diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/virtualization')
13 files changed, 156 insertions, 116 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/conmon/default.nix b/nixpkgs/pkgs/applications/virtualization/conmon/default.nix index bfe9f1d34865..36e52ff1e465 100644 --- a/nixpkgs/pkgs/applications/virtualization/conmon/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/conmon/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "conmon"; - version = "2.0.15"; + version = "2.0.16"; src = fetchFromGitHub { owner = "containers"; repo = pname; rev = "v${version}"; - sha256 = "1fshcmnfqzbagzcrh5nxw7pi0dd60xpq47a2lzfghklqhl1h0b5i"; + sha256 = "0z0hds95mjxm703ig2aisghvpd2l3wn6m72jnnlv8jnz2iq2nc4g"; }; nativeBuildInputs = [ pkg-config ]; diff --git a/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix b/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix index 4c3d9ffc937c..3796b8857b7f 100644 --- a/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix @@ -1,26 +1,20 @@ -{ flavor ? "" -, stdenv +{ stdenv , btrfs-progs -, buildGoPackage +, buildGoModule , fetchFromGitHub , glibc , gpgme , installShellFiles , libapparmor -, libassuan -, libgpgerror , libseccomp , libselinux , lvm2 , pkg-config }: -buildGoPackage rec { +buildGoModule rec { pname = "cri-o"; version = "1.18.0"; - name = "${pname}-${version}${flavor}"; - - goPackagePath = "github.com/cri-o/cri-o"; src = fetchFromGitHub { owner = "cri-o"; @@ -28,25 +22,22 @@ buildGoPackage rec { rev = "v${version}"; sha256 = "142flmv54pj48rjqkd26fbxrcbx2cv6pdmrc33jgyvn6r99zliah"; }; - + vendorSha256 = null; outputs = [ "out" "man" ]; - nativeBuildInputs = [ installShellFiles pkg-config ]; buildInputs = [ btrfs-progs gpgme libapparmor - libassuan - libgpgerror libseccomp libselinux lvm2 ] ++ stdenv.lib.optionals (glibc != null) [ glibc glibc.static ]; - BUILDTAGS = "apparmor seccomp selinux containers_image_ostree_stub"; + BUILDTAGS = "apparmor seccomp selinux containers_image_openpgp containers_image_ostree_stub"; buildPhase = '' - pushd go/src/${goPackagePath} + patchShebangs . sed -i '/version.buildDate/d' Makefile @@ -54,9 +45,7 @@ buildGoPackage rec { ''; installPhase = '' - install -Dm755 bin/crio $out/bin/crio${flavor} - install -Dm755 bin/crio-status $out/bin/crio-status${flavor} - install -Dm755 bin/pinns $out/bin/pinns${flavor} + install -Dm755 bin/* -t $out/bin for shell in bash fish zsh; do installShellCompletion --$shell completions/$shell/* diff --git a/nixpkgs/pkgs/applications/virtualization/firectl/default.nix b/nixpkgs/pkgs/applications/virtualization/firectl/default.nix index f91cc6d5ed3e..47ae4637b57e 100644 --- a/nixpkgs/pkgs/applications/virtualization/firectl/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/firectl/default.nix @@ -4,6 +4,8 @@ buildGoModule rec { pname = "firectl"; version = "0.1.0"; + patches = [ ./gomod.patch ]; + src = fetchFromGitHub { owner = "firecracker-microvm"; repo = pname; @@ -11,7 +13,7 @@ buildGoModule rec { sha256 = "1ni3yx4rjhrkqk2038c6hkb2jwsdj2llx233wd5wgpvb6c57652p"; }; - modSha256 = "1nqjz1afklcxc3xcpmygjdh3lfxjk6zvmghr8z8fr3nw2wvw2ddr"; + vendorSha256 = "1xbpck1gvzl75xgrajf5yzl199l4f2f6j3mac5586i7b00b9jxqj"; meta = with stdenv.lib; { description = "A command-line tool to run Firecracker microVMs"; @@ -20,4 +22,4 @@ buildGoModule rec { platforms = platforms.linux; maintainers = with maintainers; [ xrelkd ]; }; -} +} \ No newline at end of file diff --git a/nixpkgs/pkgs/applications/virtualization/firectl/gomod.patch b/nixpkgs/pkgs/applications/virtualization/firectl/gomod.patch new file mode 100644 index 000000000000..96c65e728221 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/firectl/gomod.patch @@ -0,0 +1,15 @@ +diff --git a/go.mod b/go.mod +index 1044001..7bafeda 100644 +--- a/go.mod ++++ b/go.mod +@@ -1,7 +1,10 @@ + module github.com/firecracker-microvm/firectl + ++go 1.14 ++ + require ( + github.com/firecracker-microvm/firecracker-go-sdk v0.15.1 ++ github.com/go-openapi/strfmt v0.17.1 + github.com/jessevdk/go-flags v1.4.0 + github.com/pkg/errors v0.8.0 + github.com/sirupsen/logrus v1.1.1 diff --git a/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix b/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix index 702aeaded3e9..97623511222f 100644 --- a/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix +++ b/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm"; }; - modSha256 = "1jdhgbrn59ahnabwnig99i21f6kimmqx9f3dg10ffwfs3dx0gzlg"; + vendorSha256 = "11jai5jl024k7wbhz4a3zzdbvl0si07jwgwmyr8bn4i0nqx8ig2k"; buildPhase = '' make @@ -33,4 +33,4 @@ buildGoModule rec { maintainers = with maintainers; [ andrew-d ]; platforms = [ "x86_64-linux" ]; }; -} +} \ No newline at end of file diff --git a/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix b/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix index e157ca825af0..7d62b1b9fa24 100644 --- a/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix @@ -76,7 +76,7 @@ in buildBazelPackage rec { rm -f "$bazelOut"/java.log "$bazelOut"/java.log.* ''; - sha256 = "1bn7nhv5pag8fdm8l8nvgg3fzvhpy2yv9yl2slrb16lckxzha3v6"; + sha256 = "0r11kbyp1ambgcj35gvjjmxrsrdg7b9jb9sq3kih4lik7zyljp25"; }; buildAttrs = { diff --git a/nixpkgs/pkgs/applications/virtualization/podman/default.nix b/nixpkgs/pkgs/applications/virtualization/podman/default.nix index 4a9fa0787521..e88e0a60c5ea 100644 --- a/nixpkgs/pkgs/applications/virtualization/podman/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/podman/default.nix @@ -2,37 +2,46 @@ , fetchFromGitHub , pkg-config , installShellFiles -, buildGoPackage +, buildGoModule , gpgme , lvm2 , btrfs-progs +, libapparmor , libseccomp +, libselinux , systemd , go-md2man , nixosTests }: -buildGoPackage rec { +buildGoModule rec { pname = "podman"; - version = "1.9.1"; + version = "1.9.2"; src = fetchFromGitHub { owner = "containers"; repo = "libpod"; rev = "v${version}"; - sha256 = "0dr5vd52fnjwx3zn2nj2nlvkbvh5bg579nf3qw8swrn8i1jwxd6j"; + sha256 = "0jvqzn1q52z6aka98d2i3dyn2i8xld7xvmi2zfxgm9g53wdgi2g2"; }; - goPackagePath = "github.com/containers/libpod"; + vendorSha256 = null; outputs = [ "out" "man" ]; nativeBuildInputs = [ pkg-config go-md2man installShellFiles ]; - buildInputs = stdenv.lib.optionals stdenv.isLinux [ btrfs-progs libseccomp gpgme lvm2 systemd ]; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ + btrfs-progs + gpgme + libapparmor + libseccomp + libselinux + lvm2 + systemd + ]; buildPhase = '' - pushd go/src/${goPackagePath} patchShebangs . ${if stdenv.isDarwin then "make CGO_ENABLED=0 BUILDTAGS='remoteclient containers_image_openpgp exclude_graphdriver_devicemapper' varlink_generate all" diff --git a/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix b/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix index 99233696b3ed..d7fb6fa1072f 100644 --- a/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix +++ b/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix @@ -29,7 +29,7 @@ let in runCommand podman.name { name = "${podman.pname}-wrapper-${podman.version}"; - inherit (podman) pname version; + inherit (podman) pname version passthru; meta = builtins.removeAttrs podman.meta [ "outputsToInstall" ]; diff --git a/nixpkgs/pkgs/applications/virtualization/rkt/default.nix b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix deleted file mode 100644 index f3b68e5c2276..000000000000 --- a/nixpkgs/pkgs/applications/virtualization/rkt/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ stdenv, lib, autoreconfHook, acl, go, file, git, wget, gnupg, trousers, squashfsTools, - cpio, fetchurl, fetchFromGitHub, iptables, systemd, makeWrapper, glibc }: - -let - # Always get the information from - # https://github.com/coreos/rkt/blob/v${VERSION}/stage1/usr_from_coreos/coreos-common.mk - coreosImageRelease = "1478.0.0"; - coreosImageSystemdVersion = "233"; - - # TODO: track https://github.com/coreos/rkt/issues/1758 to allow "host" flavor. - stage1Flavours = [ "coreos" "fly" ]; - stage1Dir = "lib/rkt/stage1-images"; - -in stdenv.mkDerivation rec { - version = "1.30.0"; - pname = "rkt"; - BUILDDIR="build-${pname}-${version}"; - - src = fetchFromGitHub { - owner = "coreos"; - repo = "rkt"; - rev = "v${version}"; - sha256 = "0dqf83b7iin1np8k8k1m8i99ybga8vx932q7n2q64yghkw7p6i00"; - }; - - stage1BaseImage = fetchurl { - url = "http://alpha.release.core-os.net/amd64-usr/${coreosImageRelease}/coreos_production_pxe_image.cpio.gz"; - sha256 = "0s4qdkkfp0iirfnm5ds3b3hxq0249kvpygyhflma8z90ivkzk5wq"; - }; - - buildInputs = [ - glibc.out glibc.static - autoreconfHook go file git wget gnupg trousers squashfsTools cpio acl systemd - makeWrapper - ]; - - preConfigure = '' - ./autogen.sh - configureFlagsArray=( - --with-stage1-flavors=${builtins.concatStringsSep "," stage1Flavours} - ${if lib.findFirst (p: p == "coreos") null stage1Flavours != null then " - --with-coreos-local-pxe-image-path=${stage1BaseImage} - --with-coreos-local-pxe-image-systemd-version=v${coreosImageSystemdVersion} - " else "" } - --with-stage1-default-location=$out/${stage1Dir}/stage1-${builtins.elemAt stage1Flavours 0}.aci - ); - ''; - - preBuild = '' - export BUILDDIR - export GOCACHE="$TMPDIR/go-cache" - ''; - - installPhase = '' - mkdir -p $out/bin - cp -Rv $BUILDDIR/target/bin/rkt $out/bin - - mkdir -p $out/lib/rkt/stage1-images/ - cp -Rv $BUILDDIR/target/bin/stage1-*.aci $out/${stage1Dir}/ - - wrapProgram $out/bin/rkt \ - --prefix LD_LIBRARY_PATH : "${systemd.lib}/lib:${acl.out}/lib" \ - --prefix PATH : ${iptables}/bin - ''; - - meta = with lib; { - description = "A fast, composable, and secure App Container runtime for Linux"; - homepage = "https://github.com/coreos/rkt"; - license = licenses.asl20; - maintainers = with maintainers; [ ragge steveej ]; - platforms = [ "x86_64-linux" ]; - knownVulnerabilities = [ - "CVE-2019-10144: processes run with `rkt enter` are given all capabilities during stage 2" - "CVE-2019-10145: processes run with `rkt enter` do not have seccomp filtering during stage 2" - "CVE-2019-10147: processes run with `rkt enter` are not limited by cgroups during stage 2" - ]; - }; -} diff --git a/nixpkgs/pkgs/applications/virtualization/runc/default.nix b/nixpkgs/pkgs/applications/virtualization/runc/default.nix index 95db2a1d9e9a..1bf6b3d574a9 100644 --- a/nixpkgs/pkgs/applications/virtualization/runc/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/runc/default.nix @@ -8,6 +8,7 @@ , libapparmor , apparmor-parser , libseccomp +, libselinux }: buildGoPackage rec { @@ -25,9 +26,11 @@ buildGoPackage rec { outputs = [ "out" "man" ]; nativeBuildInputs = [ go-md2man installShellFiles pkg-config which ]; - buildInputs = [ libseccomp libapparmor apparmor-parser ]; - makeFlags = [ "BUILDTAGS+=seccomp" "BUILDTAGS+=apparmor" ]; + buildInputs = [ libselinux libseccomp libapparmor apparmor-parser ]; + + # these will be the default in the next release + makeFlags = [ "BUILDTAGS+=seccomp" "BUILDTAGS+=apparmor" "BUILDTAGS+=selinux" ]; buildPhase = '' cd go/src/${goPackagePath} diff --git a/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix index 22aa31a6dea3..f577ded70bae 100644 --- a/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix @@ -8,6 +8,9 @@ stdenv.mkDerivation rec { sha256 = "0n9k2kna2gd1zi6jv45zsp2jlv439nz5l5jjijirxqaycwi74srf"; }; NIX_CFLAGS_COMPILE = [ "-Wno-error=address-of-packed-member" ]; + patchFlags = [ "-uNp1" ]; + # included in the next release. + patches = [ ./timeout.diff ]; postPatch = '' substituteInPlace data/spice-vdagent.desktop --replace /usr $out ''; diff --git a/nixpkgs/pkgs/applications/virtualization/spice-vdagent/timeout.diff b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/timeout.diff new file mode 100644 index 000000000000..2021e98e41f2 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/timeout.diff @@ -0,0 +1,84 @@ +diff --git a/src/udscs.c b/src/udscs.c +index 4de75f8..7c99eed 100644 +--- a/src/udscs.c ++++ b/src/udscs.c +@@ -186,6 +186,7 @@ struct udscs_server *udscs_server_new( + server->read_callback = read_callback; + server->error_cb = error_cb; + server->service = g_socket_service_new(); ++ g_socket_service_stop(server->service); + + g_signal_connect(server->service, "incoming", + G_CALLBACK(udscs_server_accept_cb), server); +@@ -223,6 +224,11 @@ void udscs_server_listen_to_address(struct udscs_server *server, + g_object_unref(sock_addr); + } + ++void udscs_server_start(struct udscs_server *server) ++{ ++ g_socket_service_start(server->service); ++} ++ + void udscs_server_destroy_connection(struct udscs_server *server, + UdscsConnection *conn) + { +diff --git a/src/udscs.h b/src/udscs.h +index 45ebd3f..4f7ea36 100644 +--- a/src/udscs.h ++++ b/src/udscs.h +@@ -98,6 +98,8 @@ void udscs_server_listen_to_address(struct udscs_server *server, + const gchar *addr, + GError **err); + ++void udscs_server_start(struct udscs_server *server); ++ + void udscs_server_destroy_connection(struct udscs_server *server, + UdscsConnection *conn); + +diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c +index cfd0a51..753c9bf 100644 +--- a/src/vdagentd/vdagentd.c ++++ b/src/vdagentd/vdagentd.c +@@ -1184,10 +1184,6 @@ int main(int argc, char *argv[]) + uinput_device = g_strdup(DEFAULT_UINPUT_DEVICE); + } + +- g_unix_signal_add(SIGINT, signal_handler, NULL); +- g_unix_signal_add(SIGHUP, signal_handler, NULL); +- g_unix_signal_add(SIGTERM, signal_handler, NULL); +- + openlog("spice-vdagentd", do_daemonize ? 0 : LOG_PERROR, LOG_USER); + + /* Setup communication with vdagent process(es) */ +@@ -1228,9 +1224,6 @@ int main(int argc, char *argv[]) + } + } + +- if (do_daemonize) +- daemonize(); +- + #ifdef WITH_STATIC_UINPUT + uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0, + debug > 1, uinput_fake); +@@ -1240,6 +1233,13 @@ int main(int argc, char *argv[]) + } + #endif + ++ if (do_daemonize) ++ daemonize(); ++ ++ g_unix_signal_add(SIGINT, signal_handler, NULL); ++ g_unix_signal_add(SIGHUP, signal_handler, NULL); ++ g_unix_signal_add(SIGTERM, signal_handler, NULL); ++ + if (want_session_info) + session_info = session_info_create(debug); + if (session_info) { +@@ -1252,6 +1252,7 @@ int main(int argc, char *argv[]) + + active_xfers = g_hash_table_new(g_direct_hash, g_direct_equal); + ++ udscs_server_start(server); + loop = g_main_loop_new(NULL, FALSE); + g_main_loop_run(loop); + diff --git a/nixpkgs/pkgs/applications/virtualization/umoci/default.nix b/nixpkgs/pkgs/applications/virtualization/umoci/default.nix index f07bb0fc164e..d8a1f36dd5d3 100644 --- a/nixpkgs/pkgs/applications/virtualization/umoci/default.nix +++ b/nixpkgs/pkgs/applications/virtualization/umoci/default.nix @@ -1,6 +1,11 @@ -{ lib, fetchFromGitHub, buildGoPackage }: +{ lib +, fetchFromGitHub +, buildGoModule +, go-md2man +, installShellFiles +}: -buildGoPackage rec { +buildGoModule rec { pname = "umoci"; version = "0.4.5"; @@ -11,10 +16,18 @@ buildGoPackage rec { sha256 = "1gzj4nnys73wajdwjn5jsskvnhzh8s2vmyl76ax8drpvw19bd5g3"; }; - goPackagePath = "github.com/openSUSE/umoci"; + vendorSha256 = null; buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version}" ]; + nativeBuildInputs = [ go-md2man installShellFiles ]; + + postInstall = '' + sed -i '/SHELL =/d' Makefile + make local-doc + installManPage doc/man/*.[1-9] + ''; + meta = with lib; { description = "umoci modifies Open Container images"; homepage = "https://umo.ci"; |