm/snapshot/amtterm-${finalAttrs.version}.tar.gz";
sha256 = "sha256-WrYWAXLW74hb/DfSiPyiFIGAUfDQFdNEPx+XevZYcyk=";
src = fetchFromGitHub {
owner = "kraxel";
repo = "amtterm";
rev = "ed5da502cbb150982ad982211ad9475414b8689a";
hash = "sha256-JwS2agmJJ6VcGLkNbkFRb5bzKV8el1DMDjalmLnOdE8=";
};
makeFlags = [ "prefix=$(out)" "STRIP=" ];
makeFlags = [ "prefix=$(out)" "STRIP=" "USE_OPENSSL=1" ];
postInstall =
"wrapProgram $out/bin/amttool --prefix PERL5LIB : $PERL5LIB";
meta = with lib;
{ description = "Intel AMT® SoL client + tools";
homepage = "https://www.kraxel.org/cgit/amtterm/";
license = licenses.gpl2Plus;
platforms = platforms.linux;
};
meta = {
description = "Intel AMT® SoL client + tools";
homepage = "https://www.kraxel.org/cgit/amtterm/";
license = lib.licenses.gpl2Plus;
platforms = lib.platforms.linux;
};
})