build/bazel/third_party.MODULE.bazel

# third_party external repositories

github_repository = use_repo_rule("//build/github_repository:def.bzl", "github_repository")

github_repository(
    name = "edk2",
    build_file = "//third_party/edk2:edk2.bzl",
    integrity = "sha256-vid2bYN5OEJvcIstC5iQKZqwH1/jnXFM8FN3mjDU20k=",
    owner = "tianocore",
    patch_args = ["-p1"],
    patches = [
        "//third_party/edk2/patches:disable-werror.patch",
        "//third_party/edk2/patches:remove-brotli-build.patch",
    ],
    ref = "b24306f15daa2ff8510b06702114724b33895d3c",  # stable202202
    repo = "edk2",
    submodules = {
        "CryptoPkg/Library/OpensslLib/openssl": "sha256-WoyWOXrAhTcXJRNpcEZ7y+hwrCXWHIcJA2N1NxoORsY=",
        "ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3": "sha256-+q6ImBTqaikvfKA9mzbmx+lbqypkd3gEiDzIIrjUh1c=",
        "UnitTestFrameworkPkg/Library/CmockaLib/cmocka": "sha256-Wc1LgauvrjXZSsXZHPSuWwUSLmiHE81ttR5eTO9HHY8=",
        "MdeModulePkg/Universal/RegularExpressionDxe/oniguruma": "sha256-7ql3OA67GHHV3jjE9/FUQu5pDJC995BZDZMKa780fyg=",
        "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli": "sha256-bWyszgUIa33r51EnQV/5w2YYSfVk/i9fOwOD1Iqk7Xc=",
        "BaseTools/Source/C/BrotliCompress/brotli": "sha256-bWyszgUIa33r51EnQV/5w2YYSfVk/i9fOwOD1Iqk7Xc=",
        "RedfishPkg/Library/JsonLib/jansson": "sha256-55NcDZHW0i9t7nEKJrI+Io7MT+jvfo91ZVjDWZ9ow7Q=",
    },
)

http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_file = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_file")

# Used by tests in cloud/takeover
http_file(
    name = "debian_11_cloudimage",
    integrity = "sha256-FMruxoujEpoRWptXOW0I3AlzzJ9WnOBJIy19FddorUE=",
    urls = [
        "https://cloud.debian.org/images/cloud/bullseye/20230124-1270/debian-11-genericcloud-amd64-20230124-1270.qcow2",
    ],
)

# Used to include staticcheck as nogo analyzer
http_archive(
    name = "com_github_sluongng_nogo_analyzer",
    integrity = "sha256-Dca16GCU0IHgW80MPkH8J1ojmMZOVFN2FmE5QSGB8VA=",
    strip_prefix = "nogo-analyzer-0.0.3",
    urls = [
        "https://github.com/sluongng/nogo-analyzer/archive/refs/tags/v0.0.3.tar.gz",
    ],
)

# Used in swtpm
BORINGSSL_VERSION = "d7278cebad5b8eda0901246f2215344cffece4f4"

http_archive(
    name = "boringssl",
    integrity = "sha256-bpWXzfHbkV8J3Ed1Hp/L8WyFnWnFDn3+IuNN8A0IGyY=",
    urls = [
        "https://boringssl.googlesource.com/boringssl/+archive/%s.tar.gz" % BORINGSSL_VERSION,
    ],
)

# CockroachDB binary used for tests.
#
# WARNING: Not distributed under an OSI certified license. Must only be used in
# tests, not be redistributed!
COCKROACH_VERSION = "22.1.6"

http_archive(
    name = "cockroach",
    build_file = "//third_party/cockroach:cockroach.bzl",
    integrity = "sha256-CCHP9XcEAPuUyLbCqzONlvQRT78rMga8im3PYvnA9Oo=",
    strip_prefix = "cockroach-v%s.linux-amd64" % COCKROACH_VERSION,
    urls = [
        # TODO: select() to pick other host architectures.
        "https://binaries.cockroachdb.com/cockroach-v%s.linux-amd64.tgz" % COCKROACH_VERSION,
    ],
)

# CockroachDB repository used for linter passes.
http_archive(
    name = "com_github_cockroachdb_cockroach",
    integrity = "sha256-bDVo7yRM5rh0aU7u7Lg+1PXV3/bPA3yVLs3naCimxQI=",
    strip_prefix = "cockroach-" + COCKROACH_VERSION,
    urls = [
        "https://github.com/cockroachdb/cockroach/archive/v%s.tar.gz" % COCKROACH_VERSION,
    ],
)

# Derived from Mozilla NSS, currently needed for containerd to be able to pull images
http_file(
    name = "cacerts",
    integrity = "sha256-o/Mowh453dHyvhzqQ6wN7IGeqiCpBCXX2pAaEVMbOqU=",
    urls = ["https://curl.se/ca/cacert-2024-12-31.pem"],
)

# ini.h, a tiny ini parser library
INIH_VERSION = "r53"

http_archive(
    name = "inih",
    build_file = "//third_party/inih:inih.bzl",
    integrity = "sha256-AbA2b9/fY2PvwHDC+Fbxr6M+emVGVIutpUVq2UpRYkE=",
    strip_prefix = "inih-" + INIH_VERSION,
    urls = ["https://github.com/benhoyt/inih/archive/%s.tar.gz" % INIH_VERSION],
)

GPERF_VERSION = "de9373c2d48a3edf29862eb8be44764a7f7d24c6"

http_archive(
    name = "gperf",
    integrity = "sha256-xHLG+LYlXSuNG1rNvXwgjoSSG/FAZ9fu2WT4rTvnJkU=",
    strip_prefix = "gperf-" + GPERF_VERSION,
    urls = ["https://github.com/monogon-dev/gperf/archive/%s.tar.gz" % GPERF_VERSION],
)

LINUX_VERSION = "6.12.15"

http_archive(
    name = "linux",
    build_file = "//third_party/linux:linux.bzl",
    integrity = "sha256-X/W9hOoOIsU0NzAttdOU0Kkti4saiM4g0QmCmOn3Ywo=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/linux/patches:0001-block-partition-expose-PARTUUID-through-uevent.patch",
        "//third_party/linux/patches:disable-static-ifs.patch",
        "//third_party/linux/patches:enable-pmsg.patch",
        "//third_party/linux/patches:lacp_fix.patch",
        "//third_party/linux/patches:fb-devs-knob.patch",
    ],
    strip_prefix = "linux-" + LINUX_VERSION,
    urls = ["https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-%s.tar.xz" % LINUX_VERSION],
)

LINUX_FIRMWARE_VERSION = "20240909"

http_archive(
    name = "linux-firmware",
    build_file = "//third_party/linux-firmware:linux-firmware.bzl",
    integrity = "sha256-k+m2riJAZhY5yHT1/Dj2d9GK/jZbF6E/7mtPxPukLBA=",
    strip_prefix = "linux-firmware-" + LINUX_FIRMWARE_VERSION,
    urls = ["https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-%s.tar.gz" % LINUX_FIRMWARE_VERSION],
)

INTEL_UCODE_VERSION = "20240910"

http_archive(
    name = "intel_ucode",
    build_file = "//third_party/intel_ucode:intel_ucode.bzl",
    integrity = "sha256-i3WC6sfpppE1bhizvcvHstsJSU4EDsmApKX7bQ2iYb8=",
    strip_prefix = "Intel-Linux-Processor-Microcode-Data-Files-microcode-" + INTEL_UCODE_VERSION,
    urls = ["https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-%s.tar.gz" % INTEL_UCODE_VERSION],
)

MUSL_VERSION = "1.1.24"

http_archive(
    name = "musl",
    build_file = "//third_party/musl:musl.bzl",
    integrity = "sha256-E3DJqBKyzyp9koAlEMygBYzDfmanvt1wBR8KNAFQIqM=",
    strip_prefix = "musl-" + MUSL_VERSION,
    urls = ["https://www.musl-libc.org/releases/musl-%s.tar.gz" % MUSL_VERSION],
)

UTIL_LINUX_VERSION = "2.36.2"

http_archive(
    name = "util_linux",
    build_file = "//third_party/util-linux:util-linux.bzl",
    integrity = "sha256-CEvG+b1Hm/146JJOY/hbsXlTaBvx2tJA5NhgGiEpTQs=",
    patch_args = ["-p1"],
    patches = ["//third_party/util-linux/patches:bazel_cc_fix.patch"],
    strip_prefix = "util-linux-" + UTIL_LINUX_VERSION,
    urls = ["https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/snapshot/util-linux-%s.tar.gz" % UTIL_LINUX_VERSION],
)

URCU_VERSION = "0.14.0"

http_archive(
    name = "urcu",
    build_file = "//third_party/urcu:urcu.bzl",
    integrity = "sha256-QvtRKaP//lpLeQ3+HqOnNMae4JX++/ZJMmJpu6lMJi0=",
    patch_args = ["-p1"],
    patches = ["//third_party/urcu/patches:generated-files.patch"],
    strip_prefix = "userspace-rcu-" + URCU_VERSION,
    urls = ["https://github.com/urcu/userspace-rcu/archive/refs/tags/v%s.tar.gz" % URCU_VERSION],
)

XFSPROGS_VERSION = "6.9.0"

http_archive(
    name = "xfsprogs",
    build_file = "//third_party/xfsprogs:xfsprogs.bzl",
    integrity = "sha256-/nIGlou9gXd1S6cy9jn4Ubacj3CsX5a7DhgtiGZBQL8=",
    patch_args = ["-p1"],
    patches = ["//third_party/xfsprogs/patches:bazel_cc_fix.patch"],
    strip_prefix = "xfsprogs-dev-" + XFSPROGS_VERSION,
    urls = ["https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/snapshot/xfsprogs-dev-%s.tar.gz" % XFSPROGS_VERSION],
)

# NOTE: Remember to update seccomp.bzl's seccomp.h template rule
# with the correct version.
SECCOMP_VERSION = "2.5.1"

http_archive(
    name = "seccomp",
    build_file = "//third_party/seccomp:seccomp.bzl",
    integrity = "sha256-dq1U4x0UOzmpkINWQEUhKpZeAmoQEKdC7deT0m1pmCk=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/seccomp/patches:bazel_cc_fix.patch",
        "//third_party/seccomp/patches:fix_generated_includes.patch",
    ],
    strip_prefix = "libseccomp-" + SECCOMP_VERSION,
    # We cannot use the actual release tarball as it contains files generated incorrectly for our environment
    urls = ["https://github.com/seccomp/libseccomp/archive/v%s.tar.gz" % SECCOMP_VERSION],
)

GLIB_VERSION = "2.67.5"

http_archive(
    name = "glib",
    integrity = "sha256-QQlm23EmONx0kFTAo8MIdUXVEGZDE5wlgGOZpRqNSrE=",
    patch_args = [
        "-p1",
        "-u",
    ],
    patches = [
        "//third_party/glib/patches:bazel_cc_fix.patch",
        "//third_party/glib/patches:bazel_support.patch",
    ],
    strip_prefix = "glib-" + GLIB_VERSION,
    # We cannot use the actual release tarball as it contains files generated incorrectly for our environment
    urls = ["https://gitlab.gnome.org/GNOME/glib/-/archive/%s/glib-%s.tar.gz" % (GLIB_VERSION, GLIB_VERSION)],
)

# ONCHANGE(//third_party/chrony:chrony.bzl): version needs to be kept in sync
CHRONY_VERSION = "4.1"

http_archive(
    name = "chrony",
    build_file = "//third_party/chrony:chrony.bzl",
    integrity = "sha256-7Xby0/k0esYiGpGtS9VT3QVlrBiM10kNCAHQj3FxFkw=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/chrony/patches:disable_defaults.patch",
        "//third_party/chrony/patches:support_fixed_uids.patch",
    ],
    strip_prefix = "chrony-" + CHRONY_VERSION,
    urls = ["https://chrony-project.org/releases/chrony-%s.tar.gz" % CHRONY_VERSION],
)

CAP_VERSION = "1.2.55"

http_archive(
    name = "cap",
    build_file = "//third_party/cap:cap.bzl",
    integrity = "sha256-4pMiAy6pTpBpauLRdTDtyRTHF2UjLuj9T944umOcslY=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/cap/patches:add_go_codegen.patch",
    ],
    strip_prefix = "libcap-cap/v%s/libcap" % CAP_VERSION,
    urls = ["https://git.kernel.org/pub/scm/libs/libcap/libcap.git/snapshot/libcap-cap/v%s.tar.gz" % CAP_VERSION],
)

GNUEFI_VERSION = "3.0.14"

http_archive(
    name = "gnuefi",
    build_file = "//third_party/gnuefi:gnuefi.bzl",
    integrity = "sha256-V4XneCX+xeZm5MINeqqa9M2VI1GywJWTlydE/oQ2+Vc=",
    strip_prefix = "gnu-efi-%s" % GNUEFI_VERSION,
    urls = ["https://github.com/ncroxon/gnu-efi/archive/refs/tags/%s.tar.gz" % GNUEFI_VERSION],
)

# Developed in the systemd monorepo, pinned to master as there have been a bunch of critical fixes for the
# EFI stub since 249.
EFISTUB_VERSION = "3542da2442d8b29661b47c42ad7e5fa9bc8562ec"

http_archive(
    name = "efistub",
    build_file = "//third_party/efistub:efistub.bzl",
    integrity = "sha256-AhwTW+45ynNG0fCZI758BEo9NYZv9BGnyWJnAv9MlSM=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/efistub/patches:use-sysv-for-kernel.patch",
        "//third_party/efistub/patches:remove-wrong-cmdline-assertion.patch",
        "//third_party/efistub/patches:ab-slot-handling.patch",
    ],
    strip_prefix = "systemd-%s" % EFISTUB_VERSION,
    urls = ["https://github.com/systemd/systemd/archive/%s.zip" % EFISTUB_VERSION],
)

LIBPG_QUERY_VERSION = "15-4.2.3"

http_archive(
    name = "libpg_query",
    build_file = "//third_party/libpg_query:libpg_query.bzl",
    integrity = "sha256-i4INY0QrFnfOTw3yqVs/r9vFIKgpAd74EhdVnsTfnms=",
    strip_prefix = "libpg_query-" + LIBPG_QUERY_VERSION,
    urls = ["https://github.com/pganalyze/libpg_query/archive/refs/tags/%s.tar.gz" % LIBPG_QUERY_VERSION],
)

DOSFSTOOLS_VERSION = "c888797b1d84ffbb949f147e3116e8bfb2e145a7"

http_archive(
    name = "com_github_dosfstools_dosfstools",
    build_file = "//third_party/dosfstools:dosfstools.bzl",
    integrity = "sha256-SkC0iMDCWcEftUeD/G8B5e6RJYK7SdM9DRGxH4WkLo0=",
    strip_prefix = "dosfstools-" + DOSFSTOOLS_VERSION,
    urls = ["https://github.com/dosfstools/dosfstools/archive/%s.zip" % DOSFSTOOLS_VERSION],
)

# master at 2024/01/09 (0.10.0 prerelease).
LIBTPMS_VERSION = "93a827aeccd3ab2178281571b1545dcfffa2991b"

http_archive(
    name = "libtpms",
    integrity = "sha256-5QnguhCfd9pRe15YqfCTvrBAUl5r5R3gbRFTyCeMcNE=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/libtpms/patches:0001-boringssl-compat-new-SHA-types.patch",
        "//third_party/libtpms/patches:0002-boringssl-compat-removed-const_DES_cblock.patch",
        "//third_party/libtpms/patches:0003-boringssl-compat-removed-EC_POINTs_mul.patch",
        "//third_party/libtpms/patches:0004-boringssl-compat-removed-camellia-support.patch",
        "//third_party/libtpms/patches:0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch",
        "//third_party/libtpms/patches:0006-bazel-support-implement.patch",
    ],
    strip_prefix = "libtpms-" + LIBTPMS_VERSION,
    urls = ["https://github.com/stefanberger/libtpms/archive/%s.tar.gz" % LIBTPMS_VERSION],
)

# master at 2024/06/04
SWTPM_VERSION = "0c9a6c4a12a63b86ab472e69e95bd75853d4fa96"

http_archive(
    name = "swtpm",
    integrity = "sha256-Fp3bE5WX+oCOES1FJFdEXHntUhuzT5mQZtIN6SFAVs4=",
    patch_args = ["-p1"],
    patches = [
        "//third_party/swtpm/patches:0001-bazel-compat-glib.h-glib-glib.h.patch",
        "//third_party/swtpm/patches:0002-swtpm_localca-replace-gmp-mpz-dependency-with-boring.patch",
        "//third_party/swtpm/patches:0003-swtpm_setup-replace-dep-on-JSON-GLib-with-sheredom-j.patch",
        "//third_party/swtpm/patches:0004-bazel-support-implement.patch",
    ],
    strip_prefix = "swtpm-" + SWTPM_VERSION,
    urls = ["https://github.com/stefanberger/swtpm/archive/%s.tar.gz" % SWTPM_VERSION],
)