ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

284
pkgs/applications/virtualization/OVMF/default.nix Normal file
View File

@@ -0,0 +1,284 @@
{
stdenv,
nixosTests,
lib,
edk2,
util-linux,
nasm,
acpica-tools,
llvmPackages,
fetchFromGitLab,
python3,
pexpect,
xorriso,
qemu,
dosfstools,
mtools,
fdSize2MB ? false,
fdSize4MB ? secureBoot,
secureBoot ? false,
systemManagementModeRequired ? secureBoot && stdenv.hostPlatform.isx86,
# Whether to create an nvram variables template
# which includes the MSFT secure boot keys
msVarsTemplate ? false,
# When creating the nvram variables template with
# the MSFT keys, we also must provide a certificate
# to use as the PK and first KEK for the keystore.
#
# By default, we use Debian's cert. This default
# should change to a NixOS cert once we have our
# own secure boot signing infrastructure.
#
# Ignored if msVarsTemplate is false.
vendorPkKek ? "$NIX_BUILD_TOP/debian/PkKek-1-Debian.pem",
httpSupport ? false,
tpmSupport ? false,
tlsSupport ? false,
debug ? false,
# Usually, this option is broken, do not use it except if you know what you are
# doing.
sourceDebug ? false,
projectDscPath ?
{
i686 = "OvmfPkg/OvmfPkgIa32.dsc";
x86_64 = "OvmfPkg/OvmfPkgX64.dsc";
aarch64 = "ArmVirtPkg/ArmVirtQemu.dsc";
riscv64 = "OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc";
loongarch64 = "OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc";
}
.${stdenv.hostPlatform.parsed.cpu.name}
or (throw "Unsupported OVMF `projectDscPath` on ${stdenv.hostPlatform.parsed.cpu.name}"),
fwPrefix ?
{
i686 = "OVMF";
x86_64 = "OVMF";
aarch64 = "AAVMF";
riscv64 = "RISCV_VIRT";
loongarch64 = "LOONGARCH_VIRT";
}
.${stdenv.hostPlatform.parsed.cpu.name}
or (throw "Unsupported OVMF `fwPrefix` on ${stdenv.hostPlatform.parsed.cpu.name}"),
metaPlatforms ? edk2.meta.platforms,
}:
let
platformSpecific = {
i686.msVarsArgs = {
flavor = "OVMF";
archDir = "Ia32";
};
x86_64.msVarsArgs = {
flavor = "OVMF_4M";
archDir = "X64";
};
aarch64.msVarsArgs = {
flavor = "AAVMF";
archDir = "AARCH64";
};
};
cpuName = stdenv.hostPlatform.parsed.cpu.name;
inherit (platformSpecific.${cpuName}) msVarsArgs;
version = lib.getVersion edk2;
OvmfPkKek1AppPrefix = "4e32566d-8e9e-4f52-81d3-5bb9715f9727";
debian-edk-src = fetchFromGitLab {
domain = "salsa.debian.org";
owner = "qemu-team";
repo = "edk2";
nonConeMode = true;
sparseCheckout = [
"debian/edk2-vars-generator.py"
"debian/python"
"debian/PkKek-1-*.pem"
"debian/patches/OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch"
];
rev = "refs/tags/debian/2025.02-8";
hash = "sha256-n/6T5UBwW8U49mYhITRZRgy2tNdipeU4ZgGGDu9OTkg=";
};
buildPrefix = "Build/*/*";
in
assert msVarsTemplate -> fdSize4MB;
assert msVarsTemplate -> platformSpecific ? ${cpuName};
assert msVarsTemplate -> platformSpecific.${cpuName} ? msVarsArgs;
edk2.mkDerivation projectDscPath (finalAttrs: {
pname = "OVMF";
inherit version;
outputs = [
"out"
"fd"
];
nativeBuildInputs = [
util-linux
nasm
acpica-tools
]
++ lib.optionals stdenv.cc.isClang [
llvmPackages.bintools
llvmPackages.llvm
]
++ lib.optionals msVarsTemplate [
python3
pexpect
xorriso
qemu
dosfstools
mtools
];
strictDeps = true;
hardeningDisable = [
"format"
"stackprotector"
"pic"
"fortify"
];
buildFlags =
# IPv6 has no reason to be disabled.
[ "-D NETWORK_IP6_ENABLE=TRUE" ]
++ lib.optionals debug [ "-D DEBUG_ON_SERIAL_PORT=TRUE" ]
++ lib.optionals sourceDebug [ "-D SOURCE_DEBUG_ENABLE=TRUE" ]
++ lib.optionals secureBoot [ "-D SECURE_BOOT_ENABLE=TRUE" ]
++ lib.optionals systemManagementModeRequired [ "-D SMM_REQUIRE=TRUE" ]
++ lib.optionals fdSize2MB [ "-D FD_SIZE_2MB" ]
++ lib.optionals fdSize4MB [ "-D FD_SIZE_4MB" ]
++ lib.optionals httpSupport [
"-D NETWORK_HTTP_ENABLE=TRUE"
"-D NETWORK_HTTP_BOOT_ENABLE=TRUE"
]
++ lib.optionals tlsSupport [ "-D NETWORK_TLS_ENABLE=TRUE" ]
++ lib.optionals tpmSupport [
"-D TPM_ENABLE"
"-D TPM2_ENABLE"
"-D TPM2_CONFIG_ENABLE"
];
buildConfig = if debug then "DEBUG" else "RELEASE";
env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Qunused-arguments";
env.PYTHON_COMMAND = "python3";
postUnpack = lib.optionalDrvAttr msVarsTemplate ''
ln -s ${debian-edk-src}/debian
'';
patches = [
(debian-edk-src + "/debian/patches/OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch")
];
postConfigure = lib.optionalDrvAttr msVarsTemplate ''
tr -d '\n' < ${vendorPkKek} | sed \
-e 's/.*-----BEGIN CERTIFICATE-----/${OvmfPkKek1AppPrefix}:/' \
-e 's/-----END CERTIFICATE-----//' > vendor-cert-string
export PYTHONPATH=$NIX_BUILD_TOP/debian/python:$PYTHONPATH
'';
postBuild =
lib.optionalString (stdenv.hostPlatform.isAarch || stdenv.hostPlatform.isLoongArch64) ''
(
cd ${buildPrefix}/FV
cp QEMU_EFI.fd ${fwPrefix}_CODE.fd
cp QEMU_VARS.fd ${fwPrefix}_VARS.fd
)
''
+ lib.optionalString stdenv.hostPlatform.isAarch ''
# QEMU expects 64MiB CODE and VARS files on ARM/AARCH64 architectures
# Truncate the firmware files to the expected size
truncate -s 64M ${buildPrefix}/FV/${fwPrefix}_CODE.fd
truncate -s 64M ${buildPrefix}/FV/${fwPrefix}_VARS.fd
''
+ lib.optionalString stdenv.hostPlatform.isRiscV ''
truncate -s 32M ${buildPrefix}/FV/${fwPrefix}_CODE.fd
truncate -s 32M ${buildPrefix}/FV/${fwPrefix}_VARS.fd
''
+ lib.optionalString msVarsTemplate ''
(
cd ${buildPrefix}
# locale must be set on Darwin for invocations of mtools to work correctly
LC_ALL=C python3 $NIX_BUILD_TOP/debian/edk2-vars-generator.py \
--flavor ${msVarsArgs.flavor} \
--enrolldefaultkeys ${msVarsArgs.archDir}/EnrollDefaultKeys.efi \
--shell ${msVarsArgs.archDir}/Shell.efi \
--code FV/${fwPrefix}_CODE.fd \
--vars-template FV/${fwPrefix}_VARS.fd \
--certificate `< $NIX_BUILD_TOP/$sourceRoot/vendor-cert-string` \
--out-file FV/${fwPrefix}_VARS.ms.fd
)
'';
# TODO: Usage of -bios OVMF.fd is discouraged: https://lists.katacontainers.io/pipermail/kata-dev/2021-January/001650.html
# We should remove the isx86-specific block here once we're ready to update nixpkgs to stop using that and update the
# release notes accordingly.
postInstall = ''
mkdir -vp $fd/FV
''
+
lib.optionalString
(builtins.elem fwPrefix [
"OVMF"
"AAVMF"
"RISCV_VIRT"
"LOONGARCH_VIRT"
])
''
mv -v $out/FV/${fwPrefix}_{CODE,VARS}.fd $fd/FV
''
+ lib.optionalString stdenv.hostPlatform.isx86 ''
mv -v $out/FV/${fwPrefix}.fd $fd/FV
''
+ lib.optionalString msVarsTemplate ''
mv -v $out/FV/${fwPrefix}_VARS.ms.fd $fd/FV
ln -sv $fd/FV/${fwPrefix}_CODE{,.ms}.fd
''
+ lib.optionalString stdenv.hostPlatform.isAarch ''
mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV
# Add symlinks for Fedora dir layout: https://src.fedoraproject.org/rpms/edk2/blob/main/f/edk2.spec
mkdir -vp $fd/AAVMF
ln -s $fd/FV/AAVMF_CODE.fd $fd/AAVMF/QEMU_EFI-pflash.raw
ln -s $fd/FV/AAVMF_VARS.fd $fd/AAVMF/vars-template-pflash.raw
'';
dontPatchELF = true;
passthru =
let
prefix = "${finalAttrs.finalPackage.fd}/FV/${fwPrefix}";
in
{
mergedFirmware = "${prefix}.fd";
firmware = "${prefix}_CODE.fd";
variables = "${prefix}_VARS.fd";
variablesMs =
assert msVarsTemplate;
"${prefix}_VARS.ms.fd";
# This will test the EFI firmware for the host platform as part of the NixOS Tests setup.
tests.basic-systemd-boot = nixosTests.systemd-boot.basic;
tests.secureBoot-systemd-boot = nixosTests.systemd-boot.secureBoot;
inherit secureBoot systemManagementModeRequired;
};
meta = {
description = "Sample UEFI firmware for QEMU and KVM";
homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF";
license = lib.licenses.bsd2;
platforms = metaPlatforms;
maintainers = with lib.maintainers; [
adamcstephens
raitobezarius
mjoerg
sigmasquadron
];
broken = stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64;
};
})

90
pkgs/applications/virtualization/cri-o/default.nix Normal file
View File

@@ -0,0 +1,90 @@
{
lib,
btrfs-progs,
buildGoModule,
fetchFromGitHub,
glibc,
gpgme,
installShellFiles,
libapparmor,
libseccomp,
libselinux,
lvm2,
pkg-config,
nixosTests,
go-md2man,
}:
buildGoModule rec {
pname = "cri-o";
version = "1.34.0";
src = fetchFromGitHub {
owner = "cri-o";
repo = "cri-o";
rev = "v${version}";
hash = "sha256-mYrr5yB53ennddPjRxQPig9iqVRRO1h0UXZ/VZeEQ98=";
};
vendorHash = null;
doCheck = false;
outputs = [
"out"
"man"
];
nativeBuildInputs = [
installShellFiles
go-md2man
pkg-config
];
buildInputs = [
btrfs-progs
gpgme
libapparmor
libseccomp
libselinux
lvm2
]
++ lib.optionals (glibc != null) [
glibc
glibc.static
];
BUILDTAGS = "apparmor seccomp selinux containers_image_openpgp containers_image_ostree_stub";
buildPhase = ''
runHook preBuild
sed -i 's;\thack/;\tbash ./hack/;g' Makefile
make binaries docs BUILDTAGS="$BUILDTAGS"
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm755 bin/* -t $out/bin
for shell in bash fish zsh; do
installShellCompletion --$shell completions/$shell/*
done
install contrib/cni/*.conflist -Dt $out/etc/cni/net.d
install crictl.yaml -Dt $out/etc
installManPage docs/*.[1-9]
runHook postInstall
'';
passthru.tests = { inherit (nixosTests) cri-o; };
meta = with lib; {
homepage = "https://cri-o.io";
description = ''
Open Container Initiative-based implementation of the
Kubernetes Container Runtime Interface
'';
license = licenses.asl20;
teams = [ teams.podman ];
platforms = platforms.linux;
};
}

59
pkgs/applications/virtualization/cri-o/wrapper.nix Normal file
View File

@@ -0,0 +1,59 @@
{
cri-o-unwrapped,
runCommand,
makeWrapper,
lib,
extraPackages ? [ ],
runc, # Default container runtime
conntrack-tools,
crun, # Container runtime (default with cgroups v2 for podman/buildah)
conmon, # Container runtime monitor
util-linux, # nsenter
iptables,
}:
let
binPath = lib.makeBinPath (
[
runc
conntrack-tools
crun
conmon
util-linux
iptables
]
++ extraPackages
);
in
runCommand cri-o-unwrapped.name
{
name = "${cri-o-unwrapped.pname}-wrapper-${cri-o-unwrapped.version}";
inherit (cri-o-unwrapped) pname version passthru;
preferLocalBuild = true;
meta = removeAttrs cri-o-unwrapped.meta [ "outputsToInstall" ];
outputs = [
"out"
"man"
];
nativeBuildInputs = [
makeWrapper
];
}
''
ln -s ${cri-o-unwrapped.man} $man
mkdir -p $out/bin
ln -s ${cri-o-unwrapped}/etc $out/etc
ln -s ${cri-o-unwrapped}/share $out/share
for p in ${cri-o-unwrapped}/bin/*; do
makeWrapper $p $out/bin/''${p##*/} \
--prefix PATH : ${binPath}
done
''

48
pkgs/applications/virtualization/docker/buildx.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "docker-buildx";
version = "0.29.0";
src = fetchFromGitHub {
owner = "docker";
repo = "buildx";
rev = "v${version}";
hash = "sha256-HGhwO0bILHbRyk6YjzI+v6wiIANvTkIRR+SkL4mxv0w=";
};
doCheck = false;
vendorHash = null;
ldflags = [
"-w"
"-s"
"-X github.com/docker/buildx/version.Package=github.com/docker/buildx"
"-X github.com/docker/buildx/version.Version=v${version}"
];
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/buildx $out/libexec/docker/cli-plugins/docker-buildx
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-buildx $out/bin/docker-buildx
runHook postInstall
'';
meta = with lib; {
description = "Docker CLI plugin for extended build capabilities with BuildKit";
mainProgram = "docker-buildx";
homepage = "https://github.com/docker/buildx";
license = licenses.asl20;
maintainers = with maintainers; [
ivan-babrou
developer-guy
];
};
}

48
pkgs/applications/virtualization/docker/compose.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "docker-compose";
version = "2.39.4";
src = fetchFromGitHub {
owner = "docker";
repo = "compose";
rev = "v${version}";
hash = "sha256-NDNyXK4E7TkviESHLp8M+OI56ME0Hatoi9eWjX+G1zo=";
};
postPatch = ''
# entirely separate package that breaks the build
rm -rf pkg/e2e/
'';
vendorHash = "sha256-Uqzul9BiXHAJ1BxlOtRS68Tg71SDva6kg3tv7c6ar2E=";
ldflags = [
"-X github.com/docker/compose/v2/internal.Version=${version}"
"-s"
"-w"
];
doCheck = false;
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/cmd $out/libexec/docker/cli-plugins/docker-compose
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-compose $out/bin/docker-compose
runHook postInstall
'';
meta = with lib; {
description = "Docker CLI plugin to define and run multi-container applications with Docker";
mainProgram = "docker-compose";
homepage = "https://github.com/docker/compose";
license = licenses.asl20;
maintainers = [ ];
};
}

426
pkgs/applications/virtualization/docker/default.nix Normal file
View File

@@ -0,0 +1,426 @@
{ lib, callPackage }:
let
dockerGen =
{
version,
cliRev,
cliHash,
mobyRev,
mobyHash,
runcRev,
runcHash,
containerdRev,
containerdHash,
tiniRev,
tiniHash,
buildxSupport ? true,
composeSupport ? true,
sbomSupport ? false,
initSupport ? false,
# package dependencies
stdenv,
fetchFromGitHub,
buildGoModule,
makeBinaryWrapper,
installShellFiles,
pkg-config,
glibc,
go-md2man,
go,
containerd,
runc,
tini,
libtool,
sqlite,
iproute2,
docker-buildx,
docker-compose,
docker-sbom,
docker-init,
iptables,
e2fsprogs,
xz,
util-linuxMinimal,
xfsprogs,
gitMinimal,
procps,
rootlesskit,
slirp4netns,
fuse-overlayfs,
nixosTests,
clientOnly ? !stdenv.hostPlatform.isLinux,
symlinkJoin,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
systemd,
withBtrfs ? stdenv.hostPlatform.isLinux,
btrfs-progs,
withLvm ? stdenv.hostPlatform.isLinux,
lvm2,
withSeccomp ? stdenv.hostPlatform.isLinux,
libseccomp,
knownVulnerabilities ? [ ],
versionCheckHook,
}:
let
docker-meta = {
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
offline
vdemeester
periklis
teutat3s
];
};
docker-runc = runc.overrideAttrs {
pname = "docker-runc";
inherit version;
src = fetchFromGitHub {
owner = "opencontainers";
repo = "runc";
tag = runcRev;
hash = runcHash;
};
preBuild = ''
substituteInPlace Makefile --replace-warn "/bin/bash" "${stdenv.shell}"
'';
# docker/runc already include these patches / are not applicable
patches = [ ];
};
docker-containerd = containerd.overrideAttrs (oldAttrs: {
pname = "docker-containerd";
inherit version;
# We only need binaries
outputs = [ "out" ];
src = fetchFromGitHub {
owner = "containerd";
repo = "containerd";
tag = containerdRev;
hash = containerdHash;
};
buildInputs = oldAttrs.buildInputs ++ lib.optionals withSeccomp [ libseccomp ];
# See above
installTargets = "install";
});
docker-tini = tini.overrideAttrs {
pname = "docker-tini";
inherit version;
src = fetchFromGitHub {
owner = "krallin";
repo = "tini";
rev = tiniRev;
hash = tiniHash;
};
# Do not remove static from make files as we want a static binary
postPatch = "";
buildInputs = [
glibc
glibc.static
];
env.NIX_CFLAGS_COMPILE = "-DMINIMAL=ON";
};
moby-src = fetchFromGitHub {
owner = "moby";
repo = "moby";
tag = mobyRev;
hash = mobyHash;
};
moby = buildGoModule (
lib.optionalAttrs stdenv.hostPlatform.isLinux {
pname = "moby";
inherit version;
src = moby-src;
vendorHash = null;
nativeBuildInputs = [
makeBinaryWrapper
pkg-config
go-md2man
go
libtool
installShellFiles
];
buildInputs = [
sqlite
]
++ lib.optionals withLvm [ lvm2 ]
++ lib.optionals withBtrfs [ btrfs-progs ]
++ lib.optionals withSystemd [ systemd ]
++ lib.optionals withSeccomp [ libseccomp ];
extraPath = lib.optionals stdenv.hostPlatform.isLinux (
lib.makeBinPath [
iproute2
iptables
e2fsprogs
xz
xfsprogs
procps
util-linuxMinimal
gitMinimal
]
);
extraUserPath = lib.optionals (stdenv.hostPlatform.isLinux && !clientOnly) (
lib.makeBinPath [
rootlesskit
slirp4netns
fuse-overlayfs
]
);
postPatch = ''
patchShebangs hack/make.sh hack/make/ hack/with-go-mod.sh
'';
buildPhase = ''
runHook preBuild
export GOCACHE="$TMPDIR/go-cache"
# build engine
export AUTO_GOPATH=1
export DOCKER_GITCOMMIT="${cliRev}"
export VERSION="${version}"
./hack/make.sh dynbinary
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm755 ./bundles/dynbinary-daemon/dockerd $out/libexec/docker/dockerd
install -Dm755 ./bundles/dynbinary-daemon/docker-proxy $out/libexec/docker/docker-proxy
makeWrapper $out/libexec/docker/dockerd $out/bin/dockerd \
--prefix PATH : "$out/libexec/docker:$extraPath"
ln -s ${docker-containerd}/bin/containerd $out/libexec/docker/containerd
ln -s ${docker-containerd}/bin/containerd-shim $out/libexec/docker/containerd-shim
ln -s ${docker-runc}/bin/runc $out/libexec/docker/runc
ln -s ${docker-tini}/bin/tini-static $out/libexec/docker/docker-init
# systemd
install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service
substituteInPlace $out/etc/systemd/system/docker.service --replace-fail /usr/bin/dockerd $out/bin/dockerd
install -Dm644 ./contrib/init/systemd/docker.socket $out/etc/systemd/system/docker.socket
# rootless Docker
install -Dm755 ./contrib/dockerd-rootless.sh $out/libexec/docker/dockerd-rootless.sh
makeWrapper $out/libexec/docker/dockerd-rootless.sh $out/bin/dockerd-rootless \
--prefix PATH : "$out/libexec/docker:$extraPath:$extraUserPath"
runHook postInstall
'';
env.DOCKER_BUILDTAGS = toString (
lib.optionals withSystemd [ "journald" ]
++ lib.optionals (!withBtrfs) [ "exclude_graphdriver_btrfs" ]
++ lib.optionals (!withLvm) [ "exclude_graphdriver_devicemapper" ]
++ lib.optionals withSeccomp [ "seccomp" ]
);
meta = docker-meta // {
homepage = "https://mobyproject.org/";
description = "Collaborative project for the container ecosystem to assemble container-based systems";
};
}
);
plugins =
lib.optionals buildxSupport [ docker-buildx ]
++ lib.optionals composeSupport [ docker-compose ]
++ lib.optionals sbomSupport [ docker-sbom ]
++ lib.optionals initSupport [ docker-init ];
pluginsRef = symlinkJoin {
name = "docker-plugins";
paths = plugins;
};
in
buildGoModule (
{
pname = "docker";
inherit version;
src = fetchFromGitHub {
owner = "docker";
repo = "cli";
# Cannot use `tag` since upstream forgot to tag release, see
# https://github.com/docker/cli/issues/5789
rev = cliRev;
hash = cliHash;
};
vendorHash = null;
nativeBuildInputs = [
makeBinaryWrapper
pkg-config
go-md2man
go
libtool
installShellFiles
];
buildInputs =
plugins
++ lib.optionals (stdenv.hostPlatform.isLinux) [
glibc
glibc.static
];
postPatch = ''
patchShebangs man scripts/build/
substituteInPlace ./scripts/build/.variables --replace-fail "set -eu" ""
''
+ lib.optionalString (plugins != [ ]) ''
substituteInPlace ./cli-plugins/manager/manager_unix.go --replace-fail /usr/libexec/docker/cli-plugins \
"${pluginsRef}/libexec/docker/cli-plugins"
'';
# Keep eyes on BUILDTIME format - https://github.com/docker/cli/blob/${version}/scripts/build/.variables
buildPhase = ''
runHook preBuild
export GOCACHE="$TMPDIR/go-cache"
# Mimic AUTO_GOPATH
mkdir -p .gopath/src/github.com/docker/
ln -sf $PWD .gopath/src/github.com/docker/cli
export GOPATH="$PWD/.gopath:$GOPATH"
export GITCOMMIT="${cliRev}"
export VERSION="${version}"
export BUILDTIME="1970-01-01T00:00:00Z"
make dynbinary
runHook postBuild
'';
outputs = [ "out" ];
installPhase = ''
runHook preInstall
install -Dm755 ./build/docker $out/libexec/docker/docker
makeWrapper $out/libexec/docker/docker $out/bin/docker \
--prefix PATH : "$out/libexec/docker:$extraPath"
''
+ lib.optionalString (!clientOnly) ''
# symlink docker daemon to docker cli derivation
ln -s ${moby}/bin/dockerd $out/bin/dockerd
ln -s ${moby}/bin/dockerd-rootless $out/bin/dockerd-rootless
# systemd
mkdir -p $out/etc/systemd/system
ln -s ${moby}/etc/systemd/system/docker.service $out/etc/systemd/system/docker.service
ln -s ${moby}/etc/systemd/system/docker.socket $out/etc/systemd/system/docker.socket
''
# Required to avoid breaking cross builds
+ lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
# completion (cli)
installShellCompletion --cmd docker \
--bash <($out/bin/docker completion bash) \
--fish <($out/bin/docker completion fish) \
--zsh <($out/bin/docker completion zsh)
''
+ ''
runHook postInstall
'';
doInstallCheck = true;
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "--version";
passthru = {
# Exposed for tarsum build on non-linux systems (build-support/docker/default.nix)
inherit moby-src;
tests = lib.optionalAttrs (!clientOnly) { inherit (nixosTests) docker; };
};
meta = docker-meta // {
homepage = "https://www.docker.com/";
description = "Open source project to pack, ship and run any application as a lightweight container";
longDescription = ''
Docker is a platform designed to help developers build, share, and run modern applications.
To enable the docker daemon on NixOS, set the `virtualisation.docker.enable` option to `true`.
'';
mainProgram = "docker";
inherit knownVulnerabilities;
};
}
// lib.optionalAttrs (!clientOnly) {
# allow overrides of docker components
# TODO: move packages out of the let...in into top-level to allow proper overrides
inherit
docker-runc
docker-containerd
docker-tini
moby
;
}
);
in
{
# Get revisions from
# https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/*
docker_25 =
let
version = "25.0.13";
in
callPackage dockerGen {
inherit version;
# Upstream forgot to tag release
# https://github.com/docker/cli/issues/5789
cliRev = "43987fca488a535d810c429f75743d8c7b63bf4f";
cliHash = "sha256-OwufdfuUPbPtgqfPeiKrQVkOOacU2g4ommHb770gV40=";
mobyRev = "v${version}";
mobyHash = "sha256-X+1QG/toJt+VNLktR5vun8sG3PRoTVBAcekFXxocJdU=";
runcRev = "v1.2.5";
runcHash = "sha256-J/QmOZxYnMPpzm87HhPTkYdt+fN+yeSUu2sv6aUeTY4=";
containerdRev = "v1.7.27";
containerdHash = "sha256-H94EHnfW2Z59KcHcbfJn+BipyZiNUvHe50G5EXbrIps=";
tiniRev = "369448a167e8b3da4ca5bca0b3307500c3371828";
tiniHash = "sha256-jCBNfoJAjmcTJBx08kHs+FmbaU82CbQcf0IVjd56Nuw=";
};
docker_28 =
let
version = "28.4.0";
in
callPackage dockerGen {
inherit version;
cliRev = "v${version}";
cliHash = "sha256-SgePAc+GvjZgymu7VA2whwIFEYAfMVUz9G0ppxeOi7M=";
mobyRev = "v${version}";
mobyHash = "sha256-hiuwdemnjhi/622xGcevG4rTC7C+DyUijE585a9APSM=";
runcRev = "v1.3.0";
runcHash = "sha256-oXoDio3l23Z6UyAhb9oDMo1O4TLBbFyLh9sRWXnfLVY=";
containerdRev = "v1.7.28";
containerdHash = "sha256-vz7RFJkFkMk2gp7bIMx1kbkDFUMS9s0iH0VoyD9A21s=";
tiniRev = "369448a167e8b3da4ca5bca0b3307500c3371828";
tiniHash = "sha256-jCBNfoJAjmcTJBx08kHs+FmbaU82CbQcf0IVjd56Nuw=";
};
}

51
pkgs/applications/virtualization/docker/gc.nix Normal file
View File

@@ -0,0 +1,51 @@
{
stdenv,
lib,
fetchFromGitHub,
makeWrapper,
docker,
coreutils,
procps,
gnused,
findutils,
gnugrep,
}:
stdenv.mkDerivation {
pname = "docker-gc";
version = "unstable-2015-10-5";
src = fetchFromGitHub {
owner = "spotify";
repo = "docker-gc";
rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc";
sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp docker-gc $out/bin
chmod +x $out/bin/docker-gc
wrapProgram $out/bin/docker-gc \
--prefix PATH : "${
lib.makeBinPath [
docker
coreutils
procps
gnused
findutils
gnugrep
]
}"
'';
meta = with lib; {
description = "Docker garbage collection of containers and images";
mainProgram = "docker-gc";
license = licenses.asl20;
homepage = "https://github.com/spotify/docker-gc";
maintainers = with maintainers; [ offline ];
platforms = docker.meta.platforms;
};
}

28
pkgs/applications/virtualization/docker/sbom-disable-tests.patch Normal file
View File

@@ -0,0 +1,28 @@
diff --git a/test/cli/all_formats_expressible_test.go b/test/cli/all_formats_expressible_test.go
index 3f40a46..5ba04e8 100644
--- a/test/cli/all_formats_expressible_test.go
+++ b/test/cli/all_formats_expressible_test.go
@@ -8,7 +8,8 @@ import (
"github.com/anchore/syft/syft"
)
-func TestAllFormatsExpressible(t *testing.T) {
+// Disabled because it needs a running docker daemon
+func disabledTestAllFormatsExpressible(t *testing.T) {
commonAssertions := []traitAssertion{
func(tb testing.TB, stdout, _ string, _ int) {
tb.Helper()
diff --git a/test/cli/sbom_cmd_test.go b/test/cli/sbom_cmd_test.go
index 0a0771c..a086c3b 100644
--- a/test/cli/sbom_cmd_test.go
+++ b/test/cli/sbom_cmd_test.go
@@ -8,7 +8,8 @@ import (
"github.com/docker/sbom-cli-plugin/internal"
)
-func TestSBOMCmdFlags(t *testing.T) {
+// Disabled because it needs a running docker daemon
+func disabledTestSBOMCmdFlags(t *testing.T) {
hiddenPackagesImage := getFixtureImage(t, "image-hidden-packages")
coverageImage := getFixtureImage(t, "image-pkg-coverage")
tmp := t.TempDir() + "/"

45
pkgs/applications/virtualization/docker/sbom.nix Normal file
View File

@@ -0,0 +1,45 @@
{
buildGoModule,
fetchFromGitHub,
docker,
lib,
}:
buildGoModule rec {
pname = "docker-sbom";
version = "0.6.1";
src = fetchFromGitHub {
owner = "docker";
repo = "sbom-cli-plugin";
rev = "tags/v${version}";
hash = "sha256-i3gIogHb0oW/VDuZUo6LGBmvqs/XfMXjpvTTYeGCK7Q=";
};
patches = [
# Disable tests that require a docker daemon to be running
# in the sandbox
./sbom-disable-tests.patch
];
vendorHash = "sha256-XPPVAdY2NaasZ9bkf24VWWk3X5pjnryvsErYIWkeekc=";
nativeBuildInputs = [ docker ];
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/sbom-cli-plugin $out/libexec/docker/cli-plugins/docker-sbom
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-sbom $out/bin/docker-sbom
runHook postInstall
'';
meta = with lib; {
description = "Plugin for Docker CLI to support SBOM creation using Syft";
mainProgram = "docker-sbom";
homepage = "https://github.com/docker/sbom-cli-plugin";
license = licenses.asl20;
maintainers = with maintainers; [ raboof ];
};
}

80
pkgs/applications/virtualization/krunvm/default.nix Normal file
View File

@@ -0,0 +1,80 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
asciidoctor,
buildah,
buildah-unwrapped,
cargo,
libiconv,
libkrun,
makeWrapper,
rustc,
sigtool,
}:
stdenv.mkDerivation rec {
pname = "krunvm";
version = "0.2.4";
src = fetchFromGitHub {
owner = "containers";
repo = "krunvm";
rev = "v${version}";
hash = "sha256-YbK4DKw0nh9IO1F7QsJcbOMlHekEdeUBbDHwuQ2x1Ww=";
};
cargoDeps = rustPlatform.fetchCargoVendor {
inherit src;
hash = "sha256-TMV9xCcqBQgPsUSzsTJAi4qsplTOSm3ilaUmtmdaGnE=";
};
nativeBuildInputs = [
rustPlatform.cargoSetupHook
cargo
rustc
asciidoctor
makeWrapper
]
++ lib.optionals stdenv.hostPlatform.isDarwin [ sigtool ];
buildInputs = [
libkrun
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
libiconv
];
makeFlags = [ "PREFIX=${placeholder "out"}" ];
postPatch = ''
# do not pollute etc
substituteInPlace src/utils.rs \
--replace "etc/containers" "share/krunvm/containers"
'';
postInstall = ''
mkdir -p $out/share/krunvm/containers
install -D -m755 ${buildah-unwrapped.src}/docs/samples/registries.conf $out/share/krunvm/containers/registries.conf
install -D -m755 ${buildah-unwrapped.src}/tests/policy.json $out/share/krunvm/containers/policy.json
'';
# It attaches entitlements with codesign and strip removes those,
# voiding the entitlements and making it non-operational.
dontStrip = stdenv.hostPlatform.isDarwin;
postFixup = ''
wrapProgram $out/bin/krunvm \
--prefix PATH : ${lib.makeBinPath [ buildah ]} \
'';
meta = with lib; {
description = "CLI-based utility for creating microVMs from OCI images";
homepage = "https://github.com/containers/krunvm";
license = licenses.asl20;
maintainers = with maintainers; [ nickcao ];
platforms = libkrun.meta.platforms;
mainProgram = "krunvm";
};
}

42
pkgs/applications/virtualization/podman-compose/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{
lib,
buildPythonApplication,
fetchFromGitHub,
python-dotenv,
pyyaml,
setuptools,
pypaBuildHook,
}:
buildPythonApplication rec {
version = "1.5.0";
pname = "podman-compose";
pyproject = true;
src = fetchFromGitHub {
repo = "podman-compose";
owner = "containers";
tag = "v${version}";
hash = "sha256-AEnq0wsDHaCxefaEX4lB+pCAIKzN0oyaBNm7t7tK/yI=";
};
build-system = [
setuptools
];
dependencies = [
python-dotenv
pyyaml
];
propagatedBuildInputs = [ pypaBuildHook ];
meta = {
description = "Implementation of docker-compose with podman backend";
homepage = "https://github.com/containers/podman-compose";
license = lib.licenses.gpl2Only;
platforms = lib.platforms.unix;
maintainers = [ lib.maintainers.sikmir ];
teams = [ lib.teams.podman ];
mainProgram = "podman-compose";
};
}

50
pkgs/applications/virtualization/qboot/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
lib,
stdenv,
meson,
ninja,
fetchFromGitHub,
nixosTests,
}:
stdenv.mkDerivation {
pname = "qboot";
version = "unstable-2020-04-23";
src = fetchFromGitHub {
owner = "bonzini";
repo = "qboot";
rev = "de50b5931c08f5fba7039ddccfb249a5b3b0b18d";
sha256 = "1d0h29zz535m0pq18k3aya93q7lqm2858mlcp8mlfkbq54n8c5d8";
};
nativeBuildInputs = [
meson
ninja
];
installPhase = ''
mkdir -p $out
cp bios.bin bios.bin.elf $out/.
'';
hardeningDisable = [
"stackprotector"
"pic"
];
passthru.tests = {
qboot = nixosTests.qboot;
};
meta = {
description = "Simple x86 firmware for booting Linux";
homepage = "https://github.com/bonzini/qboot";
license = lib.licenses.gpl2;
maintainers = [ ];
platforms = [
"x86_64-linux"
"i686-linux"
];
};
}

79
pkgs/applications/virtualization/qemu/binfmt-p-wrapper.c Normal file
View File

@@ -0,0 +1,79 @@
// This is a tiny wrapper that converts the extra arv[0] argument
// from binfmt-misc with the P flag enabled to QEMU parameters.
// It also prevents LD_* environment variables from being applied
// to QEMU itself.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifndef TARGET_QEMU
#error "Define TARGET_QEMU to be the path to the qemu-user binary (e.g., -DTARGET_QEMU=\"/full/path/to/qemu-riscv64\")"
#endif
extern char **environ;
int main(int argc, char *argv[]) {
if (argc < 3) {
fprintf(stderr, "%s: This should be run as the binfmt interpreter with the P flag\n", argv[0]);
fprintf(stderr, "%s: My preconfigured qemu-user binary: %s\n", argv[0], TARGET_QEMU);
return 1;
}
size_t environ_count = 0;
for (char **cur = environ; *cur != NULL; ++cur) {
environ_count++;
}
size_t new_argc = 3;
size_t new_argv_alloc = argc + 2 * environ_count + 2; // [ "-E", env ] for each LD_* env + [ "-0", argv0 ]
char **new_argv = (char**)malloc((new_argv_alloc + 1) * sizeof(char*));
if (!new_argv) {
fprintf(stderr, "FATAL: Failed to allocate new argv array\n");
abort();
}
new_argv[0] = TARGET_QEMU;
new_argv[1] = "-0";
new_argv[2] = argv[2];
// Pass all LD_ env variables as -E and strip them in `new_environ`
size_t new_environc = 0;
char **new_environ = (char**)malloc((environ_count + 1) * sizeof(char*));
if (!new_environ) {
fprintf(stderr, "FATAL: Failed to allocate new environ array\n");
abort();
}
for (char **cur = environ; *cur != NULL; ++cur) {
if (strncmp("LD_", *cur, 3) == 0) {
new_argv[new_argc++] = "-E";
new_argv[new_argc++] = *cur;
} else {
new_environ[new_environc++] = *cur;
}
}
new_environ[new_environc] = NULL;
size_t new_arg_start = new_argc;
new_argc += argc - 3 + 2; // [ "--", full_binary_path ]
if (argc > 3) {
memcpy(&new_argv[new_arg_start + 2], &argv[3], (argc - 3) * sizeof(char**));
}
new_argv[new_arg_start] = "--";
new_argv[new_arg_start + 1] = argv[1];
new_argv[new_argc] = NULL;
#ifdef DEBUG
for (size_t i = 0; i < new_argc; ++i) {
fprintf(stderr, "argv[%zu] = %s\n", i, new_argv[i]);
}
#endif
return execve(new_argv[0], new_argv, new_environ);
}
// vim: et:ts=4:sw=4

37
pkgs/applications/virtualization/qemu/binfmt-p-wrapper.nix Normal file
View File

@@ -0,0 +1,37 @@
# binfmt preserve-argv[0] wrapper
#
# More details in binfmt-p-wrapper.c
#
# The wrapper has to be static so LD_* environment variables
# cannot affect the execution of the wrapper itself.
{
lib,
stdenv,
enableDebug ? false,
}:
name: emulator:
stdenv.mkDerivation {
inherit name;
src = ./binfmt-p-wrapper.c;
dontUnpack = true;
dontInstall = true;
buildInputs = [ stdenv.cc.libc.static or null ];
buildPhase = ''
runHook preBuild
mkdir -p $out/bin
$CC -o $out/bin/${name} -static -std=c99 -O2 \
-DTARGET_QEMU=\"${emulator}\" \
${lib.optionalString enableDebug "-DDEBUG"} \
$src
runHook postBuild
'';
}

41
pkgs/applications/virtualization/qemu/canokey-qemu-memcpy.patch Normal file
View File

@@ -0,0 +1,41 @@
From 9e59480d941c40b868ebafa5138bbc71ca87f08e Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Sat, 18 May 2024 09:55:17 +0200
Subject: [PATCH] Fix build where memcpy is a macro
I got the following compiler error with Clang 16 building for
x86_64-apple-darwin:
/tmp/nix-build-canokey-qemu-0-unstable-2023-06-06.drv-0/source/canokey-core/applets/oath/oath.c:44:50: error: too many arguments provided to function-like macro invocation
memcpy(RDATA, (uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}, 7);
^
/nix/store/vw8y07yai2pjv02s1piw3r5cyhmjbddf-Libsystem-1238.60.2/include/secure/_string.h:64:9: note: macro 'memcpy' defined here
#define memcpy(dest, src, len) \
^
/tmp/nix-build-canokey-qemu-0-unstable-2023-06-06.drv-0/source/canokey-core/applets/oath/oath.c:44:3: note: parentheses are required around macro argument containing braced initializer list
memcpy(RDATA, (uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}, 7);
^
( )
1 error generated.
Link: https://github.com/canokeys/canokey-core/pull/85
---
canokey-core/applets/oath/oath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/canokey-core/applets/oath/oath.c b/canokey-core/applets/oath/oath.c
index bd8361a..2d2c0ef 100644
--- a/canokey-core/applets/oath/oath.c
+++ b/canokey-core/applets/oath/oath.c
@@ -41,7 +41,7 @@ int oath_install(uint8_t reset) {
static int oath_select(const CAPDU *capdu, RAPDU *rapdu) {
if (P2 != 0x00) EXCEPT(SW_WRONG_P1P2);
- memcpy(RDATA, (uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}, 7);
+ memcpy(RDATA, ((uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}), 7);
if (read_attr(OATH_FILE, ATTR_HANDLE, RDATA + 7, HANDLE_LEN) < 0) return -1;
LL = 7 + HANDLE_LEN;
--
2.44.0

66
pkgs/applications/virtualization/qemu/canokey-qemu.nix Normal file
View File

@@ -0,0 +1,66 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
unstableGitUpdater,
}:
stdenv.mkDerivation rec {
pname = "canokey-qemu";
version = "0-unstable-2023-06-06";
rev = "151568c34f5e92b086b7a3a62a11c43dd39f628b";
src = fetchFromGitHub {
owner = "canokeys";
repo = "canokey-qemu";
inherit rev;
fetchSubmodules = true;
hash = "sha256-4V/2UOgGWgL+tFJO/k90bCDjWSVyIpxw3nYi9NU/OxA=";
};
patches = [
./canokey-qemu-memcpy.patch
];
postPatch = ''
substituteInPlace canokey-core/CMakeLists.txt \
--replace "COMMAND git describe --always --tags --long --abbrev=8 --dirty >>" "COMMAND echo '$rev' >>"
'';
preConfigure = ''
cmakeFlagsArray+=(
-DCMAKE_C_FLAGS=${
lib.escapeShellArg (
[
"-Wno-error=unused-but-set-parameter"
"-Wno-error=unused-but-set-variable"
]
++ lib.optionals stdenv.cc.isClang [
"-Wno-error=documentation"
]
)
}
)
'';
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
passthru.updateScript = unstableGitUpdater { };
meta = with lib; {
homepage = "https://github.com/canokeys/canokey-qemu";
description = "CanoKey QEMU Virt Card";
license = licenses.asl20;
maintainers = with maintainers; [ oxalica ];
# Uses a fouryearold patched vendored version of Mbed TLS for
# cryptography that doesnt build with CMake 4. Doesnt build with
# gurrent versions of `canokey-core`, either. No upstream
# development since 2023.
broken = true;
};
}

464
pkgs/applications/virtualization/qemu/default.nix Normal file
View File

@@ -0,0 +1,464 @@
{
lib,
stdenv,
fetchurl,
fetchpatch,
python3Packages,
zlib,
pkg-config,
glib,
buildPackages,
pixman,
vde2,
alsa-lib,
flex,
bison,
lzo,
snappy,
libaio,
libtasn1,
gnutls,
curl,
dtc,
ninja,
meson,
perl,
sigtool,
makeWrapper,
removeReferencesTo,
attr,
libcap,
libcap_ng,
socat,
libslirp,
libcbor,
apple-sdk_13,
darwinMinVersionHook,
guestAgentSupport ?
(with stdenv.hostPlatform; isLinux || isNetBSD || isOpenBSD || isSunOS || isWindows) && !minimal,
numaSupport ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAarch32 && !minimal,
numactl,
seccompSupport ? stdenv.hostPlatform.isLinux && !minimal,
libseccomp,
alsaSupport ? lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner && !minimal,
pulseSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
libpulseaudio,
pipewireSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
pipewire,
sdlSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
SDL2,
SDL2_image,
jackSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
libjack2,
gtkSupport ? !stdenv.hostPlatform.isDarwin && !xenSupport && !nixosTestRunner && !minimal,
gtk3,
gettext,
vte,
wrapGAppsHook3,
vncSupport ? !nixosTestRunner && !minimal,
libjpeg,
libpng,
smartcardSupport ? !nixosTestRunner && !minimal,
libcacard,
spiceSupport ? true && !nixosTestRunner && !minimal,
spice,
spice-protocol,
ncursesSupport ? !nixosTestRunner && !minimal,
ncurses,
usbredirSupport ? spiceSupport,
usbredir,
xenSupport ? false,
xen,
cephSupport ? false,
ceph,
glusterfsSupport ? false,
glusterfs,
libuuid,
openGLSupport ? sdlSupport,
libgbm,
libepoxy,
libdrm,
rutabagaSupport ?
openGLSupport && !minimal && lib.meta.availableOn stdenv.hostPlatform rutabaga_gfx,
rutabaga_gfx,
virglSupport ? openGLSupport,
virglrenderer,
libiscsiSupport ? !minimal,
libiscsi,
smbdSupport ? false,
samba,
tpmSupport ? !minimal,
uringSupport ? stdenv.hostPlatform.isLinux && !userOnly,
liburing,
canokeySupport ? false,
canokey-qemu,
capstoneSupport ? !minimal,
capstone,
valgrindSupport ? false,
valgrind-light,
pluginsSupport ? !stdenv.hostPlatform.isStatic,
enableDocs ? !minimal || toolsOnly,
enableTools ? !minimal || toolsOnly,
enableBlobs ? !minimal || toolsOnly,
hostCpuOnly ? false,
hostCpuTargets ? (
if toolsOnly then
[ ]
else if xenSupport then
[ "i386-softmmu" ]
else if hostCpuOnly then
(
lib.optional stdenv.hostPlatform.isx86_64 "i386-softmmu"
++ [ "${stdenv.hostPlatform.qemuArch}-softmmu" ]
)
else
null
),
nixosTestRunner ? false,
toolsOnly ? false,
userOnly ? false,
minimal ? toolsOnly || userOnly,
gitUpdater,
qemu-utils, # for tests attribute
}:
assert lib.assertMsg (
xenSupport -> hostCpuTargets == [ "i386-softmmu" ]
) "Xen should not use any other QEMU architecture other than i386.";
let
hexagonSupport = hostCpuTargets == null || lib.elem "hexagon" hostCpuTargets;
# needed in buildInputs and depsBuildBuild
# check log for warnings eg: `warning: 'hv_vm_config_get_max_ipa_size' is only available on macOS 13.0`
# to indicate if min version needs to get bumped.
darwinSDK = [
apple-sdk_13
(darwinMinVersionHook "13")
];
in
stdenv.mkDerivation (finalAttrs: {
pname =
"qemu"
+ lib.optionalString xenSupport "-xen"
+ lib.optionalString hostCpuOnly "-host-cpu-only"
+ lib.optionalString nixosTestRunner "-for-vm-tests"
+ lib.optionalString toolsOnly "-utils"
+ lib.optionalString userOnly "-user";
version = "10.1.0";
src = fetchurl {
url = "https://download.qemu.org/qemu-${finalAttrs.version}.tar.xz";
hash = "sha256-4FFzSbUMpz6+wvqFsGBQ1cRjymXHOIM72PwfFfGAvlE=";
};
depsBuildBuild = [
buildPackages.stdenv.cc
]
++ lib.optionals stdenv.buildPlatform.isDarwin darwinSDK
++ lib.optionals hexagonSupport [ pkg-config ];
nativeBuildInputs = [
makeWrapper
removeReferencesTo
pkg-config
flex
bison
meson
ninja
perl
# For python changes other than simple package additions, ping @dramforever for review.
# Don't change `python3Packages` to `python3.pkgs.*`, breaks cross-compilation.
python3Packages.distlib
# Hooks from the python package are needed to add `$pythonPath` so
# `python/scripts/mkvenv.py` can detect `meson` otherwise the vendored meson without patches will be used.
python3Packages.python
]
++ lib.optionals gtkSupport [ wrapGAppsHook3 ]
++ lib.optionals enableDocs [
python3Packages.sphinx
python3Packages.sphinx-rtd-theme
]
++ lib.optionals hexagonSupport [ glib ]
++ lib.optionals stdenv.hostPlatform.isDarwin [
sigtool
]
++ lib.optionals (!userOnly) [ dtc ];
# gnutls is required for crypto support (luks) in qemu-img
buildInputs = [
glib
gnutls
zlib
]
++ lib.optionals (!minimal) [
dtc
pixman
vde2
lzo
snappy
libtasn1
libslirp
libcbor
]
++ lib.optionals (!userOnly) [ curl ]
++ lib.optionals ncursesSupport [ ncurses ]
++ lib.optionals stdenv.hostPlatform.isDarwin darwinSDK
++ lib.optionals seccompSupport [ libseccomp ]
++ lib.optionals numaSupport [ numactl ]
++ lib.optionals alsaSupport [ alsa-lib ]
++ lib.optionals pulseSupport [ libpulseaudio ]
++ lib.optionals pipewireSupport [ pipewire ]
++ lib.optionals sdlSupport [
SDL2
SDL2_image
]
++ lib.optionals jackSupport [ libjack2 ]
++ lib.optionals gtkSupport [
gtk3
gettext
vte
]
++ lib.optionals vncSupport [
libjpeg
libpng
]
++ lib.optionals smartcardSupport [ libcacard ]
++ lib.optionals spiceSupport [
spice-protocol
spice
]
++ lib.optionals usbredirSupport [ usbredir ]
++ lib.optionals (stdenv.hostPlatform.isLinux && !userOnly) [
libcap_ng
libcap
attr
libaio
]
++ lib.optionals xenSupport [ xen ]
++ lib.optionals cephSupport [ ceph ]
++ lib.optionals glusterfsSupport [
glusterfs
libuuid
]
++ lib.optionals openGLSupport [
libgbm
libepoxy
libdrm
]
++ lib.optionals rutabagaSupport [ rutabaga_gfx ]
++ lib.optionals virglSupport [ virglrenderer ]
++ lib.optionals libiscsiSupport [ libiscsi ]
++ lib.optionals smbdSupport [ samba ]
++ lib.optionals uringSupport [ liburing ]
++ lib.optionals canokeySupport [ canokey-qemu ]
++ lib.optionals capstoneSupport [ capstone ]
++ lib.optionals valgrindSupport [ valgrind-light ];
dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build
dontAddStaticConfigureFlags = true;
outputs = [ "out" ] ++ lib.optional enableDocs "doc" ++ lib.optional guestAgentSupport "ga";
# On aarch64-linux we would shoot over the Hydra's 2G output limit.
separateDebugInfo = !(stdenv.hostPlatform.isAarch64 && stdenv.hostPlatform.isLinux);
patches = [
./fix-qemu-ga.patch
# On macOS, QEMU uses `Rez(1)` and `SetFile(1)` to attach its icon
# to the binary. Unfortunately, those commands are proprietary,
# deprecated since Xcode 6, and operate on resource forks, which
# these days are stored in extended attributes, which arent
# supported in the Nix store. So we patch out the calls.
./skip-macos-icon.patch
# Workaround for upstream issue with nested virtualisation: https://gitlab.com/qemu-project/qemu/-/issues/1008
(fetchpatch {
url = "https://gitlab.com/qemu-project/qemu/-/commit/3e4546d5bd38a1e98d4bd2de48631abf0398a3a2.diff";
sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E=";
revert = true;
})
]
++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;
postPatch = ''
# Otherwise tries to ensure /var/run exists.
sed -i "/install_emptydir(get_option('localstatedir') \/ 'run')/d" \
qga/meson.build
'';
preConfigure = ''
unset CPP # intereferes with dependency calculation
# this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang
chmod +x ./scripts/shaderinclude.py
patchShebangs .
# avoid conflicts with libc++ include for <version>
mv VERSION QEMU_VERSION
substituteInPlace configure \
--replace-fail '$source_path/VERSION' '$source_path/QEMU_VERSION'
substituteInPlace meson.build \
--replace-fail "'VERSION'" "'QEMU_VERSION'"
substituteInPlace docs/conf.py \
--replace-fail "'../VERSION'" "'../QEMU_VERSION'"
substituteInPlace python/qemu/machine/machine.py \
--replace-fail /var/tmp "$TMPDIR"
'';
configureFlags = [
"--disable-strip" # We'll strip ourselves after separating debug info.
"--enable-gnutls" # auto detection only works when building with --enable-system
(lib.enableFeature enableDocs "docs")
(lib.enableFeature enableTools "tools")
"--localstatedir=/var"
"--sysconfdir=/etc"
"--cross-prefix=${stdenv.cc.targetPrefix}"
(lib.enableFeature guestAgentSupport "guest-agent")
]
++ lib.optional numaSupport "--enable-numa"
++ lib.optional seccompSupport "--enable-seccomp"
++ lib.optional smartcardSupport "--enable-smartcard"
++ lib.optional spiceSupport "--enable-spice"
++ lib.optional usbredirSupport "--enable-usb-redir"
++ lib.optional (hostCpuTargets != null) "--target-list=${lib.concatStringsSep "," hostCpuTargets}"
++ lib.optionals stdenv.hostPlatform.isDarwin [
"--enable-cocoa"
"--enable-hvf"
]
++ lib.optional (stdenv.hostPlatform.isLinux && !userOnly) "--enable-linux-aio"
++ lib.optional gtkSupport "--enable-gtk"
++ lib.optional xenSupport "--enable-xen"
++ lib.optional cephSupport "--enable-rbd"
++ lib.optional glusterfsSupport "--enable-glusterfs"
++ lib.optional openGLSupport "--enable-opengl"
++ lib.optional virglSupport "--enable-virglrenderer"
++ lib.optional tpmSupport "--enable-tpm"
++ lib.optional libiscsiSupport "--enable-libiscsi"
++ lib.optional smbdSupport "--smbd=${samba}/bin/smbd"
++ lib.optional uringSupport "--enable-linux-io-uring"
++ lib.optional canokeySupport "--enable-canokey"
++ lib.optional capstoneSupport "--enable-capstone"
++ lib.optional (!pluginsSupport) "--disable-plugins"
++ lib.optional (!enableBlobs) "--disable-install-blobs"
++ lib.optional userOnly "--disable-system"
++ lib.optional stdenv.hostPlatform.isStatic "--static";
dontWrapGApps = true;
# QEMU attaches entitlements with codesign and strip removes those,
# voiding the entitlements and making it non-operational.
# The alternative is to re-sign with entitlements after stripping:
# * https://github.com/qemu/qemu/blob/v6.1.0/scripts/entitlement.sh#L25
dontStrip = stdenv.hostPlatform.isDarwin;
postFixup = ''
# the .desktop is both invalid and pointless
rm -f $out/share/applications/qemu.desktop
''
+ lib.optionalString guestAgentSupport ''
# move qemu-ga (guest agent) to separate output
mkdir -p $ga/bin
mv $out/bin/qemu-ga $ga/bin/
ln -s $ga/bin/qemu-ga $out/bin
remove-references-to -t $out $ga/bin/qemu-ga
''
+ lib.optionalString gtkSupport ''
# wrap GTK Binaries
for f in $out/bin/qemu-system-*; do
wrapGApp $f
done
''
+ lib.optionalString stdenv.hostPlatform.isStatic ''
# HACK: Otherwise the result will have the entire buildInputs closure
# injected by the pkgsStatic stdenv
# <https://github.com/NixOS/nixpkgs/issues/83667>
rm -f $out/nix-support/propagated-build-inputs
'';
preBuild = "cd build";
# tests can still timeout on slower systems
doCheck = false;
nativeCheckInputs = [ socat ];
preCheck = ''
# time limits are a little meagre for a build machine that's
# potentially under load.
substituteInPlace ../tests/unit/meson.build \
--replace 'timeout: slow_tests' 'timeout: 50 * slow_tests'
substituteInPlace ../tests/qtest/meson.build \
--replace 'timeout: slow_qtests' 'timeout: 50 * slow_qtests'
substituteInPlace ../tests/fp/meson.build \
--replace 'timeout: 90)' 'timeout: 300)'
# point tests towards correct binaries
substituteInPlace ../tests/unit/test-qga.c \
--replace '/bin/bash' "$(type -P bash)" \
--replace '/bin/echo' "$(type -P echo)"
substituteInPlace ../tests/unit/test-io-channel-command.c \
--replace '/bin/socat' "$(type -P socat)"
# combined with a long package name, some temp socket paths
# can end up exceeding max socket name len
substituteInPlace ../tests/qtest/bios-tables-test.c \
--replace 'qemu-test_acpi_%s_tcg_%s' '%s_%s'
# get-fsinfo attempts to access block devices, disallowed by sandbox
sed -i -e '/\/qga\/get-fsinfo/d' -e '/\/qga\/blacklist/d' \
../tests/unit/test-qga.c
# xattrs are not allowed in the sandbox
substituteInPlace ../tests/qtest/virtio-9p-test.c \
--replace-fail mapped-xattr mapped-file
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
# skip test that stalls on darwin, perhaps due to subtle differences
# in fifo behaviour
substituteInPlace ../tests/unit/meson.build \
--replace "'test-io-channel-command'" "#'test-io-channel-command'"
'';
# Add a qemu-kvm wrapper for compatibility/convenience.
postInstall = lib.optionalString (!minimal && !xenSupport) ''
ln -s $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} $out/bin/qemu-kvm
'';
passthru = {
qemu-system-i386 = "bin/qemu-system-i386";
tests = lib.optionalAttrs (!toolsOnly) {
qemu-tests = finalAttrs.finalPackage.overrideAttrs (_: {
doCheck = true;
});
qemu-utils-builds = qemu-utils;
};
updateScript = gitUpdater {
# No nicer place to find latest release.
url = "https://gitlab.com/qemu-project/qemu.git";
rev-prefix = "v";
ignoredVersions = "(alpha|beta|rc).*";
};
};
# Builds in ~3h with 2 cores, and ~20m with a big-parallel builder.
requiredSystemFeatures = [ "big-parallel" ];
meta =
with lib;
{
homepage = "https://www.qemu.org/";
description = "Generic and open source machine emulator and virtualizer";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ qyliss ];
teams = lib.optionals xenSupport xen.meta.teams;
platforms = platforms.unix;
}
# toolsOnly: Does not have qemu-kvm and there's no main support tool
# userOnly: There's one qemu-<arch> for every architecture
// lib.optionalAttrs (!toolsOnly && !userOnly) {
mainProgram = "qemu-kvm";
}
# userOnly: https://qemu.readthedocs.io/en/v9.0.2/user/main.html
// lib.optionalAttrs userOnly {
platforms = with platforms; (linux ++ freebsd ++ openbsd ++ netbsd);
description = "QEMU User space emulator - launch executables compiled for one CPU on another CPU";
};
})

45
pkgs/applications/virtualization/qemu/fix-qemu-ga.patch Normal file
View File

@@ -0,0 +1,45 @@
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index c2bd0b4316..47cee1c351 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -246,7 +246,7 @@ void qmp_guest_shutdown(const char *mode, Error **errp)
return;
}
- const char *argv[] = {"/sbin/shutdown",
+ const char *argv[] = {"/run/current-system/sw/bin/shutdown",
#ifdef CONFIG_SOLARIS
shutdown_flag, "-g0", "-y",
#elif defined(CONFIG_BSD)
@@ -257,6 +257,10 @@ void qmp_guest_shutdown(const char *mode, Error **errp)
"hypervisor initiated shutdown", (char *) NULL};
ga_run_command(argv, NULL, "shutdown", &local_err);
+ if (local_err) {
+ argv[0] = "/sbin/shutdown";
+ ga_run_command(argv, NULL, "shutdown", &local_err);
+ }
if (local_err) {
error_propagate(errp, local_err);
return;
@@ -270,7 +274,7 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp)
int ret;
Error *local_err = NULL;
struct timeval tv;
- const char *argv[] = {"/sbin/hwclock", has_time ? "-w" : "-s", NULL};
+ const char *argv[] = {"/run/current-system/sw/bin/hwclock", has_time ? "-w" : "-s", NULL};
/* If user has passed a time, validate and set it. */
if (has_time) {
@@ -303,6 +307,11 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp)
* hardware clock (RTC). */
ga_run_command(argv, NULL, "set hardware clock to system time",
&local_err);
+ if (local_err) {
+ argv[0] = "/sbin/hwclock";
+ ga_run_command(argv, NULL, "set hardware clock to system time",
+ &local_err);
+ }
if (local_err) {
error_propagate(errp, local_err);
return;

81
pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch Normal file
View File

@@ -0,0 +1,81 @@
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 45e9a1f9b0..494ee00c66 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags)
#define VIRTFS_META_DIR ".virtfs_metadata"
+static int is_in_store_path(const char *path)
+{
+ static char *store_path = NULL;
+ int store_path_len = -1;
+
+ if (store_path_len == -1) {
+ if ((store_path = getenv("NIX_STORE")) != NULL)
+ store_path_len = strlen(store_path);
+ else
+ store_path_len = 0;
+ }
+
+ if (store_path_len > 0)
+ return strncmp(path, store_path, strlen(store_path)) == 0;
+ return 0;
+}
+
static FILE *local_fopenat(int dirfd, const char *name, const char *mode)
{
int fd, o_mode = 0;
@@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
if (err) {
goto err_out;
}
+ stbuf->st_uid = 0;
+ stbuf->st_gid = 0;
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
@@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode)
{
int fd, ret;
+ if (is_in_store_path(name))
+ return 0;
+
/* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW).
* Unfortunately, the linux kernel doesn't implement it yet. As an
* alternative, let's open the file and use fchmod() instead. This
@@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,
if (err) {
return err;
}
+ stbuf->st_uid = 0;
+ stbuf->st_gid = 0;
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
@@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
if (err) {
goto out;
}
- err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
- AT_SYMLINK_NOFOLLOW);
+ if (is_in_store_path(name))
+ err = 0;
+ else
+ err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
+ AT_SYMLINK_NOFOLLOW);
if (err == -1) {
/*
* If we fail to change ownership and if we are
@@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
goto out;
}
- if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
+ if (is_in_store_path(name)) {
+ ret = 0;
+ } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
(fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,

14
pkgs/applications/virtualization/qemu/skip-macos-icon.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/scripts/entitlement.sh b/scripts/entitlement.sh
index 0f412949ec..23f56d083a 100755
--- a/scripts/entitlement.sh
+++ b/scripts/entitlement.sh
@@ -25,9 +25,5 @@
codesign --entitlements "$ENTITLEMENT" --force -s - "$SRC"
fi
-# Add the QEMU icon to the binary on Mac OS
-Rez -append "$ICON" -o "$SRC"
-SetFile -a C "$SRC"
-
mv -f "$SRC" "$DST"
trap '' exit

54
pkgs/applications/virtualization/qtemu/default.nix Normal file
View File

@@ -0,0 +1,54 @@
{
lib,
mkDerivation,
fetchFromGitLab,
pkg-config,
qmake,
qtbase,
qemu,
}:
mkDerivation rec {
pname = "qtemu";
version = "2.1";
src = fetchFromGitLab {
owner = "qtemu";
repo = "gui";
rev = version;
sha256 = "1555178mkfw0gwmw8bsxmg4339j2ifp0yb4b2f39nxh9hwshg07j";
};
nativeBuildInputs = [
qmake
pkg-config
];
buildInputs = [
qtbase
qemu
];
installPhase = ''
runHook preInstall
# upstream lacks an install method
install -D -t $out/share/applications qtemu.desktop
install -D -t $out/share/pixmaps qtemu.png
install -D -t $out/bin qtemu
# make sure that the qemu-* executables are found
wrapProgram $out/bin/qtemu --prefix PATH : ${lib.makeBinPath [ qemu ]}
runHook postInstall
'';
meta = with lib; {
description = "Qt-based front-end for QEMU emulator";
homepage = "https://qtemu.org";
license = licenses.gpl2;
platforms = with platforms; linux;
maintainers = with maintainers; [ romildo ];
mainProgram = "qtemu";
};
}

66
pkgs/applications/virtualization/rust-hypervisor-firmware/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
lib,
fetchFromGitHub,
stdenv,
lld,
}:
let
arch = stdenv.hostPlatform.qemuArch;
target = ./. + "/${arch}-unknown-none.json";
in
let
cross = import ../../../.. {
system = stdenv.hostPlatform.system;
crossSystem = lib.systems.examples."${arch}-embedded" // {
rust.rustcTarget = "${arch}-unknown-none";
rust.platform =
assert lib.assertMsg (builtins.pathExists target) "Target spec not found";
lib.importJSON target;
};
};
inherit (cross) rustPlatform;
in
rustPlatform.buildRustPackage rec {
pname = "rust-hypervisor-firmware";
version = "0.5.0";
src = fetchFromGitHub {
owner = "cloud-hypervisor";
repo = "rust-hypervisor-firmware";
tag = version;
sha256 = "sha256-iLYmPBJH7I6EJ8VTUbR0+lZaebvbZlRv2KglbjKX76Q=";
};
cargoHash = "sha256-iqsU4t8Zz9UTtAu+a6kqwnPZ6qdGAriQ7hcU58KDQ8M=";
# lld: error: unknown argument '-Wl,--undefined=AUDITABLE_VERSION_INFO'
# https://github.com/cloud-hypervisor/rust-hypervisor-firmware/issues/249
auditable = false;
RUSTC_BOOTSTRAP = 1;
nativeBuildInputs = [
lld
];
RUSTFLAGS = "-C linker=lld -C linker-flavor=ld.lld";
# Tests don't work for `no_std`. See https://os.phil-opp.com/testing/
doCheck = false;
meta = with lib; {
homepage = "https://github.com/cloud-hypervisor/rust-hypervisor-firmware";
description = "Simple firmware that is designed to be launched from anything that supports loading ELF binaries and running them with the PVH booting standard";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ astro ];
platforms = [ "x86_64-none" ];
mainProgram = "hypervisor-fw";
};
}

20
pkgs/applications/virtualization/rust-hypervisor-firmware/x86_64-unknown-none.json Normal file
View File

@@ -0,0 +1,20 @@
{
"llvm-target": "x86_64-unknown-none",
"data-layout": "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128",
"arch": "x86_64",
"target-endian": "little",
"target-pointer-width": "64",
"target-c-int-width": "32",
"os": "none",
"executables": true,
"linker": "rust-lld",
"linker-flavor": "ld.lld",
"panic-strategy": "abort",
"disable-redzone": true,
"features": "-mmx,-sse,+soft-float",
"code-model": "small",
"relocation-model": "pic",
"pre-link-args": {
"ld.lld": ["--script=x86_64-unknown-none.ld"]
}
}

56
pkgs/applications/virtualization/sail-riscv/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{
stdenv,
fetchFromGitHub,
lib,
cmake,
gmp,
pkg-config,
sail,
ninja,
zlib,
z3,
}:
stdenv.mkDerivation rec {
pname = "sail-riscv";
version = "0.7";
src = fetchFromGitHub {
owner = "riscv";
repo = "sail-riscv";
rev = version;
hash = "sha256-Keu96+yHWUEFO3rRLvF7rzcJmF3y/V/uyK7TIFj0Xw0=";
};
nativeBuildInputs = [
z3
cmake
pkg-config
ninja
sail
];
buildInputs = [
zlib
gmp
];
strictDeps = true;
preBuild = ''
ninja \
riscv_sim_rv32d \
riscv_sim_rv32d_rvfi \
riscv_sim_rv32f \
riscv_sim_rv32f_rvfi \
riscv_sim_rv64d \
riscv_sim_rv64d_rvfi \
riscv_sim_rv64f \
riscv_sim_rv64f_rvfi
'';
meta = with lib; {
homepage = "https://github.com/riscv/sail-riscv";
description = "Formal specification of the RISC-V architecture, written in Sail";
maintainers = with maintainers; [ genericnerdyusername ];
license = licenses.bsd2;
};
}

84
pkgs/applications/virtualization/singularity/apptainer/0001-ldCache-patch-for-driverLink.patch Normal file
View File

@@ -0,0 +1,84 @@
From 783ec26c0d83013baf04579a6a415d7f8776ac93 Mon Sep 17 00:00:00 2001
From: Someone Serge <sergei.kozlukov@aalto.fi>
Date: Sun, 7 Jan 2024 11:48:24 +0000
Subject: [PATCH] ldCache(): patch for @driverLink@
---
internal/pkg/util/paths/resolve.go | 41 +++++++++++++++++++++++++++---
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/internal/pkg/util/paths/resolve.go b/internal/pkg/util/paths/resolve.go
index db45d9db1..9d0110b6b 100644
--- a/internal/pkg/util/paths/resolve.go
+++ b/internal/pkg/util/paths/resolve.go
@@ -14,6 +14,7 @@ import (
"fmt"
"os"
"os/exec"
+ "path"
"path/filepath"
"regexp"
"strings"
@@ -154,14 +155,49 @@ func Resolve(fileList []string) ([]string, []string, error) {
// lists three variants of libEGL.so.1 that are in different locations, we only
// report the first, highest priority, variant.
func ldCache() (map[string]string, error) {
+ driverDirs := strings.Split("@driverLink@/lib", ":")
+ if machine, err := elfMachine(); err == nil && machine == elf.EM_386 {
+ driverDirs = strings.Split("@driverLink@-32/lib", ":")
+ }
+
+ soPattern, err := regexp.Compile(`[^\s]+\.so(\.\d+(\.\d+(\.\d+)?)?)?$`)
+ if err != nil {
+ return nil, fmt.Errorf("could not compile ldconfig regexp: %v", err)
+ }
+
+ ldCache := make(map[string]string)
+ for _, dirPath := range driverDirs {
+ dir, err := os.Open(dirPath)
+ if err != nil {
+ /* Maybe we're not running under NixOS */
+ continue
+ }
+ files, err := dir.ReadDir(-1)
+ if err != nil {
+ continue
+ }
+ for _, f := range files {
+ if !soPattern.MatchString(f.Name()) {
+ continue
+ }
+ libName := f.Name()
+ libPath := path.Join(dirPath, f.Name())
+ if _, ok := ldCache[libName]; !ok {
+ ldCache[libName] = libPath
+ }
+ }
+ }
+
// walk through the ldconfig output and add entries which contain the filenames
// returned by nvidia-container-cli OR the nvliblist.conf file contents
ldconfig, err := bin.FindBin("ldconfig")
- if err != nil {
+ if err != nil && len(ldCache) == 0 {
+ // Note that missing ldconfig is only an "error" as long
+ // as there's no driverLink
return nil, err
}
out, err := exec.Command(ldconfig, "-p").Output()
- if err != nil {
+ if err != nil && len(ldCache) == 0 {
return nil, fmt.Errorf("could not execute ldconfig: %v", err)
}
@@ -173,7 +209,6 @@ func ldCache() (map[string]string, error) {
}
// store library name with associated path
- ldCache := make(map[string]string)
for _, match := range r.FindAllSubmatch(out, -1) {
if match != nil {
// libName is the "libnvidia-ml.so.1" (from the above example)
--
2.42.0

382
pkgs/applications/virtualization/singularity/generic.nix Normal file
View File

@@ -0,0 +1,382 @@
# Configurations that should only be overrided by
# overrideAttrs
{
pname,
version,
src,
projectName, # "apptainer" or "singularity"
vendorHash ? null,
deleteVendor ? false,
proxyVendor ? false,
extraConfigureFlags ? [ ],
extraDescription ? "",
extraMeta ? { },
}:
let
# Backward compatibility layer for the obsolete workaround of
# the "vendor-related attributes not overridable" issue (#86349),
# whose solution (#225051) is merged and released.
# TODO(@ShamrockLee): Remove after the Nixpkgs 25.05 branch-off.
_defaultGoVendorArgs = {
inherit vendorHash deleteVendor proxyVendor;
};
in
{
lib,
buildGoModule,
runCommandLocal,
replaceVars,
# Native build inputs
addDriverRunpath,
makeWrapper,
pkg-config,
util-linux,
which,
# Build inputs
bash,
callPackage,
conmon,
coreutils,
cryptsetup,
e2fsprogs,
fakeroot,
fuse2fs ? e2fsprogs.fuse2fs,
go,
gpgme,
libseccomp,
libuuid,
mount,
versionCheckHook,
# This is for nvidia-container-cli
nvidia-docker,
openssl,
squashfsTools,
squashfuse,
# Test dependencies
singularity-tools,
cowsay,
hello,
# Overridable configurations
enableNvidiaContainerCli ? true,
# --nvccli currently requires extra privileges:
# https://github.com/apptainer/apptainer/issues/1893#issuecomment-1881240800
forceNvcCli ? false,
# Compile with seccomp support
# SingularityCE 3.10.0 and above requires explicit --without-seccomp when libseccomp is not available.
enableSeccomp ? true,
# Whether the configure script treat SUID support as default
# When equal to enableSuid, it suppress the --with-suid / --without-suid build flag
# It can be set to `null` to always pass either --with-suid or --without-suided
# Type: null or boolean
defaultToSuid ? true,
# Whether to compile with SUID support
enableSuid ? false,
starterSuidPath ? null,
# Extra system-wide /**/bin paths to prefix,
# useful to specify directories containing binaries with SUID bit set.
# The paths take higher precedence over the FHS system PATH specified
# inside the upstream source code.
# Include "/run/wrappers/bin" by default for the convenience of NixOS users.
systemBinPaths ? [ "/run/wrappers/bin" ],
# External LOCALSTATEDIR
externalLocalStateDir ? null,
# Remove the symlinks to `singularity*` when projectName != "singularity"
removeCompat ? false,
# The defaultPath values to substitute in each source files.
#
# `defaultPath` are PATH variables hard-coded inside Apptainer/Singularity
# binaries to search for third-party utilities, as a hardening for
# `$out/bin/starter-suid`.
#
# The upstream provided values are suitable for FHS-conformant environment.
# We substitute them and insert Nixpkgs-specific values.
#
# Example:
# {
# "path/to/source/file1" = [ "<originalDefaultPath11>" "<originalDefaultPath12>" ... ];
# }
sourceFilesWithDefaultPaths ? { },
# Placeholders for the obsolete workaround of #86349
# TODO(@ShamrockLee): Remove after the Nixpkgs 25.05 branch-off.
vendorHash ? null,
deleteVendor ? null,
proxyVendor ? null,
}@args:
let
# Backward compatibility layer for the obsolete workaround of #86349
# TODO(@ShamrockLee): Convert to simple inheritance after the Nixpkgs 25.05 branch-off.
moduleArgsOverridingCompat =
argName:
if args.${argName} or null == null then
_defaultGoVendorArgs.${argName}
else
lib.warn
"${projectName}: Override ${argName} with .override is deprecated. Use .overrideAttrs instead."
args.${argName};
vendorHash = moduleArgsOverridingCompat "vendorHash";
deleteVendor = moduleArgsOverridingCompat "deleteVendor";
proxyVendor = moduleArgsOverridingCompat "proxyVendor";
addShellDoubleQuotes = s: lib.escapeShellArg ''"'' + s + lib.escapeShellArg ''"'';
in
(buildGoModule {
inherit pname version src;
patches = lib.optionals (projectName == "apptainer") [
(replaceVars ./apptainer/0001-ldCache-patch-for-driverLink.patch {
inherit (addDriverRunpath) driverLink;
})
];
# Override vendorHash with the output got from
# nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).goModules"
# or with `null` when using vendored source tarball.
inherit vendorHash deleteVendor proxyVendor;
# go is used to compile extensions when building container images
allowGoReference = true;
strictDeps = true;
passthru = {
inherit
enableSeccomp
enableSuid
externalLocalStateDir
projectName
removeCompat
starterSuidPath
;
};
nativeBuildInputs = [
makeWrapper
pkg-config
util-linux
which
];
# Search inside the project sources
# and see the `control` file of the Debian package from upstream repos
# for build-time dependencies and run-time utilities
# apptainer/apptainer: https://github.com/apptainer/apptainer/blob/main/dist/debian/control
# sylabs/singularity: https://github.com/sylabs/singularity/blob/main/debian/control
buildInputs = [
bash # To patch /bin/sh shebangs.
conmon
cryptsetup
gpgme
libuuid
openssl
squashfsTools # Required at build time by SingularityCE
]
# Optional dependencies.
# Formatting: Optional dependencies are likely to increase.
# Don't squash them into the same line.
++ lib.optional enableNvidiaContainerCli nvidia-docker
++ lib.optional enableSeccomp libseccomp;
configureScript = "./mconfig";
configureFlags = [
"--localstatedir=${
if externalLocalStateDir != null then externalLocalStateDir else "${placeholder "out"}/var/lib"
}"
"--runstatedir=/var/run"
]
++ lib.optional (!enableSeccomp) "--without-seccomp"
++ lib.optional (enableSuid != defaultToSuid) (
if enableSuid then "--with-suid" else "--without-suid"
)
++ extraConfigureFlags;
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
# Packages to provide fallback bin paths
# to the Apptainer/Singularity container runtime default PATHs.
# Override with `<pkg>.overrideAttrs`.
defaultPathInputs = [
bash
coreutils
cryptsetup # cryptsetup
fakeroot
fuse2fs # Mount ext3 filesystems
go
mount # mount
squashfsTools # mksquashfs unsquashfs # Make / unpack squashfs image
squashfuse # squashfuse_ll squashfuse # Mount (without unpacking) a squashfs image without privileges
]
++ lib.optional enableNvidiaContainerCli nvidia-docker;
postPatch = ''
if [[ ! -e .git || ! -e VERSION ]]; then
echo "${version}" > VERSION
fi
# Patch shebangs for script run during build
patchShebangs --build "$configureScript" makeit e2e scripts mlocal/scripts
# Patching the hard-coded defaultPath by prefixing the packages in defaultPathInputs
${lib.concatMapAttrsStringSep "\n" (fileName: originalDefaultPaths: ''
substituteInPlace ${lib.escapeShellArg fileName} \
${lib.concatMapStringsSep " \\\n " (
originalDefaultPath:
lib.concatStringsSep " " [
"--replace-fail"
(addShellDoubleQuotes (lib.escapeShellArg originalDefaultPath))
(addShellDoubleQuotes ''$systemDefaultPath''${systemDefaultPath:+:}${lib.escapeShellArg originalDefaultPath}''${inputsDefaultPath:+:}$inputsDefaultPath'')
]
) originalDefaultPaths}
'') sourceFilesWithDefaultPaths}
'';
postConfigure = ''
# Code borrowed from pkgs/stdenv/generic/setup.sh configurePhase()
# set to empty if unset
: ''${configureFlags=}
# shellcheck disable=SC2086
$configureScript -V ${version} "''${prefixKey:---prefix=}$prefix" $configureFlags "''${configureFlagsArray[@]}"
# End of the code from pkgs/stdenv/generic/setup.sh configurPhase()
'';
buildPhase = ''
runHook preBuild
make -C builddir -j"$NIX_BUILD_CORES"
runHook postBuild
'';
installPhase = ''
runHook preInstall
make -C builddir install LOCALSTATEDIR="$out/var/lib"
runHook postInstall
'';
postFixup = ''
substituteInPlace "$out/bin/run-singularity" \
--replace-fail "/usr/bin/env ${projectName}" "$out/bin/${projectName}"
# Respect PATH from the environment/the user.
# Fallback to bin paths provided by Nixpkgs packages.
wrapProgram "$out/bin/${projectName}" \
--suffix PATH : "$systemDefaultPath" \
--suffix PATH : "$inputsDefaultPath"
# Make changes in the config file
${lib.optionalString forceNvcCli ''
substituteInPlace "$out/etc/${projectName}/${projectName}.conf" \
--replace-fail "use nvidia-container-cli = no" "use nvidia-container-cli = yes"
''}
${lib.optionalString (enableNvidiaContainerCli && projectName == "singularity") ''
substituteInPlace "$out/etc/${projectName}/${projectName}.conf" \
--replace-fail "# nvidia-container-cli path =" "nvidia-container-cli path = ${nvidia-docker}/bin/nvidia-container-cli"
''}
${lib.optionalString (removeCompat && (projectName != "singularity")) ''
unlink "$out/bin/singularity"
for file in "$out"/share/man/man?/singularity*.gz; do
if [[ -L "$file" ]]; then
unlink "$file"
fi
done
for file in "$out"/share/*-completion/completions/singularity; do
if [[ -e "$file" ]]
rm "$file"
done
''}
${lib.optionalString enableSuid (
lib.warnIf (starterSuidPath == null)
"${projectName}: Null starterSuidPath when enableSuid produces non-SUID-ed starter-suid and run-time permission denial."
''
chmod +x $out/libexec/${projectName}/bin/starter-suid
''
)}
${lib.optionalString (enableSuid && (starterSuidPath != null)) ''
mv "$out"/libexec/${projectName}/bin/starter-suid{,.orig}
ln -s ${lib.escapeShellArg starterSuidPath} "$out/libexec/${projectName}/bin/starter-suid"
''}
'';
nativeInstallCheckInputs = [
versionCheckHook
];
versionCheckProgram = "${placeholder "out"}/bin/${projectName}";
versionCheckProgramArg = "--version";
doInstallCheck = true;
meta = {
description = "Application containers for linux" + extraDescription;
longDescription = ''
Singularity (the upstream) renamed themselves to Apptainer
to distinguish themselves from a fork made by Sylabs Inc.. See
https://sylabs.io/2021/05/singularity-community-edition
https://apptainer.org/news/community-announcement-20211130
'';
license = lib.licenses.bsd3;
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [
jbedo
ShamrockLee
];
mainProgram = projectName;
}
// extraMeta;
}).overrideAttrs
(
finalAttrs: prevAttrs: {
systemDefaultPath = lib.concatStringsSep ":" systemBinPaths;
inputsDefaultPath = lib.makeBinPath finalAttrs.defaultPathInputs;
passthru = prevAttrs.passthru or { } // {
inherit sourceFilesWithDefaultPaths;
tests = {
image-hello-cowsay = singularity-tools.buildImage {
name = "hello-cowsay";
contents = [
hello
cowsay
];
singularity = finalAttrs.finalPackage;
};
};
gpuChecks = lib.optionalAttrs (projectName == "apptainer") {
# Should be in tests, but Ofborg would skip image-hello-cowsay because
# saxpy is unfree.
image-saxpy = callPackage (
{ singularity-tools, cudaPackages }:
singularity-tools.buildImage {
name = "saxpy";
contents = [ cudaPackages.saxpy ];
memSize = 2048;
diskSize = 2048;
singularity = finalAttrs.finalPackage;
}
) { };
saxpy = callPackage (
{ runCommand, writeShellScriptBin }:
let
unwrapped = writeShellScriptBin "apptainer-cuda-saxpy" ''
${lib.getExe finalAttrs.finalPackage} exec --nv $@ ${finalAttrs.passthru.gpuChecks.image-saxpy} saxpy
'';
in
runCommand "run-apptainer-cuda-saxpy"
{
requiredSystemFeatures = [ "cuda" ];
nativeBuildInputs = [ unwrapped ];
passthru = {
inherit unwrapped;
};
}
''
apptainer-cuda-saxpy
''
) { };
};
};
}
)

114
pkgs/applications/virtualization/singularity/packages.nix Normal file
View File

@@ -0,0 +1,114 @@
{
callPackage,
fetchFromGitHub,
nixos,
conmon,
}:
let
apptainer =
callPackage
(import ./generic.nix rec {
pname = "apptainer";
version = "1.4.3";
projectName = "apptainer";
src = fetchFromGitHub {
owner = "apptainer";
repo = "apptainer";
tag = "v${version}";
hash = "sha256-VUtTv6kH08CCOLlRq4lPyOOlduf/oSiGcQ3cHl7ks8I=";
};
# Override vendorHash with overrideAttrs.
# See https://nixos.org/manual/nixpkgs/unstable/#buildGoModule-vendorHash
vendorHash = "sha256-Q56kFnWw5TqeNGyv2n9QempfIdfPXX1qzdf/G68Pfp8=";
extraDescription = " (previously known as Singularity)";
extraMeta.homepage = "https://apptainer.org";
})
{
# Apptainer doesn't depend on conmon
conmon = null;
# Apptainer builders require explicit --with-suid / --without-suid flag
# when building on a system with disabled unprivileged namespace.
# See https://github.com/NixOS/nixpkgs/pull/215690#issuecomment-1426954601
defaultToSuid = null;
sourceFilesWithDefaultPaths = {
"cmd/internal/cli/actions.go" = [ "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" ];
"e2e/env/env.go" = [ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ];
"internal/pkg/util/env/env.go" = [ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ];
};
};
singularity =
callPackage
(import ./generic.nix rec {
pname = "singularity-ce";
version = "4.3.3";
projectName = "singularity";
src = fetchFromGitHub {
owner = "sylabs";
repo = "singularity";
tag = "v${version}";
hash = "sha256-gQuakfQgB5gLVYLmmThy06CyGBhlBOCJI9jaEm7ucf0=";
};
# Override vendorHash with overrideAttrs.
# See https://nixos.org/manual/nixpkgs/unstable/#buildGoModule-vendorHash
vendorHash = "sha256-z8bLbudm1b5xFCAUpL/m90vxwLJlBqpQCjAEjSYOQH8=";
extraConfigureFlags = [
# Do not build squashfuse from the Git submodule sources, use Nixpkgs provided version
"--without-squashfuse"
# Disable subid as it requires (unavailable?) libsubid headers:
"--without-libsubid"
];
extraDescription = " (Sylabs Inc's fork of Singularity, a.k.a. SingularityCE)";
extraMeta.homepage = "https://sylabs.io/";
})
{
# Sylabs SingularityCE builders defaults to set the SUID flag
# on UNIX-like platforms,
# and only have --without-suid but not --with-suid.
defaultToSuid = true;
sourceFilesWithDefaultPaths = {
"cmd/internal/cli/actions.go" = [ "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" ];
"e2e/env/env.go" = [ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ];
"internal/pkg/util/env/clean.go" = [
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
];
};
};
genOverridenNixos =
package: packageName:
(nixos {
programs.singularity = {
enable = true;
inherit package;
};
}).config.programs.singularity.packageOverriden.overrideAttrs
(oldAttrs: {
meta = oldAttrs.meta // {
description = "";
longDescription = ''
This package produces identical store derivations to `pkgs.${packageName}`
overriden and installed by the NixOS module `programs.singularity`
with default configuration.
This is for binary substitutes only. Use pkgs.${packageName} instead.
'';
};
});
in
{
inherit apptainer singularity;
apptainer-overriden-nixos = genOverridenNixos apptainer "apptainer";
singularity-overriden-nixos = genOverridenNixos singularity "singularity";
}

61
pkgs/applications/virtualization/virt-top/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{
lib,
stdenv,
fetchgit,
ocamlPackages,
autoreconfHook,
libxml2,
pkg-config,
getopt,
gettext,
}:
stdenv.mkDerivation rec {
pname = "virt-top";
version = "1.1.2";
src = fetchgit {
url = "git://git.annexia.org/virt-top.git";
rev = "v${version}";
hash = "sha256-C1a47pWtjb38bnwmZ2Zq7/LlW3+BF5BGNMRFi97/ngU=";
};
patches = [
./gettext-0.25.patch
];
strictDeps = true;
nativeBuildInputs = [
autoreconfHook
pkg-config
getopt
ocamlPackages.ocaml
ocamlPackages.findlib
];
buildInputs =
with ocamlPackages;
[
ocamlPackages.ocaml
calendar
curses
gettext-stub
ocaml_libvirt
]
++ [ libxml2 ];
postPatch = ''
substituteInPlace ocaml-dep.sh.in --replace-fail '#!/bin/bash' '#!${stdenv.shell}'
substituteInPlace ocaml-link.sh.in --replace-fail '#!/bin/bash' '#!${stdenv.shell}'
substituteInPlace configure.ac --replace-fail 'AC_CONFIG_MACRO_DIR([m4])' 'AC_CONFIG_MACRO_DIRS([m4 ${gettext}/share/gettext/m4])'
'';
meta = {
description = "Top-like utility for showing stats of virtualized domains";
homepage = "https://people.redhat.com/~rjones/virt-top/";
license = lib.licenses.gpl2Only;
maintainers = [ ];
platforms = lib.platforms.linux;
mainProgram = "virt-top";
};
}

10
pkgs/applications/virtualization/virt-top/gettext-0.25.patch Normal file
View File

@@ -0,0 +1,10 @@
--- a/configure.ac.orig 2025-08-23 01:41:53
+++ b/configure.ac 2025-08-23 01:42:14
@@ -123,6 +123,7 @@
dnl Check for gettext.
AM_GNU_GETTEXT([external])
+AM_GNU_GETTEXT_VERSION([0.25])
dnl Write gettext modules for the programs.
dnl http://www.le-gall.net/sylvain+violaine/documentation/ocaml-gettext/html/reference-manual/ch03s04.html

428
pkgs/applications/virtualization/virtualbox/default.nix Normal file
View File

@@ -0,0 +1,428 @@
{
config,
stdenv,
fetchurl,
fetchpatch,
callPackage,
lib,
acpica-tools,
dev86,
pam,
libxslt,
libxml2,
libX11,
xorgproto,
libXext,
libXcursor,
libXfixes,
libXmu,
SDL2,
libcap,
libGL,
libGLU,
libpng,
glib,
lvm2,
libXrandr,
libXinerama,
libopus,
libtpms,
qt6,
pkg-config,
which,
docbook_xsl,
docbook_xml_dtd_43,
alsa-lib,
curl,
libvpx,
net-tools,
dbus,
replaceVars,
gsoap,
zlib,
xz,
yasm,
glslang,
nixosTests,
# If open-watcom-bin is not passed, VirtualBox will fall back to use
# the shipped alternative sources (assembly).
open-watcom-bin,
makeself,
perl,
javaBindings ? true,
jdk, # Almost doesn't affect closure size
pythonBindings ? false,
python3,
extensionPack ? null,
fakeroot,
pulseSupport ? config.pulseaudio or stdenv.hostPlatform.isLinux,
libpulseaudio,
enableHardening ? false,
headless ? false,
enable32bitGuests ? true,
enableWebService ? false,
enableKvm ? false,
extraConfigureFlags ? "",
}:
# The web services use Java infrastructure.
assert enableWebService -> javaBindings;
let
buildType = "release";
# Use maintainers/scripts/update.nix to update the version and all related hashes or
# change the hashes in extpack.nix and guest-additions/default.nix as well manually.
virtualboxVersion = "7.2.0";
virtualboxSubVersion = "";
virtualboxSha256 = "4f2804ff27848ea772aee6b637bb1e10ee74ec2da117c257413e2d2c4f670ba0";
kvmPatchVboxVersion = "7.2.0";
kvmPatchVersion = "20250903";
kvmPatchHash = "sha256-JTE9Kr+nJ6HLeDrzL2EVyDQhxzn3UsoQVIQ6zNCwioY=";
# The KVM build is not compatible to VirtualBox's kernel modules. So don't export
# modsrc at all.
withModsrc = !enableKvm;
virtualboxGuestAdditionsIso = callPackage guest-additions-iso/default.nix {
inherit virtualboxVersion;
};
inherit (lib)
optional
optionals
optionalString
getDev
getLib
;
inherit (qt6)
qtbase
qttools
qtsvg
qtwayland
qtscxml
wrapQtAppsHook
;
in
stdenv.mkDerivation (finalAttrs: {
pname = "virtualbox";
version = "${finalAttrs.virtualboxVersion}${finalAttrs.virtualboxSubVersion}";
inherit
buildType
virtualboxVersion
virtualboxSubVersion
virtualboxSha256
kvmPatchVersion
kvmPatchHash
virtualboxGuestAdditionsIso
;
src = fetchurl {
url = "https://download.virtualbox.org/virtualbox/${finalAttrs.virtualboxVersion}/VirtualBox-${finalAttrs.virtualboxVersion}${finalAttrs.virtualboxSubVersion}.tar.bz2";
sha256 = finalAttrs.virtualboxSha256;
};
outputs = [ "out" ] ++ optional withModsrc "modsrc";
nativeBuildInputs = [
pkg-config
which
docbook_xsl
docbook_xml_dtd_43
yasm
glslang
]
++ optional (!headless) wrapQtAppsHook;
# Wrap manually because we wrap just a small number of executables.
dontWrapQtApps = true;
buildInputs = [
acpica-tools
dev86
libxslt
libxml2
xorgproto
libX11
libXext
libXcursor
libcap
glib
lvm2
alsa-lib
curl
libvpx
pam
makeself
perl
libXmu
libXrandr
libpng
libopus
libtpms
python3
xz
libGL
]
++ optional javaBindings jdk
++ optional pythonBindings python3 # Python is needed even when not building bindings
++ optional pulseSupport libpulseaudio
++ optionals (!headless) [
qtbase
qttools
qtscxml
libXinerama
SDL2
libGLU
]
++ optionals enableWebService [
gsoap
zlib
];
hardeningDisable = [
"format"
"fortify"
"pic"
"stackprotector"
];
prePatch = ''
set -x
sed -e 's@MKISOFS --version@MKISOFS -version@' \
-e 's@PYTHONDIR=.*@PYTHONDIR=${optionalString pythonBindings python3}@' \
-e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++11 \1"@' \
${
optionalString (!headless) ''
-e 's@TOOLQT6BIN=.*@TOOLQT6BIN="${getDev qttools}/bin"@' \
''
} -i configure
ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2
ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2
grep 'libpulse\.so\.0' src include -rI --files-with-match | xargs sed -i -e '
${optionalString pulseSupport ''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}'
grep 'libdbus-1\.so\.3' src include -rI --files-with-match | xargs sed -i -e '
s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g'
grep 'libXfixes\.so\.3' src include -rI --files-with-match | xargs sed -i -e '
s@"libXfixes\.so\.3"@"${libXfixes.out}/lib/libXfixes.so.3"@g'
grep 'libasound\.so\.2' src include -rI --files-with-match | xargs sed -i -e '
s@"libasound\.so\.2"@"${alsa-lib.out}/lib/libasound.so.2"@g'
substituteInPlace src/VBox/Devices/Graphics/DevVGA-SVGA3d-glLdr.cpp \
--replace-fail \"libGL.so.1\" \"${libGL.out}/lib/libGL.so.1\"
# this works in conjunction with fix-graphics-driver-loading.patch
substituteInPlace src/VBox/Devices/Graphics/DevVGA-SVGA3d-dx-dx11.cpp \
--replace-fail \"VBoxDxVk\" \"$out/libexec/virtualbox/VBoxDxVk.so\"
export USER=nix
set +x
'';
patches =
optional enableHardening ./hardened.patch
# Since VirtualBox 7.0.8, VBoxSDL requires SDL2, but the build framework uses SDL1
++ optionals (!headless) [
./fix-sdl.patch
# No update patch disables check for update function
# https://bugs.launchpad.net/ubuntu/+source/virtualbox-ose/+bug/272212
(fetchpatch {
url = "https://salsa.debian.org/pkg-virtualbox-team/virtualbox/-/raw/8028d88e6876ca5977de13c58b54e243229efe98/debian/patches/16-no-update.patch";
hash = "sha256-AGtFsRjwd8Yw296eqX3NC2TUptAhpFTRaOMutiheQ6Y=";
})
]
++ [ ./extra_symbols.patch ]
# When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees
# the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH.
# This is because VirtualBoxVM would detect that it is wrapped that and refuse to run,
# and also because it would unset QT_PLUGIN_PATH for security reasons. We work around
# these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths,
# after the code that unsets it. Note that qtsvg is included so that SVG icons from
# the user's icon theme can be loaded.
++ optional (!headless && enableHardening) (
replaceVars ./qt-env-vars.patch {
qtPluginPath = "${qtbase}/bin/${qtbase.qtPluginPrefix}:${qtsvg}/bin/${qtbase.qtPluginPrefix}:${qtwayland}/bin/${qtbase.qtPluginPrefix}";
}
)
# While the KVM patch should not break any other behavior if --with-kvm is not specified,
# we don't take any chances and only apply it if people actually want to use KVM support.
++ optional enableKvm (fetchpatch {
name = "virtualbox-${finalAttrs.virtualboxVersion}-kvm-dev-${finalAttrs.kvmPatchVersion}.patch";
url = "https://github.com/cyberus-technology/virtualbox-kvm/releases/download/dev-${finalAttrs.kvmPatchVersion}/kvm-backend-${kvmPatchVboxVersion}-dev-${finalAttrs.kvmPatchVersion}.patch";
hash = finalAttrs.kvmPatchHash;
})
++ [
./qt-dependency-paths.patch
# https://github.com/NixOS/nixpkgs/issues/123851
./fix-audio-driver-loading.patch
];
postPatch = ''
sed -i -e 's|/sbin/ifconfig|${net-tools}/bin/ifconfig|' \
src/VBox/HostDrivers/adpctl/VBoxNetAdpCtl.cpp
'';
# first line: ugly hack, and it isn't yet clear why it's a problem
configurePhase = ''
NIX_CFLAGS_COMPILE=$(echo "$NIX_CFLAGS_COMPILE" | sed 's,\-isystem ${lib.getDev stdenv.cc.libc}/include,,g')
cat >> LocalConfig.kmk <<LOCAL_CONFIG
VBOX_WITH_TESTCASES :=
VBOX_WITH_TESTSUITE :=
VBOX_WITH_VALIDATIONKIT :=
VBOX_WITH_DOCS :=
VBOX_WITH_WARNINGS_AS_ERRORS :=
VBOX_WITH_ORIGIN :=
VBOX_PATH_APP_PRIVATE_ARCH_TOP := $out/share/virtualbox
VBOX_PATH_APP_PRIVATE_ARCH := $out/libexec/virtualbox
VBOX_PATH_SHARED_LIBS := $out/libexec/virtualbox
VBOX_WITH_RUNPATH := $out/libexec/virtualbox
VBOX_PATH_APP_PRIVATE := $out/share/virtualbox
VBOX_PATH_APP_DOCS := $out/doc
VBOX_WITH_UPDATE_AGENT :=
${optionalString javaBindings ''
VBOX_JAVA_HOME := ${jdk}
''}
${optionalString (!headless) ''
VBOX_WITH_VBOXSDL := 1
PATH_QT6_TOOLS_LIB := ${getLib qttools}/lib
PATH_QT6_TOOLS_INC := ${getLib qttools}/include
PATH_QT6_SCXML_LIB := ${getLib qtscxml}/lib
PATH_QT6_SCXML_INC := ${getLib qtscxml}/include
VBOX_PATH_QT := ${getLib qttools}/
''}
${optionalString enableWebService ''
# fix gsoap missing zlib include and produce errors with --as-needed
VBOX_GSOAP_CXX_LIBS := gsoapssl++ z
''}
TOOL_QT6_LRC := ${getLib qttools}/bin/lrelease
LOCAL_CONFIG
./configure \
${optionalString headless "--build-headless"} \
${optionalString (!javaBindings) "--disable-java"} \
${optionalString (!pythonBindings) "--disable-python"} \
${optionalString (!pulseSupport) "--disable-pulse"} \
${optionalString (!enableHardening) "--disable-hardening"} \
${optionalString (!enable32bitGuests) "--disable-vmmraw"} \
${optionalString enableWebService "--enable-webservice"} \
${optionalString (open-watcom-bin != null) "--with-ow-dir=${open-watcom-bin}"} \
${optionalString enableKvm "--with-kvm"} \
${extraConfigureFlags} \
--disable-kmods
sed -e 's@PKG_CONFIG_PATH=.*@PKG_CONFIG_PATH=${glib.dev}/lib/pkgconfig@' \
-i AutoConfig.kmk
sed -e 's@arch/x86/@@' \
-i Config.kmk
substituteInPlace Config.kmk --replace-fail "VBOX_WITH_TESTCASES = 1" "#"
'';
enableParallelBuilding = true;
buildPhase = ''
source env.sh
kmk -j $NIX_BUILD_CORES BUILD_TYPE="${finalAttrs.buildType}"
'';
installPhase = ''
libexec="$out/libexec/virtualbox"
share="${if enableHardening then "$out/share/virtualbox" else "$libexec"}"
# Install VirtualBox files
mkdir -p "$libexec"
find out/linux.*/${finalAttrs.buildType}/bin -mindepth 1 -maxdepth 1 \
-name src -o -exec cp -avt "$libexec" {} +
mkdir -p $out/bin
for file in ${
optionalString (!headless) "VirtualBox VBoxSDL"
} ${optionalString enableWebService "vboxwebsrv"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do
echo "Linking $file to /bin"
test -x "$libexec/$file"
ln -s "$libexec/$file" $out/bin/$file
done
${optionalString (extensionPack != null) ''
mkdir -p "$share"
"${fakeroot}/bin/fakeroot" "${stdenv.shell}" <<EOF
"$libexec/VBoxExtPackHelperApp" install \
--base-dir "$share/ExtensionPacks" \
--cert-dir "$share/ExtPackCertificates" \
--name "Oracle VirtualBox Extension Pack" \
--tarball "${extensionPack}" \
--sha-256 "${extensionPack.outputHash}"
EOF
''}
${optionalString (!headless) ''
# Create and fix desktop item
mkdir -p $out/share/applications
sed -i -e "s|Icon=VBox|Icon=$libexec/VBox.png|" $libexec/virtualbox.desktop
ln -sfv $libexec/virtualbox.desktop $out/share/applications
# Icons
mkdir -p $out/share/icons/hicolor
for size in `ls -1 $libexec/icons`; do
mkdir -p $out/share/icons/hicolor/$size/apps
ln -s $libexec/icons/$size/*.png $out/share/icons/hicolor/$size/apps
done
# Translation
mkdir -p "$out/share/virtualbox"
ln -sv $libexec/nls "$out/share/virtualbox/nls"
''}
${optionalString withModsrc ''
cp -rv out/linux.*/${finalAttrs.buildType}/bin/src "$modsrc"
''}
mkdir -p "$out/share/virtualbox"
cp -rv src/VBox/Main/UnattendedTemplates "$out/share/virtualbox"
ln -s "${finalAttrs.virtualboxGuestAdditionsIso}" "$out/share/virtualbox/VBoxGuestAdditions.iso"
'';
preFixup =
optionalString (!headless) ''
wrapQtApp $out/bin/VirtualBox
''
# If hardening is disabled, wrap the VirtualBoxVM binary instead of patching
# the source code (see postPatch).
+ optionalString (!headless && !enableHardening) ''
wrapQtApp $out/libexec/virtualbox/VirtualBoxVM
'';
passthru = {
inherit extensionPack; # for inclusion in profile to prevent gc
tests = nixosTests.virtualbox;
updateScript = ./update.sh;
};
meta = {
description = "PC emulator";
longDescription = ''
VirtualBox is an x86 and AMD64/Intel64 virtualization product for enterprise and home use.
To install on NixOS, please use the option `virtualisation.virtualbox.host.enable = true`.
Please also check other options under `virtualisation.virtualbox`.
'';
sourceProvenance = with lib.sourceTypes; [
fromSource
binaryNativeCode
];
license = lib.licenses.gpl3Only;
homepage = "https://www.virtualbox.org/";
maintainers = with lib.maintainers; [
sander
friedrichaltheide
blitz
];
platforms = [ "x86_64-linux" ];
mainProgram = "VirtualBox";
};
})

32
pkgs/applications/virtualization/virtualbox/extpack.nix Normal file
View File

@@ -0,0 +1,32 @@
{
fetchurl,
lib,
virtualbox,
}:
let
virtualboxExtPackVersion = "7.2.0";
in
fetchurl rec {
name = "Oracle_VirtualBox_Extension_Pack-${virtualboxExtPackVersion}.vbox-extpack";
url = "https://download.virtualbox.org/virtualbox/${virtualboxExtPackVersion}/${name}";
sha256 =
# Manually sha256sum the extensionPack file, must be hex!
# Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`.
# Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS
let
value = "8a44f3eeaf9bb71fab297bf4b3d38bd1bc55243f3c1a12bfb0e8d78170f949a0";
in
assert (builtins.stringLength value) == 64;
value;
meta = with lib; {
description = "Oracle Extension pack for VirtualBox";
license = licenses.virtualbox-puel;
homepage = "https://www.virtualbox.org/";
maintainers = with maintainers; [
sander
friedrichaltheide
];
platforms = [ "x86_64-linux" ];
};
}

25
pkgs/applications/virtualization/virtualbox/extra_symbols.patch Normal file
View File

@@ -0,0 +1,25 @@
diff --git a/src/VBox/HostDrivers/linux/Makefile b/src/VBox/HostDrivers/linux/Makefile
index 8ba33952..3b8abe60 100644
--- a/src/VBox/HostDrivers/linux/Makefile
+++ b/src/VBox/HostDrivers/linux/Makefile
@@ -99,17 +99,17 @@ install-vboxdrv:
install-vboxnetflt:
+@if [ -d vboxnetflt ]; then \
- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetflt install; \
+ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetflt/Module.symvers) -C vboxnetflt install; \
fi
install-vboxnetadp:
+@if [ -d vboxnetadp ]; then \
- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetadp install; \
+ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetadp/Module.symvers) -C vboxnetadp install; \
fi
install-vboxpci:
+@if [ -d vboxpci ]; then \
- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxpci install; \
+ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxpci/Module.symvers) -C vboxpci install; \
fi
install: install-vboxdrv install-vboxnetflt install-vboxnetadp install-vboxpci

26
pkgs/applications/virtualization/virtualbox/fix-audio-driver-loading.patch Normal file
View File

@@ -0,0 +1,26 @@
diff --git a/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp b/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp
index cfcb0abbf..2ce564f6f 100644
--- a/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp
+++ b/src/VBox/Devices/Audio/DrvHostAudioAlsaStubs.cpp
@@ -258,7 +258,7 @@ static DECLCALLBACK(int32_t) drvHostAudioAlsaLibInitOnce(void *pvUser)
LogFlowFunc(("\n"));
RTLDRMOD hMod = NIL_RTLDRMOD;
- int rc = RTLdrLoadSystemEx(VBOX_ALSA_LIB, RTLDRLOAD_FLAGS_NO_UNLOAD, &hMod);
+ int rc = RTLdrLoadEx(VBOX_ALSA_LIB, &hMod, RTLDRLOAD_FLAGS_NO_UNLOAD, nullptr);
if (RT_SUCCESS(rc))
{
for (uintptr_t i = 0; i < RT_ELEMENTS(SharedFuncs); i++)
diff --git a/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp b/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp
index a17fc93f9..148f5c39a 100644
--- a/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp
+++ b/src/VBox/Devices/Audio/DrvHostAudioPulseAudioStubs.cpp
@@ -332,7 +332,7 @@ static DECLCALLBACK(int32_t) drvHostAudioPulseLibInitOnce(void *pvUser)
LogFlowFunc(("\n"));
RTLDRMOD hMod = NIL_RTLDRMOD;
- int rc = RTLdrLoadSystemEx(VBOX_PULSE_LIB, RTLDRLOAD_FLAGS_NO_UNLOAD, &hMod);
+ int rc = RTLdrLoadEx(VBOX_PULSE_LIB, &hMod, RTLDRLOAD_FLAGS_NO_UNLOAD, nullptr);
if (RT_SUCCESS(rc))
{
for (unsigned i = 0; i < RT_ELEMENTS(g_aImportedFunctions); i++)

72
pkgs/applications/virtualization/virtualbox/fix-sdl.patch Normal file
View File

@@ -0,0 +1,72 @@
diff --git a/configure b/configure
index 5edefba..a17e8c5 100755
--- a/configure
+++ b/configure
@@ -1184,10 +1184,10 @@ check_sdl()
fail
fi
else
- if which_wrapper sdl-config > /dev/null; then
- FLGSDL=`sdl-config --cflags`
+ if which_wrapper sdl2-config > /dev/null; then
+ FLGSDL=`sdl2-config --cflags`
INCSDL=`strip_I "$FLGSDL"`
- LIBSDL=`sdl-config --libs`
+ LIBSDL=`sdl2-config --libs`
LIBSDLMAIN="-lSDLmain"
FLDSDL=
foundsdl=1
diff --git a/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp b/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp
index 16dc282..4889865 100644
--- a/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp
+++ b/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp
@@ -56,7 +56,7 @@ using namespace com;
# pragma warning(push)
# pragma warning(disable: 4121) /* warning C4121: 'SDL_SysWMmsg' : alignment of a member was sensitive to packing*/
# endif
-# include <SDL_syswm.h> /* for SDL_GetWMInfo() */
+# include <SDL2/SDL_syswm.h> /* for SDL_GetWMInfo() */
# ifdef _MSC_VER
# pragma warning(pop)
# endif
diff --git a/src/VBox/Frontends/VBoxSDL/Makefile.kmk b/src/VBox/Frontends/VBoxSDL/Makefile.kmk
index da43153..2aa8cd7 100644
--- a/src/VBox/Frontends/VBoxSDL/Makefile.kmk
+++ b/src/VBox/Frontends/VBoxSDL/Makefile.kmk
@@ -79,10 +79,6 @@ if !defined(VBOX_WITH_HARDENING) || "$(KBUILD_TARGET)" != "darwin" # No hardened
VBoxSDL_INCS += \
$(VBOX_XCURSOR_INCS)
endif
- ifn1of ($(KBUILD_TARGET), solaris) # Probably wrong with SDL2
- VBoxSDL_LIBS = \
- $(LIB_SDK_LIBSDL2_SDLMAIN)
- endif
if1of ($(KBUILD_TARGET), freebsd linux netbsd openbsd solaris) # X11
VBoxSDL_LIBS += \
$(PATH_STAGE_DLL)/VBoxKeyboard$(VBOX_SUFF_DLL) \
diff --git a/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp b/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp
index 065c391..22788e1 100644
--- a/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp
+++ b/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp
@@ -64,7 +64,7 @@ using namespace com;
# pragma warning(disable: 4121) /* warning C4121: 'SDL_SysWMmsg' : alignment of a member was sensitive to packing*/
#endif
#ifndef RT_OS_DARWIN
-# include <SDL_syswm.h> /* for SDL_GetWMInfo() */
+# include <SDL2/SDL_syswm.h> /* for SDL_GetWMInfo() */
#endif
#ifdef _MSC_VER
# pragma warning(pop)
diff --git a/src/VBox/Frontends/VBoxSDL/VBoxSDL.h b/src/VBox/Frontends/VBoxSDL/VBoxSDL.h
index dde548f..8fc9fb3 100644
--- a/src/VBox/Frontends/VBoxSDL/VBoxSDL.h
+++ b/src/VBox/Frontends/VBoxSDL/VBoxSDL.h
@@ -45,7 +45,7 @@
# pragma warning(disable: 4121) /* warning C4121: 'SDL_SysWMmsg' : alignment of a member was sensitive to packing*/
# pragma warning(disable: 4668) /* warning C4668: '__GNUC__' is not defined as a preprocessor macro, replacing with '0' for '#if/#elif' */
#endif
-#include <SDL.h>
+#include <SDL2/SDL.h>
#ifdef _MSC_VER
# pragma warning(pop)
#endif

25
pkgs/applications/virtualization/virtualbox/guest-additions-iso/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
fetchurl,
lib,
virtualboxVersion,
}:
fetchurl {
url = "http://download.virtualbox.org/virtualbox/${virtualboxVersion}/VBoxGuestAdditions_${virtualboxVersion}.iso";
sha256 = "43f7a1045cad0aab40e3af906fea37244ba6873b91b4e227245a14e51b399abd";
meta = {
description = "Guest additions ISO for VirtualBox";
longDescription = ''
ISO containing various add-ons which improves guests inside VirtualBox.
'';
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
license = lib.licenses.gpl2;
maintainers = [
lib.maintainers.sander
lib.maintainers.friedrichaltheide
];
platforms = [
"i686-linux"
"x86_64-linux"
];
};
}

173
pkgs/applications/virtualization/virtualbox/guest-additions/builder.nix Normal file
View File

@@ -0,0 +1,173 @@
{
stdenv,
kernel,
fetchurl,
lib,
pam,
libxslt,
libXext,
libXcursor,
libXmu,
glib,
libXrandr,
dbus,
xz,
pkg-config,
which,
xorg,
yasm,
patchelf,
makeself,
linuxHeaders,
openssl,
virtualboxVersion,
virtualboxSubVersion,
virtualboxSha256,
platform,
}:
let
buildType = "release";
in
stdenv.mkDerivation (finalAttrs: {
pname = "VirtualBox-GuestAdditions-builder-${kernel.version}";
version = "${virtualboxVersion}${virtualboxSubVersion}";
inherit virtualboxVersion virtualboxSubVersion;
src = fetchurl {
url = "https://download.virtualbox.org/virtualbox/${finalAttrs.virtualboxVersion}/VirtualBox-${finalAttrs.virtualboxVersion}${finalAttrs.virtualboxSubVersion}.tar.bz2";
sha256 = virtualboxSha256;
};
env.NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration";
nativeBuildInputs = [
patchelf
pkg-config
which
yasm
makeself
xorg.xorgserver
openssl
linuxHeaders
xz
]
++ kernel.moduleBuildDependencies;
buildInputs = [
dbus
libxslt
libXext
libXcursor
pam
libXmu
libXrandr
];
KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include";
prePatch = ''
rm -r src/VBox/Additions/x11/x11include/
rm -r src/VBox/Additions/3D/mesa/mesa-*/
rm -r src/libs/openssl-*/
rm -r src/libs/curl-*/
rm -r src/libs/libpng-*/
rm -r src/libs/libxml2-*/
rm -r src/libs/liblzma-*/
rm -r src/libs/zlib*/
'';
postPatch = ''
set -x
sed -e 's@MKISOFS --version@MKISOFS -version@' \
-e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++17 \1"@' \
-i configure
ls kBuild/bin/linux.${platform}/k* tools/linux.${platform}/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker}
substituteInPlace ./include/VBox/dbus-calls.h --replace-fail libdbus-1.so.3 ${dbus.lib}/lib/libdbus-1.so.3
substituteInPlace ./src/VBox/Additions/common/VBoxGuest/lib/VBoxGuestR3LibDrmClient.cpp --replace-fail /usr/bin/VBoxDRMClient /run/current-system/sw/bin/VBoxDRMClient
substituteInPlace ./src/VBox/Additions/common/VBoxGuest/lib/VBoxGuestR3LibDrmClient.cpp --replace-fail /usr/bin/VBoxClient /run/current-system/sw/bin/VBoxClient
substituteInPlace ./src/VBox/Additions/x11/VBoxClient/display.cpp --replace-fail /usr/X11/bin/xrandr ${xorg.xrandr}/bin/xrandr
substituteInPlace ./src/VBox/Additions/x11/vboxvideo/Makefile.kmk --replace-fail /usr/include/xorg "${xorg.xorgserver.dev}/include/xorg "
'';
configurePhase = ''
NIX_CFLAGS_COMPILE=$(echo "$NIX_CFLAGS_COMPILE" | sed 's,\-isystem ${lib.getDev stdenv.cc.libc}/include,,g')
cat >> LocalConfig.kmk <<LOCAL_CONFIG
VBOX_WITH_TESTCASES :=
VBOX_WITH_TESTSUITE :=
VBOX_WITH_VALIDATIONKIT :=
VBOX_WITH_DOCS :=
VBOX_WITH_WARNINGS_AS_ERRORS :=
VBOX_WITH_ORIGIN :=
VBOX_PATH_APP_PRIVATE_ARCH_TOP := $out/share/virtualbox
VBOX_PATH_APP_PRIVATE_ARCH := $out/libexec/virtualbox
VBOX_PATH_SHARED_LIBS := $out/libexec/virtualbox
VBOX_WITH_RUNPATH := $out/libexec/virtualbox
VBOX_PATH_APP_PRIVATE := $out/share/virtualbox
VBOX_PATH_APP_DOCS := $out/doc
VBOX_USE_SYSTEM_XORG_HEADERS := 1
VBOX_USE_SYSTEM_GL_HEADERS := 1
VBOX_NO_LEGACY_XORG_X11 := 1
SDK_VBoxLibPng_INCS :=
SDK_VBoxLibXml2_INCS :=
SDK_VBoxLibLzma_INCS := ${xz.dev}/include
SDK_VBoxLibLzma_LIBS := ${xz.out}/lib
SDK_VBoxOpenSslStatic_INCS := ${openssl.dev}/include/ssl
VBOX_ONLY_ADDITIONS := 1
VBOX_WITH_SHARED_CLIPBOARD := 1
VBOX_WITH_GUEST_PROPS := 1
VBOX_WITH_VMSVGA := 1
VBOX_WITH_SHARED_FOLDERS := 1
VBOX_WITH_GUEST_CONTROL := 1
VBOX_WITHOUT_LINUX_GUEST_PACKAGE := 1
VBOX_WITH_PAM :=
VBOX_WITH_UPDATE_AGENT :=
VBOX_WITH_AUDIO_ALSA :=
VBOX_WITH_AUDIO_PULSE :=
VBOX_BUILD_PUBLISHER := _NixOS
LOCAL_CONFIG
./configure \
--only-additions \
--with-linux=${kernel.dev} \
--disable-kmods
sed -e 's@PKG_CONFIG_PATH=.*@PKG_CONFIG_PATH=${glib.dev}/lib/pkgconfig @' \
-i AutoConfig.kmk
sed -e 's@arch/x86/@@' \
-i Config.kmk
export USER=nix
set +x
'';
enableParallelBuilding = true;
buildPhase = ''
runHook preBuild
source env.sh
VBOX_ONLY_ADDITIONS=1 VBOX_ONLY_BUILD=1 kmk -j $NIX_BUILD_CORES BUILD_TYPE="${buildType}"
VBOX_ONLY_ADDITIONS=1 VBOX_ONLY_BUILD=1 kmk packing
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out
cp -rv ./out/linux.${platform}/${buildType}/bin/additions/VBoxGuestAdditions-${platform}.tar.bz2 $out/
runHook postInstall
'';
})

177
pkgs/applications/virtualization/virtualbox/guest-additions/default.nix Normal file
View File

@@ -0,0 +1,177 @@
{
stdenv,
kernel,
callPackage,
lib,
dbus,
xorg,
zlib,
patchelf,
makeWrapper,
wayland,
libX11,
}:
let
virtualboxVersion = "7.2.0";
virtualboxSubVersion = "";
virtualboxSha256 = "4f2804ff27848ea772aee6b637bb1e10ee74ec2da117c257413e2d2c4f670ba0";
platform =
if stdenv.hostPlatform.isAarch64 then
"arm64"
else if stdenv.hostPlatform.is32bit then
"x86"
else
"amd64";
virtualBoxNixGuestAdditionsBuilder = callPackage ./builder.nix {
inherit
virtualboxVersion
virtualboxSubVersion
virtualboxSha256
platform
;
};
# Specifies how to patch binaries to make sure that libraries loaded using
# dlopen are found. We grep binaries for specific library names and patch
# RUNPATH in matching binaries to contain the needed library paths.
dlopenLibs = [
{
name = "libdbus-1.so";
pkg = dbus;
}
{
name = "libXfixes.so";
pkg = xorg.libXfixes;
}
{
name = "libXrandr.so";
pkg = xorg.libXrandr;
}
{
name = "libwayland-client.so";
pkg = wayland;
}
{
name = "libX11.so";
pkg = libX11;
}
{
name = "libXt.so";
pkg = xorg.libXt;
}
];
in
stdenv.mkDerivation {
pname = "VirtualBox-GuestAdditions";
version = "${virtualboxVersion}${virtualboxSubVersion}-${kernel.version}";
src = "${virtualBoxNixGuestAdditionsBuilder}/VBoxGuestAdditions-${platform}.tar.bz2";
sourceRoot = ".";
KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include";
hardeningDisable = [ "pic" ];
env.NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration";
nativeBuildInputs = [
patchelf
makeWrapper
virtualBoxNixGuestAdditionsBuilder
]
++ kernel.moduleBuildDependencies;
buildPhase = ''
runHook preBuild
# Build kernel modules.
cd src/vboxguest-${virtualboxVersion}_NixOS
# Run just make first. If we only did make install, we get symbol warnings during build.
make
cd ../..
# Change the interpreter for various binaries
for i in sbin/VBoxService bin/{VBoxClient,VBoxControl,VBoxDRMClient} other/mount.vboxsf; do
patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} $i
patchelf --set-rpath ${
lib.makeLibraryPath [
stdenv.cc.cc
stdenv.cc.libc
zlib
xorg.libX11
xorg.libXt
xorg.libXext
xorg.libXmu
xorg.libXfixes
xorg.libXcursor
]
} $i
done
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
# Install kernel modules.
cd src/vboxguest-${virtualboxVersion}_NixOS
make install INSTALL_MOD_PATH=$out KBUILD_EXTRA_SYMBOLS=$PWD/vboxsf/Module.symvers
cd ../..
# Install binaries
install -D -m 755 other/mount.vboxsf $out/bin/mount.vboxsf
install -D -m 755 sbin/VBoxService $out/bin/VBoxService
install -m 755 bin/VBoxClient $out/bin
install -m 755 bin/VBoxControl $out/bin
install -m 755 bin/VBoxDRMClient $out/bin
# Don't install VBoxOGL for now
# It seems to be broken upstream too, and fixing it is far down the priority list:
# https://www.virtualbox.org/pipermail/vbox-dev/2017-June/014561.html
# Additionally, 3d support seems to rely on VBoxOGL.so being symlinked from
# libGL.so (which we can't), and Oracle doesn't plan on supporting libglvnd
# either. (#18457)
runHook postInstall
'';
# Stripping breaks these binaries for some reason.
dontStrip = true;
# Patch RUNPATH according to dlopenLibs (see the comment there).
postFixup = lib.concatMapStrings (library: ''
for i in $(grep -F ${lib.escapeShellArg library.name} -l -r $out/{lib,bin}); do
origRpath=$(patchelf --print-rpath "$i")
patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ library.pkg ]}" "$i"
done
'') dlopenLibs;
meta = {
description = "Guest additions for VirtualBox";
longDescription = ''
Various add-ons which makes NixOS work better as guest OS inside VirtualBox.
This add-on provides support for dynamic resizing of the virtual display, shared
host/guest clipboard support.
'';
sourceProvenance = with lib.sourceTypes; [ fromSource ];
license = lib.licenses.gpl3Only;
maintainers = [
lib.maintainers.sander
lib.maintainers.friedrichaltheide
];
platforms = [
"i686-linux"
"x86_64-linux"
"aarch64-linux"
];
broken = stdenv.hostPlatform.is32bit && (kernel.kernelAtLeast "5.10");
};
}

181
pkgs/applications/virtualization/virtualbox/hardened.patch Normal file
View File

@@ -0,0 +1,181 @@
diff --git a/include/iprt/mangling.h b/include/iprt/mangling.h
index 991dd9e..defc781 100644
--- a/include/iprt/mangling.h
+++ b/include/iprt/mangling.h
@@ -1802,6 +1802,7 @@
# define RTPathStripSuffix RT_MANGLER(RTPathStripSuffix)
# define RTPathStripFilename RT_MANGLER(RTPathStripFilename)
# define RTPathStripTrailingSlash RT_MANGLER(RTPathStripTrailingSlash)
+# define RTPathSuidDir RT_MANGLER(RTPathSuidDir)
# define RTPathTemp RT_MANGLER(RTPathTemp)
# define RTPathTraverseList RT_MANGLER(RTPathTraverseList)
# define RTPathUnlink RT_MANGLER(RTPathUnlink)
@@ -1842,6 +1843,7 @@
# define RTProcGetAffinityMask RT_MANGLER(RTProcGetAffinityMask)
# define RTProcGetExecutablePath RT_MANGLER(RTProcGetExecutablePath)
# define RTProcGetPriority RT_MANGLER(RTProcGetPriority)
+# define RTProcGetSuidPath RT_MANGLER(RTProcGetSuidPath)
# define RTProcIsRunningByName RT_MANGLER(RTProcIsRunningByName)
# define RTProcQueryParent RT_MANGLER(RTProcQueryParent)
# define RTProcQueryUsername RT_MANGLER(RTProcQueryUsername)
diff --git a/include/iprt/path.h b/include/iprt/path.h
index 89bf8f6..5caa578 100644
--- a/include/iprt/path.h
+++ b/include/iprt/path.h
@@ -1235,6 +1235,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, const char *p
*/
RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath);
+/**
+ * Gets the path to the NixOS setuid wrappers directory.
+ *
+ * @returns iprt status code.
+ * @param pszPath Buffer where to store the path.
+ * @param cchPath Buffer size in bytes.
+ */
+RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath);
+
/**
* Gets the user home directory.
*
diff --git a/include/iprt/process.h b/include/iprt/process.h
index 4ca981e..058ae7a 100644
--- a/include/iprt/process.h
+++ b/include/iprt/process.h
@@ -384,6 +384,16 @@ RTR3DECL(const char *) RTProcExecutablePath(void);
*/
RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath);
+/**
+ * Gets the path to the NixOS setuid wrappers directory.
+ *
+ * @returns pszExecPath on success. NULL on buffer overflow or other errors.
+ *
+ * @param pszExecPath Where to store the path.
+ * @param cbExecPath The size of the buffer.
+ */
+RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath);
+
/**
* Daemonize the current process, making it a background process.
*
diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
index e78a397..ff5b541 100644
--- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
+++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
@@ -1541,9 +1541,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo
bool fBad = !fRelaxed || pFsObjState->Stat.st_gid != 2 /*bin*/ || suplibHardenedStrCmp(pszPath, "/usr/lib/iconv");
# else
NOREF(fRelaxed);
- bool fBad = true;
+ bool fBad = !(fDir && pFsObjState->Stat.st_mode & S_ISVTX && !suplibHardenedStrCmp(pszPath, "/nix/store"));
# endif
- if (fBad)
+ if (fBad && suplibHardenedStrCmp(pszPath, "/nix/store"))
return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo,
"An unknown (and thus untrusted) group has write access to '", pszPath,
"' and we therefore cannot trust the directory content or that of any subdirectory");
diff --git a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp
index 01d7a9f..e52a291 100644
--- a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp
+++ b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp
@@ -100,7 +100,7 @@ int MachineLaunchVMCommonWorker(const Utf8Str &aNameOrId,
/* Get the path to the executable directory w/ trailing slash: */
char szPath[RTPATH_MAX];
- int vrc = RTPathAppPrivateArch(szPath, sizeof(szPath));
+ int vrc = RTStrCopy(szPath, sizeof(szPath) - 1, "/run/wrappers/bin");
AssertRCReturn(vrc, vrc);
size_t cbBufLeft = RTPathEnsureTrailingSeparator(szPath, sizeof(szPath));
AssertReturn(cbBufLeft > 0, VERR_FILENAME_TOO_LONG);
diff --git a/src/VBox/Main/src-server/NetworkServiceRunner.cpp b/src/VBox/Main/src-server/NetworkServiceRunner.cpp
index 773d27f..874ec2d 100644
--- a/src/VBox/Main/src-server/NetworkServiceRunner.cpp
+++ b/src/VBox/Main/src-server/NetworkServiceRunner.cpp
@@ -198,7 +198,7 @@ int NetworkServiceRunner::start(bool aKillProcessOnStop)
* ASSUME it is relative to the directory that holds VBoxSVC.
*/
char szExePath[RTPATH_MAX];
- AssertReturn(RTProcGetExecutablePath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG);
+ AssertReturn(RTProcGetSuidPath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG);
RTPathStripFilename(szExePath);
int vrc = RTPathAppend(szExePath, sizeof(szExePath), m->pszProcName);
AssertLogRelRCReturn(vrc, vrc);
diff --git a/src/VBox/Main/src-server/generic/NetIf-generic.cpp b/src/VBox/Main/src-server/generic/NetIf-generic.cpp
index 1e2eb61..893344c 100644
--- a/src/VBox/Main/src-server/generic/NetIf-generic.cpp
+++ b/src/VBox/Main/src-server/generic/NetIf-generic.cpp
@@ -62,7 +62,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char
const char *args[] = { NULL, pcszIfName, pszAddr, pszOption, pszMask, NULL };
char szAdpCtl[RTPATH_MAX];
- int vrc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME));
+ int vrc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME));
if (RT_FAILURE(vrc))
{
LogRel(("NetIfAdpCtl: failed to get program path, vrc=%Rrc.\n", vrc));
@@ -109,7 +109,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch
int NetIfAdpCtlOut(const char * pcszName, const char * pcszCmd, char *pszBuffer, size_t cBufSize)
{
char szAdpCtl[RTPATH_MAX];
- int vrc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd));
+ int vrc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd));
if (RT_FAILURE(vrc))
{
LogRel(("NetIfAdpCtlOut: Failed to get program path, vrc=%Rrc\n", vrc));
@@ -224,7 +224,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox,
progress.queryInterfaceTo(aProgress);
char szAdpCtl[RTPATH_MAX];
- vrc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add"));
+ vrc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add"));
if (RT_FAILURE(vrc))
{
progress->i_notifyComplete(E_FAIL,
diff --git a/src/VBox/Runtime/r3/path.cpp b/src/VBox/Runtime/r3/path.cpp
index bcd8deb..46ecd1e 100644
--- a/src/VBox/Runtime/r3/path.cpp
+++ b/src/VBox/Runtime/r3/path.cpp
@@ -91,6 +91,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath)
}
+RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath)
+{
+ return RTStrCopy(pszPath, cchPath, "/run/wrappers/bin");
+}
+
+
RTDECL(int) RTPathAppPrivateNoArch(char *pszPath, size_t cchPath)
{
#if !defined(RT_OS_WINDOWS) && defined(RTPATH_APP_PRIVATE)
diff --git a/src/VBox/Runtime/r3/process.cpp b/src/VBox/Runtime/r3/process.cpp
index f9d1ecf..042e599 100644
--- a/src/VBox/Runtime/r3/process.cpp
+++ b/src/VBox/Runtime/r3/process.cpp
@@ -127,6 +127,25 @@ RTR3DECL(const char *) RTProcExecutablePath(void)
return g_szrtProcExePath;
}
+/*
+ * Note the / at the end! This is important, because the functions using this
+ * will cut off everything after the rightmost / as this function is analogous
+ * to RTProcGetExecutablePath().
+ */
+#define SUIDDIR "/run/wrappers/bin/"
+
+RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath)
+{
+ if (cbExecPath >= sizeof(SUIDDIR))
+ {
+ memcpy(pszExecPath, SUIDDIR, sizeof(SUIDDIR));
+ pszExecPath[sizeof(SUIDDIR)] = '\0';
+ return pszExecPath;
+ }
+
+ AssertMsgFailed(("Buffer too small (%zu <= %zu)\n", cbExecPath, sizeof(SUIDDIR)));
+ return NULL;
+}
RTR3DECL(const char *) RTProcShortName(void)
{

26
pkgs/applications/virtualization/virtualbox/qt-dependency-paths.patch Normal file
View File

@@ -0,0 +1,26 @@
diff --git a/kBuild/units/qt6.kmk b/kBuild/units/qt6.kmk
index 28d61005..d65205cf 100644
--- a/kBuild/units/qt6.kmk
+++ b/kBuild/units/qt6.kmk
@@ -1131,9 +1131,14 @@ else
ifeq ($(bld_trg),win)
$(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT6_LIB)/$(qt_prefix)Qt6$(module)$(qt_infix)$(SUFF_LIB)) )
else
- $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT6_LIB)/lib$(qt_prefix)Qt6$(module)$(qt_infix)$(SUFF_DLL)) )
+ $(eval $(target)_LIBS += $(foreach module,$(qt_modules), \
+ $(if $(filter Help,$(module)),$(PATH_QT6_TOOLS_LIB), \
+ $(if $(filter StateMachine,$(module)),$(PATH_QT6_SCXML_LIB), \
+ $(PATH_SDK_QT6_LIB)))/lib$(qt_prefix)Qt6$(module)$(qt_infix)$(SUFF_DLL)) \
+ )
endif
- $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT6_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT6_INC) )
+ $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT6_INC)/Qt,$(qt_modules)) \
+ $(PATH_SDK_QT6_INC) $(PATH_QT6_TOOLS_INC) $(PATH_QT6_SCXML_INC)/QtStateMachine )
endif
$(eval $(target)_DEFS += $(foreach module,$(toupper $(qt_modules)), QT_$(module)_LIB) )
@@ -1238,4 +1243,3 @@ unit-qt6-show-vars:
@$(ECHO) ' TOOL_QT6_RCC = "$(TOOL_QT6_RCC)"'
@$(ECHO) ' TOOL_QT6_LRC = "$(TOOL_QT6_LRC)"'
@$(ECHO) ' TOOL_QT6_LUPDATE = "$(TOOL_QT6_LUPDATE)"'
-

14
pkgs/applications/virtualization/virtualbox/qt-env-vars.patch Normal file
View File

@@ -0,0 +1,14 @@
--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
+++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp)
/** @todo Call NT API to do the same. */
#endif
}
+
+ /*
+ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins.
+ */
+ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1);
}

55
pkgs/applications/virtualization/virtualbox/update.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl common-updater-scripts nix-prefetch-scripts jq
set -xeuo pipefail
nixpkgs="$(git rev-parse --show-toplevel)"
attr=virtualbox
oldVersion="$(nix-instantiate --eval -E "with import $nixpkgs {}; $attr.version or (builtins.parseDrvName $attr.name).version" | tr -d '"')"
latestVersion="$(curl -sS https://download.virtualbox.org/virtualbox/LATEST.TXT)"
function fileShaSum() {
echo "$1" | grep -w "$2" | cut -f1 -d' '
}
function oldHash() {
nix-instantiate --eval --strict -A "$1.drvAttrs.outputHash" | tr -d '"'
}
function nixFile() {
nix-instantiate --eval --strict -A "${1}.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/'
}
if [ ! "$oldVersion" = "$latestVersion" ]; then
shaSums=$(curl -sS "https://download.virtualbox.org/virtualbox/$latestVersion/SHA256SUMS")
virtualBoxShaSum=$(fileShaSum "$shaSums" "VirtualBox-$latestVersion.tar.bz2")
extpackShaSum=$(fileShaSum "$shaSums" "Oracle_VirtualBox_Extension_Pack-$latestVersion.vbox-extpack")
guestAdditionsIsoShaSum=$(fileShaSum "$shaSums" "*VBoxGuestAdditions_$latestVersion.iso")
virtualboxNixFile=$(nixFile ${attr})
extpackNixFile=$(nixFile ${attr}Extpack)
guestAdditionsIsoNixFile="pkgs/applications/virtualization/virtualbox/guest-additions-iso/default.nix"
virtualboxGuestAdditionsNixFile="pkgs/applications/virtualization/virtualbox/guest-additions/default.nix"
virtualBoxOldShaSum=$(oldHash ${attr}Extpack)
extpackOldShaSum=$(oldHash ${attr}Extpack)
sed -e "s/virtualboxVersion = \".*\";/virtualboxVersion = \"$latestVersion\";/g" \
-e "s/virtualboxSubVersion = \".*\";/virtualboxSubVersion = \"\";/g" \
-e "s/virtualboxSha256 = \".*\";/virtualboxSha256 = \"$virtualBoxShaSum\";/g" \
-i "$virtualboxNixFile"
sed -e 's|value = "'$extpackOldShaSum'"|value = "'$extpackShaSum'"|' \
-e "s/virtualboxExtPackVersion = \".*\";/virtualboxExtPackVersion = \"$latestVersion\";/g" \
-i $extpackNixFile
sed -e "s/sha256 = \".*\";/sha256 = \"$guestAdditionsIsoShaSum\";/g" \
-i "$guestAdditionsIsoNixFile"
sed -e "s/virtualboxVersion = \".*\";/virtualboxVersion = \"$latestVersion\";/g" \
-e "s/virtualboxSubVersion = \".*\";/virtualboxSubVersion = \"\";/g" \
-e "s/virtualboxSha256 = \".*\";/virtualboxSha256 = \"$virtualBoxShaSum\";/g" \
-i "$virtualboxGuestAdditionsNixFile"
git add "$virtualboxNixFile" "$extpackNixFile" "$guestAdditionsIsoNixFile" "$virtualboxGuestAdditionsNixFile"
git commit -m "$attr: ${oldVersion} -> ${latestVersion}"
else
echo "$attr is already up-to-date"
fi