aland/nixpkgs-odroid-hc4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

Browse source 
https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>
This commit is contained in:
Anton Arapov 2021-04-03 12:58:10 +02:00 committed by Alan Daniels
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

71
pkgs/applications/virtualization/OVMF/default.nix Normal file
View file

@ -0,0 +1,71 @@
{ stdenv, lib, edk2, util-linux, nasm, acpica-tools
, csmSupport ? false, seabios ? null
, secureBoot ? false
, httpSupport ? false
, tpmSupport ? false
}:
assert csmSupport -> seabios != null;
let
projectDscPath = if stdenv.isi686 then
"OvmfPkg/OvmfPkgIa32.dsc"
else if stdenv.isx86_64 then
"OvmfPkg/OvmfPkgX64.dsc"
else if stdenv.isAarch64 then
"ArmVirtPkg/ArmVirtQemu.dsc"
else
throw "Unsupported architecture";
version = lib.getVersion edk2;
in
edk2.mkDerivation projectDscPath {
pname = "OVMF";
inherit version;
outputs = [ "out" "fd" ];
nativeBuildInputs = [ util-linux nasm acpica-tools ];
strictDeps = true;
hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ];
buildFlags =
lib.optionals secureBoot [ "-D SECURE_BOOT_ENABLE=TRUE" ]
++ lib.optionals csmSupport [ "-D CSM_ENABLE" "-D FD_SIZE_2MB" ]
++ lib.optionals httpSupport [ "-D NETWORK_HTTP_ENABLE=TRUE" "-D NETWORK_HTTP_BOOT_ENABLE=TRUE" ]
++ lib.optionals tpmSupport [ "-D TPM_ENABLE" "-D TPM2_ENABLE" "-D TPM2_CONFIG_ENABLE"];
postPatch = lib.optionalString csmSupport ''
cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin
'';
postFixup = if stdenv.isAarch64 then ''
mkdir -vp $fd/FV
mkdir -vp $fd/AAVMF
mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV
# Use Debian dir layout: https://salsa.debian.org/qemu-team/edk2/blob/debian/debian/rules
dd of=$fd/FV/AAVMF_CODE.fd if=/dev/zero bs=1M count=64
dd of=$fd/FV/AAVMF_CODE.fd if=$fd/FV/QEMU_EFI.fd conv=notrunc
dd of=$fd/FV/AAVMF_VARS.fd if=/dev/zero bs=1M count=64
# Also add symlinks for Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
ln -s $fd/FV/AAVMF_CODE.fd $fd/AAVMF/QEMU_EFI-pflash.raw
ln -s $fd/FV/AAVMF_VARS.fd $fd/AAVMF/vars-template-pflash.raw
'' else ''
mkdir -vp $fd/FV
mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $fd/FV
'';
dontPatchELF = true;
meta = {
description = "Sample UEFI firmware for QEMU and KVM";
homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF";
license = lib.licenses.bsd2;
platforms = ["x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin"];
};
}

12
pkgs/applications/virtualization/appvm/0001-Remove-menu-bar.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/src/resources/ui/virt-viewer.ui b/src/resources/ui/virt-viewer.ui
index 430f879..68856fc 100644
--- a/src/resources/ui/virt-viewer.ui
+++ b/src/resources/ui/virt-viewer.ui
@@ -137,7 +137,6 @@
</child>
<child type="titlebar">
<object class="GtkHeaderBar" id="header">
- <property name="visible">True</property>
<property name="can-focus">False</property>
<property name="show-close-button">True</property>
<child>

15
pkgs/applications/virtualization/appvm/0002-Do-not-grab-keyboard-mouse.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/src/virt-viewer-display-spice.c b/src/virt-viewer-display-spice.c
index 2265f02..1d60d81 100644
--- a/src/virt-viewer-display-spice.c
+++ b/src/virt-viewer-display-spice.c
@@ -317,8 +317,8 @@ virt_viewer_display_spice_new(VirtViewerSessionSpice *session,
gtk_container_add(GTK_CONTAINER(self), GTK_WIDGET(self->display));
gtk_widget_show(GTK_WIDGET(self->display));
g_object_set(self->display,
- "grab-keyboard", TRUE,
- "grab-mouse", TRUE,
+ "grab-keyboard", FALSE,
+ "grab-mouse", FALSE,
"resize-guest", FALSE,
"scaling", TRUE,
NULL);

14
pkgs/applications/virtualization/appvm/0003-Use-name-of-appvm-applications-as-a-title.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/src/virt-viewer-window.c b/src/virt-viewer-window.c
index fe740ce..d45fd4f 100644
--- a/src/virt-viewer-window.c
+++ b/src/virt-viewer-window.c
@@ -1342,6 +1342,9 @@ virt_viewer_window_update_title(VirtViewerWindow *self)
grabhint,
g_get_application_name());
}
+ } else if (g_str_has_prefix(self->subtitle, "appvm_")) {
+ /* Use name of the application as a title */
+ title = g_strdup_printf(_("%s"), &self->subtitle[strlen("appvm_")]);
} else if (self->subtitle) {
/* translators:
* This is "<subtitle> - <appname>"

12
pkgs/applications/virtualization/appvm/0004-Use-title-application-name-as-subtitle.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/src/virt-viewer-app.c b/src/virt-viewer-app.c
index b977b7b..36bce34 100644
--- a/src/virt-viewer-app.c
+++ b/src/virt-viewer-app.c
@@ -976,6 +976,7 @@ virt_viewer_app_set_window_subtitle(VirtViewerApp *app,
*d = '%';
} else
subtitle = g_strdup_printf("%s (%s)", title, desc);
+ subtitle = g_strdup_printf("%s", title);
g_free(desc);
}

48
pkgs/applications/virtualization/appvm/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ lib
, buildGoModule
, fetchFromGitHub
, nix
, virt-viewer
, fetchpatch
, makeWrapper }:
let
# Upstream patches fail with newer virt-viewer. These are own ports to the
# newest virt-viewer version, see:
# https://github.com/jollheef/appvm/issues/28
virt-manager-without-menu = virt-viewer.overrideAttrs(oldAttrs: {
patches = oldAttrs.patches ++ [
./0001-Remove-menu-bar.patch
./0002-Do-not-grab-keyboard-mouse.patch
./0003-Use-name-of-appvm-applications-as-a-title.patch
./0004-Use-title-application-name-as-subtitle.patch
];
});
in
buildGoModule rec {
pname = "appvm";
version = "unstable-2021-12-20";
src = fetchFromGitHub {
owner = "jollheef";
repo = pname;
rev = "17f17be7846d872e7e26d5cb6759a52ea4113587";
sha256 = "sha256-FL5olOy1KufULyqI2dJeS0OnKzC3LfPWxnia2i4f4yY=";
};
vendorSha256 = "sha256-8eU+Mf5dxL/bAMMShXvj8I1Kdd4ysBTWvgYIXwLStPI=";
buildInputs = [ makeWrapper ];
postFixup = ''
wrapProgram $out/bin/appvm \
--prefix PATH : "${lib.makeBinPath [ nix virt-manager-without-menu ]}"
'';
meta = with lib; {
description = "Nix-based app VMs";
homepage = "https://code.dumpstack.io/tools/${pname}";
maintainers = with maintainers; [ dump_stack cab404 onny ];
license = licenses.gpl3;
};
}

27
pkgs/applications/virtualization/aqemu/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ mkDerivation, cmake, fetchFromGitHub, libvncserver, qemu, qtbase, lib
}:
mkDerivation rec {
pname = "aqemu";
version = "0.9.2";
src = fetchFromGitHub {
owner = "tobimensch";
repo = "aqemu";
rev = "v${version}";
sha256 = "1h1mcw8x0jir5p39bs8ka0lcisiyi4jq61fsccgb9hsvl1i8fvk5";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ libvncserver qtbase qemu ];
meta = with lib; {
description = "A virtual machine manager GUI for qemu";
homepage = "https://github.com/tobimensch/aqemu";
license = licenses.gpl2;
maintainers = with maintainers; [ hrdinka ];
platforms = with platforms; linux;
broken = true;
};
}

85
pkgs/applications/virtualization/arion/default.nix Normal file
View file

@ -0,0 +1,85 @@
{ pkgs
, lib
, haskellPackages
, haskell
, runCommand
}:
let
/* This derivation builds the arion tool.
It is based on the arion-compose Haskell package, but adapted and extended to
- have the correct name
- have a smaller closure size
- have functions to use Arion from inside Nix: arion.eval and arion.build
- make it self-contained by including docker-compose
*/
arion =
(justStaticExecutables (
overrideCabal
cabalOverrides
arion-compose
)
).overrideAttrs (o: {
# Patch away the arion-compose name. Unlike the Haskell library, the program
# is called arion (arion was already taken on hackage).
pname = "arion";
});
inherit (haskell.lib.compose) justStaticExecutables overrideCabal;
inherit (haskellPackages) arion-compose;
cabalOverrides = o: {
buildTools = (o.buildTools or []) ++ [pkgs.makeWrapper];
passthru = (o.passthru or {}) // {
inherit eval build;
};
src = arion-compose.src;
# PYTHONPATH
#
# We close off the python module search path!
#
# Accepting directories from the environment into the search path
# tends to break things. Docker Compose does not have a plugin
# system as far as I can tell, so I don't expect this to break a
# feature, but rather to make the program more robustly self-
# contained.
postInstall = ''${o.postInstall or ""}
mkdir -p $out/libexec
mv $out/bin/arion $out/libexec
makeWrapper $out/libexec/arion $out/bin/arion \
--unset PYTHONPATH \
--prefix PATH : ${lib.makeBinPath [ pkgs.docker-compose_1 ]} \
;
'';
};
# Unpacked sources for evaluation by `eval`
srcUnpacked = runCommand "arion-src" {}
"mkdir $out; tar -C $out --strip-components=1 -xf ${arion-compose.src}";
/* Function for evaluating a composition
Re-uses this Nixpkgs evaluation instead of `arion-pkgs.nix`.
Returns the module system's `config` and `options` variables.
*/
eval = args@{...}:
import (srcUnpacked + "/src/nix/eval-composition.nix")
({ inherit pkgs; } // args);
/* Function to derivation of the docker compose yaml file
NOTE: The output will change: https://github.com/hercules-ci/arion/issues/82
This function is particularly useful on CI, although the references
to image tarballs may not always be desirable.
*/
build = args@{...}:
let composition = eval args;
in composition.config.out.dockerComposeYaml;
in arion

27
pkgs/applications/virtualization/buildkit-nix/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "buildkit-nix";
version = "0.0.2";
src = fetchFromGitHub {
owner = "AkihiroSuda";
repo = pname;
rev = "v${version}";
sha256 = "sha256-k9YO4KFIDebfszhKG6RYDFlVfbUPFHRsHRQXXlJ6SoU=";
};
vendorSha256 = "sha256-c+VHt2uTaEQIXsmJ9TA7X5lfMxGL9yKbbnnXn4drCLU=";
CGO_ENABLED = 0;
ldflags = [ "-s" "-w" ];
meta = with lib; {
description = "Nix frontend for BuildKit";
homepage = "https://github.com/AkihiroSuda/buildkit-nix/";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ lesuisse ];
};
}

41
pkgs/applications/virtualization/catatonit/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, glibc, nixosTests }:
stdenv.mkDerivation rec {
pname = "catatonit";
version = "0.1.7";
src = fetchFromGitHub {
owner = "openSUSE";
repo = pname;
rev = "v${version}";
sha256 = "sha256-jX4fYC/rpfd3ro2UZ6OEu4kU5wpusOwmEVPWEjxwlW4=";
};
patches = [
# Pull the fix pending upstream inclusion to support automake-1.16.5:
# https://github.com/openSUSE/catatonit/pull/18
(fetchpatch {
name = "automake-1.16.5.patch";
url = "https://github.com/openSUSE/catatonit/commit/99bb9048f532257f3a2c3856cfa19fe957ab6cec.patch";
sha256 = "sha256-ooxVjtWXJddQiBvO9I5aRyLeL8y3ecxW/Kvtfg/bpRA=";
})
];
nativeBuildInputs = [ autoreconfHook ];
buildInputs = lib.optionals (!stdenv.hostPlatform.isMusl) [ glibc glibc.static ];
doInstallCheck = true;
installCheckPhase = ''
readelf -d $out/bin/catatonit | grep 'There is no dynamic section in this file.'
'';
passthru.tests = { inherit (nixosTests) podman; };
meta = with lib; {
description = "A container init that is so simple it's effectively brain-dead";
homepage = "https://github.com/openSUSE/catatonit";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ erosennin ] ++ teams.podman.members;
platforms = platforms.linux;
};
}

62
pkgs/applications/virtualization/charliecloud/default.nix Normal file
View file

@ -0,0 +1,62 @@
{ lib, stdenv, fetchFromGitHub, python3, docker, autoreconfHook, coreutils, makeWrapper, gnused, gnutar, gzip, findutils, sudo, nixosTests }:
stdenv.mkDerivation rec {
version = "0.24";
pname = "charliecloud";
src = fetchFromGitHub {
owner = "hpc";
repo = "charliecloud";
rev = "v${version}";
sha256 = "sha256-kdaVlwE3vdCxsmJTOUwx8J+9UcBuXbKDwS2MHX2ZPPM=";
};
nativeBuildInputs = [ autoreconfHook makeWrapper ];
buildInputs = [
docker
(python3.withPackages (ps: [ ps.lark ps.requests ]))
];
configureFlags = let
pythonEnv = python3.withPackages (ps: [ ps.lark ps.requests ]);
in [
"--with-python=${pythonEnv}/bin/python3"
];
preConfigure = ''
patchShebangs test/
substituteInPlace configure.ac --replace "/usr/bin/env" "${coreutils}/bin/env"
'';
makeFlags = [
"PREFIX=$(out)"
"LIBEXEC_DIR=lib/charliecloud"
];
# Charliecloud calls some external system tools.
# Here we wrap those deps so they are resolved inside nixpkgs.
postInstall = ''
for file in $out/bin/* ; do \
wrapProgram $file --prefix PATH : ${lib.makeBinPath [ coreutils docker gnused gnutar gzip findutils sudo ]}
done
'';
passthru.tests.charliecloud = nixosTests.charliecloud;
meta = {
description = "User-defined software stacks (UDSS) for high-performance computing (HPC) centers";
longDescription = ''
Charliecloud uses Linux user namespaces to run containers with no
privileged operations or daemons and minimal configuration changes on
center resources. This simple approach avoids most security risks
while maintaining access to the performance and functionality already
on offer.
'';
homepage = "https://hpc.github.io/charliecloud";
license = lib.licenses.asl20;
maintainers = [ lib.maintainers.bzizou ];
platforms = lib.platforms.linux;
};
}

32
pkgs/applications/virtualization/cloud-hypervisor/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, dtc, openssl }:
rustPlatform.buildRustPackage rec {
pname = "cloud-hypervisor";
version = "24.0";
src = fetchFromGitHub {
owner = "cloud-hypervisor";
repo = pname;
rev = "v${version}";
sha256 = "sha256-0QZmIqcBt2qBysosa55nAT7M+hTRX9Q4Z0qtLxK0IWg=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl ] ++ lib.optional stdenv.isAarch64 dtc;
cargoSha256 = "sha256-L6K5SxkmQo+8UpvvWtWG1ZuGivR5+o7FDt0eYa/tXgI=";
OPENSSL_NO_VENDOR = true;
# Integration tests require root.
cargoTestFlags = [ "--bins" ];
meta = with lib; {
homepage = "https://github.com/cloud-hypervisor/cloud-hypervisor";
description = "Open source Virtual Machine Monitor (VMM) that runs on top of KVM";
changelog = "https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v${version}";
license = with licenses; [ asl20 bsd3 ];
maintainers = with maintainers; [ offline qyliss ];
platforms = [ "aarch64-linux" "x86_64-linux" ];
};
}

27
pkgs/applications/virtualization/cntr/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, rustPlatform, fetchFromGitHub, nixosTests }:
rustPlatform.buildRustPackage rec {
pname = "cntr";
version = "1.5.1";
src = fetchFromGitHub {
owner = "Mic92";
repo = "cntr";
rev = version;
sha256 = "sha256-z+0bSxoLJTK4e5xS4CHZ2hNUI56Ci1gbWJsRcN6ZqZA=";
};
cargoSha256 = "sha256-3e5wDne6Idu+kDinHPcAKHfH/d4DrGg90GkiMbyF280=";
passthru.tests = {
nixos = nixosTests.cntr;
};
meta = with lib; {
description = "A container debugging tool based on FUSE";
homepage = "https://github.com/Mic92/cntr";
license = licenses.mit;
platforms = platforms.linux;
maintainers = [ maintainers.mic92 ];
};
}

54
pkgs/applications/virtualization/colima/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ lib
, buildGo118Module
, fetchFromGitHub
, installShellFiles
, lima
, makeWrapper
}:
buildGo118Module rec {
pname = "colima";
version = "0.4.2";
src = fetchFromGitHub {
owner = "abiosoft";
repo = pname;
rev = "v${version}";
sha256 = "sha256-66nKH5jxTzLB9bg2lH1E8Cc0GZ6C/N/+yPYhCVEKOBY=";
# We need the git revision
leaveDotGit = true;
postFetch = ''
git -C $out rev-parse HEAD > $out/.git-revision
rm -rf $out/.git
'';
};
nativeBuildInputs = [ installShellFiles makeWrapper ];
vendorSha256 = "sha256-91Ex3RPWxOHyZcR3Bo+bRdDAFw2mEGiC/uNKjdX2kuw=";
doCheck = false;
preConfigure = ''
ldflags="-X github.com/abiosoft/colima/config.appVersion=${version}
-X github.com/abiosoft/colima/config.revision=$(cat .git-revision)"
'';
postInstall = ''
wrapProgram $out/bin/colima \
--prefix PATH : ${lib.makeBinPath [ lima ]}
installShellCompletion --cmd colima \
--bash <($out/bin/colima completion bash) \
--fish <($out/bin/colima completion fish) \
--zsh <($out/bin/colima completion zsh)
'';
meta = with lib; {
description = "Container runtimes on MacOS with minimal setup";
homepage = "https://github.com/abiosoft/colima";
license = licenses.mit;
maintainers = with maintainers; [ aaschmid ];
};
}

45
pkgs/applications/virtualization/conmon/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib
, stdenv
, fetchFromGitHub
, pkg-config
, glib
, glibc
, libseccomp
, systemd
, nixosTests
}:
stdenv.mkDerivation rec {
pname = "conmon";
version = "2.1.1";
src = fetchFromGitHub {
owner = "containers";
repo = pname;
rev = "v${version}";
sha256 = "sha256-HzLRwJwzvXhQOcmBp55I54sAnCKPeQw99H/XMOegOHo=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ glib libseccomp systemd ]
++ lib.optionals (!stdenv.hostPlatform.isMusl) [ glibc glibc.static ];
# manpage requires building the vendored go-md2man
makeFlags = [ "bin/conmon" ];
installPhase = ''
runHook preInstall
install -D bin/conmon -t $out/bin
runHook postInstall
'';
passthru.tests = { inherit (nixosTests) cri-o podman; };
meta = with lib; {
homepage = "https://github.com/containers/conmon";
description = "An OCI container runtime monitor";
license = licenses.asl20;
maintainers = with maintainers; [ ] ++ teams.podman.members;
platforms = platforms.linux;
};
}

54
pkgs/applications/virtualization/containerd/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ lib
, fetchFromGitHub
, buildGoModule
, btrfs-progs
, go-md2man
, installShellFiles
, util-linux
, nixosTests
}:
buildGoModule rec {
pname = "containerd";
version = "1.6.6";
src = fetchFromGitHub {
owner = "containerd";
repo = "containerd";
rev = "v${version}";
sha256 = "sha256-cmarbad6VzcGTCHT/NtApkYsK/oo6WZQ//q8Fvh+ez8=";
};
vendorSha256 = null;
nativeBuildInputs = [ go-md2man installShellFiles util-linux ];
buildInputs = [ btrfs-progs ];
BUILDTAGS = lib.optionals (btrfs-progs == null) [ "no_btrfs" ];
buildPhase = ''
runHook preBuild
patchShebangs .
make binaries "VERSION=v${version}" "REVISION=${src.rev}"
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm555 bin/* -t $out/bin
installShellCompletion --bash contrib/autocomplete/ctr
installShellCompletion --zsh --name _ctr contrib/autocomplete/zsh_autocomplete
runHook postInstall
'';
passthru.tests = { inherit (nixosTests) docker; };
meta = with lib; {
homepage = "https://containerd.io/";
description = "A daemon to control runC";
license = licenses.asl20;
maintainers = with maintainers; [ offline vdemeester endocrimes zowoq ];
platforms = platforms.linux;
};
}

73
pkgs/applications/virtualization/cri-o/default.nix Normal file
View file

@ -0,0 +1,73 @@
{ lib
, btrfs-progs
, buildGoModule
, fetchFromGitHub
, glibc
, gpgme
, installShellFiles
, libapparmor
, libseccomp
, libselinux
, lvm2
, pkg-config
, nixosTests
}:
buildGoModule rec {
pname = "cri-o";
version = "1.24.1";
src = fetchFromGitHub {
owner = "cri-o";
repo = "cri-o";
rev = "v${version}";
sha256 = "sha256-/AoZKeUcYF1fyYtllXpB7GNWR/6SWEOy2ffDLYbTp9E=";
};
vendorSha256 = null;
doCheck = false;
outputs = [ "out" "man" ];
nativeBuildInputs = [ installShellFiles pkg-config ];
buildInputs = [
btrfs-progs
gpgme
libapparmor
libseccomp
libselinux
lvm2
] ++ lib.optionals (glibc != null) [ glibc glibc.static ];
BUILDTAGS = "apparmor seccomp selinux containers_image_openpgp containers_image_ostree_stub";
buildPhase = ''
runHook preBuild
make binaries docs BUILDTAGS="$BUILDTAGS"
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm755 bin/* -t $out/bin
for shell in bash fish zsh; do
installShellCompletion --$shell completions/$shell/*
done
installManPage docs/*.[1-9]
runHook postInstall
'';
passthru.tests = { inherit (nixosTests) cri-o; };
meta = with lib; {
homepage = "https://cri-o.io";
description = ''
Open Container Initiative-based implementation of the
Kubernetes Container Runtime Interface
'';
license = licenses.asl20;
maintainers = with maintainers; [ ] ++ teams.podman.members;
platforms = platforms.linux;
};
}

53
pkgs/applications/virtualization/cri-o/wrapper.nix Normal file
View file

@ -0,0 +1,53 @@
{ cri-o-unwrapped
, runCommand
, makeWrapper
, lib
, extraPackages ? []
, cri-o
, runc # Default container runtime
, crun # Container runtime (default with cgroups v2 for podman/buildah)
, conmon # Container runtime monitor
, util-linux # nsenter
, cni-plugins # not added to path
, iptables
}:
let
cri-o = cri-o-unwrapped;
binPath = lib.makeBinPath ([
runc
crun
conmon
util-linux
iptables
] ++ extraPackages);
in runCommand cri-o.name {
name = "${cri-o.pname}-wrapper-${cri-o.version}";
inherit (cri-o) pname version passthru;
preferLocalBuild = true;
meta = builtins.removeAttrs cri-o.meta [ "outputsToInstall" ];
outputs = [
"out"
"man"
];
nativeBuildInputs = [
makeWrapper
];
} ''
ln -s ${cri-o.man} $man
mkdir -p $out/bin
ln -s ${cri-o-unwrapped}/share $out/share
for p in ${cri-o-unwrapped}/bin/*; do
makeWrapper $p $out/bin/''${p##*/} \
--prefix PATH : ${binPath}
done
''

1500
pkgs/applications/virtualization/crosvm/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

15
pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff Normal file
View file

@ -0,0 +1,15 @@
diff --git a/src/crosvm.rs b/src/crosvm.rs
index b7055df..5989c87 100644
--- a/src/crosvm.rs
+++ b/src/crosvm.rs
@@ -141,7 +141,9 @@ impl Default for Config {
x_display: None,
shared_dirs: Vec::new(),
sandbox: !cfg!(feature = "default-no-sandbox"),
- seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR),
+ seccomp_policy_dir: PathBuf::from(
+ option_env!("DEFAULT_SECCOMP_POLICY_DIR").unwrap_or(SECCOMP_POLICY_DIR),
+ ),
seccomp_log_failures: false,
cras_audio: false,
cras_capture: false,

61
pkgs/applications/virtualization/crosvm/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ stdenv, lib, rustPlatform, fetchgit
, pkg-config, wayland-scanner, libcap, minijail, wayland, wayland-protocols
, linux
}:
let
upstreamInfo = with builtins; fromJSON (readFile ./upstream-info.json);
arch = with stdenv.hostPlatform;
if isAarch64 then "arm"
else if isx86_64 then "x86_64"
else throw "no seccomp policy files available for host platform";
in
rustPlatform.buildRustPackage rec {
pname = "crosvm";
inherit (upstreamInfo) version;
src = fetchgit (builtins.removeAttrs upstreamInfo.src [ "date" "path" ]);
patches = [
./default-seccomp-policy-dir.diff
];
cargoLock.lockFile = ./Cargo.lock;
nativeBuildInputs = [ pkg-config wayland-scanner ];
buildInputs = [ libcap minijail wayland wayland-protocols ];
postPatch = ''
cp ${./Cargo.lock} Cargo.lock
sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \
seccomp/*/*.policy
'';
preBuild = ''
export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy
'';
postInstall = ''
mkdir -p $out/share/policy/
cp seccomp/${arch}/* $out/share/policy/
'';
CROSVM_CARGO_TEST_KERNEL_BINARY =
lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform)
"${linux}/${stdenv.hostPlatform.linux-kernel.target}";
passthru.updateScript = ./update.py;
meta = with lib; {
description = "A secure virtual machine monitor for KVM";
homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/";
maintainers = with maintainers; [ qyliss ];
license = licenses.bsd3;
platforms = [ "aarch64-linux" "x86_64-linux" ];
};
}

7
pkgs/applications/virtualization/crosvm/generate-cargo.sh Normal file
View file

@ -0,0 +1,7 @@
dir="$(mktemp -d)" &&
cd "$dir" &&
unpackPhase &&
cd "${sourceRoot:-}" &&
cargo generate-lockfile &&
mv Cargo.lock "$1"
rm -rf "$dir"

92
pkgs/applications/virtualization/crosvm/update.py Executable file
View file

@ -0,0 +1,92 @@
#! /usr/bin/env nix-shell
#! nix-shell -p nix-prefetch-git "python3.withPackages (ps: with ps; [ lxml ])"
#! nix-shell -i python
import base64
import json
import re
import shlex
import subprocess
from codecs import iterdecode
from os.path import abspath, dirname, splitext
from lxml import etree
from lxml.etree import HTMLParser
from urllib.request import urlopen
git_path = 'chromiumos/platform/crosvm'
git_root = 'https://chromium.googlesource.com/'
manifest_versions = f'{git_root}chromiumos/manifest-versions'
buildspecs_url = f'{manifest_versions}/+/refs/heads/master/full/buildspecs/'
# CrOS version numbers look like this:
# [<chrome-major-version>.]<tip-build>.<branch-build>.<branch-branch-build>
#
# As far as I can tell, branches are where internal Google
# modifications are added to turn Chromium OS into Chrome OS, and
# branch branches are used for fixes for specific devices. So for
# Chromium OS they will always be 0. This is a best guess, and is not
# documented.
with urlopen('https://cros-updates-serving.appspot.com/') as resp:
document = etree.parse(resp, HTMLParser())
# bgcolor="lightgreen" is set on the most up-to-date version for
# each channel, so find a lightgreen cell in the "Stable" column.
(platform_version, chrome_version) = document.xpath("""
(//table[@id="cros-updates"]/tr/td[1 + count(
//table[@id="cros-updates"]/thead/tr[1]/th[text() = "Stable"]
/preceding-sibling::*)
][@bgcolor="lightgreen"])[1]/text()
""")
chrome_major_version = re.match(r'\d+', chrome_version)[0]
chromeos_tip_build = re.match(r'\d+', platform_version)[0]
# Find the most recent buildspec for the stable Chrome version and
# Chromium OS build number. Its branch build and branch branch build
# numbers will (almost?) certainly be 0. It will then end with an rc
# number -- presumably these are release candidates, one of which
# becomes the final release. Presumably the one with the highest rc
# number.
with urlopen(f'{buildspecs_url}{chrome_major_version}/?format=TEXT') as resp:
listing = base64.decodebytes(resp.read()).decode('utf-8')
buildspecs = [(line.split('\t', 1)[1]) for line in listing.splitlines()]
buildspecs = [s for s in buildspecs if s.startswith(chromeos_tip_build)]
buildspecs.sort(reverse=True)
buildspec = splitext(buildspecs[0])[0]
# Read the buildspec, and extract the git revision.
with urlopen(f'{buildspecs_url}{chrome_major_version}/{buildspec}.xml?format=TEXT') as resp:
xml = base64.decodebytes(resp.read())
root = etree.fromstring(xml)
revision = root.find(f'./project[@name="{git_path}"]').get('revision')
# Initialize the data that will be output from this script. Leave the
# rc number in buildspec so nobody else is subject to the same level
# of confusion I have been.
data = {'version': f'{chrome_major_version}.{buildspec}'}
# Fill in the 'src' key with the output from nix-prefetch-git, which
# can be passed straight to fetchGit when imported by Nix.
argv = ['nix-prefetch-git',
'--fetch-submodules',
'--url', git_root + git_path,
'--rev', revision]
output = subprocess.check_output(argv)
data['src'] = json.loads(output.decode('utf-8'))
# Find the path to crosvm's default.nix, so the src data can be
# written into the same directory.
argv = ['nix-instantiate', '--eval', '--json', '-A', 'crosvm.meta.position']
position = json.loads(subprocess.check_output(argv).decode('utf-8'))
filename = re.match(r'[^:]*', position)[0]
# Write the output.
with open(dirname(filename) + '/upstream-info.json', 'w') as out:
json.dump(data, out, indent=2)
out.write('\n')
# Generate a Cargo.lock
run = ['.',
dirname(abspath(__file__)) + '/generate-cargo.sh',
dirname(filename) + '/Cargo.lock']
expr = '(import ./. {}).crosvm.overrideAttrs (_: { dontCargoSetupPostUnpack = true; })'
subprocess.run(['nix-shell', '-E', expr, '--run', shlex.join(run)])

14
pkgs/applications/virtualization/crosvm/upstream-info.json Normal file
View file

@ -0,0 +1,14 @@
{
"version": "100.14526.0.0-rc1",
"src": {
"url": "https://chromium.googlesource.com/chromiumos/platform/crosvm",
"rev": "bdf5e4d4379030cfa2d0510328b8acce73162217",
"date": "2022-02-14T19:13:41+00:00",
"path": "/nix/store/xw31chiwnpzgcp07nf448g2npcwiwkkm-crosvm-bdf5e4d",
"sha256": "0mrnjyyqmz24z1yvdq2mysmhmz0577k8kf9y4v51g7860crqp9ji",
"fetchLFS": false,
"fetchSubmodules": true,
"deepClone": false,
"leaveDotGit": false
}
}

81
pkgs/applications/virtualization/crun/default.nix Normal file
View file

@ -0,0 +1,81 @@
{ stdenv
, lib
, fetchFromGitHub
, autoreconfHook
, go-md2man
, pkg-config
, libcap
, libseccomp
, python3
, systemd
, yajl
, nixosTests
, criu
}:
let
# these tests require additional permissions
disabledTests = [
"test_capabilities.py"
"test_cwd.py"
"test_delete.py"
"test_detach.py"
"test_exec.py"
"test_hooks.py"
"test_hostname.py"
"test_paths.py"
"test_pid.py"
"test_pid_file.py"
"test_preserve_fds.py"
"test_resources"
"test_seccomp"
"test_start.py"
"test_uid_gid.py"
"test_update.py"
"tests_libcrun_utils"
];
in
stdenv.mkDerivation rec {
pname = "crun";
version = "1.4.5";
src = fetchFromGitHub {
owner = "containers";
repo = pname;
rev = version;
sha256 = "sha256-YXbyGUY/E8odjljDok+yYyU8yZSyUFc22zumrUuuXXQ=";
fetchSubmodules = true;
};
nativeBuildInputs = [ autoreconfHook go-md2man pkg-config python3 ];
buildInputs = [ libcap libseccomp systemd yajl ]
# Criu currently only builds on x86_64-linux
++ lib.optional (lib.elem stdenv.hostPlatform.system criu.meta.platforms) criu;
enableParallelBuilding = true;
# we need this before autoreconfHook does its thing in order to initialize
# config.h with the correct values
postPatch = ''
echo ${version} > .tarball-version
echo '#define GIT_VERSION "${src.rev}"' > git-version.h
${lib.concatMapStringsSep "\n" (e:
"substituteInPlace Makefile.am --replace 'tests/${e}' ''"
) disabledTests}
'';
doCheck = true;
passthru.tests = { inherit (nixosTests) podman; };
meta = with lib; {
description = "A fast and lightweight fully featured OCI runtime and C library for running containers";
license = licenses.gpl2Plus;
platforms = platforms.linux;
inherit (src.meta) homepage;
maintainers = with maintainers; [ ] ++ teams.podman.members;
};
}

38
pkgs/applications/virtualization/distrobox/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ stdenvNoCC, lib, fetchFromGitHub }:
stdenvNoCC.mkDerivation rec {
pname = "distrobox";
version = "1.3.0";
src = fetchFromGitHub {
owner = "89luca89";
repo = pname;
rev = version;
sha256 = "sha256-31SDi9B6Ug6lRDMgaMp6lwdSsmQ7ywEwjG1Ez/jXjBc=";
};
dontConfigure = true;
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
./install -p $out/bin
runHook postInstall
'';
meta = with lib; {
description = "Wrapper around podman or docker to create and start containers";
longDescription = ''
Use any linux distribution inside your terminal. Enable both backward and
forward compatibility with software and freedom to use whatever distribution
youre more comfortable with
'';
homepage = "https://distrobox.privatedns.org/";
license = licenses.gpl3Only;
platforms = platforms.all;
maintainers = with maintainers; [ atila ];
};
}

40
pkgs/applications/virtualization/docker-slim/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ lib, buildGoModule, fetchFromGitHub, makeWrapper }:
buildGoModule rec {
pname = "docker-slim";
version = "1.37.6";
src = fetchFromGitHub {
owner = "docker-slim";
repo = "docker-slim";
rev = version;
sha256 = "sha256-Jzi6JC6DRklZhNqmFx6eHx6qR8/fb/JuSpgwtPThcc4=";
};
vendorSha256 = null;
subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ];
nativeBuildInputs = [ makeWrapper ];
ldflags = [
"-s"
"-w"
"-X github.com/docker-slim/docker-slim/pkg/version.appVersionTag=${version}"
"-X github.com/docker-slim/docker-slim/pkg/version.appVersionRev=${src.rev}"
];
# docker-slim tries to create its state dir next to the binary (inside the nix
# store), so we set it to use the working directory at the time of invocation
postInstall = ''
wrapProgram "$out/bin/docker-slim" --add-flags '--state-path "$(pwd)"'
'';
meta = with lib; {
description = "Minify and secure Docker containers";
homepage = "https://dockersl.im/";
changelog = "https://github.com/docker-slim/docker-slim/raw/${version}/CHANGELOG.md";
license = licenses.asl20;
maintainers = with maintainers; [ Br1ght0ne marsam mbrgm ];
};
}

25
pkgs/applications/virtualization/docker/buildx.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "docker-buildx";
version = "0.8.2";
src = fetchFromGitHub {
owner = "docker";
repo = "buildx";
rev = "v${version}";
sha256 = "sha256-AGRdmYKd76k5tmBTTqsSHj3yOU8QSd11G5ito0O/dWY=";
};
vendorSha256 = null;
installPhase = ''
install -D $GOPATH/bin/buildx $out/libexec/docker/cli-plugins/docker-buildx
'';
meta = with lib; {
description = "Docker CLI plugin for extended build capabilities with BuildKit";
license = licenses.asl20;
maintainers = [ maintainers.ivan-babrou ];
};
}

34
pkgs/applications/virtualization/docker/compose.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "docker-compose";
version = "2.6.0";
src = fetchFromGitHub {
owner = "docker";
repo = "compose";
rev = "v${version}";
sha256 = "sha256-Fg99ugaqH/jL3KUZ5Vh/SJnqzEyOaR/KuPFwt2oqXxM=";
};
vendorSha256 = "sha256-7uNQNO+EI90J2Btz2tnumKqd+AtVWON+Csh6tkTNKNA=";
ldflags = [ "-X github.com/docker/compose/v2/internal.Version=${version}" "-s" "-w" ];
doCheck = false;
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/cmd $out/libexec/docker/cli-plugins/docker-compose
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-compose $out/bin/docker-compose
runHook postInstall
'';
meta = with lib; {
description = "Docker CLI plugin to define and run multi-container applications with Docker";
homepage = "https://github.com/docker/compose";
license = licenses.asl20;
maintainers = with maintainers; [ babariviere SuperSandro2000 ];
};
}

48
pkgs/applications/virtualization/docker/compose_1.nix Normal file
View file

@ -0,0 +1,48 @@
{ lib, buildPythonApplication, fetchPypi, pythonOlder
, installShellFiles
, mock, pytest, nose
, pyyaml, backports_ssl_match_hostname, colorama, docopt
, dockerpty, docker, jsonschema, requests
, six, texttable, websocket-client, cached-property
, enum34, functools32, paramiko, distro, python-dotenv
}:
buildPythonApplication rec {
version = "1.29.2";
pname = "docker-compose";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-TIzZ0h0jdBJ5PRi9MxEASe6a+Nqz/iwhO70HM5WbCbc=";
};
# lots of networking and other fails
doCheck = false;
nativeBuildInputs = [ installShellFiles ];
checkInputs = [ mock pytest nose ];
propagatedBuildInputs = [
pyyaml colorama dockerpty docker
jsonschema requests six texttable websocket-client
docopt cached-property paramiko distro python-dotenv
] ++ lib.optional (pythonOlder "3.7") backports_ssl_match_hostname
++ lib.optional (pythonOlder "3.4") enum34
++ lib.optional (pythonOlder "3.2") functools32;
postPatch = ''
# Remove upper bound on requires, see also
# https://github.com/docker/compose/issues/4431
sed -i "s/, < .*',$/',/" setup.py
'';
postInstall = ''
installShellCompletion --bash contrib/completion/bash/docker-compose
installShellCompletion --zsh contrib/completion/zsh/_docker-compose
'';
meta = with lib; {
homepage = "https://docs.docker.com/compose/";
description = "Multi-container orchestration for Docker";
license = licenses.asl20;
maintainers = with maintainers; [ Frostman ];
};
}

262
pkgs/applications/virtualization/docker/default.nix Normal file
View file

@ -0,0 +1,262 @@
{ lib, callPackage, fetchFromGitHub }:
with lib;
rec {
dockerGen = {
version, rev, sha256
, moby-src
, runcRev, runcSha256
, containerdRev, containerdSha256
, tiniRev, tiniSha256, buildxSupport ? true, composeSupport ? true
# package dependencies
, stdenv, fetchFromGitHub, fetchpatch, buildGoPackage
, makeWrapper, installShellFiles, pkg-config, glibc
, go-md2man, go, containerd, runc, docker-proxy, tini, libtool
, sqlite, iproute2, lvm2, systemd, docker-buildx, docker-compose
, btrfs-progs, iptables, e2fsprogs, xz, util-linux, xfsprogs, git
, procps, libseccomp, rootlesskit, slirp4netns, fuse-overlayfs
, nixosTests
, clientOnly ? !stdenv.isLinux, symlinkJoin
}:
let
docker-runc = runc.overrideAttrs (oldAttrs: {
name = "docker-runc-${version}";
inherit version;
src = fetchFromGitHub {
owner = "opencontainers";
repo = "runc";
rev = runcRev;
sha256 = runcSha256;
};
# docker/runc already include these patches / are not applicable
patches = [];
});
docker-containerd = containerd.overrideAttrs (oldAttrs: {
name = "docker-containerd-${version}";
inherit version;
src = fetchFromGitHub {
owner = "containerd";
repo = "containerd";
rev = containerdRev;
sha256 = containerdSha256;
};
buildInputs = oldAttrs.buildInputs ++ [ libseccomp ];
});
docker-tini = tini.overrideAttrs (oldAttrs: {
name = "docker-init-${version}";
inherit version;
src = fetchFromGitHub {
owner = "krallin";
repo = "tini";
rev = tiniRev;
sha256 = tiniSha256;
};
# Do not remove static from make files as we want a static binary
postPatch = "";
buildInputs = [ glibc glibc.static ];
NIX_CFLAGS_COMPILE = "-DMINIMAL=ON";
});
moby = buildGoPackage ((optionalAttrs (stdenv.isLinux)) rec {
name = "moby-${version}";
inherit version;
inherit docker-runc docker-containerd docker-proxy docker-tini;
src = moby-src;
goPackagePath = "github.com/docker/docker";
nativeBuildInputs = [ makeWrapper pkg-config go-md2man go libtool installShellFiles ];
buildInputs = [ sqlite lvm2 btrfs-progs systemd libseccomp ];
extraPath = optionals (stdenv.isLinux) (makeBinPath [ iproute2 iptables e2fsprogs xz xfsprogs procps util-linux git ]);
extraUserPath = optionals (stdenv.isLinux && !clientOnly) (makeBinPath [ rootlesskit slirp4netns fuse-overlayfs ]);
patches = [
# This patch incorporates code from a PR fixing using buildkit with the ZFS graph driver.
# It could be removed when a version incorporating this patch is released.
(fetchpatch {
name = "buildkit-zfs.patch";
url = "https://github.com/moby/moby/pull/43136.patch";
sha256 = "1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8=";
})
];
postPatch = ''
patchShebangs hack/make.sh hack/make/
'';
buildPhase = ''
export GOCACHE="$TMPDIR/go-cache"
# build engine
cd ./go/src/${goPackagePath}
export AUTO_GOPATH=1
export DOCKER_GITCOMMIT="${rev}"
export VERSION="${version}"
./hack/make.sh dynbinary
cd -
'';
installPhase = ''
cd ./go/src/${goPackagePath}
install -Dm755 ./bundles/dynbinary-daemon/dockerd $out/libexec/docker/dockerd
makeWrapper $out/libexec/docker/dockerd $out/bin/dockerd \
--prefix PATH : "$out/libexec/docker:$extraPath"
ln -s ${docker-containerd}/bin/containerd $out/libexec/docker/containerd
ln -s ${docker-containerd}/bin/containerd-shim $out/libexec/docker/containerd-shim
ln -s ${docker-runc}/bin/runc $out/libexec/docker/runc
ln -s ${docker-proxy}/bin/docker-proxy $out/libexec/docker/docker-proxy
ln -s ${docker-tini}/bin/tini-static $out/libexec/docker/docker-init
# systemd
install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service
substituteInPlace $out/etc/systemd/system/docker.service --replace /usr/bin/dockerd $out/bin/dockerd
install -Dm644 ./contrib/init/systemd/docker.socket $out/etc/systemd/system/docker.socket
# rootless Docker
install -Dm755 ./contrib/dockerd-rootless.sh $out/libexec/docker/dockerd-rootless.sh
makeWrapper $out/libexec/docker/dockerd-rootless.sh $out/bin/dockerd-rootless \
--prefix PATH : "$out/libexec/docker:$extraPath:$extraUserPath"
'';
DOCKER_BUILDTAGS = []
++ optional (systemd != null) [ "journald" ]
++ optional (btrfs-progs == null) "exclude_graphdriver_btrfs"
++ optional (lvm2 == null) "exclude_graphdriver_devicemapper"
++ optional (libseccomp != null) "seccomp";
});
plugins = optionals buildxSupport [ docker-buildx ]
++ optionals composeSupport [ docker-compose ];
pluginsRef = symlinkJoin { name = "docker-plugins"; paths = plugins; };
in
buildGoPackage ((optionalAttrs (!clientOnly) {
inherit docker-runc docker-containerd docker-proxy docker-tini moby;
}) // rec {
inherit version rev;
pname = "docker";
src = fetchFromGitHub {
owner = "docker";
repo = "cli";
rev = "v${version}";
sha256 = sha256;
};
goPackagePath = "github.com/docker/cli";
nativeBuildInputs = [
makeWrapper pkg-config go-md2man go libtool installShellFiles
];
buildInputs = optionals (!clientOnly) [
sqlite lvm2 btrfs-progs systemd libseccomp
] ++ plugins;
postPatch = ''
patchShebangs man scripts/build/
substituteInPlace ./scripts/build/.variables --replace "set -eu" ""
'' + optionalString (plugins != []) ''
substituteInPlace ./cli-plugins/manager/manager_unix.go --replace /usr/libexec/docker/cli-plugins \
"${pluginsRef}/libexec/docker/cli-plugins"
'';
# Keep eyes on BUILDTIME format - https://github.com/docker/cli/blob/${version}/scripts/build/.variables
buildPhase = ''
export GOCACHE="$TMPDIR/go-cache"
cd ./go/src/${goPackagePath}
# Mimic AUTO_GOPATH
mkdir -p .gopath/src/github.com/docker/
ln -sf $PWD .gopath/src/github.com/docker/cli
export GOPATH="$PWD/.gopath:$GOPATH"
export GITCOMMIT="${rev}"
export VERSION="${version}"
export BUILDTIME="1970-01-01T00:00:00Z"
source ./scripts/build/.variables
export CGO_ENABLED=1
go build -tags pkcs11 --ldflags "$GO_LDFLAGS" github.com/docker/cli/cmd/docker
cd -
'';
outputs = ["out" "man"];
installPhase = ''
cd ./go/src/${goPackagePath}
install -Dm755 ./docker $out/libexec/docker/docker
makeWrapper $out/libexec/docker/docker $out/bin/docker \
--prefix PATH : "$out/libexec/docker:$extraPath"
'' + optionalString (!clientOnly) ''
# symlink docker daemon to docker cli derivation
ln -s ${moby}/bin/dockerd $out/bin/dockerd
ln -s ${moby}/bin/dockerd-rootless $out/bin/dockerd-rootless
# systemd
mkdir -p $out/etc/systemd/system
ln -s ${moby}/etc/systemd/system/docker.service $out/etc/systemd/system/docker.service
ln -s ${moby}/etc/systemd/system/docker.socket $out/etc/systemd/system/docker.socket
'' + ''
# completion (cli)
installShellCompletion --bash ./contrib/completion/bash/docker
installShellCompletion --fish ./contrib/completion/fish/docker.fish
installShellCompletion --zsh ./contrib/completion/zsh/_docker
'' + lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
# Generate man pages from cobra commands
echo "Generate man pages from cobra"
mkdir -p ./man/man1
go build -o ./gen-manpages github.com/docker/cli/man
./gen-manpages --root . --target ./man/man1
'' + ''
# Generate legacy pages from markdown
echo "Generate legacy manpages"
./man/md2man-all.sh -q
installManPage man/*/*.[1-9]
'';
passthru.tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; };
meta = {
homepage = "https://www.docker.com/";
description = "An open source project to pack, ship and run any application as a lightweight container";
license = licenses.asl20;
maintainers = with maintainers; [ offline tailhook vdemeester periklis mikroskeem maxeaubrey ];
platforms = with platforms; linux ++ darwin;
};
# Exposed for tarsum build on non-linux systems (build-support/docker/default.nix)
inherit moby-src;
});
# Get revisions from
# https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/*
docker_20_10 = callPackage dockerGen rec {
version = "20.10.16";
rev = "v${version}";
sha256 = "sha256-Sktjh1JabeXrmWljLe5G934cxgChN0u3vdmQXasEFro=";
moby-src = fetchFromGitHub {
owner = "moby";
repo = "moby";
rev = "v${version}";
sha256 = "sha256-3dog2aGbFKiYzsPTXkG+bo9xjTWZYlmWxtrqXjdzO2s=";
};
runcRev = "v1.1.1";
runcSha256 = "sha256-6g2km+Y45INo2MTWMFFQFhfF8DAR5Su+YrJS8k3LYBY=";
containerdRev = "v1.6.4";
containerdSha256 = "sha256-425BcVHCliAHFQqGn6sWH/ahDX3JR6l/sYZWHpgmZW0=";
tiniRev = "v0.19.0";
tiniSha256 = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI=";
};
}

23
pkgs/applications/virtualization/docker/distribution.nix Normal file
View file

@ -0,0 +1,23 @@
{ lib, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
pname = "distribution";
version = "2.7.1";
rev = "v${version}";
goPackagePath = "github.com/docker/distribution";
src = fetchFromGitHub {
owner = "docker";
repo = "distribution";
inherit rev;
sha256 = "1nx8b5a68rn81alp8wkkw6qd5v32mgf0fk23mxm60zdf63qk1nzw";
};
meta = with lib; {
description = "The Docker toolset to pack, ship, store, and deliver content";
license = licenses.asl20;
maintainers = [ maintainers.globin ];
platforms = platforms.unix;
};
}

33
pkgs/applications/virtualization/docker/gc.nix Normal file
View file

@ -0,0 +1,33 @@
{ stdenv, lib, fetchFromGitHub, makeWrapper, docker, coreutils, procps, gnused, findutils, gnugrep }:
with lib;
stdenv.mkDerivation rec {
pname = "docker-gc";
version = "unstable-2015-10-5";
src = fetchFromGitHub {
owner = "spotify";
repo = "docker-gc";
rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc";
sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp docker-gc $out/bin
chmod +x $out/bin/docker-gc
wrapProgram $out/bin/docker-gc \
--prefix PATH : "${lib.makeBinPath [ docker coreutils procps gnused findutils gnugrep ]}"
'';
meta = {
description = "Docker garbage collection of containers and images";
license = licenses.asl20;
homepage = "https://github.com/spotify/docker-gc";
maintainers = with maintainers; [offline];
platforms = docker.meta.platforms;
};
}

27
pkgs/applications/virtualization/docker/proxy.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
pname = "docker-proxy";
version = "unstable-2020-12-15";
src = fetchFromGitHub {
owner = "docker";
repo = "libnetwork";
rev = "fa125a3512ee0f6187721c88582bf8c4378bd4d7";
sha256 = "1r47y0gww3j7fas4kgiqbhrz5fazsx1c6sxnccdfhj8fzik77s9y";
};
goPackagePath = "github.com/docker/libnetwork";
installPhase = ''
install -m755 -D ./go/bin/proxy $out/bin/docker-proxy
'';
meta = with lib; {
description = "Docker proxy binary to forward traffic between host and containers";
license = licenses.asl20;
homepage = "https://github.com/docker/libnetwork";
maintainers = with maintainers; [vdemeester];
platforms = platforms.linux;
};
}

31
pkgs/applications/virtualization/driver/win-pvdrivers/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, stdenv, fetchFromGitHub }:
stdenv.mkDerivation {
pname = "win-pvdrivers";
version = "unstable-2015-07-01";
src = fetchFromGitHub {
owner = "ts468";
repo = "win-pvdrivers";
rev = "3054d645fc3ee182bea3e97ff01869f01cc3637a";
sha256 = "6232ca2b7c9af874abbcb9262faf2c74c819727ed2eb64599c790879df535106";
};
buildPhase =
let unpack = x: "tar xf $src/${x}.tar; mkdir -p x86/${x} amd64/${x}; cp ${x}/x86/* x86/${x}/.; cp ${x}/x64/* amd64/${x}/.";
in lib.concatStringsSep "\n" (map unpack [ "xenbus" "xeniface" "xenvif" "xennet" "xenvbd" ]);
installPhase = ''
mkdir -p $out
cp -r x86 $out/.
cp -r amd64 $out/.
'';
meta = with lib; {
description = "Xen Subproject: Windows PV Driver";
homepage = "http://xenproject.org/downloads/windows-pv-drivers.html";
maintainers = with maintainers; [ tstrobel ];
platforms = platforms.linux;
license = licenses.bsd3;
};
}

38
pkgs/applications/virtualization/driver/win-qemu/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, stdenv, fetchurl, p7zip }:
stdenv.mkDerivation rec {
pname = "win-qemu";
version = "0.1.105-1";
dontUnpack = true;
src = fetchurl {
url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-${version}/virtio-win.iso";
sha256 = "065gz7s77y0q9kfqbr27451sr28rm9azpi88sqjkfph8c6r8q3wc";
};
buildPhase = ''
${p7zip}/bin/7z x $src
'';
installPhase =
let
copy_pvpanic = arch: version: "mkdir -p $out/${arch}/qemupanic; cp pvpanic/${version}/${arch}/* $out/${arch}/qemupanic/. \n";
copy_pciserial = arch: "mkdir -p $out/${arch}/qemupciserial; cp qemupciserial/* $out/${arch}/qemupciserial/. \n";
copy_agent = arch: ''
mkdir -p $out/${arch}/qemuagent
cp guest-agent/${if arch=="x86" then "qemu-ga-x86.msi" else "qemu-ga-x64.msi"} $out/${arch}/qemuagent/qemu-guest-agent.msi
(cd $out/${arch}/qemuagent; ${p7zip}/bin/7z x qemu-guest-agent.msi; rm qemu-guest-agent.msi)
'';
copy = arch: version: (copy_pvpanic arch version) + (copy_pciserial arch) + (copy_agent arch);
in
(copy "amd64" "w8.1") + (copy "x86" "w8.1");
meta = with lib; {
description = "Windows QEMU Drivers";
homepage = "https://fedoraproject.org/wiki/Windows_Virtio_Drivers";
maintainers = [ maintainers.tstrobel ];
platforms = platforms.linux;
license = licenses.gpl2;
};
}

46
pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix Normal file
View file

@ -0,0 +1,46 @@
{ lib, stdenv, fetchurl, p7zip }:
let
src_x86 = fetchurl {
url = "http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x32_signed_0.11.0.373.msi";
sha256 = "04r11xw8ikjmcdhrsk878c86g0d0pvras5arsas3zs6dhgjykqap";
};
src_amd64 = fetchurl {
url = "http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x64_signed_0.11.0.373.msi";
sha256 = "00k628mg9b039p8lmg2l9n81dr15svy70p3m6xmq6f0frmci38ph";
};
in
stdenv.mkDerivation {
pname = "gplpv";
version = "0.11.0.373";
dontUnpack = true;
buildPhase = ''
mkdir -p x86
(cd x86; ${p7zip}/bin/7z e ${src_x86})
mkdir -p amd64
(cd amd64; ${p7zip}/bin/7z e ${src_amd64})
'';
installPhase = ''
mkdir -p $out/x86 $out/amd64
cp x86/* $out/x86/.
cp amd64/* $out/amd64/.
'';
meta = with lib; {
description = ''
A collection of open source Window PV drivers that allow
Windows to be para-virtualized.
The drivers are signed by Univention with a Software Publishers
Certificate obtained from the VeriSign CA.
'';
homepage = "http://wiki.univention.de/index.php?title=Installing-signed-GPLPV-drivers";
maintainers = [ maintainers.tstrobel ];
platforms = platforms.linux;
license = licenses.gpl2;
};
}

78
pkgs/applications/virtualization/driver/win-spice/default.nix Normal file
View file

@ -0,0 +1,78 @@
{ lib, stdenv, fetchurl, p7zip, win-virtio }:
let
version_usbdk = "1.0.22";
src_usbdk_x86 = fetchurl {
url = "https://www.spice-space.org/download/windows/UsbDk/UsbDk_${version_usbdk}_x86.msi";
sha256 = "1vr8kv37wz6p3xhawyhwxv0g7y89igkvx30zwmyvlgnkv3h5i317";
};
src_usbdk_amd64 = fetchurl {
url = "https://www.spice-space.org/download/windows/UsbDk/UsbDk_${version_usbdk}_x64.msi";
sha256 = "19b64jv6pfimd54y0pphbs1xh25z41bbblz64ih6ag71w6azdxli";
};
version_qxlwddm = "0.21";
src_qxlwddm = fetchurl {
url = "https://www.spice-space.org/download/windows/qxl-wddm-dod/qxl-wddm-dod-${version_qxlwddm}/spice-qxl-wddm-dod-${version_qxlwddm}.zip";
sha256 = "0yjq54gxw3lcfghsfs4fzwipa9sgx5b1sn3fss6r5dm7pdvjp20q";
};
version_vdagent = "0.10.0";
src_vdagent_x86 = fetchurl {
url = "https://www.spice-space.org/download/windows/vdagent/vdagent-win-${version_vdagent}/vdagent-win-${version_vdagent}-x86.zip";
sha256 = "142c0lqsqry9dclji2225ppclkn13gbjl1j0pzx8fp6hgy4i02c1";
};
src_vdagent_amd64 = fetchurl {
url = "https://www.spice-space.org/download/windows/vdagent/vdagent-win-${version_vdagent}/vdagent-win-${version_vdagent}-x64.zip";
sha256 = "1x2wcvld531kv17a4ks7sh67nhzxzv7nkhpx391n5vj6d12i8g3i";
};
in
stdenv.mkDerivation {
# use version number of qxlwddm as qxlwddm is the most important component
pname = "win-spice";
version = version_qxlwddm;
dontUnpack = true;
buildPhase = ''
runHook preBuild
mkdir -p usbdk/x86 usbdk/amd64
(cd usbdk/x86; ${p7zip}/bin/7z x -y ${src_usbdk_x86})
(cd usbdk/amd64; ${p7zip}/bin/7z x -y ${src_usbdk_amd64})
mkdir -p vdagent/x86 vdagent/amd64
(cd vdagent/x86; ${p7zip}/bin/7z x -y ${src_vdagent_x86}; mv vdagent-win-${version_vdagent}-x86/* .; rm -r vdagent-win-${version_vdagent}-x86)
(cd vdagent/amd64; ${p7zip}/bin/7z x -y ${src_vdagent_amd64}; mv vdagent-win-${version_vdagent}-x64/* .; rm -r vdagent-win-${version_vdagent}-x64)
mkdir -p qxlwddm
(cd qxlwddm; ${p7zip}/bin/7z x -y ${src_qxlwddm}; cd w10)
runHook postBuild
'';
installPhase =
let
copy_qxl = arch: version: "mkdir -p $out/${arch}/qxl; cp qxlwddm/${version}/${arch}/* $out/${arch}/qxl/. \n";
copy_usbdk = arch: "mkdir -p $out/${arch}/usbdk; cp usbdk/${arch}/* $out/${arch}/usbdk/. \n";
copy_vdagent = arch: "mkdir -p $out/${arch}/vdagent; cp vdagent/${arch}/* $out/${arch}/vdagent/. \n";
# SPICE needs vioserial
# TODO: Link windows version in win-spice (here) to version used in win-virtio.
# That way it would never matter whether vioserial is installed from win-virtio or win-spice.
copy_vioserial = arch: "mkdir -p $out/${arch}/vioserial; cp ${win-virtio}/${arch}/vioserial/* $out/${arch}/vioserial/. \n";
copy = arch: version: (copy_qxl arch version) + (copy_usbdk arch) + (copy_vdagent arch) + (copy_vioserial arch);
in ''
runHook preInstall
${(copy "amd64" "w10") + (copy "x86" "w10")}
runHook postInstall
'';
meta = with lib; {
description = "Windows SPICE Drivers";
homepage = "https://www.spice-space.org/";
license = [ licenses.asl20 ]; # See https://github.com/vrozenfe/qxl-dod
maintainers = [ maintainers.tstrobel ];
platforms = platforms.linux;
};
}

42
pkgs/applications/virtualization/driver/win-virtio/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ lib, stdenv, fetchurl, p7zip }:
stdenv.mkDerivation rec {
pname = "win-virtio";
version = "0.1.196-1";
dontUnpack = true;
src = fetchurl {
url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-${version}/virtio-win.iso";
sha256 = "1zj53xybygps66m3v5kzi61vqy987zp6bfgk0qin9pja68qq75vx";
};
buildPhase = ''
runHook preBuild
${p7zip}/bin/7z x $src
runHook postBuild
'';
installPhase =
let
copy = arch: version: {input, output}: "mkdir -p $out/${arch}/${output}; cp ${input}/${version}/${arch}/* $out/${arch}/${output}/.";
virtio = [{input="Balloon"; output="vioballoon";}
{input="NetKVM"; output="vionet";}
{input="vioscsi"; output="vioscsi";}
{input="vioserial"; output="vioserial";}
{input="viostor"; output="viostor";}
{input="viorng"; output="viorng";}
];
in ''
runHook preInstall
${lib.concatStringsSep "\n" ((map (copy "amd64" "w10") virtio) ++ (map (copy "x86" "w10") virtio))}
runHook postInstall
'';
meta = with lib; {
description = "Windows VirtIO Drivers";
homepage = "https://fedoraproject.org/wiki/Windows_Virtio_Drivers";
license = [ licenses.bsd3 ];
maintainers = [ maintainers.tstrobel ];
platforms = platforms.linux;
};
}

31
pkgs/applications/virtualization/dumb-init/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, stdenv, fetchFromGitHub, glibc }:
stdenv.mkDerivation rec {
pname = "dumb-init";
version = "1.2.5";
src = fetchFromGitHub {
owner = "Yelp";
repo = pname;
rev = "v${version}";
sha256 = "sha256-aRh0xfmp+ToXIYjYaducTpZUHndZ5HlFZpFhzJ3yKgs=";
};
buildInputs = [ glibc.static ];
installPhase = ''
runHook preInstall
install -Dm755 -t $out/bin dumb-init
runHook postInstall
'';
meta = with lib; {
description = "A minimal init system for Linux containers";
homepage = "https://github.com/Yelp/dumb-init";
license = licenses.mit;
maintainers = [ maintainers.marsam ];
platforms = platforms.linux;
};
}

26
pkgs/applications/virtualization/ecs-agent/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, fetchFromGitHub, buildGoPackage }:
buildGoPackage rec {
pname = "amazon-ecs-agent";
version = "1.18.0";
goPackagePath = "github.com/aws/${pname}";
subPackages = [ "agent" ];
src = fetchFromGitHub {
rev = "v${version}";
owner = "aws";
repo = pname;
sha256 = "1l6c2if6wpjmq2hh6k818w38s1rsbwgd6igqy948dwcrb1g1mixr";
};
meta = with lib; {
description = "The agent that runs on AWS EC2 container instances and starts containers on behalf of Amazon ECS";
homepage = "https://github.com/aws/amazon-ecs-agent";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ copumpkin ];
mainProgram = "agent";
};
}

56
pkgs/applications/virtualization/firecracker/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ fetchurl, lib, stdenv }:
let
version = "1.0.0";
suffix = {
x86_64-linux = "x86_64";
aarch64-linux = "aarch64";
}."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download";
dlbin = sha256: fetchurl {
url = "${baseurl}/v${version}/firecracker-v${version}-${suffix}.tgz";
sha256 = sha256."${stdenv.hostPlatform.system}";
};
in
stdenv.mkDerivation {
pname = "firecracker";
inherit version;
sourceRoot = ".";
src = dlbin {
x86_64-linux = "sha256-yeWVsrvH3yYlS2uH/TkSleHjXvIDnHWcZSvLgV+CGF0=";
aarch64-linux = "sha256-9ggRmijwXE9adVFv5XommgvdpeeWnWUFES+Ep2GrBVo=";
};
dontConfigure = true;
buildPhase = ''
mv release-v${version}-${suffix}/firecracker-v${version}-${suffix} firecracker
mv release-v${version}-${suffix}/jailer-v${version}-${suffix} jailer
chmod +x firecracker jailer
'';
doCheck = true;
checkPhase = ''
./firecracker --version
./jailer --version
'';
installPhase = ''
mkdir -p $out/bin
install -D firecracker $out/bin/firecracker
install -D jailer $out/bin/jailer
'';
meta = with lib; {
description = "Secure, fast, minimal micro-container virtualization";
homepage = "http://firecracker-microvm.io";
license = licenses.asl20;
platforms = [ "x86_64-linux" "aarch64-linux" ];
maintainers = with maintainers; [ thoughtpolice endocrimes ];
};
}

27
pkgs/applications/virtualization/firectl/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "firectl";
# The latest upstream 0.1.0 is incompatible with firecracker
# v0.1.0. See issue: https://github.com/firecracker-microvm/firectl/issues/82
version = "unstable-2022-03-01";
src = fetchFromGitHub {
owner = "firecracker-microvm";
repo = pname;
rev = "9f1b639a446e8d75f31787a00b9f273c1e68f12c";
sha256 = "TjzzHY9VYPpWoPt6nHYUerKX94O03sm524wGM9lGzno=";
};
vendorSha256 = "3SVEvvGNx6ienyJZg0EOofHNHCPSpJUGXwHxokdRG1c=";
doCheck = false;
meta = with lib; {
description = "A command-line tool to run Firecracker microVMs";
homepage = "https://github.com/firecracker-microvm/firectl";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ xrelkd ];
};
}

49
pkgs/applications/virtualization/flintlock/default.nix Normal file
View file

@ -0,0 +1,49 @@
{ lib
, cni-plugins
, buildGoModule
, firecracker
, containerd
, runc
, makeWrapper
, fetchFromGitHub
}:
buildGoModule rec{
pname = "flintlock";
version = "0.1.0-alpha.9";
src = fetchFromGitHub {
owner = "weaveworks";
repo = "flintlock";
rev = "v${version}";
sha256 = "sha256-Xw3g2wh0fPUknSuAKoJL3jxVZS50wSPZ9Wz05zkTVXM=";
};
vendorSha256 = "sha256-EjVlM6AD+O/z6+R5TRBmmRWbrP4C+qyvsnEjwOkDkUE=";
subPackages = [ "cmd/flintlock-metrics" "cmd/flintlockd" ];
ldflags = [ "-s" "-w" "-X github.com/weaveworks/flintlock/internal/version.Version=v${version}" ];
nativeBuildInputs = [
makeWrapper
];
buildInputs = [
firecracker
];
postInstall = ''
for prog in flintlockd flintlock-metrics; do
wrapProgram "$out/bin/$prog" --prefix PATH : ${lib.makeBinPath [ cni-plugins firecracker containerd runc ]}
done
'';
meta = with lib; {
description = "Create and manage the lifecycle of MicroVMs backed by containerd";
homepage = "https://github.com/weaveworks/flintlock";
license = licenses.mpl20;
platforms = [ "x86_64-linux" "aarch64-linux" ];
maintainers = with maintainers; [ techknowlogick ];
};
}

35
pkgs/applications/virtualization/gvisor/containerd-shim.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, fetchFromGitHub, buildGoModule }:
buildGoModule rec {
pname = "gvisor-containerd-shim";
version = "unstable-2019-10-09";
src = fetchFromGitHub {
owner = "google";
repo = "gvisor-containerd-shim";
rev = "f299b553afdd8455a0057862004061ea12e660f5";
sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm";
};
vendorSha256 = "11jai5jl024k7wbhz4a3zzdbvl0si07jwgwmyr8bn4i0nqx8ig2k";
buildPhase = ''
make
'';
checkPhase = ''
make test
'';
installPhase = ''
make install DESTDIR="$out"
'';
meta = with lib; {
description = "containerd shim for gVisor";
homepage = "https://github.com/google/gvisor-containerd-shim";
license = licenses.asl20;
maintainers = with maintainers; [ andrew-d ];
platforms = [ "x86_64-linux" ];
};
}

127
pkgs/applications/virtualization/gvisor/default.nix Normal file
View file

@ -0,0 +1,127 @@
{ lib
, buildBazelPackage
, fetchFromGitHub
, callPackage
, bash
, cacert
, git
, glibcLocales
, go
, iproute2
, iptables
, makeWrapper
, procps
, protobuf
, python3
}:
let
preBuild = ''
patchShebangs .
substituteInPlace tools/defs.bzl \
--replace "#!/bin/bash" "#!${bash}/bin/bash"
# Tell rules_go to use the Go binary found in the PATH
sed -E -i \
-e 's|go_version\s*=\s*"[^"]+"|go_version = "host"|g' \
WORKSPACE
# The gazelle Go tooling needs CA certs
export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
# If we don't reset our GOPATH, the rules_go stdlib builder tries to
# install something into it. Ideally that wouldn't happen, but for now we
# can also get around it by unsetting GOPATH entirely, since rules_go
# doesn't need it.
export GOPATH=
'';
# Patch the protoc alias so that it always builds from source.
rulesProto = fetchFromGitHub {
owner = "bazelbuild";
repo = "rules_proto";
rev = "f7a30f6f80006b591fa7c437fe5a951eb10bcbcf";
sha256 = "10bcw0ir0skk7h33lmqm38n9w4nfs24mwajnngkbs6jb5wsvkqv8";
postFetch = ''
sed -i 's|name = "protoc"|name = "_protoc_original"|' $out/proto/private/BUILD.release
cat <<EOF >>$out/proto/private/BUILD.release
alias(name = "protoc", actual = "@com_github_protocolbuffers_protobuf//:protoc", visibility = ["//visibility:public"])
EOF
'';
};
in buildBazelPackage rec {
pname = "gvisor";
version = "20210518.0";
src = fetchFromGitHub {
owner = "google";
repo = "gvisor";
rev = "release-${version}";
sha256 = "15a6mlclnyfc9mx3bjksnnf4vla0xh0rv9kxdp34la4gw3c4hksn";
};
nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ];
bazelTarget = "//runsc:runsc";
bazelFlags = [
"--override_repository=rules_proto=${rulesProto}"
];
# gvisor uses the Starlark implementation of rules_cc, not the built-in one,
# so we shouldn't delete it from our dependencies.
removeRulesCC = false;
fetchAttrs = {
inherit preBuild;
preInstall = ''
# Remove the go_sdk (it's just a copy of the go derivation) and all
# references to it from the marker files. Bazel does not need to download
# this sdk because we have patched the WORKSPACE file to point to the one
# currently present in PATH. Without removing the go_sdk from the marker
# file, the hash of it will change anytime the Go derivation changes and
# that would lead to impurities in the marker files which would result in
# a different sha256 for the fetch phase.
rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker}
# Remove the gazelle tools, they contain go binaries that are built
# non-deterministically. As long as the gazelle version matches the tools
# should be equivalent.
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker}
# Remove the gazelle repository cache
chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker}
# Remove log file(s)
rm -f "$bazelOut"/java.log "$bazelOut"/java.log.*
'';
sha256 = "13pahppm431m198v5bffrzq5iw8m79riplbfqp0afh384ln669hb";
};
buildAttrs = {
inherit preBuild;
installPhase = ''
install -Dm755 bazel-out/*/bin/runsc/runsc_/runsc $out/bin/runsc
# Needed for the 'runsc do' subcomand
wrapProgram $out/bin/runsc \
--prefix PATH : ${lib.makeBinPath [ iproute2 iptables procps ]}
'';
};
meta = with lib; {
description = "Container Runtime Sandbox";
homepage = "https://github.com/google/gvisor";
license = licenses.asl20;
maintainers = with maintainers; [ andrew-d ];
platforms = [ "x86_64-linux" ];
# The version we have right now does not compile with go 1.17
# See https://github.com/NixOS/nixpkgs/pull/174003 if you want to upgrade gvisor
broken = true;
};
}

72
pkgs/applications/virtualization/ignite/default.nix Normal file
View file

@ -0,0 +1,72 @@
{ lib
, cni-plugins
, buildGoModule
, firecracker
, containerd
, runc
, makeWrapper
, fetchFromGitHub
, git
}:
buildGoModule rec{
pname = "ignite";
version = "0.10.0";
src = fetchFromGitHub {
owner = "weaveworks";
repo = "ignite";
rev = "v${version}";
sha256 = "sha256-WCgNh+iLtxLslzcHuIwVLZpUEhvBJFe1Y84PaPtbtcY=";
leaveDotGit = true;
};
vendorSha256 = null;
doCheck = false;
postPatch = ''
# ignite tries to run cni-plugins programs from /opt/cni/bin
substituteInPlace pkg/constants/dependencies.go \
--replace "/opt/cni/bin/loopback" ${cni-plugins}/bin/loopback \
--replace "/opt/cni/bin/bridge" ${cni-plugins}/bin/bridge
# ignite tries to run cni-plugins programs from /opt/cni/bin
substituteInPlace pkg/network/cni/cni.go \
--replace "/opt/cni/bin" ${cni-plugins}/bin
# fetchgit doesn't fetch tags from git repository so it's necessary to force IGNITE_GIT_VERSION to be ${version}
# also forcing git state to be clean because if it's dirty ignite will try to fetch the image weaveworks/ignite:dev
# which is not in docker.io, we want it to fetch the image weaveworks/ignite:v${version}
substituteInPlace hack/ldflags.sh \
--replace '$(git describe --tags --abbrev=14 "''${IGNITE_GIT_COMMIT}^{commit}" 2>/dev/null)' "v${version}" \
--replace 'IGNITE_GIT_TREE_STATE="dirty"' 'IGNITE_GIT_TREE_STATE="clean"'
'';
nativeBuildInputs = [
git
makeWrapper
];
buildInputs = [
firecracker
];
preBuild = ''
patchShebangs ./hack/ldflags.sh
export buildFlagsArray+=("-ldflags=$(./hack/ldflags.sh)")
'';
postInstall = ''
for prog in hack ignite ignited ignite-spawn; do
wrapProgram "$out/bin/$prog" --prefix PATH : ${lib.makeBinPath [ cni-plugins firecracker containerd runc ]}
done
'';
meta = with lib; {
description = "Ignite a Firecracker microVM";
homepage = "https://github.com/weaveworks/ignite";
license = licenses.asl20;
maintainers = with maintainers; [ tfmoraes ];
};
}

32
pkgs/applications/virtualization/imgcrypt/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ buildGoModule, fetchFromGitHub, lib }:
buildGoModule rec {
pname = "imgcrypt";
version = "1.1.4";
src = fetchFromGitHub {
owner = "containerd";
repo = pname;
rev = "v${version}";
sha256 = "sha256-a5IQahhonaXA74gY+zR6BbV9MdyEu70j0E6YlNmN3DA=";
};
ldflags = [
"-X github.com/containerd/containerd/version.Version=${version}"
];
vendorSha256 = null;
subPackages = [ "cmd/ctd-decoder" "cmd/ctr" ];
postFixup = ''
mv $out/bin/ctr $out/bin/ctr-enc
'';
meta = with lib; {
description = "Image encryption library and command line tool";
homepage = "https://github.com/containerd/imgcrypt";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ mikroskeem ];
};
}

23
pkgs/applications/virtualization/kvmtool/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ stdenv, fetchgit, lib }:
stdenv.mkDerivation {
pname = "kvmtool";
version = "unstable-2022-04-04";
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git";
rev = "5657dd3e48b41bc6db38fa657994bc0e030fd31f";
sha256 = "1y1j44lk9957f2dmyrscbxl4zncp4ibvvcdj6bwylb8jsvmd5fs2";
};
enableParallelBuilding = true;
makeFlags = [ "prefix=${placeholder "out"}" ];
meta = with lib; {
description = "A lightweight tool for hosting KVM guests";
homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/tree/README";
license = licenses.gpl2Only;
maintainers = with maintainers; [ astro ];
platforms = [ "x86_64-linux" ];
};
}

53
pkgs/applications/virtualization/libgovirt/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ lib
, stdenv
, fetchurl
, glib
, gnome
, librest
, libsoup
, pkg-config
, gobject-introspection
}:
stdenv.mkDerivation rec {
pname = "libgovirt";
version = "0.3.8";
outputs = [ "out" "dev" ];
src = fetchurl {
url = "mirror://gnome/sources/libgovirt/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "HckYYikXa9+p8l/Y+oLAoFi2pgwcyAfHUH7IqTwPHfg=";
};
nativeBuildInputs = [
pkg-config
gobject-introspection
];
buildInputs = [
libsoup
];
propagatedBuildInputs = [
glib
librest
];
enableParallelBuilding = true;
passthru = {
updateScript = gnome.updateScript {
packageName = pname;
versionPolicy = "none";
};
};
meta = with lib; {
homepage = "https://gitlab.gnome.org/GNOME/libgovirt";
description = "GObject wrapper for the oVirt REST API";
maintainers = [ maintainers.amarshall ];
platforms = platforms.linux;
license = licenses.lgpl21Plus;
};
}

21
pkgs/applications/virtualization/libnvidia-container/avoid-static-libtirpc-build.patch Normal file
View file

@ -0,0 +1,21 @@
diff --git a/Makefile b/Makefile
index 0070ada..802cef0 100644
--- a/Makefile
+++ b/Makefile
@@ -202,7 +202,7 @@ $(BIN_NAME): $(BIN_OBJS)
##### Public rules #####
all: CPPFLAGS += -DNDEBUG
-all: shared static tools
+all: shared tools
# Run with ASAN_OPTIONS="protect_shadow_gap=0" to avoid CUDA OOM errors
debug: CFLAGS += -pedantic -fsanitize=undefined -fno-omit-frame-pointer -fno-common -fsanitize=address
@@ -232,7 +232,6 @@ install: all
# Install header files
$(INSTALL) -m 644 $(LIB_INCS) $(DESTDIR)$(includedir)
# Install library files
- $(INSTALL) -m 644 $(LIB_STATIC) $(DESTDIR)$(libdir)
$(INSTALL) -m 755 $(LIB_SHARED) $(DESTDIR)$(libdir)
$(LN) -sf $(LIB_SONAME) $(DESTDIR)$(libdir)/$(LIB_SYMLINK)
$(LDCONFIG) -n $(DESTDIR)$(libdir)

118
pkgs/applications/virtualization/libnvidia-container/default.nix Normal file
View file

@ -0,0 +1,118 @@
{ stdenv
, lib
, addOpenGLRunpath
, fetchFromGitHub
, pkg-config
, libelf
, libcap
, libseccomp
, rpcsvc-proto
, libtirpc
, makeWrapper
, substituteAll
, go
}:
let
modprobeVersion = "495.44";
nvidia-modprobe = fetchFromGitHub {
owner = "NVIDIA";
repo = "nvidia-modprobe";
rev = modprobeVersion;
sha256 = "sha256-Y3ZOfge/EcmhqI19yWO7UfPqkvY1CHHvFC5l9vYyGuU=";
};
modprobePatch = substituteAll {
src = ./modprobe.patch;
inherit modprobeVersion;
};
in
stdenv.mkDerivation rec {
pname = "libnvidia-container";
version = "1.9.0";
src = fetchFromGitHub {
owner = "NVIDIA";
repo = pname;
rev = "v${version}";
sha256 = "sha256-7OTawWwjeKU8wIa8I/+aSvAJli4kEua94nJSNyCajpE=";
};
patches = [
# locations of nvidia-driver libraries are not resolved via ldconfig which
# doesn't get used on NixOS. Additional support binaries like nvidia-smi
# are not resolved via the environment PATH but via the derivation output
# path.
./libnvc-ldconfig-and-path-fixes.patch
# fix bogus struct declaration
./inline-c-struct.patch
];
postPatch = ''
sed -i \
-e 's/^REVISION ?=.*/REVISION = ${src.rev}/' \
-e 's/^COMPILER :=.*/COMPILER = $(CC)/' \
mk/common.mk
mkdir -p deps/src/nvidia-modprobe-${modprobeVersion}
cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modprobeVersion}
chmod -R u+w deps/src
pushd deps/src
patch -p0 < ${modprobePatch}
touch nvidia-modprobe-${modprobeVersion}/.download_stamp
popd
# 1. replace DESTDIR=$(DEPS_DIR) with empty strings to prevent copying
# things into deps/src/nix/store
# 2. similarly, remove any paths prefixed with DEPS_DIR
# 3. prevent building static libraries because we don't build static
# libtirpc (for now)
# 4. prevent installation of static libraries because of step 3
# 5. prevent installation of libnvidia-container-go.so twice
sed -i Makefile \
-e 's#DESTDIR=\$(DEPS_DIR)#DESTDIR=""#g' \
-e 's#\$(DEPS_DIR)\$#\$#g' \
-e 's#all: shared static tools#all: shared tools#g' \
-e '/$(INSTALL) -m 644 $(LIB_STATIC) $(DESTDIR)$(libdir)/d' \
-e '/$(INSTALL) -m 755 $(libdir)\/$(LIBGO_SHARED) $(DESTDIR)$(libdir)/d'
'';
enableParallelBuilding = true;
preBuild = ''
HOME="$(mktemp -d)"
'';
NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ];
NIX_LDFLAGS = [ "-L${libtirpc.dev}/lib" "-ltirpc" ];
nativeBuildInputs = [ pkg-config go rpcsvc-proto makeWrapper ];
buildInputs = [ libelf libcap libseccomp libtirpc ];
makeFlags = [
"WITH_LIBELF=yes"
"prefix=$(out)"
# we can't use the WITH_TIRPC=yes flag that exists in the Makefile for the
# same reason we patch out the static library use of libtirpc so we set the
# define in CFLAGS
"CFLAGS=-DWITH_TIRPC"
];
postInstall =
let
inherit (addOpenGLRunpath) driverLink;
libraryPath = lib.makeLibraryPath [ "$out" driverLink "${driverLink}-32" ];
in
''
wrapProgram $out/bin/nvidia-container-cli --prefix LD_LIBRARY_PATH : ${libraryPath}
'';
meta = with lib; {
homepage = "https://github.com/NVIDIA/libnvidia-container";
description = "NVIDIA container runtime library";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ cpcloud ];
};
}

14
pkgs/applications/virtualization/libnvidia-container/inline-c-struct.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/src/nvcgo.c b/src/nvcgo.c
index 98789a3..47ad02b 100644
--- a/src/nvcgo.c
+++ b/src/nvcgo.c
@@ -33,7 +33,8 @@
void nvcgo_program_1(struct svc_req *, register SVCXPRT *);
static struct nvcgo_ext {
- struct nvcgo;
+ struct rpc rpc;
+ struct libnvcgo api;
bool initialized;
void *dl_handle;
} global_nvcgo_context;

130
pkgs/applications/virtualization/libnvidia-container/libnvc-ldconfig-and-path-fixes.patch Normal file
View file

@ -0,0 +1,130 @@
diff --git a/src/ldcache.c b/src/ldcache.c
index 38bab05..e1abc89 100644
--- a/src/ldcache.c
+++ b/src/ldcache.c
@@ -108,40 +108,27 @@ ldcache_close(struct ldcache *ctx)
int
ldcache_resolve(struct ldcache *ctx, uint32_t arch, const char *root, const char * const libs[],
- char *paths[], size_t size, ldcache_select_fn select, void *select_ctx)
+ char *paths[], size_t size, const char* version)
{
char path[PATH_MAX];
- struct header_libc6 *h;
- int override;
+ char dir[PATH_MAX];
+ char lib[PATH_MAX];
- h = (struct header_libc6 *)ctx->ptr;
memset(paths, 0, size * sizeof(*paths));
- for (uint32_t i = 0; i < h->nlibs; ++i) {
- int32_t flags = h->libs[i].flags;
- char *key = (char *)ctx->ptr + h->libs[i].key;
- char *value = (char *)ctx->ptr + h->libs[i].value;
-
- if (!(flags & LD_ELF) || (flags & LD_ARCH_MASK) != arch)
+ for (size_t j = 0; j < size; ++j) {
+ snprintf(dir, 100, "/run/opengl-driver%s/lib",
+ arch == LD_I386_LIB32 ? "-32" : "");
+ if (!strncmp(libs[j], "libvdpau_nvidia.so", 100))
+ strcat(dir, "/vdpau");
+ snprintf(lib, 100, "%s/%s.%s", dir, libs[j], version);
+ if (path_resolve_full(ctx->err, path, "/", lib) < 0)
+ return (-1);
+ if (!file_exists(ctx->err, path))
continue;
-
- for (size_t j = 0; j < size; ++j) {
- if (!str_has_prefix(key, libs[j]))
- continue;
- if (path_resolve(ctx->err, path, root, value) < 0)
- return (-1);
- if (paths[j] != NULL && str_equal(paths[j], path))
- continue;
- if ((override = select(ctx->err, select_ctx, root, paths[j], path)) < 0)
- return (-1);
- if (override) {
- free(paths[j]);
- paths[j] = xstrdup(ctx->err, path);
- if (paths[j] == NULL)
- return (-1);
- }
- break;
- }
+ paths[j] = xstrdup(ctx->err, path);
+ if (paths[j] == NULL)
+ return (-1);
}
return (0);
}
diff --git a/src/ldcache.h b/src/ldcache.h
index 33d78dd..2b087db 100644
--- a/src/ldcache.h
+++ b/src/ldcache.h
@@ -50,6 +50,6 @@ void ldcache_init(struct ldcache *, struct error *, const char *);
int ldcache_open(struct ldcache *);
int ldcache_close(struct ldcache *);
int ldcache_resolve(struct ldcache *, uint32_t, const char *, const char * const [],
- char *[], size_t, ldcache_select_fn, void *);
+ char *[], size_t, const char*);
#endif /* HEADER_LDCACHE_H */
diff --git a/src/nvc_info.c b/src/nvc_info.c
index 30e3cfd..6d12a50 100644
--- a/src/nvc_info.c
+++ b/src/nvc_info.c
@@ -167,15 +167,13 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char *
if (path_resolve_full(err, path, root, ldcache) < 0)
return (-1);
ldcache_init(&ld, err, path);
- if (ldcache_open(&ld) < 0)
- return (-1);
info->nlibs = size;
info->libs = array_new(err, size);
if (info->libs == NULL)
goto fail;
if (ldcache_resolve(&ld, LIB_ARCH, root, libs,
- info->libs, info->nlibs, select_libraries_fn, info) < 0)
+ info->libs, info->nlibs, info->nvrm_version) < 0)
goto fail;
info->nlibs32 = size;
@@ -183,13 +181,11 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char *
if (info->libs32 == NULL)
goto fail;
if (ldcache_resolve(&ld, LIB32_ARCH, root, libs,
- info->libs32, info->nlibs32, select_libraries_fn, info) < 0)
+ info->libs32, info->nlibs32, info->nvrm_version) < 0)
goto fail;
rv = 0;
fail:
- if (ldcache_close(&ld) < 0)
- return (-1);
return (rv);
}
@@ -203,7 +199,7 @@ find_binary_paths(struct error *err, struct nvc_driver_info *info, const char *r
char path[PATH_MAX];
int rv = -1;
- if ((env = secure_getenv("PATH")) == NULL) {
+ if ((env = "/run/nvidia-docker/bin:/run/nvidia-docker/extras/bin") == NULL) {
error_setx(err, "environment variable PATH not found");
return (-1);
}
diff --git a/src/nvc_ldcache.c b/src/nvc_ldcache.c
index 6ff380f..cbe6a69 100644
--- a/src/nvc_ldcache.c
+++ b/src/nvc_ldcache.c
@@ -340,7 +340,7 @@ nvc_ldcache_update(struct nvc_context *ctx, const struct nvc_container *cnt)
if (validate_args(ctx, cnt != NULL) < 0)
return (-1);
- argv = (char * []){cnt->cfg.ldconfig, cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL};
+ argv = (char * []){cnt->cfg.ldconfig, "-f", "/tmp/ld.so.conf.nvidia-host", "-C", "/tmp/ld.so.cache.nvidia-host", cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL};
if (*argv[0] == '@') {
/*
* We treat this path specially to be relative to the host filesystem.

29
pkgs/applications/virtualization/libnvidia-container/modprobe.patch Normal file
View file

@ -0,0 +1,29 @@
diff -ruN nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c
--- nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c 2020-07-09 17:06:05.000000000 +0000
+++ nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.c 2020-08-18 12:43:03.223871514 +0000
@@ -840,10 +840,10 @@
return mknod_helper(major, minor_num, vgpu_dev_name, NV_PROC_REGISTRY_PATH);
}
-static int nvidia_cap_get_device_file_attrs(const char* cap_file_path,
- int *major,
- int *minor,
- char *name)
+int nvidia_cap_get_device_file_attrs(const char* cap_file_path,
+ int *major,
+ int *minor,
+ char *name)
{
char field[32];
FILE *fp;
diff -ruN nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h
--- nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h 2020-07-09 17:06:05.000000000 +0000
+++ nvidia-modprobe-@modprobeVersion@/modprobe-utils/nvidia-modprobe-utils.h 2020-08-18 12:43:44.227745050 +0000
@@ -81,6 +81,7 @@
int nvidia_nvswitch_get_file_state(int minor);
int nvidia_cap_mknod(const char* cap_file_path, int *minor);
int nvidia_cap_get_file_state(const char* cap_file_path);
+int nvidia_cap_get_device_file_attrs(const char* cap_file_path, int *major, int *minor, char *name);
int nvidia_get_chardev_major(const char *name);
#endif /* NV_LINUX */

59
pkgs/applications/virtualization/lima/default.nix Normal file
View file

@ -0,0 +1,59 @@
{ lib
, buildGoModule
, fetchFromGitHub
, installShellFiles
, qemu
, makeWrapper
}:
buildGoModule rec {
pname = "lima";
version = "0.11.0";
src = fetchFromGitHub {
owner = "lima-vm";
repo = pname;
rev = "v${version}";
sha256 = "sha256-OqsLHxY7dZKN/zazeDASBt5UsQGieU5laIUeshtS55w=";
};
vendorSha256 = "sha256-0Z+SAEHFJio+N7ATiviBkLPn6cNFlhE3Dsj8CxVtf7c=";
nativeBuildInputs = [ makeWrapper installShellFiles ];
# clean fails with read only vendor dir
postPatch = ''
substituteInPlace Makefile --replace 'binaries: clean' 'binaries:'
'';
buildPhase = ''
runHook preBuild
make "VERSION=v${version}" binaries
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r _output/* $out
wrapProgram $out/bin/limactl \
--prefix PATH : ${lib.makeBinPath [ qemu ]}
installShellCompletion --cmd limactl \
--bash <($out/bin/limactl completion bash) \
--fish <($out/bin/limactl completion fish) \
--zsh <($out/bin/limactl completion zsh)
runHook postInstall
'';
doInstallCheck = true;
installCheckPhase = ''
USER=nix $out/bin/limactl validate examples/default.yaml
'';
meta = with lib; {
homepage = "https://github.com/lima-vm/lima";
description = "Linux virtual machines (on macOS, in most cases)";
license = licenses.asl20;
maintainers = with maintainers; [ anhduy ];
};
}

68
pkgs/applications/virtualization/lkl/default.nix Normal file
View file

@ -0,0 +1,68 @@
{ lib, stdenv, fetchFromGitHub, bc, python3, bison, flex, fuse, libarchive
, buildPackages }:
stdenv.mkDerivation rec {
pname = "lkl";
version = "2019-10-04";
rev = "06ca3ddb74dc5b84fa54fa1746737f2df502e047";
outputs = [ "dev" "lib" "out" ];
nativeBuildInputs = [ bc bison flex python3 ];
buildInputs = [ fuse libarchive ];
src = fetchFromGitHub {
inherit rev;
owner = "lkl";
repo = "linux";
sha256 = "0qjp0r338bwgrqdsvy5mkdh7ryas23m47yvxfwdknfyl0k3ylq62";
};
# Fix a /usr/bin/env reference in here that breaks sandboxed builds
prePatch = "patchShebangs arch/lkl/scripts";
# Fixup build with newer Linux headers: https://github.com/lkl/linux/pull/484
postPatch = "sed '1i#include <linux/sockios.h>' -i tools/lkl/lib/hijack/xlate.c";
installPhase = ''
mkdir -p $out/bin $lib/lib $dev
cp tools/lkl/bin/lkl-hijack.sh $out/bin
sed -i $out/bin/lkl-hijack.sh \
-e "s,LD_LIBRARY_PATH=.*,LD_LIBRARY_PATH=$lib/lib,"
cp tools/lkl/{cptofs,fs2tar,lklfuse} $out/bin
ln -s cptofs $out/bin/cpfromfs
cp -r tools/lkl/include $dev/
cp tools/lkl/liblkl.a \
tools/lkl/lib/liblkl.so \
tools/lkl/lib/hijack/liblkl-hijack.so $lib/lib
'';
# We turn off format and fortify because of these errors (fortify implies -O2, which breaks the jitter entropy code):
# fs/xfs/xfs_log_recover.c:2575:3: error: format not a string literal and no format arguments [-Werror=format-security]
# crypto/jitterentropy.c:54:3: error: #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c."
hardeningDisable = [ "format" "fortify" ];
makeFlags = [
"-C tools/lkl"
"CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc"
"HOSTCC=${buildPackages.stdenv.cc}/bin/${buildPackages.stdenv.cc.targetPrefix}cc"
"CROSS_COMPILE=${stdenv.cc.targetPrefix}"
];
enableParallelBuilding = true;
meta = with lib; {
description = "The Linux kernel as a library";
longDescription = ''
LKL (Linux Kernel Library) aims to allow reusing the Linux kernel code as
extensively as possible with minimal effort and reduced maintenance
overhead
'';
homepage = "https://github.com/lkl/linux/";
platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux" ]; # Darwin probably works too but I haven't tested it
license = licenses.gpl2;
maintainers = with maintainers; [ copumpkin ];
};
}

79
pkgs/applications/virtualization/looking-glass-client/default.nix Normal file
View file

@ -0,0 +1,79 @@
{ stdenv, lib, fetchFromGitHub, makeDesktopItem, cmake, pkg-config
, freefont_ttf, spice-protocol, nettle, libbfd, fontconfig, libffi, expat
, libxkbcommon, libGL, libXext, libXrandr, libXi, libXScrnSaver, libXinerama
, libXcursor, libXpresent, wayland, wayland-protocols
}:
let
desktopItem = makeDesktopItem {
name = "looking-glass-client";
desktopName = "Looking Glass Client";
type = "Application";
exec = "looking-glass-client";
icon = "lg-logo";
terminal = true;
};
in
stdenv.mkDerivation rec {
pname = "looking-glass-client";
version = "B5.0.1";
src = fetchFromGitHub {
owner = "gnif";
repo = "LookingGlass";
rev = version;
sha256 = "sha256-UzZQU5SzJ2mo9QBweQB0VJSnKfzgTG5QaKpIQN/6LCE=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [
libGL
freefont_ttf
spice-protocol
expat
libbfd
nettle
fontconfig
libffi
libxkbcommon
libXi
libXScrnSaver
libXinerama
libXcursor
libXpresent
libXext
libXrandr
wayland
wayland-protocols
];
cmakeFlags = [ "-DOPTIMIZE_FOR_NATIVE=OFF" ];
postUnpack = ''
echo ${src.rev} > source/VERSION
export sourceRoot="source/client"
'';
postInstall = ''
mkdir -p $out/share/pixmaps
ln -s ${desktopItem}/share/applications $out/share/
cp $src/resources/lg-logo.png $out/share/pixmaps
'';
meta = with lib; {
description = "A KVM Frame Relay (KVMFR) implementation";
longDescription = ''
Looking Glass is an open source application that allows the use of a KVM
(Kernel-based Virtual Machine) configured for VGA PCI Pass-through
without an attached physical monitor, keyboard or mouse. This is the final
step required to move away from dual booting with other operating systems
for legacy programs that require high performance graphics.
'';
homepage = "https://looking-glass.io/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ alexbakker babbaj ];
platforms = [ "x86_64-linux" ];
};
}

71
pkgs/applications/virtualization/nvidia-container-runtime/default.nix Normal file
View file

@ -0,0 +1,71 @@
{ lib
, glibc
, fetchFromGitHub
, makeWrapper
, buildGoPackage
, linkFarm
, writeShellScript
, containerRuntimePath
, configTemplate
}:
let
isolatedContainerRuntimePath = linkFarm "isolated_container_runtime_path" [
{
name = "runc";
path = containerRuntimePath;
}
];
warnIfXdgConfigHomeIsSet = writeShellScript "warn_if_xdg_config_home_is_set" ''
set -eo pipefail
if [ -n "$XDG_CONFIG_HOME" ]; then
echo >&2 "$(tput setaf 3)warning: \$XDG_CONFIG_HOME=$XDG_CONFIG_HOME$(tput sgr 0)"
fi
'';
in
buildGoPackage rec {
pname = "nvidia-container-runtime";
version = "3.5.0";
src = fetchFromGitHub {
owner = "NVIDIA";
repo = pname;
rev = "v${version}";
sha256 = "sha256-+LZjsN/tKqsPJamoI8xo9LFv14c3e9vVlSP4NJhElcs=";
};
goPackagePath = "github.com/nvidia/nvidia-container-runtime";
ldflags = [ "-s" "-w" ];
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
mkdir -p $out/etc/nvidia-container-runtime
# nvidia-container-runtime invokes docker-runc or runc if that isn't
# available on PATH.
#
# Also set XDG_CONFIG_HOME if it isn't already to allow overriding
# configuration. This in turn allows users to have the nvidia container
# runtime enabled for any number of higher level runtimes like docker and
# podman, i.e., there's no need to have mutually exclusivity on what high
# level runtime can enable the nvidia runtime because each high level
# runtime has its own config.toml file.
wrapProgram $out/bin/nvidia-container-runtime \
--run "${warnIfXdgConfigHomeIsSet}" \
--prefix PATH : ${isolatedContainerRuntimePath} \
--set-default XDG_CONFIG_HOME $out/etc
cp ${configTemplate} $out/etc/nvidia-container-runtime/config.toml
substituteInPlace $out/etc/nvidia-container-runtime/config.toml \
--subst-var-by glibcbin ${lib.getBin glibc}
'';
meta = with lib; {
homepage = "https://github.com/NVIDIA/nvidia-container-runtime";
description = "NVIDIA container runtime";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ cpcloud ];
};
}

37
pkgs/applications/virtualization/nvidia-container-toolkit/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib
, fetchFromGitHub
, buildGoModule
, makeWrapper
, nvidia-container-runtime
}:
buildGoModule rec {
pname = "nvidia-container-toolkit";
version = "1.5.0";
src = fetchFromGitHub {
owner = "NVIDIA";
repo = pname;
rev = "v${version}";
sha256 = "sha256-YvwqnwYOrlSE6PmNNZ5xjEaEcXdHKcakIwua+tOvIJ0=";
};
vendorSha256 = "17zpiyvf22skfcisflsp6pn56y6a793jcx89kw976fq2x5br1bz7";
ldflags = [ "-s" "-w" ];
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
mv $out/bin/{pkg,${pname}}
ln -s $out/bin/nvidia-container-{toolkit,runtime-hook}
wrapProgram $out/bin/nvidia-container-toolkit \
--add-flags "-config ${nvidia-container-runtime}/etc/nvidia-container-runtime/config.toml"
'';
meta = with lib; {
homepage = "https://github.com/NVIDIA/nvidia-container-toolkit";
description = "NVIDIA container runtime hook";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ cpcloud ];
};
}

13
pkgs/applications/virtualization/nvidia-docker/config.toml Normal file
View file

@ -0,0 +1,13 @@
disable-require = false
#swarm-resource = "DOCKER_RESOURCE_GPU"
[nvidia-container-cli]
#root = "/run/nvidia/driver"
#path = "/usr/bin/nvidia-container-cli"
environment = []
#debug = "/var/log/nvidia-container-runtime-hook.log"
ldcache = "/tmp/ld.so.cache"
load-kmods = true
#no-cgroups = false
#user = "root:video"
ldconfig = "@@glibcbin@/bin/ldconfig"

32
pkgs/applications/virtualization/nvidia-docker/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ stdenv, lib, fetchFromGitHub, callPackage }:
stdenv.mkDerivation rec {
pname = "nvidia-docker";
version = "2.5.0";
src = fetchFromGitHub {
owner = "NVIDIA";
repo = pname;
rev = "v${version}";
sha256 = "1n1k7fnimky67s12p2ycaq9mgk245fchq62vgd7bl3bzfcbg0z4h";
};
buildPhase = ''
mkdir bin
cp nvidia-docker bin
substituteInPlace bin/nvidia-docker --subst-var-by VERSION ${version}
'';
installPhase = ''
mkdir -p $out/bin
cp bin/nvidia-docker $out/bin
'';
meta = with lib; {
homepage = "https://github.com/NVIDIA/nvidia-docker";
description = "NVIDIA container runtime for Docker";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ cpcloud ];
};
}

13
pkgs/applications/virtualization/nvidia-podman/config.toml Normal file
View file

@ -0,0 +1,13 @@
disable-require = true
#swarm-resource = "DOCKER_RESOURCE_GPU"
[nvidia-container-cli]
#root = "/run/nvidia/driver"
#path = "/usr/bin/nvidia-container-cli"
environment = []
#debug = "/var/log/nvidia-container-runtime-hook.log"
ldcache = "/tmp/ld.so.cache"
load-kmods = true
no-cgroups = true
#user = "root:video"
ldconfig = "@@glibcbin@/bin/ldconfig"

78
pkgs/applications/virtualization/open-vm-tools/default.nix Normal file
View file

@ -0,0 +1,78 @@
{ stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook
, bash, fuse3, libmspack, openssl, pam, xercesc, icu, libdnet, procps, libtirpc, rpcsvc-proto
, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst
, pkg-config, glib, gdk-pixbuf-xlib, gtk3, gtkmm3, iproute2, dbus, systemd, which
, libdrm, udev
, withX ? true
}:
stdenv.mkDerivation rec {
pname = "open-vm-tools";
version = "12.0.5";
src = fetchFromGitHub {
owner = "vmware";
repo = "open-vm-tools";
rev = "stable-${version}";
sha256 = "sha256-rjYYRh4ZWAd9iELW2/4PZvMOfQfgwtGcrI2icaed2Eg=";
};
sourceRoot = "${src.name}/open-vm-tools";
outputs = [ "out" "dev" ];
nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ];
buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc openssl pam procps rpcsvc-proto udev xercesc ]
++ lib.optionals withX [ gdk-pixbuf-xlib gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ];
postPatch = ''
sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' Makefile.am
sed -i 's,^confdir = ,confdir = ''${prefix},' scripts/Makefile.am
sed -i 's,usr/bin,''${prefix}/usr/bin,' scripts/Makefile.am
sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' services/vmtoolsd/Makefile.am
sed -i 's,$(PAM_PREFIX),''${prefix}/$(PAM_PREFIX),' services/vmtoolsd/Makefile.am
# Avoid a glibc >= 2.25 deprecation warning that gets fatal via -Werror.
sed 1i'#include <sys/sysmacros.h>' -i lib/wiper/wiperPosix.c
# Make reboot work, shutdown is not in /sbin on NixOS
sed -i 's,/sbin/shutdown,shutdown,' lib/system/systemLinux.c
'';
configureFlags = [
"--without-kernel-modules"
"--without-xmlsecurity"
"--with-udev-rules-dir=${placeholder "out"}/lib/udev/rules.d"
"--with-fuse=fuse3"
] ++ lib.optional (!withX) "--without-x";
enableParallelBuilding = true;
NIX_CFLAGS_COMPILE = builtins.toString [
# fix build with gcc9
"-Wno-error=address-of-packed-member"
"-Wno-error=format-overflow"
];
preConfigure = ''
mkdir -p ${placeholder "out"}/lib/udev/rules.d
'';
postInstall = ''
wrapProgram "$out/etc/vmware-tools/scripts/vmware/network" \
--prefix PATH ':' "${lib.makeBinPath [ iproute2 dbus systemd which ]}"
substituteInPlace "$out/lib/udev/rules.d/99-vmware-scsi-udev.rules" --replace "/bin/sh" "${bash}/bin/sh"
'';
meta = with lib; {
homepage = "https://github.com/vmware/open-vm-tools";
description = "Set of tools for VMWare guests to improve host-guest interaction";
longDescription = ''
A set of services and modules that enable several features in VMware products for
better management of, and seamless user interactions with, guests.
'';
license = licenses.gpl2;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ joamaki ];
};
}

23
pkgs/applications/virtualization/podman-compose/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ lib, buildPythonApplication, fetchFromGitHub, python-dotenv, pyyaml }:
buildPythonApplication rec {
version = "1.0.3";
pname = "podman-compose";
src = fetchFromGitHub {
repo = "podman-compose";
owner = "containers";
rev = "v${version}";
sha256 = "sha256-Si/O4dx9bqqRp/hTv3WbTXj46OM+PpyPBnQQWUqcZfs=";
};
propagatedBuildInputs = [ pyyaml python-dotenv ];
meta = {
description = "An implementation of docker-compose with podman backend";
homepage = "https://github.com/containers/podman-compose";
license = lib.licenses.gpl2Only;
platforms = lib.platforms.unix;
maintainers = [ lib.maintainers.sikmir ] ++ lib.teams.podman.members;
};
}

45
pkgs/applications/virtualization/podman-tui/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib
, stdenv
, pkg-config
, fetchFromGitHub
, buildGoModule
, btrfs-progs
, gpgme
, libassuan
, lvm2
, testers
, podman-tui
}:
buildGoModule rec {
pname = "podman-tui";
version = "0.4.0";
src = fetchFromGitHub {
owner = "containers";
repo = "podman-tui";
rev = "v${version}";
sha256 = "sha256-2WugN5JdTkz3OOt3ggzT7HwMXy1jxn85RwF7409D8m8=";
};
vendorSha256 = null;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ gpgme libassuan ]
++ lib.optionals stdenv.isLinux [ btrfs-progs lvm2 ];
ldflags = [ "-s" "-w" ];
passthru.tests.version = testers.testVersion {
package = podman-tui;
command = "podman-tui version";
version = "v${version}";
};
meta = with lib; {
homepage = "https://github.com/containers/podman-tui";
description = "Podman Terminal UI";
license = licenses.asl20;
maintainers = with maintainers; [ aaronjheng ];
};
}

104
pkgs/applications/virtualization/podman/default.nix Normal file
View file

@ -0,0 +1,104 @@
{ lib
, stdenv
, fetchFromGitHub
, pkg-config
, installShellFiles
, buildGoModule
, gpgme
, lvm2
, btrfs-progs
, libapparmor
, libseccomp
, libselinux
, systemd
, go-md2man
, nixosTests
}:
buildGoModule rec {
pname = "podman";
version = "4.1.0";
src = fetchFromGitHub {
owner = "containers";
repo = "podman";
rev = "v${version}";
sha256 = "sha256-3MR4ZhkhMLAK3KHu7JEV9z1/wlyCkxfx1i267TGxwt8=";
};
vendorSha256 = null;
doCheck = false;
outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ];
nativeBuildInputs = [ pkg-config go-md2man installShellFiles ];
buildInputs = lib.optionals stdenv.isLinux [
btrfs-progs
gpgme
libapparmor
libseccomp
libselinux
lvm2
systemd
];
buildPhase = ''
runHook preBuild
patchShebangs .
${if stdenv.isDarwin then ''
make podman-remote # podman-mac-helper uses FHS paths
'' else ''
make bin/podman bin/rootlessport
''}
make docs
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper
${if stdenv.isDarwin then ''
mv bin/{darwin/podman,podman}
'' else ''
install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
for s in contrib/systemd/**/*.in; do
substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary
done
PREFIX=$out make install.systemd
install -Dm555 bin/rootlessport -t $rootlessport/bin
''}
install -Dm555 bin/podman -t $out/bin
PREFIX=$out make install.completions
MANDIR=$man/share/man make install.man
runHook postInstall
'';
postFixup = lib.optionalString stdenv.isLinux ''
RPATH=$(patchelf --print-rpath $out/bin/podman)
patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
'';
passthru.tests = {
inherit (nixosTests) podman;
# related modules
inherit (nixosTests)
podman-tls-ghostunnel
podman-dnsname
;
oci-containers-podman = nixosTests.oci-containers.podman;
};
meta = with lib; {
homepage = "https://podman.io/";
description = "A program for managing pods, containers and container images";
changelog = "https://github.com/containers/podman/blob/v${version}/RELEASE_NOTES.md";
license = licenses.asl20;
maintainers = with maintainers; [ marsam ] ++ teams.podman.members;
# requires >= 10.13 SDK https://github.com/NixOS/nixpkgs/issues/101229
# Undefined symbols for architecture x86_64: "_utimensat"
broken = stdenv.isDarwin && stdenv.isx86_64;
};
}

80
pkgs/applications/virtualization/podman/wrapper.nix Normal file
View file

@ -0,0 +1,80 @@
{ podman-unwrapped
, runCommand
, makeWrapper
, symlinkJoin
, lib
, stdenv
, extraPackages ? []
, podman # Docker compat
, runc # Default container runtime
, crun # Container runtime (default with cgroups v2 for podman/buildah)
, conmon # Container runtime monitor
, slirp4netns # User-mode networking for unprivileged namespaces
, fuse-overlayfs # CoW for images, much faster than default vfs
, util-linux # nsenter
, cni-plugins # not added to path
, iptables
, iproute2
, catatonit
, gvproxy
}:
# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
# adding aardvark-dns/netavark to `helpersBin` requires changes to the modules and tests
let
podman = podman-unwrapped;
binPath = lib.makeBinPath ([
] ++ lib.optionals stdenv.isLinux [
runc
crun
conmon
slirp4netns
fuse-overlayfs
util-linux
iptables
iproute2
] ++ extraPackages);
helpersBin = symlinkJoin {
name = "${podman.pname}-helper-binary-wrapper-${podman.version}";
# this only works for some binaries, others may need to be be added to `binPath` or in the modules
paths = [
gvproxy
] ++ lib.optionals stdenv.isLinux [
catatonit # added here for the pause image and also set in `containersConf` for `init_path`
podman.rootlessport
];
};
in runCommand podman.name {
name = "${podman.pname}-wrapper-${podman.version}";
inherit (podman) pname version passthru;
preferLocalBuild = true;
meta = builtins.removeAttrs podman.meta [ "outputsToInstall" ];
outputs = [
"out"
"man"
];
nativeBuildInputs = [
makeWrapper
];
} ''
ln -s ${podman.man} $man
mkdir -p $out/bin
ln -s ${podman-unwrapped}/etc $out/etc
ln -s ${podman-unwrapped}/lib $out/lib
ln -s ${podman-unwrapped}/share $out/share
makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
--set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
--prefix PATH : ${lib.escapeShellArg binPath}
''

32
pkgs/applications/virtualization/qboot/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, stdenv, meson, ninja, fetchFromGitHub, nixosTests }:
stdenv.mkDerivation {
pname = "qboot";
version = "unstable-2020-04-23";
src = fetchFromGitHub {
owner = "bonzini";
repo = "qboot";
rev = "de50b5931c08f5fba7039ddccfb249a5b3b0b18d";
sha256 = "1d0h29zz535m0pq18k3aya93q7lqm2858mlcp8mlfkbq54n8c5d8";
};
nativeBuildInputs = [ meson ninja ];
installPhase = ''
mkdir -p $out
cp bios.bin bios.bin.elf $out/.
'';
hardeningDisable = [ "stackprotector" "pic" ];
passthru.tests = { qboot = nixosTests.qboot; };
meta = {
description = "A simple x86 firmware for booting Linux";
homepage = "https://github.com/bonzini/qboot";
license = lib.licenses.gpl2;
maintainers = with lib.maintainers; [ tstrobel ];
platforms = [ "x86_64-linux" "i686-linux" ];
};
}

79
pkgs/applications/virtualization/qemu/binfmt-p-wrapper.c Normal file
View file

@ -0,0 +1,79 @@
// This is a tiny wrapper that converts the extra arv[0] argument
// from binfmt-misc with the P flag enabled to QEMU parameters.
// It also prevents LD_* environment variables from being applied
// to QEMU itself.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifndef TARGET_QEMU
#error "Define TARGET_QEMU to be the path to the qemu-user binary (e.g., -DTARGET_QEMU=\"/full/path/to/qemu-riscv64\")"
#endif
extern char **environ;
int main(int argc, char *argv[]) {
if (argc < 3) {
fprintf(stderr, "%s: This should be run as the binfmt interpreter with the P flag\n", argv[0]);
fprintf(stderr, "%s: My preconfigured qemu-user binary: %s\n", argv[0], TARGET_QEMU);
return 1;
}
size_t environ_count = 0;
for (char **cur = environ; *cur != NULL; ++cur) {
environ_count++;
}
size_t new_argc = 3;
size_t new_argv_alloc = argc + 2 * environ_count + 2; // [ "-E", env ] for each LD_* env + [ "-0", argv0 ]
char **new_argv = (char**)malloc((new_argv_alloc + 1) * sizeof(char*));
if (!new_argv) {
fprintf(stderr, "FATAL: Failed to allocate new argv array\n");
abort();
}
new_argv[0] = TARGET_QEMU;
new_argv[1] = "-0";
new_argv[2] = argv[2];
// Pass all LD_ env variables as -E and strip them in `new_environ`
size_t new_environc = 0;
char **new_environ = (char**)malloc((environ_count + 1) * sizeof(char*));
if (!new_environ) {
fprintf(stderr, "FATAL: Failed to allocate new environ array\n");
abort();
}
for (char **cur = environ; *cur != NULL; ++cur) {
if (strncmp("LD_", *cur, 3) == 0) {
new_argv[new_argc++] = "-E";
new_argv[new_argc++] = *cur;
} else {
new_environ[new_environc++] = *cur;
}
}
new_environ[new_environc] = NULL;
size_t new_arg_start = new_argc;
new_argc += argc - 3 + 2; // [ "--", full_binary_path ]
if (argc > 3) {
memcpy(&new_argv[new_arg_start + 2], &argv[3], (argc - 3) * sizeof(char**));
}
new_argv[new_arg_start] = "--";
new_argv[new_arg_start + 1] = argv[1];
new_argv[new_argc] = NULL;
#ifdef DEBUG
for (size_t i = 0; i < new_argc; ++i) {
fprintf(stderr, "argv[%zu] = %s\n", i, new_argv[i]);
}
#endif
return execve(new_argv[0], new_argv, new_environ);
}
// vim: et:ts=4:sw=4

31
pkgs/applications/virtualization/qemu/binfmt-p-wrapper.nix Normal file
View file

@ -0,0 +1,31 @@
# binfmt preserve-argv[0] wrapper
#
# More details in binfmt-p-wrapper.c
#
# The wrapper has to be static so LD_* environment variables
# cannot affect the execution of the wrapper itself.
{ lib, stdenv, pkgsStatic, enableDebug ? false }:
name: emulator:
pkgsStatic.stdenv.mkDerivation {
inherit name;
src = ./binfmt-p-wrapper.c;
dontUnpack = true;
dontInstall = true;
buildPhase = ''
runHook preBuild
mkdir -p $out/bin
$CC -o $out/bin/${name} -static -std=c99 -O2 \
-DTARGET_QEMU=\"${emulator}\" \
${lib.optionalString enableDebug "-DDEBUG"} \
$src
runHook postBuild
'';
}

268
pkgs/applications/virtualization/qemu/default.nix Normal file
View file

@ -0,0 +1,268 @@
{ lib, stdenv, fetchurl, fetchpatch, python3, python3Packages, zlib, pkg-config, glib, buildPackages
, perl, pixman, vde2, alsa-lib, texinfo, flex
, bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool
, makeWrapper, runtimeShell, removeReferencesTo
, attr, libcap, libcap_ng, socat
, CoreServices, Cocoa, Hypervisor, rez, setfile
, guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
, seccompSupport ? stdenv.isLinux, libseccomp
, alsaSupport ? lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner
, pulseSupport ? !stdenv.isDarwin && !nixosTestRunner, libpulseaudio
, sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2, SDL2_image
, jackSupport ? !stdenv.isDarwin && !nixosTestRunner, libjack2
, gtkSupport ? !stdenv.isDarwin && !xenSupport && !nixosTestRunner, gtk3, gettext, vte, wrapGAppsHook
, vncSupport ? !nixosTestRunner, libjpeg, libpng
, smartcardSupport ? !nixosTestRunner, libcacard
, spiceSupport ? !stdenv.isDarwin && !nixosTestRunner, spice, spice-protocol
, ncursesSupport ? !nixosTestRunner, ncurses
, usbredirSupport ? spiceSupport, usbredir
, xenSupport ? false, xen
, cephSupport ? false, ceph
, glusterfsSupport ? false, glusterfs, libuuid
, openGLSupport ? sdlSupport, mesa, libepoxy, libdrm
, virglSupport ? openGLSupport, virglrenderer
, libiscsiSupport ? true, libiscsi
, smbdSupport ? false, samba
, tpmSupport ? true
, uringSupport ? stdenv.isLinux, liburing
, hostCpuOnly ? false
, hostCpuTargets ? (if hostCpuOnly
then (lib.optional stdenv.isx86_64 "i386-softmmu"
++ ["${stdenv.hostPlatform.qemuArch}-softmmu"])
else null)
, nixosTestRunner ? false
, doCheck ? false
, qemu # for passthru.tests
}:
stdenv.mkDerivation rec {
pname = "qemu"
+ lib.optionalString xenSupport "-xen"
+ lib.optionalString hostCpuOnly "-host-cpu-only"
+ lib.optionalString nixosTestRunner "-for-vm-tests";
version = "7.0.0";
src = fetchurl {
url= "https://download.qemu.org/qemu-${version}.tar.xz";
sha256 = "sha256-9rN1x5UfcoQCeYsLqrsthkeMpT1Eztvvq74cRr9G+Dk=";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ makeWrapper removeReferencesTo pkg-config flex bison meson ninja perl python3 python3Packages.sphinx python3Packages.sphinx_rtd_theme ]
++ lib.optionals gtkSupport [ wrapGAppsHook ]
++ lib.optionals stdenv.isDarwin [ sigtool ];
buildInputs = [ zlib glib perl pixman
vde2 texinfo lzo snappy libtasn1
gnutls nettle curl
]
++ lib.optionals ncursesSupport [ ncurses ]
++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ]
++ lib.optionals seccompSupport [ libseccomp ]
++ lib.optionals numaSupport [ numactl ]
++ lib.optionals alsaSupport [ alsa-lib ]
++ lib.optionals pulseSupport [ libpulseaudio ]
++ lib.optionals sdlSupport [ SDL2 SDL2_image ]
++ lib.optionals jackSupport [ libjack2 ]
++ lib.optionals gtkSupport [ gtk3 gettext vte ]
++ lib.optionals vncSupport [ libjpeg libpng ]
++ lib.optionals smartcardSupport [ libcacard ]
++ lib.optionals spiceSupport [ spice-protocol spice ]
++ lib.optionals usbredirSupport [ usbredir ]
++ lib.optionals stdenv.isLinux [ libaio libcap_ng libcap attr ]
++ lib.optionals xenSupport [ xen ]
++ lib.optionals cephSupport [ ceph ]
++ lib.optionals glusterfsSupport [ glusterfs libuuid ]
++ lib.optionals openGLSupport [ mesa libepoxy libdrm ]
++ lib.optionals virglSupport [ virglrenderer ]
++ lib.optionals libiscsiSupport [ libiscsi ]
++ lib.optionals smbdSupport [ samba ]
++ lib.optionals uringSupport [ liburing ];
dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build
outputs = [ "out" ] ++ lib.optional guestAgentSupport "ga";
# On aarch64-linux we would shoot over the Hydra's 2G output limit.
separateDebugInfo = !(stdenv.isAarch64 && stdenv.isLinux);
patches = [
./fix-qemu-ga.patch
# QEMU upstream does not demand compatibility to pre-10.13, so 9p-darwin
# support on nix requires utimensat fallback. The patch adding this fallback
# set was removed during the process of upstreaming this functionality, and
# will still be needed in nix until the macOS SDK reaches 10.13+.
./provide-fallback-for-utimensat.patch
# Cocoa clipboard support only works on macOS 10.14+
./revert-ui-cocoa-add-clipboard-support.patch
# Standard about panel requires AppKit and macOS 10.13+
(fetchpatch {
url = "https://gitlab.com/qemu-project/qemu/-/commit/99eb313ddbbcf73c1adcdadceba1423b691c6d05.diff";
sha256 = "sha256-gTRf9XENAfbFB3asYCXnw4OV4Af6VE1W56K2xpYDhgM=";
revert = true;
})
# Workaround for upstream issue with nested virtualisation: https://gitlab.com/qemu-project/qemu/-/issues/1008
(fetchpatch {
url = "https://gitlab.com/qemu-project/qemu/-/commit/3e4546d5bd38a1e98d4bd2de48631abf0398a3a2.diff";
sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E=";
revert = true;
})
# make nixos tests that boot from USB more stable
# https://lists.nongnu.org/archive/html/qemu-devel/2022-05/msg01484.html
(fetchpatch {
url = "https://gitlab.com/raboof/qemu/-/commit/3fb5e8fe4434130b1167a995b2a01c077cca2cd5.patch";
sha256 = "sha256-evzrN3i4ntc/AFG0C0rezQpQbWcnx74nXO+5DLErX8o=";
})
]
++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;
postPatch = ''
# Otherwise tries to ensure /var/run exists.
sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \
qga/meson.build
# glibc 2.33 compat fix: if `has_statx = true` is set, `tools/virtiofsd/passthrough_ll.c` will
# rely on `stx_mnt_id`[1] which is not part of glibc's `statx`-struct definition.
#
# `has_statx` will be set to `true` if a simple C program which uses a few `statx`
# consts & struct fields successfully compiles. It seems as this only builds on glibc-2.33
# since most likely[2] and because of that, the problematic code-path will be used.
#
# [1] https://github.com/torvalds/linux/commit/fa2fcf4f1df1559a0a4ee0f46915b496cc2ebf60#diff-64bab5a0a3fcb55e1a6ad77b1dfab89d2c9c71a770a07ecf44e6b82aae76a03a
# [2] https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=io/bits/statx-generic.h;h=c34697e3c1fd79cddd60db294302e461ed8db6e2;hp=7a09e94be2abb92d2df612090c132e686a24d764;hb=88a2cf6c4bab6e94a65e9c0db8813709372e9180;hpb=c4e4b2e149705559d28b16a9b47ba2f6142d6a6c
substituteInPlace meson.build \
--replace 'has_statx = cc.links(statx_test)' 'has_statx = false'
'';
preConfigure = ''
unset CPP # intereferes with dependency calculation
# this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang
chmod +x ./scripts/shaderinclude.pl
patchShebangs .
# avoid conflicts with libc++ include for <version>
mv VERSION QEMU_VERSION
substituteInPlace configure \
--replace '$source_path/VERSION' '$source_path/QEMU_VERSION'
substituteInPlace meson.build \
--replace "'VERSION'" "'QEMU_VERSION'"
'';
configureFlags = [
"--disable-strip" # We'll strip ourselves after separating debug info.
"--enable-docs"
"--enable-tools"
"--localstatedir=/var"
"--sysconfdir=/etc"
# Always use our Meson, not the bundled version, which doesn't
# have our patches and will be subtly broken because of that.
"--meson=meson"
"--cross-prefix=${stdenv.cc.targetPrefix}"
"--cpu=${stdenv.hostPlatform.uname.processor}"
(lib.enableFeature guestAgentSupport "guest-agent")
] ++ lib.optional numaSupport "--enable-numa"
++ lib.optional seccompSupport "--enable-seccomp"
++ lib.optional smartcardSupport "--enable-smartcard"
++ lib.optional spiceSupport "--enable-spice"
++ lib.optional usbredirSupport "--enable-usb-redir"
++ lib.optional (hostCpuTargets != null) "--target-list=${lib.concatStringsSep "," hostCpuTargets}"
++ lib.optional stdenv.isDarwin "--enable-cocoa"
++ lib.optional stdenv.isDarwin "--enable-hvf"
++ lib.optional stdenv.isLinux "--enable-linux-aio"
++ lib.optional gtkSupport "--enable-gtk"
++ lib.optional xenSupport "--enable-xen"
++ lib.optional cephSupport "--enable-rbd"
++ lib.optional glusterfsSupport "--enable-glusterfs"
++ lib.optional openGLSupport "--enable-opengl"
++ lib.optional virglSupport "--enable-virglrenderer"
++ lib.optional tpmSupport "--enable-tpm"
++ lib.optional libiscsiSupport "--enable-libiscsi"
++ lib.optional smbdSupport "--smbd=${samba}/bin/smbd"
++ lib.optional uringSupport "--enable-linux-io-uring";
dontWrapGApps = true;
# QEMU attaches entitlements with codesign and strip removes those,
# voiding the entitlements and making it non-operational.
# The alternative is to re-sign with entitlements after stripping:
# * https://github.com/qemu/qemu/blob/v6.1.0/scripts/entitlement.sh#L25
dontStrip = stdenv.isDarwin;
postFixup = ''
# the .desktop is both invalid and pointless
rm -f $out/share/applications/qemu.desktop
'' + lib.optionalString guestAgentSupport ''
# move qemu-ga (guest agent) to separate output
mkdir -p $ga/bin
mv $out/bin/qemu-ga $ga/bin/
ln -s $ga/bin/qemu-ga $out/bin
remove-references-to -t $out $ga/bin/qemu-ga
'' + lib.optionalString gtkSupport ''
# wrap GTK Binaries
for f in $out/bin/qemu-system-*; do
wrapGApp $f
done
'';
preBuild = "cd build";
# tests can still timeout on slower systems
inherit doCheck;
checkInputs = [ socat ];
preCheck = ''
# time limits are a little meagre for a build machine that's
# potentially under load.
substituteInPlace ../tests/unit/meson.build \
--replace 'timeout: slow_tests' 'timeout: 50 * slow_tests'
substituteInPlace ../tests/qtest/meson.build \
--replace 'timeout: slow_qtests' 'timeout: 50 * slow_qtests'
substituteInPlace ../tests/fp/meson.build \
--replace 'timeout: 90)' 'timeout: 300)'
# point tests towards correct binaries
substituteInPlace ../tests/unit/test-qga.c \
--replace '/bin/echo' "$(type -P echo)"
substituteInPlace ../tests/unit/test-io-channel-command.c \
--replace '/bin/socat' "$(type -P socat)"
# combined with a long package name, some temp socket paths
# can end up exceeding max socket name len
substituteInPlace ../tests/qtest/bios-tables-test.c \
--replace 'qemu-test_acpi_%s_tcg_%s' '%s_%s'
# get-fsinfo attempts to access block devices, disallowed by sandbox
sed -i -e '/\/qga\/get-fsinfo/d' -e '/\/qga\/blacklist/d' \
../tests/unit/test-qga.c
'' + lib.optionalString stdenv.isDarwin ''
# skip test that stalls on darwin, perhaps due to subtle differences
# in fifo behaviour
substituteInPlace ../tests/unit/meson.build \
--replace "'test-io-channel-command'" "#'test-io-channel-command'"
'';
# Add a qemu-kvm wrapper for compatibility/convenience.
postInstall = ''
ln -s $out/libexec/virtiofsd $out/bin
ln -s $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} $out/bin/qemu-kvm
'';
passthru = {
qemu-system-i386 = "bin/qemu-system-i386";
tests = {
qemu-tests = qemu.override { doCheck = true; };
};
};
# Builds in ~3h with 2 cores, and ~20m with a big-parallel builder.
requiredSystemFeatures = [ "big-parallel" ];
meta = with lib; {
homepage = "http://www.qemu.org/";
description = "A generic and open source machine emulator and virtualizer";
license = licenses.gpl2Plus;
mainProgram = "qemu-kvm";
maintainers = with maintainers; [ eelco qyliss ];
platforms = platforms.unix;
priority = 10; # Prefer virtiofsd from the virtiofsd package.
};
}

36
pkgs/applications/virtualization/qemu/fix-qemu-ga.patch Normal file
View file

@ -0,0 +1,36 @@
diff -Naur a/qga/commands-posix.c b/qga/commands-posix.c
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -109,6 +109,8 @@
reopen_fd_to_null(1);
reopen_fd_to_null(2);
+ execle("/run/current-system/sw/bin/shutdown", "shutdown", "-h", shutdown_flag, "+0",
+ "hypervisor initiated shutdown", (char*)NULL, environ);
execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0",
"hypervisor initiated shutdown", (char*)NULL, environ);
_exit(EXIT_FAILURE);
@@ -157,11 +159,13 @@
pid_t pid;
Error *local_err = NULL;
struct timeval tv;
+ static const char hwclock_path_nix[] = "/run/current-system/sw/bin/hwclock";
static const char hwclock_path[] = "/sbin/hwclock";
static int hwclock_available = -1;
if (hwclock_available < 0) {
- hwclock_available = (access(hwclock_path, X_OK) == 0);
+ hwclock_available = (access(hwclock_path_nix, X_OK) == 0) ||
+ (access(hwclock_path, X_OK) == 0);
}
if (!hwclock_available) {
@@ -207,6 +211,8 @@
/* Use '/sbin/hwclock -w' to set RTC from the system time,
* or '/sbin/hwclock -s' to set the system time from RTC. */
+ execle(hwclock_path_nix, "hwclock", has_time ? "-w" : "-s",
+ NULL, environ);
execle(hwclock_path, "hwclock", has_time ? "-w" : "-s",
NULL, environ);
_exit(EXIT_FAILURE);

81
pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch Normal file
View file

@ -0,0 +1,81 @@
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 45e9a1f9b0..494ee00c66 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags)
#define VIRTFS_META_DIR ".virtfs_metadata"
+static int is_in_store_path(const char *path)
+{
+ static char *store_path = NULL;
+ int store_path_len = -1;
+
+ if (store_path_len == -1) {
+ if ((store_path = getenv("NIX_STORE")) != NULL)
+ store_path_len = strlen(store_path);
+ else
+ store_path_len = 0;
+ }
+
+ if (store_path_len > 0)
+ return strncmp(path, store_path, strlen(store_path)) == 0;
+ return 0;
+}
+
static FILE *local_fopenat(int dirfd, const char *name, const char *mode)
{
int fd, o_mode = 0;
@@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
if (err) {
goto err_out;
}
+ stbuf->st_uid = 0;
+ stbuf->st_gid = 0;
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
@@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode)
{
int fd, ret;
+ if (is_in_store_path(name))
+ return 0;
+
/* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW).
* Unfortunately, the linux kernel doesn't implement it yet. As an
* alternative, let's open the file and use fchmod() instead. This
@@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,
if (err) {
return err;
}
+ stbuf->st_uid = 0;
+ stbuf->st_gid = 0;
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
@@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
if (err) {
goto out;
}
- err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
- AT_SYMLINK_NOFOLLOW);
+ if (is_in_store_path(name))
+ err = 0;
+ else
+ err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
+ AT_SYMLINK_NOFOLLOW);
if (err == -1) {
/*
* If we fail to change ownership and if we are
@@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
goto out;
}
- if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
+ if (is_in_store_path(name)) {
+ ret = 0;
+ } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
(fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,

190
pkgs/applications/virtualization/qemu/provide-fallback-for-utimensat.patch Normal file
View file

@ -0,0 +1,190 @@
From 747a741772cde6bb340eb8bdb493390280de8d16 Mon Sep 17 00:00:00 2001
From: Keno Fischer <keno@juliacomputing.com>
Date: Sat, 16 Jun 2018 20:56:54 -0400
Subject: [PATCH] 9p: darwin: Provide fallback impl for utimensat
This function is new in Mac OS 10.13. Provide a fallback implementation
when building against older SDKs. The complication in the definition comes
having to separately handle the used SDK version and the target OS version.
- If the SDK version is too low (__MAC_10_13 not defined), utimensat is not
defined in the header, so we must not try to use it (doing so would error).
- Otherwise, if the targetted OS version is at least 10.13, we know this
function is available, so we can unconditionally call it.
- Lastly, we check for the availability of the __builtin_available macro to
potentially insert a dynamic check for this OS version. However, __builtin_available
is only available with sufficiently recent versions of clang and while all
Apple clang versions that ship with Xcode versions that support the 10.13
SDK support with builtin, we want to allow building with compilers other
than Apple clang that may not support this builtin.
Signed-off-by: Keno Fischer <keno@juliacomputing.com>
Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com>
Signed-off-by: Will Cohen <wwcohen@gmail.com>
---
hw/9pfs/9p-local.c | 2 +-
hw/9pfs/9p-util-darwin.c | 96 ++++++++++++++++++++++++++++++++++++++++
hw/9pfs/9p-util-linux.c | 6 +++
hw/9pfs/9p-util.h | 8 ++++
4 files changed, 111 insertions(+), 1 deletion(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index d42ce6d8b8..b2c1fa42e1 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -1085,7 +1085,7 @@ static int local_utimensat(FsContext *s, V9fsPath *fs_path,
goto out;
}
- ret = utimensat(dirfd, name, buf, AT_SYMLINK_NOFOLLOW);
+ ret = utimensat_nofollow(dirfd, name, buf);
close_preserve_errno(dirfd);
out:
g_free(dirpath);
diff --git a/hw/9pfs/9p-util-darwin.c b/hw/9pfs/9p-util-darwin.c
index bec0253474..2fc0475292 100644
--- a/hw/9pfs/9p-util-darwin.c
+++ b/hw/9pfs/9p-util-darwin.c
@@ -95,3 +95,99 @@ int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t dev)
}
#endif
+
+#ifndef __has_builtin
+#define __has_builtin(x) 0
+#endif
+
+static int update_times_from_stat(int fd, struct timespec times[2],
+ int update0, int update1)
+{
+ struct stat buf;
+ int ret = fstat(fd, &buf);
+ if (ret == -1) {
+ return ret;
+ }
+ if (update0) {
+ times[0] = buf.st_atimespec;
+ }
+ if (update1) {
+ times[1] = buf.st_mtimespec;
+ }
+ return 0;
+}
+
+int utimensat_nofollow(int dirfd, const char *filename,
+ const struct timespec times_in[2])
+{
+ int ret, fd;
+ int special0, special1;
+ struct timeval futimes_buf[2];
+ struct timespec times[2];
+ memcpy(times, times_in, 2 * sizeof(struct timespec));
+
+/* Check whether we have an SDK version that defines utimensat */
+#if defined(__MAC_10_13)
+# if __MAC_OS_X_VERSION_MIN_REQUIRED >= __MAC_10_13
+# define UTIMENSAT_AVAILABLE 1
+# elif __has_builtin(__builtin_available)
+# define UTIMENSAT_AVAILABLE __builtin_available(macos 10.13, *)
+# else
+# define UTIMENSAT_AVAILABLE 0
+# endif
+ if (UTIMENSAT_AVAILABLE) {
+ return utimensat(dirfd, filename, times, AT_SYMLINK_NOFOLLOW);
+ }
+#endif
+
+ /* utimensat not available. Use futimes. */
+ fd = openat_file(dirfd, filename, O_PATH_9P_UTIL | O_NOFOLLOW, 0);
+ if (fd == -1) {
+ return -1;
+ }
+
+ special0 = times[0].tv_nsec == UTIME_OMIT;
+ special1 = times[1].tv_nsec == UTIME_OMIT;
+ if (special0 || special1) {
+ /* If both are set, nothing to do */
+ if (special0 && special1) {
+ ret = 0;
+ goto done;
+ }
+
+ ret = update_times_from_stat(fd, times, special0, special1);
+ if (ret < 0) {
+ goto done;
+ }
+ }
+
+ special0 = times[0].tv_nsec == UTIME_NOW;
+ special1 = times[1].tv_nsec == UTIME_NOW;
+ if (special0 || special1) {
+ ret = futimes(fd, NULL);
+ if (ret < 0) {
+ goto done;
+ }
+
+ /* If both are set, we are done */
+ if (special0 && special1) {
+ ret = 0;
+ goto done;
+ }
+
+ ret = update_times_from_stat(fd, times, special0, special1);
+ if (ret < 0) {
+ goto done;
+ }
+ }
+
+ futimes_buf[0].tv_sec = times[0].tv_sec;
+ futimes_buf[0].tv_usec = times[0].tv_nsec / 1000;
+ futimes_buf[1].tv_sec = times[1].tv_sec;
+ futimes_buf[1].tv_usec = times[1].tv_nsec / 1000;
+ ret = futimes(fd, futimes_buf);
+
+done:
+ close_preserve_errno(fd);
+ return ret;
+}
diff --git a/hw/9pfs/9p-util-linux.c b/hw/9pfs/9p-util-linux.c
index db451b0784..320697f347 100644
--- a/hw/9pfs/9p-util-linux.c
+++ b/hw/9pfs/9p-util-linux.c
@@ -68,3 +68,9 @@ int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t dev)
{
return mknodat(dirfd, filename, mode, dev);
}
+
+int utimensat_nofollow(int dirfd, const char *filename,
+ const struct timespec times[2])
+{
+ return utimensat(dirfd, filename, times, AT_SYMLINK_NOFOLLOW);
+}
diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
index 97e681e167..fd50d6243a 100644
--- a/hw/9pfs/9p-util.h
+++ b/hw/9pfs/9p-util.h
@@ -36,6 +36,12 @@ static inline int qemu_lsetxattr(const char *path, const char *name,
#define qemu_lsetxattr lsetxattr
#endif
+/* Compatibility with old SDK Versions for Darwin */
+#if defined(CONFIG_DARWIN) && !defined(UTIME_NOW)
+#define UTIME_NOW -1
+#define UTIME_OMIT -2
+#endif
+
static inline void close_preserve_errno(int fd)
{
int serrno = errno;
@@ -98,6 +104,8 @@ ssize_t flistxattrat_nofollow(int dirfd, const char *filename,
char *list, size_t size);
ssize_t fremovexattrat_nofollow(int dirfd, const char *filename,
const char *name);
+int utimensat_nofollow(int dirfd, const char *filename,
+ const struct timespec times[2]);
/*
* Darwin has d_seekoff, which appears to function similarly to d_off.
--
2.35.1

208
pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch Normal file
View file

@ -0,0 +1,208 @@
From 19b0952b36b6b5c4bd2665cc0bd4e55a85f81b55 Mon Sep 17 00:00:00 2001
From: Will Cohen <willcohen@users.noreply.github.com>
Date: Tue, 29 Mar 2022 14:00:56 -0400
Subject: [PATCH] Revert "ui/cocoa: Add clipboard support"
This reverts commit 7e3e20d89129614f4a7b2451fe321cc6ccca3b76.
---
include/ui/clipboard.h | 2 +-
ui/clipboard.c | 2 +-
ui/cocoa.m | 121 -----------------------------------------
3 files changed, 2 insertions(+), 123 deletions(-)
diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h
index ce76aa451f..c4e1dc4ff4 100644
--- a/include/ui/clipboard.h
+++ b/include/ui/clipboard.h
@@ -269,7 +269,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
QemuClipboardInfo *info,
QemuClipboardType type,
uint32_t size,
- const void *data,
+ void *data,
bool update);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuClipboardInfo, qemu_clipboard_info_unref)
diff --git a/ui/clipboard.c b/ui/clipboard.c
index 9079ef829b..6b9ed59e1b 100644
--- a/ui/clipboard.c
+++ b/ui/clipboard.c
@@ -140,7 +140,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
QemuClipboardInfo *info,
QemuClipboardType type,
uint32_t size,
- const void *data,
+ void *data,
bool update)
{
if (!info ||
diff --git a/ui/cocoa.m b/ui/cocoa.m
index c4e5468f9e..cd3bdf0cec 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -28,7 +28,6 @@
#include <crt_externs.h>
#include "qemu-common.h"
-#include "ui/clipboard.h"
#include "ui/console.h"
#include "ui/input.h"
#include "ui/kbd-state.h"
@@ -107,10 +106,6 @@ static void cocoa_switch(DisplayChangeListener *dcl,
static QemuSemaphore app_started_sem;
static bool allow_events;
-static NSInteger cbchangecount = -1;
-static QemuClipboardInfo *cbinfo;
-static QemuEvent cbevent;
-
// Utility functions to run specified code block with iothread lock held
typedef void (^CodeBlock)(void);
typedef bool (^BoolCodeBlock)(void);
@@ -1805,105 +1800,6 @@ static void addRemovableDevicesMenuItems(void)
qapi_free_BlockInfoList(pointerToFree);
}
-@interface QemuCocoaPasteboardTypeOwner : NSObject<NSPasteboardTypeOwner>
-@end
-
-@implementation QemuCocoaPasteboardTypeOwner
-
-- (void)pasteboard:(NSPasteboard *)sender provideDataForType:(NSPasteboardType)type
-{
- if (type != NSPasteboardTypeString) {
- return;
- }
-
- with_iothread_lock(^{
- QemuClipboardInfo *info = qemu_clipboard_info_ref(cbinfo);
- qemu_event_reset(&cbevent);
- qemu_clipboard_request(info, QEMU_CLIPBOARD_TYPE_TEXT);
-
- while (info == cbinfo &&
- info->types[QEMU_CLIPBOARD_TYPE_TEXT].available &&
- info->types[QEMU_CLIPBOARD_TYPE_TEXT].data == NULL) {
- qemu_mutex_unlock_iothread();
- qemu_event_wait(&cbevent);
- qemu_mutex_lock_iothread();
- }
-
- if (info == cbinfo) {
- NSData *data = [[NSData alloc] initWithBytes:info->types[QEMU_CLIPBOARD_TYPE_TEXT].data
- length:info->types[QEMU_CLIPBOARD_TYPE_TEXT].size];
- [sender setData:data forType:NSPasteboardTypeString];
- [data release];
- }
-
- qemu_clipboard_info_unref(info);
- });
-}
-
-@end
-
-static QemuCocoaPasteboardTypeOwner *cbowner;
-
-static void cocoa_clipboard_notify(Notifier *notifier, void *data);
-static void cocoa_clipboard_request(QemuClipboardInfo *info,
- QemuClipboardType type);
-
-static QemuClipboardPeer cbpeer = {
- .name = "cocoa",
- .notifier = { .notify = cocoa_clipboard_notify },
- .request = cocoa_clipboard_request
-};
-
-static void cocoa_clipboard_update_info(QemuClipboardInfo *info)
-{
- if (info->owner == &cbpeer || info->selection != QEMU_CLIPBOARD_SELECTION_CLIPBOARD) {
- return;
- }
-
- if (info != cbinfo) {
- NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
- qemu_clipboard_info_unref(cbinfo);
- cbinfo = qemu_clipboard_info_ref(info);
- cbchangecount = [[NSPasteboard generalPasteboard] declareTypes:@[NSPasteboardTypeString] owner:cbowner];
- [pool release];
- }
-
- qemu_event_set(&cbevent);
-}
-
-static void cocoa_clipboard_notify(Notifier *notifier, void *data)
-{
- QemuClipboardNotify *notify = data;
-
- switch (notify->type) {
- case QEMU_CLIPBOARD_UPDATE_INFO:
- cocoa_clipboard_update_info(notify->info);
- return;
- case QEMU_CLIPBOARD_RESET_SERIAL:
- /* ignore */
- return;
- }
-}
-
-static void cocoa_clipboard_request(QemuClipboardInfo *info,
- QemuClipboardType type)
-{
- NSData *text;
-
- switch (type) {
- case QEMU_CLIPBOARD_TYPE_TEXT:
- text = [[NSPasteboard generalPasteboard] dataForType:NSPasteboardTypeString];
- if (text) {
- qemu_clipboard_set_data(&cbpeer, info, type,
- [text length], [text bytes], true);
- [text release];
- }
- break;
- default:
- break;
- }
-}
-
/*
* The startup process for the OSX/Cocoa UI is complicated, because
* OSX insists that the UI runs on the initial main thread, and so we
@@ -1938,7 +1834,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info,
COCOA_DEBUG("Second thread: calling qemu_main()\n");
status = qemu_main(gArgc, gArgv, *_NSGetEnviron());
COCOA_DEBUG("Second thread: qemu_main() returned, exiting\n");
- [cbowner release];
exit(status);
}
@@ -2054,18 +1949,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl)
[cocoaView setAbsoluteEnabled:YES];
});
}
-
- if (cbchangecount != [[NSPasteboard generalPasteboard] changeCount]) {
- qemu_clipboard_info_unref(cbinfo);
- cbinfo = qemu_clipboard_info_new(&cbpeer, QEMU_CLIPBOARD_SELECTION_CLIPBOARD);
- if ([[NSPasteboard generalPasteboard] availableTypeFromArray:@[NSPasteboardTypeString]]) {
- cbinfo->types[QEMU_CLIPBOARD_TYPE_TEXT].available = true;
- }
- qemu_clipboard_update(cbinfo);
- cbchangecount = [[NSPasteboard generalPasteboard] changeCount];
- qemu_event_set(&cbevent);
- }
-
[pool release];
}
@@ -2105,10 +1988,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts)
// register vga output callbacks
register_displaychangelistener(&dcl);
-
- qemu_event_init(&cbevent, false);
- cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init];
- qemu_clipboard_peer_register(&cbpeer);
}
static QemuDisplay qemu_display_cocoa = {
--
2.35.1

22
pkgs/applications/virtualization/qemu/utils.nix Normal file
View file

@ -0,0 +1,22 @@
{ stdenv, installShellFiles, qemu }:
stdenv.mkDerivation rec {
pname = "qemu-utils";
inherit (qemu) version;
nativeBuildInputs = [ installShellFiles ];
buildInputs = [ qemu ];
unpackPhase = "true";
installPhase = ''
mkdir -p "$out/bin"
cp "${qemu}/bin/qemu-img" "$out/bin/qemu-img"
cp "${qemu}/bin/qemu-io" "$out/bin/qemu-io"
cp "${qemu}/bin/qemu-nbd" "$out/bin/qemu-nbd"
installManPage ${qemu}/share/man/man1/qemu-img.1.gz
installManPage ${qemu}/share/man/man8/qemu-nbd.8.gz
'';
inherit (qemu) meta;
}

45
pkgs/applications/virtualization/qtemu/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, mkDerivation, fetchFromGitLab, pkg-config, qmake, qtbase, qemu }:
mkDerivation rec {
pname = "qtemu";
version = "2.1";
src = fetchFromGitLab {
owner = "qtemu";
repo = "gui";
rev = version;
sha256 = "1555178mkfw0gwmw8bsxmg4339j2ifp0yb4b2f39nxh9hwshg07j";
};
nativeBuildInputs = [
qmake
pkg-config
];
buildInputs = [
qtbase
qemu
];
installPhase = ''
runHook preInstall
# upstream lacks an install method
install -D -t $out/share/applications qtemu.desktop
install -D -t $out/share/pixmaps qtemu.png
install -D -t $out/bin qtemu
# make sure that the qemu-* executables are found
wrapProgram $out/bin/qtemu --prefix PATH : ${lib.makeBinPath [ qemu ]}
runHook postInstall
'';
meta = with lib; {
description = "Qt-based front-end for QEMU emulator";
homepage = "https://qtemu.org";
license = licenses.gpl2;
platforms = with platforms; linux;
maintainers = with maintainers; [ romildo ];
};
}

435
pkgs/applications/virtualization/railcar/cargo-lock.patch Normal file
View file

@ -0,0 +1,435 @@
From 97e1e2ca82c20317a6de1f345d2fb0adcde0b7fd Mon Sep 17 00:00:00 2001
From: Katharina Fey <kookie@spacekookie.de>
Date: Mon, 10 Dec 2018 17:42:58 +0100
Subject: [PATCH] Adding `Cargo.lock` for release `v1.0.4`
---
Cargo.lock | 416 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 416 insertions(+)
create mode 100644 Cargo.lock
diff --git a/Cargo.lock b/Cargo.lock
new file mode 100644
index 0000000..bf6aa0e
--- /dev/null
+++ b/Cargo.lock
@@ -0,0 +1,416 @@
+[[package]]
+name = "ansi_term"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "atty"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "backtrace"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "backtrace-sys"
+version = "0.1.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "bitflags"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "bitflags"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "caps"
+version = "0.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "cc"
+version = "1.0.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "cfg-if"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "clap"
+version = "2.32.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)",
+ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "custom_derive"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "dtoa"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "enum_derive"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "error-chain"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "error-chain"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "itoa"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "lazy_static"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "libc"
+version = "0.2.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "log"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "log"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "nix"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "nix"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.1.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "oci"
+version = "0.1.0"
+dependencies = [
+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "prctl"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "quote"
+version = "0.3.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "railcar"
+version = "1.0.4"
+dependencies = [
+ "caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)",
+ "oci 0.1.0",
+ "prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.1.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "redox_termios"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "rustc-demangle"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "scopeguard"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "seccomp-sys"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "serde"
+version = "0.9.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "serde_codegen_internals"
+version = "0.14.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "serde_derive"
+version = "0.9.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "serde_json"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "strsim"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "syn"
+version = "0.11.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)",
+ "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "synom"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "termion"
+version = "1.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)",
+ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)",
+ "redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "textwrap"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "unicode-width"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "unicode-xid"
+version = "0.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "vec_map"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "void"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "winapi"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[metadata]
+"checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
+"checksum atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "9a7d5b8723950951411ee34d271d99dddcc2035a16ab25310ea2c8cfd4369652"
+"checksum backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "89a47830402e9981c5c41223151efcced65a0510c13097c769cede7efb34782a"
+"checksum backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)" = "c66d56ac8dabd07f6aacdaf633f4b8262f5b3601a810a0dcddffd5c22c69daa0"
+"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d"
+"checksum bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "228047a76f468627ca71776ecdebd732a3423081fcf5125585bcd7c49886ce12"
+"checksum caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2c238ba41e8d1d354c8576228110585046ae379efd7af972932993d5c1d41c7d"
+"checksum cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)" = "f159dfd43363c4d08055a07703eb7a3406b0dac4d0584d96965a3262db3c9d16"
+"checksum cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "082bb9b28e00d3c9d39cc03e64ce4cea0f1bb9b3fde493f0cbc008472d22bdf4"
+"checksum clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b957d88f4b6a63b9d70d5f454ac8011819c6efa7727858f458ab71c756ce2d3e"
+"checksum custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "ef8ae57c4978a2acd8b869ce6b9ca1dfe817bff704c220209fdef2c0b75a01b9"
+"checksum dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6d301140eb411af13d3115f9a562c85cc6b541ade9dfa314132244aaee7489dd"
+"checksum enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "406ac2a8c9eedf8af9ee1489bee9e50029278a6456c740f7454cf8a158abc816"
+"checksum error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9435d864e017c3c6afeac1654189b06cdb491cf2ff73dbf0d73b0f292f42ff8"
+"checksum error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6930e04918388a9a2e41d518c25cf679ccafe26733fb4127dbf21993f2575d46"
+"checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c"
+"checksum lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73"
+"checksum libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)" = "2d2857ec59fadc0773853c664d2d18e7198e83883e7060b63c924cb077bd5c74"
+"checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b"
+"checksum log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c84ec4b527950aa83a329754b01dbe3f58361d1c5efacd1f6d68c494d08a17c6"
+"checksum nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "921f61dc817b379d0834e45d5ec45beaacfae97082090a49c2cf30dcbc30206f"
+"checksum nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "47e49f6982987135c5e9620ab317623e723bd06738fd85377e8d55f57c8b6487"
+"checksum num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31"
+"checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1"
+"checksum prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52"
+"checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a"
+"checksum redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "679da7508e9a6390aeaf7fbd02a800fdc64b73fe2204dd2c8ae66d22d9d5ad5d"
+"checksum redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7e891cfe48e9100a70a3b6eb652fef28920c117d366339687bd5576160db0f76"
+"checksum rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "bcfe5b13211b4d78e5c2cadfebd7769197d95c639c35a50057eb4c05de811395"
+"checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27"
+"checksum seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d4082b110d25cf281ddbf78dc56e1a65c929fd72ac6c2deb1a4c20a23999dfa"
+"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af"
+"checksum serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bc888bd283bd2420b16ad0d860e35ad8acb21941180a83a189bb2046f9d00400"
+"checksum serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "978fd866f4d4872084a81ccc35e275158351d3b9fe620074e7d7504b816b74ba"
+"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1"
+"checksum strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bb4f380125926a99e52bc279241539c018323fab05ad6368b56f93d9369ff550"
+"checksum syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)" = "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad"
+"checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6"
+"checksum termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "689a3bdfaab439fd92bc87df5c4c78417d3cbe537487274e9b0b2dce76e92096"
+"checksum textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "307686869c93e71f94da64286f9a9524c0f308a9e1c87a583de8e9c9039ad3f6"
+"checksum unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "882386231c45df4700b275c7ff55b6f3698780a650026380e72dabe76fa46526"
+"checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc"
+"checksum vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a"
+"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
+"checksum winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "92c1eb33641e276cfa214a0522acad57be5c56b10cb348b3c5117db75f3ac4b0"
+"checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+"checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
--
2.17.2

26
pkgs/applications/virtualization/railcar/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, fetchFromGitHub, rustPlatform, libseccomp }:
rustPlatform.buildRustPackage rec {
pname = "railcar";
version = "1.0.4";
src = fetchFromGitHub {
owner = "oracle";
repo = "railcar";
rev = "v${version}";
sha256 = "09zn160qxd7760ii6rs5nhr00qmaz49x1plclscznxh9hinyjyh9";
};
# Submitted upstream https://github.com/oracle/railcar/pull/44
cargoPatches = [ ./cargo-lock.patch ];
cargoSha256 = "1zsch6gpbw96j5wa68ksbk4x6nbsl7dbvdhdprljpcyrwwkhz47x";
buildInputs = [ libseccomp ];
meta = with lib; {
description = "Rust implementation of the Open Containers Initiative oci-runtime";
homepage = "https://github.com/oracle/railcar";
license = with licenses; [ asl20 /* or */ upl ];
maintainers = [ maintainers.spacekookie ];
};
}

42
pkgs/applications/virtualization/remotebox/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ lib, stdenv, fetchurl, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation rec {
pname = "remotebox";
version = "2.7";
src = fetchurl {
url = "http://remotebox.knobgoblin.org.uk/downloads/RemoteBox-${version}.tar.bz2";
sha256 = "0csf6gd7pqq4abia4z0zpzlq865ri1z0821kjy7p3iawqlfn75pb";
};
buildInputs = with perlPackages; [ perl Glib Gtk2 Pango SOAPLite ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -pv $out/bin
substituteInPlace remotebox --replace "\$Bin/" "\$Bin/../"
install -v -t $out/bin remotebox
wrapProgram $out/bin/remotebox --prefix PERL5LIB : $PERL5LIB
cp -av docs/ share/ $out
mkdir -pv $out/share/applications
cp -pv packagers-readme/*.desktop $out/share/applications
'';
meta = with lib; {
description = "VirtualBox client with remote management";
homepage = "http://remotebox.knobgoblin.org.uk/";
license = licenses.gpl2Plus;
longDescription = ''
VirtualBox is traditionally considered to be a virtualization solution
aimed at the desktop. While it is certainly possible to install
VirtualBox on a server, it offers few remote management features beyond
using the vboxmanage command line.
RemoteBox aims to fill this gap by providing a graphical VirtualBox
client which is able to manage a VirtualBox server installation.
'';
platforms = platforms.all;
};
}

63
pkgs/applications/virtualization/runc/default.nix Normal file
View file

@ -0,0 +1,63 @@
{ lib
, fetchFromGitHub
, buildGoModule
, go-md2man
, installShellFiles
, pkg-config
, which
, libapparmor
, apparmor-parser
, libseccomp
, libselinux
, makeWrapper
, procps
, nixosTests
}:
buildGoModule rec {
pname = "runc";
version = "1.1.2";
src = fetchFromGitHub {
owner = "opencontainers";
repo = "runc";
rev = "v${version}";
sha256 = "sha256-tMneqB81w8lQp5RWWCjALyKbOY3xog+oqb6cYKasG/8=";
};
vendorSha256 = null;
outputs = [ "out" "man" ];
nativeBuildInputs = [ go-md2man installShellFiles makeWrapper pkg-config which ];
buildInputs = [ libselinux libseccomp libapparmor ];
makeFlags = [ "BUILDTAGS+=seccomp" ];
buildPhase = ''
runHook preBuild
patchShebangs .
make ${toString makeFlags} runc man
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm755 runc $out/bin/runc
installManPage man/*/*.[1-9]
wrapProgram $out/bin/runc \
--prefix PATH : ${lib.makeBinPath [ procps ]} \
--prefix PATH : /run/current-system/systemd/bin
runHook postInstall
'';
passthru.tests = { inherit (nixosTests) cri-o docker podman; };
meta = with lib; {
homepage = "https://github.com/opencontainers/runc";
description = "A CLI tool for spawning and running containers according to the OCI specification";
license = licenses.asl20;
maintainers = with maintainers; [ offline ] ++ teams.podman.members;
platforms = platforms.linux;
};
}

50
pkgs/applications/virtualization/seabios/default.nix Normal file
View file

@ -0,0 +1,50 @@
{ lib, stdenv, fetchgit, acpica-tools, python3 }:
stdenv.mkDerivation rec {
pname = "seabios";
version = "1.16.0";
src = fetchgit {
url = "https://git.seabios.org/seabios.git";
rev = "rel-${version}";
sha256 = "0acal1rr7sya86wlhw2mgimabwhjnr0y1pl5zxwb79j8k1w1r8sh";
};
nativeBuildInputs = [ python3 ];
buildInputs = [ acpica-tools ];
strictDeps = true;
hardeningDisable = [ "pic" "stackprotector" "fortify" ];
configurePhase = ''
# build SeaBIOS for CSM
cat > .config << EOF
CONFIG_CSM=y
CONFIG_QEMU_HARDWARE=y
CONFIG_PERMIT_UNALIGNED_PCIROM=y
EOF
make olddefconfig
'';
installPhase = ''
mkdir $out
cp out/Csm16.bin $out/Csm16.bin
'';
meta = with lib; {
description = "Open source implementation of a 16bit X86 BIOS";
longDescription = ''
SeaBIOS is an open source implementation of a 16bit X86 BIOS.
It can run in an emulator or it can run natively on X86 hardware with the use of coreboot.
SeaBIOS is the default BIOS for QEMU and KVM.
'';
homepage = "http://www.seabios.org";
license = licenses.lgpl3;
maintainers = with maintainers; [ tstrobel ];
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

73
pkgs/applications/virtualization/singularity/default.nix Normal file
View file

@ -0,0 +1,73 @@
{ lib
, fetchurl
, util-linux
, gpgme
, openssl
, libuuid
, coreutils
, which
, makeWrapper
, cryptsetup
, squashfsTools
, buildGoPackage}:
with lib;
buildGoPackage rec {
pname = "singularity";
version = "3.8.7";
src = fetchurl {
url = "https://github.com/hpcng/singularity/releases/download/v${version}/singularity-${version}.tar.gz";
sha256 = "sha256-Myny5YP4SoNDyywDgKHWy86vrn0eYztcvK33FD6shZs=";
};
goPackagePath = "github.com/sylabs/singularity";
buildInputs = [ gpgme openssl libuuid ];
nativeBuildInputs = [ util-linux which makeWrapper cryptsetup ];
propagatedBuildInputs = [ coreutils squashfsTools ];
postPatch = ''
substituteInPlace internal/pkg/build/files/copy.go \
--replace /bin/cp ${coreutils}/bin/cp
'';
postConfigure = ''
cd go/src/github.com/sylabs/singularity
patchShebangs .
sed -i 's|defaultPath := "[^"]*"|defaultPath := "${lib.makeBinPath propagatedBuildInputs}"|' cmd/internal/cli/actions.go
./mconfig -V ${version} -p $out --localstatedir=/var
# Don't install SUID binaries
sed -i 's/-m 4755/-m 755/g' builddir/Makefile
'';
buildPhase = ''
runHook preBuild
make -C builddir
runHook postBuild
'';
installPhase = ''
runHook preInstall
make -C builddir install LOCALSTATEDIR=$out/var
chmod 755 $out/libexec/singularity/bin/starter-suid
# Explicitly configure paths in the config file
sed -i 's|^# mksquashfs path =.*$|mksquashfs path = ${lib.makeBinPath [squashfsTools]}/mksquashfs|' $out/etc/singularity/singularity.conf
sed -i 's|^# cryptsetup path =.*$|cryptsetup path = ${lib.makeBinPath [cryptsetup]}/cryptsetup|' $out/etc/singularity/singularity.conf
runHook postInstall
'';
meta = with lib; {
homepage = "http://www.sylabs.io/";
description = "Application containers for linux";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = [ maintainers.jbedo ];
};
}

37
pkgs/applications/virtualization/spice-vdagent/default.nix Normal file
View file

@ -0,0 +1,37 @@
{lib, stdenv, fetchurl, pkg-config, alsa-lib, spice-protocol, glib,
libpciaccess, libxcb, libXrandr, libXinerama, libXfixes, dbus, libdrm,
systemd}:
stdenv.mkDerivation rec {
pname = "spice-vdagent";
version = "0.21.0";
src = fetchurl {
url = "https://www.spice-space.org/download/releases/${pname}-${version}.tar.bz2";
sha256 = "0n8jlc1pv6mkry161y656b1nk9hhhminjq6nymzmmyjl7k95ymzx";
};
# FIXME: May no longer be needed with spice-vdagent versions over 0.21.0
NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations";
postPatch = ''
substituteInPlace data/spice-vdagent.desktop --replace /usr $out
'';
nativeBuildInputs = [ pkg-config ];
buildInputs = [ alsa-lib spice-protocol glib libdrm
libpciaccess libxcb libXrandr libXinerama libXfixes
dbus systemd ] ;
meta = {
description = "Enhanced SPICE integration for linux QEMU guest";
longDescription = ''
Spice agent for linux guests offering
* Client mouse mode
* Copy and paste
* Automatic adjustment of the X-session resolution
to the client resolution
* Multiple displays
'';
homepage = "https://www.spice-space.org/";
license = lib.licenses.gpl3Plus;
maintainers = [ lib.maintainers.aboseley ];
platforms = lib.platforms.linux;
};
}

48
pkgs/applications/virtualization/spike/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ lib, stdenv, fetchFromGitHub, dtc, pkgsCross }:
stdenv.mkDerivation rec {
pname = "spike";
version = "1.1.0";
src = fetchFromGitHub {
owner = "riscv";
repo = "riscv-isa-sim";
rev = "v${version}";
sha256 = "sha256-4D2Fezej0ioOOupw3kgMT5VLs+/jXQjwvek6v0AVMzI=";
};
nativeBuildInputs = [ dtc ];
enableParallelBuilding = true;
postPatch = ''
patchShebangs scripts/*.sh
patchShebangs tests/ebreak.py
'';
doCheck = true;
# To test whether spike is working, we run the RISC-V hello applications using the RISC-V proxy
# kernel on the Spike emulator and see whether we get the expected output.
doInstallCheck = true;
installCheckPhase =
let
riscvPkgs = pkgsCross.riscv64-embedded;
in
''
runHook preInstallCheck
echo -e "#include<stdio.h>\nint main() {printf(\"Hello, world\");return 0;}" > hello.c
${riscvPkgs.stdenv.cc}/bin/riscv64-none-elf-gcc -o hello hello.c
$out/bin/spike -m64 ${riscvPkgs.riscv-pk}/bin/pk hello | grep -Fq "Hello, world"
runHook postInstallCheck
'';
meta = with lib; {
description = "A RISC-V ISA Simulator";
homepage = "https://github.com/riscv/riscv-isa-sim";
license = licenses.bsd3;
platforms = [ "x86_64-linux" "aarch64-linux" ];
maintainers = with maintainers; [ blitz ];
};
}

26
pkgs/applications/virtualization/tini/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, stdenv, fetchFromGitHub, cmake }:
stdenv.mkDerivation rec {
version = "0.19.0";
pname = "tini";
src = fetchFromGitHub {
owner = "krallin";
repo = "tini";
rev = "v${version}";
sha256 ="1hnnvjydg7gi5gx6nibjjdnfipblh84qcpajc08nvr44rkzswck4";
};
postPatch = "sed -i /tini-static/d CMakeLists.txt";
NIX_CFLAGS_COMPILE = "-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37";
nativeBuildInputs = [ cmake ];
meta = with lib; {
description = "A tiny but valid init for containers";
homepage = "https://github.com/krallin/tini";
license = licenses.mit;
platforms = platforms.linux;
};
}

42
pkgs/applications/virtualization/umoci/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ lib
, fetchFromGitHub
, buildGoModule
, go-md2man
, installShellFiles
, bash
}:
buildGoModule rec {
pname = "umoci";
version = "0.4.7";
src = fetchFromGitHub {
owner = "opencontainers";
repo = "umoci";
rev = "v${version}";
sha256 = "0in8kyi4jprvbm3zsl3risbjj8b0ma62yl3rq8rcvcgypx0mn7d4";
};
vendorSha256 = null;
doCheck = false;
ldflags = [ "-s" "-w" "-X main.version=${version}" ];
nativeBuildInputs = [ go-md2man installShellFiles ];
postInstall = ''
substituteInPlace Makefile --replace \
'$(shell which bash)' '${lib.getBin bash}/bin/bash'
make docs
installManPage doc/man/*.[1-9]
'';
meta = with lib; {
description = "umoci modifies Open Container images";
homepage = "https://umo.ci";
license = licenses.asl20;
maintainers = with maintainers; [ zokrezyl ];
platforms = platforms.unix;
};
}

102
pkgs/applications/virtualization/virt-manager/default.nix Normal file
View file

@ -0,0 +1,102 @@
{ lib, fetchFromGitHub, python3, intltool, file, wrapGAppsHook, gtk-vnc
, vte, avahi, dconf, gobject-introspection, libvirt-glib, system-libvirt
, gsettings-desktop-schemas, libosinfo, gnome, gtksourceview4, docutils, cpio
, e2fsprogs, findutils, gzip, cdrtools, xorriso, fetchpatch
, spiceSupport ? true, spice-gtk ? null
}:
python3.pkgs.buildPythonApplication rec {
pname = "virt-manager";
version = "4.0.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-3ycXNBuf91kI2cJCRw0ZzaWkaIVwb/lmkOKeHNwpH9Y=";
};
nativeBuildInputs = [
intltool file
gobject-introspection # for setup hook populating GI_TYPELIB_PATH
docutils
];
buildInputs = [
wrapGAppsHook
libvirt-glib vte dconf gtk-vnc gnome.adwaita-icon-theme avahi
gsettings-desktop-schemas libosinfo gtksourceview4
gobject-introspection # Temporary fix, see https://github.com/NixOS/nixpkgs/issues/56943
] ++ lib.optional spiceSupport spice-gtk;
propagatedBuildInputs = with python3.pkgs; [
pygobject3 libvirt libxml2 requests cdrtools
];
patches = [
# due to a recent change in setuptools-61, "packages=[]" needs to be included
# this patch can hopefully be removed, once virt-manager has an upstream version bump
(fetchpatch {
name = "fix-for-setuptools-61.patch";
url = "https://github.com/virt-manager/virt-manager/commit/46dc0616308a73d1ce3ccc6d716cf8bbcaac6474.patch";
sha256 = "sha256-/RZG+7Pmd7rmxMZf8Fvg09dUggs2MqXZahfRQ5cLcuM=";
})
];
postPatch = ''
sed -i 's|/usr/share/libvirt/cpu_map.xml|${system-libvirt}/share/libvirt/cpu_map.xml|g' virtinst/capabilities.py
sed -i "/'install_egg_info'/d" setup.py
'';
postConfigure = ''
${python3.interpreter} setup.py configure --prefix=$out
'';
setupPyGlobalFlags = [ "--no-update-icon-cache" "--no-compile-schemas" ];
dontWrapGApps = true;
preFixup = ''
glib-compile-schemas $out/share/gsettings-schemas/${pname}-${version}/glib-2.0/schemas
gappsWrapperArgs+=(--set PYTHONPATH "$PYTHONPATH")
# these are called from virt-install in initrdinject.py
gappsWrapperArgs+=(--prefix PATH : "${lib.makeBinPath [ cpio e2fsprogs file findutils gzip ]}")
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
checkInputs = with python3.pkgs; [
pytestCheckHook
cpio
cdrtools
xorriso
];
disabledTests = [
"testAlterDisk"
"test_misc_nonpredicatble_generate"
];
preCheck = ''
export HOME=.
''; # <- Required for "tests/test_urldetect.py".
postCheck = ''
$out/bin/virt-manager --version | grep -Fw ${version} > /dev/null
'';
meta = with lib; {
homepage = "http://virt-manager.org";
description = "Desktop user interface for managing virtual machines";
longDescription = ''
The virt-manager application is a desktop user interface for managing
virtual machines through libvirt. It primarily targets KVM VMs, but also
manages Xen and LXC (linux containers).
'';
license = licenses.gpl2;
# exclude Darwin since libvirt-glib currently doesn't build there
platforms = platforms.linux;
maintainers = with maintainers; [ qknight offline fpletz globin ];
};
}

51
pkgs/applications/virtualization/virt-manager/qt.nix Normal file
View file

@ -0,0 +1,51 @@
{ mkDerivation, lib, fetchFromGitHub, fetchpatch, cmake, pkg-config
, qtbase, qtmultimedia, qtsvg, qttools, krdc
, libvncserver, libvirt, pcre, pixman, qtermwidget, spice-gtk, spice-protocol
, libselinux, libsepol, util-linux
}:
mkDerivation rec {
pname = "virt-manager-qt";
version = "0.72.97";
src = fetchFromGitHub {
owner = "F1ash";
repo = "qt-virt-manager";
rev = version;
sha256 = "0b2bx7ah35glcsiv186sc9cqdrkhg1vs9jz036k9byk61np0cb1i";
};
cmakeFlags = [
"-DBUILD_QT_VERSION=5"
"-DQTERMWIDGET_INCLUDE_DIRS=${qtermwidget}/include/qtermwidget5"
];
patches = [
(fetchpatch {
# drop with next update
url = "https://github.com/F1ash/qt-virt-manager/commit/0d338b037ef58c376d468c1cd4521a34ea181edd.patch";
sha256 = "1wjqyc5wsnxfwwjzgqjr9hcqhd867amwhjd712qyvpvz8x7p2s24";
})
];
buildInputs = [
qtbase qtmultimedia qtsvg krdc
libvirt libvncserver pcre pixman qtermwidget spice-gtk spice-protocol
libselinux libsepol util-linux
];
nativeBuildInputs = [ cmake pkg-config qttools ];
meta = with lib; {
homepage = "https://f1ash.github.io/qt-virt-manager";
description = "Desktop user interface for managing virtual machines (QT)";
longDescription = ''
The virt-manager application is a desktop user interface for managing
virtual machines through libvirt. It primarily targets KVM VMs, but also
manages Xen and LXC (linux containers).
'';
license = licenses.gpl2;
maintainers = with maintainers; [ peterhoeg ];
inherit (qtbase.meta) platforms;
};
}

33
pkgs/applications/virtualization/virt-top/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ lib, stdenv, fetchgit, fetchpatch, ocamlPackages, autoreconfHook }:
stdenv.mkDerivation rec {
pname = "virt-top";
version = "1.0.9";
src = fetchgit {
url = "git://git.annexia.org/virt-top.git";
rev = "v${version}";
sha256 = "0m7pm8lzlpngsj0vjv0hg8l9ck3gvwpva7r472f8f03xpjffwiga";
};
patches = [
(fetchpatch {
name = "ocaml-libvirt-0.6.1.5-fix.patch";
url = "http://git.annexia.org/?p=virt-top.git;a=patch;h=24a461715d5bce47f63cb0097606fc336230589f";
sha256 = "15w7w9iggvlw8m9w8g4h08251wzb3m3zkb58glr7ifsgi3flbn61";
})
];
nativeBuildInputs = [ autoreconfHook ];
buildInputs = with ocamlPackages; [ ocaml findlib ocaml_extlib ocaml_libvirt gettext-stub curses csv xml-light ];
buildPhase = "make opt";
meta = with lib; {
description = "A top-like utility for showing stats of virtualized domains";
homepage = "https://people.redhat.com/~rjones/virt-top/";
license = licenses.gpl2;
maintainers = [ maintainers.volth ];
platforms = platforms.linux;
};
}

105
pkgs/applications/virtualization/virt-viewer/default.nix Normal file
View file

@ -0,0 +1,105 @@
{ lib
, stdenv
, bash-completion
, fetchurl
, fetchpatch
, gdbm ? null
, glib
, gsettings-desktop-schemas
, gtk-vnc
, gtk3
, intltool
, libcap ? null
, libgovirt
, libvirt
, libvirt-glib
, libxml2
, meson
, ninja
, pkg-config
, python3
, shared-mime-info
, spice-gtk ? null
, spice-protocol ? null
, spiceSupport ? true
, vte
, wrapGAppsHook
}:
assert spiceSupport -> (
gdbm != null
&& libcap != null
&& spice-gtk != null
&& spice-protocol != null
);
with lib;
stdenv.mkDerivation rec {
pname = "virt-viewer";
version = "11.0";
src = fetchurl {
url = "https://releases.pagure.org/virt-viewer/virt-viewer-${version}.tar.xz";
sha256 = "sha256-pD+iMlxMHHelyMmAZaww7wURohrJjlkPIjQIabrZq9A=";
};
patches = [
# Fix build with meson 0.61
# https://gitlab.com/virt-viewer/virt-viewer/-/merge_requests/117
(fetchpatch {
url = "https://gitlab.com/virt-viewer/virt-viewer/-/commit/ed19e51407bee53988878a6ebed4e7279d00b1a1.patch";
sha256 = "sha256-3AbnkbhWOh0aNjUkmVoSV/9jFQtvTllOr7plnkntb2o=";
})
];
nativeBuildInputs = [
glib
intltool
meson
ninja
pkg-config
python3
shared-mime-info
wrapGAppsHook
];
buildInputs = [
bash-completion
glib
gsettings-desktop-schemas
gtk-vnc
gtk3
libgovirt
libvirt
libvirt-glib
libxml2
vte
] ++ optionals spiceSupport [
gdbm
libcap
spice-gtk
spice-protocol
];
# Required for USB redirection PolicyKit rules file
propagatedUserEnvPkgs = optional spiceSupport spice-gtk;
strictDeps = true;
postPatch = ''
patchShebangs build-aux/post_install.py
'';
meta = {
description = "A viewer for remote virtual machines";
maintainers = [ maintainers.raskin ];
platforms = platforms.linux;
license = licenses.gpl2;
};
passthru = {
updateInfo = {
downloadPage = "http://virt-manager.org/download.html";
};
};
}

19
pkgs/applications/virtualization/virt-what/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ stdenv, lib, fetchurl }:
stdenv.mkDerivation rec {
pname = "virt-what";
version = "1.21";
src = fetchurl {
url = "https://people.redhat.com/~rjones/virt-what/files/${pname}-${version}.tar.gz";
sha256 = "0yqz1l4di57d4y1z94yhdmkiykg9a8i7xwkqmd9zsk5a6i9lbjqj";
};
meta = with lib; {
description = "Detect if running in a virtual machine and prints its type";
homepage = "https://people.redhat.com/~rjones/virt-what/";
maintainers = with maintainers; [ fpletz ];
license = licenses.gpl2Plus;
platforms = platforms.linux;
};
}

239
pkgs/applications/virtualization/virtualbox/default.nix Normal file
View file

@ -0,0 +1,239 @@
{ config, stdenv, fetchurl, lib, acpica-tools, dev86, pam, libxslt, libxml2, wrapQtAppsHook
, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL
, libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras
, qttools, qtsvg, qtwayland, pkg-config, which, docbook_xsl, docbook_xml_dtd_43
, alsa-lib, curl, libvpx, nettools, dbus, substituteAll, gsoap, zlib
# If open-watcom-bin is not passed, VirtualBox will fall back to use
# the shipped alternative sources (assembly).
, open-watcom-bin
, makeself, perl
, javaBindings ? true, jdk # Almost doesn't affect closure size
, pythonBindings ? false, python3
, extensionPack ? null, fakeroot
, pulseSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio
, enableHardening ? false
, headless ? false
, enable32bitGuests ? true
, enableWebService ? false
}:
with lib;
let
buildType = "release";
# Use maintainers/scripts/update.nix to update the version and all related hashes or
# change the hashes in extpack.nix and guest-additions/default.nix as well manually.
version = "6.1.34";
in stdenv.mkDerivation {
pname = "virtualbox";
inherit version;
src = fetchurl {
url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2";
sha256 = "9c3ce1829432e5b8374f950698587038f45fb0492147dc200e59edb9bb75eb49";
};
outputs = [ "out" "modsrc" ];
nativeBuildInputs = [ pkg-config which docbook_xsl docbook_xml_dtd_43 ]
++ optional (!headless) wrapQtAppsHook;
# Wrap manually because we wrap just a small number of executables.
dontWrapQtApps = true;
buildInputs = [
acpica-tools dev86 libxslt libxml2 xorgproto libX11 libXext libXcursor libIDL
libcap glib lvm2 alsa-lib curl libvpx pam makeself perl
libXmu libpng libopus python3 ]
++ optional javaBindings jdk
++ optional pythonBindings python3 # Python is needed even when not building bindings
++ optional pulseSupport libpulseaudio
++ optionals headless [ libXrandr libGL ]
++ optionals (!headless) [ qtbase qtx11extras libXinerama SDL ]
++ optionals enableWebService [ gsoap zlib ];
hardeningDisable = [ "format" "fortify" "pic" "stackprotector" ];
prePatch = ''
set -x
sed -e 's@MKISOFS --version@MKISOFS -version@' \
-e 's@PYTHONDIR=.*@PYTHONDIR=${lib.optionalString pythonBindings python3}@' \
-e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++11 \1"@' \
${optionalString (!headless) ''
-e 's@TOOLQT5BIN=.*@TOOLQT5BIN="${getDev qtbase}/bin"@' \
''} -i configure
ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2
ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2
grep 'libpulse\.so\.0' src include -rI --files-with-match | xargs sed -i -e '
${optionalString pulseSupport
''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}'
grep 'libdbus-1\.so\.3' src include -rI --files-with-match | xargs sed -i -e '
s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g'
grep 'libasound\.so\.2' src include -rI --files-with-match | xargs sed -i -e '
s@"libasound\.so\.2"@"${alsa-lib.out}/lib/libasound.so.2"@g'
export USER=nix
set +x
'';
patches =
optional enableHardening ./hardened.patch
++ [ ./extra_symbols.patch ]
# When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees
# the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH.
# This is because VirtualBoxVM would detect that it is wrapped that and refuse to run,
# and also because it would unset QT_PLUGIN_PATH for security reasons. We work around
# these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths,
# after the code that unsets it. Note that qtsvg is included so that SVG icons from
# the user's icon theme can be loaded.
++ optional (!headless && enableHardening) (substituteAll {
src = ./qt-env-vars.patch;
qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}";
})
++ [
./qtx11extras.patch
# https://github.com/NixOS/nixpkgs/issues/123851
./fix-audio-driver-loading.patch
# NOTE: both patches below should be removed when updating to 6.1.35
# https://www.virtualbox.org/ticket/20914#comment:6
./linux518.patch
# https://www.virtualbox.org/ticket/20904#comment:22
./ffreestanding.patch
];
postPatch = ''
sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \
src/VBox/HostDrivers/adpctl/VBoxNetAdpCtl.cpp
'' + optionalString headless ''
# Fix compile error in version 6.1.6
substituteInPlace src/VBox/HostServices/SharedClipboard/VBoxSharedClipboardSvc-x11-stubs.cpp \
--replace PSHCLFORMATDATA PSHCLFORMATS
'';
# first line: ugly hack, and it isn't yet clear why it's a problem
configurePhase = ''
NIX_CFLAGS_COMPILE=$(echo "$NIX_CFLAGS_COMPILE" | sed 's,\-isystem ${lib.getDev stdenv.cc.libc}/include,,g')
cat >> LocalConfig.kmk <<LOCAL_CONFIG
VBOX_WITH_TESTCASES :=
VBOX_WITH_TESTSUITE :=
VBOX_WITH_VALIDATIONKIT :=
VBOX_WITH_DOCS :=
VBOX_WITH_WARNINGS_AS_ERRORS :=
VBOX_WITH_ORIGIN :=
VBOX_PATH_APP_PRIVATE_ARCH_TOP := $out/share/virtualbox
VBOX_PATH_APP_PRIVATE_ARCH := $out/libexec/virtualbox
VBOX_PATH_SHARED_LIBS := $out/libexec/virtualbox
VBOX_WITH_RUNPATH := $out/libexec/virtualbox
VBOX_PATH_APP_PRIVATE := $out/share/virtualbox
VBOX_PATH_APP_DOCS := $out/doc
${optionalString javaBindings ''
VBOX_JAVA_HOME := ${jdk}
''}
${optionalString (!headless) ''
PATH_QT5_X11_EXTRAS_LIB := ${getLib qtx11extras}/lib
PATH_QT5_X11_EXTRAS_INC := ${getDev qtx11extras}/include
TOOL_QT5_LRC := ${getDev qttools}/bin/lrelease
''}
${optionalString enableWebService ''
# fix gsoap missing zlib include and produce errors with --as-needed
VBOX_GSOAP_CXX_LIBS := gsoapssl++ z
''}
LOCAL_CONFIG
./configure \
${optionalString headless "--build-headless"} \
${optionalString (!javaBindings) "--disable-java"} \
${optionalString (!pythonBindings) "--disable-python"} \
${optionalString (!pulseSupport) "--disable-pulse"} \
${optionalString (!enableHardening) "--disable-hardening"} \
${optionalString (!enable32bitGuests) "--disable-vmmraw"} \
${optionalString enableWebService "--enable-webservice"} \
${optionalString (open-watcom-bin != null) "--with-ow-dir=${open-watcom-bin}"} \
--disable-kmods
sed -e 's@PKG_CONFIG_PATH=.*@PKG_CONFIG_PATH=${libIDL}/lib/pkgconfig:${glib.dev}/lib/pkgconfig ${libIDL}/bin/libIDL-config-2@' \
-i AutoConfig.kmk
sed -e 's@arch/x86/@@' \
-i Config.kmk
substituteInPlace Config.kmk --replace "VBOX_WITH_TESTCASES = 1" "#"
'';
enableParallelBuilding = true;
buildPhase = ''
source env.sh
kmk -j $NIX_BUILD_CORES BUILD_TYPE="${buildType}"
'';
installPhase = ''
libexec="$out/libexec/virtualbox"
share="${if enableHardening then "$out/share/virtualbox" else "$libexec"}"
# Install VirtualBox files
mkdir -p "$libexec"
find out/linux.*/${buildType}/bin -mindepth 1 -maxdepth 1 \
-name src -o -exec cp -avt "$libexec" {} +
mkdir -p $out/bin
for file in ${optionalString (!headless) "VirtualBox VBoxSDL rdesktop-vrdp"} ${optionalString enableWebService "vboxwebsrv"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do
echo "Linking $file to /bin"
test -x "$libexec/$file"
ln -s "$libexec/$file" $out/bin/$file
done
${optionalString (extensionPack != null) ''
mkdir -p "$share"
"${fakeroot}/bin/fakeroot" "${stdenv.shell}" <<EOF
"$libexec/VBoxExtPackHelperApp" install \
--base-dir "$share/ExtensionPacks" \
--cert-dir "$share/ExtPackCertificates" \
--name "Oracle VM VirtualBox Extension Pack" \
--tarball "${extensionPack}" \
--sha-256 "${extensionPack.outputHash}"
EOF
''}
${optionalString (!headless) ''
# Create and fix desktop item
mkdir -p $out/share/applications
sed -i -e "s|Icon=VBox|Icon=$libexec/VBox.png|" $libexec/virtualbox.desktop
ln -sfv $libexec/virtualbox.desktop $out/share/applications
# Icons
mkdir -p $out/share/icons/hicolor
for size in `ls -1 $libexec/icons`; do
mkdir -p $out/share/icons/hicolor/$size/apps
ln -s $libexec/icons/$size/*.png $out/share/icons/hicolor/$size/apps
done
''}
cp -rv out/linux.*/${buildType}/bin/src "$modsrc"
'';
preFixup = optionalString (!headless) ''
wrapQtApp $out/bin/VirtualBox
''
# If hardening is disabled, wrap the VirtualBoxVM binary instead of patching
# the source code (see postPatch).
+ optionalString (!headless && !enableHardening) ''
wrapQtApp $out/libexec/virtualbox/VirtualBoxVM
'';
passthru = {
inherit version; # for guest additions
inherit extensionPack; # for inclusion in profile to prevent gc
updateScript = ./update.sh;
};
meta = {
description = "PC emulator";
license = licenses.gpl2;
homepage = "https://www.virtualbox.org/";
maintainers = with maintainers; [ sander ];
platforms = [ "x86_64-linux" ];
mainProgram = "VirtualBox";
};
}

25
pkgs/applications/virtualization/virtualbox/extpack.nix Normal file
View file

@ -0,0 +1,25 @@
{fetchurl, lib, virtualbox}:
with lib;
let
inherit (virtualbox) version;
in
fetchurl rec {
name = "Oracle_VM_VirtualBox_Extension_Pack-${version}.vbox-extpack";
url = "https://download.virtualbox.org/virtualbox/${version}/${name}";
sha256 =
# Manually sha256sum the extensionPack file, must be hex!
# Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`.
# Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS
let value = "d7856f0688b6d2ed1e8bff0b367efa952068b03fa5a3a29b46db08cfd5d9a810";
in assert (builtins.stringLength value) == 64; value;
meta = {
description = "Oracle Extension pack for VirtualBox";
license = licenses.virtualbox-puel;
homepage = "https://www.virtualbox.org/";
maintainers = with maintainers; [ sander cdepillabout ];
platforms = [ "x86_64-linux" ];
};
}

25
pkgs/applications/virtualization/virtualbox/extra_symbols.patch Normal file
View file

@ -0,0 +1,25 @@
diff --git a/src/VBox/HostDrivers/linux/Makefile b/src/VBox/HostDrivers/linux/Makefile
index 8ba33952..3b8abe60 100644
--- a/src/VBox/HostDrivers/linux/Makefile
+++ b/src/VBox/HostDrivers/linux/Makefile
@@ -99,17 +99,17 @@ install-vboxdrv:
install-vboxnetflt:
+@if [ -d vboxnetflt ]; then \
- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetflt install; \
+ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetflt/Module.symvers) -C vboxnetflt install; \
fi
install-vboxnetadp:
+@if [ -d vboxnetadp ]; then \
- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetadp install; \
+ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetadp/Module.symvers) -C vboxnetadp install; \
fi
install-vboxpci:
+@if [ -d vboxpci ]; then \
- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxpci install; \
+ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxpci/Module.symvers) -C vboxpci install; \
fi
install: install-vboxdrv install-vboxnetflt install-vboxnetadp install-vboxpci

20
pkgs/applications/virtualization/virtualbox/ffreestanding.patch Normal file
View file

@ -0,0 +1,20 @@
diff --git a/Config.kmk b/Config.kmk
index 3df197404..4c6bd76bb 100644
--- a/Config.kmk
+++ b/Config.kmk
@@ -4503,11 +4504,14 @@ ifeq ($(VBOX_LDR_FMT),elf)
TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL)
TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) \
$(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
- $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
+ $(VBOX_GCC_fno-stack-protector) -fno-common -ffreestanding $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) \
$(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
$(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) \
-fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
+ if $(VBOX_GCC_VERSION_CC) >= 40500 # 4.1.2 complains, 4.5.2 is okay, didn't check which version inbetween made it okay with g++.
+TEMPLATE_VBoxR0_CXXFLAGS += -ffreestanding
+ endif
TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
TEMPLATE_VBoxR0_CXXFLAGS.freebsd = -ffreestanding

26
pkgs/applications/virtualization/virtualbox/fix-audio-driver-loading.patch Normal file
View file

@ -0,0 +1,26 @@
diff --git a/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp b/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp
index cfcb0abbf..2ce564f6f 100644
--- a/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp
+++ b/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp
@@ -258,7 +258,7 @@ static DECLCALLBACK(int32_t) drvHostAudioAlsaLibInitOnce(void *pvUser)
LogFlowFunc(("\n"));
RTLDRMOD hMod = NIL_RTLDRMOD;
- int rc = RTLdrLoadSystemEx(VBOX_ALSA_LIB, RTLDRLOAD_FLAGS_NO_UNLOAD, &hMod);
+ int rc = RTLdrLoad(VBOX_ALSA_LIB, &hMod);
if (RT_SUCCESS(rc))
{
for (uintptr_t i = 0; i < RT_ELEMENTS(SharedFuncs); i++)
diff --git a/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp b/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp
index a17fc93f9..148f5c39a 100644
--- a/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp
+++ b/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp
@@ -332,7 +332,7 @@ static DECLCALLBACK(int32_t) drvHostAudioPulseLibInitOnce(void *pvUser)
LogFlowFunc(("\n"));
RTLDRMOD hMod = NIL_RTLDRMOD;
- int rc = RTLdrLoadSystemEx(VBOX_PULSE_LIB, RTLDRLOAD_FLAGS_NO_UNLOAD, &hMod);
+ int rc = RTLdrLoad(VBOX_PULSE_LIB, &hMod);
if (RT_SUCCESS(rc))
{
for (unsigned i = 0; i < RT_ELEMENTS(g_aImportedFunctions); i++)

11
pkgs/applications/virtualization/virtualbox/fix-configure-pkgconfig-qt.patch Normal file
View file

@ -0,0 +1,11 @@
Index: /trunk/configure
===================================================================
--- a/configure (revision 90360)
+++ b/configure (revision 90377)
@@ -1588,5 +1588,5 @@
if [ $? -eq 0 ]; then
echo "(Qt5 from pkg-config)" >> $LOG
- FLGQT5=`pkg-config Qt5Core Qt5Gui --cflags`
+ FLGQT5=`pkg-config Qt5Core --cflags`
# gcc 4.8 is able to compile with C++11 (see also VBOX_GCC_std in Config.kmk)
[ $(($cc_maj * 100 + $cc_min)) -ge 408 ] && FLGQT5="$FLGQT5 -std=c++11"

163
pkgs/applications/virtualization/virtualbox/guest-additions/default.nix Normal file
View file

@ -0,0 +1,163 @@
{ stdenv, fetchurl, lib, patchelf, cdrkit, kernel, which, makeWrapper
, zlib, xorg, dbus, virtualbox}:
let
version = virtualbox.version;
xserverVListFunc = builtins.elemAt (lib.splitVersion xorg.xorgserver.version);
# Forced to 1.18; vboxvideo doesn't seem to provide any newer ABI,
# and nixpkgs doesn't support older ABIs anymore.
xserverABI = "118";
# Specifies how to patch binaries to make sure that libraries loaded using
# dlopen are found. We grep binaries for specific library names and patch
# RUNPATH in matching binaries to contain the needed library paths.
dlopenLibs = [
{ name = "libdbus-1.so"; pkg = dbus; }
{ name = "libXfixes.so"; pkg = xorg.libXfixes; }
{ name = "libXrandr.so"; pkg = xorg.libXrandr; }
];
in stdenv.mkDerivation rec {
name = "VirtualBox-GuestAdditions-${version}-${kernel.version}";
src = fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso";
sha256 = "88f86fa0e6970b6a7c80d714b7a91a8c425ff8ef53a3e73fc80781191a87257b";
};
KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include";
hardeningDisable = [ "pic" ];
NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration";
nativeBuildInputs = [ patchelf makeWrapper ];
buildInputs = [ cdrkit ] ++ kernel.moduleBuildDependencies;
prePatch = ''
substituteInPlace src/vboxguest-${version}/vboxvideo/vbox_ttm.c \
--replace "<ttm/" "<drm/ttm/"
'';
patchFlags = [ "-p1" "-d" "src/vboxguest-${version}" ];
unpackPhase = ''
${if stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux" then ''
isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run
chmod 755 ./VBoxLinuxAdditions.run
# An overflow leads the is-there-enough-space check to fail when there's too much space available, so fake how much space there is
sed -i 's/\$leftspace/16383/' VBoxLinuxAdditions.run
./VBoxLinuxAdditions.run --noexec --keep
''
else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions")
}
# Unpack files
cd install
${if stdenv.hostPlatform.system == "i686-linux" then ''
tar xfvj VBoxGuestAdditions-x86.tar.bz2
''
else if stdenv.hostPlatform.system == "x86_64-linux" then ''
tar xfvj VBoxGuestAdditions-amd64.tar.bz2
''
else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions")
}
'';
buildPhase = ''
# Build kernel modules.
cd src
find . -type f | xargs sed 's/depmod -a/true/' -i
cd vboxguest-${version}
# Run just make first. If we only did make install, we get symbol warnings during build.
make
cd ../..
# Change the interpreter for various binaries
for i in sbin/VBoxService bin/{VBoxClient,VBoxControl} other/mount.vboxsf; do
patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} $i
patchelf --set-rpath ${lib.makeLibraryPath [ stdenv.cc.cc stdenv.cc.libc zlib
xorg.libX11 xorg.libXt xorg.libXext xorg.libXmu xorg.libXfixes xorg.libXrandr xorg.libXcursor ]} $i
done
for i in lib/VBoxOGL*.so
do
patchelf --set-rpath ${lib.makeLibraryPath [ "$out"
xorg.libXcomposite xorg.libXdamage xorg.libXext xorg.libXfixes ]} $i
done
# FIXME: Virtualbox 4.3.22 moved VBoxClient-all (required by Guest Additions
# NixOS module) to 98vboxadd-xclient. For now, just work around it:
mv other/98vboxadd-xclient bin/VBoxClient-all
# Remove references to /usr from various scripts and files
sed -i -e "s|/usr/bin|$out/bin|" other/vboxclient.desktop
sed -i -e "s|/usr/bin|$out/bin|" bin/VBoxClient-all
'';
installPhase = ''
# Install kernel modules.
cd src/vboxguest-${version}
make install INSTALL_MOD_PATH=$out KBUILD_EXTRA_SYMBOLS=$PWD/vboxsf/Module.symvers
cd ../..
# Install binaries
install -D -m 755 other/mount.vboxsf $out/bin/mount.vboxsf
install -D -m 755 sbin/VBoxService $out/bin/VBoxService
mkdir -p $out/bin
install -m 755 bin/VBoxClient $out/bin
install -m 755 bin/VBoxControl $out/bin
install -m 755 bin/VBoxClient-all $out/bin
wrapProgram $out/bin/VBoxClient-all \
--prefix PATH : "${which}/bin"
# Don't install VBoxOGL for now
# It seems to be broken upstream too, and fixing it is far down the priority list:
# https://www.virtualbox.org/pipermail/vbox-dev/2017-June/014561.html
# Additionally, 3d support seems to rely on VBoxOGL.so being symlinked from
# libGL.so (which we can't), and Oracle doesn't plan on supporting libglvnd
# either. (#18457)
## Install OpenGL libraries
#mkdir -p $out/lib
#cp -v lib/VBoxOGL*.so $out/lib
#mkdir -p $out/lib/dri
#ln -s $out/lib/VBoxOGL.so $out/lib/dri/vboxvideo_dri.so
# Install desktop file
mkdir -p $out/share/autostart
cp -v other/vboxclient.desktop $out/share/autostart
# Install Xorg drivers
mkdir -p $out/lib/xorg/modules/{drivers,input}
install -m 644 other/vboxvideo_drv_${xserverABI}.so $out/lib/xorg/modules/drivers/vboxvideo_drv.so
'';
# Stripping breaks these binaries for some reason.
dontStrip = true;
# Patch RUNPATH according to dlopenLibs (see the comment there).
postFixup = lib.concatMapStrings (library: ''
for i in $(grep -F ${lib.escapeShellArg library.name} -l -r $out/{lib,bin}); do
origRpath=$(patchelf --print-rpath "$i")
patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ library.pkg ]}" "$i"
done
'') dlopenLibs;
meta = {
description = "Guest additions for VirtualBox";
longDescription = ''
Various add-ons which makes NixOS work better as guest OS inside VirtualBox.
This add-on provides support for dynamic resizing of the X Display, shared
host/guest clipboard support and guest OpenGL support.
'';
license = "GPL";
maintainers = [ lib.maintainers.sander ];
platforms = lib.platforms.linux;
broken = kernel.kernelAtLeast "5.17";
};
}

Some files were not shown because too many files have changed in this diff Show more