diff options
| -rw-r--r-- | nixos/modules/virtualisation/virtualbox-host.nix | 9 | ||||
| -rw-r--r-- | pkgs/applications/virtualization/virtualbox/default.nix | 40 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/virtualbox/default.nix | 23 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 36 |
4 files changed, 59 insertions, 49 deletions
diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index ce4abecd6762..7214543871d6 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -4,10 +4,15 @@ with lib; let cfg = config.virtualisation.virtualbox.host; - virtualbox = config.boot.kernelPackages.virtualbox.override { + + virtualbox = pkgs.virtualbox.override { inherit (cfg) enableHardening headless; }; + kernelModules = config.boot.kernelPackages.virtualbox.override { + inherit virtualbox; + }; + in { @@ -60,7 +65,7 @@ in config = mkIf cfg.enable (mkMerge [{ boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ]; - boot.extraModulePackages = [ virtualbox ]; + boot.extraModulePackages = [ kernelModules ]; environment.systemPackages = [ virtualbox ]; security.setuidOwners = let diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index 3a75479b2cfd..f0f56cd17355 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -1,8 +1,8 @@ { stdenv, buildEnv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, libX11, xproto, libXext -, libXcursor, libXmu, qt5, libIDL, SDL, libcap, zlib, libpng, glib, kernel, lvm2 +, libXcursor, libXmu, qt5, libIDL, SDL, libcap, zlib, libpng, glib, lvm2 , libXrandr, libXinerama , which, alsaLib, curl, libvpx, gawk, nettools, dbus -, xorriso, makeself, perl, pkgconfig, nukeReferences +, xorriso, makeself, perl, pkgconfig , javaBindings ? false, jdk ? null , pythonBindings ? false, python ? null , enableExtensionPack ? false, requireFile ? null, patchelf ? null, fakeroot ? null @@ -18,24 +18,6 @@ let inherit (importJSON ./upstream-info.json) version extpackRev extpack main; - forEachModule = action: '' - for mod in \ - out/linux.*/${buildType}/bin/src/vboxdrv \ - out/linux.*/${buildType}/bin/src/vboxpci \ - out/linux.*/${buildType}/bin/src/vboxnetadp \ - out/linux.*/${buildType}/bin/src/vboxnetflt - do - if [ "x$(basename "$mod")" != xvboxdrv -a ! -e "$mod/Module.symvers" ] - then - cp -v out/linux.*/${buildType}/bin/src/vboxdrv/Module.symvers \ - "$mod/Module.symvers" - fi - INSTALL_MOD_PATH="$out" INSTALL_MOD_DIR=misc \ - make -j $NIX_BUILD_CORES -C "$MODULES_BUILD_DIR" DEPMOD=/do_not_use_depmod \ - "M=\$(PWD)/$mod" BUILD_TYPE="${buildType}" ${action} - done - ''; - # See https://github.com/NixOS/nixpkgs/issues/672 for details extensionPack = requireFile rec { name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${extpackRev}.vbox-extpack"; @@ -59,17 +41,19 @@ let }; in stdenv.mkDerivation { - name = "virtualbox-${version}-${kernel.version}"; + name = "virtualbox-${version}"; src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; sha256 = main; }; + outputs = [ "out" "modsrc" ]; + buildInputs = [ iasl dev86 libxslt libxml2 xproto libX11 libXext libXcursor libIDL libcap glib lvm2 python alsaLib curl libvpx pam xorriso makeself perl - pkgconfig which libXmu nukeReferences libpng ] + pkgconfig which libXmu libpng ] ++ optional javaBindings jdk ++ optional pythonBindings python ++ optional pulseSupport libpulseaudio @@ -80,14 +64,11 @@ in stdenv.mkDerivation { prePatch = '' set -x - MODULES_BUILD_DIR=`echo ${kernel.dev}/lib/modules/*/build` - sed -e 's@/lib/modules/`uname -r`/build@'$MODULES_BUILD_DIR@ \ - -e 's@MKISOFS --version@MKISOFS -version@' \ + sed -e 's@MKISOFS --version@MKISOFS -version@' \ -e 's@PYTHONDIR=.*@PYTHONDIR=${if pythonBindings then python else ""}@' \ -i configure ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux.so.2 ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux-x86-64.so.2 - find . -type f -iname '*makefile*' -exec sed -i -e 's/depmod -a/:/g' {} + sed -i -e ' s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g s@"libasound\.so\.2"@"${alsaLib.out}/lib/libasound.so.2"@g @@ -152,7 +133,6 @@ in stdenv.mkDerivation { buildPhase = '' source env.sh kmk -j $NIX_BUILD_CORES BUILD_TYPE="${buildType}" - ${forEachModule "modules"} ''; installPhase = '' @@ -164,9 +144,6 @@ in stdenv.mkDerivation { find out/linux.*/${buildType}/bin -mindepth 1 -maxdepth 1 \ -name src -o -exec cp -avt "$libexec" {} + - # Install kernel modules - ${forEachModule "modules_install"} - # Create wrapper script mkdir -p $out/bin for file in VirtualBox VBoxManage VBoxSDL VBoxBalloonCtrl VBoxBFE VBoxHeadless; do @@ -198,8 +175,7 @@ in stdenv.mkDerivation { done ''} - # Get rid of a reference to linux.dev. - nuke-refs $out/lib/modules/*/misc/*.ko + cp -rv out/linux.*/${buildType}/bin/src "$modsrc" ''; passthru = { inherit version; /* for guest additions */ }; diff --git a/pkgs/os-specific/linux/virtualbox/default.nix b/pkgs/os-specific/linux/virtualbox/default.nix new file mode 100644 index 000000000000..593c4400b7f4 --- /dev/null +++ b/pkgs/os-specific/linux/virtualbox/default.nix @@ -0,0 +1,23 @@ +{ stdenv, virtualbox, kernel, strace }: + +stdenv.mkDerivation { + name = "virtualbox-modules-${virtualbox.version}-${kernel.version}"; + src = virtualbox.modsrc; + hardeningDisable = [ + "fortify" "pic" "stackprotector" + ]; + + makeFlags = [ + "-C ${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + "INSTALL_MOD_PATH=$(out)" + ]; + preBuild = "makeFlagsArray+=(\"M=$(pwd)\")"; + buildFlags = [ "modules" ]; + installTargets = [ "modules_install" ]; + + enableParallelBuilding = true; + + meta = virtualbox.meta // { + description = virtualbox.meta.description + " (kernel modules)"; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 146e260f4237..ff8f3dfca6c7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11399,23 +11399,13 @@ in vhba = callPackage ../misc/emulators/cdemu/vhba.nix { }; - virtualbox = callPackage ../applications/virtualization/virtualbox { - stdenv = stdenv_32bit; - inherit (gnome) libIDL; - enableExtensionPack = config.virtualbox.enableExtensionPack or false; - pulseSupport = config.pulseaudio or false; + virtualbox = callPackage ../os-specific/linux/virtualbox { + virtualbox = pkgs.virtualboxHardened; }; - virtualboxHardened = lowPrio (virtualbox.override { - enableHardening = true; - }); - - virtualboxHeadless = lowPrio (virtualbox.override { - enableHardening = true; - headless = true; - }); - - virtualboxGuestAdditions = callPackage ../applications/virtualization/virtualbox/guest-additions { }; + virtualboxGuestAdditions = callPackage ../applications/virtualization/virtualbox/guest-additions { + virtualbox = pkgs.virtualboxHardened; + }; wireguard = callPackage ../os-specific/linux/wireguard { }; @@ -15224,6 +15214,22 @@ in virtinst = callPackage ../applications/virtualization/virtinst {}; + virtualbox = callPackage ../applications/virtualization/virtualbox { + stdenv = stdenv_32bit; + inherit (gnome) libIDL; + enableExtensionPack = config.virtualbox.enableExtensionPack or false; + pulseSupport = config.pulseaudio or false; + }; + + virtualboxHardened = lowPrio (virtualbox.override { + enableHardening = true; + }); + + virtualboxHeadless = lowPrio (virtualbox.override { + enableHardening = true; + headless = true; + }); + virtualglLib = callPackage ../tools/X11/virtualgl/lib.nix { fltk = fltk13; }; |