about summary refs log tree commit diff
path: root/pkgs/applications/virtualization/crosvm/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/virtualization/crosvm/default.nix')
-rw-r--r--pkgs/applications/virtualization/crosvm/default.nix56
1 files changed, 26 insertions, 30 deletions
diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix
index a4de1433ae735..11d8f2223656f 100644
--- a/pkgs/applications/virtualization/crosvm/default.nix
+++ b/pkgs/applications/virtualization/crosvm/default.nix
@@ -1,60 +1,56 @@
-{ stdenv, lib, rustPlatform, fetchgit
-, minijail-tools, pkg-config, protobuf, wayland-scanner
+{ stdenv, lib, rust, rustPlatform, fetchgit, fetchpatch
+, clang, pkg-config, protobuf, python3, wayland-scanner
 , libcap, libdrm, libepoxy, minijail, virglrenderer, wayland, wayland-protocols
 }:
 
 rustPlatform.buildRustPackage rec {
   pname = "crosvm";
-  version = "104.0";
+  version = "107.1";
 
   src = fetchgit {
-    url = "https://chromium.googlesource.com/crosvm/crosvm";
-    rev = "265aab613b1eb31598ea0826f04810d9f010a2c6";
-    sha256 = "OzbtPHs6BWK83RZ/6eCQHA61X6SY8FoBkaN70a37pvc=";
+    url = "https://chromium.googlesource.com/chromiumos/platform/crosvm";
+    rev = "5a49a836e63aa6e9ae38b80daa09a013a57bfb7f";
+    sha256 = "F+5i3R7Tbd9xF63Olnyavzg/hD+8HId1duWm8bvAmLA=";
     fetchSubmodules = true;
   };
 
   separateDebugInfo = true;
 
   patches = [
-    ./default-seccomp-policy-dir.diff
+    # Backport seccomp sandbox update for recent Glibc.
+    # fetchpatch is not currently gerrit/gitiles-compatible, so we
+    # have to use the mirror.
+    # https://github.com/NixOS/nixpkgs/pull/133604
+    (fetchpatch {
+      url = "https://github.com/google/crosvm/commit/aae01416807e7c15270b3d44162610bcd73952ff.patch";
+      sha256 = "nQuOMOwBu8QvfwDSuTz64SQhr2dF9qXt2NarbIU55tU=";
+    })
   ];
 
-  cargoLock.lockFile = ./Cargo.lock;
+  cargoSha256 = "1jg9x5adz1lbqdwnzld4xg4igzmh90nd9xm287cgkvh5fbmsjfjv";
 
-  nativeBuildInputs = [ minijail-tools pkg-config protobuf wayland-scanner ];
+  nativeBuildInputs = [ clang pkg-config protobuf python3 wayland-scanner ];
 
   buildInputs = [
     libcap libdrm libepoxy minijail virglrenderer wayland wayland-protocols
   ];
 
-  arch = stdenv.hostPlatform.parsed.cpu.name;
-
-  postPatch = ''
-    cp ${cargoLock.lockFile} Cargo.lock
-    sed -i "s|/usr/share/policy/crosvm/|$PWD/seccomp/$arch/|g" \
-        seccomp/$arch/*.policy
+  preConfigure = ''
+    patchShebangs third_party/minijail/tools/*.py
+    substituteInPlace build.rs --replace '"clang"' '"${stdenv.cc.targetPrefix}clang"'
   '';
 
-  preBuild = ''
-    export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy
-
-    for policy in seccomp/$arch/*.policy; do
-        compile_seccomp_policy \
-            --default-action trap $policy ''${policy%.policy}.bpf
-    done
+  "CARGO_TARGET_${lib.toUpper (builtins.replaceStrings ["-"] ["_"] (rust.toRustTarget stdenv.hostPlatform))}_LINKER" =
+    "${stdenv.cc.targetPrefix}cc";
 
-    substituteInPlace seccomp/$arch/*.policy \
-      --replace "@include $(pwd)/seccomp/$arch/" "@include $out/share/policy/"
-  '';
+  # crosvm mistakenly expects the stable protocols to be in the root
+  # of the pkgdatadir path, rather than under the "stable"
+  # subdirectory.
+  PKG_CONFIG_WAYLAND_PROTOCOLS_PKGDATADIR =
+    "${wayland-protocols}/share/wayland-protocols/stable";
 
   buildFeatures = [ "default" "virgl_renderer" "virgl_renderer_next" ];
 
-  postInstall = ''
-    mkdir -p $out/share/policy/
-    cp -v seccomp/$arch/*.{policy,bpf} $out/share/policy/
-  '';
-
   passthru.updateScript = ./update.py;
 
   meta = with lib; {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-14 21:59:41 +0000