diff options
author | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2023-03-14 20:15:47 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-14 20:15:47 +0200 |
commit | a9926eb5ec9c4df3913b306ff0ca3b9d0ba319b6 (patch) | |
tree | 0c047f2fcae1ef46cd22922b6a49bfbeb3fa3531 /pkgs/applications/virtualization | |
parent | 93437909af24b6728e447ffbeaef7923f8814f3c (diff) | |
parent | 8889512934037f08a9d09104d604b231095f8d02 (diff) |
Merge branch 'master' into xen-4.15-pr
Diffstat (limited to 'pkgs/applications/virtualization')
118 files changed, 3725 insertions, 1915 deletions
diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix index 7adcd328add7d..7350765ab5d2f 100644 --- a/pkgs/applications/virtualization/OVMF/default.nix +++ b/pkgs/applications/virtualization/OVMF/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, edk2, util-linux, nasm, acpica-tools +{ stdenv, nixosTests, lib, edk2, util-linux, nasm, acpica-tools, llvmPackages , csmSupport ? false, seabios ? null , secureBoot ? false , httpSupport ? false @@ -13,20 +13,30 @@ let "OvmfPkg/OvmfPkgIa32.dsc" else if stdenv.isx86_64 then "OvmfPkg/OvmfPkgX64.dsc" - else if stdenv.isAarch64 then + else if stdenv.hostPlatform.isAarch then "ArmVirtPkg/ArmVirtQemu.dsc" else throw "Unsupported architecture"; version = lib.getVersion edk2; + + suffixes = { + i686 = "FV/OVMF"; + x86_64 = "FV/OVMF"; + aarch64 = "FV/AAVMF"; + }; + in -edk2.mkDerivation projectDscPath { - name = "OVMF-${version}"; +edk2.mkDerivation projectDscPath (finalAttrs: { + pname = "OVMF"; + inherit version; outputs = [ "out" "fd" ]; - buildInputs = [ util-linux nasm acpica-tools ]; + nativeBuildInputs = [ util-linux nasm acpica-tools ] + ++ lib.optionals stdenv.cc.isClang [ llvmPackages.bintools llvmPackages.llvm ]; + strictDeps = true; hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ]; @@ -36,11 +46,13 @@ edk2.mkDerivation projectDscPath { ++ lib.optionals httpSupport [ "-D NETWORK_HTTP_ENABLE=TRUE" "-D NETWORK_HTTP_BOOT_ENABLE=TRUE" ] ++ lib.optionals tpmSupport [ "-D TPM_ENABLE" "-D TPM2_ENABLE" "-D TPM2_CONFIG_ENABLE"]; + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Qunused-arguments"; + postPatch = lib.optionalString csmSupport '' cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin ''; - postFixup = if stdenv.isAarch64 then '' + postFixup = if stdenv.hostPlatform.isAarch then '' mkdir -vp $fd/FV mkdir -vp $fd/AAVMF mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV @@ -60,10 +72,23 @@ edk2.mkDerivation projectDscPath { dontPatchELF = true; + passthru = + let + cpuName = stdenv.hostPlatform.parsed.cpu.name; + suffix = suffixes."${cpuName}" or (throw "Host cpu name `${cpuName}` is not supported in this OVMF derivation!"); + prefix = "${finalAttrs.finalPackage.fd}/${suffix}"; + in { + firmware = "${prefix}_CODE.fd"; + variables = "${prefix}_VARS.fd"; + # This will test the EFI firmware for the host platform as part of the NixOS Tests setup. + tests.basic-systemd-boot = nixosTests.systemd-boot.basic; + }; + meta = { description = "Sample UEFI firmware for QEMU and KVM"; homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF"; license = lib.licenses.bsd2; - platforms = ["x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin"]; + inherit (edk2.meta) platforms; + maintainers = [ lib.maintainers.raitobezarius ]; }; -} +}) diff --git a/pkgs/applications/virtualization/appvm/0001-Remove-menu-bar.patch b/pkgs/applications/virtualization/appvm/0001-Remove-menu-bar.patch new file mode 100644 index 0000000000000..5a15686353a30 --- /dev/null +++ b/pkgs/applications/virtualization/appvm/0001-Remove-menu-bar.patch @@ -0,0 +1,12 @@ +diff --git a/src/resources/ui/virt-viewer.ui b/src/resources/ui/virt-viewer.ui +index 430f879..68856fc 100644 +--- a/src/resources/ui/virt-viewer.ui ++++ b/src/resources/ui/virt-viewer.ui +@@ -137,7 +137,6 @@ + </child> + <child type="titlebar"> + <object class="GtkHeaderBar" id="header"> +- <property name="visible">True</property> + <property name="can-focus">False</property> + <property name="show-close-button">True</property> + <child> diff --git a/pkgs/applications/virtualization/appvm/0002-Do-not-grab-keyboard-mouse.patch b/pkgs/applications/virtualization/appvm/0002-Do-not-grab-keyboard-mouse.patch new file mode 100644 index 0000000000000..012c37be64521 --- /dev/null +++ b/pkgs/applications/virtualization/appvm/0002-Do-not-grab-keyboard-mouse.patch @@ -0,0 +1,15 @@ +diff --git a/src/virt-viewer-display-spice.c b/src/virt-viewer-display-spice.c +index 2265f02..1d60d81 100644 +--- a/src/virt-viewer-display-spice.c ++++ b/src/virt-viewer-display-spice.c +@@ -317,8 +317,8 @@ virt_viewer_display_spice_new(VirtViewerSessionSpice *session, + gtk_container_add(GTK_CONTAINER(self), GTK_WIDGET(self->display)); + gtk_widget_show(GTK_WIDGET(self->display)); + g_object_set(self->display, +- "grab-keyboard", TRUE, +- "grab-mouse", TRUE, ++ "grab-keyboard", FALSE, ++ "grab-mouse", FALSE, + "resize-guest", FALSE, + "scaling", TRUE, + NULL); diff --git a/pkgs/applications/virtualization/appvm/0003-Use-name-of-appvm-applications-as-a-title.patch b/pkgs/applications/virtualization/appvm/0003-Use-name-of-appvm-applications-as-a-title.patch new file mode 100644 index 0000000000000..51a47bbbac6db --- /dev/null +++ b/pkgs/applications/virtualization/appvm/0003-Use-name-of-appvm-applications-as-a-title.patch @@ -0,0 +1,14 @@ +diff --git a/src/virt-viewer-window.c b/src/virt-viewer-window.c +index fe740ce..d45fd4f 100644 +--- a/src/virt-viewer-window.c ++++ b/src/virt-viewer-window.c +@@ -1342,6 +1342,9 @@ virt_viewer_window_update_title(VirtViewerWindow *self) + grabhint, + g_get_application_name()); + } ++ } else if (g_str_has_prefix(self->subtitle, "appvm_")) { ++ /* Use name of the application as a title */ ++ title = g_strdup_printf(_("%s"), &self->subtitle[strlen("appvm_")]); + } else if (self->subtitle) { + /* translators: + * This is "<subtitle> - <appname>" diff --git a/pkgs/applications/virtualization/appvm/0004-Use-title-application-name-as-subtitle.patch b/pkgs/applications/virtualization/appvm/0004-Use-title-application-name-as-subtitle.patch new file mode 100644 index 0000000000000..3c517867aac7a --- /dev/null +++ b/pkgs/applications/virtualization/appvm/0004-Use-title-application-name-as-subtitle.patch @@ -0,0 +1,12 @@ +diff --git a/src/virt-viewer-app.c b/src/virt-viewer-app.c +index b977b7b..36bce34 100644 +--- a/src/virt-viewer-app.c ++++ b/src/virt-viewer-app.c +@@ -976,6 +976,7 @@ virt_viewer_app_set_window_subtitle(VirtViewerApp *app, + *d = '%'; + } else + subtitle = g_strdup_printf("%s (%s)", title, desc); ++ subtitle = g_strdup_printf("%s", title); + g_free(desc); + } + diff --git a/pkgs/applications/virtualization/appvm/default.nix b/pkgs/applications/virtualization/appvm/default.nix new file mode 100644 index 0000000000000..fdbfb27dfb86a --- /dev/null +++ b/pkgs/applications/virtualization/appvm/default.nix @@ -0,0 +1,48 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, nix +, virt-viewer +, fetchpatch +, makeWrapper }: + +let + # Upstream patches fail with newer virt-viewer. These are own ports to the + # newest virt-viewer version, see: + # https://github.com/jollheef/appvm/issues/28 + virt-manager-without-menu = virt-viewer.overrideAttrs(oldAttrs: { + patches = oldAttrs.patches ++ [ + ./0001-Remove-menu-bar.patch + ./0002-Do-not-grab-keyboard-mouse.patch + ./0003-Use-name-of-appvm-applications-as-a-title.patch + ./0004-Use-title-application-name-as-subtitle.patch + ]; + }); +in +buildGoModule rec { + pname = "appvm"; + version = "unstable-2021-12-20"; + + src = fetchFromGitHub { + owner = "jollheef"; + repo = pname; + rev = "17f17be7846d872e7e26d5cb6759a52ea4113587"; + sha256 = "sha256-FL5olOy1KufULyqI2dJeS0OnKzC3LfPWxnia2i4f4yY="; + }; + + vendorSha256 = "sha256-8eU+Mf5dxL/bAMMShXvj8I1Kdd4ysBTWvgYIXwLStPI="; + + nativeBuildInputs = [ makeWrapper ]; + + postFixup = '' + wrapProgram $out/bin/appvm \ + --prefix PATH : "${lib.makeBinPath [ nix virt-manager-without-menu ]}" + ''; + + meta = with lib; { + description = "Nix-based app VMs"; + homepage = "https://code.dumpstack.io/tools/${pname}"; + maintainers = with maintainers; [ dump_stack cab404 onny ]; + license = licenses.gpl3; + }; +} diff --git a/pkgs/applications/virtualization/arion/default.nix b/pkgs/applications/virtualization/arion/default.nix index 33b2b000cbfcf..716a94a05d8e4 100644 --- a/pkgs/applications/virtualization/arion/default.nix +++ b/pkgs/applications/virtualization/arion/default.nix @@ -3,6 +3,7 @@ , haskellPackages , haskell , runCommand +, buildPackages }: let @@ -16,24 +17,26 @@ let - make it self-contained by including docker-compose */ arion = - justStaticExecutables ( + (justStaticExecutables ( overrideCabal cabalOverrides arion-compose - ); + ) + ).overrideAttrs (o: { + # Patch away the arion-compose name. Unlike the Haskell library, the program + # is called arion (arion was already taken on hackage). + pname = "arion"; + }); inherit (haskell.lib.compose) justStaticExecutables overrideCabal; inherit (haskellPackages) arion-compose; cabalOverrides = o: { - buildTools = (o.buildTools or []) ++ [pkgs.makeWrapper]; + buildTools = (o.buildTools or []) ++ [buildPackages.makeWrapper]; passthru = (o.passthru or {}) // { inherit eval build; }; - # Patch away the arion-compose name. Unlike the Haskell library, the program - # is called arion (arion was already taken on hackage). - pname = "arion"; src = arion-compose.src; # PYTHONPATH @@ -51,7 +54,7 @@ let mv $out/bin/arion $out/libexec makeWrapper $out/libexec/arion $out/bin/arion \ --unset PYTHONPATH \ - --prefix PATH : ${lib.makeBinPath [ pkgs.docker-compose ]} \ + --prefix PATH : ${lib.makeBinPath [ pkgs.docker-compose_1 ]} \ ; ''; }; diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix deleted file mode 100644 index 1f02219c8314e..0000000000000 --- a/pkgs/applications/virtualization/bochs/default.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ lib -, stdenv -, fetchurl -, SDL2 -, curl -, docbook_xml_dtd_45 -, docbook_xsl -, gtk2 -, libGL -, libGLU -, libX11 -, libXpm -, libtool -, ncurses -, pkg-config -, readline -, wget -, wxGTK -}: - -stdenv.mkDerivation rec { - pname = "bochs"; - version = "2.7"; - - src = fetchurl { - url = "mirror://sourceforge/project/${pname}/${pname}/${version}/${pname}-${version}.tar.gz"; - hash = "sha256-oBCrG/3HKsWgjS4kEs1HHA/r1mrx2TSbwNeWh53lsXo="; - }; - - nativeBuildInputs = [ - docbook_xml_dtd_45 - docbook_xsl - libtool - pkg-config - ]; - buildInputs = [ - SDL2 - curl - gtk2 - libGL - libGLU - libX11 - libXpm - ncurses - readline - wget - wxGTK - ]; - - configureFlags = [ - "--with-x=yes" - "--with-x11=yes" - - "--with-rfb=no" - "--with-vncsrv=no" - "--with-nogui" - - # These will always be "yes" on NixOS - "--enable-ltdl-install=yes" - "--enable-readline=yes" - "--enable-all-optimizations=yes" - "--enable-logging=yes" - "--enable-xpm=yes" - - # ... whereas these, always "no"! - "--enable-cpp=no" - "--enable-instrumentation=no" - - "--enable-docbook=no" # Broken - it requires docbook2html - - # Dangerous options - they are marked as "incomplete/experimental" on Bochs documentation - "--enable-3dnow=no" - "--enable-monitor-mwait=no" - "--enable-raw-serial=no" - - # These are completely configurable, and they don't depend of external tools - "--enable-a20-pin" - "--enable-avx" - "--enable-busmouse" - "--enable-cdrom" - "--enable-clgd54xx" - "--enable-configurable-msrs" - "--enable-cpu-level=6" # from 3 to 6 - "--enable-debugger" #conflicts with gdb-stub option - "--enable-debugger-gui" - "--enable-e1000" - "--enable-es1370" - "--enable-evex" - "--enable-fpu" - "--enable-gdb-stub=no" # conflicts with debugger option - "--enable-handlers-chaining" - "--enable-idle-hack" - "--enable-iodebug" - "--enable-large-ramfile" - "--enable-largefile" - "--enable-ne2000" - "--enable-pci" - "--enable-plugins=yes" - "--enable-pnic" - "--enable-repeat-speedups" - "--enable-sb16" - "--enable-show-ips" - "--enable-smp" - "--enable-vmx=2" - "--enable-svm" - "--enable-trace-linking" - "--enable-usb" - "--enable-usb-ehci" - "--enable-usb-ohci" - "--enable-usb-xhci" - "--enable-voodoo" - "--enable-x86-64" - "--enable-x86-debugger" - ] - # Boolean flags - ++ lib.optionals (SDL2 != null) [ "--with-sdl2" ] - ++ lib.optionals (ncurses != null) [ "--with-term" ] - ++ lib.optionals (gtk2 != null && wxGTK != null) [ "--with-wx" ]; - - enableParallelBuilding = true; - - meta = with lib; { - homepage = "https://bochs.sourceforge.io/"; - description = "An open-source IA-32 (x86) PC emulator"; - longDescription = '' - Bochs is an open-source (LGPL), highly portable IA-32 PC emulator, written - in C++, that runs on most popular platforms. It includes emulation of the - Intel x86 CPU, common I/O devices, and a custom BIOS. - ''; - license = licenses.lgpl2Plus; - maintainers = with maintainers; [ AndersonTorres ]; - platforms = platforms.unix; - }; -} -# TODO: a better way to organize the options -# TODO: docbook (docbook-tools from RedHat mirrors should help) diff --git a/pkgs/applications/virtualization/buildkit-nix/default.nix b/pkgs/applications/virtualization/buildkit-nix/default.nix new file mode 100644 index 0000000000000..5e0ddf6a04056 --- /dev/null +++ b/pkgs/applications/virtualization/buildkit-nix/default.nix @@ -0,0 +1,27 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "buildkit-nix"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "reproducible-containers"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-gKTCBz7om1M7UBzyMJDetNGcKLkQKMyuzwrHBbuuifM="; + }; + + vendorSha256 = "sha256-1H5oWgcaamf+hocABWWnzJUjWiqwk1ZZtbBjF6EKzzU="; + + CGO_ENABLED = 0; + + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + description = "Nix frontend for BuildKit"; + homepage = "https://github.com/reproducible-containers/buildkit-nix/"; + license = licenses.asl20; + platforms = platforms.linux; + maintainers = with maintainers; [ lesuisse ]; + }; +} diff --git a/pkgs/applications/virtualization/catatonit/default.nix b/pkgs/applications/virtualization/catatonit/default.nix index e059a254cb97e..074015bb34530 100644 --- a/pkgs/applications/virtualization/catatonit/default.nix +++ b/pkgs/applications/virtualization/catatonit/default.nix @@ -24,6 +24,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; buildInputs = lib.optionals (!stdenv.hostPlatform.isMusl) [ glibc glibc.static ]; + enableParallelBuilding = true; + strictDeps = true; + doInstallCheck = true; installCheckPhase = '' readelf -d $out/bin/catatonit | grep 'There is no dynamic section in this file.' diff --git a/pkgs/applications/virtualization/charliecloud/default.nix b/pkgs/applications/virtualization/charliecloud/default.nix index cbd7d8e5512db..2889d09183d77 100644 --- a/pkgs/applications/virtualization/charliecloud/default.nix +++ b/pkgs/applications/virtualization/charliecloud/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook makeWrapper ]; buildInputs = [ docker - (python3.withPackages (ps: [ ps.lark-parser ps.requests ])) + (python3.withPackages (ps: [ ps.lark ps.requests ])) ]; configureFlags = let - pythonEnv = python3.withPackages (ps: [ ps.lark-parser ps.requests ]); + pythonEnv = python3.withPackages (ps: [ ps.lark ps.requests ]); in [ "--with-python=${pythonEnv}/bin/python3" ]; diff --git a/pkgs/applications/virtualization/cloud-hypervisor/default.nix b/pkgs/applications/virtualization/cloud-hypervisor/default.nix index 1afab167308f3..9c47cb4254f4c 100644 --- a/pkgs/applications/virtualization/cloud-hypervisor/default.nix +++ b/pkgs/applications/virtualization/cloud-hypervisor/default.nix @@ -2,19 +2,26 @@ rustPlatform.buildRustPackage rec { pname = "cloud-hypervisor"; - version = "19.0"; + version = "30.0"; src = fetchFromGitHub { owner = "cloud-hypervisor"; repo = pname; rev = "v${version}"; - sha256 = "0h3varacv9696mih8zrz3fp6xa8hxxvwzkrslhpf9ilcjs1bjihd"; + sha256 = "sha256-emy4Sk/j9G+Ou/9h1Kgd70MgbpYMobAXyqAE2LJeOio="; }; + separateDebugInfo = true; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ openssl ] ++ lib.optional stdenv.isAarch64 dtc; - cargoSha256 = "015r9m9fr634ppn4qy0b8w1khjlxsv3wbpf3s7crmklzy57wakxl"; + cargoHash = "sha256-/BZN4Jsk3Hv9V0FSqQGHmVrEky6gAovNCd9tfiIHofg="; + + OPENSSL_NO_VENDOR = true; + + # Integration tests require root. + cargoTestFlags = [ "--bins" ]; meta = with lib; { homepage = "https://github.com/cloud-hypervisor/cloud-hypervisor"; diff --git a/pkgs/applications/virtualization/cntr/default.nix b/pkgs/applications/virtualization/cntr/default.nix index 0a20dee1e99b9..e95e404f82f83 100644 --- a/pkgs/applications/virtualization/cntr/default.nix +++ b/pkgs/applications/virtualization/cntr/default.nix @@ -13,9 +13,7 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "sha256-3e5wDne6Idu+kDinHPcAKHfH/d4DrGg90GkiMbyF280="; - passthru.tests = { - nixos = nixosTests.cntr; - }; + passthru.tests = nixosTests.cntr; meta = with lib; { description = "A container debugging tool based on FUSE"; diff --git a/pkgs/applications/virtualization/colima/default.nix b/pkgs/applications/virtualization/colima/default.nix new file mode 100644 index 0000000000000..47da9a3c7b25a --- /dev/null +++ b/pkgs/applications/virtualization/colima/default.nix @@ -0,0 +1,68 @@ +{ lib +, stdenv +, darwin +, buildGoModule +, fetchFromGitHub +, installShellFiles +, lima +, lima-bin +, makeWrapper +, qemu +, testers +, colima + # use lima-bin on darwin to support native macOS virtualization + # https://github.com/NixOS/nixpkgs/pull/209171 +, lima-drv ? if stdenv.isDarwin then lima-bin else lima +}: + +buildGoModule rec { + pname = "colima"; + version = "0.5.4"; + + src = fetchFromGitHub { + owner = "abiosoft"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-oCYHQFajtZXVAVeJ8zvJABlmwmOUgisvVg9eLT7wd0M="; + # We need the git revision + leaveDotGit = true; + postFetch = '' + git -C $out rev-parse --short HEAD > $out/.git-revision + rm -rf $out/.git + ''; + }; + + nativeBuildInputs = [ installShellFiles makeWrapper ] + ++ lib.optionals stdenv.isDarwin [ darwin.DarwinTools ]; + + vendorHash = "sha256-bEgC7j8WvCgrJ2Ahye4mfWVEmo6Y/OO64mDIJXvtaiE="; + + CGO_ENABLED = 1; + + preConfigure = '' + ldflags="-s -w -X github.com/abiosoft/colima/config.appVersion=${version} \ + -X github.com/abiosoft/colima/config.revision=$(cat .git-revision)" + ''; + + postInstall = '' + wrapProgram $out/bin/colima \ + --prefix PATH : ${lib.makeBinPath [ lima-drv qemu ]} + + installShellCompletion --cmd colima \ + --bash <($out/bin/colima completion bash) \ + --fish <($out/bin/colima completion fish) \ + --zsh <($out/bin/colima completion zsh) + ''; + + passthru.tests.version = testers.testVersion { + package = colima; + command = "HOME=$(mktemp -d) colima version"; + }; + + meta = with lib; { + description = "Container runtimes with minimal setup"; + homepage = "https://github.com/abiosoft/colima"; + license = licenses.mit; + maintainers = with maintainers; [ aaschmid tricktron ]; + }; +} diff --git a/pkgs/applications/virtualization/conmon-rs/default.nix b/pkgs/applications/virtualization/conmon-rs/default.nix new file mode 100644 index 0000000000000..ef25427c4a234 --- /dev/null +++ b/pkgs/applications/virtualization/conmon-rs/default.nix @@ -0,0 +1,31 @@ +{ capnproto +, lib +, fetchFromGitHub +, protobuf +, rustPlatform +}: + +rustPlatform.buildRustPackage rec { + pname = "conmon-rs"; + version = "0.5.0"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-mngs5ivRyMJ927VV00mFNIG+nD9EuE3qLyN+OHMMkHQ="; + }; + + nativeBuildInputs = [ capnproto protobuf ]; + doCheck = false; + + cargoSha256 = "sha256-ruChRz2rnPalBiXcpco/WS/eDgg52ckPBLBuoQa9us4="; + + meta = with lib; { + description = "An OCI container runtime monitor written in Rust"; + homepage = "https://github.com/containers/conmon-rs"; + license = licenses.asl20; + maintainers = with maintainers; [ ] ++ teams.podman.members; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/virtualization/conmon/default.nix b/pkgs/applications/virtualization/conmon/default.nix index fbbc59359db8a..a27930fcb4ac4 100644 --- a/pkgs/applications/virtualization/conmon/default.nix +++ b/pkgs/applications/virtualization/conmon/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "conmon"; - version = "2.0.30"; + version = "2.1.7"; src = fetchFromGitHub { owner = "containers"; repo = pname; rev = "v${version}"; - sha256 = "sha256-NZMuHhQyo+95QTJcR79cyZr86ytkbo4nmaqTF0Bdt+s="; + hash = "sha256-W6nqhSEoP2mDp7fCoXqwYAafjfESxymYXAdC3BnJJno="; }; nativeBuildInputs = [ pkg-config ]; @@ -33,9 +33,13 @@ stdenv.mkDerivation rec { runHook postInstall ''; + enableParallelBuilding = true; + strictDeps = true; + passthru.tests = { inherit (nixosTests) cri-o podman; }; meta = with lib; { + changelog = "https://github.com/containers/conmon/releases/tag/${src.rev}"; homepage = "https://github.com/containers/conmon"; description = "An OCI container runtime monitor"; license = licenses.asl20; diff --git a/pkgs/applications/virtualization/containerd/1.4.nix b/pkgs/applications/virtualization/containerd/1.4.nix deleted file mode 100644 index 92c7ab0b2fd6f..0000000000000 --- a/pkgs/applications/virtualization/containerd/1.4.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib -, fetchFromGitHub -, buildGoPackage -, btrfs-progs -, go-md2man -, installShellFiles -, util-linux -, nixosTests -}: - -buildGoPackage rec { - pname = "containerd"; - version = "1.4.11"; - - src = fetchFromGitHub { - owner = "containerd"; - repo = "containerd"; - rev = "v${version}"; - sha256 = "sha256-mUagr1/LqTCFvshWuiSMxsqdRqjzogt2tZ0uwR7ZVAs="; - }; - - goPackagePath = "github.com/containerd/containerd"; - outputs = [ "out" "man" ]; - - nativeBuildInputs = [ go-md2man installShellFiles util-linux ]; - - buildInputs = [ btrfs-progs ]; - - buildPhase = '' - cd go/src/${goPackagePath} - patchShebangs . - make binaries man "VERSION=v${version}" "REVISION=${src.rev}" - ''; - - installPhase = '' - install -Dm555 bin/* -t $out/bin - installManPage man/*.[1-9] - installShellCompletion --bash contrib/autocomplete/ctr - installShellCompletion --zsh --name _ctr contrib/autocomplete/zsh_autocomplete - ''; - - passthru.tests = { inherit (nixosTests) docker; }; - - meta = with lib; { - homepage = "https://containerd.io/"; - description = "A daemon to control runC"; - license = licenses.asl20; - maintainers = with maintainers; [ ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/applications/virtualization/containerd/default.nix b/pkgs/applications/virtualization/containerd/default.nix index 844ab025f5c02..d5fb7df67f707 100644 --- a/pkgs/applications/virtualization/containerd/default.nix +++ b/pkgs/applications/virtualization/containerd/default.nix @@ -10,18 +10,16 @@ buildGoModule rec { pname = "containerd"; - version = "1.5.7"; - - outputs = [ "out" "man" ]; + version = "1.6.19"; src = fetchFromGitHub { owner = "containerd"; repo = "containerd"; rev = "v${version}"; - sha256 = "sha256-BHVlGXyTkaiRkG8WG1LdtxrQs8nKS8djZFnO/AfKBUw="; + hash = "sha256-Us7NEv2BngV1Q/Bkuv4XOjVjpqThL0LnIH+yciPG3L8="; }; - vendorSha256 = null; + vendorHash = null; nativeBuildInputs = [ go-md2man installShellFiles util-linux ]; @@ -32,14 +30,13 @@ buildGoModule rec { buildPhase = '' runHook preBuild patchShebangs . - make binaries man "VERSION=v${version}" "REVISION=${src.rev}" + make binaries "VERSION=v${version}" "REVISION=${src.rev}" runHook postBuild ''; installPhase = '' runHook preInstall install -Dm555 bin/* -t $out/bin - installManPage man/*.[1-9] installShellCompletion --bash contrib/autocomplete/ctr installShellCompletion --zsh --name _ctr contrib/autocomplete/zsh_autocomplete runHook postInstall @@ -48,10 +45,11 @@ buildGoModule rec { passthru.tests = { inherit (nixosTests) docker; }; meta = with lib; { + changelog = "https://github.com/containerd/containerd/releases/tag/${src.rev}"; homepage = "https://containerd.io/"; description = "A daemon to control runC"; license = licenses.asl20; - maintainers = with maintainers; [ offline vdemeester ]; + maintainers = with maintainers; [ offline vdemeester endocrimes zowoq ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/virtualization/cri-o/default.nix b/pkgs/applications/virtualization/cri-o/default.nix index bc7e25d93dd7f..073237f4214d8 100644 --- a/pkgs/applications/virtualization/cri-o/default.nix +++ b/pkgs/applications/virtualization/cri-o/default.nix @@ -15,13 +15,13 @@ buildGoModule rec { pname = "cri-o"; - version = "1.22.0"; + version = "1.26.2"; src = fetchFromGitHub { owner = "cri-o"; repo = "cri-o"; rev = "v${version}"; - sha256 = "sha256-lY/kHvJBN7idFn3YUEHMR4w+M3F89RKMsvvyHmH/EPc="; + sha256 = "sha256-Wo6COdbqRWuGP4qXjiCehDm8FlVjz1nZRouMOxlKocw="; }; vendorSha256 = null; @@ -54,6 +54,9 @@ buildGoModule rec { installShellCompletion --$shell completions/$shell/* done + install contrib/cni/*.conflist -Dt $out/etc/cni/net.d + install crictl.yaml -Dt $out/etc + installManPage docs/*.[1-9] runHook postInstall ''; diff --git a/pkgs/applications/virtualization/cri-o/wrapper.nix b/pkgs/applications/virtualization/cri-o/wrapper.nix index a0a39beeda20d..5d15847d9c3ee 100644 --- a/pkgs/applications/virtualization/cri-o/wrapper.nix +++ b/pkgs/applications/virtualization/cri-o/wrapper.nix @@ -3,18 +3,14 @@ , makeWrapper , lib , extraPackages ? [] -, cri-o , runc # Default container runtime , crun # Container runtime (default with cgroups v2 for podman/buildah) , conmon # Container runtime monitor , util-linux # nsenter -, cni-plugins # not added to path , iptables }: let - cri-o = cri-o-unwrapped; - binPath = lib.makeBinPath ([ runc crun @@ -23,13 +19,13 @@ let iptables ] ++ extraPackages); -in runCommand cri-o.name { - name = "${cri-o.pname}-wrapper-${cri-o.version}"; - inherit (cri-o) pname version passthru; +in runCommand cri-o-unwrapped.name { + name = "${cri-o-unwrapped.pname}-wrapper-${cri-o-unwrapped.version}"; + inherit (cri-o-unwrapped) pname version passthru; preferLocalBuild = true; - meta = builtins.removeAttrs cri-o.meta [ "outputsToInstall" ]; + meta = builtins.removeAttrs cri-o-unwrapped.meta [ "outputsToInstall" ]; outputs = [ "out" @@ -41,9 +37,10 @@ in runCommand cri-o.name { ]; } '' - ln -s ${cri-o.man} $man + ln -s ${cri-o-unwrapped.man} $man mkdir -p $out/bin + ln -s ${cri-o-unwrapped}/etc $out/etc ln -s ${cri-o-unwrapped}/share $out/share for p in ${cri-o-unwrapped}/bin/*; do diff --git a/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff b/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff deleted file mode 100644 index f1aa50ee102c8..0000000000000 --- a/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/crosvm.rs b/src/crosvm.rs -index b7055df..5989c87 100644 ---- a/src/crosvm.rs -+++ b/src/crosvm.rs -@@ -141,7 +141,9 @@ impl Default for Config { - x_display: None, - shared_dirs: Vec::new(), - sandbox: !cfg!(feature = "default-no-sandbox"), -- seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR), -+ seccomp_policy_dir: PathBuf::from( -+ option_env!("DEFAULT_SECCOMP_POLICY_DIR").unwrap_or(SECCOMP_POLICY_DIR), -+ ), - seccomp_log_failures: false, - cras_audio: false, - cras_capture: false, diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix index 697741e21f149..11d8f2223656f 100644 --- a/pkgs/applications/virtualization/crosvm/default.nix +++ b/pkgs/applications/virtualization/crosvm/default.nix @@ -1,93 +1,63 @@ -{ stdenv, lib, rustPlatform, fetchgit, runCommand, symlinkJoin -, pkg-config, minijail, dtc, libusb1, libcap, linux +{ stdenv, lib, rust, rustPlatform, fetchgit, fetchpatch +, clang, pkg-config, protobuf, python3, wayland-scanner +, libcap, libdrm, libepoxy, minijail, virglrenderer, wayland, wayland-protocols }: -let +rustPlatform.buildRustPackage rec { + pname = "crosvm"; + version = "107.1"; - upstreamInfo = with builtins; fromJSON (readFile ./upstream-info.json); - - arch = with stdenv.hostPlatform; - if isAarch64 then "arm" - else if isx86_64 then "x86_64" - else throw "no seccomp policy files available for host platform"; - - crosvmSrc = fetchgit { - inherit (upstreamInfo.components."chromiumos/platform/crosvm") - url rev sha256 fetchSubmodules; - }; - - adhdSrc = fetchgit { - inherit (upstreamInfo.components."chromiumos/third_party/adhd") - url rev sha256 fetchSubmodules; + src = fetchgit { + url = "https://chromium.googlesource.com/chromiumos/platform/crosvm"; + rev = "5a49a836e63aa6e9ae38b80daa09a013a57bfb7f"; + sha256 = "F+5i3R7Tbd9xF63Olnyavzg/hD+8HId1duWm8bvAmLA="; + fetchSubmodules = true; }; -in - - rustPlatform.buildRustPackage rec { - pname = "crosvm"; - inherit (upstreamInfo) version; - - unpackPhase = '' - runHook preUnpack - - mkdir -p chromiumos/platform chromiumos/third_party + separateDebugInfo = true; - pushd chromiumos/platform - unpackFile ${crosvmSrc} - mv ${crosvmSrc.name} crosvm - popd + patches = [ + # Backport seccomp sandbox update for recent Glibc. + # fetchpatch is not currently gerrit/gitiles-compatible, so we + # have to use the mirror. + # https://github.com/NixOS/nixpkgs/pull/133604 + (fetchpatch { + url = "https://github.com/google/crosvm/commit/aae01416807e7c15270b3d44162610bcd73952ff.patch"; + sha256 = "nQuOMOwBu8QvfwDSuTz64SQhr2dF9qXt2NarbIU55tU="; + }) + ]; - pushd chromiumos/third_party - unpackFile ${adhdSrc} - mv ${adhdSrc.name} adhd - popd + cargoSha256 = "1jg9x5adz1lbqdwnzld4xg4igzmh90nd9xm287cgkvh5fbmsjfjv"; - chmod -R u+w -- "$sourceRoot" + nativeBuildInputs = [ clang pkg-config protobuf python3 wayland-scanner ]; - runHook postUnpack - ''; + buildInputs = [ + libcap libdrm libepoxy minijail virglrenderer wayland wayland-protocols + ]; - sourceRoot = "chromiumos/platform/crosvm"; + preConfigure = '' + patchShebangs third_party/minijail/tools/*.py + substituteInPlace build.rs --replace '"clang"' '"${stdenv.cc.targetPrefix}clang"' + ''; - patches = [ - ./default-seccomp-policy-dir.diff - ]; + "CARGO_TARGET_${lib.toUpper (builtins.replaceStrings ["-"] ["_"] (rust.toRustTarget stdenv.hostPlatform))}_LINKER" = + "${stdenv.cc.targetPrefix}cc"; - cargoSha256 = "0aax0slg59afbyn3ygswwap2anv11k6sr9hfpysb4f8rvymvx7hd"; + # crosvm mistakenly expects the stable protocols to be in the root + # of the pkgdatadir path, rather than under the "stable" + # subdirectory. + PKG_CONFIG_WAYLAND_PROTOCOLS_PKGDATADIR = + "${wayland-protocols}/share/wayland-protocols/stable"; - nativeBuildInputs = [ pkg-config ]; + buildFeatures = [ "default" "virgl_renderer" "virgl_renderer_next" ]; - buildInputs = [ dtc libcap libusb1 minijail ]; + passthru.updateScript = ./update.py; - postPatch = '' - sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \ - seccomp/*/*.policy - ''; - - preBuild = '' - export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy - ''; - - postInstall = '' - mkdir -p $out/share/policy/ - cp seccomp/${arch}/* $out/share/policy/ - ''; - - CROSVM_CARGO_TEST_KERNEL_BINARY = - lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform) - "${linux}/${stdenv.hostPlatform.linux-kernel.target}"; - - passthru = { - inherit adhdSrc; - src = crosvmSrc; - updateScript = ./update.py; - }; - - meta = with lib; { - description = "A secure virtual machine monitor for KVM"; - homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/"; - maintainers = with maintainers; [ qyliss ]; - license = licenses.bsd3; - platforms = [ "aarch64-linux" "x86_64-linux" ]; - }; - } + meta = with lib; { + description = "A secure virtual machine monitor for KVM"; + homepage = "https://chromium.googlesource.com/crosvm/crosvm/"; + maintainers = with maintainers; [ qyliss ]; + license = licenses.bsd3; + platforms = [ "aarch64-linux" "x86_64-linux" ]; + }; +} diff --git a/pkgs/applications/virtualization/crosvm/update.py b/pkgs/applications/virtualization/crosvm/update.py index 29e68b9f57904..7a94aedefdb67 100755 --- a/pkgs/applications/virtualization/crosvm/update.py +++ b/pkgs/applications/virtualization/crosvm/update.py @@ -1,24 +1,15 @@ #! /usr/bin/env nix-shell -#! nix-shell -p nix-prefetch-git "python3.withPackages (ps: with ps; [ lxml ])" +#! nix-shell -p common-updater-scripts python3 #! nix-shell -i python -import base64 +import csv import json import re +import shlex import subprocess -from codecs import iterdecode -from os.path import dirname, splitext -from lxml import etree -from lxml.etree import HTMLParser +from os.path import abspath, dirname, splitext from urllib.request import urlopen -# ChromiumOS components required to build crosvm. -components = ['chromiumos/platform/crosvm', 'chromiumos/third_party/adhd'] - -git_root = 'https://chromium.googlesource.com/' -manifest_versions = f'{git_root}chromiumos/manifest-versions' -buildspecs_url = f'{manifest_versions}/+/refs/heads/master/full/buildspecs/' - # CrOS version numbers look like this: # [<chrome-major-version>.]<tip-build>.<branch-build>.<branch-branch-build> # @@ -27,65 +18,35 @@ buildspecs_url = f'{manifest_versions}/+/refs/heads/master/full/buildspecs/' # branch branches are used for fixes for specific devices. So for # Chromium OS they will always be 0. This is a best guess, and is not # documented. -with urlopen('https://cros-updates-serving.appspot.com/') as resp: - document = etree.parse(resp, HTMLParser()) - # bgcolor="lightgreen" is set on the most up-to-date version for - # each channel, so find a lightgreen cell in the "Stable" column. - (platform_version, chrome_version) = document.xpath(""" - (//table[@id="cros-updates"]/tr/td[1 + count( - //table[@id="cros-updates"]/thead/tr[1]/th[text() = "Stable"] - /preceding-sibling::*) - ][@bgcolor="lightgreen"])[1]/text() - """) - -chrome_major_version = re.match(r'\d+', chrome_version)[0] -chromeos_tip_build = re.match(r'\d+', platform_version)[0] - -# Find the most recent buildspec for the stable Chrome version and -# Chromium OS build number. Its branch build and branch branch build -# numbers will (almost?) certainly be 0. It will then end with an rc -# number -- presumably these are release candidates, one of which -# becomes the final release. Presumably the one with the highest rc -# number. -with urlopen(f'{buildspecs_url}{chrome_major_version}/?format=TEXT') as resp: - listing = base64.decodebytes(resp.read()).decode('utf-8') - buildspecs = [(line.split('\t', 1)[1]) for line in listing.splitlines()] - buildspecs = [s for s in buildspecs if s.startswith(chromeos_tip_build)] - buildspecs.sort(reverse=True) - buildspec = splitext(buildspecs[0])[0] - -revisions = {} - -# Read the buildspec, and extract the git revisions for each component. -with urlopen(f'{buildspecs_url}{chrome_major_version}/{buildspec}.xml?format=TEXT') as resp: - xml = base64.decodebytes(resp.read()) - root = etree.fromstring(xml) - for project in root.findall('project'): - revisions[project.get('name')] = project.get('revision') - -# Initialize the data that will be output from this script. Leave the -# rc number in buildspec so nobody else is subject to the same level -# of confusion I have been. -data = {'version': f'{chrome_major_version}.{buildspec}', 'components': {}} - -# Fill in the 'components' dictionary with the output from -# nix-prefetch-git, which can be passed straight to fetchGit when -# imported by Nix. -for component in components: - argv = ['nix-prefetch-git', - '--url', git_root + component, - '--rev', revisions[component]] - - output = subprocess.check_output(argv) - data['components'][component] = json.loads(output.decode('utf-8')) - -# Find the path to crosvm's default.nix, so the srcs data can be -# written into the same directory. -argv = ['nix-instantiate', '--eval', '--json', '-A', 'crosvm.meta.position'] -position = json.loads(subprocess.check_output(argv).decode('utf-8')) -filename = re.match(r'[^:]*', position)[0] - -# Finally, write the output. -with open(dirname(filename) + '/upstream-info.json', 'w') as out: - json.dump(data, out, indent=2) - out.write('\n') +with urlopen('https://chromiumdash.appspot.com/cros/download_serving_builds_csv?deviceCategory=ChromeOS') as resp: + reader = csv.reader(map(bytes.decode, resp)) + header = reader.__next__() + cr_stable_index = header.index('cr_stable') + cros_stable_index = header.index('cros_stable') + chrome_version = [] + platform_version = [] + + for line in reader: + this_chrome_version = list(map(int, line[cr_stable_index].split('.'))) + this_platform_version = list(map(int, line[cros_stable_index].split('.'))) + chrome_version = max(chrome_version, this_chrome_version) + platform_version = max(platform_version, this_platform_version) + +chrome_major_version = chrome_version[0] +chromeos_tip_build = platform_version[0] +release_branch = f'release-R{chrome_major_version}-{chromeos_tip_build}.B' + +# Determine the git revision. +with urlopen(f'https://chromium.googlesource.com/chromiumos/platform/crosvm/+/refs/heads/{release_branch}?format=JSON') as resp: + resp.readline() # Remove )]}' header + rev = json.load(resp)['commit'] + +# Determine the patch version by counting the commits that have been +# added to the release branch since it forked off the chromeos branch. +with urlopen(f'https://chromium.googlesource.com/chromiumos/platform/crosvm/+log/refs/heads/chromeos..{rev}?format=JSON') as resp: + resp.readline() # Remove )]}' header + branch_commits = json.load(resp)['log'] + version = f'{chrome_major_version}.{len(branch_commits)}' + +# Update the version, git revision, and hash in crosvm's default.nix. +subprocess.run(['update-source-version', 'crosvm', f'--rev={rev}', version]) diff --git a/pkgs/applications/virtualization/crosvm/upstream-info.json b/pkgs/applications/virtualization/crosvm/upstream-info.json deleted file mode 100644 index bb9cc8841b4a3..0000000000000 --- a/pkgs/applications/virtualization/crosvm/upstream-info.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "version": "81.12871.0.0-rc1", - "components": { - "chromiumos/platform/crosvm": { - "url": "https://chromium.googlesource.com/chromiumos/platform/crosvm", - "rev": "8b8c01e1ad31718932491e4aee63f56109a138e2", - "date": "2020-01-25T02:28:10+00:00", - "sha256": "1qmf1k06pwynh15c3nr9m6v90z2pkk930xniwvlvbvnazrk4rllg", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false - }, - "chromiumos/third_party/adhd": { - "url": "https://chromium.googlesource.com/chromiumos/third_party/adhd", - "rev": "f361d5b02623274723bff251dafa1e2a2887b013", - "date": "2020-01-23T18:37:46+00:00", - "sha256": "1p8iwjwgmcgmzri03ik2jaid8l0ch0bzn6z9z64dix1hlrvrlliw", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false - } - } -} diff --git a/pkgs/applications/virtualization/crun/default.nix b/pkgs/applications/virtualization/crun/default.nix index 2f09c3a29c774..1c2dce886536c 100644 --- a/pkgs/applications/virtualization/crun/default.nix +++ b/pkgs/applications/virtualization/crun/default.nix @@ -18,6 +18,7 @@ let disabledTests = [ "test_capabilities.py" "test_cwd.py" + "test_delete.py" "test_detach.py" "test_exec.py" "test_hooks.py" @@ -37,23 +38,24 @@ let in stdenv.mkDerivation rec { pname = "crun"; - version = "1.3"; + version = "1.8.1"; src = fetchFromGitHub { owner = "containers"; repo = pname; rev = version; - sha256 = "sha256-c0jXhqYdEpt4De1Z6VNwyrv0KJcf039Wp3ye0oTW0Qc="; + hash = "sha256-Pm96fOfbBqf7mc9llv3sFi00Ioa3f9WNoDmLBPhB2eI="; fetchSubmodules = true; }; nativeBuildInputs = [ autoreconfHook go-md2man pkg-config python3 ]; - buildInputs = [ libcap libseccomp systemd yajl ] - # Criu currently only builds on x86_64-linux - ++ lib.optional (lib.elem stdenv.hostPlatform.system criu.meta.platforms) criu; + buildInputs = [ criu libcap libseccomp systemd yajl ]; enableParallelBuilding = true; + strictDeps = true; + + NIX_LDFLAGS = "-lcriu"; # we need this before autoreconfHook does its thing in order to initialize # config.h with the correct values @@ -72,9 +74,9 @@ stdenv.mkDerivation rec { meta = with lib; { description = "A fast and lightweight fully featured OCI runtime and C library for running containers"; + homepage = "https://github.com/containers/crun"; license = licenses.gpl2Plus; platforms = platforms.linux; - inherit (src.meta) homepage; maintainers = with maintainers; [ ] ++ teams.podman.members; }; } diff --git a/pkgs/applications/virtualization/distrobox/default.nix b/pkgs/applications/virtualization/distrobox/default.nix new file mode 100644 index 0000000000000..fda676ca0043b --- /dev/null +++ b/pkgs/applications/virtualization/distrobox/default.nix @@ -0,0 +1,47 @@ +{ stdenvNoCC, lib, fetchFromGitHub, makeWrapper, wget }: + +stdenvNoCC.mkDerivation rec { + pname = "distrobox"; + version = "1.4.2.1"; + + src = fetchFromGitHub { + owner = "89luca89"; + repo = pname; + rev = version; + sha256 = "sha256-s3lq1Xr2y29cmyT1nY5/amiDA9dNfyGaMtjTvUINSD8="; + }; + + dontConfigure = true; + dontBuild = true; + + nativeBuildInputs = [ makeWrapper ]; + installPhase = '' + runHook preInstall + + # https://github.com/89luca89/distrobox/issues/408 + substituteInPlace ./distrobox-generate-entry \ + --replace 'icon_default="''${HOME}/.local' "icon_default=\"$out" + ./install -P $out + + runHook postInstall + ''; + + # https://github.com/89luca89/distrobox/issues/407 + postFixup = '' + wrapProgram "$out/bin/distrobox-generate-entry" \ + --prefix PATH ":" ${lib.makeBinPath [ wget ]} + ''; + + meta = with lib; { + description = "Wrapper around podman or docker to create and start containers"; + longDescription = '' + Use any linux distribution inside your terminal. Enable both backward and + forward compatibility with software and freedom to use whatever distribution + you’re more comfortable with + ''; + homepage = "https://distrobox.privatedns.org/"; + license = licenses.gpl3Only; + platforms = platforms.all; + maintainers = with maintainers; [ atila ]; + }; +} diff --git a/pkgs/applications/virtualization/docker-slim/default.nix b/pkgs/applications/virtualization/docker-slim/default.nix index ebfaac0bde1fa..bbefed66fae3d 100644 --- a/pkgs/applications/virtualization/docker-slim/default.nix +++ b/pkgs/applications/virtualization/docker-slim/default.nix @@ -1,44 +1,39 @@ -{ lib -, buildGoPackage -, fetchFromGitHub -, makeWrapper -}: +{ lib, buildGoModule, fetchFromGitHub, makeBinaryWrapper }: -buildGoPackage rec { +buildGoModule rec { pname = "docker-slim"; - version = "1.37.2"; - - goPackagePath = "github.com/docker-slim/docker-slim"; + version = "1.40.0"; src = fetchFromGitHub { - owner = "docker-slim"; - repo = "docker-slim"; + owner = "slimtoolkit"; + repo = "slim"; rev = version; - sha256 = "1svhi9xf71zrk843bnwkpmq4iaaln07dpfrdvq0vdqhj5xvbx47g"; + sha256 = "sha256-KbwkZIGkAdzPPo5CrWKnKzFsD8OUONk6JWo1wzwti3s="; }; - subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ]; + vendorSha256 = null; - nativeBuildInputs = [ - makeWrapper - ]; + subPackages = [ "cmd/slim" "cmd/slim-sensor" ]; + + nativeBuildInputs = [ makeBinaryWrapper ]; ldflags = [ - "-s" "-w" - "-X ${goPackagePath}/pkg/version.appVersionTag=${version}" - "-X ${goPackagePath}/pkg/version.appVersionRev=${src.rev}" + "-s" + "-w" + "-X github.com/docker-slim/docker-slim/pkg/version.appVersionTag=${version}" + "-X github.com/docker-slim/docker-slim/pkg/version.appVersionRev=${src.rev}" ]; # docker-slim tries to create its state dir next to the binary (inside the nix # store), so we set it to use the working directory at the time of invocation postInstall = '' - wrapProgram "$out/bin/docker-slim" --add-flags '--state-path "$(pwd)"' + wrapProgram "$out/bin/slim" --add-flags '--state-path "$(pwd)"' ''; meta = with lib; { description = "Minify and secure Docker containers"; - homepage = "https://dockersl.im/"; - changelog = "https://github.com/docker-slim/docker-slim/raw/${version}/CHANGELOG.md"; + homepage = "https://slimtoolkit.org/"; + changelog = "https://github.com/slimtoolkit/slim/raw/${version}/CHANGELOG.md"; license = licenses.asl20; maintainers = with maintainers; [ Br1ght0ne marsam mbrgm ]; }; diff --git a/pkgs/applications/virtualization/docker/buildx.nix b/pkgs/applications/virtualization/docker/buildx.nix index 89afc45ba4a9a..d703f39bed774 100644 --- a/pkgs/applications/virtualization/docker/buildx.nix +++ b/pkgs/applications/virtualization/docker/buildx.nix @@ -2,23 +2,35 @@ buildGoModule rec { pname = "docker-buildx"; - version = "0.6.3"; + version = "0.9.1"; src = fetchFromGitHub { owner = "docker"; repo = "buildx"; rev = "v${version}"; - sha256 = "sha256-UKIT3PfybuQjKxxFbRQSCA8G3R2xIySWEDUKg27u5Rk="; + sha256 = "sha256-nJR+wpWa7y8Mq6WWj1ZH/FRCtar40XP2fwyl1hMgELI="; }; vendorSha256 = null; + ldflags = [ + "-w" "-s" + "-X github.com/docker/buildx/version.Package=github.com/docker/buildx" + "-X github.com/docker/buildx/version.Version=v${version}" + ]; + installPhase = '' + runHook preInstall install -D $GOPATH/bin/buildx $out/libexec/docker/cli-plugins/docker-buildx + + mkdir -p $out/bin + ln -s $out/libexec/docker/cli-plugins/docker-buildx $out/bin/docker-buildx + runHook postInstall ''; meta = with lib; { description = "Docker CLI plugin for extended build capabilities with BuildKit"; + homepage = "https://github.com/docker/buildx"; license = licenses.asl20; maintainers = [ maintainers.ivan-babrou ]; }; diff --git a/pkgs/applications/virtualization/docker/compose.nix b/pkgs/applications/virtualization/docker/compose.nix index 3ce3d9a880f8b..cada624a2a686 100644 --- a/pkgs/applications/virtualization/docker/compose.nix +++ b/pkgs/applications/virtualization/docker/compose.nix @@ -2,25 +2,38 @@ buildGoModule rec { pname = "docker-compose"; - version = "2.0.1"; + version = "2.16.0"; src = fetchFromGitHub { owner = "docker"; repo = "compose"; rev = "v${version}"; - sha256 = "sha256-6OjA3f6c9s/86UPxy9EqLIc/0ZuW6UhKyQdkM7YoTsU="; + sha256 = "sha256-/kdEzC97atFJw8rWFAdm9tofayj1fwBRvNKwbjWIGR8="; }; - vendorSha256 = "sha256-6h36TZmo0RvB3YzZRmsrs2Fbl+8zPTuL9LxWkuNgRqw="; + postPatch = '' + # entirely separate package that breaks the build + rm -rf e2e/ + ''; + + vendorHash = "sha256-1iEJPVrsRqQQhkspRmUtS4ru4DCKiyobGztM4d0vb2Y="; + + ldflags = [ "-X github.com/docker/compose/v2/internal.Version=${version}" "-s" "-w" ]; doCheck = false; installPhase = '' + runHook preInstall install -D $GOPATH/bin/cmd $out/libexec/docker/cli-plugins/docker-compose + + mkdir -p $out/bin + ln -s $out/libexec/docker/cli-plugins/docker-compose $out/bin/docker-compose + runHook postInstall ''; meta = with lib; { description = "Docker CLI plugin to define and run multi-container applications with Docker"; + homepage = "https://github.com/docker/compose"; license = licenses.asl20; - maintainers = [ maintainers.babariviere ]; + maintainers = with maintainers; [ babariviere SuperSandro2000 ]; }; } diff --git a/pkgs/applications/virtualization/docker-compose/default.nix b/pkgs/applications/virtualization/docker/compose_1.nix index fd67aa554f043..4e692eb51b118 100644 --- a/pkgs/applications/virtualization/docker-compose/default.nix +++ b/pkgs/applications/virtualization/docker/compose_1.nix @@ -1,8 +1,8 @@ { lib, buildPythonApplication, fetchPypi, pythonOlder , installShellFiles , mock, pytest, nose -, pyyaml, backports_ssl_match_hostname, colorama, docopt -, dockerpty, docker, ipaddress, jsonschema, requests +, pyyaml, colorama, docopt +, dockerpty, docker, jsonschema, requests , six, texttable, websocket-client, cached-property , enum34, functools32, paramiko, distro, python-dotenv }: @@ -19,12 +19,12 @@ buildPythonApplication rec { # lots of networking and other fails doCheck = false; nativeBuildInputs = [ installShellFiles ]; - checkInputs = [ mock pytest nose ]; + nativeCheckInputs = [ mock pytest nose ]; propagatedBuildInputs = [ pyyaml colorama dockerpty docker - ipaddress jsonschema requests six texttable websocket-client + jsonschema requests six texttable websocket-client docopt cached-property paramiko distro python-dotenv - ] ++ lib.optional (pythonOlder "3.7") backports_ssl_match_hostname + ] ++ lib.optional (pythonOlder "3.4") enum34 ++ lib.optional (pythonOlder "3.2") functools32; diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 8345b2b42d76e..17b3982a1f7d0 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -1,58 +1,66 @@ { lib, callPackage, fetchFromGitHub }: -with lib; - rec { dockerGen = { - version, rev, sha256 - , moby-src - , runcRev, runcSha256 - , containerdRev, containerdSha256 - , tiniRev, tiniSha256, buildxSupport ? true, composeSupport ? true + version + , cliRev, cliHash + , mobyRev, mobyHash + , runcRev, runcHash + , containerdRev, containerdHash + , tiniRev, tiniHash, buildxSupport ? true, composeSupport ? true # package dependencies - , stdenv, fetchFromGitHub, buildGoPackage + , stdenv, fetchFromGitHub, fetchpatch, buildGoPackage , makeWrapper, installShellFiles, pkg-config, glibc - , go-md2man, go, containerd_1_4, runc, docker-proxy, tini, libtool - , sqlite, iproute2, lvm2, systemd, docker-buildx, docker-compose_2 - , btrfs-progs, iptables, e2fsprogs, xz, util-linux, xfsprogs, git - , procps, libseccomp - , nixosTests + , go-md2man, go, containerd, runc, docker-proxy, tini, libtool + , sqlite, iproute2, docker-buildx, docker-compose + , iptables, e2fsprogs, xz, util-linux, xfsprogs, git + , procps, rootlesskit, slirp4netns, fuse-overlayfs, nixosTests , clientOnly ? !stdenv.isLinux, symlinkJoin + , withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd + , withBtrfs ? stdenv.isLinux, btrfs-progs + , withLvm ? stdenv.isLinux, lvm2 + , withSeccomp ? stdenv.isLinux, libseccomp }: let docker-runc = runc.overrideAttrs (oldAttrs: { - name = "docker-runc-${version}"; + pname = "docker-runc"; inherit version; + src = fetchFromGitHub { owner = "opencontainers"; repo = "runc"; rev = runcRev; - sha256 = runcSha256; + hash = runcHash; }; + # docker/runc already include these patches / are not applicable patches = []; }); - docker-containerd = containerd_1_4.overrideAttrs (oldAttrs: { - name = "docker-containerd-${version}"; + docker-containerd = containerd.overrideAttrs (oldAttrs: { + pname = "docker-containerd"; inherit version; + src = fetchFromGitHub { owner = "containerd"; repo = "containerd"; rev = containerdRev; - sha256 = containerdSha256; + hash = containerdHash; }; - buildInputs = oldAttrs.buildInputs ++ [ libseccomp ]; + + buildInputs = oldAttrs.buildInputs + ++ lib.optionals withSeccomp [ libseccomp ]; }); - docker-tini = tini.overrideAttrs (oldAttrs: { - name = "docker-init-${version}"; + docker-tini = tini.overrideAttrs (oldAttrs: { + pname = "docker-init"; inherit version; + src = fetchFromGitHub { owner = "krallin"; repo = "tini"; rev = tiniRev; - sha256 = tiniSha256; + hash = tiniHash; }; # Do not remove static from make files as we want a static binary @@ -60,22 +68,44 @@ rec { buildInputs = [ glibc glibc.static ]; - NIX_CFLAGS_COMPILE = "-DMINIMAL=ON"; + env.NIX_CFLAGS_COMPILE = "-DMINIMAL=ON"; }); - moby = buildGoPackage ((optionalAttrs (stdenv.isLinux)) rec { - name = "moby-${version}"; + moby-src = fetchFromGitHub { + owner = "moby"; + repo = "moby"; + rev = mobyRev; + hash = mobyHash; + }; + + moby = buildGoPackage (lib.optionalAttrs stdenv.isLinux rec { + pname = "moby"; inherit version; - inherit docker-runc docker-containerd docker-proxy docker-tini; src = moby-src; goPackagePath = "github.com/docker/docker"; nativeBuildInputs = [ makeWrapper pkg-config go-md2man go libtool installShellFiles ]; - buildInputs = [ sqlite lvm2 btrfs-progs systemd libseccomp ]; - - extraPath = optionals (stdenv.isLinux) (makeBinPath [ iproute2 iptables e2fsprogs xz xfsprogs procps util-linux git ]); + buildInputs = [ sqlite ] + ++ lib.optional withLvm lvm2 + ++ lib.optional withBtrfs btrfs-progs + ++ lib.optional withSystemd systemd + ++ lib.optional withSeccomp libseccomp; + + extraPath = lib.optionals stdenv.isLinux (lib.makeBinPath [ iproute2 iptables e2fsprogs xz xfsprogs procps util-linux git ]); + + extraUserPath = lib.optionals (stdenv.isLinux && !clientOnly) (lib.makeBinPath [ rootlesskit slirp4netns fuse-overlayfs ]); + + patches = [ + # This patch incorporates code from a PR fixing using buildkit with the ZFS graph driver. + # It could be removed when a version incorporating this patch is released. + (fetchpatch { + name = "buildkit-zfs.patch"; + url = "https://github.com/moby/moby/pull/43136.patch"; + hash = "sha256-1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8="; + }) + ]; postPatch = '' patchShebangs hack/make.sh hack/make/ @@ -86,7 +116,7 @@ rec { # build engine cd ./go/src/${goPackagePath} export AUTO_GOPATH=1 - export DOCKER_GITCOMMIT="${rev}" + export DOCKER_GITCOMMIT="${cliRev}" export VERSION="${version}" ./hack/make.sh dynbinary cd - @@ -109,33 +139,36 @@ rec { install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service substituteInPlace $out/etc/systemd/system/docker.service --replace /usr/bin/dockerd $out/bin/dockerd install -Dm644 ./contrib/init/systemd/docker.socket $out/etc/systemd/system/docker.socket + + # rootless Docker + install -Dm755 ./contrib/dockerd-rootless.sh $out/libexec/docker/dockerd-rootless.sh + makeWrapper $out/libexec/docker/dockerd-rootless.sh $out/bin/dockerd-rootless \ + --prefix PATH : "$out/libexec/docker:$extraPath:$extraUserPath" ''; - DOCKER_BUILDTAGS = [] - ++ optional (systemd != null) [ "journald" ] - ++ optional (btrfs-progs == null) "exclude_graphdriver_btrfs" - ++ optional (lvm2 == null) "exclude_graphdriver_devicemapper" - ++ optional (libseccomp != null) "seccomp"; + DOCKER_BUILDTAGS = lib.optional withSystemd "journald" + ++ lib.optional (!withBtrfs) "exclude_graphdriver_btrfs" + ++ lib.optional (!withLvm) "exclude_graphdriver_devicemapper" + ++ lib.optional withSeccomp "seccomp"; }); - plugins = optionals buildxSupport [ docker-buildx ] - ++ optionals composeSupport [ docker-compose_2 ]; + plugins = lib.optional buildxSupport docker-buildx + ++ lib.optional composeSupport docker-compose; pluginsRef = symlinkJoin { name = "docker-plugins"; paths = plugins; }; in - buildGoPackage ((optionalAttrs (!clientOnly) { - + buildGoPackage (lib.optionalAttrs (!clientOnly) { + # allow overrides of docker components + # TODO: move packages out of the let...in into top-level to allow proper overrides inherit docker-runc docker-containerd docker-proxy docker-tini moby; - - }) // rec { - inherit version rev; - + } // rec { pname = "docker"; + inherit version; src = fetchFromGitHub { owner = "docker"; repo = "cli"; - rev = "v${version}"; - sha256 = sha256; + rev = cliRev; + hash = cliHash; }; goPackagePath = "github.com/docker/cli"; @@ -143,14 +176,17 @@ rec { nativeBuildInputs = [ makeWrapper pkg-config go-md2man go libtool installShellFiles ]; - buildInputs = optionals (!clientOnly) [ - sqlite lvm2 btrfs-progs systemd libseccomp - ] ++ plugins; + buildInputs = lib.optional (!clientOnly) sqlite + ++ lib.optional withLvm lvm2 + ++ lib.optional withBtrfs btrfs-progs + ++ lib.optional withSystemd systemd + ++ lib.optional withSeccomp libseccomp + ++ plugins; postPatch = '' patchShebangs man scripts/build/ substituteInPlace ./scripts/build/.variables --replace "set -eu" "" - '' + optionalString (plugins != []) '' + '' + lib.optionalString (plugins != []) '' substituteInPlace ./cli-plugins/manager/manager_unix.go --replace /usr/libexec/docker/cli-plugins \ "${pluginsRef}/libexec/docker/cli-plugins" ''; @@ -164,12 +200,12 @@ rec { mkdir -p .gopath/src/github.com/docker/ ln -sf $PWD .gopath/src/github.com/docker/cli export GOPATH="$PWD/.gopath:$GOPATH" - export GITCOMMIT="${rev}" + export GITCOMMIT="${cliRev}" export VERSION="${version}" export BUILDTIME="1970-01-01T00:00:00Z" source ./scripts/build/.variables export CGO_ENABLED=1 - go build -tags pkcs11 --ldflags "$LDFLAGS" github.com/docker/cli/cmd/docker + go build -tags pkcs11 --ldflags "$GO_LDFLAGS" github.com/docker/cli/cmd/docker cd - ''; @@ -181,9 +217,10 @@ rec { makeWrapper $out/libexec/docker/docker $out/bin/docker \ --prefix PATH : "$out/libexec/docker:$extraPath" - '' + optionalString (!clientOnly) '' + '' + lib.optionalString (!clientOnly) '' # symlink docker daemon to docker cli derivation ln -s ${moby}/bin/dockerd $out/bin/dockerd + ln -s ${moby}/bin/dockerd-rootless $out/bin/dockerd-rootless # systemd mkdir -p $out/etc/systemd/system @@ -208,37 +245,33 @@ rec { installManPage man/*/*.[1-9] ''; - passthru.tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; }; + passthru = { + # Exposed for tarsum build on non-linux systems (build-support/docker/default.nix) + inherit moby-src; + tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; }; + }; - meta = { + meta = with lib; { homepage = "https://www.docker.com/"; description = "An open source project to pack, ship and run any application as a lightweight container"; license = licenses.asl20; maintainers = with maintainers; [ offline tailhook vdemeester periklis mikroskeem maxeaubrey ]; - platforms = with platforms; linux ++ darwin; }; - - # Exposed for tarsum build on non-linux systems (build-support/docker/default.nix) - inherit moby-src; }); # Get revisions from # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/* docker_20_10 = callPackage dockerGen rec { - version = "20.10.9"; - rev = "v${version}"; - sha256 = "1msqvzfccah6cggvf1pm7n35zy09zr4qg2aalgwpqigv0jmrbyd4"; - moby-src = fetchFromGitHub { - owner = "moby"; - repo = "moby"; - rev = "v${version}"; - sha256 = "04xx7m8s9vrkm67ba2k5i90053h5qqkjcvw5rc8w7m5a309xcp4n"; - }; - runcRev = "v1.0.2"; # v1.0.2 - runcSha256 = "1bpckghjah0rczciw1a1ab8z718lb2d3k4mjm4zb45lpm3njmrcp"; - containerdRev = "v1.4.11"; # v1.4.11 - containerdSha256 = "02slv4gc2blxnmv0p8pkm139vjn6ihjblmn8ps2k1afbbyps0ilr"; - tiniRev = "v0.19.0"; # v0.19.0 - tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; + version = "20.10.23"; + cliRev = "v${version}"; + cliHash = "sha256-fNaRpstyG90Jzq3+U2A42Jj+ixb+m7tXLioIcsegPbQ="; + mobyRev = "v${version}"; + mobyHash = "sha256-nBPw/M4VC9XeZ9S33HWdWSjY2J2mYpI/TPOzvLjSmJM="; + runcRev = "v1.1.4"; + runcHash = "sha256-ougJHW1Z+qZ324P8WpZqawY1QofKnn8WezP7orzRTdA="; + containerdRev = "v1.6.15"; + containerdHash = "sha256-Vlftq//mLYZPoT2R/lHJA6wLnqiuC+Cpy4lGQC8jCPA="; + tiniRev = "v0.19.0"; + tiniHash = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI="; }; } diff --git a/pkgs/applications/virtualization/docker/distribution.nix b/pkgs/applications/virtualization/docker/distribution.nix index 96722fe393f60..8253a2304da9b 100644 --- a/pkgs/applications/virtualization/docker/distribution.nix +++ b/pkgs/applications/virtualization/docker/distribution.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "distribution"; - version = "2.7.1"; + version = "2.8.1"; rev = "v${version}"; goPackagePath = "github.com/docker/distribution"; @@ -11,7 +11,7 @@ buildGoPackage rec { owner = "docker"; repo = "distribution"; inherit rev; - sha256 = "1nx8b5a68rn81alp8wkkw6qd5v32mgf0fk23mxm60zdf63qk1nzw"; + sha256 = "sha256-M8XVeIvD7LtWa9l+6ovwWu5IwFGYt0xDfcIwcU/KH/E="; }; meta = with lib; { diff --git a/pkgs/applications/virtualization/docker/gc.nix b/pkgs/applications/virtualization/docker/gc.nix index 52ca54501d75d..0736516ee7d26 100644 --- a/pkgs/applications/virtualization/docker/gc.nix +++ b/pkgs/applications/virtualization/docker/gc.nix @@ -3,13 +3,13 @@ with lib; stdenv.mkDerivation rec { - name = "docker-gc-${rev}"; - rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc"; + pname = "docker-gc"; + version = "unstable-2015-10-5"; src = fetchFromGitHub { - inherit rev; owner = "spotify"; repo = "docker-gc"; + rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc"; sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm"; }; diff --git a/pkgs/applications/virtualization/docker/proxy.nix b/pkgs/applications/virtualization/docker/proxy.nix index a247e2cecfafe..6038a129e2a1c 100644 --- a/pkgs/applications/virtualization/docker/proxy.nix +++ b/pkgs/applications/virtualization/docker/proxy.nix @@ -1,13 +1,13 @@ { lib, buildGoPackage, fetchFromGitHub }: buildGoPackage rec { - name = "docker-proxy-${rev}"; - rev = "fa125a3512ee0f6187721c88582bf8c4378bd4d7"; + pname = "docker-proxy"; + version = "unstable-2020-12-15"; src = fetchFromGitHub { - inherit rev; owner = "docker"; repo = "libnetwork"; + rev = "fa125a3512ee0f6187721c88582bf8c4378bd4d7"; sha256 = "1r47y0gww3j7fas4kgiqbhrz5fazsx1c6sxnccdfhj8fzik77s9y"; }; diff --git a/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix b/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix index 75cf99caf861f..903eb132738ab 100644 --- a/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix +++ b/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation { meta = with lib; { description = "Xen Subproject: Windows PV Driver"; homepage = "http://xenproject.org/downloads/windows-pv-drivers.html"; - maintainers = with maintainers; [ tstrobel ]; + maintainers = with maintainers; [ ]; platforms = platforms.linux; license = licenses.bsd3; }; diff --git a/pkgs/applications/virtualization/driver/win-qemu/default.nix b/pkgs/applications/virtualization/driver/win-qemu/default.nix index a4cd8dacc449e..c442d978737e5 100644 --- a/pkgs/applications/virtualization/driver/win-qemu/default.nix +++ b/pkgs/applications/virtualization/driver/win-qemu/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Windows QEMU Drivers"; homepage = "https://fedoraproject.org/wiki/Windows_Virtio_Drivers"; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; platforms = platforms.linux; license = licenses.gpl2; }; diff --git a/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix b/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix index ef8ec062e4d88..7a5cd39a18402 100644 --- a/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix +++ b/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix @@ -39,8 +39,9 @@ stdenv.mkDerivation { Certificate obtained from the VeriSign CA. ''; homepage = "http://wiki.univention.de/index.php?title=Installing-signed-GPLPV-drivers"; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; platforms = platforms.linux; license = licenses.gpl2; }; -} + } diff --git a/pkgs/applications/virtualization/driver/win-spice/default.nix b/pkgs/applications/virtualization/driver/win-spice/default.nix index 2c2cd90f1c26f..10668afd7eb43 100644 --- a/pkgs/applications/virtualization/driver/win-spice/default.nix +++ b/pkgs/applications/virtualization/driver/win-spice/default.nix @@ -72,7 +72,8 @@ stdenv.mkDerivation { description = "Windows SPICE Drivers"; homepage = "https://www.spice-space.org/"; license = [ licenses.asl20 ]; # See https://github.com/vrozenfe/qxl-dod - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/virtualization/driver/win-virtio/default.nix b/pkgs/applications/virtualization/driver/win-virtio/default.nix index 060cc4b4ebf60..ec8e1e84145b1 100644 --- a/pkgs/applications/virtualization/driver/win-virtio/default.nix +++ b/pkgs/applications/virtualization/driver/win-virtio/default.nix @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { description = "Windows VirtIO Drivers"; homepage = "https://fedoraproject.org/wiki/Windows_Virtio_Drivers"; license = [ licenses.bsd3 ]; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/virtualization/dumb-init/default.nix b/pkgs/applications/virtualization/dumb-init/default.nix index bb265dc5488ac..ee61a1bafacca 100644 --- a/pkgs/applications/virtualization/dumb-init/default.nix +++ b/pkgs/applications/virtualization/dumb-init/default.nix @@ -11,7 +11,11 @@ stdenv.mkDerivation rec { sha256 = "sha256-aRh0xfmp+ToXIYjYaducTpZUHndZ5HlFZpFhzJ3yKgs="; }; - buildInputs = [ glibc.static ]; + postPatch = lib.optionalString (!stdenv.hostPlatform.isStatic) '' + substituteInPlace Makefile --replace "-static" "" + ''; + + buildInputs = lib.optional (stdenv.hostPlatform.isGnu && stdenv.hostPlatform.isStatic) glibc.static; installPhase = '' runHook preInstall diff --git a/pkgs/applications/virtualization/dynamips/default.nix b/pkgs/applications/virtualization/dynamips/default.nix deleted file mode 100644 index 7f3320101530c..0000000000000 --- a/pkgs/applications/virtualization/dynamips/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, cmake, libelf, libpcap }: - -stdenv.mkDerivation rec { - pname = "dynamips"; - version = "0.2.21"; - - src = fetchFromGitHub { - owner = "GNS3"; - repo = pname; - rev = "v${version}"; - sha256 = "0pvdqs6kjz0x0wqb5f1k3r25dg82wssm7wz4psm0m6bxsvf5l0i5"; - }; - - nativeBuildInputs = [ cmake ]; - buildInputs = [ libelf libpcap ]; - - cmakeFlags = [ "-DDYNAMIPS_CODE=stable" ]; - - meta = with lib; { - description = "A Cisco router emulator"; - longDescription = '' - Dynamips is an emulator computer program that was written to emulate Cisco - routers. - ''; - inherit (src.meta) homepage; - license = licenses.gpl2Plus; - platforms = platforms.linux; - maintainers = with maintainers; [ primeos ]; - }; -} diff --git a/pkgs/applications/virtualization/ecs-agent/default.nix b/pkgs/applications/virtualization/ecs-agent/default.nix index 390f3049c0266..58c303a46c404 100644 --- a/pkgs/applications/virtualization/ecs-agent/default.nix +++ b/pkgs/applications/virtualization/ecs-agent/default.nix @@ -1,25 +1,32 @@ -{ lib, fetchFromGitHub, buildGoPackage }: +{ lib, fetchFromGitHub, buildGoModule }: -buildGoPackage rec { - pname = "amazon-ecs-agent"; - version = "1.18.0"; - - goPackagePath = "github.com/aws/${pname}"; - subPackages = [ "agent" ]; +buildGoModule rec { + pname = "amazon-ecs-agent"; + version = "1.67.2"; src = fetchFromGitHub { - rev = "v${version}"; - owner = "aws"; - repo = pname; - sha256 = "1l6c2if6wpjmq2hh6k818w38s1rsbwgd6igqy948dwcrb1g1mixr"; + rev = "v${version}"; + owner = "aws"; + repo = pname; + hash = "sha256-iSL5ogS8BLcxge3eo+kCqtsGmj7P1wbi+/84nA9fO2Q="; }; + vendorHash = null; + + modRoot = "./agent"; + + excludedPackages = [ "./version/gen" ]; + + ldflags = [ "-s" "-w" ]; + meta = with lib; { description = "The agent that runs on AWS EC2 container instances and starts containers on behalf of Amazon ECS"; - homepage = "https://github.com/aws/amazon-ecs-agent"; - license = licenses.asl20; - platforms = platforms.unix; + homepage = "https://github.com/aws/amazon-ecs-agent"; + changelog = "https://github.com/aws/amazon-ecs-agent/raw/v${version}/CHANGELOG.md"; + license = licenses.asl20; + platforms = platforms.linux; maintainers = with maintainers; [ copumpkin ]; + mainProgram = "agent"; }; } diff --git a/pkgs/applications/virtualization/firecracker/default.nix b/pkgs/applications/virtualization/firecracker/default.nix index 78720034ea1a5..7662c57d7a1ce 100644 --- a/pkgs/applications/virtualization/firecracker/default.nix +++ b/pkgs/applications/virtualization/firecracker/default.nix @@ -1,7 +1,8 @@ { fetchurl, lib, stdenv }: let - version = "0.24.5"; + version = "1.1.3"; + # nixpkgs-update: no auto update suffix = { x86_64-linux = "x86_64"; @@ -22,15 +23,15 @@ stdenv.mkDerivation { sourceRoot = "."; src = dlbin { - x86_64-linux = "sha256-drcm2kz2csuJqr8Oqs0r1BrxgPHOyuwC2S+99MhbMjA="; - aarch64-linux = "sha256-x8RoBmgY3HRUOLw8YzEwQfQuT83zGfBHHWu88b4i05o="; + x86_64-linux = "sha256-3+CqVBOb2haknQIMzE9kl99pDWm9wZPUX92FlVov3No="; + aarch64-linux = "sha256-ii+x4YEZIZJuM+1Njvxe1dz6WOvAK1SWqfuodC7a4yo="; }; dontConfigure = true; buildPhase = '' - mv release-v${version}/firecracker-v${version}-${suffix} firecracker - mv release-v${version}/jailer-v${version}-${suffix} jailer + mv release-v${version}-${suffix}/firecracker-v${version}-${suffix} firecracker + mv release-v${version}-${suffix}/jailer-v${version}-${suffix} jailer chmod +x firecracker jailer ''; diff --git a/pkgs/applications/virtualization/firectl/default.nix b/pkgs/applications/virtualization/firectl/default.nix index ac531b36dd21a..64c933a5d3254 100644 --- a/pkgs/applications/virtualization/firectl/default.nix +++ b/pkgs/applications/virtualization/firectl/default.nix @@ -2,18 +2,18 @@ buildGoModule rec { pname = "firectl"; - version = "0.1.0"; - - patches = [ ./gomod.patch ]; + # The latest upstream 0.1.0 is incompatible with firecracker + # v0.1.0. See issue: https://github.com/firecracker-microvm/firectl/issues/82 + version = "unstable-2022-07-12"; src = fetchFromGitHub { owner = "firecracker-microvm"; repo = pname; - rev = "v${version}"; - sha256 = "1ni3yx4rjhrkqk2038c6hkb2jwsdj2llx233wd5wgpvb6c57652p"; + rev = "ec72798240c0561dea8341d828e8c72bb0cc36c5"; + sha256 = "sha256-RAl1DaeMR7eYYwqVAvm6nib5gEGaM/t7TR8u1IpqOIM="; }; - vendorSha256 = "1xbpck1gvzl75xgrajf5yzl199l4f2f6j3mac5586i7b00b9jxqj"; + vendorSha256 = "sha256-dXAJOifRtzcTyGzUTFu9+daGAlL/5dQSwcjerkZDuKA="; doCheck = false; diff --git a/pkgs/applications/virtualization/firectl/gomod.patch b/pkgs/applications/virtualization/firectl/gomod.patch deleted file mode 100644 index 96c65e7282211..0000000000000 --- a/pkgs/applications/virtualization/firectl/gomod.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/go.mod b/go.mod -index 1044001..7bafeda 100644 ---- a/go.mod -+++ b/go.mod -@@ -1,7 +1,10 @@ - module github.com/firecracker-microvm/firectl - -+go 1.14 -+ - require ( - github.com/firecracker-microvm/firecracker-go-sdk v0.15.1 -+ github.com/go-openapi/strfmt v0.17.1 - github.com/jessevdk/go-flags v1.4.0 - github.com/pkg/errors v0.8.0 - github.com/sirupsen/logrus v1.1.1 diff --git a/pkgs/applications/virtualization/flintlock/default.nix b/pkgs/applications/virtualization/flintlock/default.nix new file mode 100644 index 0000000000000..982530dad7496 --- /dev/null +++ b/pkgs/applications/virtualization/flintlock/default.nix @@ -0,0 +1,49 @@ +{ lib +, cni-plugins +, buildGoModule +, firecracker +, containerd +, runc +, makeWrapper +, fetchFromGitHub +}: + +buildGoModule rec{ + pname = "flintlock"; + version = "0.4.0"; + + src = fetchFromGitHub { + owner = "weaveworks"; + repo = "flintlock"; + rev = "v${version}"; + sha256 = "sha256-kHrVpQ4E8b1YV+ofZwd4iGJ9ucVUUam6rxdpOGmvRR4="; + }; + + vendorSha256 = "sha256-A3LrikB2KrnSI+OREiLmlkTFpRKQWRB8w4OJ6ApX7oY="; + + subPackages = [ "cmd/flintlock-metrics" "cmd/flintlockd" ]; + + ldflags = [ "-s" "-w" "-X github.com/weaveworks/flintlock/internal/version.Version=v${version}" ]; + + nativeBuildInputs = [ + makeWrapper + ]; + + buildInputs = [ + firecracker + ]; + + postInstall = '' + for prog in flintlockd flintlock-metrics; do + wrapProgram "$out/bin/$prog" --prefix PATH : ${lib.makeBinPath [ cni-plugins firecracker containerd runc ]} + done + ''; + + meta = with lib; { + description = "Create and manage the lifecycle of MicroVMs backed by containerd"; + homepage = "https://github.com/weaveworks-liquidmetal/flintlock"; + license = licenses.mpl20; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ techknowlogick ]; + }; +} diff --git a/pkgs/applications/virtualization/gvisor/containerd-shim.nix b/pkgs/applications/virtualization/gvisor/containerd-shim.nix deleted file mode 100644 index c8610b73865b5..0000000000000 --- a/pkgs/applications/virtualization/gvisor/containerd-shim.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, fetchFromGitHub, buildGoModule }: - -buildGoModule rec { - name = "gvisor-containerd-shim-${version}"; - version = "2019-10-09"; - - src = fetchFromGitHub { - owner = "google"; - repo = "gvisor-containerd-shim"; - rev = "f299b553afdd8455a0057862004061ea12e660f5"; - sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm"; - }; - - vendorSha256 = "11jai5jl024k7wbhz4a3zzdbvl0si07jwgwmyr8bn4i0nqx8ig2k"; - - buildPhase = '' - make - ''; - - checkPhase = '' - make test - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; - - meta = with lib; { - description = "containerd shim for gVisor"; - homepage = "https://github.com/google/gvisor-containerd-shim"; - license = licenses.asl20; - maintainers = with maintainers; [ andrew-d ]; - platforms = [ "x86_64-linux" ]; - }; -} diff --git a/pkgs/applications/virtualization/gvisor/default.nix b/pkgs/applications/virtualization/gvisor/default.nix index 4cd043d4eb6d6..0abfe944ee273 100644 --- a/pkgs/applications/virtualization/gvisor/default.nix +++ b/pkgs/applications/virtualization/gvisor/default.nix @@ -1,124 +1,49 @@ { lib -, buildBazelPackage +, buildGoModule , fetchFromGitHub -, callPackage -, bash -, cacert -, git -, glibcLocales -, go , iproute2 , iptables , makeWrapper , procps -, protobuf -, python3 }: -let - preBuild = '' - patchShebangs . +buildGoModule rec { + pname = "gvisor"; + version = "20221102.1"; - substituteInPlace tools/defs.bzl \ - --replace "#!/bin/bash" "#!${bash}/bin/bash" - - # Tell rules_go to use the Go binary found in the PATH - sed -E -i \ - -e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \ - WORKSPACE - - # The gazelle Go tooling needs CA certs - export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" - - # If we don't reset our GOPATH, the rules_go stdlib builder tries to - # install something into it. Ideally that wouldn't happen, but for now we - # can also get around it by unsetting GOPATH entirely, since rules_go - # doesn't need it. - export GOPATH= - ''; - - # Patch the protoc alias so that it always builds from source. - rulesProto = fetchFromGitHub { - owner = "bazelbuild"; - repo = "rules_proto"; - rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf"; - sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8"; - extraPostFetch = '' - sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release - cat <<EOF >>$out/proto/private/BUILD.release - alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"]) - EOF - ''; - }; - -in buildBazelPackage rec { - name = "gvisor-${version}"; - version = "20210518.0"; + # gvisor provides a synthetic go branch (https://github.com/google/gvisor/tree/go) + # that can be used to build gvisor without bazel. + # For updates, you should stick to the commits labeled "Merge release-** (automated)" src = fetchFromGitHub { owner = "google"; - repo = "gvisor"; - rev = "release-${version}"; - sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn"; + repo = "gvisor"; + rev = "bf8eeee3a9eb966bc72c773da060a3c8bb73b8ff"; + sha256 = "sha256-rADQsJ+AnBVlfQURGJl1xR6Ad5NyRWSrBSpOFMRld+o="; }; - nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ]; - - bazelTarget = "//runsc:runsc"; - bazelFlags = [ - "--override_repository=rules_proto=${rulesProto}" - ]; + vendorSha256 = "sha256-iGLWxx/Kn1QaJTNOZcc+mwoF3ecEDOkaqmA0DH4pdgU="; - # gvisor uses the Starlark implementation of rules_cc, not the built-in one, - # so we shouldn't delete it from our dependencies. - removeRulesCC = false; + nativeBuildInputs = [ makeWrapper ]; - fetchAttrs = { - inherit preBuild; + CGO_ENABLED = 0; - preInstall = '' - # Remove the go_sdk (it's just a copy of the go derivation) and all - # references to it from the marker files. Bazel does not need to download - # this sdk because we have patched the WORKSPACE file to point to the one - # currently present in PATH. Without removing the go_sdk from the marker - # file, the hash of it will change anytime the Go derivation changes and - # that would lead to impurities in the marker files which would result in - # a different sha256 for the fetch phase. - rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker} + ldflags = [ "-s" "-w" ]; - # Remove the gazelle tools, they contain go binaries that are built - # non-deterministically. As long as the gazelle version matches the tools - # should be equivalent. - rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker} + subPackages = [ "runsc" "shim" ]; - # Remove the gazelle repository cache - chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache - rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker} - - # Remove log file(s) - rm -f "$bazelOut"/java.log "$bazelOut"/java.log.* - ''; - - sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb"; - }; - - buildAttrs = { - inherit preBuild; - - installPhase = '' - install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc - - # Needed for the 'runsc do' subcomand - wrapProgram $out/bin/runsc \ - --prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]} - ''; - }; + postInstall = '' + # Needed for the 'runsc do' subcomand + wrapProgram $out/bin/runsc \ + --prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]} + mv $out/bin/shim $out/bin/containerd-shim-runsc-v1 + ''; meta = with lib; { - description = "Container Runtime Sandbox"; + description = "Application Kernel for Containers"; homepage = "https://github.com/google/gvisor"; license = licenses.asl20; - maintainers = with maintainers; [ andrew-d ]; + maintainers = with maintainers; [ andrew-d gpl ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/applications/virtualization/hercules/default.nix b/pkgs/applications/virtualization/hercules/default.nix deleted file mode 100644 index f33055baacbcb..0000000000000 --- a/pkgs/applications/virtualization/hercules/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "hercules"; - version = "3.13"; - - src = fetchurl { - url = "http://downloads.hercules-390.eu/${pname}-${version}.tar.gz"; - sha256 = "0zg6rwz8ib4alibf8lygi8qn69xx8n92kbi8b3jhi1ymb32mf349"; - }; - - meta = with lib; { - description = "IBM mainframe emulator"; - homepage = "http://www.hercules-390.eu"; - license = licenses.qpl; - maintainers = [ maintainers.anna328p ]; - }; -} diff --git a/pkgs/applications/virtualization/imgcrypt/default.nix b/pkgs/applications/virtualization/imgcrypt/default.nix index ce12fb8f387b2..058da0d5351bd 100644 --- a/pkgs/applications/virtualization/imgcrypt/default.nix +++ b/pkgs/applications/virtualization/imgcrypt/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "imgcrypt"; - version = "1.1.1"; + version = "1.1.7"; src = fetchFromGitHub { owner = "containerd"; repo = pname; rev = "v${version}"; - sha256 = "177fs3p2xzwjsffcxqqllx6wi6ghfyqbvfgn95v3q7a2993yqk4k"; + sha256 = "sha256-VGP63tGyYD/AtjEZD1uo8A2I/4Di7bfLeeaNat+coI4="; }; ldflags = [ diff --git a/pkgs/applications/virtualization/krunvm/default.nix b/pkgs/applications/virtualization/krunvm/default.nix new file mode 100644 index 0000000000000..bbf20c6039f53 --- /dev/null +++ b/pkgs/applications/virtualization/krunvm/default.nix @@ -0,0 +1,72 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, asciidoctor +, buildah +, buildah-unwrapped +, libiconv +, libkrun +, makeWrapper +, sigtool +}: + +stdenv.mkDerivation rec { + pname = "krunvm"; + version = "0.2.3"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = "v${version}"; + hash = "sha256-IXofYsOmbrjq8Zq9+a6pvBYsvZFcKzN5IvCuHaxwazI="; + }; + + cargoDeps = rustPlatform.fetchCargoTarball { + inherit src; + hash = "sha256-Y0FNi/+HuN5SqexHTKjcW6lEaeis7xZDYc2/FOAANIA="; + }; + + nativeBuildInputs = with rustPlatform; [ + cargoSetupHook + rust.cargo + rust.rustc + asciidoctor + makeWrapper + ] ++ lib.optionals stdenv.isDarwin [ sigtool ]; + + buildInputs = [ libkrun ] ++ lib.optionals stdenv.isDarwin [ + libiconv + ]; + + makeFlags = [ "PREFIX=${placeholder "out"}" ]; + + postPatch = '' + # do not pollute etc + substituteInPlace src/utils.rs \ + --replace "etc/containers" "share/krunvm/containers" + ''; + + postInstall = '' + mkdir -p $out/share/krunvm/containers + install -D -m755 ${buildah-unwrapped.src}/docs/samples/registries.conf $out/share/krunvm/containers/registries.conf + install -D -m755 ${buildah-unwrapped.src}/tests/policy.json $out/share/krunvm/containers/policy.json + ''; + + # It attaches entitlements with codesign and strip removes those, + # voiding the entitlements and making it non-operational. + dontStrip = stdenv.isDarwin; + + postFixup = '' + wrapProgram $out/bin/krunvm \ + --prefix PATH : ${lib.makeBinPath [ buildah ]} \ + ''; + + meta = with lib; { + description = "A CLI-based utility for creating microVMs from OCI images"; + homepage = "https://github.com/containers/krunvm"; + license = licenses.asl20; + maintainers = with maintainers; [ nickcao ]; + platforms = libkrun.meta.platforms; + }; +} diff --git a/pkgs/applications/virtualization/kvmtool/default.nix b/pkgs/applications/virtualization/kvmtool/default.nix new file mode 100644 index 0000000000000..29579a70cde42 --- /dev/null +++ b/pkgs/applications/virtualization/kvmtool/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchgit, lib }: + +stdenv.mkDerivation { + pname = "kvmtool"; + version = "unstable-2022-06-09"; + + src = fetchgit { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git"; + rev = "f44af23e3a62e46158341807b0d2d132249b96a8"; + sha256 = "sha256-M83dCCXU/fkh21x10vx6BLg9Wja1714qW7yxl5zY6z0="; + }; + + enableParallelBuilding = true; + makeFlags = [ "prefix=${placeholder "out"}" ]; + + meta = with lib; { + description = "A lightweight tool for hosting KVM guests"; + homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/tree/README"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ astro ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/applications/virtualization/libgovirt/auto-disable-incompatible-compiler-warnings.patch b/pkgs/applications/virtualization/libgovirt/auto-disable-incompatible-compiler-warnings.patch new file mode 100644 index 0000000000000..85806bfcd8922 --- /dev/null +++ b/pkgs/applications/virtualization/libgovirt/auto-disable-incompatible-compiler-warnings.patch @@ -0,0 +1,12 @@ +diff --git a/meson.build b/meson.build +index d5c3627..2bd692a 100644 +--- a/meson.build ++++ b/meson.build +@@ -86,7 +86,7 @@ govirt_global_cflags = ['-std=c99', + '-Woverride-init', + '-Wno-unused-parameter'] + +-foreach arg : govirt_global_cflags ++foreach arg : compiler.get_supported_arguments(govirt_global_cflags) + add_project_arguments(arg, language : 'c') + endforeach diff --git a/pkgs/applications/virtualization/libgovirt/default.nix b/pkgs/applications/virtualization/libgovirt/default.nix new file mode 100644 index 0000000000000..18d88b5468524 --- /dev/null +++ b/pkgs/applications/virtualization/libgovirt/default.nix @@ -0,0 +1,60 @@ +{ lib +, stdenv +, fetchzip +, gnome +, meson +, pkg-config +, gobject-introspection +, ninja +, glib +, librest_1_0 +}: + +stdenv.mkDerivation rec { + pname = "libgovirt"; + version = "0.3.9"; + + outputs = [ "out" "dev" ]; + + src = fetchzip { + url = "mirror://gnome/sources/libgovirt/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; + sha256 = "sha256-6RDuJTyaVYlO4Kq+niQyepom6xj1lqdBbyWL/VnZUdk="; + }; + + patches = [ + # https://gitlab.gnome.org/GNOME/libgovirt/-/issues/9 + ./auto-disable-incompatible-compiler-warnings.patch + ]; + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang (lib.concatStringsSep " " [ + "-Wno-typedef-redefinition" + "-Wno-missing-field-initializers" + "-Wno-cast-align" + ]); + + nativeBuildInputs = [ + meson + pkg-config + gobject-introspection + ninja + ]; + + propagatedBuildInputs = [ + glib + librest_1_0 + ]; + + passthru = { + updateScript = gnome.updateScript { + packageName = pname; + versionPolicy = "none"; + }; + }; + + meta = with lib; { + homepage = "https://gitlab.gnome.org/GNOME/libgovirt"; + description = "GObject wrapper for the oVirt REST API"; + maintainers = with maintainers; [ amarshall atemu ]; + platforms = with platforms; linux ++ darwin; + license = licenses.lgpl21Plus; + }; +} diff --git a/pkgs/applications/virtualization/libnvidia-container/default.nix b/pkgs/applications/virtualization/libnvidia-container/default.nix index c7743bf44fc03..6cbed6f41f601 100644 --- a/pkgs/applications/virtualization/libnvidia-container/default.nix +++ b/pkgs/applications/virtualization/libnvidia-container/default.nix @@ -1,5 +1,6 @@ { stdenv , lib +, addOpenGLRunpath , fetchFromGitHub , pkg-config , libelf @@ -8,25 +9,32 @@ , rpcsvc-proto , libtirpc , makeWrapper +, substituteAll +, removeReferencesTo +, go }: let - modp-ver = "450.57"; + modprobeVersion = "495.44"; nvidia-modprobe = fetchFromGitHub { owner = "NVIDIA"; repo = "nvidia-modprobe"; - rev = modp-ver; - sha256 = "0r4f6lpbbqqs9932xd2mr7bxn6a3xdalcwq332fc1amrrkgzfyv7"; + rev = modprobeVersion; + sha256 = "sha256-Y3ZOfge/EcmhqI19yWO7UfPqkvY1CHHvFC5l9vYyGuU="; + }; + modprobePatch = substituteAll { + src = ./modprobe.patch; + inherit modprobeVersion; }; in stdenv.mkDerivation rec { pname = "libnvidia-container"; - version = "1.5.0"; + version = "1.9.0"; src = fetchFromGitHub { owner = "NVIDIA"; repo = pname; rev = "v${version}"; - sha256 = "sha256-b9yQ1mEo1EkjXMguV0t98OvFEQO4h76EVu154MsB2II="; + sha256 = "sha256-7OTawWwjeKU8wIa8I/+aSvAJli4kEua94nJSNyCajpE="; }; patches = [ @@ -36,18 +44,8 @@ stdenv.mkDerivation rec { # path. ./libnvc-ldconfig-and-path-fixes.patch - # the libnvidia-container Makefile wants to build and install static - # libtirpc libraries; this patch prevents that from happening - ./avoid-static-libtirpc-build.patch - ]; - - makeFlags = [ - "WITH_LIBELF=yes" - "prefix=$(out)" - # we can't use the WITH_TIRPC=yes flag that exists in the Makefile for the - # same reason we patch out the static library use of libtirpc so we set the - # define in CFLAGS - "CFLAGS=-DWITH_TIRPC" + # fix bogus struct declaration + ./inline-c-struct.patch ]; postPatch = '' @@ -56,27 +54,63 @@ stdenv.mkDerivation rec { -e 's/^COMPILER :=.*/COMPILER = $(CC)/' \ mk/common.mk - mkdir -p deps/src/nvidia-modprobe-${modp-ver} - cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modp-ver} + mkdir -p deps/src/nvidia-modprobe-${modprobeVersion} + cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modprobeVersion} chmod -R u+w deps/src pushd deps/src - patch -p0 < ${./modprobe.patch} - touch nvidia-modprobe-${modp-ver}/.download_stamp + + patch -p0 < ${modprobePatch} + touch nvidia-modprobe-${modprobeVersion}/.download_stamp popd + + # 1. replace DESTDIR=$(DEPS_DIR) with empty strings to prevent copying + # things into deps/src/nix/store + # 2. similarly, remove any paths prefixed with DEPS_DIR + # 3. prevent building static libraries because we don't build static + # libtirpc (for now) + # 4. prevent installation of static libraries because of step 3 + # 5. prevent installation of libnvidia-container-go.so twice + sed -i Makefile \ + -e 's#DESTDIR=\$(DEPS_DIR)#DESTDIR=""#g' \ + -e 's#\$(DEPS_DIR)\$#\$#g' \ + -e 's#all: shared static tools#all: shared tools#g' \ + -e '/$(INSTALL) -m 644 $(LIB_STATIC) $(DESTDIR)$(libdir)/d' \ + -e '/$(INSTALL) -m 755 $(libdir)\/$(LIBGO_SHARED) $(DESTDIR)$(libdir)/d' ''; - postInstall = '' - wrapProgram $out/bin/nvidia-container-cli \ - --prefix LD_LIBRARY_PATH : /run/opengl-driver/lib:/run/opengl-driver-32/lib + enableParallelBuilding = true; + + preBuild = '' + HOME="$(mktemp -d)" ''; - NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ]; + env.NIX_CFLAGS_COMPILE = toString [ "-I${libtirpc.dev}/include/tirpc" ]; NIX_LDFLAGS = [ "-L${libtirpc.dev}/lib" "-ltirpc" ]; - nativeBuildInputs = [ pkg-config rpcsvc-proto makeWrapper ]; + nativeBuildInputs = [ pkg-config go rpcsvc-proto makeWrapper removeReferencesTo ]; buildInputs = [ libelf libcap libseccomp libtirpc ]; + makeFlags = [ + "WITH_LIBELF=yes" + "prefix=$(out)" + # we can't use the WITH_TIRPC=yes flag that exists in the Makefile for the + # same reason we patch out the static library use of libtirpc so we set the + # define in CFLAGS + "CFLAGS=-DWITH_TIRPC" + ]; + + postInstall = + let + inherit (addOpenGLRunpath) driverLink; + libraryPath = lib.makeLibraryPath [ "$out" driverLink "${driverLink}-32" ]; + in + '' + remove-references-to -t "${go}" $out/lib/libnvidia-container-go.so.1.9.0 + wrapProgram $out/bin/nvidia-container-cli --prefix LD_LIBRARY_PATH : ${libraryPath} + ''; + disallowedReferences = [ go ]; + meta = with lib; { homepage = "https://github.com/NVIDIA/libnvidia-container"; description = "NVIDIA container runtime library"; diff --git a/pkgs/applications/virtualization/libnvidia-container/inline-c-struct.patch b/pkgs/applications/virtualization/libnvidia-container/inline-c-struct.patch new file mode 100644 index 0000000000000..dab574e58398c --- /dev/null +++ b/pkgs/applications/virtualization/libnvidia-container/inline-c-struct.patch @@ -0,0 +1,14 @@ +diff --git a/src/nvcgo.c b/src/nvcgo.c +index 98789a3..47ad02b 100644 +--- a/src/nvcgo.c ++++ b/src/nvcgo.c +@@ -33,7 +33,8 @@ + void nvcgo_program_1(struct svc_req *, register SVCXPRT *); + + static struct nvcgo_ext { +- struct nvcgo; ++ struct rpc rpc; ++ struct libnvcgo api; + bool initialized; + void *dl_handle; + } global_nvcgo_context; diff --git a/pkgs/applications/virtualization/libnvidia-container/modprobe.patch b/pkgs/applications/virtualization/libnvidia-container/modprobe.patch index 8e7b0a723ec0c..c28b6bad291db 100644 --- a/pkgs/applications/virtualization/libnvidia-container/modprobe.patch +++ b/pkgs/applications/virtualization/libnvidia-container/modprobe.patch @@ -1,6 +1,6 @@ -diff -ruN nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.c nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.c ---- nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.c 2020-07-09 17:06:05.000000000 +0000 -+++ nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.c 2020-08-18 12:43:03.223871514 +0000 +diff -ruN nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c +--- nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c 2020-07-09 17:06:05.000000000 +0000 ++++ nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c 2020-08-18 12:43:03.223871514 +0000 @@ -840,10 +840,10 @@ return mknod_helper(major, minor_num, vgpu_dev_name, NV_PROC_REGISTRY_PATH); } @@ -16,9 +16,9 @@ diff -ruN nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.c nvidia-m { char field[32]; FILE *fp; -diff -ruN nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.h nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.h ---- nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.h 2020-07-09 17:06:05.000000000 +0000 -+++ nvidia-modprobe-450.57/modprobe-utils/nvidia-modprobe-utils.h 2020-08-18 12:43:44.227745050 +0000 +diff -ruN nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h +--- nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h 2020-07-09 17:06:05.000000000 +0000 ++++ nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h 2020-08-18 12:43:44.227745050 +0000 @@ -81,6 +81,7 @@ int nvidia_nvswitch_get_file_state(int minor); int nvidia_cap_mknod(const char* cap_file_path, int *minor); diff --git a/pkgs/applications/virtualization/lima/bin.nix b/pkgs/applications/virtualization/lima/bin.nix new file mode 100644 index 0000000000000..3b6711a1f74c8 --- /dev/null +++ b/pkgs/applications/virtualization/lima/bin.nix @@ -0,0 +1,112 @@ +{ stdenvNoCC +, lib +, fetchurl +, writeScript +, installShellFiles +, qemu +, makeBinaryWrapper +, autoPatchelfHook +}: + +let + version = "0.15.0"; + + dist = { + aarch64-darwin = rec { + archSuffix = "Darwin-arm64"; + url = "https://github.com/lima-vm/lima/releases/download/v${version}/lima-${version}-${archSuffix}.tar.gz"; + sha256 = "0da51d3c179e89bde404ea40be88b5c11aea8c7cf50cd030fd5b779e91462856"; + }; + + x86_64-darwin = rec { + archSuffix = "Darwin-x86_64"; + url = "https://github.com/lima-vm/lima/releases/download/v${version}/lima-${version}-${archSuffix}.tar.gz"; + sha256 = "c535bc21923bc290ac56fe3a9ea87e8740c7c51e030f05cc32d51e726a59673e"; + }; + + aarch64-linux = rec { + archSuffix = "Linux-aarch64"; + url = "https://github.com/lima-vm/lima/releases/download/v${version}/lima-${version}-${archSuffix}.tar.gz"; + sha256 = "964c897f6dc2a6e203b0c109a7cd59102fe192837c792549b597d7ac301ecf54"; + }; + + x86_64-linux = rec { + archSuffix = "Linux-x86_64"; + url = "https://github.com/lima-vm/lima/releases/download/v${version}/lima-${version}-${archSuffix}.tar.gz"; + sha256 = "5ec308716abe8833ce36d6e77cac44d98d7cfc8add8dbcbe053a91af01cecfa1"; + }; + }; +in +stdenvNoCC.mkDerivation { + inherit version; + pname = "lima"; + src = fetchurl { + inherit (dist.${stdenvNoCC.hostPlatform.system} or + (throw "Unsupported system: ${stdenvNoCC.hostPlatform.system}")) url sha256; + }; + + sourceRoot = "."; + + nativeBuildInputs = [ makeBinaryWrapper installShellFiles ] + ++ lib.optionals stdenvNoCC.isLinux [ autoPatchelfHook ]; + + installPhase = '' + runHook preInstall + mkdir -p $out + cp -r bin share $out + chmod +x $out/bin/limactl + wrapProgram $out/bin/limactl \ + --prefix PATH : ${lib.makeBinPath [ qemu ]} + installShellCompletion --cmd limactl \ + --bash <($out/bin/limactl completion bash) \ + --fish <($out/bin/limactl completion fish) \ + --zsh <($out/bin/limactl completion zsh) + runHook postInstall + ''; + + doInstallCheck = true; + installCheckPhase = '' + USER=nix $out/bin/limactl validate $out/share/lima/examples/default.yaml + USER=nix $out/bin/limactl validate $out/share/lima/examples/experimental/vz.yaml + ''; + + # Stripping removes entitlements of the binary on Darwin making it non-operational. + # Therefore, disable stripping on Darwin. + dontStrip = stdenvNoCC.isDarwin; + + passthru.updateScript = + let + lima-bin = builtins.toString ./bin.nix; + in + writeScript "update-lima-bin.sh" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p common-updater-scripts curl jq gawk + + set -eou pipefail + + LATEST_VERSION=$(curl -H "Accept: application/vnd.github+json" -Ls https://api.github.com/repos/lima-vm/lima/releases/latest | jq -r .tag_name | cut -c 2-) + curl -Ls -o SHA256SUMS https://github.com/lima-vm/lima/releases/download/v$LATEST_VERSION/SHA256SUMS + AARCH64_DARWIN_SHA256=$(cat SHA256SUMS | awk '/Darwin-arm64/{print $1}') + X86_64_DARWIN_SHA256=$(cat SHA256SUMS | awk '/Darwin-x86_64/{print $1}') + AARCH64_LINUX_SHA256=$(cat SHA256SUMS | awk '/Linux-aarch64/{print $1}') + X86_64_LINUX_SHA256=$(cat SHA256SUMS | awk '/Linux-x86_64/{print $1}') + + # reset version first so that all platforms are always updated and in sync + update-source-version lima-bin 0 ${lib.fakeSha256} --file=${lima-bin} --system=aarch64-darwin + update-source-version lima-bin $LATEST_VERSION $AARCH64_DARWIN_SHA256 --file=${lima-bin} --system=aarch64-darwin + update-source-version lima-bin 0 ${lib.fakeSha256} --file=${lima-bin} --system=x86_64-darwin + update-source-version lima-bin $LATEST_VERSION $X86_64_DARWIN_SHA256 --file=${lima-bin} --system=x86_64-darwin + update-source-version lima-bin 0 ${lib.fakeSha256} --file=${lima-bin} --system=aarch64-linux + update-source-version lima-bin $LATEST_VERSION $AARCH64_LINUX_SHA256 --file=${lima-bin} --system=aarch64-linux + update-source-version lima-bin 0 ${lib.fakeSha256} --file=${lima-bin} --system=x86_64-linux + update-source-version lima-bin $LATEST_VERSION $X86_64_LINUX_SHA256 --file=${lima-bin} --system=x86_64-linux + rm SHA256SUMS + ''; + + meta = with lib; { + homepage = "https://github.com/lima-vm/lima"; + description = "Linux virtual machines (on macOS, in most cases)"; + license = licenses.asl20; + maintainers = with maintainers; [ tricktron ]; + }; +} diff --git a/pkgs/applications/virtualization/lima/default.nix b/pkgs/applications/virtualization/lima/default.nix index cb45f5b7a8277..189105ab54521 100644 --- a/pkgs/applications/virtualization/lima/default.nix +++ b/pkgs/applications/virtualization/lima/default.nix @@ -1,25 +1,40 @@ { lib +, stdenv , buildGoModule , fetchFromGitHub , installShellFiles , qemu +, xcbuild +, sigtool , makeWrapper }: buildGoModule rec { pname = "lima"; - version = "0.7.3"; + version = "0.15.0"; src = fetchFromGitHub { owner = "lima-vm"; repo = pname; rev = "v${version}"; - sha256 = "sha256-HVWZ0XF1oBUHhkOQHELlZ/pxXUsUo2cVo6EhZl6S0W4="; + sha256 = "sha256-jmVgrrbxkvzDkUYpNivz3jOOEEkr90iS5W4aY3L7Cug="; }; - vendorSha256 = "sha256-LhmZRa7vDylA4DRTfKFRs3lQMnwNfzF1H6ki1/zdpUg="; + vendorHash = "sha256-8YmApeijOmWFfLu4UJTa1Ufn0RbaO4TKe7QHvjluMRg="; - nativeBuildInputs = [ makeWrapper installShellFiles ]; + nativeBuildInputs = [ makeWrapper installShellFiles ] + ++ lib.optionals stdenv.isDarwin [ xcbuild.xcrun sigtool ]; + + # clean fails with read only vendor dir + postPatch = '' + substituteInPlace Makefile \ + --replace 'binaries: clean' 'binaries:' \ + --replace 'codesign --entitlements vz.entitlements -s -' 'codesign --force --entitlements vz.entitlements -s -' + ''; + + # It attaches entitlements with codesign and strip removes those, + # voiding the entitlements and making it non-operational. + dontStrip = stdenv.isDarwin; buildPhase = '' runHook preBuild @@ -48,6 +63,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/lima-vm/lima"; description = "Linux virtual machines (on macOS, in most cases)"; + changelog = "https://github.com/lima-vm/lima/releases/tag/v${version}"; license = licenses.asl20; maintainers = with maintainers; [ anhduy ]; }; diff --git a/pkgs/applications/virtualization/lkl/default.nix b/pkgs/applications/virtualization/lkl/default.nix index f2481e25a8fdb..839022a8d5512 100644 --- a/pkgs/applications/virtualization/lkl/default.nix +++ b/pkgs/applications/virtualization/lkl/default.nix @@ -1,28 +1,42 @@ { lib, stdenv, fetchFromGitHub, bc, python3, bison, flex, fuse, libarchive -, buildPackages }: +, buildPackages + +, firewallSupport ? false +}: stdenv.mkDerivation rec { pname = "lkl"; - version = "2019-10-04"; - rev = "06ca3ddb74dc5b84fa54fa1746737f2df502e047"; - - outputs = [ "dev" "lib" "out" ]; - nativeBuildInputs = [ bc bison flex python3 ]; + # NOTE: pinned to the last known version that doesn't have a hang in cptofs. + # Please verify `nix build -f nixos/release-combined.nix nixos.ova` works + # before attempting to update again. + # ref: https://github.com/NixOS/nixpkgs/pull/219434 + version = "2022-08-08"; - buildInputs = [ fuse libarchive ]; + outputs = [ "dev" "lib" "out" ]; src = fetchFromGitHub { - inherit rev; owner = "lkl"; repo = "linux"; - sha256 = "0qjp0r338bwgrqdsvy5mkdh7ryas23m47yvxfwdknfyl0k3ylq62"; + rev = "ffbb4aa67b3e0a64f6963f59385a200d08cb2d8b"; + sha256 = "sha256-24sNREdnhkF+P+3P0qEh2tF1jHKF7KcbFSn/rPK2zWs="; }; - # Fix a /usr/bin/env reference in here that breaks sandboxed builds - prePatch = "patchShebangs arch/lkl/scripts"; - # Fixup build with newer Linux headers: https://github.com/lkl/linux/pull/484 - postPatch = "sed '1i#include <linux/sockios.h>' -i tools/lkl/lib/hijack/xlate.c"; + nativeBuildInputs = [ bc bison flex python3 ]; + + buildInputs = [ fuse libarchive ]; + + postPatch = '' + # Fix a /usr/bin/env reference in here that breaks sandboxed builds + patchShebangs arch/lkl/scripts + + patchShebangs scripts/ld-version.sh + + # Fixup build with newer Linux headers: https://github.com/lkl/linux/pull/484 + sed '1i#include <linux/sockios.h>' -i tools/lkl/lib/hijack/xlate.c + '' + lib.optionalString firewallSupport '' + cat ${./lkl-defconfig-enable-nftables} >> arch/lkl/configs/defconfig + ''; installPhase = '' mkdir -p $out/bin $lib/lib $dev @@ -61,8 +75,8 @@ stdenv.mkDerivation rec { overhead ''; homepage = "https://github.com/lkl/linux/"; - platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux" ]; # Darwin probably works too but I haven't tested it + platforms = platforms.linux; # Darwin probably works too but I haven't tested it license = licenses.gpl2; - maintainers = with maintainers; [ copumpkin ]; + maintainers = with maintainers; [ copumpkin raitobezarius ]; }; } diff --git a/pkgs/applications/virtualization/lkl/lkl-defconfig-enable-nftables b/pkgs/applications/virtualization/lkl/lkl-defconfig-enable-nftables new file mode 100644 index 0000000000000..4491aef6a0129 --- /dev/null +++ b/pkgs/applications/virtualization/lkl/lkl-defconfig-enable-nftables @@ -0,0 +1,235 @@ +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_RPFILTER=y +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_MATCH_SRH=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_SECURITY=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_RPFILTER=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_SECURITY=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK_ACCT=y +CONFIG_NETFILTER_NETLINK_GLUE_CT=y +CONFIG_NETFILTER_NETLINK_HOOK=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_SYNPROXY=y +CONFIG_NETFILTER_XTABLES_COMPAT=y +CONFIG_NETFILTER_XTABLES=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_BPF=y +CONFIG_NETFILTER_XT_MATCH_CGROUP=y +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_CPU=y +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +CONFIG_NETFILTER_XT_MATCH_IPVS=y +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OSF=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_RATEEST=y +CONFIG_NETFILTER_XT_MATCH_REALM=y +CONFIG_NETFILTER_XT_MATCH_RECENT=y +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_SOCKET=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_SET=y +CONFIG_NETFILTER_XT_TARGET_AUDIT=y +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +CONFIG_NETFILTER_XT_TARGET_HMARK=y +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y +CONFIG_NETFILTER_XT_TARGET_LED=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +CONFIG_NETFILTER_XT_TARGET_RATEEST=y +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NF_CONNTRACK_AMANDA=y +CONFIG_NF_CONNTRACK_BRIDGE=y +CONFIG_NF_CONNTRACK_BROADCAST=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_FTP=y +CONFIG_NF_CONNTRACK_H323=y +CONFIG_NF_CONNTRACK_IRC=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_NETBIOS_NS=y +CONFIG_NF_CONNTRACK_PPTP=y +CONFIG_NF_CONNTRACK_SANE=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NF_CONNTRACK_SIP=y +CONFIG_NF_CONNTRACK_SNMP=y +CONFIG_NF_CONNTRACK_TFTP=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CT_NETLINK_HELPER=y +CONFIG_NF_CT_NETLINK_TIMEOUT=y +CONFIG_NF_CT_NETLINK=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_DUP_IPV4=y +CONFIG_NF_DUP_IPV6=y +CONFIG_NF_DUP_NETDEV=y +CONFIG_NF_FLOW_TABLE_INET=y +CONFIG_NF_FLOW_TABLE=y +CONFIG_NF_LOG_ARP=y +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_LOG_SYSLOG=y +CONFIG_NF_NAT_AMANDA=y +CONFIG_NF_NAT_FTP=y +CONFIG_NF_NAT_H323=y +CONFIG_NF_NAT_IRC=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NF_NAT_PPTP=y +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_SIP=y +CONFIG_NF_NAT_SNMP_BASIC=y +CONFIG_NF_NAT_TFTP=y +CONFIG_NF_NAT=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_SOCKET_IPV4=y +CONFIG_NF_SOCKET_IPV6=y +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_IPV4=y +CONFIG_NF_TABLES_IPV6=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NF_TABLES=y +CONFIG_NFT_BRIDGE_META=y +CONFIG_NFT_BRIDGE_REJECT=y +CONFIG_NFT_COMPAT=y +CONFIG_NFT_CONNLIMIT=y +CONFIG_NFT_COUNTER=y +CONFIG_NFT_CT=y +CONFIG_NFT_DUP_IPV4=y +CONFIG_NFT_DUP_IPV6=y +CONFIG_NFT_DUP_NETDEV=y +CONFIG_NFT_FIB_INET=y +CONFIG_NFT_FIB_IPV4=y +CONFIG_NFT_FIB_IPV6=y +CONFIG_NFT_FIB_NETDEV=y +CONFIG_NFT_FIB=y +CONFIG_NFT_FLOW_OFFLOAD=y +CONFIG_NFT_FWD_NETDEV=y +CONFIG_NFT_HASH=y +CONFIG_NFT_LIMIT=y +CONFIG_NFT_LOG=y +CONFIG_NFT_MASQ=y +CONFIG_NFT_NAT=y +CONFIG_NFT_NUMGEN=y +CONFIG_NFT_OBJREF=y +CONFIG_NFT_OSF=y +CONFIG_NF_TPROXY_IPV4=y +CONFIG_NF_TPROXY_IPV6=y +CONFIG_NFT_QUEUE=y +CONFIG_NFT_QUOTA=y +CONFIG_NFT_REDIR=y +CONFIG_NFT_REJECT_INET=y +CONFIG_NFT_REJECT_IPV4=y +CONFIG_NFT_REJECT_IPV6=y +CONFIG_NFT_REJECT_NETDEV=y +CONFIG_NFT_REJECT=y +CONFIG_NFT_SOCKET=y +CONFIG_NFT_SYNPROXY=y +CONFIG_NFT_TPROXY=y +CONFIG_NFT_TUNNEL=y +CONFIG_NFT_XFRM=y diff --git a/pkgs/applications/virtualization/looking-glass-client/default.nix b/pkgs/applications/virtualization/looking-glass-client/default.nix index 0d158cc3f96f4..60808705e8dd0 100644 --- a/pkgs/applications/virtualization/looking-glass-client/default.nix +++ b/pkgs/applications/virtualization/looking-glass-client/default.nix @@ -1,8 +1,39 @@ +{ stdenv +, lib +, fetchFromGitHub +, makeDesktopItem +, pkg-config +, cmake +, freefont_ttf +, spice-protocol +, nettle +, libbfd +, fontconfig +, libffi +, expat +, libGL -{ stdenv, lib, fetchFromGitHub, fetchpatch, makeDesktopItem, cmake, pkg-config -, SDL, SDL2_ttf, freefont_ttf, spice-protocol, nettle, libbfd, fontconfig -, libXi, libXScrnSaver, libXinerama -, wayland, wayland-protocols +, libX11 +, libxkbcommon +, libXext +, libXrandr +, libXi +, libXScrnSaver +, libXinerama +, libXcursor +, libXpresent + +, wayland +, wayland-protocols + +, pipewire +, pulseaudio +, libsamplerate + +, xorgSupport ? true +, waylandSupport ? true +, pipewireSupport ? true +, pulseSupport ? true }: let @@ -17,29 +48,33 @@ let in stdenv.mkDerivation rec { pname = "looking-glass-client"; - version = "B4"; + version = "B6"; src = fetchFromGitHub { owner = "gnif"; repo = "LookingGlass"; rev = version; - sha256 = "0fwmz0l1dcfwklgvxmv0galgj2q3nss90kc3jwgf6n80x27rsnhf"; + sha256 = "sha256-6vYbNmNJBCoU23nVculac24tHqH7F4AZVftIjL93WJU="; fetchSubmodules = true; }; nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ - SDL SDL2_ttf freefont_ttf spice-protocol - libbfd nettle fontconfig - libXi libXScrnSaver libXinerama - wayland wayland-protocols - ]; + buildInputs = [ libGL libX11 freefont_ttf spice-protocol expat libbfd nettle fontconfig libffi ] + ++ lib.optionals xorgSupport [ libxkbcommon libXi libXScrnSaver libXinerama libXcursor libXpresent libXext libXrandr ] + ++ lib.optionals waylandSupport [ libxkbcommon wayland wayland-protocols ] + ++ lib.optionals pipewireSupport [ pipewire libsamplerate ] + ++ lib.optionals pulseSupport [ pulseaudio libsamplerate ]; + + cmakeFlags = [ "-DOPTIMIZE_FOR_NATIVE=OFF" ] + ++ lib.optional (!xorgSupport) "-DENABLE_X11=no" + ++ lib.optional (!waylandSupport) "-DENABLE_WAYLAND=no" + ++ lib.optional (!pulseSupport) "-DENABLE_PULSEAUDIO=no" + ++ lib.optional (!pipewireSupport) "-DENABLE_PIPEWIRE=no"; - NIX_CFLAGS_COMPILE = "-mavx"; # Fix some sort of AVX compiler problem. postUnpack = '' - echo $version > source/VERSION + echo ${src.rev} > source/VERSION export sourceRoot="source/client" ''; @@ -60,7 +95,7 @@ stdenv.mkDerivation rec { ''; homepage = "https://looking-glass.io/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ alexbakker babbaj ]; + maintainers = with maintainers; [ alexbakker babbaj j-brn ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/applications/virtualization/nixpacks/default.nix b/pkgs/applications/virtualization/nixpacks/default.nix new file mode 100644 index 0000000000000..861d4877e428f --- /dev/null +++ b/pkgs/applications/virtualization/nixpacks/default.nix @@ -0,0 +1,25 @@ +{ lib, rustPlatform, fetchFromGitHub }: + +rustPlatform.buildRustPackage rec { + pname = "nixpacks"; + version = "1.5.0"; + + src = fetchFromGitHub { + owner = "railwayapp"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-1IJboAy0GYgkysY84+wHHOulA/aiux7pgCtxfr0CFV8="; + }; + + cargoHash = "sha256-kAou5pPOwbOZ9n8+fQJ4+Hh9x7wrY898R5XTuUEvF2o="; + + # skip test due FHS dependency + doCheck = false; + + meta = with lib; { + description = "App source + Nix packages + Docker = Image Resources"; + homepage = "https://github.com/railwayapp/nixpacks"; + license = licenses.mit; + maintainers = [ maintainers.zoedsoupe ]; + }; +} diff --git a/pkgs/applications/virtualization/open-vm-tools/default.nix b/pkgs/applications/virtualization/open-vm-tools/default.nix index c3721bbe36e59..b060c6290493d 100644 --- a/pkgs/applications/virtualization/open-vm-tools/default.nix +++ b/pkgs/applications/virtualization/open-vm-tools/default.nix @@ -1,58 +1,130 @@ -{ stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook -, bash, fuse, libmspack, openssl, pam, xercesc, icu, libdnet, procps, libtirpc, rpcsvc-proto -, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst -, pkg-config, glib, gdk-pixbuf-xlib, gtk3, gtkmm3, iproute2, dbus, systemd, which -, libdrm, udev +{ stdenv +, lib +, fetchFromGitHub +, makeWrapper +, autoreconfHook +, bash +, fuse3 +, libmspack +, openssl +, pam +, xercesc +, icu +, libdnet +, procps +, libtirpc +, rpcsvc-proto +, libX11 +, libXext +, libXinerama +, libXi +, libXrender +, libXrandr +, libXtst +, libxcrypt +, libxml2 +, pkg-config +, glib +, gdk-pixbuf-xlib +, gtk3 +, gtkmm3 +, iproute2 +, dbus +, systemd +, which +, libdrm +, udev +, util-linux +, xmlsec , withX ? true }: stdenv.mkDerivation rec { pname = "open-vm-tools"; - version = "11.3.5"; + version = "12.1.5"; src = fetchFromGitHub { - owner = "vmware"; - repo = "open-vm-tools"; - rev = "stable-${version}"; - sha256 = "03fahljrijq4ij8a4v8d7806mpf22ppkgr61n5s974g3xfdvpl13"; + owner = "vmware"; + repo = "open-vm-tools"; + rev = "stable-${version}"; + hash = "sha256-CffJg29qM9ex1RAq5t2dE/GX8ud9TylQbYiwBkh8nxE="; }; sourceRoot = "${src.name}/open-vm-tools"; outputs = [ "out" "dev" ]; - nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ]; - buildInputs = [ fuse glib icu libdnet libdrm libmspack libtirpc openssl pam procps rpcsvc-proto udev xercesc ] - ++ lib.optionals withX [ gdk-pixbuf-xlib gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ]; + nativeBuildInputs = [ + autoreconfHook + makeWrapper + pkg-config + ]; + + buildInputs = [ + fuse3 + glib + icu + libdnet + libdrm + libmspack + libtirpc + libxcrypt + libxml2 + openssl + pam + procps + rpcsvc-proto + udev + xercesc + xmlsec + ] ++ lib.optionals withX [ + gdk-pixbuf-xlib + gtk3 + gtkmm3 + libX11 + libXext + libXinerama + libXi + libXrender + libXrandr + libXtst + ]; postPatch = '' - sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' Makefile.am - sed -i 's,^confdir = ,confdir = ''${prefix},' scripts/Makefile.am - sed -i 's,usr/bin,''${prefix}/usr/bin,' scripts/Makefile.am - sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' services/vmtoolsd/Makefile.am - sed -i 's,$(PAM_PREFIX),''${prefix}/$(PAM_PREFIX),' services/vmtoolsd/Makefile.am + sed -i Makefile.am \ + -e 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' + sed -i scripts/Makefile.am \ + -e 's,^confdir = ,confdir = ''${prefix},' \ + -e 's,usr/bin,''${prefix}/usr/bin,' + sed -i services/vmtoolsd/Makefile.am \ + -e 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' \ + -e 's,$(PAM_PREFIX),''${prefix}/$(PAM_PREFIX),' + sed -i vgauth/service/Makefile.am \ + -e 's,/etc/vmware-tools/vgauth/schemas,''${prefix}/etc/vmware-tools/vgauth/schemas,' \ + -e 's,$(DESTDIR)/etc/vmware-tools/vgauth.conf,''${prefix}/etc/vmware-tools/vgauth.conf,' + + # don't abort on any warning + sed -i 's,CFLAGS="$CFLAGS -Werror",,' configure.ac - # Avoid a glibc >= 2.25 deprecation warning that gets fatal via -Werror. - sed 1i'#include <sys/sysmacros.h>' -i lib/wiper/wiperPosix.c + # Make reboot work, shutdown is not in /sbin on NixOS + sed -i 's,/sbin/shutdown,shutdown,' lib/system/systemLinux.c - # Make reboot work, shutdown is not in /sbin on NixOS - sed -i 's,/sbin/shutdown,shutdown,' lib/system/systemLinux.c + # Fix paths to fuse3 (we do not use fuse2 so that is not modified) + sed -i 's,/bin/fusermount3,${fuse3}/bin/fusermount3,' vmhgfs-fuse/config.c + + substituteInPlace services/plugins/vix/foundryToolsDaemon.c \ + --replace "/usr/bin/vmhgfs-fuse" "${placeholder "out"}/bin/vmhgfs-fuse" \ + --replace "/bin/mount" "${util-linux}/bin/mount" ''; configureFlags = [ "--without-kernel-modules" - "--without-xmlsecurity" "--with-udev-rules-dir=${placeholder "out"}/lib/udev/rules.d" + "--with-fuse=fuse3" ] ++ lib.optional (!withX) "--without-x"; enableParallelBuilding = true; - NIX_CFLAGS_COMPILE = builtins.toString [ - # fix build with gcc9 - "-Wno-error=address-of-packed-member" - "-Wno-error=format-overflow" - ]; - preConfigure = '' mkdir -p ${placeholder "out"}/lib/udev/rules.d ''; @@ -65,13 +137,14 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://github.com/vmware/open-vm-tools"; + changelog = "https://github.com/vmware/open-vm-tools/releases/tag/stable-${version}"; description = "Set of tools for VMWare guests to improve host-guest interaction"; longDescription = '' A set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests. ''; license = licenses.gpl2; - platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; + platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; maintainers = with maintainers; [ joamaki ]; }; } diff --git a/pkgs/applications/virtualization/ops/default.nix b/pkgs/applications/virtualization/ops/default.nix new file mode 100644 index 0000000000000..484eeeb41c118 --- /dev/null +++ b/pkgs/applications/virtualization/ops/default.nix @@ -0,0 +1,36 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: +buildGoModule rec { + pname = "ops"; + version = "0.1.32"; + + src = fetchFromGitHub { + owner = "nanovms"; + repo = pname; + rev = version; + sha256 = "sha256-ac+17hywzyK7ChCP/nhwTP1WEIZ89+BKX9/YmsPpfg8="; + }; + + proxyVendor = true; # Doesn't build otherwise + + vendorSha256 = "sha256-65VvUy4vGTfZgsXGJVSc/yU5R5MhSKJyMMsvPOCThks="; + + # Some tests fail + doCheck = false; + doInstallCheck = true; + + ldflags = [ + "-s" "-w" + "-X github.com/nanovms/ops/lepton.Version=${version}" + ]; + + meta = with lib; { + description = "Build and run nanos unikernels"; + homepage = "https://github.com/nanovms/ops"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ dit7ya ]; + }; +} diff --git a/pkgs/applications/virtualization/podman-compose/default.nix b/pkgs/applications/virtualization/podman-compose/default.nix index 2a6d2a20c44e0..a05ff32e397b9 100644 --- a/pkgs/applications/virtualization/podman-compose/default.nix +++ b/pkgs/applications/virtualization/podman-compose/default.nix @@ -1,28 +1,23 @@ -{ lib, buildPythonApplication, fetchFromGitHub, pyyaml }: +{ lib, buildPythonApplication, fetchFromGitHub, python-dotenv, pyyaml }: buildPythonApplication rec { - version = "0.2.0pre-2021-05-18"; + version = "1.0.3"; pname = "podman-compose"; - # "This project is still under development." -- README.md - # - # As of May 2021, the latest release (0.1.5) has fewer than half of all - # commits. This project seems to have no release management, so the last - # commit is the best one until proven otherwise. src = fetchFromGitHub { repo = "podman-compose"; owner = "containers"; - rev = "62d2024feecf312e9591cc145f49cee9c70ab4fe"; - sha256 = "17992imkvi6129wvajsp0iz5iicfmh53i20qy2mzz17kcz30r2pp"; + rev = "v${version}"; + sha256 = "sha256-Si/O4dx9bqqRp/hTv3WbTXj46OM+PpyPBnQQWUqcZfs="; }; - propagatedBuildInputs = [ pyyaml ]; + propagatedBuildInputs = [ pyyaml python-dotenv ]; meta = { description = "An implementation of docker-compose with podman backend"; homepage = "https://github.com/containers/podman-compose"; - license = lib.licenses.gpl2; - platforms = lib.platforms.linux; + license = lib.licenses.gpl2Only; + platforms = lib.platforms.unix; maintainers = [ lib.maintainers.sikmir ] ++ lib.teams.podman.members; }; } diff --git a/pkgs/applications/virtualization/podman-tui/default.nix b/pkgs/applications/virtualization/podman-tui/default.nix new file mode 100644 index 0000000000000..c5b8dbb120934 --- /dev/null +++ b/pkgs/applications/virtualization/podman-tui/default.nix @@ -0,0 +1,49 @@ +{ lib, stdenv, fetchFromGitHub, buildGoModule, testers, podman-tui }: + +buildGoModule rec { + pname = "podman-tui"; + version = "0.9.0"; + + src = fetchFromGitHub { + owner = "containers"; + repo = "podman-tui"; + rev = "v${version}"; + hash = "sha256-qw7ylukG7M31rUtoZqbcjWchcEB14uvb2k1cjIjy8qA="; + }; + + vendorHash = null; + + CGO_ENABLED = 0; + + tags = [ "containers_image_openpgp" "remote" ] + ++ lib.optional stdenv.isDarwin "darwin"; + + ldflags = [ "-s" "-w" ]; + + preCheck = + let + skippedTests = [ + "TestDialogs" + ]; + in + '' + export USER=$(whoami) + export HOME=/home/$USER + + # Disable flaky tests + buildFlagsArray+=("-run" "[^(${builtins.concatStringsSep "|" skippedTests})]") + ''; + + passthru.tests.version = testers.testVersion { + package = podman-tui; + command = "podman-tui version"; + version = "v${version}"; + }; + + meta = with lib; { + homepage = "https://github.com/containers/podman-tui"; + description = "Podman Terminal UI"; + license = licenses.asl20; + maintainers = with maintainers; [ aaronjheng ]; + }; +} diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index 705e5b5d61111..120bd2670f64d 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -13,26 +13,75 @@ , systemd , go-md2man , nixosTests +, python3 +, makeWrapper +, symlinkJoin +, extraPackages ? [ ] +, runc +, crun +, conmon +, slirp4netns +, fuse-overlayfs +, util-linux +, iptables +, iproute2 +, catatonit +, gvproxy +, aardvark-dns +, netavark +, testers +, podman }: +let + # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed + binPath = lib.makeBinPath (lib.optionals stdenv.isLinux [ + runc + crun + conmon + slirp4netns + fuse-overlayfs + util-linux + iptables + iproute2 + ] ++ extraPackages); + + helpersBin = symlinkJoin { + name = "podman-helper-binary-wrapper"; + + # this only works for some binaries, others may need to be be added to `binPath` or in the modules + paths = [ + gvproxy + ] ++ lib.optionals stdenv.isLinux [ + aardvark-dns + catatonit # added here for the pause image and also set in `containersConf` for `init_path` + netavark + ]; + }; +in buildGoModule rec { pname = "podman"; - version = "3.4.1"; + version = "4.4.2"; src = fetchFromGitHub { owner = "containers"; repo = "podman"; rev = "v${version}"; - sha256 = "sha256-+6ALwm1Hc76rYwlQN0r8zX2n+nxBk5iW4AHWBlzAIOc="; + hash = "sha256-337PFsPGm7pUgnFeNJKwT+/7AdbWSfCx4kXyAvHyWJQ="; }; - vendorSha256 = null; + patches = [ + # we intentionally don't build and install the helper so we shouldn't display messages to users about it + ./rm-podman-mac-helper-msg.patch + ]; + + vendorHash = null; doCheck = false; outputs = [ "out" "man" ]; - nativeBuildInputs = [ pkg-config go-md2man installShellFiles ]; + nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ]; buildInputs = lib.optionals stdenv.isLinux [ btrfs-progs @@ -44,52 +93,60 @@ buildGoModule rec { systemd ]; + HELPER_BINARIES_DIR = "${PREFIX}/libexec/podman"; # used in buildPhase & installPhase + PREFIX = "${placeholder "out"}"; + buildPhase = '' runHook preBuild patchShebangs . - ${if stdenv.isDarwin - then "make podman-remote" - else "make podman"} + ${if stdenv.isDarwin then '' + make podman-remote # podman-mac-helper uses FHS paths + '' else '' + make bin/podman bin/rootlessport bin/quadlet + ''} make docs runHook postBuild ''; installPhase = '' runHook preInstall - '' + lib.optionalString stdenv.isDarwin '' - mv bin/{darwin/podman,podman} - '' + '' - install -Dm555 bin/podman $out/bin/podman - installShellCompletion --bash completions/bash/* - installShellCompletion --fish completions/fish/* - installShellCompletion --zsh completions/zsh/* - MANDIR=$man/share/man make install.man-nobuild - install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d - install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d - install -Dm644 contrib/systemd/system/podman.{socket,service} -t $out/lib/systemd/system + ${if stdenv.isDarwin then '' + install bin/darwin/podman -Dt $out/bin + '' else '' + make install.bin install.systemd + ''} + make install.completions install.man + mkdir -p ${HELPER_BINARIES_DIR} + ln -s ${helpersBin}/bin/* ${HELPER_BINARIES_DIR} + wrapProgram $out/bin/podman \ + --prefix PATH : ${lib.escapeShellArg binPath} runHook postInstall ''; postFixup = lib.optionalString stdenv.isLinux '' - RPATH=$(patchelf --print-rpath $out/bin/podman) - patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman + RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped) + patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped ''; passthru.tests = { + version = testers.testVersion { + package = podman; + command = "HOME=$TMPDIR podman --version"; + }; + } // lib.optionalAttrs stdenv.isLinux { inherit (nixosTests) podman; # related modules inherit (nixosTests) podman-tls-ghostunnel - podman-dnsname ; + oci-containers-podman = nixosTests.oci-containers.podman; }; meta = with lib; { homepage = "https://podman.io/"; description = "A program for managing pods, containers and container images"; - changelog = "https://github.com/containers/podman/blob/v${version}/changelog.txt"; + changelog = "https://github.com/containers/podman/blob/v${version}/RELEASE_NOTES.md"; license = licenses.asl20; maintainers = with maintainers; [ marsam ] ++ teams.podman.members; - platforms = platforms.unix; }; } diff --git a/pkgs/applications/virtualization/podman/rm-podman-mac-helper-msg.patch b/pkgs/applications/virtualization/podman/rm-podman-mac-helper-msg.patch new file mode 100644 index 0000000000000..d1fe9bcc9b0ae --- /dev/null +++ b/pkgs/applications/virtualization/podman/rm-podman-mac-helper-msg.patch @@ -0,0 +1,16 @@ +diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go +index 4f25b4d26..8a79862fd 100644 +--- a/pkg/machine/qemu/machine.go ++++ b/pkg/machine/qemu/machine.go +@@ -1509,11 +1509,6 @@ func (v *MachineVM) waitAPIAndPrintInfo(forwardState apiForwardingState, forward + case notInstalled: + fmt.Printf("\nThe system helper service is not installed; the default Docker API socket\n") + fmt.Printf("address can't be used by podman. ") +- if helper := findClaimHelper(); len(helper) > 0 { +- fmt.Printf("If you would like to install it run the\nfollowing commands:\n") +- fmt.Printf("\n\tsudo %s install\n", helper) +- fmt.Printf("\tpodman machine stop%s; podman machine start%s\n\n", suffix, suffix) +- } + case machineLocal: + fmt.Printf("\nAnother process was listening on the default Docker API socket address.\n") + case claimUnsupported: diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix deleted file mode 100644 index c9ec18593dff9..0000000000000 --- a/pkgs/applications/virtualization/podman/wrapper.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ podman-unwrapped -, runCommand -, makeWrapper -, lib -, extraPackages ? [] -, podman # Docker compat -, runc # Default container runtime -, crun # Container runtime (default with cgroups v2 for podman/buildah) -, conmon # Container runtime monitor -, slirp4netns # User-mode networking for unprivileged namespaces -, fuse-overlayfs # CoW for images, much faster than default vfs -, util-linux # nsenter -, cni-plugins # not added to path -, iptables -, iproute2 -}: - -let - podman = podman-unwrapped; - - binPath = lib.makeBinPath ([ - runc - crun - conmon - slirp4netns - fuse-overlayfs - util-linux - iptables - iproute2 - ] ++ extraPackages); - -in runCommand podman.name { - name = "${podman.pname}-wrapper-${podman.version}"; - inherit (podman) pname version passthru; - - preferLocalBuild = true; - - meta = builtins.removeAttrs podman.meta [ "outputsToInstall" ]; - - outputs = [ - "out" - "man" - ]; - - nativeBuildInputs = [ - makeWrapper - ]; - -} '' - ln -s ${podman.man} $man - - mkdir -p $out/bin - ln -s ${podman-unwrapped}/etc $out/etc - ln -s ${podman-unwrapped}/lib $out/lib - ln -s ${podman-unwrapped}/share $out/share - makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \ - --prefix PATH : ${binPath} -'' diff --git a/pkgs/applications/virtualization/pods/default.nix b/pkgs/applications/virtualization/pods/default.nix new file mode 100644 index 0000000000000..5e68eeb2c827f --- /dev/null +++ b/pkgs/applications/virtualization/pods/default.nix @@ -0,0 +1,64 @@ +{ lib +, stdenv +, fetchFromGitHub +, desktop-file-utils +, glib +, gtk4 +, meson +, ninja +, pkg-config +, rustPlatform +, wrapGAppsHook4 +, gtksourceview5 +, libadwaita +, libpanel +, vte-gtk4 +}: + +stdenv.mkDerivation rec { + pname = "pods"; + version = "1.0.6"; + + src = fetchFromGitHub { + owner = "marhkb"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-ZryzNlEj/2JTp5FJiDzXN9v1DvczfebqEOrJP+dKaRw="; + }; + + cargoDeps = rustPlatform.fetchCargoTarball { + inherit src; + name = "${pname}-${version}"; + sha256 = "sha256-OgvlRnii4T4HcFPiGkcLcagyHCg+lWXCXQ9XdXjHDbQ="; + }; + + nativeBuildInputs = [ + desktop-file-utils + glib + gtk4 + meson + ninja + pkg-config + rustPlatform.cargoSetupHook + rustPlatform.rust.cargo + rustPlatform.rust.rustc + wrapGAppsHook4 + ]; + + buildInputs = [ + gtk4 + gtksourceview5 + libadwaita + libpanel + vte-gtk4 + ]; + + meta = with lib; { + description = "A podman desktop application"; + homepage = "https://github.com/marhkb/pods"; + changelog = "https://github.com/marhkb/pods/releases/tag/v${version}"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ figsoda ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/virtualization/qboot/default.nix b/pkgs/applications/virtualization/qboot/default.nix index c7a3620d644ed..985f7e469e3ea 100644 --- a/pkgs/applications/virtualization/qboot/default.nix +++ b/pkgs/applications/virtualization/qboot/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation { description = "A simple x86 firmware for booting Linux"; homepage = "https://github.com/bonzini/qboot"; license = lib.licenses.gpl2; - maintainers = with lib.maintainers; [ tstrobel ]; + maintainers = with lib.maintainers; [ ]; platforms = [ "x86_64-linux" "i686-linux" ]; }; } diff --git a/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch b/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch deleted file mode 100644 index 03e47a57863c5..0000000000000 --- a/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit cdc3e7eeafa9f683214d2c15d52ef384c3de6611 -Author: aszlig <aszlig@nix.build> -Date: Mon Mar 18 13:21:01 2019 +0100 - - 9pfs: Ignore O_NOATIME open flag - - Since Linux 4.19, overlayfs uses the O_NOATIME flag on its lowerdir, - which in turn causes errors when the Nix store is mounted in the guest - because the file owner of the store paths typically don't match the - owner of the QEMU process. - - After submitting a patch to the overlayfs mailing list[1], it turns out - that my patch was incomplete[2] and needs a bit more rework. - - So instead of using an incomplete kernel patch in nixpkgs, which affects - *all* users of overlayfs, not just NixOS VM tests, I decided that for - now it's better to patch QEMU instead. - - The change here really only ignores the O_NOATIME flag so that the - behaviour is similar to what NFS does. From open(2): - - This flag may not be effective on all filesystems. One example is NFS, - where the server maintains the access time. - - This change is therefore only temporary until the final fix lands in the - stable kernel releases. - - [1]: https://www.spinics.net/lists/linux-unionfs/msg06755.html - [2]: https://www.spinics.net/lists/linux-unionfs/msg06756.html - - Signed-off-by: aszlig <aszlig@nix.build> - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 55821343e5..0b8425fe18 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -127,7 +127,6 @@ static int dotl_to_open_flags(int flags) - { P9_DOTL_LARGEFILE, O_LARGEFILE }, - { P9_DOTL_DIRECTORY, O_DIRECTORY }, - { P9_DOTL_NOFOLLOW, O_NOFOLLOW }, -- { P9_DOTL_NOATIME, O_NOATIME }, - { P9_DOTL_SYNC, O_SYNC }, - }; - diff --git a/pkgs/applications/virtualization/qemu/binfmt-p-wrapper.c b/pkgs/applications/virtualization/qemu/binfmt-p-wrapper.c new file mode 100644 index 0000000000000..f956768862eca --- /dev/null +++ b/pkgs/applications/virtualization/qemu/binfmt-p-wrapper.c @@ -0,0 +1,79 @@ +// This is a tiny wrapper that converts the extra arv[0] argument +// from binfmt-misc with the P flag enabled to QEMU parameters. +// It also prevents LD_* environment variables from being applied +// to QEMU itself. + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#ifndef TARGET_QEMU +#error "Define TARGET_QEMU to be the path to the qemu-user binary (e.g., -DTARGET_QEMU=\"/full/path/to/qemu-riscv64\")" +#endif + +extern char **environ; + +int main(int argc, char *argv[]) { + if (argc < 3) { + fprintf(stderr, "%s: This should be run as the binfmt interpreter with the P flag\n", argv[0]); + fprintf(stderr, "%s: My preconfigured qemu-user binary: %s\n", argv[0], TARGET_QEMU); + return 1; + } + + size_t environ_count = 0; + for (char **cur = environ; *cur != NULL; ++cur) { + environ_count++; + } + + size_t new_argc = 3; + size_t new_argv_alloc = argc + 2 * environ_count + 2; // [ "-E", env ] for each LD_* env + [ "-0", argv0 ] + char **new_argv = (char**)malloc((new_argv_alloc + 1) * sizeof(char*)); + if (!new_argv) { + fprintf(stderr, "FATAL: Failed to allocate new argv array\n"); + abort(); + } + + new_argv[0] = TARGET_QEMU; + new_argv[1] = "-0"; + new_argv[2] = argv[2]; + + // Pass all LD_ env variables as -E and strip them in `new_environ` + size_t new_environc = 0; + char **new_environ = (char**)malloc((environ_count + 1) * sizeof(char*)); + if (!new_environ) { + fprintf(stderr, "FATAL: Failed to allocate new environ array\n"); + abort(); + } + + for (char **cur = environ; *cur != NULL; ++cur) { + if (strncmp("LD_", *cur, 3) == 0) { + new_argv[new_argc++] = "-E"; + new_argv[new_argc++] = *cur; + } else { + new_environ[new_environc++] = *cur; + } + } + new_environ[new_environc] = NULL; + + size_t new_arg_start = new_argc; + new_argc += argc - 3 + 2; // [ "--", full_binary_path ] + + if (argc > 3) { + memcpy(&new_argv[new_arg_start + 2], &argv[3], (argc - 3) * sizeof(char**)); + } + + new_argv[new_arg_start] = "--"; + new_argv[new_arg_start + 1] = argv[1]; + new_argv[new_argc] = NULL; + +#ifdef DEBUG + for (size_t i = 0; i < new_argc; ++i) { + fprintf(stderr, "argv[%zu] = %s\n", i, new_argv[i]); + } +#endif + + return execve(new_argv[0], new_argv, new_environ); +} + +// vim: et:ts=4:sw=4 diff --git a/pkgs/applications/virtualization/qemu/binfmt-p-wrapper.nix b/pkgs/applications/virtualization/qemu/binfmt-p-wrapper.nix new file mode 100644 index 0000000000000..fada14569299b --- /dev/null +++ b/pkgs/applications/virtualization/qemu/binfmt-p-wrapper.nix @@ -0,0 +1,31 @@ +# binfmt preserve-argv[0] wrapper +# +# More details in binfmt-p-wrapper.c +# +# The wrapper has to be static so LD_* environment variables +# cannot affect the execution of the wrapper itself. + +{ lib, stdenv, pkgsStatic, enableDebug ? false }: + +name: emulator: + +pkgsStatic.stdenv.mkDerivation { + inherit name; + + src = ./binfmt-p-wrapper.c; + + dontUnpack = true; + dontInstall = true; + + buildPhase = '' + runHook preBuild + + mkdir -p $out/bin + $CC -o $out/bin/${name} -static -std=c99 -O2 \ + -DTARGET_QEMU=\"${emulator}\" \ + ${lib.optionalString enableDebug "-DDEBUG"} \ + $src + + runHook postBuild + ''; +} diff --git a/pkgs/applications/virtualization/qemu/canokey-qemu.nix b/pkgs/applications/virtualization/qemu/canokey-qemu.nix new file mode 100644 index 0000000000000..9536b91ba5403 --- /dev/null +++ b/pkgs/applications/virtualization/qemu/canokey-qemu.nix @@ -0,0 +1,35 @@ +{ + lib, + stdenv, + fetchFromGitHub, + cmake, +}: +stdenv.mkDerivation rec { + pname = "canokey-qemu"; + version = "unstable-2022-06-23"; + rev = "b70af31229f1858089c3366f71b8d771de4a1e84"; + + src = fetchFromGitHub { + owner = "canokeys"; + repo = "canokey-qemu"; + inherit rev; + fetchSubmodules = true; + hash = "sha256-VJb59K/skx+DhoJs5qGUu070hAjQZC2Z6hAMXuX0bMw="; + }; + + postPatch = '' + substituteInPlace canokey-core/CMakeLists.txt \ + --replace "COMMAND git describe --always --tags --long --abbrev=8 --dirty >>" "COMMAND echo '$rev' >>" + ''; + + outputs = [ "out" "dev" ]; + + nativeBuildInputs = [ cmake ]; + + meta = with lib; { + homepage = "https://github.com/canokeys/canokey-qemu"; + description = "CanoKey QEMU Virt Card"; + license = licenses.asl20; + maintainers = with maintainers; [ oxalica ]; + }; +} diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 477b1603d27d0..c20a2c53d6002 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -1,151 +1,129 @@ -{ lib, stdenv, fetchurl, fetchpatch, python, zlib, pkg-config, glib +{ lib, stdenv, fetchurl, fetchpatch, python3Packages, zlib, pkg-config, glib, buildPackages , perl, pixman, vde2, alsa-lib, texinfo, flex , bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool -, makeWrapper, autoPatchelfHook -, attr, libcap, libcap_ng -, CoreServices, Cocoa, Hypervisor, rez, setfile +, makeWrapper, runtimeShell, removeReferencesTo +, attr, libcap, libcap_ng, socat, libslirp +, CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet +, guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows , numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl , seccompSupport ? stdenv.isLinux, libseccomp , alsaSupport ? lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner , pulseSupport ? !stdenv.isDarwin && !nixosTestRunner, libpulseaudio , sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2, SDL2_image +, jackSupport ? !stdenv.isDarwin && !nixosTestRunner, libjack2 , gtkSupport ? !stdenv.isDarwin && !xenSupport && !nixosTestRunner, gtk3, gettext, vte, wrapGAppsHook , vncSupport ? !nixosTestRunner, libjpeg, libpng , smartcardSupport ? !nixosTestRunner, libcacard -, spiceSupport ? !stdenv.isDarwin && !nixosTestRunner, spice, spice-protocol +, spiceSupport ? true && !nixosTestRunner, spice, spice-protocol , ncursesSupport ? !nixosTestRunner, ncurses , usbredirSupport ? spiceSupport, usbredir , xenSupport ? false, xen , cephSupport ? false, ceph , glusterfsSupport ? false, glusterfs, libuuid -, openGLSupport ? sdlSupport, mesa, epoxy, libdrm +, openGLSupport ? sdlSupport, mesa, libepoxy, libdrm , virglSupport ? openGLSupport, virglrenderer , libiscsiSupport ? true, libiscsi , smbdSupport ? false, samba , tpmSupport ? true +, uringSupport ? stdenv.isLinux, liburing +, canokeySupport ? false, canokey-qemu , hostCpuOnly ? false , hostCpuTargets ? (if hostCpuOnly then (lib.optional stdenv.isx86_64 "i386-softmmu" ++ ["${stdenv.hostPlatform.qemuArch}-softmmu"]) else null) , nixosTestRunner ? false +, doCheck ? false +, qemu # for passthru.tests }: -let - audio = lib.optionalString alsaSupport "alsa," - + lib.optionalString pulseSupport "pa," - + lib.optionalString sdlSupport "sdl,"; - -in - stdenv.mkDerivation rec { pname = "qemu" + lib.optionalString xenSupport "-xen" + lib.optionalString hostCpuOnly "-host-cpu-only" + lib.optionalString nixosTestRunner "-for-vm-tests"; - version = "6.1.0"; + version = "7.2.0"; src = fetchurl { - url= "https://download.qemu.org/qemu-${version}.tar.xz"; - sha256 = "15iw7982g6vc4jy1l9kk1z9sl5bm1bdbwr74y7nvwjs1nffhig7f"; + url = "https://download.qemu.org/qemu-${version}.tar.xz"; + sha256 = "sha256-W0nOJod0Ta1JSukKiYxSIEo0BuhNBySCoeG+hU7rIVc="; }; - nativeBuildInputs = [ makeWrapper python python.pkgs.sphinx python.pkgs.sphinx_rtd_theme pkg-config flex bison meson ninja ] + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + nativeBuildInputs = [ + makeWrapper removeReferencesTo + pkg-config flex bison meson ninja perl + + # Don't change this to python3 and python3.pkgs.*, breaks cross-compilation + python3Packages.python python3Packages.sphinx python3Packages.sphinx-rtd-theme + ] ++ lib.optionals gtkSupport [ wrapGAppsHook ] - ++ lib.optionals stdenv.isLinux [ autoPatchelfHook ] ++ lib.optionals stdenv.isDarwin [ sigtool ]; buildInputs = [ zlib glib perl pixman vde2 texinfo lzo snappy libtasn1 - gnutls nettle curl + gnutls nettle curl libslirp ] ++ lib.optionals ncursesSupport [ ncurses ] - ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ] + ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ] ++ lib.optionals seccompSupport [ libseccomp ] ++ lib.optionals numaSupport [ numactl ] + ++ lib.optionals alsaSupport [ alsa-lib ] ++ lib.optionals pulseSupport [ libpulseaudio ] ++ lib.optionals sdlSupport [ SDL2 SDL2_image ] + ++ lib.optionals jackSupport [ libjack2 ] ++ lib.optionals gtkSupport [ gtk3 gettext vte ] ++ lib.optionals vncSupport [ libjpeg libpng ] ++ lib.optionals smartcardSupport [ libcacard ] ++ lib.optionals spiceSupport [ spice-protocol spice ] ++ lib.optionals usbredirSupport [ usbredir ] - ++ lib.optionals stdenv.isLinux [ alsa-lib libaio libcap_ng libcap attr ] + ++ lib.optionals stdenv.isLinux [ libaio libcap_ng libcap attr ] ++ lib.optionals xenSupport [ xen ] ++ lib.optionals cephSupport [ ceph ] ++ lib.optionals glusterfsSupport [ glusterfs libuuid ] - ++ lib.optionals openGLSupport [ mesa epoxy libdrm ] + ++ lib.optionals openGLSupport [ mesa libepoxy libdrm ] ++ lib.optionals virglSupport [ virglrenderer ] ++ lib.optionals libiscsiSupport [ libiscsi ] - ++ lib.optionals smbdSupport [ samba ]; + ++ lib.optionals smbdSupport [ samba ] + ++ lib.optionals uringSupport [ liburing ] + ++ lib.optionals canokeySupport [ canokey-qemu ]; dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build - outputs = [ "out" "ga" ]; + outputs = [ "out" ] ++ lib.optional guestAgentSupport "ga"; + # On aarch64-linux we would shoot over the Hydra's 2G output limit. + separateDebugInfo = !(stdenv.isAarch64 && stdenv.isLinux); patches = [ ./fix-qemu-ga.patch - ./9p-ignore-noatime.patch + + # QEMU upstream does not demand compatibility to pre-10.13, so 9p-darwin + # support on nix requires utimensat fallback. The patch adding this fallback + # set was removed during the process of upstreaming this functionality, and + # will still be needed in nix until the macOS SDK reaches 10.13+. + ./provide-fallback-for-utimensat.patch # Cocoa clipboard support only works on macOS 10.14+ + ./revert-ui-cocoa-add-clipboard-support.patch + # Standard about panel requires AppKit and macOS 10.13+ (fetchpatch { - url = "https://gitlab.com/qemu-project/qemu/-/commit/7e3e20d89129614f4a7b2451fe321cc6ccca3b76.diff"; - sha256 = "09xz06g57wxbacic617pq9c0qb7nly42gif0raplldn5lw964xl2"; + url = "https://gitlab.com/qemu-project/qemu/-/commit/99eb313ddbbcf73c1adcdadceba1423b691c6d05.diff"; + sha256 = "sha256-gTRf9XENAfbFB3asYCXnw4OV4Af6VE1W56K2xpYDhgM="; revert = true; }) + # Workaround for upstream issue with nested virtualisation: https://gitlab.com/qemu-project/qemu/-/issues/1008 (fetchpatch { - name = "CVE-2021-3713.patch"; # remove with next release - url = "https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a.patch"; - sha256 = "0lkzfc7gdlvj4rz9wk07fskidaqysmx8911g914ds1jnczgk71mf"; - }) - # Fixes a crash that frequently happens in some setups that share /nix/store over 9p like nixos tests - # on some systems. Remove with next release. - (fetchpatch { - name = "fix-crash-in-v9fs_walk.patch"; - url = "https://gitlab.com/qemu-project/qemu/-/commit/f83df00900816476cca41bb536e4d532b297d76e.patch"; - sha256 = "sha256-LYGbBLS5YVgq8Bf7NVk7HBFxXq34NmZRPCEG79JPwk8="; - }) - # Fixes an io error on discard/unmap operation for aio/file backend. Remove with next release. - (fetchpatch { - name = "fix-aio-discard-return-value.patch"; - url = "https://gitlab.com/qemu-project/qemu/-/commit/13a028336f2c05e7ff47dfdaf30dfac7f4883e80.patch"; - sha256 = "sha256-23xVixVl+JDBNdhe5j5WY8CB4MsnUo+sjrkAkG+JS6M="; - }) - ] ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch - ++ lib.optionals stdenv.hostPlatform.isMusl [ - ./sigrtminmax.patch - (fetchpatch { - url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch"; - sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav"; - }) - ] ++ lib.optionals stdenv.isDarwin [ - # The Hypervisor.framework support patch converted something that can be applied: - # * https://patchwork.kernel.org/project/qemu-devel/list/?series=548227 - # The base revision is whatever commit there is before the series starts: - # * https://github.com/patchew-project/qemu/commits/patchew/20210916155404.86958-1-agraf%40csgraf.de - # The target revision is what patchew has as the series tag from patchwork: - # * https://github.com/patchew-project/qemu/releases/tag/patchew%2F20210916155404.86958-1-agraf%40csgraf.de - (fetchpatch { - url = "https://github.com/patchew-project/qemu/compare/7adb961995a3744f51396502b33ad04a56a317c3..d2603c06d9c4a28e714b9b70fe5a9d0c7b0f934d.diff"; - sha256 = "sha256-nSi5pFf9+EefUmyJzSEKeuxOt39ztgkXQyUB8fTHlcY="; + url = "https://gitlab.com/qemu-project/qemu/-/commit/3e4546d5bd38a1e98d4bd2de48631abf0398a3a2.diff"; + sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E="; + revert = true; }) - ]; + ] + ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch; postPatch = '' # Otherwise tries to ensure /var/run exists. - sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \ + sed -i "/install_emptydir(get_option('localstatedir') \/ 'run')/d" \ qga/meson.build - - # glibc 2.33 compat fix: if `has_statx = true` is set, `tools/virtiofsd/passthrough_ll.c` will - # rely on `stx_mnt_id`[1] which is not part of glibc's `statx`-struct definition. - # - # `has_statx` will be set to `true` if a simple C program which uses a few `statx` - # consts & struct fields successfully compiles. It seems as this only builds on glibc-2.33 - # since most likely[2] and because of that, the problematic code-path will be used. - # - # [1] https://github.com/torvalds/linux/commit/fa2fcf4f1df1559a0a4ee0f46915b496cc2ebf60#diff-64bab5a0a3fcb55e1a6ad77b1dfab89d2c9c71a770a07ecf44e6b82aae76a03a - # [2] https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=io/bits/statx-generic.h;h=c34697e3c1fd79cddd60db294302e461ed8db6e2;hp=7a09e94be2abb92d2df612090c132e686a24d764;hb=88a2cf6c4bab6e94a65e9c0db8813709372e9180;hpb=c4e4b2e149705559d28b16a9b47ba2f6142d6a6c - substituteInPlace meson.build \ - --replace 'has_statx = cc.links(statx_test)' 'has_statx = false' ''; preConfigure = '' @@ -159,25 +137,26 @@ stdenv.mkDerivation rec { --replace '$source_path/VERSION' '$source_path/QEMU_VERSION' substituteInPlace meson.build \ --replace "'VERSION'" "'QEMU_VERSION'" - '' + lib.optionalString stdenv.hostPlatform.isMusl '' - NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H" ''; configureFlags = [ - "--audio-drv-list=${audio}" + "--disable-strip" # We'll strip ourselves after separating debug info. "--enable-docs" "--enable-tools" - "--enable-guest-agent" "--localstatedir=/var" "--sysconfdir=/etc" + # Always use our Meson, not the bundled version, which doesn't + # have our patches and will be subtly broken because of that. + "--meson=meson" + "--cross-prefix=${stdenv.cc.targetPrefix}" + (lib.enableFeature guestAgentSupport "guest-agent") ] ++ lib.optional numaSupport "--enable-numa" ++ lib.optional seccompSupport "--enable-seccomp" ++ lib.optional smartcardSupport "--enable-smartcard" ++ lib.optional spiceSupport "--enable-spice" ++ lib.optional usbredirSupport "--enable-usb-redir" ++ lib.optional (hostCpuTargets != null) "--target-list=${lib.concatStringsSep "," hostCpuTargets}" - ++ lib.optional stdenv.isDarwin "--enable-cocoa" - ++ lib.optional stdenv.isDarwin "--enable-hvf" + ++ lib.optionals stdenv.isDarwin [ "--enable-cocoa" "--enable-hvf" ] ++ lib.optional stdenv.isLinux "--enable-linux-aio" ++ lib.optional gtkSupport "--enable-gtk" ++ lib.optional xenSupport "--enable-xen" @@ -187,9 +166,10 @@ stdenv.mkDerivation rec { ++ lib.optional virglSupport "--enable-virglrenderer" ++ lib.optional tpmSupport "--enable-tpm" ++ lib.optional libiscsiSupport "--enable-libiscsi" - ++ lib.optional smbdSupport "--smbd=${samba}/bin/smbd"; + ++ lib.optional smbdSupport "--smbd=${samba}/bin/smbd" + ++ lib.optional uringSupport "--enable-linux-io-uring" + ++ lib.optional canokeySupport "--enable-canokey"; - doCheck = false; # tries to access /dev dontWrapGApps = true; # QEMU attaches entitlements with codesign and strip removes those, @@ -201,10 +181,12 @@ stdenv.mkDerivation rec { postFixup = '' # the .desktop is both invalid and pointless rm -f $out/share/applications/qemu.desktop - - # copy qemu-ga (guest agent) to separate output + '' + lib.optionalString guestAgentSupport '' + # move qemu-ga (guest agent) to separate output mkdir -p $ga/bin - cp $out/bin/qemu-ga $ga/bin/ + mv $out/bin/qemu-ga $ga/bin/ + ln -s $ga/bin/qemu-ga $out/bin + remove-references-to -t $out $ga/bin/qemu-ga '' + lib.optionalString gtkSupport '' # wrap GTK Binaries for f in $out/bin/qemu-system-*; do @@ -213,17 +195,51 @@ stdenv.mkDerivation rec { ''; preBuild = "cd build"; + # tests can still timeout on slower systems + inherit doCheck; + nativeCheckInputs = [ socat ]; + preCheck = '' + # time limits are a little meagre for a build machine that's + # potentially under load. + substituteInPlace ../tests/unit/meson.build \ + --replace 'timeout: slow_tests' 'timeout: 50 * slow_tests' + substituteInPlace ../tests/qtest/meson.build \ + --replace 'timeout: slow_qtests' 'timeout: 50 * slow_qtests' + substituteInPlace ../tests/fp/meson.build \ + --replace 'timeout: 90)' 'timeout: 300)' + + # point tests towards correct binaries + substituteInPlace ../tests/unit/test-qga.c \ + --replace '/bin/echo' "$(type -P echo)" + substituteInPlace ../tests/unit/test-io-channel-command.c \ + --replace '/bin/socat' "$(type -P socat)" + + # combined with a long package name, some temp socket paths + # can end up exceeding max socket name len + substituteInPlace ../tests/qtest/bios-tables-test.c \ + --replace 'qemu-test_acpi_%s_tcg_%s' '%s_%s' + + # get-fsinfo attempts to access block devices, disallowed by sandbox + sed -i -e '/\/qga\/get-fsinfo/d' -e '/\/qga\/blacklist/d' \ + ../tests/unit/test-qga.c + '' + lib.optionalString stdenv.isDarwin '' + # skip test that stalls on darwin, perhaps due to subtle differences + # in fifo behaviour + substituteInPlace ../tests/unit/meson.build \ + --replace "'test-io-channel-command'" "#'test-io-channel-command'" + ''; + # Add a ‘qemu-kvm’ wrapper for compatibility/convenience. postInstall = '' - if [ -x $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} ]; then - makeWrapper $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} \ - $out/bin/qemu-kvm \ - --add-flags "\$([ -e /dev/kvm ] && echo -enable-kvm)" - fi + ln -s $out/libexec/virtiofsd $out/bin + ln -s $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} $out/bin/qemu-kvm ''; passthru = { qemu-system-i386 = "bin/qemu-system-i386"; + tests = { + qemu-tests = qemu.override { doCheck = true; }; + }; }; # Builds in ~3h with 2 cores, and ~20m with a big-parallel builder. @@ -233,7 +249,9 @@ stdenv.mkDerivation rec { homepage = "http://www.qemu.org/"; description = "A generic and open source machine emulator and virtualizer"; license = licenses.gpl2Plus; + mainProgram = "qemu-kvm"; maintainers = with maintainers; [ eelco qyliss ]; platforms = platforms.unix; + priority = 10; # Prefer virtiofsd from the virtiofsd package. }; } diff --git a/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch b/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch index 0b2dd0ee5ece3..94dec69168002 100644 --- a/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch +++ b/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch @@ -1,16 +1,17 @@ -diff -Naur a/qga/commands-posix.c b/qga/commands-posix.c ---- a/qga/commands-posix.c -+++ b/qga/commands-posix.c -@@ -109,6 +109,8 @@ - reopen_fd_to_null(1); - reopen_fd_to_null(2); - -+ execle("/run/current-system/sw/bin/shutdown", "shutdown", "-h", shutdown_flag, "+0", -+ "hypervisor initiated shutdown", (char*)NULL, environ); - execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", - "hypervisor initiated shutdown", (char*)NULL, environ); - _exit(EXIT_FAILURE); -@@ -157,11 +159,13 @@ +diff --git i/qga/commands-posix.c w/qga/commands-posix.c +index 954efed01b..39c4b916ce 100644 +--- i/qga/commands-posix.c ++++ w/qga/commands-posix.c +@@ -123,6 +123,8 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + execl("/sbin/shutdown", "shutdown", shutdown_flag, "-g0", "-y", + "hypervisor initiated shutdown", (char *)NULL); + #else ++ execl("/run/current-system/sw/bin/shutdown", "shutdown", "-h", shutdown_flag, "+0", ++ "hypervisor initiated shutdown", (char *)NULL); + execl("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", + "hypervisor initiated shutdown", (char *)NULL); + #endif +@@ -158,11 +160,13 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp) pid_t pid; Error *local_err = NULL; struct timeval tv; @@ -25,12 +26,11 @@ diff -Naur a/qga/commands-posix.c b/qga/commands-posix.c } if (!hwclock_available) { -@@ -207,6 +211,8 @@ +@@ -208,6 +212,7 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp) /* Use '/sbin/hwclock -w' to set RTC from the system time, * or '/sbin/hwclock -s' to set the system time from RTC. */ -+ execle(hwclock_path_nix, "hwclock", has_time ? "-w" : "-s", -+ NULL, environ); - execle(hwclock_path, "hwclock", has_time ? "-w" : "-s", - NULL, environ); ++ execl(hwclock_path_nix, "hwclock", has_time ? "-w" : "-s", NULL); + execl(hwclock_path, "hwclock", has_time ? "-w" : "-s", NULL); _exit(EXIT_FAILURE); + } else if (pid < 0) { diff --git a/pkgs/applications/virtualization/qemu/provide-fallback-for-utimensat.patch b/pkgs/applications/virtualization/qemu/provide-fallback-for-utimensat.patch new file mode 100644 index 0000000000000..98cc09d720032 --- /dev/null +++ b/pkgs/applications/virtualization/qemu/provide-fallback-for-utimensat.patch @@ -0,0 +1,190 @@ +From 747a741772cde6bb340eb8bdb493390280de8d16 Mon Sep 17 00:00:00 2001 +From: Keno Fischer <keno@juliacomputing.com> +Date: Sat, 16 Jun 2018 20:56:54 -0400 +Subject: [PATCH] 9p: darwin: Provide fallback impl for utimensat + +This function is new in Mac OS 10.13. Provide a fallback implementation +when building against older SDKs. The complication in the definition comes +having to separately handle the used SDK version and the target OS version. + +- If the SDK version is too low (__MAC_10_13 not defined), utimensat is not + defined in the header, so we must not try to use it (doing so would error). +- Otherwise, if the targetted OS version is at least 10.13, we know this + function is available, so we can unconditionally call it. +- Lastly, we check for the availability of the __builtin_available macro to + potentially insert a dynamic check for this OS version. However, __builtin_available + is only available with sufficiently recent versions of clang and while all + Apple clang versions that ship with Xcode versions that support the 10.13 + SDK support with builtin, we want to allow building with compilers other + than Apple clang that may not support this builtin. + +Signed-off-by: Keno Fischer <keno@juliacomputing.com> +Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com> +Signed-off-by: Will Cohen <wwcohen@gmail.com> +--- + hw/9pfs/9p-local.c | 2 +- + hw/9pfs/9p-util-darwin.c | 96 ++++++++++++++++++++++++++++++++++++++++ + hw/9pfs/9p-util-linux.c | 6 +++ + hw/9pfs/9p-util.h | 8 ++++ + 4 files changed, 111 insertions(+), 1 deletion(-) + +diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c +index d42ce6d8b8..b2c1fa42e1 100644 +--- a/hw/9pfs/9p-local.c ++++ b/hw/9pfs/9p-local.c +@@ -1085,7 +1085,7 @@ static int local_utimensat(FsContext *s, V9fsPath *fs_path, + goto out; + } + +- ret = utimensat(dirfd, name, buf, AT_SYMLINK_NOFOLLOW); ++ ret = utimensat_nofollow(dirfd, name, buf); + close_preserve_errno(dirfd); + out: + g_free(dirpath); +diff --git a/hw/9pfs/9p-util-darwin.c b/hw/9pfs/9p-util-darwin.c +index bec0253474..2fc0475292 100644 +--- a/hw/9pfs/9p-util-darwin.c ++++ b/hw/9pfs/9p-util-darwin.c +@@ -95,3 +95,99 @@ int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t dev) + } + + #endif ++ ++#ifndef __has_builtin ++#define __has_builtin(x) 0 ++#endif ++ ++static int update_times_from_stat(int fd, struct timespec times[2], ++ int update0, int update1) ++{ ++ struct stat buf; ++ int ret = fstat(fd, &buf); ++ if (ret == -1) { ++ return ret; ++ } ++ if (update0) { ++ times[0] = buf.st_atimespec; ++ } ++ if (update1) { ++ times[1] = buf.st_mtimespec; ++ } ++ return 0; ++} ++ ++int utimensat_nofollow(int dirfd, const char *filename, ++ const struct timespec times_in[2]) ++{ ++ int ret, fd; ++ int special0, special1; ++ struct timeval futimes_buf[2]; ++ struct timespec times[2]; ++ memcpy(times, times_in, 2 * sizeof(struct timespec)); ++ ++/* Check whether we have an SDK version that defines utimensat */ ++#if defined(__MAC_10_13) ++# if __MAC_OS_X_VERSION_MIN_REQUIRED >= __MAC_10_13 ++# define UTIMENSAT_AVAILABLE 1 ++# elif __has_builtin(__builtin_available) ++# define UTIMENSAT_AVAILABLE __builtin_available(macos 10.13, *) ++# else ++# define UTIMENSAT_AVAILABLE 0 ++# endif ++ if (UTIMENSAT_AVAILABLE) { ++ return utimensat(dirfd, filename, times, AT_SYMLINK_NOFOLLOW); ++ } ++#endif ++ ++ /* utimensat not available. Use futimes. */ ++ fd = openat_file(dirfd, filename, O_PATH_9P_UTIL | O_NOFOLLOW, 0); ++ if (fd == -1) { ++ return -1; ++ } ++ ++ special0 = times[0].tv_nsec == UTIME_OMIT; ++ special1 = times[1].tv_nsec == UTIME_OMIT; ++ if (special0 || special1) { ++ /* If both are set, nothing to do */ ++ if (special0 && special1) { ++ ret = 0; ++ goto done; ++ } ++ ++ ret = update_times_from_stat(fd, times, special0, special1); ++ if (ret < 0) { ++ goto done; ++ } ++ } ++ ++ special0 = times[0].tv_nsec == UTIME_NOW; ++ special1 = times[1].tv_nsec == UTIME_NOW; ++ if (special0 || special1) { ++ ret = futimes(fd, NULL); ++ if (ret < 0) { ++ goto done; ++ } ++ ++ /* If both are set, we are done */ ++ if (special0 && special1) { ++ ret = 0; ++ goto done; ++ } ++ ++ ret = update_times_from_stat(fd, times, special0, special1); ++ if (ret < 0) { ++ goto done; ++ } ++ } ++ ++ futimes_buf[0].tv_sec = times[0].tv_sec; ++ futimes_buf[0].tv_usec = times[0].tv_nsec / 1000; ++ futimes_buf[1].tv_sec = times[1].tv_sec; ++ futimes_buf[1].tv_usec = times[1].tv_nsec / 1000; ++ ret = futimes(fd, futimes_buf); ++ ++done: ++ close_preserve_errno(fd); ++ return ret; ++} +diff --git a/hw/9pfs/9p-util-linux.c b/hw/9pfs/9p-util-linux.c +index db451b0784..320697f347 100644 +--- a/hw/9pfs/9p-util-linux.c ++++ b/hw/9pfs/9p-util-linux.c +@@ -68,3 +68,9 @@ int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t dev) + { + return mknodat(dirfd, filename, mode, dev); + } ++ ++int utimensat_nofollow(int dirfd, const char *filename, ++ const struct timespec times[2]) ++{ ++ return utimensat(dirfd, filename, times, AT_SYMLINK_NOFOLLOW); ++} +diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h +index 97e681e167..fd50d6243a 100644 +--- a/hw/9pfs/9p-util.h ++++ b/hw/9pfs/9p-util.h +@@ -36,6 +36,12 @@ static inline int qemu_lsetxattr(const char *path, const char *name, + #define qemu_lsetxattr lsetxattr + #endif + ++/* Compatibility with old SDK Versions for Darwin */ ++#if defined(CONFIG_DARWIN) && !defined(UTIME_NOW) ++#define UTIME_NOW -1 ++#define UTIME_OMIT -2 ++#endif ++ + static inline void close_preserve_errno(int fd) + { + int serrno = errno; +@@ -98,6 +104,8 @@ ssize_t flistxattrat_nofollow(int dirfd, const char *filename, + char *list, size_t size); + ssize_t fremovexattrat_nofollow(int dirfd, const char *filename, + const char *name); ++int utimensat_nofollow(int dirfd, const char *filename, ++ const struct timespec times[2]); + + /* + * Darwin has d_seekoff, which appears to function similarly to d_off. +-- +2.35.1 + diff --git a/pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch b/pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch new file mode 100644 index 0000000000000..d0e511c0403d7 --- /dev/null +++ b/pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch @@ -0,0 +1,200 @@ +Based on a reversion of upstream 7e3e20d89129614f4a7b2451fe321cc6ccca3b76, +adapted for 7.2.0 + +diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h +index ce76aa451f..c4e1dc4ff4 100644 +--- a/include/ui/clipboard.h ++++ b/include/ui/clipboard.h +@@ -269,7 +269,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, + QemuClipboardInfo *info, + QemuClipboardType type, + uint32_t size, +- const void *data, ++ void *data, + bool update); + + G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuClipboardInfo, qemu_clipboard_info_unref) +diff --git a/ui/clipboard.c b/ui/clipboard.c +index 3d14bffaf8..2c3f4c3ba0 100644 +--- a/ui/clipboard.c ++++ b/ui/clipboard.c +@@ -154,7 +154,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, + QemuClipboardInfo *info, + QemuClipboardType type, + uint32_t size, +- const void *data, ++ void *data, + bool update) + { + if (!info || +diff --git a/ui/cocoa.m b/ui/cocoa.m +index 660d3e0935..0e6760c360 100644 +--- a/ui/cocoa.m ++++ b/ui/cocoa.m +@@ -29,7 +29,6 @@ + + #include "qemu/help-texts.h" + #include "qemu-main.h" +-#include "ui/clipboard.h" + #include "ui/console.h" + #include "ui/input.h" + #include "ui/kbd-state.h" +@@ -105,10 +104,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, + + static bool allow_events; + +-static NSInteger cbchangecount = -1; +-static QemuClipboardInfo *cbinfo; +-static QemuEvent cbevent; +- + // Utility functions to run specified code block with iothread lock held + typedef void (^CodeBlock)(void); + typedef bool (^BoolCodeBlock)(void); +@@ -1799,107 +1794,6 @@ static void addRemovableDevicesMenuItems(void) + qapi_free_BlockInfoList(pointerToFree); + } + +-@interface QemuCocoaPasteboardTypeOwner : NSObject<NSPasteboardTypeOwner> +-@end +- +-@implementation QemuCocoaPasteboardTypeOwner +- +-- (void)pasteboard:(NSPasteboard *)sender provideDataForType:(NSPasteboardType)type +-{ +- if (type != NSPasteboardTypeString) { +- return; +- } +- +- with_iothread_lock(^{ +- QemuClipboardInfo *info = qemu_clipboard_info_ref(cbinfo); +- qemu_event_reset(&cbevent); +- qemu_clipboard_request(info, QEMU_CLIPBOARD_TYPE_TEXT); +- +- while (info == cbinfo && +- info->types[QEMU_CLIPBOARD_TYPE_TEXT].available && +- info->types[QEMU_CLIPBOARD_TYPE_TEXT].data == NULL) { +- qemu_mutex_unlock_iothread(); +- qemu_event_wait(&cbevent); +- qemu_mutex_lock_iothread(); +- } +- +- if (info == cbinfo) { +- NSData *data = [[NSData alloc] initWithBytes:info->types[QEMU_CLIPBOARD_TYPE_TEXT].data +- length:info->types[QEMU_CLIPBOARD_TYPE_TEXT].size]; +- [sender setData:data forType:NSPasteboardTypeString]; +- [data release]; +- } +- +- qemu_clipboard_info_unref(info); +- }); +-} +- +-@end +- +-static QemuCocoaPasteboardTypeOwner *cbowner; +- +-static void cocoa_clipboard_notify(Notifier *notifier, void *data); +-static void cocoa_clipboard_request(QemuClipboardInfo *info, +- QemuClipboardType type); +- +-static QemuClipboardPeer cbpeer = { +- .name = "cocoa", +- .notifier = { .notify = cocoa_clipboard_notify }, +- .request = cocoa_clipboard_request +-}; +- +-static void cocoa_clipboard_update_info(QemuClipboardInfo *info) +-{ +- if (info->owner == &cbpeer || info->selection != QEMU_CLIPBOARD_SELECTION_CLIPBOARD) { +- return; +- } +- +- if (info != cbinfo) { +- NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; +- qemu_clipboard_info_unref(cbinfo); +- cbinfo = qemu_clipboard_info_ref(info); +- cbchangecount = [[NSPasteboard generalPasteboard] declareTypes:@[NSPasteboardTypeString] owner:cbowner]; +- [pool release]; +- } +- +- qemu_event_set(&cbevent); +-} +- +-static void cocoa_clipboard_notify(Notifier *notifier, void *data) +-{ +- QemuClipboardNotify *notify = data; +- +- switch (notify->type) { +- case QEMU_CLIPBOARD_UPDATE_INFO: +- cocoa_clipboard_update_info(notify->info); +- return; +- case QEMU_CLIPBOARD_RESET_SERIAL: +- /* ignore */ +- return; +- } +-} +- +-static void cocoa_clipboard_request(QemuClipboardInfo *info, +- QemuClipboardType type) +-{ +- NSAutoreleasePool *pool; +- NSData *text; +- +- switch (type) { +- case QEMU_CLIPBOARD_TYPE_TEXT: +- pool = [[NSAutoreleasePool alloc] init]; +- text = [[NSPasteboard generalPasteboard] dataForType:NSPasteboardTypeString]; +- if (text) { +- qemu_clipboard_set_data(&cbpeer, info, type, +- [text length], [text bytes], true); +- } +- [pool release]; +- break; +- default: +- break; +- } +-} +- + /* + * The startup process for the OSX/Cocoa UI is complicated, because + * OSX insists that the UI runs on the initial main thread, and so we +@@ -1922,7 +1816,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info, + status = qemu_default_main(); + qemu_mutex_unlock_iothread(); + COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n"); +- [cbowner release]; + exit(status); + } + +@@ -2003,18 +1896,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl) + [cocoaView setAbsoluteEnabled:YES]; + }); + } +- +- if (cbchangecount != [[NSPasteboard generalPasteboard] changeCount]) { +- qemu_clipboard_info_unref(cbinfo); +- cbinfo = qemu_clipboard_info_new(&cbpeer, QEMU_CLIPBOARD_SELECTION_CLIPBOARD); +- if ([[NSPasteboard generalPasteboard] availableTypeFromArray:@[NSPasteboardTypeString]]) { +- cbinfo->types[QEMU_CLIPBOARD_TYPE_TEXT].available = true; +- } +- qemu_clipboard_update(cbinfo); +- cbchangecount = [[NSPasteboard generalPasteboard] changeCount]; +- qemu_event_set(&cbevent); +- } +- + [pool release]; + } + +@@ -2071,12 +1952,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) + + // register vga output callbacks + register_displaychangelistener(&dcl); +- +- qemu_event_init(&cbevent, false); +- cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init]; +- qemu_clipboard_peer_register(&cbpeer); +- +- [pool release]; + } + + static QemuDisplay qemu_display_cocoa = { diff --git a/pkgs/applications/virtualization/qemu/sigrtminmax.patch b/pkgs/applications/virtualization/qemu/sigrtminmax.patch deleted file mode 100644 index 41050447ac647..0000000000000 --- a/pkgs/applications/virtualization/qemu/sigrtminmax.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2697fcc42546e814a2d2617671cb8398b15256fb Mon Sep 17 00:00:00 2001 -From: Will Dietz <w@wdtz.org> -Date: Fri, 17 Aug 2018 00:22:35 -0500 -Subject: [PATCH] quick port __SIGRTMIN/__SIGRTMAX patch for qemu 3.0 - ---- - linux-user/signal.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/linux-user/signal.c b/linux-user/signal.c -index 602b631b92..87f9240134 100644 ---- a/linux-user/signal.c -+++ b/linux-user/signal.c -@@ -26,6 +26,13 @@ - #include "trace.h" - #include "signal-common.h" - -+#ifndef __SIGRTMIN -+#define __SIGRTMIN 32 -+#endif -+#ifndef __SIGRTMAX -+#define __SIGRTMAX (NSIG-1) -+#endif -+ - struct target_sigaltstack target_sigaltstack_used = { - .ss_sp = 0, - .ss_size = 0, --- -2.18.0 - diff --git a/pkgs/applications/virtualization/qemu/utils.nix b/pkgs/applications/virtualization/qemu/utils.nix index 90783039a1a0b..f5998efea0e52 100644 --- a/pkgs/applications/virtualization/qemu/utils.nix +++ b/pkgs/applications/virtualization/qemu/utils.nix @@ -1,11 +1,12 @@ -{ stdenv, installShellFiles, qemu }: +{ stdenv, installShellFiles, qemu, removeReferencesTo }: stdenv.mkDerivation rec { - name = "qemu-utils-${version}"; - version = qemu.version; + pname = "qemu-utils"; + inherit (qemu) version; nativeBuildInputs = [ installShellFiles ]; buildInputs = [ qemu ]; + disallowedRequisites = [ qemu ]; unpackPhase = "true"; installPhase = '' @@ -13,6 +14,7 @@ stdenv.mkDerivation rec { cp "${qemu}/bin/qemu-img" "$out/bin/qemu-img" cp "${qemu}/bin/qemu-io" "$out/bin/qemu-io" cp "${qemu}/bin/qemu-nbd" "$out/bin/qemu-nbd" + ${removeReferencesTo}/bin/remove-references-to -t ${qemu} $out/bin/* installManPage ${qemu}/share/man/man1/qemu-img.1.gz installManPage ${qemu}/share/man/man8/qemu-nbd.8.gz diff --git a/pkgs/applications/virtualization/quickgui/default.nix b/pkgs/applications/virtualization/quickgui/default.nix new file mode 100644 index 0000000000000..9c4de021f2560 --- /dev/null +++ b/pkgs/applications/virtualization/quickgui/default.nix @@ -0,0 +1,48 @@ +{ stdenv +, lib +, fetchurl +, autoPatchelfHook +, dpkg +, wrapGAppsHook +}: + +stdenv.mkDerivation rec { + pname = "quickgui"; + version = "1.2.8"; + + src = fetchurl { + url = "https://github.com/quickemu-project/quickgui/releases/download/v${version}/quickgui_${version}-1_lunar1.0_amd64.deb"; + sha256 = "sha256-crnV7OWH5UbkMM/TxTIOlXmvqBgjFmQG7RxameMOjH0="; + }; + + nativeBuildInputs = [ + autoPatchelfHook + dpkg + ]; + + buildInputs = [ + wrapGAppsHook + ]; + + unpackCmd = "dpkg-deb -x $curSrc source"; + + installPhase = '' + runHook preInstall + + mv usr $out + substituteInPlace $out/share/applications/quickgui.desktop \ + --replace "/usr" $out + + runHook postInstall + ''; + + meta = { + description = "A Flutter frontend for quickemu"; + homepage = "https://github.com/quickemu-project/quickgui"; + changelog = "https://github.com/quickemu-project/quickgui/releases/tag/v${version}"; + maintainers = [ lib.maintainers.heyimnova ]; + platforms = lib.platforms.linux; + sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; + mainProgram = "quickgui"; + }; +} diff --git a/pkgs/applications/virtualization/railcar/cargo-lock.patch b/pkgs/applications/virtualization/railcar/cargo-lock.patch deleted file mode 100644 index bb9d5420f32a8..0000000000000 --- a/pkgs/applications/virtualization/railcar/cargo-lock.patch +++ /dev/null @@ -1,435 +0,0 @@ -From 97e1e2ca82c20317a6de1f345d2fb0adcde0b7fd Mon Sep 17 00:00:00 2001 -From: Katharina Fey <kookie@spacekookie.de> -Date: Mon, 10 Dec 2018 17:42:58 +0100 -Subject: [PATCH] Adding `Cargo.lock` for release `v1.0.4` - ---- - Cargo.lock | 416 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 416 insertions(+) - create mode 100644 Cargo.lock - -diff --git a/Cargo.lock b/Cargo.lock -new file mode 100644 -index 0000000..bf6aa0e ---- /dev/null -+++ b/Cargo.lock -@@ -0,0 +1,416 @@ -+[[package]] -+name = "ansi_term" -+version = "0.11.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "atty" -+version = "0.2.11" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "backtrace" -+version = "0.3.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "backtrace-sys" -+version = "0.1.24" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "bitflags" -+version = "0.7.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "bitflags" -+version = "1.0.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "caps" -+version = "0.0.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", -+ "enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", -+ "error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "cc" -+version = "1.0.25" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "cfg-if" -+version = "0.1.6" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "clap" -+version = "2.32.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", -+ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", -+ "strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", -+ "vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "custom_derive" -+version = "0.1.7" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "dtoa" -+version = "0.4.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "enum_derive" -+version = "0.1.7" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "error-chain" -+version = "0.8.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "error-chain" -+version = "0.10.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "itoa" -+version = "0.3.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "lazy_static" -+version = "0.2.11" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "libc" -+version = "0.2.45" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "log" -+version = "0.3.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "log" -+version = "0.4.6" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "nix" -+version = "0.8.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "nix" -+version = "0.12.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "num-traits" -+version = "0.1.43" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "num-traits" -+version = "0.2.6" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "oci" -+version = "0.1.0" -+dependencies = [ -+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "prctl" -+version = "1.0.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "quote" -+version = "0.3.15" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "railcar" -+version = "1.0.4" -+dependencies = [ -+ "caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", -+ "nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", -+ "oci 0.1.0", -+ "prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "redox_syscall" -+version = "0.1.43" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "redox_termios" -+version = "0.1.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "rustc-demangle" -+version = "0.1.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "scopeguard" -+version = "0.3.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "seccomp-sys" -+version = "0.1.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "serde" -+version = "0.9.15" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "serde_codegen_internals" -+version = "0.14.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "serde_derive" -+version = "0.9.15" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "serde_json" -+version = "0.9.10" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", -+ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "strsim" -+version = "0.7.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "syn" -+version = "0.11.11" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", -+ "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "synom" -+version = "0.11.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "termion" -+version = "1.5.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", -+ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", -+ "redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "textwrap" -+version = "0.10.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "unicode-width" -+version = "0.1.5" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "unicode-xid" -+version = "0.0.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "vec_map" -+version = "0.8.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "void" -+version = "1.0.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "winapi" -+version = "0.3.6" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "winapi-i686-pc-windows-gnu" -+version = "0.4.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "winapi-x86_64-pc-windows-gnu" -+version = "0.4.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[metadata] -+"checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" -+"checksum atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "9a7d5b8723950951411ee34d271d99dddcc2035a16ab25310ea2c8cfd4369652" -+"checksum backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "89a47830402e9981c5c41223151efcced65a0510c13097c769cede7efb34782a" -+"checksum backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)" = "c66d56ac8dabd07f6aacdaf633f4b8262f5b3601a810a0dcddffd5c22c69daa0" -+"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d" -+"checksum bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "228047a76f468627ca71776ecdebd732a3423081fcf5125585bcd7c49886ce12" -+"checksum caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2c238ba41e8d1d354c8576228110585046ae379efd7af972932993d5c1d41c7d" -+"checksum cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)" = "f159dfd43363c4d08055a07703eb7a3406b0dac4d0584d96965a3262db3c9d16" -+"checksum cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "082bb9b28e00d3c9d39cc03e64ce4cea0f1bb9b3fde493f0cbc008472d22bdf4" -+"checksum clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b957d88f4b6a63b9d70d5f454ac8011819c6efa7727858f458ab71c756ce2d3e" -+"checksum custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "ef8ae57c4978a2acd8b869ce6b9ca1dfe817bff704c220209fdef2c0b75a01b9" -+"checksum dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6d301140eb411af13d3115f9a562c85cc6b541ade9dfa314132244aaee7489dd" -+"checksum enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "406ac2a8c9eedf8af9ee1489bee9e50029278a6456c740f7454cf8a158abc816" -+"checksum error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9435d864e017c3c6afeac1654189b06cdb491cf2ff73dbf0d73b0f292f42ff8" -+"checksum error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6930e04918388a9a2e41d518c25cf679ccafe26733fb4127dbf21993f2575d46" -+"checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c" -+"checksum lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73" -+"checksum libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)" = "2d2857ec59fadc0773853c664d2d18e7198e83883e7060b63c924cb077bd5c74" -+"checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b" -+"checksum log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c84ec4b527950aa83a329754b01dbe3f58361d1c5efacd1f6d68c494d08a17c6" -+"checksum nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "921f61dc817b379d0834e45d5ec45beaacfae97082090a49c2cf30dcbc30206f" -+"checksum nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "47e49f6982987135c5e9620ab317623e723bd06738fd85377e8d55f57c8b6487" -+"checksum num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31" -+"checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1" -+"checksum prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52" -+"checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a" -+"checksum redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "679da7508e9a6390aeaf7fbd02a800fdc64b73fe2204dd2c8ae66d22d9d5ad5d" -+"checksum redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7e891cfe48e9100a70a3b6eb652fef28920c117d366339687bd5576160db0f76" -+"checksum rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "bcfe5b13211b4d78e5c2cadfebd7769197d95c639c35a50057eb4c05de811395" -+"checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27" -+"checksum seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d4082b110d25cf281ddbf78dc56e1a65c929fd72ac6c2deb1a4c20a23999dfa" -+"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af" -+"checksum serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bc888bd283bd2420b16ad0d860e35ad8acb21941180a83a189bb2046f9d00400" -+"checksum serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "978fd866f4d4872084a81ccc35e275158351d3b9fe620074e7d7504b816b74ba" -+"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1" -+"checksum strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bb4f380125926a99e52bc279241539c018323fab05ad6368b56f93d9369ff550" -+"checksum syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)" = "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad" -+"checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6" -+"checksum termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "689a3bdfaab439fd92bc87df5c4c78417d3cbe537487274e9b0b2dce76e92096" -+"checksum textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "307686869c93e71f94da64286f9a9524c0f308a9e1c87a583de8e9c9039ad3f6" -+"checksum unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "882386231c45df4700b275c7ff55b6f3698780a650026380e72dabe76fa46526" -+"checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc" -+"checksum vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a" -+"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" -+"checksum winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "92c1eb33641e276cfa214a0522acad57be5c56b10cb348b3c5117db75f3ac4b0" -+"checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" -+"checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" --- -2.17.2 - diff --git a/pkgs/applications/virtualization/railcar/default.nix b/pkgs/applications/virtualization/railcar/default.nix deleted file mode 100644 index 3c7dc0a7d24e3..0000000000000 --- a/pkgs/applications/virtualization/railcar/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, fetchFromGitHub, rustPlatform, libseccomp }: - -rustPlatform.buildRustPackage rec { - pname = "railcar"; - version = "1.0.4"; - - src = fetchFromGitHub { - owner = "oracle"; - repo = "railcar"; - rev = "v${version}"; - sha256 = "09zn160qxd7760ii6rs5nhr00qmaz49x1plclscznxh9hinyjyh9"; - }; - - # Submitted upstream https://github.com/oracle/railcar/pull/44 - cargoPatches = [ ./cargo-lock.patch ]; - cargoSha256 = "1zsch6gpbw96j5wa68ksbk4x6nbsl7dbvdhdprljpcyrwwkhz47x"; - - buildInputs = [ libseccomp ]; - - meta = with lib; { - description = "Rust implementation of the Open Containers Initiative oci-runtime"; - homepage = "https://github.com/oracle/railcar"; - license = with licenses; [ asl20 /* or */ upl ]; - maintainers = [ maintainers.spacekookie ]; - }; -} diff --git a/pkgs/applications/virtualization/runc/default.nix b/pkgs/applications/virtualization/runc/default.nix index 6b0764e04ba52..5ea14cae03352 100644 --- a/pkgs/applications/virtualization/runc/default.nix +++ b/pkgs/applications/virtualization/runc/default.nix @@ -6,7 +6,6 @@ , pkg-config , which , libapparmor -, apparmor-parser , libseccomp , libselinux , makeWrapper @@ -16,13 +15,13 @@ buildGoModule rec { pname = "runc"; - version = "1.0.2"; + version = "1.1.4"; src = fetchFromGitHub { owner = "opencontainers"; repo = "runc"; rev = "v${version}"; - sha256 = "sha256-l+Uq7aiXFrI+qbKSOZpYFIXz0VJBBR7ZZxlAJeGb7K4="; + sha256 = "sha256-ougJHW1Z+qZ324P8WpZqawY1QofKnn8WezP7orzRTdA="; }; vendorSha256 = null; diff --git a/pkgs/applications/virtualization/rvvm/default.nix b/pkgs/applications/virtualization/rvvm/default.nix new file mode 100644 index 0000000000000..54f3cf7700be8 --- /dev/null +++ b/pkgs/applications/virtualization/rvvm/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, fetchFromGitHub, SDL_compat }: + +stdenv.mkDerivation rec { + pname = "rvvm"; + version = "unstable-2023-01-25"; + + src = fetchFromGitHub { + owner = "LekKit"; + repo = "RVVM"; + rev = "4de27d7083db34bd074b4f056d6eb3871ccf5c10"; + sha256 = "sha256-FjEcXfweL6FzA6iLxl9XnKaD4Fh/wZuRTJzZzHkc/B4="; + }; + + buildInputs = [ SDL_compat ]; + + makeFlags = + [ "BUILDDIR=out" "BINARY=rvvm" "USE_SDL=1" "GIT_COMMIT=${src.rev}" "all" "lib" ] + # work around https://github.com/NixOS/nixpkgs/issues/19098 + ++ lib.optional (stdenv.cc.isClang && stdenv.isDarwin) "CFLAGS=-fno-lto"; + + installPhase = '' + runHook preInstall + + install -d $out/{bin,lib,include/devices} + install -m755 out/rvvm -t $out/bin + install -m755 out/librvvm.{a,so} -t $out/lib + install -m644 src/rvvmlib.h -t $out/include + install -m644 src/devices/*.h -t $out/include/devices + + runHook postInstall + ''; + + meta = with lib; { + homepage = "https://github.com/LekKit/RVVM"; + description = "The RISC-V Virtual Machine"; + license = with licenses; [ gpl3 /* or */ mpl20 ]; + platforms = platforms.linux ++ platforms.darwin; + maintainers = with maintainers; [ nebulka ]; + }; +} diff --git a/pkgs/applications/virtualization/sail-riscv/default.nix b/pkgs/applications/virtualization/sail-riscv/default.nix new file mode 100644 index 0000000000000..b952b0f189185 --- /dev/null +++ b/pkgs/applications/virtualization/sail-riscv/default.nix @@ -0,0 +1,55 @@ +{ stdenv +, fetchFromGitHub +, lib +, arch +, ocamlPackages +, ocaml +, zlib +, z3 +}: + + +stdenv.mkDerivation rec { + pname = "sail-riscv"; + version = "0.5"; + + src = fetchFromGitHub { + owner = "riscv"; + repo = pname; + rev = version; + hash = "sha256-7PZNNUMaCZEBf0lOCqkquewRgZPooBOjIbGF7JlLnEo="; + }; + + nativeBuildInputs = with ocamlPackages; [ ocamlbuild findlib ocaml z3 sail ]; + buildInputs = with ocamlPackages; [ zlib linksem ]; + strictDeps = true; + + postPatch = '' + rm -r prover_snapshots + ''; + + makeFlags = [ + "SAIL=sail" + "ARCH=${arch}" + "SAIL_DIR=${ocamlPackages.sail}/share/sail" + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + cp c_emulator/riscv_sim_${arch} $out/bin + mkdir $out/share/ + cp -r generated_definitions/{coq,hol4,isabelle} $out/share/ + + runHook postInstall + ''; + + + meta = with lib; { + homepage = "https://github.com/riscv/sail-riscv"; + description = "A formal specification of the RISC-V architecture, written in Sail"; + maintainers = with maintainers; [ genericnerdyusername ]; + license = licenses.bsd2; + }; +} diff --git a/pkgs/applications/virtualization/seabios/default.nix b/pkgs/applications/virtualization/seabios/default.nix index a97c434957036..502a04c260fcc 100644 --- a/pkgs/applications/virtualization/seabios/default.nix +++ b/pkgs/applications/virtualization/seabios/default.nix @@ -1,13 +1,14 @@ -{ lib, stdenv, fetchurl, acpica-tools, python3 }: +{ lib, stdenv, fetchgit, acpica-tools, python3 }: stdenv.mkDerivation rec { pname = "seabios"; - version = "1.14.0"; + version = "1.16.1"; - src = fetchurl { - url = "https://www.seabios.org/downloads/${pname}-${version}.tar.gz"; - sha256 = "1zc1brgafbbf5hmdr1qc1p859cabpz73l8sklq83xa4sn9icqw7b"; + src = fetchgit { + url = "https://git.seabios.org/seabios.git"; + rev = "rel-${version}"; + sha256 = "sha256-oIl2ZbhgSiVJPMBGbVt6N074vOifAoZL6VdKcBwM8D4="; }; nativeBuildInputs = [ python3 ]; @@ -43,7 +44,7 @@ stdenv.mkDerivation rec { ''; homepage = "http://www.seabios.org"; license = licenses.lgpl3; - maintainers = [ maintainers.tstrobel ]; + maintainers = with maintainers; [ ]; platforms = [ "i686-linux" "x86_64-linux" ]; }; } diff --git a/pkgs/applications/virtualization/singularity/default.nix b/pkgs/applications/virtualization/singularity/default.nix deleted file mode 100644 index e8d78c5bb4a13..0000000000000 --- a/pkgs/applications/virtualization/singularity/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ lib -, fetchurl -, util-linux -, gpgme -, openssl -, libuuid -, coreutils -, which -, makeWrapper -, cryptsetup -, squashfsTools -, buildGoPackage}: - -with lib; - -buildGoPackage rec { - pname = "singularity"; - version = "3.8.4"; - - src = fetchurl { - url = "https://github.com/hpcng/singularity/releases/download/v${version}/singularity-${version}.tar.gz"; - sha256 = "sha256-y5Xm1osNIPK4fWDyOjv3B7fT6HzuDdSqQ4D49IGlfrw="; - }; - - goPackagePath = "github.com/sylabs/singularity"; - - buildInputs = [ gpgme openssl libuuid ]; - nativeBuildInputs = [ util-linux which makeWrapper cryptsetup ]; - propagatedBuildInputs = [ coreutils squashfsTools ]; - - postPatch = '' - substituteInPlace internal/pkg/build/files/copy.go \ - --replace /bin/cp ${coreutils}/bin/cp - ''; - - postConfigure = '' - cd go/src/github.com/sylabs/singularity - - patchShebangs . - sed -i 's|defaultPath := "[^"]*"|defaultPath := "${lib.makeBinPath propagatedBuildInputs}"|' cmd/internal/cli/actions.go - - ./mconfig -V ${version} -p $out --localstatedir=/var - - # Don't install SUID binaries - sed -i 's/-m 4755/-m 755/g' builddir/Makefile - ''; - - buildPhase = '' - runHook preBuild - make -C builddir - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - make -C builddir install LOCALSTATEDIR=$out/var - chmod 755 $out/libexec/singularity/bin/starter-suid - - # Explicitly configure paths in the config file - sed -i 's|^# mksquashfs path =.*$|mksquashfs path = ${lib.makeBinPath [squashfsTools]}/mksquashfs|' $out/etc/singularity/singularity.conf - sed -i 's|^# cryptsetup path =.*$|cryptsetup path = ${lib.makeBinPath [cryptsetup]}/cryptsetup|' $out/etc/singularity/singularity.conf - - runHook postInstall - ''; - - meta = with lib; { - homepage = "http://www.sylabs.io/"; - description = "Application containers for linux"; - license = licenses.bsd3; - platforms = platforms.linux; - maintainers = [ maintainers.jbedo ]; - }; -} diff --git a/pkgs/applications/virtualization/singularity/generic.nix b/pkgs/applications/virtualization/singularity/generic.nix new file mode 100644 index 0000000000000..f20735e45e3dc --- /dev/null +++ b/pkgs/applications/virtualization/singularity/generic.nix @@ -0,0 +1,238 @@ +# Configurations that should only be overrided by +# overrideAttrs +{ pname +, version +, src +, projectName # "apptainer" or "singularity" +, vendorHash ? null +, deleteVendor ? false +, proxyVendor ? false +, extraConfigureFlags ? [ ] +, extraDescription ? "" +, extraMeta ? { } +}: + +let + # Workaround for vendor-related attributes not overridable (#86349) + # should be removed when the issue is resolved + _defaultGoVendorArgs = { + inherit + vendorHash + deleteVendor + proxyVendor + ; + }; +in +{ lib +, buildGoModule +, runCommandLocal + # Native build inputs +, makeWrapper +, pkg-config +, util-linux +, which + # Build inputs +, bash +, conmon +, coreutils +, cryptsetup +, fakeroot +, go +, gpgme +, libseccomp +, libuuid + # This is for nvidia-container-cli +, nvidia-docker +, openssl +, squashfsTools +, squashfuse + # Overridable configurations +, enableNvidiaContainerCli ? true + # Compile with seccomp support + # SingularityCE 3.10.0 and above requires explicit --without-seccomp when libseccomp is not available. +, enableSeccomp ? true + # Whether the configure script treat SUID support as default + # When equal to enableSuid, it supress the --with-suid / --without-suid build flag + # It can be set to `null` to always pass either --with-suid or --without-suided + # Type: null or boolean +, defaultToSuid ? true + # Whether to compile with SUID support +, enableSuid ? false +, starterSuidPath ? null + # newuidmapPath and newgidmapPath are to support --fakeroot + # where those SUID-ed executables are unavailable from the FHS system PATH. + # Path to SUID-ed newuidmap executable +, newuidmapPath ? null + # Path to SUID-ed newgidmap executable +, newgidmapPath ? null + # Remove the symlinks to `singularity*` when projectName != "singularity" +, removeCompat ? false + # Workaround #86349 + # should be removed when the issue is resolved +, vendorHash ? _defaultGoVendorArgs.vendorHash +, deleteVendor ? _defaultGoVendorArgs.deleteVendor +, proxyVendor ? _defaultGoVendorArgs.proxyVendor +}: + +let + defaultPathOriginal = "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"; + privileged-un-utils = if ((isNull newuidmapPath) && (isNull newgidmapPath)) then null else + (runCommandLocal "privileged-un-utils" { } '' + mkdir -p "$out/bin" + ln -s ${lib.escapeShellArg newuidmapPath} "$out/bin/newuidmap" + ln -s ${lib.escapeShellArg newgidmapPath} "$out/bin/newgidmap" + ''); +in +buildGoModule { + inherit pname version src; + + # Override vendorHash with the output got from + # nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).go-modules" + # or with `null` when using vendored source tarball. + inherit vendorHash deleteVendor proxyVendor; + + # go is used to compile extensions when building container images + allowGoReference = true; + + strictDeps = true; + + passthru = { + inherit + enableSeccomp + enableSuid + projectName + removeCompat + starterSuidPath + ; + }; + + nativeBuildInputs = [ + makeWrapper + pkg-config + util-linux + which + ]; + + buildInputs = [ + bash # To patch /bin/sh shebangs. + conmon + cryptsetup + gpgme + libuuid + openssl + squashfsTools + squashfuse + ] + ++ lib.optional enableNvidiaContainerCli nvidia-docker + ++ lib.optional enableSeccomp libseccomp + ; + + configureScript = "./mconfig"; + + configureFlags = [ + "--localstatedir=/var/lib" + "--runstatedir=/var/run" + ] + ++ lib.optional (!enableSeccomp) "--without-seccomp" + ++ lib.optional (enableSuid != defaultToSuid) (if enableSuid then "--with-suid" else "--without-suid") + ++ extraConfigureFlags + ; + + # Packages to prefix to the Apptainer/Singularity container runtime default PATH + # Use overrideAttrs to override + defaultPathInputs = [ + bash + coreutils + cryptsetup # cryptsetup + go + privileged-un-utils + squashfsTools # mksquashfs unsquashfs # Make / unpack squashfs image + squashfuse # squashfuse_ll squashfuse # Mount (without unpacking) a squashfs image without privileges + ] + ++ lib.optional enableNvidiaContainerCli nvidia-docker + ; + + postPatch = '' + if [[ ! -e .git || ! -e VERSION ]]; then + echo "${version}" > VERSION + fi + # Patch shebangs for script run during build + patchShebangs --build "$configureScript" makeit e2e scripts mlocal/scripts + # Patching the hard-coded defaultPath by prefixing the packages in defaultPathInputs + substituteInPlace cmd/internal/cli/actions.go \ + --replace "defaultPath = \"${defaultPathOriginal}\"" "defaultPath = \"''${defaultPathInputs// /\/bin:}''${defaultPathInputs:+/bin:}${defaultPathOriginal}\"" + ''; + + postConfigure = '' + # Code borrowed from pkgs/stdenv/generic/setup.sh configurePhase() + + # set to empty if unset + : ''${configureFlags=} + + # shellcheck disable=SC2086 + $configureScript -V ${version} "''${prefixKey:---prefix=}$prefix" $configureFlags "''${configureFlagsArray[@]}" + + # End of the code from pkgs/stdenv/generic/setup.sh configurPhase() + ''; + + buildPhase = '' + runHook preBuild + make -C builddir -j"$NIX_BUILD_CORES" + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + make -C builddir install LOCALSTATEDIR="$out/var/lib" + runHook postInstall + ''; + + postFixup = '' + substituteInPlace "$out/bin/run-singularity" \ + --replace "/usr/bin/env ${projectName}" "$out/bin/${projectName}" + wrapProgram "$out/bin/${projectName}" \ + --prefix PATH : "${lib.makeBinPath [ + fakeroot + squashfsTools # Singularity (but not Apptainer) expects unsquashfs from the host PATH + ]}" + # Make changes in the config file + ${lib.optionalString enableNvidiaContainerCli '' + substituteInPlace "$out/etc/${projectName}/${projectName}.conf" \ + --replace "use nvidia-container-cli = no" "use nvidia-container-cli = yes" + ''} + ${lib.optionalString (removeCompat && (projectName != "singularity")) '' + unlink "$out/bin/singularity" + for file in "$out"/share/man/man?/singularity*.gz; do + if [[ -L "$file" ]]; then + unlink "$file" + fi + done + for file in "$out"/share/*-completion/completions/singularity; do + if [[ -e "$file" ]] + rm "$file" + done + ''} + ${lib.optionalString enableSuid (lib.warnIf (isNull starterSuidPath) "${projectName}: Null starterSuidPath when enableSuid produces non-SUID-ed starter-suid and run-time permission denial." '' + chmod +x $out/libexec/${projectName}/bin/starter-suid + '')} + ${lib.optionalString (enableSuid && !isNull starterSuidPath) '' + mv "$out"/libexec/${projectName}/bin/starter-suid{,.orig} + ln -s ${lib.escapeShellArg starterSuidPath} "$out/libexec/${projectName}/bin/starter-suid" + ''} + ''; + + meta = with lib; { + description = "Application containers for linux" + extraDescription; + longDescription = '' + Singularity (the upstream) renamed themselves to Apptainer + to distinguish themselves from a fork made by Sylabs Inc.. See + + https://sylabs.io/2021/05/singularity-community-edition + https://apptainer.org/news/community-announcement-20211130 + ''; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ jbedo ShamrockLee ]; + mainProgram = projectName; + } // extraMeta; +} diff --git a/pkgs/applications/virtualization/singularity/packages.nix b/pkgs/applications/virtualization/singularity/packages.nix new file mode 100644 index 0000000000000..a21066d775746 --- /dev/null +++ b/pkgs/applications/virtualization/singularity/packages.nix @@ -0,0 +1,92 @@ +{ callPackage +, fetchFromGitHub +, nixos +, conmon +}: +let + apptainer = callPackage + (import ./generic.nix rec { + pname = "apptainer"; + version = "1.1.5"; + projectName = "apptainer"; + + src = fetchFromGitHub { + owner = "apptainer"; + repo = "apptainer"; + rev = "v${version}"; + hash = "sha256-onJkpHJNsO0cQO2m+TmdMuMkuvH178mDhOeX41bYFic="; + }; + + # Update by running + # nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).go-modules" + # at the root directory of the Nixpkgs repository + vendorHash = "sha256-tAnh7A8Lw5KtY7hq+sqHMEUlgXvgeeCKKIfRZFoRtug="; + + extraDescription = " (previously known as Singularity)"; + extraMeta.homepage = "https://apptainer.org"; + }) + { + # Apptainer doesn't depend on conmon + conmon = null; + + # Apptainer builders require explicit --with-suid / --without-suid flag + # when building on a system with disabled unprivileged namespace. + # See https://github.com/NixOS/nixpkgs/pull/215690#issuecomment-1426954601 + defaultToSuid = null; + }; + + singularity = callPackage + (import ./generic.nix rec { + pname = "singularity-ce"; + version = "3.10.4"; + projectName = "singularity"; + + src = fetchFromGitHub { + owner = "sylabs"; + repo = "singularity"; + rev = "v${version}"; + hash = "sha256-bUnQXQVwaVA3Lkw3X9TBWqNBgiPxAVCHnkq0vc+CIsM="; + }; + + # Update by running + # nix-prefetch -E "{ sha256 }: ((import ./. { }).singularity.override { vendorHash = sha256; }).go-modules" + # at the root directory of the Nixpkgs repository + vendorHash = "sha256-K8helLcOuz3E4LzBE9y3pnZqwdwhO/iMPTN1o22ipVg="; + + # Do not build conmon from the Git submodule source, + # Use Nixpkgs provided version + extraConfigureFlags = [ + "--without-conmon" + ]; + + extraDescription = " (Sylabs Inc's fork of Singularity, a.k.a. SingularityCE)"; + extraMeta.homepage = "https://sylabs.io/"; + }) + { + defaultToSuid = true; + }; + + genOverridenNixos = package: packageName: (nixos { + programs.singularity = { + enable = true; + inherit package; + }; + }).config.programs.singularity.packageOverriden.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + description = ""; + longDescription = '' + This package produces identical store derivations to `pkgs.${packageName}` + overriden and installed by the NixOS module `programs.singularity` + with default configuration. + + This is for binary substitutes only. Use pkgs.${packageName} instead. + ''; + }; + }); +in +{ + inherit apptainer singularity; + + apptainer-overriden-nixos = genOverridenNixos apptainer "apptainer"; + singularity-overriden-nixos = genOverridenNixos singularity "singularity"; +} diff --git a/pkgs/applications/virtualization/spice-vdagent/default.nix b/pkgs/applications/virtualization/spice-vdagent/default.nix index 2b27e3a7875a2..5390a4fb6625d 100644 --- a/pkgs/applications/virtualization/spice-vdagent/default.nix +++ b/pkgs/applications/virtualization/spice-vdagent/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; # FIXME: May no longer be needed with spice-vdagent versions over 0.21.0 - NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; postPatch = '' substituteInPlace data/spice-vdagent.desktop --replace /usr $out diff --git a/pkgs/applications/virtualization/spike/default.nix b/pkgs/applications/virtualization/spike/default.nix index 6161c006357c8..291328ee7fe84 100644 --- a/pkgs/applications/virtualization/spike/default.nix +++ b/pkgs/applications/virtualization/spike/default.nix @@ -1,26 +1,19 @@ -{ lib, stdenv, fetchgit, dtc, fetchpatch }: +{ lib, stdenv, fetchFromGitHub, dtc, pkgsCross }: stdenv.mkDerivation rec { pname = "spike"; - version = "1.0.0"; + version = "1.1.0"; - src = fetchgit { - url = "https://github.com/riscv/riscv-isa-sim.git"; + src = fetchFromGitHub { + owner = "riscv"; + repo = "riscv-isa-sim"; rev = "v${version}"; - sha256 = "1hcl01nj96s3rkz4mrq747s5lkw81lgdjdimb8b1b9h8qnida7ww"; + sha256 = "sha256-4D2Fezej0ioOOupw3kgMT5VLs+/jXQjwvek6v0AVMzI="; }; nativeBuildInputs = [ dtc ]; enableParallelBuilding = true; - patches = [ - # Add missing headers to fix build. - (fetchpatch { - url = "https://github.com/riscv/riscv-isa-sim/commit/b3855682c2d744c613d2ffd6b53e3f021ecea4f3.patch"; - sha256 = "1v1mpp4iddf5n4h3kmj65g075m7xc31bxww7gldnmgl607ma7cnl"; - }) - ]; - postPatch = '' patchShebangs scripts/*.sh patchShebangs tests/ebreak.py @@ -33,12 +26,14 @@ stdenv.mkDerivation rec { doInstallCheck = true; installCheckPhase = let - riscvPkgs = import ../../../.. { crossSystem = lib.systems.examples.riscv64-embedded; }; + riscvPkgs = pkgsCross.riscv64-embedded; in '' runHook preInstallCheck - $out/bin/spike -m64 ${riscvPkgs.riscv-pk}/bin/pk ${riscvPkgs.hello}/bin/hello | grep -Fq "Hello, world" + echo -e "#include<stdio.h>\nint main() {printf(\"Hello, world\");return 0;}" > hello.c + ${riscvPkgs.stdenv.cc}/bin/riscv64-none-elf-gcc -o hello hello.c + $out/bin/spike -m64 ${riscvPkgs.riscv-pk}/bin/pk hello | grep -Fq "Hello, world" runHook postInstallCheck ''; diff --git a/pkgs/applications/virtualization/tini/default.nix b/pkgs/applications/virtualization/tini/default.nix index 76668301c6bbf..2df0978b0d0aa 100644 --- a/pkgs/applications/virtualization/tini/default.nix +++ b/pkgs/applications/virtualization/tini/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { postPatch = "sed -i /tini-static/d CMakeLists.txt"; - NIX_CFLAGS_COMPILE = "-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37"; + env.NIX_CFLAGS_COMPILE = "-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37"; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/applications/virtualization/tiny8086/default.nix b/pkgs/applications/virtualization/tiny8086/default.nix deleted file mode 100644 index 60d69432cde67..0000000000000 --- a/pkgs/applications/virtualization/tiny8086/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib -, stdenv -, fetchFromGitHub -, localBios ? true -, nasm -, sdlSupport ? true -, SDL -}: - -stdenv.mkDerivation rec { - pname = "8086tiny"; - version = "1.25"; - - src = fetchFromGitHub { - owner = "adriancable"; - repo = pname; - rev = "c79ca2a34d96931d55ef724c815b289d0767ae3a"; - sha256 = "00aydg8f28sgy8l3rd2a7jvp56lx3b63hhak43p7g7vjdikv495w"; - }; - - buildInputs = lib.optional localBios nasm - ++ lib.optional sdlSupport SDL; - - makeFlags = [ "8086tiny" ]; - - postBuild = lib.optionalString localBios '' - ( - cd bios_source - nasm -f bin bios.asm -o bios - ) - ''; - - installPhase = '' - mkdir -p $out/bin $out/share/8086tiny $out/share/doc/8086tiny/images - - install -m 755 8086tiny $out/bin - install -m 644 fd.img $out/share/8086tiny/8086tiny-floppy.img - install -m 644 bios_source/bios.asm $out/share/8086tiny/8086tiny-bios-src.asm - install -m 644 docs/8086tiny.css $out/share/doc/8086tiny - install -m 644 docs/doc.html $out/share/doc/$name - - for i in docs/images/\*.gif; do - install -m 644 $i $out/share/doc/8086tiny/images - done - - ${if localBios then - "install -m 644 bios_source/bios $out/share/8086tiny/8086tiny-bios" - else - "install -m 644 bios $out/share/8086tiny/8086tiny-bios"} - ''; - - meta = with lib; { - description = "An open-source small 8086 emulator"; - longDescription = '' - 8086tiny is a tiny, open-source (MIT), portable (little-endian hosts) - Intel PC emulator, powerful enough to run DOS, Windows 3.0, Excel, MS - Flight Simulator, AutoCAD, Lotus 1-2-3, and similar applications. 8086tiny - emulates a "late 80's era" PC XT-type machine. - - 8086tiny is based on an IOCCC 2013 winning entry. In fact that is the - "unobfuscated" version :) - ''; - homepage = "https://github.com/adriancable/8086tiny"; - license = licenses.mit; - maintainers = [ maintainers.AndersonTorres ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/applications/virtualization/tinyemu/default.nix b/pkgs/applications/virtualization/tinyemu/default.nix deleted file mode 100644 index 17cee52a64e05..0000000000000 --- a/pkgs/applications/virtualization/tinyemu/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, stdenv, fetchurl, openssl, curl, SDL }: - -stdenv.mkDerivation rec { - pname = "tinyemu"; - version = "2018-09-23"; - src = fetchurl { - url = "https://bellard.org/tinyemu/${pname}-${version}.tar.gz"; - sha256 = "0d6payyqf4lpvmmzvlpq1i8wpbg4sf3h6llsw0xnqdgq3m9dan4v"; - }; - buildInputs = [ openssl curl SDL ]; - makeFlags = [ "DESTDIR=$(out)" "bindir=/bin" ]; - preInstall = '' - mkdir -p "$out/bin" - ''; - meta = { - homepage = "https://bellard.org/tinyemu/"; - description = "A system emulator for the RISC-V and x86 architectures"; - longDescription = "TinyEMU is a system emulator for the RISC-V and x86 architectures. Its purpose is to be small and simple while being complete."; - license = with lib.licenses; [ mit bsd2 ]; - platforms = lib.platforms.linux; - maintainers = with lib.maintainers; [ jhhuh ]; - }; -} diff --git a/pkgs/applications/virtualization/toolbox/default.nix b/pkgs/applications/virtualization/toolbox/default.nix new file mode 100644 index 0000000000000..94928ff357339 --- /dev/null +++ b/pkgs/applications/virtualization/toolbox/default.nix @@ -0,0 +1,51 @@ +{ lib, buildGoModule, fetchFromGitHub, glibc, go-md2man, installShellFiles }: + +buildGoModule rec { + pname = "toolbox"; + version = "0.0.99.3"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = version; + hash = "sha256-9HiWgEtaMypLOwXJ6Xg3grLSZOQ4NInZtcvLPV51YO8="; + }; + + patches = [ ./glibc.patch ]; + + vendorHash = "sha256-k79TcC9voQROpJnyZ0RsqxJnBT83W5Z+D+D3HnuQGsI="; + + postPatch = '' + substituteInPlace src/cmd/create.go --subst-var-by glibc ${glibc} + ''; + + modRoot = "src"; + + nativeBuildInputs = [ go-md2man installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/containers/toolbox/pkg/version.currentVersion=${version}" + ]; + + preCheck = "export PATH=$GOPATH/bin:$PATH"; + + postInstall = '' + cd .. + for d in doc/*.md; do + go-md2man -in $d -out ''${d%.md} + done + installManPage doc/*.[1-9] + installShellCompletion --bash completion/bash/toolbox + install profile.d/toolbox.sh -Dt $out/share/profile.d + ''; + + meta = with lib; { + homepage = "https://containertoolbx.org"; + changelog = "https://github.com/containers/toolbox/releases/tag/${version}"; + description = "Tool for containerized command line environments on Linux"; + license = licenses.asl20; + maintainers = with maintainers; [ urandom ]; + }; +} diff --git a/pkgs/applications/virtualization/toolbox/glibc.patch b/pkgs/applications/virtualization/toolbox/glibc.patch new file mode 100644 index 0000000000000..1055dc965a0bf --- /dev/null +++ b/pkgs/applications/virtualization/toolbox/glibc.patch @@ -0,0 +1,12 @@ +diff --git a/src/cmd/create.go b/src/cmd/create.go +index 74e90b1..113ef80 100644 +--- a/src/cmd/create.go ++++ b/src/cmd/create.go +@@ -423,6 +425,7 @@ func createContainer(container, image, release string, showCommandToEnter bool) + "--volume", toolboxPathMountArg, + "--volume", usrMountArg, + "--volume", runtimeDirectoryMountArg, ++ "--volume", "@glibc@:@glibc@:ro", + }...) + + createArgs = append(createArgs, avahiSocketMount...) diff --git a/pkgs/applications/virtualization/umoci/default.nix b/pkgs/applications/virtualization/umoci/default.nix index 22db5503c0d4e..99e8ddf34a518 100644 --- a/pkgs/applications/virtualization/umoci/default.nix +++ b/pkgs/applications/virtualization/umoci/default.nix @@ -26,9 +26,7 @@ buildGoModule rec { nativeBuildInputs = [ go-md2man installShellFiles ]; postInstall = '' - substituteInPlace Makefile --replace \ - '$(shell which bash)' '${lib.getBin bash}/bin/bash' - make docs + make docs SHELL="$SHELL" installManPage doc/man/*.[1-9] ''; diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix index 73972deb2c8f3..e5d5a1fbfe7cc 100644 --- a/pkgs/applications/virtualization/virt-manager/default.nix +++ b/pkgs/applications/virtualization/virt-manager/default.nix @@ -1,22 +1,19 @@ -{ lib, fetchurl, python3Packages, intltool, file -, wrapGAppsHook, gtk-vnc, vte, avahi, dconf -, gobject-introspection, libvirt-glib, system-libvirt -, gsettings-desktop-schemas, libosinfo, gnome -, gtksourceview4, docutils +{ lib, fetchFromGitHub, python3, intltool, file, wrapGAppsHook, gtk-vnc +, vte, avahi, dconf, gobject-introspection, libvirt-glib, system-libvirt +, gsettings-desktop-schemas, libosinfo, gnome, gtksourceview4, docutils, cpio +, e2fsprogs, findutils, gzip, cdrtools, xorriso, fetchpatch , spiceSupport ? true, spice-gtk ? null -, cpio, e2fsprogs, findutils, gzip -, cdrtools }: -with lib; - -python3Packages.buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "virt-manager"; - version = "3.2.0"; + version = "4.1.0"; - src = fetchurl { - url = "https://releases.pagure.org/virt-manager/${pname}-${version}.tar.gz"; - sha256 = "11kvpzcmyir91qz0dsnk7748jbb4wr8mrc744w117qc91pcy6vrb"; + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + hash = "sha256-UgZ58WLXq0U3EDt4311kv0kayVU17In4kwnQ+QN1E7A="; }; nativeBuildInputs = [ @@ -30,37 +27,52 @@ python3Packages.buildPythonApplication rec { libvirt-glib vte dconf gtk-vnc gnome.adwaita-icon-theme avahi gsettings-desktop-schemas libosinfo gtksourceview4 gobject-introspection # Temporary fix, see https://github.com/NixOS/nixpkgs/issues/56943 - ] ++ optional spiceSupport spice-gtk; + ] ++ lib.optional spiceSupport spice-gtk; - propagatedBuildInputs = with python3Packages; [ - pygobject3 ipaddress libvirt libxml2 requests cdrtools + propagatedBuildInputs = with python3.pkgs; [ + pygobject3 libvirt libxml2 requests cdrtools ]; - patchPhase = '' + postPatch = '' sed -i 's|/usr/share/libvirt/cpu_map.xml|${system-libvirt}/share/libvirt/cpu_map.xml|g' virtinst/capabilities.py sed -i "/'install_egg_info'/d" setup.py ''; postConfigure = '' - ${python3Packages.python.interpreter} setup.py configure --prefix=$out + ${python3.interpreter} setup.py configure --prefix=$out ''; - setupPyGlobalFlags = [ "--no-update-icon-cache" ]; + setupPyGlobalFlags = [ "--no-update-icon-cache" "--no-compile-schemas" ]; + + dontWrapGApps = true; preFixup = '' + glib-compile-schemas $out/share/gsettings-schemas/${pname}-${version}/glib-2.0/schemas + gappsWrapperArgs+=(--set PYTHONPATH "$PYTHONPATH") # these are called from virt-install in initrdinject.py - gappsWrapperArgs+=(--prefix PATH : "${makeBinPath [ cpio e2fsprogs file findutils gzip ]}") + gappsWrapperArgs+=(--prefix PATH : "${lib.makeBinPath [ cpio e2fsprogs file findutils gzip ]}") + + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + + # Fixes testCLI0051virt_install_initrd_inject on Darwin: "cpio: root:root: invalid group" + substituteInPlace virtinst/install/installerinject.py \ + --replace "'--owner=root:root'" "'--owner=0:0'" ''; - checkInputs = with python3Packages; [ cpio cdrtools pytestCheckHook ]; + nativeCheckInputs = with python3.pkgs; [ + pytestCheckHook + cpio + cdrtools + xorriso + ]; - disabledTestPaths = [ - "tests/test_cli.py" - "tests/test_disk.py" - "tests/test_checkprops.py" - "tests/test_storage.py" - ]; # Error logs: https://gist.github.com/superherointj/fee040872beaafaaa19b8bf8f3ff0be5 + disabledTests = [ + "testAlterDisk" + "test_misc_nonpredicatble_generate" + "test_disk_dir_searchable" # does something strange with permissions + "testCLI0001virt_install_many_devices" # expects /var to exist + ]; preCheck = '' export HOME=. @@ -79,8 +91,7 @@ python3Packages.buildPythonApplication rec { manages Xen and LXC (linux containers). ''; license = licenses.gpl2; - # exclude Darwin since libvirt-glib currently doesn't build there - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ qknight offline fpletz globin ]; }; } diff --git a/pkgs/applications/virtualization/virt-top/default.nix b/pkgs/applications/virtualization/virt-top/default.nix index 8ff90a4150dbb..dc6f79d6a7e55 100644 --- a/pkgs/applications/virtualization/virt-top/default.nix +++ b/pkgs/applications/virtualization/virt-top/default.nix @@ -1,33 +1,42 @@ -{ lib, stdenv, fetchgit, fetchpatch, ocamlPackages, autoreconfHook }: +{ lib, stdenv, fetchgit, ocamlPackages, autoreconfHook, libxml2, pkg-config, getopt }: stdenv.mkDerivation rec { pname = "virt-top"; - version = "1.0.9"; + version = "1.1.1"; src = fetchgit { url = "git://git.annexia.org/virt-top.git"; rev = "v${version}"; - sha256 = "0m7pm8lzlpngsj0vjv0hg8l9ck3gvwpva7r472f8f03xpjffwiga"; + hash = "sha256-IKIkqzx7YWki0L6D5WbwQiVWJfDFGdI2nsGgg212CcE="; }; - patches = [ - (fetchpatch { - name = "ocaml-libvirt-0.6.1.5-fix.patch"; - url = "http://git.annexia.org/?p=virt-top.git;a=patch;h=24a461715d5bce47f63cb0097606fc336230589f"; - sha256 = "15w7w9iggvlw8m9w8g4h08251wzb3m3zkb58glr7ifsgi3flbn61"; - }) - ]; + strictDeps = true; - nativeBuildInputs = [ autoreconfHook ]; - buildInputs = with ocamlPackages; [ ocaml findlib ocaml_extlib ocaml_libvirt gettext-stub curses csv xml-light ]; + nativeBuildInputs = [ + autoreconfHook + pkg-config + getopt + ocamlPackages.ocaml + ocamlPackages.findlib + ]; + buildInputs = with ocamlPackages; [ + ocamlPackages.ocaml + calendar + curses + gettext-stub + ocaml_libvirt + ] ++ [ libxml2 ]; - buildPhase = "make opt"; + prePatch = '' + substituteInPlace ocaml-dep.sh.in --replace '#!/bin/bash' '#!${stdenv.shell}' + substituteInPlace ocaml-link.sh.in --replace '#!/bin/bash' '#!${stdenv.shell}' + ''; meta = with lib; { description = "A top-like utility for showing stats of virtualized domains"; homepage = "https://people.redhat.com/~rjones/virt-top/"; - license = licenses.gpl2; - maintainers = [ maintainers.volth ]; + license = licenses.gpl2Only; + maintainers = [ ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/virtualization/virt-viewer/default.nix b/pkgs/applications/virtualization/virt-viewer/default.nix index 4fd56e0cae335..0e24dd9b08f2e 100644 --- a/pkgs/applications/virtualization/virt-viewer/default.nix +++ b/pkgs/applications/virtualization/virt-viewer/default.nix @@ -1,41 +1,105 @@ -{ lib, stdenv, fetchurl, pkg-config, intltool, shared-mime-info, wrapGAppsHook -, glib, gsettings-desktop-schemas, gtk-vnc, gtk3, libvirt, libvirt-glib, libxml2, vte +{ lib +, stdenv +, bash-completion +, fetchurl +, fetchpatch +, gdbm +, glib +, gsettings-desktop-schemas +, gtk-vnc +, gtk3 +, intltool +, libcap +, libgovirt + # Currently unsupported. According to upstream, libgovirt is for a very narrow + # use-case and we don't currently cover it in Nixpkgs. It's safe to disable. + # https://gitlab.com/virt-viewer/virt-viewer/-/issues/100#note_1265011223 + # Can be enabled again once this is merged: + # https://gitlab.com/virt-viewer/virt-viewer/-/merge_requests/129 +, ovirtSupport ? false +, libvirt +, libvirt-glib +, libxml2 +, meson +, ninja +, pkg-config +, python3 +, shared-mime-info +, spice-gtk +, spice-protocol , spiceSupport ? true -, spice-gtk ? null, spice-protocol ? null, libcap ? null, gdbm ? null +, vte +, wrapGAppsHook }: -assert spiceSupport -> - spice-gtk != null && spice-protocol != null && libcap != null && gdbm != null; - with lib; stdenv.mkDerivation rec { - baseName = "virt-viewer"; - version = "9.0"; - name = "${baseName}-${version}"; + pname = "virt-viewer"; + version = "11.0"; src = fetchurl { - url = "http://virt-manager.org/download/sources/${baseName}/${name}.tar.gz"; - sha256 = "09a83mzyn3b4nd7wpa659g1zf1fjbzb79rk968bz6k5xl21k7d4i"; + url = "https://releases.pagure.org/virt-viewer/virt-viewer-${version}.tar.xz"; + sha256 = "sha256-pD+iMlxMHHelyMmAZaww7wURohrJjlkPIjQIabrZq9A="; }; - nativeBuildInputs = [ pkg-config intltool shared-mime-info wrapGAppsHook glib ]; - buildInputs = [ - glib gsettings-desktop-schemas gtk-vnc gtk3 libvirt libvirt-glib libxml2 vte - ] ++ optionals spiceSupport [ - spice-gtk spice-protocol libcap gdbm + patches = [ + # Fix build with meson 0.61. Should be fixed in the next release. + # https://gitlab.com/virt-viewer/virt-viewer/-/merge_requests/120 + (fetchpatch { + url = "https://gitlab.com/virt-viewer/virt-viewer/-/commit/98d9f202ef768f22ae21b5c43a080a1aa64a7107.patch"; + sha256 = "sha256-3AbnkbhWOh0aNjUkmVoSV/9jFQtvTllOr7plnkntb2o="; + }) ]; + nativeBuildInputs = [ + glib + intltool + meson + ninja + pkg-config + python3 + shared-mime-info + wrapGAppsHook + ]; + + buildInputs = [ + bash-completion + glib + gsettings-desktop-schemas + gtk-vnc + gtk3 + libvirt + libvirt-glib + libxml2 + vte + ] ++ optionals ovirtSupport [ + libgovirt + ] ++ optionals spiceSupport ([ + gdbm + spice-gtk + spice-protocol + ] ++ optionals stdenv.isLinux [ + libcap + ]); + # Required for USB redirection PolicyKit rules file propagatedUserEnvPkgs = optional spiceSupport spice-gtk; + mesonFlags = [ + (lib.mesonEnable "ovirt" ovirtSupport) + ]; + strictDeps = true; - enableParallelBuilding = true; + + postPatch = '' + patchShebangs build-aux/post_install.py + ''; meta = { description = "A viewer for remote virtual machines"; - maintainers = [ maintainers.raskin ]; - platforms = platforms.linux; + maintainers = with maintainers; [ raskin atemu ]; + platforms = with platforms; linux ++ darwin; license = licenses.gpl2; }; passthru = { diff --git a/pkgs/applications/virtualization/virt-what/default.nix b/pkgs/applications/virtualization/virt-what/default.nix index ead44c40f9cda..18d65480138c2 100644 --- a/pkgs/applications/virtualization/virt-what/default.nix +++ b/pkgs/applications/virtualization/virt-what/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "virt-what"; - version = "1.21"; + version = "1.25"; src = fetchurl { url = "https://people.redhat.com/~rjones/virt-what/files/${pname}-${version}.tar.gz"; - sha256 = "0yqz1l4di57d4y1z94yhdmkiykg9a8i7xwkqmd9zsk5a6i9lbjqj"; + sha256 = "sha256-1Py0I2Irr75eK7zYS32SrU1YP0d4siW3LEqBrp/Dxz0="; }; meta = with lib; { diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index 128753f26433f..fc3303baf339b 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -3,6 +3,7 @@ , libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras , qttools, qtsvg, qtwayland, pkg-config, which, docbook_xsl, docbook_xml_dtd_43 , alsa-lib, curl, libvpx, nettools, dbus, substituteAll, gsoap, zlib +, yasm, glslang # If open-watcom-bin is not passed, VirtualBox will fall back to use # the shipped alternative sources (assembly). , open-watcom-bin @@ -23,19 +24,19 @@ let buildType = "release"; # Use maintainers/scripts/update.nix to update the version and all related hashes or # change the hashes in extpack.nix and guest-additions/default.nix as well manually. - version = "6.1.28"; + version = "7.0.6"; in stdenv.mkDerivation { pname = "virtualbox"; inherit version; src = fetchurl { url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; - sha256 = "8d34993d8e9c0cf35e7bd44dd26c8c757f17a3b7d5a64052f945d00fd798ebfe"; + sha256 = "f146d9a86a35af0abb010e628636fd800cb476cc2ce82f95b0c0ca876e1756ff"; }; outputs = [ "out" "modsrc" ]; - nativeBuildInputs = [ pkg-config which docbook_xsl docbook_xml_dtd_43 ] + nativeBuildInputs = [ pkg-config which docbook_xsl docbook_xml_dtd_43 yasm glslang ] ++ optional (!headless) wrapQtAppsHook; # Wrap manually because we wrap just a small number of executables. @@ -62,8 +63,8 @@ in stdenv.mkDerivation { ${optionalString (!headless) '' -e 's@TOOLQT5BIN=.*@TOOLQT5BIN="${getDev qtbase}/bin"@' \ ''} -i configure - ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux.so.2 - ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux-x86-64.so.2 + ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2 + ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2 grep 'libpulse\.so\.0' src include -rI --files-with-match | xargs sed -i -e ' ${optionalString pulseSupport @@ -94,7 +95,7 @@ in stdenv.mkDerivation { qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}"; }) ++ [ - ./qtx11extras.patch + ./qt-dependency-paths.patch # https://github.com/NixOS/nixpkgs/issues/123851 ./fix-audio-driver-loading.patch ]; @@ -130,14 +131,17 @@ in stdenv.mkDerivation { VBOX_JAVA_HOME := ${jdk} ''} ${optionalString (!headless) '' + VBOX_WITH_VBOXSDL := 1 PATH_QT5_X11_EXTRAS_LIB := ${getLib qtx11extras}/lib PATH_QT5_X11_EXTRAS_INC := ${getDev qtx11extras}/include - TOOL_QT5_LRC := ${getDev qttools}/bin/lrelease + PATH_QT5_TOOLS_LIB := ${getLib qttools}/lib + PATH_QT5_TOOLS_INC := ${getDev qttools}/include ''} ${optionalString enableWebService '' # fix gsoap missing zlib include and produce errors with --as-needed VBOX_GSOAP_CXX_LIBS := gsoapssl++ z ''} + TOOL_QT5_LRC := ${getDev qttools}/bin/lrelease LOCAL_CONFIG ./configure \ @@ -174,7 +178,7 @@ in stdenv.mkDerivation { -name src -o -exec cp -avt "$libexec" {} + mkdir -p $out/bin - for file in ${optionalString (!headless) "VirtualBox VBoxSDL rdesktop-vrdp"} ${optionalString enableWebService "vboxwebsrv"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do + for file in ${optionalString (!headless) "VirtualBox VBoxSDL"} ${optionalString enableWebService "vboxwebsrv"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do echo "Linking $file to /bin" test -x "$libexec/$file" ln -s "$libexec/$file" $out/bin/$file @@ -225,9 +229,14 @@ in stdenv.mkDerivation { meta = { description = "PC emulator"; + sourceProvenance = with lib.sourceTypes; [ + fromSource + binaryNativeCode + ]; license = licenses.gpl2; homepage = "https://www.virtualbox.org/"; maintainers = with maintainers; [ sander ]; platforms = [ "x86_64-linux" ]; + mainProgram = "VirtualBox"; }; } diff --git a/pkgs/applications/virtualization/virtualbox/extpack.nix b/pkgs/applications/virtualization/virtualbox/extpack.nix index 7842e0ce89ff6..7e27e79d5dd73 100644 --- a/pkgs/applications/virtualization/virtualbox/extpack.nix +++ b/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -1,4 +1,4 @@ -{fetchurl, lib, virtualbox}: +{ fetchurl, lib, virtualbox }: with lib; @@ -12,7 +12,7 @@ fetchurl rec { # Manually sha256sum the extensionPack file, must be hex! # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS - let value = "85d7858a95d802c41cb86e1b573dc501d782e5d040937e0d8505a37c29509774"; + let value = "292961aa8723b54f96f89f6d8abf7d8e29259d94b7de831dbffb9ae15d346434"; in assert (builtins.stringLength value) == 64; value; meta = { diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix index 83dd8f6e79392..0601aa3e44a20 100644 --- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix +++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -5,13 +5,9 @@ let version = virtualbox.version; xserverVListFunc = builtins.elemAt (lib.splitVersion xorg.xorgserver.version); - # Forced to 1.18 in <nixpkgs/nixos/modules/services/x11/xserver.nix> - # as it even fails to build otherwise. Still, override this even here, - # in case someone does just a standalone build - # (not via videoDrivers = ["vboxvideo"]). - # It's likely to work again in some future update. - xserverABI = let abi = xserverVListFunc 0 + xserverVListFunc 1; - in if abi == "119" || abi == "120" then "118" else abi; + # Forced to 1.18; vboxvideo doesn't seem to provide any newer ABI, + # and nixpkgs doesn't support older ABIs anymore. + xserverABI = "118"; # Specifies how to patch binaries to make sure that libraries loaded using # dlopen are found. We grep binaries for specific library names and patch @@ -27,7 +23,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; - sha256 = "eab85206cfb9d7087982deb2635d19a4244a3c6783622a4817fb1a31e48e98e5"; + sha256 = "21e0f407d2a4f5c286084a70718aa20235ea75969eca0cab6cfab43a3499a010"; }; KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; @@ -35,7 +31,7 @@ in stdenv.mkDerivation rec { hardeningDisable = [ "pic" ]; - NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration"; + env.NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration"; nativeBuildInputs = [ patchelf makeWrapper ]; buildInputs = [ cdrkit ] ++ kernel.moduleBuildDependencies; @@ -49,26 +45,15 @@ in stdenv.mkDerivation rec { patchFlags = [ "-p1" "-d" "src/vboxguest-${version}" ]; unpackPhase = '' - ${if stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux" then '' - isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run - chmod 755 ./VBoxLinuxAdditions.run - # An overflow leads the is-there-enough-space check to fail when there's too much space available, so fake how much space there is - sed -i 's/\$leftspace/16383/' VBoxLinuxAdditions.run - ./VBoxLinuxAdditions.run --noexec --keep - '' - else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") - } + isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run + chmod 755 ./VBoxLinuxAdditions.run + # An overflow leads the is-there-enough-space check to fail when there's too much space available, so fake how much space there is + sed -i 's/\$leftspace/16383/' VBoxLinuxAdditions.run + ./VBoxLinuxAdditions.run --noexec --keep # Unpack files cd install - ${if stdenv.hostPlatform.system == "i686-linux" then '' - tar xfvj VBoxGuestAdditions-x86.tar.bz2 - '' - else if stdenv.hostPlatform.system == "x86_64-linux" then '' - tar xfvj VBoxGuestAdditions-amd64.tar.bz2 - '' - else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") - } + tar xfvj VBoxGuestAdditions-${if stdenv.hostPlatform.is32bit then "x86" else "amd64"}.tar.bz2 ''; buildPhase = '' @@ -159,8 +144,10 @@ in stdenv.mkDerivation rec { This add-on provides support for dynamic resizing of the X Display, shared host/guest clipboard support and guest OpenGL support. ''; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; license = "GPL"; maintainers = [ lib.maintainers.sander ]; - platforms = lib.platforms.linux; + platforms = [ "i686-linux" "x86_64-linux" ]; + broken = stdenv.hostPlatform.is32bit && (kernel.kernelAtLeast "5.10"); }; } diff --git a/pkgs/applications/virtualization/virtualbox/qtx11extras.patch b/pkgs/applications/virtualization/virtualbox/qt-dependency-paths.patch index a3aa98b081d16..ae5493a327d6e 100644 --- a/pkgs/applications/virtualization/virtualbox/qtx11extras.patch +++ b/pkgs/applications/virtualization/virtualbox/qt-dependency-paths.patch @@ -7,10 +7,10 @@ index 71b96a3..73391f0 100644 endif else - $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT5_LIB)/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) -+ $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(if $(filter X11Extras,$(module)),$(PATH_QT5_X11_EXTRAS_LIB),$(PATH_SDK_QT5_LIB))/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) ++ $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(if $(filter Help,$(module)),$(PATH_QT5_TOOLS_LIB),$(if $(filter X11Extras,$(module)),$(PATH_QT5_X11_EXTRAS_LIB),$(PATH_SDK_QT5_LIB)))/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) endif - $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) ) -+ $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) $(PATH_QT5_X11_EXTRAS_INC)/QtX11Extras ) ++ $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) $(PATH_QT5_X11_EXTRAS_INC)/QtX11Extras $(PATH_QT5_TOOLS_INC)) endif $(eval $(target)_DEFS += $(foreach module,$(toupper $(qt_modules)), QT_$(module)_LIB) ) diff --git a/pkgs/applications/virtualization/vmware-workstation/default.nix b/pkgs/applications/virtualization/vmware-workstation/default.nix new file mode 100755 index 0000000000000..6bcd15dc52ffa --- /dev/null +++ b/pkgs/applications/virtualization/vmware-workstation/default.nix @@ -0,0 +1,398 @@ +{ stdenv +, buildFHSUserEnv +, fetchurl +, lib +, zlib +, gdbm +, bzip2 +, libxslt +, libxml2 +, libuuid +, readline +, xz +, cups +, glibc +, libaio +, vulkan-loader +, alsa-lib +, libpulseaudio +, libGL +, numactl +, libX11 +, libXi +, kmod +, python3 +, autoPatchelfHook +, makeWrapper +, sqlite +, enableInstaller ? false +, enableMacOSGuests ? false, fetchFromGitHub, gnutar, unzip +}: + +let + # macOS - versions + fusionVersion = "13.0.0"; + fusionBuild = "20802013"; + unlockerVersion = "3.0.4"; + + # macOS - ISOs + darwinIsoSrc = fetchurl { + url = "https://softwareupdate.vmware.com/cds/vmw-desktop/fusion/${fusionVersion}/${fusionBuild}/x86/core/com.vmware.fusion.zip.tar"; + sha256 = "sha256-cSboek+nhkVj8rjdic6yzWQfjXiiLlch6gBWn73BzRU="; + }; + + # macOS - Unlocker + unlockerSrc = fetchFromGitHub { + owner = "paolo-projects"; + repo = "unlocker"; + rev = "${unlockerVersion}"; + sha256 = "sha256-kpvrRiiygfjQni8z+ju9mPBVqy2gs08Wj4cHxE9eorQ="; + }; + + gdbm3 = gdbm.overrideAttrs (old: rec { + version = "1.8.3"; + + src = fetchurl { + url = "mirror://gnu/gdbm/gdbm-${version}.tar.gz"; + sha256 = "sha256-zDQDOKLii0AFirnrU1SiHVP4ihWC6iG6C7GFw3ooHck="; + }; + + installPhase = '' + mkdir -p $out/lib + cp .libs/libgdbm*.so* $out/lib/ + ''; + }); + + vmware-unpack-env = buildFHSUserEnv rec { + name = "vmware-unpack-env"; + targetPkgs = pkgs: [ zlib ]; + }; +in +stdenv.mkDerivation rec { + pname = "vmware-workstation"; + version = "17.0.0"; + build = "20800274"; + + buildInputs = [ + libxslt + libxml2 + libuuid + gdbm3 + readline + xz + cups + glibc + libaio + vulkan-loader + alsa-lib + libpulseaudio + libGL + numactl + libX11 + libXi + kmod + ]; + + nativeBuildInputs = [ python3 vmware-unpack-env autoPatchelfHook makeWrapper ] + ++ lib.optionals enableInstaller [ sqlite bzip2 ] + ++ lib.optionals enableMacOSGuests [ gnutar unzip ]; + + src = fetchurl { + url = "https://download3.vmware.com/software/WKST-1700-LX/VMware-Workstation-Full-${version}-${build}.x86_64.bundle"; + sha256 = "sha256-kBTocGb1tg5i+dvWmOaPfPUHxrWcX8/obeKqRGR+mRA="; + }; + + unpackPhase = '' + ${vmware-unpack-env}/bin/vmware-unpack-env -c "sh ${src} --extract unpacked" + + ${lib.optionalString enableMacOSGuests '' + mkdir -p fusion/ + tar -xvpf "${darwinIsoSrc}" -C fusion/ + unzip "fusion/com.vmware.fusion.zip" \ + "payload/VMware Fusion.app/Contents/Library/isoimages/x86_x64/darwin.iso" \ + "payload/VMware Fusion.app/Contents/Library/isoimages/x86_x64/darwinPre15.iso" \ + -d fusion/ + ''} + ''; + + patchPhase = lib.optionalString enableMacOSGuests '' + cp -R "${unlockerSrc}" unlocker/ + + substituteInPlace unlocker/unlocker.py --replace \ + "/usr/lib/vmware/bin/" "$out/lib/vmware/bin" + + substituteInPlace unlocker/unlocker.py --replace \ + "/usr/lib/vmware/lib/libvmwarebase.so/libvmwarebase.so" "$out/lib/vmware/lib/libvmwarebase.so/libvmwarebase.so" + ''; + + installPhase = '' + mkdir -p \ + $out/bin \ + $out/etc/vmware \ + $out/etc/init.d \ + $out/lib/vmware \ + $out/share/doc + + #### Replicate vmware-installer's order but VMX first because of appLoader + ${lib.optionalString enableInstaller '' + ## VMware installer + echo "Installing VMware Installer" + unpacked="unpacked/vmware-installer" + vmware_installer_version=$(cat "unpacked/vmware-installer/manifest.xml" | grep -oPm1 "(?<=<version>)[^<]+") + dest="$out/lib/vmware-installer/$vmware_installer_version" + + mkdir -p $dest + cp -r $unpacked/vmis* $dest/ + cp -r $unpacked/sopython $dest/ + cp -r $unpacked/python $dest/ + cp -r $unpacked/cdsHelper $dest/ + cp -r $unpacked/vmware* $dest/ + cp -r $unpacked/bin $dest/ + cp -r $unpacked/lib $dest/ + + chmod +x $dest/vmis-launcher $dest/sopython/* $dest/python/init.sh $dest/vmware-* + ln -s $dest/vmware-installer $out/bin/vmware-installer + + mkdir -p $out/etc/vmware-installer + cp ${./vmware-installer-bootstrap} $out/etc/vmware-installer/bootstrap + sed -i -e "s,@@INSTALLERDIR@@,$dest," $out/etc/vmware-installer/bootstrap + sed -i -e "s,@@IVERSION@@,$vmware_installer_version," $out/etc/vmware-installer/bootstrap + sed -i -e "s,@@BUILD@@,${build}," $out/etc/vmware-installer/bootstrap + + # create database of vmware guest tools (avoids vmware fetching them later) + mkdir -p $out/etc/vmware-installer/components + database_filename=$out/etc/vmware-installer/database + touch $database_filename + sqlite3 "$database_filename" "CREATE TABLE settings(key VARCHAR PRIMARY KEY, value VARCHAR NOT NULL, component_name VARCHAR NOT NULL);" + sqlite3 "$database_filename" "INSERT INTO settings(key,value,component_name) VALUES('db.schemaVersion','2','vmware-installer');" + sqlite3 "$database_filename" "CREATE TABLE components(id INTEGER PRIMARY KEY, name VARCHAR NOT NULL, version VARCHAR NOT NULL, buildNumber INTEGER NOT NULL, component_core_id INTEGER NOT NULL, longName VARCHAR NOT NULL, description VARCHAR, type INTEGER NOT NULL);" + for folder in unpacked/**/.installer ; do + component="$(basename $(dirname $folder))" + component_version=$(cat unpacked/$component/manifest.xml | grep -oPm1 "(?<=<version>)[^<]+") + component_core_id=$([ "$component" == "vmware-installer" ] && echo "-1" || echo "1") + type=$([ "$component" == "vmware-workstation" ] && echo "0" || echo "1") + sqlite3 "$database_filename" "INSERT INTO components(name,version,buildNumber,component_core_id,longName,description,type) VALUES(\"$component\",\"$component_version\",\"${build}\",$component_core_id,\"$component\",\"$component\",$type);" + mkdir -p $out/etc/vmware-installer/components/$component + cp -r $folder/* $out/etc/vmware-installer/components/$component + done + ''} + + ## VMware Bootstrap + echo "Installing VMware Bootstrap" + cp ${./vmware-bootstrap} $out/etc/vmware/bootstrap + sed -i -e "s,@@PREFIXDIR@@,$out," $out/etc/vmware/bootstrap + + ## VMware Config + echo "Installing VMware Config" + cp ${./vmware-config} $out/etc/vmware/config + sed -i -e "s,@@VERSION@@,${version}," $out/etc/vmware/config + sed -i -e "s,@@BUILD@@,${build}," $out/etc/vmware/config + sed -i -e "s,@@PREFIXDIR@@,$out," $out/etc/vmware/config + + ## VMware VMX + echo "Installing VMware VMX" + unpacked="unpacked/vmware-vmx" + cp -r $unpacked/bin/* $out/bin/ + cp -r $unpacked/etc/modprobe.d $out/etc/ + cp -r $unpacked/etc/init.d/* $out/etc/init.d/ + cp -r $unpacked/roms $out/lib/vmware/ + cp -r $unpacked/sbin/* $out/bin/ + + cp -r $unpacked/lib/libconf $out/lib/vmware/ + rm $out/lib/vmware/libconf/etc/fonts/fonts.conf + + cp -r $unpacked/lib/bin $out/lib/vmware/ + cp -r $unpacked/lib/lib $out/lib/vmware/ + cp -r $unpacked/lib/scripts $out/lib/vmware/ + cp -r $unpacked/lib/icu $out/lib/vmware/ + cp -r $unpacked/lib/share $out/lib/vmware/ + cp -r $unpacked/lib/modules $out/lib/vmware/ + cp -r $unpacked/lib/include $out/lib/vmware/ + + cp -r $unpacked/extra/checkvm $out/bin/ + cp -r $unpacked/extra/modules.xml $out/lib/vmware/modules/ + + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/vmware-vmblock-fuse + ln -s $out/lib/vmware/icu $out/etc/vmware/icu + + # Replace vmware-modconfig with simple error dialog + cp ${./vmware-modconfig} $out/bin/vmware-modconfig + sed -i -e "s,ETCDIR=/etc/vmware,ETCDIR=$out/etc/vmware," $out/bin/vmware-modconfig + + # Patch dynamic libs in + for binary in "mksSandbox" "mksSandbox-debug" "mksSandbox-stats" "vmware-vmx" "vmware-vmx-debug" "vmware-vmx-stats" + do + patchelf \ + --add-needed ${libaio}/lib/libaio.so.1 \ + --add-needed ${vulkan-loader}/lib/libvulkan.so.1 \ + --add-needed ${alsa-lib}/lib/libasound.so \ + --add-needed ${libpulseaudio}/lib/libpulse.so.0 \ + --add-needed ${libGL}/lib/libEGL.so.1 \ + --add-needed ${numactl}/lib/libnuma.so.1 \ + --add-needed ${libX11}/lib/libX11.so.6 \ + --add-needed ${libXi}/lib/libXi.so.6 \ + --add-needed ${libGL}/lib/libGL.so.1 \ + $out/lib/vmware/bin/$binary + done + + ## VMware USB Arbitrator + echo "Installing VMware USB Arbitrator" + unpacked="unpacked/vmware-usbarbitrator" + cp -r $unpacked/etc/init.d/* $out/etc/init.d/ + cp -r $unpacked/bin/* $out/bin/ + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/vmware-usbarbitrator + + ## VMware Player Setup + echo "Installing VMware Player Setup" + unpacked="unpacked/vmware-player-setup" + mkdir -p $out/lib/vmware/setup + cp $unpacked/vmware-config $out/lib/vmware/setup/ + + ## VMware Network Editor + echo "Installing VMware Network Editor" + unpacked="unpacked/vmware-network-editor" + cp -r $unpacked/lib $out/lib/vmware/ + + ## VMware Tools + Virtual Printer + echo "Installing VMware Tools + Virtual Printer" + mkdir -p $out/lib/vmware/isoimages/ + cp unpacked/vmware-tools-linuxPreGlibc25/linuxPreGlibc25.iso \ + unpacked/vmware-tools-windows/windows.iso \ + unpacked/vmware-tools-winPreVista/winPreVista.iso \ + unpacked/vmware-virtual-printer/VirtualPrinter-Linux.iso \ + unpacked/vmware-virtual-printer/VirtualPrinter-Windows.iso \ + unpacked/vmware-tools-winPre2k/winPre2k.iso \ + unpacked/vmware-tools-linux/linux.iso \ + unpacked/vmware-tools-netware/netware.iso \ + unpacked/vmware-tools-solaris/solaris.iso \ + $out/lib/vmware/isoimages/ + + ${lib.optionalString enableMacOSGuests '' + echo "Installing VMWare Tools for MacOS" + cp -v \ + "fusion/payload/VMware Fusion.app/Contents/Library/isoimages/x86_x64/darwin.iso" \ + "fusion/payload/VMware Fusion.app/Contents/Library/isoimages/x86_x64/darwinPre15.iso" \ + $out/lib/vmware/isoimages/ + ''} + + ## VMware Player Application + echo "Installing VMware Player Application" + unpacked="unpacked/vmware-player-app" + cp -r $unpacked/lib/* $out/lib/vmware/ + cp -r $unpacked/etc/* $out/etc/ + cp -r $unpacked/share/* $out/share/ + cp -r $unpacked/bin/* $out/bin/ + cp -r $unpacked/doc/* $out/share/doc/ # Licences + + mkdir -p $out/etc/thnuclnt + cp -r $unpacked/extras/.thnumod $out/etc/thnuclnt/ + + mkdir -p $out/lib/cups/filter + cp -r $unpacked/extras/thnucups $out/lib/cups/filter/ + + for target in "vmplayer" "vmware-enter-serial" "vmware-setup-helper" "licenseTool" "vmware-mount" "vmware-fuseUI" "vmware-app-control" "vmware-zenity" + do + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/$target + done + + ln -s $out/lib/vmware/bin/vmware-mount $out/bin/vmware-mount + ln -s $out/lib/vmware/bin/vmware-fuseUI $out/bin/vmware-fuseUI + ln -s $out/lib/vmware/bin/vmrest $out/bin/vmrest + + # Patch vmplayer + sed -i -e "s,ETCDIR=/etc/vmware,ETCDIR=$out/etc/vmware," $out/bin/vmplayer + sed -i -e "s,/sbin/modprobe,${kmod}/bin/modprobe," $out/bin/vmplayer + sed -i -e "s,@@BINARY@@,$out/bin/vmplayer," $out/share/applications/vmware-player.desktop + + ## VMware OVF Tool compoment + echo "Installing VMware OVF Tool for Linux" + unpacked="unpacked/vmware-ovftool" + mkdir -p $out/lib/vmware-ovftool/ + + cp -r $unpacked/* $out/lib/vmware-ovftool/ + chmod 755 $out/lib/vmware-ovftool/ovftool* + makeWrapper "$out/lib/vmware-ovftool/ovftool.bin" "$out/bin/ovftool" + + ## VMware Network Editor User Interface + echo "Installing VMware Network Editor User Interface" + unpacked="unpacked/vmware-network-editor-ui" + cp -r $unpacked/share/* $out/share/ + + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/vmware-netcfg + ln -s $out/lib/vmware/bin/vmware-netcfg $out/bin/vmware-netcfg + + # Patch network editor ui + + sed -i -e "s,@@BINARY@@,$out/bin/vmware-netcfg," $out/share/applications/vmware-netcfg.desktop + + ## VMware VIX Core Library + echo "Installing VMware VIX Core Library" + unpacked="unpacked/vmware-vix-core" + mkdir -p $out/lib/vmware-vix + cp -r $unpacked/lib/* $out/lib/vmware-vix/ + cp -r $unpacked/bin/* $out/bin/ + cp $unpacked/*.txt $out/lib/vmware-vix/ + + mkdir -p $out/share/doc/vmware-vix/ + cp -r $unpacked/doc/* $out/share/doc/vmware-vix/ + + mkdir -p $out/include/ + cp -r $unpacked/include/* $out/include/ + + ## VMware VIX Workstation-17.0.0 Library + echo "Installing VMware VIX Workstation-17.0.0 Library" + unpacked="unpacked/vmware-vix-lib-Workstation1700" + cp -r $unpacked/lib/* $out/lib/vmware-vix/ + + ## VMware VProbes component for Linux + echo "Installing VMware VProbes component for Linux" + unpacked="unpacked/vmware-vprobe" + cp -r $unpacked/bin/* $out/bin/ + cp -r $unpacked/lib/* $out/lib/vmware/ + + ## VMware Workstation + echo "Installing VMware Workstation" + unpacked="unpacked/vmware-workstation" + cp -r $unpacked/bin/* $out/bin/ + cp -r $unpacked/lib/* $out/lib/vmware/ + cp -r $unpacked/share/* $out/share/ + cp -r $unpacked/man $out/share/ + cp -r $unpacked/doc $out/share/ + + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/vmware + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/vmware-tray + ln -s $out/lib/vmware/bin/appLoader $out/lib/vmware/bin/vmware-vprobe + + # Patch vmware + sed -i -e "s,ETCDIR=/etc/vmware,ETCDIR=$out/etc/vmware,g" $out/bin/vmware + sed -i -e "s,/sbin/modprobe,${kmod}/bin/modprobe,g" $out/bin/vmware + sed -i -e "s,@@BINARY@@,$out/bin/vmware," $out/share/applications/vmware-workstation.desktop + + chmod +x $out/bin/* $out/lib/vmware/bin/* $out/lib/vmware/setup/* + + # Harcoded pkexec hack + for lib in "lib/vmware/lib/libvmware-mount.so/libvmware-mount.so" "lib/vmware/lib/libvmwareui.so/libvmwareui.so" "lib/vmware/lib/libvmware-fuseUI.so/libvmware-fuseUI.so" + do + sed -i -e "s,/usr/local/sbin,/run/vmware/bin," "$out/$lib" + done + + ${lib.optionalString enableMacOSGuests '' + echo "Running VMWare Unlocker to enable macOS Guests" + python3 unlocker/unlocker.py + ''} + + # SUID hack + wrapProgram $out/lib/vmware/bin/vmware-vmx + rm $out/lib/vmware/bin/vmware-vmx + ln -s /run/wrappers/bin/vmware-vmx $out/lib/vmware/bin/vmware-vmx + ''; + + meta = with lib; { + description = "Industry standard desktop hypervisor for x86-64 architecture"; + homepage = "https://www.vmware.com/products/workstation-pro.html"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + license = licenses.unfree; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ cawilliamson deinferno ]; + }; +} diff --git a/pkgs/applications/virtualization/vmware-workstation/vmware-bootstrap b/pkgs/applications/virtualization/vmware-workstation/vmware-bootstrap new file mode 100644 index 0000000000000..93787870ec3cf --- /dev/null +++ b/pkgs/applications/virtualization/vmware-workstation/vmware-bootstrap @@ -0,0 +1,11 @@ +PREFIX="@@PREFIXDIR@@" +BINDIR="@@PREFIXDIR@@/bin" +SBINDIR="@@PREFIXDIR@@/sbin" +LIBDIR="@@PREFIXDIR@@/lib" +DATADIR="@@PREFIXDIR@@/share" +SYSCONFDIR="@@PREFIXDIR@@/etc" +DOCDIR="@@PREFIXDIR@@/share/doc" +MANDIR="@@PREFIXDIR@@/share/man" +INCLUDEDIR="@@PREFIXDIR@@/include" +INITDIR="@@PREFIXDIR@@/etc" +INITSCRIPTDIR="@@PREFIXDIR@@/etc/init.d" diff --git a/pkgs/applications/virtualization/vmware-workstation/vmware-config b/pkgs/applications/virtualization/vmware-workstation/vmware-config new file mode 100644 index 0000000000000..9b3714bc3136c --- /dev/null +++ b/pkgs/applications/virtualization/vmware-workstation/vmware-config @@ -0,0 +1,21 @@ +.encoding = "UTF-8" +product.name = "VMware Workstation" +product.version = "@@VERSION@@" +product.buildNumber = "@@BUILD@@" +workstation.product.version = "@@VERSION@@" +player.product.version = "@@VERSION@@" +vix.config.version = "1" +bindir = "@@PREFIXDIR@@/bin" +libdir = "@@PREFIXDIR@@/lib/vmware" +vix.libdir = "@@PREFIXDIR@@/lib/vmware-vix" +initscriptdir = "@@PREFIXDIR@@/lib/systemd/scripts" +vmware.fullpath = "@@PREFIXDIR@@/bin/vmware" +authd.fullpath = "@@PREFIXDIR@@/bin/vmware-authd" +gksu.rootMethod = "su" +NETWORKING = "yes" +installerDefaults.autoSoftwareUpdateEnabled = "no" +installerDefaults.dataCollectionEnabled = "no" +installerDefaults.componentDownloadEnabled = "no" +installerDefaults.transferVersion = "1" +acceptOVFEULA = "yes" +acceptEULA = "yes" diff --git a/pkgs/applications/virtualization/vmware-workstation/vmware-installer-bootstrap b/pkgs/applications/virtualization/vmware-workstation/vmware-installer-bootstrap new file mode 100644 index 0000000000000..4db8f7a1b458f --- /dev/null +++ b/pkgs/applications/virtualization/vmware-workstation/vmware-installer-bootstrap @@ -0,0 +1,5 @@ +VMWARE_INSTALLER="@@INSTALLERDIR@@" +VERSION="@@IVERSION@@" # For backwards compability +VMISVERSION="@@IVERSION@@" +VMISBUILDNUM="@@BUILD@@" +VMISPYVERSION="39" diff --git a/pkgs/applications/virtualization/vmware-workstation/vmware-modconfig b/pkgs/applications/virtualization/vmware-workstation/vmware-modconfig new file mode 100644 index 0000000000000..c93a371579667 --- /dev/null +++ b/pkgs/applications/virtualization/vmware-workstation/vmware-modconfig @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +ETCDIR=/etc/vmware +. $ETCDIR/bootstrap + +exec "$LIBDIR"/vmware/bin/vmware-zenity --error --text "Reboot is required to load VMware kernel modules (make sure that 'virtualisation.vmware.host.enable' is enabled)" diff --git a/pkgs/applications/virtualization/x11docker/default.nix b/pkgs/applications/virtualization/x11docker/default.nix index c7ae9482840b6..f6612f3d9aea3 100644 --- a/pkgs/applications/virtualization/x11docker/default.nix +++ b/pkgs/applications/virtualization/x11docker/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg, getopt, gnugrep, gawk, ps, mount, iproute2 }: stdenv.mkDerivation rec { pname = "x11docker"; - version = "6.9.0"; + version = "7.6.0"; src = fetchFromGitHub { owner = "mviereck"; repo = "x11docker"; rev = "v${version}"; - sha256 = "sha256-O+lab3K7J2Zz9t+yB/kYWtBOvQGOQMDFNDUVXzTj/h4="; + sha256 = "sha256-DehAWrEvoE/zWbfjQmF5Z7HTaQL5WMA/279Ee1Xm47g="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/virtualization/xen/4.10.nix b/pkgs/applications/virtualization/xen/4.10.nix index aadd66304e6e8..4e4df3976fc18 100644 --- a/pkgs/applications/virtualization/xen/4.10.nix +++ b/pkgs/applications/virtualization/xen/4.10.nix @@ -151,7 +151,7 @@ callPackage (import ./generic.nix (rec { ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" ++ optional (withInternalOVMF) "--enable-ovmf"; - NIX_CFLAGS_COMPILE = toString [ + env.NIX_CFLAGS_COMPILE = toString [ # Fix build on Glibc 2.24. "-Wno-error=deprecated-declarations" # Fix build with GCC 8 diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 682f35b0471b1..2631c6ea44c26 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -16,7 +16,8 @@ config: , util-linux, procps, systemd # Documentation -, transfig, ghostscript, texinfo, pandoc +# pythonPackages.markdown +, fig2dev, ghostscript, texinfo, pandoc , binutils-unwrapped @@ -64,9 +65,9 @@ stdenv.mkDerivation (rec { hardeningDisable = [ "stackprotector" "fortify" "pic" ]; - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = [ pkg-config cmake ]; buildInputs = [ - cmake which + which # Xen bison bzip2 checkpolicy dev86 figlet flex gettext glib acpica-tools libaio @@ -79,7 +80,7 @@ stdenv.mkDerivation (rec { pythonPackages.wrapPython # Documentation - pythonPackages.markdown transfig ghostscript texinfo pandoc + pythonPackages.markdown fig2dev ghostscript texinfo pandoc # Others ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles)) @@ -243,7 +244,11 @@ stdenv.mkDerivation (rec { + "\nIncludes:\n" + withXenfiles (name: x: "* ${name}: ${x.meta.description or "(No description)"}."); platforms = [ "x86_64-linux" ]; - maintainers = with lib.maintainers; [ eelco tstrobel oxij ]; + maintainers = with lib.maintainers; [ eelco oxij ]; license = lib.licenses.gpl2; + # https://xenbits.xen.org/docs/unstable/support-matrix.html + knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [ + "This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html" + ]; } // (config.meta or {}); } // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) diff --git a/pkgs/applications/virtualization/xhyve/default.nix b/pkgs/applications/virtualization/xhyve/default.nix index f093e94696cf8..2d66f8351411f 100644 --- a/pkgs/applications/virtualization/xhyve/default.nix +++ b/pkgs/applications/virtualization/xhyve/default.nix @@ -33,5 +33,7 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.lnl7 ]; license = licenses.bsd2; platforms = platforms.darwin; + # never built on aarch64-darwin since first introduction in nixpkgs + broken = stdenv.isDarwin && stdenv.isAarch64; }; } diff --git a/pkgs/applications/virtualization/youki/default.nix b/pkgs/applications/virtualization/youki/default.nix new file mode 100644 index 0000000000000..54a88a334f8a3 --- /dev/null +++ b/pkgs/applications/virtualization/youki/default.nix @@ -0,0 +1,48 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, pkg-config +, installShellFiles +, dbus +, libseccomp +, systemd +}: + +rustPlatform.buildRustPackage rec { + pname = "youki"; + version = "0.0.4"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-XwapCfu6Me0xSe+qFz9BFRYpQvG+ztb6QyhGejYRPb4="; + }; + + nativeBuildInputs = [ pkg-config installShellFiles ]; + + buildInputs = [ dbus libseccomp systemd ]; + + postInstall = '' + installShellCompletion --cmd youki \ + --bash <($out/bin/youki completion -s bash) \ + --fish <($out/bin/youki completion -s fish) \ + --zsh <($out/bin/youki completion -s zsh) + ''; + + cargoBuildFlags = [ "-p" "youki" ]; + cargoTestFlags = [ "-p" "youki" ]; + + cargoSha256 = "sha256-PT1kVo4gQFH9sIprEoAioNvDL/soMHcA2utEiQJPS/0="; + + doCheck = false; # test failed + + meta = with lib; { + description = "A container runtime written in Rust"; + homepage = "https://containers.github.io/youki/"; + changelog = "https://github.com/containers/youki/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ candyc1oud ]; + platforms = platforms.linux; + }; +} |