diff options
author | Alyssa Ross <alyssa.ross@unikie.com> | 2022-09-30 21:09:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-11-18 17:46:29 +0000 |
commit | fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb (patch) | |
tree | 046130507f199a64527fcd3c9ebe6481b825a266 /pkgs/applications/virtualization/crosvm/default.nix | |
parent | fcdbfc3d119f67ffb44f2782a38386b969f9505f (diff) | |
download | nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.tar nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.tar.gz nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.tar.bz2 nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.tar.lz nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.tar.xz nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.tar.zst nixlib-fb60a5c9473b0796738aa1b1443b8ee5e5ecd1cb.zip |
crosvm: 104.0 -> 107.1
crosvm now includes a Cargo.lock again, so we don't need to vendor it into Nixpkgs. Its build system now compiles the seccomp policies into the binary, so we don't need to build and install those ourselves any more.
Diffstat (limited to 'pkgs/applications/virtualization/crosvm/default.nix')
-rw-r--r-- | pkgs/applications/virtualization/crosvm/default.nix | 54 |
1 files changed, 25 insertions, 29 deletions
diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix index ae216001c5e2..11d8f2223656 100644 --- a/pkgs/applications/virtualization/crosvm/default.nix +++ b/pkgs/applications/virtualization/crosvm/default.nix @@ -1,60 +1,56 @@ -{ stdenv, lib, rustPlatform, fetchgit -, minijail-tools, pkg-config, protobuf, wayland-scanner +{ stdenv, lib, rust, rustPlatform, fetchgit, fetchpatch +, clang, pkg-config, protobuf, python3, wayland-scanner , libcap, libdrm, libepoxy, minijail, virglrenderer, wayland, wayland-protocols }: rustPlatform.buildRustPackage rec { pname = "crosvm"; - version = "104.0"; + version = "107.1"; src = fetchgit { url = "https://chromium.googlesource.com/chromiumos/platform/crosvm"; - rev = "265aab613b1eb31598ea0826f04810d9f010a2c6"; - sha256 = "OzbtPHs6BWK83RZ/6eCQHA61X6SY8FoBkaN70a37pvc="; + rev = "5a49a836e63aa6e9ae38b80daa09a013a57bfb7f"; + sha256 = "F+5i3R7Tbd9xF63Olnyavzg/hD+8HId1duWm8bvAmLA="; fetchSubmodules = true; }; separateDebugInfo = true; patches = [ - ./default-seccomp-policy-dir.diff + # Backport seccomp sandbox update for recent Glibc. + # fetchpatch is not currently gerrit/gitiles-compatible, so we + # have to use the mirror. + # https://github.com/NixOS/nixpkgs/pull/133604 + (fetchpatch { + url = "https://github.com/google/crosvm/commit/aae01416807e7c15270b3d44162610bcd73952ff.patch"; + sha256 = "nQuOMOwBu8QvfwDSuTz64SQhr2dF9qXt2NarbIU55tU="; + }) ]; - cargoLock.lockFile = ./Cargo.lock; + cargoSha256 = "1jg9x5adz1lbqdwnzld4xg4igzmh90nd9xm287cgkvh5fbmsjfjv"; - nativeBuildInputs = [ minijail-tools pkg-config protobuf wayland-scanner ]; + nativeBuildInputs = [ clang pkg-config protobuf python3 wayland-scanner ]; buildInputs = [ libcap libdrm libepoxy minijail virglrenderer wayland wayland-protocols ]; - arch = stdenv.hostPlatform.parsed.cpu.name; - - postPatch = '' - cp ${cargoLock.lockFile} Cargo.lock - sed -i "s|/usr/share/policy/crosvm/|$PWD/seccomp/$arch/|g" \ - seccomp/$arch/*.policy + preConfigure = '' + patchShebangs third_party/minijail/tools/*.py + substituteInPlace build.rs --replace '"clang"' '"${stdenv.cc.targetPrefix}clang"' ''; - preBuild = '' - export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy - - for policy in seccomp/$arch/*.policy; do - compile_seccomp_policy \ - --default-action trap $policy ''${policy%.policy}.bpf - done + "CARGO_TARGET_${lib.toUpper (builtins.replaceStrings ["-"] ["_"] (rust.toRustTarget stdenv.hostPlatform))}_LINKER" = + "${stdenv.cc.targetPrefix}cc"; - substituteInPlace seccomp/$arch/*.policy \ - --replace "@include $(pwd)/seccomp/$arch/" "@include $out/share/policy/" - ''; + # crosvm mistakenly expects the stable protocols to be in the root + # of the pkgdatadir path, rather than under the "stable" + # subdirectory. + PKG_CONFIG_WAYLAND_PROTOCOLS_PKGDATADIR = + "${wayland-protocols}/share/wayland-protocols/stable"; buildFeatures = [ "default" "virgl_renderer" "virgl_renderer_next" ]; - postInstall = '' - mkdir -p $out/share/policy/ - cp -v seccomp/$arch/*.{policy,bpf} $out/share/policy/ - ''; - passthru.updateScript = ./update.py; meta = with lib; { |