diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/virtualization')
81 files changed, 7101 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/8086tiny/builder.sh b/nixpkgs/pkgs/applications/virtualization/8086tiny/builder.sh new file mode 100644 index 000000000000..7cff2589abe0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/8086tiny/builder.sh @@ -0,0 +1,28 @@ + +source $stdenv/setup + +mkdir -p ./$name $out/bin $out/share/$name $out/share/doc/$name/images + +cd $name +tar xf $src +make 8086tiny +if [ $bios ]; then + cd bios_source + nasm -f bin bios.asm -o bios + cd .. +fi + +install -m 755 8086tiny $out/bin +install -m 644 fd.img $out/share/$name/8086tiny-floppy.img +install -m 644 bios_source/bios.asm $out/share/$name/8086tiny-bios-src.asm +install -m 644 docs/8086tiny.css $out/share/doc/$name +install -m 644 docs/doc.html $out/share/doc/$name +for i in docs/images/*.gif +do + install -m 644 $i $out/share/doc/$name/images +done +if [ $bios ]; then + install -m 644 bios_source/bios $out/share/$name/8086tiny-bios +else + install -m 644 bios $out/share/$name/8086tiny-bios +fi diff --git a/nixpkgs/pkgs/applications/virtualization/8086tiny/default.nix b/nixpkgs/pkgs/applications/virtualization/8086tiny/default.nix new file mode 100644 index 000000000000..15d98dc9be50 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/8086tiny/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl +, localBios ? true, nasm ? null +, sdlSupport ? true, SDL ? null }: + +assert sdlSupport -> (SDL != null); + +stdenv.mkDerivation rec { + + name = "8086tiny-${version}"; + version = "1.25"; + + src = fetchurl { + url ="http://www.megalith.co.uk/8086tiny/downloads/8086tiny_125.tar.bz2"; + sha256 = "0kmq4iiwhi2grjwq43ljjk1b1f1v1x9gzrgrgq2fzfsj7m7s6ris"; + }; + + buildInputs = with stdenv.lib; + optionals localBios [ nasm ] + ++ optionals sdlSupport [ SDL ]; + + bios = localBios; + + builder = ./builder.sh; + + meta = { + description = "An open-source 8086 emulator"; + longDescription = '' + 8086tiny is a tiny, open-source (MIT), portable (little-endian hosts) Intel PC emulator, powerful enough to run DOS, Windows 3.0, Excel, MS Flight Simulator, AutoCAD, Lotus 1-2-3, and similar applications. 8086tiny emulates a "late 80's era" PC XT-type machine. + + 8086tiny is based on an IOCCC 2013 winning entry. In fact that is the "unobfuscated" version :) + ''; + homepage = http://www.megalith.co.uk/8086tiny/index.html; + license = stdenv.lib.licenses.mit; + maintainers = [ stdenv.lib.maintainers.AndersonTorres ]; + platforms = stdenv.lib.platforms.linux; + }; +} + +# TODO: add support for a locally made BIOS diff --git a/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix b/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix new file mode 100644 index 000000000000..c858f4c4d6d3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix @@ -0,0 +1,92 @@ +{ stdenv, lib, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }: + +let + + projectDscPath = if stdenv.isi686 then + "OvmfPkg/OvmfPkgIa32.dsc" + else if stdenv.isx86_64 then + "OvmfPkg/OvmfPkgX64.dsc" + else if stdenv.isAarch64 then + "ArmVirtPkg/ArmVirtQemu.dsc" + else + throw "Unsupported architecture"; + + version = (builtins.parseDrvName edk2.name).version; + + src = edk2.src; +in + +stdenv.mkDerivation (edk2.setup projectDscPath { + name = "OVMF-${version}"; + + inherit src; + + outputs = [ "out" "fd" ]; + + # TODO: properly include openssl for secureBoot + buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ]; + + hardeningDisable = [ "stackprotector" "pic" "fortify" ]; + + unpackPhase = '' + # $fd is overwritten during the build + export OUTPUT_FD=$fd + + for file in \ + "${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg}; + do + ln -sv "$file" . + done + + ${if stdenv.isAarch64 then '' + ln -sv ${src}/ArmPkg . + ln -sv ${src}/ArmPlatformPkg . + ln -sv ${src}/ArmVirtPkg . + ln -sv ${src}/EmbeddedPkg . + ln -sv ${src}/OvmfPkg . + '' else if seabios != null then '' + cp -r ${src}/OvmfPkg . + chmod +w OvmfPkg/Csm/Csm16 + cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin + '' else '' + ln -sv ${src}/OvmfPkg . + ''} + + ${lib.optionalString secureBoot '' + ln -sv ${src}/SecurityPkg . + ln -sv ${src}/CryptoPkg . + ''} + ''; + + buildPhase = if stdenv.isAarch64 then '' + build -n $NIX_BUILD_CORES + '' else if seabios == null then '' + build -n $NIX_BUILD_CORES ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"} + '' else '' + build -n $NIX_BUILD_CORES -D CSM_ENABLE -D FD_SIZE_2MB ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"} + ''; + + postFixup = if stdenv.isAarch64 then '' + mkdir -vp $fd/FV + mkdir -vp $fd/AAVMF + mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV + + # Uses Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec + # FIXME: why is it different from Debian dir layout? https://anonscm.debian.org/cgit/pkg-qemu/edk2.git/tree/debian/rules + dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=/dev/zero bs=1M count=64 + dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=$fd/FV/QEMU_EFI.fd conv=notrunc + dd of=$fd/AAVMF/vars-template-pflash.raw if=/dev/zero bs=1M count=64 + '' else '' + mkdir -vp $OUTPUT_FD/FV + mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV + ''; + + dontPatchELF = true; + + meta = { + description = "Sample UEFI firmware for QEMU and KVM"; + homepage = https://github.com/tianocore/tianocore.github.io/wiki/OVMF; + license = stdenv.lib.licenses.bsd2; + platforms = ["x86_64-linux" "i686-linux" "aarch64-linux"]; + }; +}) diff --git a/nixpkgs/pkgs/applications/virtualization/aqemu/default.nix b/nixpkgs/pkgs/applications/virtualization/aqemu/default.nix new file mode 100644 index 000000000000..e7cd5b7bde68 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/aqemu/default.nix @@ -0,0 +1,26 @@ +{ cmake, fetchFromGitHub, libvncserver, qemu, qtbase, stdenv +}: + +stdenv.mkDerivation rec { + name = "aqemu-${version}"; + version = "0.9.2"; + + src = fetchFromGitHub { + owner = "tobimensch"; + repo = "aqemu"; + rev = "v${version}"; + sha256 = "1h1mcw8x0jir5p39bs8ka0lcisiyi4jq61fsccgb9hsvl1i8fvk5"; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ libvncserver qtbase qemu ]; + + meta = with stdenv.lib; { + description = "A virtual machine manager GUI for qemu"; + homepage = https://github.com/tobimensch/aqemu; + license = licenses.gpl2; + maintainers = with maintainers; [ hrdinka ]; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/bochs/bochs-2.6.9-glibc-2.26.patch b/nixpkgs/pkgs/applications/virtualization/bochs/bochs-2.6.9-glibc-2.26.patch new file mode 100644 index 000000000000..a13b42ee35a3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/bochs/bochs-2.6.9-glibc-2.26.patch @@ -0,0 +1,14 @@ +diff --git a/iodev/network/slirp/slirp.h b/iodev/network/slirp/slirp.h +index 7c16aa3..202a1b7 100644 +--- a/iodev/network/slirp/slirp.h ++++ b/iodev/network/slirp/slirp.h +@@ -33,8 +33,8 @@ typedef char *caddr_t; + #endif + + #include <sys/types.h> +-#if defined(__OpenBSD__) + #include <stdint.h> ++#if defined(__OpenBSD__) + #include <sys/wait.h> + #endif + #ifdef HAVE_SYS_BITYPES_H diff --git a/nixpkgs/pkgs/applications/virtualization/bochs/default.nix b/nixpkgs/pkgs/applications/virtualization/bochs/default.nix new file mode 100644 index 000000000000..f9d7128330fb --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/bochs/default.nix @@ -0,0 +1,129 @@ +{ stdenv, fetchurl +, pkgconfig, libtool +, gtk2, libGLU_combined, readline, libX11, libXpm +, docbook_xml_dtd_45, docbook_xsl +, sdlSupport ? true, SDL2 ? null +, termSupport ? true, ncurses ? null +, wxSupport ? true, wxGTK ? null +, wgetSupport ? false, wget ? null +, curlSupport ? false, curl ? null +}: + +assert sdlSupport -> (SDL2 != null); +assert termSupport -> (ncurses != null); +assert wxSupport -> (gtk2 != null && wxGTK != null); +assert wgetSupport -> (wget != null); +assert curlSupport -> (curl != null); + +with stdenv.lib; +stdenv.mkDerivation rec { + + name = "bochs-${version}"; + version = "2.6.9"; + + src = fetchurl { + url = "mirror://sourceforge/project/bochs/bochs/${version}/${name}.tar.gz"; + sha256 = "1379cq4cnfprhw8mgh60i0q9j8fz8d7n3d5fnn2g9fdiv5znfnzf"; + }; + + patches = [ ./bochs-2.6.9-glibc-2.26.patch ]; + + buildInputs = with stdenv.lib; + [ pkgconfig libtool gtk2 libGLU_combined readline libX11 libXpm docbook_xml_dtd_45 docbook_xsl ] + ++ optionals termSupport [ ncurses ] + ++ optionals sdlSupport [ SDL2 ] + ++ optionals wxSupport [ wxGTK ] + ++ optionals wgetSupport [ wget ] + ++ optionals curlSupport [ curl ]; + + configureFlags = [ + "--with-x=yes" + "--with-x11=yes" + + "--with-rfb=no" + "--with-vncsrv=no" + "--with-svga=no" # it doesn't compile on NixOS + + # These will always be "yes" on NixOS + "--enable-ltdl-install=yes" + "--enable-readline=yes" + "--enable-all-optimizations=yes" + "--enable-logging=yes" + "--enable-xpm=yes" + + # ... whereas these, always "no"! + "--enable-cpp=no" + "--enable-instrumentation=no" + + "--enable-docbook=no" # Broken - it requires docbook2html + + # Dangerous options - they are marked as "incomplete/experimental" on Bochs documentation + "--enable-3dnow=no" + "--enable-monitor-mwait=no" + "--enable-raw-serial=no" ] + # Boolean flags + ++ optionals termSupport [ "--with-term" ] + ++ optionals sdlSupport [ "--with-sdl2" ] + ++ optionals wxSupport [ "--with-wx" ] + # These are completely configurable, and they don't depend of external tools + ++ [ "--enable-cpu-level=6" # from 3 to 6 + "--enable-largefile" + "--enable-idle-hack" + "--enable-plugins=no" # Plugins are a bit buggy in Bochs + "--enable-a20-pin" + "--enable-x86-64" + "--enable-smp" + "--enable-large-ramfile" + "--enable-repeat-speedups" + "--enable-handlers-chaining" + "--enable-trace-linking" + "--enable-configurable-msrs" + "--enable-show-ips" + "--enable-debugger" #conflicts with gdb-stub option + "--enable-disasm" + "--enable-debugger-gui" + "--enable-gdb-stub=no" # conflicts with debugger option + "--enable-iodebug" + "--enable-fpu" + "--enable-svm" + "--enable-avx" + "--enable-evex" + "--enable-x86-debugger" + "--enable-pci" + "--enable-usb" + "--enable-usb-ohci" + "--enable-usb-ehci" + "--enable-usb-xhci" + "--enable-ne2000" + "--enable-pnic" + "--enable-e1000" + "--enable-clgd54xx" + "--enable-voodoo" + "--enable-cdrom" + "--enable-sb16" + "--enable-es1370" + "--enable-busmouse" ]; + + NIX_CFLAGS_COMPILE="-I${gtk2.dev}/include/gtk-2.0/ -I${libtool}/include/"; + NIX_LDFLAGS="-L${libtool.lib}/lib"; + + hardeningDisable = [ "format" ]; + + enableParallelBuilding = true; + + meta = { + description = "An open-source IA-32 (x86) PC emulator"; + longDescription = '' + Bochs is an open-source (LGPL), highly portable IA-32 PC emulator, written + in C++, that runs on most popular platforms. It includes emulation of the + Intel x86 CPU, common I/O devices, and a custom BIOS. + ''; + homepage = http://bochs.sourceforge.net/; + license = licenses.lgpl2Plus; + maintainers = [ maintainers.AndersonTorres ]; + platforms = platforms.unix; + }; +} +# TODO: plugins +# TODO: svga support - the Bochs sources explicitly cite /usr/include/vga.h +# TODO: a better way to organize the options diff --git a/nixpkgs/pkgs/applications/virtualization/cbfstool/default.nix b/nixpkgs/pkgs/applications/virtualization/cbfstool/default.nix new file mode 100644 index 000000000000..13060a50290b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/cbfstool/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchurl, iasl, flex, bison }: + +stdenv.mkDerivation rec { + name = "cbfstool-${version}"; + version = "4.9"; + + src = fetchurl { + url = "https://coreboot.org/releases/coreboot-${version}.tar.xz"; + sha256 = "0xkai65d3z9fivwscbkm7ndcw2p9g794xz8fwdv979w77n5qsdij"; + }; + + nativeBuildInputs = [ flex bison ]; + buildInputs = [ iasl ]; + + buildPhase = '' + export LEX=${flex}/bin/flex + make -C util/cbfstool + ''; + + installPhase = '' + mkdir -p $out/bin + cp util/cbfstool/cbfstool $out/bin + cp util/cbfstool/fmaptool $out/bin + cp util/cbfstool/rmodtool $out/bin + ''; + + meta = with stdenv.lib; { + description = "Management utility for CBFS formatted ROM images"; + homepage = https://www.coreboot.org; + license = licenses.gpl2; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/applications/virtualization/cntr/default.nix b/nixpkgs/pkgs/applications/virtualization/cntr/default.nix new file mode 100644 index 000000000000..79dbddfab550 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/cntr/default.nix @@ -0,0 +1,24 @@ +{ stdenv, rustPlatform, fetchFromGitHub }: + +rustPlatform.buildRustPackage rec { + name = "cntr-${version}"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "Mic92"; + repo = "cntr"; + rev = version; + sha256 = "0lmbsnjia44h4rskqkv9yc7xb6f3qjgbg8kcr9zqnr7ivr5fjcxg"; + }; + + cargoSha256 = "0gainr5gfy0bbhr6078zvgx0kzp53slxjp37d3da091ikgzgfn51"; + + meta = with stdenv.lib; { + description = "A container debugging tool based on FUSE"; + homepage = https://github.com/Mic92/cntr; + license = licenses.mit; + # aarch64 support will be fixed soon + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.mic92 ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/containerd/default.nix b/nixpkgs/pkgs/applications/virtualization/containerd/default.nix new file mode 100644 index 000000000000..94b21a77a702 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/containerd/default.nix @@ -0,0 +1,56 @@ +{ stdenv, lib, fetchFromGitHub, buildGoPackage, btrfs-progs, go-md2man, utillinux }: + +with lib; + +buildGoPackage rec { + name = "containerd-${version}"; + version = "1.2.2"; + + src = fetchFromGitHub { + owner = "containerd"; + repo = "containerd"; + rev = "v${version}"; + sha256 = "065snv0s3v3z0ghadlii4w78qnhchcbx2kfdrvm8fk8gb4pkx1ya"; + }; + + goPackagePath = "github.com/containerd/containerd"; + outputs = [ "bin" "out" "man" ]; + + hardeningDisable = [ "fortify" ]; + + buildInputs = [ btrfs-progs go-md2man utillinux ]; + buildFlags = "VERSION=v${version}"; + + BUILDTAGS = [] + ++ optional (btrfs-progs == null) "no_btrfs"; + + buildPhase = '' + cd go/src/${goPackagePath} + patchShebangs . + make binaries + ''; + + installPhase = '' + for b in bin/*; do + install -Dm555 $b $bin/$b + done + + make man + manRoot="$man/share/man" + mkdir -p "$manRoot" + for manFile in man/*; do + manName="$(basename "$manFile")" # "docker-build.1" + number="$(echo $manName | rev | cut -d'.' -f1 | rev)" + mkdir -p "$manRoot/man$number" + gzip -c "$manFile" > "$manRoot/man$number/$manName.gz" + done + ''; + + meta = { + homepage = https://containerd.io/; + description = "A daemon to control runC"; + license = licenses.asl20; + maintainers = with maintainers; [ offline vdemeester ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker-compose/default.nix b/nixpkgs/pkgs/applications/virtualization/docker-compose/default.nix new file mode 100644 index 000000000000..8e1934487cba --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker-compose/default.nix @@ -0,0 +1,47 @@ +{ stdenv, buildPythonApplication, fetchPypi, pythonOlder +, mock, pytest, nose +, pyyaml, backports_ssl_match_hostname, colorama, docopt +, dockerpty, docker, ipaddress, jsonschema, requests +, six, texttable, websocket_client, cached-property +, enum34, functools32, +}: +buildPythonApplication rec { + version = "1.23.2"; + pname = "docker-compose"; + + src = fetchPypi { + inherit pname version; + sha256 = "1x2jlh7z2znvyz2pqcpn0gigfiqnx8s59pc7xlvy9ryd76g9w1zz"; + }; + + # lots of networking and other fails + doCheck = false; + checkInputs = [ mock pytest nose ]; + propagatedBuildInputs = [ + pyyaml backports_ssl_match_hostname colorama dockerpty docker + ipaddress jsonschema requests six texttable websocket_client + docopt cached-property + ] ++ + stdenv.lib.optional (pythonOlder "3.4") enum34 ++ + stdenv.lib.optional (pythonOlder "3.2") functools32; + + postPatch = '' + # Remove upper bound on requires, see also + # https://github.com/docker/compose/issues/4431 + sed -i "s/, < .*',$/',/" setup.py + ''; + + postInstall = '' + mkdir -p $out/share/bash-completion/completions/ + cp contrib/completion/bash/docker-compose $out/share/bash-completion/completions/docker-compose + ''; + + meta = with stdenv.lib; { + homepage = https://docs.docker.com/compose/; + description = "Multi-container orchestration for Docker"; + license = licenses.asl20; + maintainers = with maintainers; [ + jgeerds + ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/default.nix b/nixpkgs/pkgs/applications/virtualization/docker/default.nix new file mode 100644 index 000000000000..d4ba9568fed4 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/default.nix @@ -0,0 +1,213 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, removeReferencesTo, pkgconfig +, go-md2man, go, containerd, runc, docker-proxy, tini, libtool +, sqlite, iproute, lvm2, systemd +, btrfs-progs, iptables, e2fsprogs, xz, utillinux, xfsprogs +, procps, libseccomp +}: + +with lib; + +rec { + dockerGen = { + version, rev, sha256 + , runcRev, runcSha256 + , containerdRev, containerdSha256 + , tiniRev, tiniSha256 + } : + let + docker-runc = runc.overrideAttrs (oldAttrs: rec { + name = "docker-runc-${version}"; + inherit version; + src = fetchFromGitHub { + owner = "docker"; + repo = "runc"; + rev = runcRev; + sha256 = runcSha256; + }; + # docker/runc already include these patches / are not applicable + patches = []; + }); + + docker-containerd = containerd.overrideAttrs (oldAttrs: rec { + name = "docker-containerd-${version}"; + inherit version; + src = fetchFromGitHub { + owner = "docker"; + repo = "containerd"; + rev = containerdRev; + sha256 = containerdSha256; + }; + + hardeningDisable = [ "fortify" ]; + }); + + docker-tini = tini.overrideAttrs (oldAttrs: rec { + name = "docker-init-${version}"; + inherit version; + src = fetchFromGitHub { + owner = "krallin"; + repo = "tini"; + rev = tiniRev; + sha256 = tiniSha256; + }; + + # Do not remove static from make files as we want a static binary + patchPhase = '' + ''; + + NIX_CFLAGS_COMPILE = [ + "-DMINIMAL=ON" + ]; + }); + in + stdenv.mkDerivation ((optionalAttrs (stdenv.isLinux) rec { + + inherit docker-runc docker-containerd docker-proxy docker-tini; + + DOCKER_BUILDTAGS = [] + ++ optional (systemd != null) [ "journald" ] + ++ optional (btrfs-progs == null) "exclude_graphdriver_btrfs" + ++ optional (lvm2 == null) "exclude_graphdriver_devicemapper" + ++ optional (libseccomp != null) "seccomp"; + + }) // rec { + inherit version rev; + + name = "docker-${version}"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "docker-ce"; + rev = "v${version}"; + sha256 = sha256; + }; + + # Optimizations break compilation of libseccomp c bindings + hardeningDisable = [ "fortify" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + makeWrapper removeReferencesTo go-md2man go libtool + ] ++ optionals (stdenv.isLinux) [ + sqlite lvm2 btrfs-progs systemd libseccomp + ]; + + dontStrip = true; + + buildPhase = (optionalString (stdenv.isLinux) '' + # build engine + cd ./components/engine + export AUTO_GOPATH=1 + export DOCKER_GITCOMMIT="${rev}" + export VERSION="${version}" + export GOCACHE="$TMPDIR/go-cache" + ./hack/make.sh dynbinary + cd - + '') + '' + # build cli + cd ./components/cli + # Mimic AUTO_GOPATH + mkdir -p .gopath/src/github.com/docker/ + ln -sf $PWD .gopath/src/github.com/docker/cli + export GOPATH="$PWD/.gopath:$GOPATH" + export GITCOMMIT="${rev}" + export VERSION="${version}" + source ./scripts/build/.variables + export CGO_ENABLED=1 + go build -tags pkcs11 --ldflags "$LDFLAGS" github.com/docker/cli/cmd/docker + cd - + ''; + + # systemd 230 no longer has libsystemd-journal as a separate entity from libsystemd + patchPhase = '' + substituteInPlace ./components/cli/scripts/build/.variables --replace "set -eu" "" + '' + optionalString (stdenv.isLinux) '' + patchShebangs . + substituteInPlace ./components/engine/hack/make.sh --replace libsystemd-journal libsystemd + substituteInPlace ./components/engine/daemon/logger/journald/read.go --replace libsystemd-journal libsystemd + ''; + + outputs = ["out" "man"]; + + extraPath = optionals (stdenv.isLinux) (makeBinPath [ iproute iptables e2fsprogs xz xfsprogs procps utillinux ]); + + installPhase = optionalString (stdenv.isLinux) '' + install -Dm755 ./components/engine/bundles/dynbinary-daemon/dockerd $out/libexec/docker/dockerd + + makeWrapper $out/libexec/docker/dockerd $out/bin/dockerd \ + --prefix PATH : "$out/libexec/docker:$extraPath" + + # docker uses containerd now + ln -s ${docker-containerd}/bin/containerd $out/libexec/docker/containerd + ln -s ${docker-containerd}/bin/containerd-shim $out/libexec/docker/containerd-shim + ln -s ${docker-runc}/bin/runc $out/libexec/docker/runc + ln -s ${docker-proxy}/bin/docker-proxy $out/libexec/docker/docker-proxy + ln -s ${docker-tini}/bin/tini-static $out/libexec/docker/docker-init + + # systemd + install -Dm644 ./components/engine/contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service + '' + '' + install -Dm755 ./components/cli/docker $out/libexec/docker/docker + + makeWrapper $out/libexec/docker/docker $out/bin/docker \ + --prefix PATH : "$out/libexec/docker:$extraPath" + + # completion (cli) + install -Dm644 ./components/cli/contrib/completion/bash/docker $out/share/bash-completion/completions/docker + install -Dm644 ./components/cli/contrib/completion/fish/docker.fish $out/share/fish/vendor_completions.d/docker.fish + install -Dm644 ./components/cli/contrib/completion/zsh/_docker $out/share/zsh/site-functions/_docker + + # Include contributed man pages (cli) + # Generate man pages from cobra commands + echo "Generate man pages from cobra" + cd ./components/cli + mkdir -p ./man/man1 + go build -o ./gen-manpages github.com/docker/cli/man + ./gen-manpages --root . --target ./man/man1 + + # Generate legacy pages from markdown + echo "Generate legacy manpages" + ./man/md2man-all.sh -q + + manRoot="$man/share/man" + mkdir -p "$manRoot" + for manDir in ./man/man?; do + manBase="$(basename "$manDir")" # "man1" + for manFile in "$manDir"/*; do + manName="$(basename "$manFile")" # "docker-build.1" + mkdir -p "$manRoot/$manBase" + gzip -c "$manFile" > "$manRoot/$manBase/$manName.gz" + done + done + ''; + + preFixup = '' + find $out -type f -exec remove-references-to -t ${go} -t ${stdenv.cc.cc} '{}' + + '' + optionalString (stdenv.isLinux) '' + find $out -type f -exec remove-references-to -t ${stdenv.glibc.dev} '{}' + + ''; + + meta = { + homepage = https://www.docker.com/; + description = "An open source project to pack, ship and run any application as a lightweight container"; + license = licenses.asl20; + maintainers = with maintainers; [ nequissimus offline tailhook vdemeester periklis ]; + platforms = with platforms; linux ++ darwin; + }; + }); + + # Get revisions from + # https://github.com/docker/docker-ce/tree/v${version}/components/engine/hack/dockerfile/install/* + + docker_18_09 = dockerGen rec { + version = "18.09.2"; + rev = "62479626f213818ba5b4565105a05277308587d5"; # git commit + sha256 = "05kvpy1c4g661xfds6dfzb8r5q76ndblxjykfj06had18pv0xxd4"; + runcRev = "09c8266bf2fcf9519a651b04ae54c967b9ab86ec"; + runcSha256 = "08h45vs1f25byapqzy6x42r86m232z166v6z81gc2a3id8v0nzia"; + containerdRev = "9754871865f7fe2f4e74d43e2fc7ccd237edcbce"; + containerdSha256 = "065snv0s3v3z0ghadlii4w78qnhchcbx2kfdrvm8fk8gb4pkx1ya"; + tiniRev = "fec3683b971d9c3ef73f284f176672c44b448662"; + tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix b/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix new file mode 100644 index 000000000000..0af9abc852ef --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "distribution-${version}"; + version = "2.6.2"; + rev = "v${version}"; + + goPackagePath = "github.com/docker/distribution"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "distribution"; + inherit rev; + sha256 = "0nj4xd72mik4pj8g065cqb0yjmgpj5ppsqf2k5ibz9f68c39c00b"; + }; + + meta = with stdenv.lib; { + description = "The Docker toolset to pack, ship, store, and deliver content"; + license = licenses.asl20; + maintainers = [ maintainers.globin ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/gc.nix b/nixpkgs/pkgs/applications/virtualization/docker/gc.nix new file mode 100644 index 000000000000..dcac628e3676 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/gc.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, docker, coreutils, procps, gnused, findutils, gnugrep }: + +with lib; + +stdenv.mkDerivation rec { + name = "docker-gc-${rev}"; + rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc"; + + src = fetchFromGitHub { + inherit rev; + owner = "spotify"; + repo = "docker-gc"; + sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm"; + }; + + buildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p $out/bin + cp docker-gc $out/bin + chmod +x $out/bin/docker-gc + wrapProgram $out/bin/docker-gc \ + --prefix PATH : "${stdenv.lib.makeBinPath [ docker coreutils procps gnused findutils gnugrep ]}" + ''; + + meta = { + description = "Docker garbage collection of containers and images"; + license = licenses.asl20; + homepage = https://github.com/spotify/docker-gc; + maintainers = with maintainers; [offline]; + platforms = docker.meta.platforms; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix b/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix new file mode 100644 index 000000000000..8b7021f7dbb8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix @@ -0,0 +1,29 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, docker }: + +buildGoPackage rec { + name = "docker-proxy-${rev}"; + rev = "7b2b1feb1de4817d522cc372af149ff48d25028e"; + + src = fetchFromGitHub { + inherit rev; + owner = "docker"; + repo = "libnetwork"; + sha256 = "1ng577k11cyv207bp0vaz5jjfcn2igd6w95zn4izcq1nldzp5935"; + }; + + goPackagePath = "github.com/docker/libnetwork"; + + goDeps = null; + + installPhase = '' + install -m755 -D ./go/bin/proxy $bin/bin/docker-proxy + ''; + + meta = with stdenv.lib; { + description = "Docker proxy binary to forward traffic between host and containers"; + license = licenses.asl20; + homepage = https://github.com/docker/libnetwork; + maintainers = with maintainers; [vdemeester]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix new file mode 100644 index 000000000000..069d5836a42b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchgit }: + +stdenv.mkDerivation { + name = "win-pvdrivers-git-20150701"; + version = "20150701"; + + src = fetchgit { + url = "https://github.com/ts468/win-pvdrivers"; + rev = "3054d645fc3ee182bea3e97ff01869f01cc3637a"; + sha256 = "6232ca2b7c9af874abbcb9262faf2c74c819727ed2eb64599c790879df535106"; + }; + + buildPhase = + let unpack = x: "tar xf $src/${x}.tar; mkdir -p x86/${x} amd64/${x}; cp ${x}/x86/* x86/${x}/.; cp ${x}/x64/* amd64/${x}/."; + in stdenv.lib.concatStringsSep "\n" (map unpack ["xenbus" "xeniface" "xenvif" "xennet" "xenvbd"]); + + installPhase = '' + mkdir -p $out + cp -r x86 $out/. + cp -r amd64 $out/. + ''; + + meta = with stdenv.lib; { + description = "Xen Subproject: Windows PV Driver"; + homepage = http://xenproject.org/downloads/windows-pv-drivers.html; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-qemu/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-qemu/default.nix new file mode 100644 index 000000000000..1fa3e76d18fd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-qemu/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchurl, p7zip }: + +stdenv.mkDerivation { + name = "win-qemu-0.1.105-1"; + version = "0.1.105-1"; + + phases = [ "buildPhase" "installPhase" ]; + + src = fetchurl { + url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.105-1/virtio-win.iso"; + sha256 = "065gz7s77y0q9kfqbr27451sr28rm9azpi88sqjkfph8c6r8q3wc"; + }; + + buildPhase = '' + ${p7zip}/bin/7z x $src + ''; + + installPhase = + let + copy_pvpanic = arch: version: "mkdir -p $out/${arch}/qemupanic; cp pvpanic/${version}/${arch}/* $out/${arch}/qemupanic/. \n"; + copy_pciserial = arch: "mkdir -p $out/${arch}/qemupciserial; cp qemupciserial/* $out/${arch}/qemupciserial/. \n"; + copy_agent = arch: '' + mkdir -p $out/${arch}/qemuagent + cp guest-agent/${if arch=="x86" then "qemu-ga-x86.msi" else "qemu-ga-x64.msi"} $out/${arch}/qemuagent/qemu-guest-agent.msi + (cd $out/${arch}/qemuagent; ${p7zip}/bin/7z x qemu-guest-agent.msi; rm qemu-guest-agent.msi) + ''; + copy = arch: version: (copy_pvpanic arch version) + (copy_pciserial arch) + (copy_agent arch); + in + (copy "amd64" "w8.1") + (copy "x86" "w8.1"); + + meta = with stdenv.lib; { + description = "Windows QEMU Drivers"; + homepage = https://fedoraproject.org/wiki/Windows_Virtio_Drivers; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix new file mode 100644 index 000000000000..39ca93d4e1a8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, p7zip }: + +let + src_x86 = fetchurl { + url = "http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x32_signed_0.11.0.373.msi"; + sha256 = "04r11xw8ikjmcdhrsk878c86g0d0pvras5arsas3zs6dhgjykqap"; + }; + + src_amd64 = fetchurl { + url = "http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x64_signed_0.11.0.373.msi"; + sha256 = "00k628mg9b039p8lmg2l9n81dr15svy70p3m6xmq6f0frmci38ph"; + }; +in + +stdenv.mkDerivation { + name = "gplpv-0.11.0.373"; + version = "0.11.0.373"; + + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + mkdir -p x86 + (cd x86; ${p7zip}/bin/7z e ${src_x86}) + mkdir -p amd64 + (cd amd64; ${p7zip}/bin/7z e ${src_amd64}) + ''; + + installPhase = '' + mkdir -p $out/x86 $out/amd64 + cp x86/* $out/x86/. + cp amd64/* $out/amd64/. + ''; + + meta = with stdenv.lib; { + description = '' + A collection of open source Window PV drivers that allow + Windows to be para-virtualized. + The drivers are signed by Univention with a Software Publishers + Certificate obtained from the VeriSign CA. + ''; + homepage = http://wiki.univention.de/index.php?title=Installing-signed-GPLPV-drivers; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-spice/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-spice/default.nix new file mode 100644 index 000000000000..2b2d8568a5b7 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-spice/default.nix @@ -0,0 +1,70 @@ +{ stdenv, fetchurl, p7zip, win-virtio }: + +let + src_usbdk_x86 = fetchurl { + url = "https://www.spice-space.org/download/windows/usbdk/UsbDk_1.0.4_x86.msi"; + sha256 = "17hv8034wk1xqnanm5jxs4741nl7asps1fdz6lhnrpp6gvj6yg9y"; + }; + + src_usbdk_amd64 = fetchurl { + url = "https://www.spice-space.org/download/windows/usbdk/UsbDk_1.0.4_x64.msi"; + sha256 = "0alcqsivp33pm8sy0lmkvq7m5yh6mmcmxdl39zjxjra67kw8r2sd"; + }; + + src_qxlwddm = fetchurl { + url = "https://people.redhat.com/~vrozenfe/qxlwddm/qxlwddm-0.11.zip"; + sha256 = "082zdpbh9i3bq2ds8g33rcbcw390jsm7cqf46rrlx02x8r03dm98"; + }; + + src_vdagent_x86 = fetchurl { + url = "https://www.spice-space.org/download/windows/vdagent/vdagent-win-0.7.3/vdagent_0_7_3_x86.zip"; + sha256 = "0d928g49rf4dl79jmvnqh6g864hp1flw1f0384sfp82himm3bxjs"; + }; + + src_vdagent_amd64 = fetchurl { + url = "https://www.spice-space.org/download/windows/vdagent/vdagent-win-0.7.3/vdagent_0_7_3_x64.zip"; + sha256 = "0djmvm66jcmcyhhbjppccbai45nqpva7vyvry6w8nyc0fwi1vm9l"; + }; +in + +stdenv.mkDerivation { + # use version number of qxlwddm as qxlwddm is the most important component + name = "win-spice-0.11"; + version = "0.11"; + + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + mkdir -p usbdk/x86 usbdk/amd64 + (cd usbdk/x86; ${p7zip}/bin/7z x ${src_usbdk_x86}) + (cd usbdk/amd64; ${p7zip}/bin/7z x ${src_usbdk_amd64}) + + mkdir -p vdagent/x86 vdagent/amd64 + (cd vdagent/x86; ${p7zip}/bin/7z x ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86) + (cd vdagent/amd64; ${p7zip}/bin/7z x ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64) + + mkdir -p qxlwddm + (cd qxlwddm; ${p7zip}/bin/7z x ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64) + ''; + + installPhase = + let + copy_qxl = arch: version: "mkdir -p $out/${arch}/qxl; cp qxlwddm/${version}/${arch}/* $out/${arch}/qxl/. \n"; + copy_usbdk = arch: "mkdir -p $out/${arch}/usbdk; cp usbdk/${arch}/* $out/${arch}/usbdk/. \n"; + copy_vdagent = arch: "mkdir -p $out/${arch}/vdagent; cp vdagent/${arch}/* $out/${arch}/vdagent/. \n"; + # SPICE needs vioserial + # TODO: Link windows version in win-spice (here) to version used in win-virtio. + # That way it would never matter whether vioserial is installed from win-virtio or win-spice. + copy_vioserial = arch: "mkdir -p $out/${arch}/vioserial; cp ${win-virtio}/${arch}/vioserial/* $out/${arch}/vioserial/. \n"; + copy = arch: version: (copy_qxl arch version) + (copy_usbdk arch) + (copy_vdagent arch) + (copy_vioserial arch); + in + (copy "amd64" "w8.1") + (copy "x86" "w8.1"); + + meta = with stdenv.lib; { + description = "Windows SPICE Drivers"; + homepage = https://www.spice-space.org/; + license = [ licenses.asl20 ]; # See https://github.com/vrozenfe/qxl-dod + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-virtio/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-virtio/default.nix new file mode 100644 index 000000000000..946014e5cc9a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-virtio/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, p7zip }: +stdenv.mkDerivation rec { + name = "win-virtio-${version}"; + version = "0.1.141-1"; + + phases = [ "buildPhase" "installPhase" ]; + + src = fetchurl { + url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-${version}/virtio-win.iso"; + sha256 = "0mn5gcgb9dk59nrw9scdza628yiji4vdkxmixikn9v02kgwnkja3"; + }; + + buildPhase = '' + ${p7zip}/bin/7z x $src + ''; + + installPhase = + let + copy = arch: version: {input, output}: "mkdir -p $out/${arch}/${output}; cp ${input}/${version}/${arch}/* $out/${arch}/${output}/."; + virtio = [{input="Balloon"; output="vioballoon";} + {input="NetKVM"; output="vionet";} + {input="vioscsi"; output="vioscsi";} + {input="vioserial"; output="vioserial";} + {input="viostor"; output="viostor";} + {input="viorng"; output="viorng";} + ]; + in + stdenv.lib.concatStringsSep "\n" ((map (copy "amd64" "w8.1") virtio) ++ (map (copy "x86" "w8.1") virtio)); + + meta = with stdenv.lib; { + description = "Windows VirtIO Drivers"; + homepage = https://fedoraproject.org/wiki/Windows_Virtio_Drivers; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/dynamips/default.nix b/nixpkgs/pkgs/applications/virtualization/dynamips/default.nix new file mode 100644 index 000000000000..9419939d1c74 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/dynamips/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, cmake, libelf, libpcap }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "dynamips"; + version = "0.2.20"; + + src = fetchFromGitHub { + owner = "GNS3"; + repo = pname; + rev = "v${version}"; + sha256 = "1841h0m0k0p3c3ify4imafjk7jigcj2zlr8rn3iyp7jnafkxqik7"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ libelf libpcap ]; + + cmakeFlags = [ "-DDYNAMIPS_CODE=stable" ]; + + meta = with stdenv.lib; { + description = "A Cisco router emulator"; + longDescription = '' + Dynamips is an emulator computer program that was written to emulate Cisco + routers. + ''; + inherit (src.meta) homepage; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/ecs-agent/default.nix b/nixpkgs/pkgs/applications/virtualization/ecs-agent/default.nix new file mode 100644 index 000000000000..ab971fe64c98 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/ecs-agent/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + name = "${pname}-${version}"; + pname = "amazon-ecs-agent"; + version = "1.18.0"; + + goPackagePath = "github.com/aws/${pname}"; + subPackages = [ "agent" ]; + + src = fetchFromGitHub { + rev = "v${version}"; + owner = "aws"; + repo = pname; + sha256 = "1l6c2if6wpjmq2hh6k818w38s1rsbwgd6igqy948dwcrb1g1mixr"; + }; + + meta = with stdenv.lib; { + description = "The agent that runs on AWS EC2 container instances and starts containers on behalf of Amazon ECS"; + homepage = "https://github.com/aws/amazon-ecs-agent"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ copumpkin ]; + }; +} + diff --git a/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix b/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix new file mode 100644 index 000000000000..778006a40f04 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix @@ -0,0 +1,35 @@ +{ fetchurl, stdenv }: + +let + version = "0.15.0"; + baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download"; + + fetchbin = name: sha256: fetchurl { + url = "${baseurl}/v${version}/${name}-v${version}"; + inherit sha256; + }; + + firecracker-bin = fetchbin "firecracker" "06b9pj9s4i0wqbh24frsza2j28n7qflp623vwvar5k18jq6jixd0"; + jailer-bin = fetchbin "jailer" "17nbsg3yi9rif9qxgp483b2qx0jn2sn1hlvk63gl8m54mnxzmcr3"; +in +stdenv.mkDerivation { + name = "firecracker-${version}"; + inherit version; + + srcs = [ firecracker-bin jailer-bin ]; + phases = [ "installPhase" ]; + + installPhase = '' + mkdir -p $out/bin + install -D ${firecracker-bin} $out/bin/firecracker + install -D ${jailer-bin} $out/bin/jailer + ''; + + meta = with stdenv.lib; { + description = "Secure, fast, minimal micro-container virtualization"; + homepage = http://firecracker-microvm.io; + license = licenses.asl20; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/lkl/default.nix b/nixpkgs/pkgs/applications/virtualization/lkl/default.nix new file mode 100644 index 000000000000..d870e2466167 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/lkl/default.nix @@ -0,0 +1,59 @@ +{ stdenv, fetchFromGitHub, bc, python, bison, flex, fuse, libarchive }: + +stdenv.mkDerivation rec { + name = "lkl-2018-08-22"; + rev = "5221c547af3d29582703f01049617a6bf9f6232a"; + + outputs = [ "dev" "lib" "out" ]; + + nativeBuildInputs = [ bc bison flex python ]; + + buildInputs = [ fuse libarchive ]; + + src = fetchFromGitHub { + inherit rev; + owner = "lkl"; + repo = "linux"; + sha256 = "1k2plyx40xaphm8zsk2dd1lyv6dhsp7kj6hfmdgiamvl80bjajqy"; + }; + + # Fix a /usr/bin/env reference in here that breaks sandboxed builds + prePatch = "patchShebangs arch/lkl/scripts"; + + installPhase = '' + mkdir -p $out/bin $lib/lib $dev + + cp tools/lkl/bin/lkl-hijack.sh $out/bin + sed -i $out/bin/lkl-hijack.sh \ + -e "s,LD_LIBRARY_PATH=.*,LD_LIBRARY_PATH=$lib/lib," + + cp tools/lkl/{cptofs,fs2tar,lklfuse} $out/bin + ln -s cptofs $out/bin/cpfromfs + cp -r tools/lkl/include $dev/ + cp tools/lkl/liblkl.a \ + tools/lkl/lib/liblkl.so \ + tools/lkl/lib/hijack/liblkl-hijack.so $lib/lib + ''; + + # We turn off format and fortify because of these errors (fortify implies -O2, which breaks the jitter entropy code): + # fs/xfs/xfs_log_recover.c:2575:3: error: format not a string literal and no format arguments [-Werror=format-security] + # crypto/jitterentropy.c:54:3: error: #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c." + hardeningDisable = [ "format" "fortify" ]; + + makeFlags = "-C tools/lkl"; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "The Linux kernel as a library"; + longDescription = '' + LKL (Linux Kernel Library) aims to allow reusing the Linux kernel code as + extensively as possible with minimal effort and reduced maintenance + overhead + ''; + homepage = https://github.com/lkl/linux/; + platforms = [ "x86_64-linux" "aarch64-linux" ]; # Darwin probably works too but I haven't tested it + license = licenses.gpl2; + maintainers = with maintainers; [ copumpkin ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix b/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix new file mode 100644 index 000000000000..ca8e4985016b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix @@ -0,0 +1,47 @@ +{ stdenv, fetchFromGitHub +, cmake, pkgconfig, SDL2, SDL, SDL2_ttf, openssl, spice-protocol, fontconfig +, libX11, freefont_ttf, nettle, libconfig +}: + +stdenv.mkDerivation rec { + name = "looking-glass-client-${version}"; + version = "a12"; + + src = fetchFromGitHub { + owner = "gnif"; + repo = "LookingGlass"; + rev = version; + sha256 = "0r6bvl9q94039r6ff4f2bg8si95axx9w8bf1h1qr5730d2kv5yxq"; + }; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ + SDL SDL2 SDL2_ttf openssl spice-protocol fontconfig + libX11 freefont_ttf nettle libconfig cmake + ]; + + enableParallelBuilding = true; + + sourceRoot = "source/client"; + + installPhase = '' + mkdir -p $out/bin + mv looking-glass-client $out/bin + ''; + + meta = with stdenv.lib; { + description = "A KVM Frame Relay (KVMFR) implementation"; + longDescription = '' + Looking Glass is an open source application that allows the use of a KVM + (Kernel-based Virtual Machine) configured for VGA PCI Pass-through + without an attached physical monitor, keyboard or mouse. This is the final + step required to move away from dual booting with other operating systems + for legacy programs that require high performance graphics. + ''; + homepage = https://looking-glass.hostfission.com/; + license = licenses.gpl2Plus; + maintainers = [ maintainers.pneumaticat ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/config.toml b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/config.toml new file mode 100644 index 000000000000..bbd166995f36 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/config.toml @@ -0,0 +1,13 @@ +disable-require = false +#swarm-resource = "DOCKER_RESOURCE_GPU" + +[nvidia-container-cli] +#root = "/run/nvidia/driver" +#path = "/usr/bin/nvidia-container-cli" +environment = [] +#debug = "/var/log/nvidia-container-runtime-hook.log" +ldcache = "/tmp/ld.so.cache" +load-kmods = true +#no-cgroups = false +#user = "root:video" +ldconfig = "@@glibcbin@/bin/ldconfig" diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/default.nix b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/default.nix new file mode 100644 index 000000000000..3e79ff84882f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/default.nix @@ -0,0 +1,84 @@ +{ stdenv, lib, fetchFromGitHub, fetchpatch, callPackage, makeWrapper +, buildGoPackage, runc, libelf, libcap, libseccomp, glibc }: + +with lib; let + + glibc-ldconf = glibc.overrideAttrs (oldAttrs: { + # ldconfig needs help reading libraries that have been patchelf-ed, as the + # .dynstr section is no longer in the first LOAD segment. See also + # https://sourceware.org/bugzilla/show_bug.cgi?id=23964 and + # https://github.com/NixOS/patchelf/issues/44 + patches = oldAttrs.patches ++ [ (fetchpatch { + name = "ldconfig-patchelf.patch"; + url = "https://sourceware.org/bugzilla/attachment.cgi?id=11444"; + sha256 = "0nzzmq7pli37iyjrgcmvcy92piiwjybpw245ds7q43pbgdm7lc3s"; + })]; + }); + + libnvidia-container = callPackage ./libnvc.nix { }; + + nvidia-container-runtime = fetchFromGitHub { + owner = "NVIDIA"; + repo = "nvidia-container-runtime"; + rev = "runtime-v2.0.0"; + sha256 = "0jcj5xxbg7x7gyhbb67h3ds6vly62gx7j02zm6lg102h34jajj7a"; + }; + + nvidia-container-runtime-hook = buildGoPackage rec { + name = "nvidia-container-runtime-hook-${version}"; + version = "1.4.0"; + + goPackagePath = "nvidia-container-runtime-hook"; + + src = "${nvidia-container-runtime}/hook/nvidia-container-runtime-hook"; + }; + + nvidia-runc = runc.overrideAttrs (oldAttrs: rec { + name = "nvidia-runc"; + version = "1.0.0-rc6"; + src = fetchFromGitHub { + owner = "opencontainers"; + repo = "runc"; + rev = "v${version}"; + sha256 = "1jwacb8xnmx5fr86gximhbl9dlbdwj3rpf27hav9q1si86w5pb1j"; + }; + patches = [ "${nvidia-container-runtime}/runtime/runc/3f2f8b84a77f73d38244dd690525642a72156c64/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch" ]; + }); + +in stdenv.mkDerivation rec { + name = "nvidia-docker-${version}"; + version = "2.0.3"; + + src = fetchFromGitHub { + owner = "NVIDIA"; + repo = "nvidia-docker"; + rev = "v${version}"; + sha256 = "1vx5m591mnvcb9vy0196x5lh3r8swjsk0fnlv5h62m7m4m07v6wx"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildPhase = '' + mkdir bin + cp nvidia-docker bin + cp ${libnvidia-container}/bin/nvidia-container-cli bin + cp ${nvidia-container-runtime-hook}/bin/nvidia-container-runtime-hook bin + cp ${nvidia-runc}/bin/runc bin/nvidia-container-runtime + ''; + + installPhase = '' + mkdir -p $out/{bin,etc} + cp -r bin $out + wrapProgram $out/bin/nvidia-container-cli \ + --prefix LD_LIBRARY_PATH : /run/opengl-driver/lib:/run/opengl-driver-32/lib + cp ${./config.toml} $out/etc/config.toml + substituteInPlace $out/etc/config.toml --subst-var-by glibcbin ${lib.getBin glibc-ldconf} + ''; + + meta = { + homepage = https://github.com/NVIDIA/nvidia-docker; + description = "NVIDIA container runtime for Docker"; + license = licenses.bsd3; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch new file mode 100644 index 000000000000..043c1efade8a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch @@ -0,0 +1,130 @@ +diff --git a/src/ldcache.c b/src/ldcache.c +index 38bab05..e1abc89 100644 +--- a/src/ldcache.c ++++ b/src/ldcache.c +@@ -108,40 +108,27 @@ ldcache_close(struct ldcache *ctx) + + int + ldcache_resolve(struct ldcache *ctx, uint32_t arch, const char *root, const char * const libs[], +- char *paths[], size_t size, ldcache_select_fn select, void *select_ctx) ++ char *paths[], size_t size, const char* version) + { + char path[PATH_MAX]; +- struct header_libc6 *h; +- int override; ++ char dir[PATH_MAX]; ++ char lib[PATH_MAX]; + +- h = (struct header_libc6 *)ctx->ptr; + memset(paths, 0, size * sizeof(*paths)); + +- for (uint32_t i = 0; i < h->nlibs; ++i) { +- int32_t flags = h->libs[i].flags; +- char *key = (char *)ctx->ptr + h->libs[i].key; +- char *value = (char *)ctx->ptr + h->libs[i].value; +- +- if (!(flags & LD_ELF) || (flags & LD_ARCH_MASK) != arch) ++ for (size_t j = 0; j < size; ++j) { ++ snprintf(dir, 100, "/run/opengl-driver%s/lib", ++ arch == LD_I386_LIB32 ? "-32" : ""); ++ if (!strncmp(libs[j], "libvdpau_nvidia.so", 100)) ++ strcat(dir, "/vdpau"); ++ snprintf(lib, 100, "%s/%s.%s", dir, libs[j], version); ++ if (path_resolve_full(ctx->err, path, "/", lib) < 0) ++ return (-1); ++ if (!file_exists(ctx->err, path)) + continue; +- +- for (size_t j = 0; j < size; ++j) { +- if (!str_has_prefix(key, libs[j])) +- continue; +- if (path_resolve(ctx->err, path, root, value) < 0) +- return (-1); +- if (paths[j] != NULL && str_equal(paths[j], path)) +- continue; +- if ((override = select(ctx->err, select_ctx, root, paths[j], path)) < 0) +- return (-1); +- if (override) { +- free(paths[j]); +- paths[j] = xstrdup(ctx->err, path); +- if (paths[j] == NULL) +- return (-1); +- } +- break; +- } ++ paths[j] = xstrdup(ctx->err, path); ++ if (paths[j] == NULL) ++ return (-1); + } + return (0); + } +diff --git a/src/ldcache.h b/src/ldcache.h +index 33d78dd..2b087db 100644 +--- a/src/ldcache.h ++++ b/src/ldcache.h +@@ -50,6 +50,6 @@ void ldcache_init(struct ldcache *, struct error *, const char *); + int ldcache_open(struct ldcache *); + int ldcache_close(struct ldcache *); + int ldcache_resolve(struct ldcache *, uint32_t, const char *, const char * const [], +- char *[], size_t, ldcache_select_fn, void *); ++ char *[], size_t, const char*); + + #endif /* HEADER_LDCACHE_H */ +diff --git a/src/nvc_info.c b/src/nvc_info.c +index cc96542..3fe7612 100644 +--- a/src/nvc_info.c ++++ b/src/nvc_info.c +@@ -163,15 +163,13 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char * + if (path_resolve_full(err, path, root, ldcache) < 0) + return (-1); + ldcache_init(&ld, err, path); +- if (ldcache_open(&ld) < 0) +- return (-1); + + info->nlibs = size; + info->libs = array_new(err, size); + if (info->libs == NULL) + goto fail; + if (ldcache_resolve(&ld, LIB_ARCH, root, libs, +- info->libs, info->nlibs, select_libraries, info) < 0) ++ info->libs, info->nlibs, info->nvrm_version) < 0) + goto fail; + + info->nlibs32 = size; +@@ -179,13 +177,11 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char * + if (info->libs32 == NULL) + goto fail; + if (ldcache_resolve(&ld, LIB32_ARCH, root, libs, +- info->libs32, info->nlibs32, select_libraries, info) < 0) ++ info->libs32, info->nlibs32, info->nvrm_version) < 0) + goto fail; + rv = 0; + + fail: +- if (ldcache_close(&ld) < 0) +- return (-1); + return (rv); + } + +@@ -199,7 +195,7 @@ find_binary_paths(struct error *err, struct nvc_driver_info *info, const char *r + char path[PATH_MAX]; + int rv = -1; + +- if ((env = secure_getenv("PATH")) == NULL) { ++ if ((env = "/run/nvidia-docker/bin:/run/nvidia-docker/extras/bin") == NULL) { + error_setx(err, "environment variable PATH not found"); + return (-1); + } +diff --git a/src/nvc_ldcache.c b/src/nvc_ldcache.c +index d41a24d..65b7878 100644 +--- a/src/nvc_ldcache.c ++++ b/src/nvc_ldcache.c +@@ -331,7 +331,7 @@ nvc_ldcache_update(struct nvc_context *ctx, const struct nvc_container *cnt) + if (validate_args(ctx, cnt != NULL) < 0) + return (-1); + +- argv = (char * []){cnt->cfg.ldconfig, cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL}; ++ argv = (char * []){cnt->cfg.ldconfig, "-f", "/tmp/ld.so.conf.nvidia-host", "-C", "/tmp/ld.so.cache.nvidia-host", cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL}; + if (*argv[0] == '@') { + /* + * We treat this path specially to be relative to the host filesystem. diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix new file mode 100644 index 000000000000..46b8e3ba43c3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix @@ -0,0 +1,53 @@ +{ stdenv, lib, fetchFromGitHub, libelf, libcap, libseccomp }: + +with lib; let + + modp-ver = "396.51"; + + nvidia-modprobe = fetchFromGitHub { + owner = "NVIDIA"; + repo = "nvidia-modprobe"; + rev = modp-ver; + sha256 = "1fw2qwc84k64agw6fx2v0mjf88aggph9c6qhs4cv7l3gmflv8qbk"; + }; + +in stdenv.mkDerivation rec { + name = "libnvidia-container-${version}"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "NVIDIA"; + repo = "libnvidia-container"; + rev = "v${version}"; + sha256 = "1ws6mfsbgxhzlb5w1r8qqg2arvxkr21n59i4cqsyz3h5jsqsflbw"; + }; + + # locations of nvidia-driver libraries are not resolved via ldconfig which + # doesn't get used on NixOS. Additional support binaries like nvidia-smi are + # not resolved via the environment PATH but via the derivation output path. + patches = [ ./libnvc-ldconfig-and-path-fixes.patch ]; + + makeFlags = [ + "WITH_LIBELF=yes" + "prefix=$(out)" + ]; + + postPatch = '' + sed -i 's/^REVISION :=.*/REVISION = ${src.rev}/' mk/common.mk + sed -i 's/^COMPILER :=.*/COMPILER = $(CC)/' mk/common.mk + + mkdir -p deps/src/nvidia-modprobe-${modp-ver} + cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modp-ver} + chmod -R u+w deps/src + touch deps/src/nvidia-modprobe-${modp-ver}/.download_stamp + ''; + + buildInputs = [ libelf libcap libseccomp ]; + + meta = { + homepage = https://github.com/NVIDIA/libnvidia-container; + description = "NVIDIA container runtime library"; + license = licenses.bsd3; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix new file mode 100644 index 000000000000..0668400d28ca --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix @@ -0,0 +1,65 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook, + fuse, libmspack, openssl, pam, xercesc, icu, libdnet, procps, + libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst, + pkgconfig, glib, gtk3, gtkmm3, iproute, dbus, systemd, which, + withX ? true }: + +stdenv.mkDerivation rec { + name = "open-vm-tools-${version}"; + version = "10.3.5"; + + src = fetchFromGitHub { + owner = "vmware"; + repo = "open-vm-tools"; + rev = "stable-${version}"; + sha256 = "10x24gkqcg9lnfxghq92nr76h40s5v3xrv0ymi9c7aqrqry404z7"; + }; + + sourceRoot = "${src.name}/open-vm-tools"; + + outputs = [ "out" "dev" ]; + + nativeBuildInputs = [ autoreconfHook makeWrapper pkgconfig ]; + buildInputs = [ fuse glib icu libdnet libmspack openssl pam procps xercesc ] + ++ lib.optionals withX [ gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ]; + + patches = [ ./recognize_nixos.patch ]; + postPatch = '' + # Build bugfix for 10.1.0, stolen from Arch PKGBUILD + mkdir -p common-agent/etc/config + sed -i 's|.*common-agent/etc/config/Makefile.*|\\|' configure.ac + + sed -i 's,^confdir = ,confdir = ''${prefix},' scripts/Makefile.am + sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' services/vmtoolsd/Makefile.am + sed -i 's,$(PAM_PREFIX),''${prefix}/$(PAM_PREFIX),' services/vmtoolsd/Makefile.am + sed -i 's,$(UDEVRULESDIR),''${prefix}/$(UDEVRULESDIR),' udev/Makefile.am + + # Avoid a glibc >= 2.25 deprecation warning that gets fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' -i lib/wiper/wiperPosix.c + + # Make reboot work, shutdown is not in /sbin on NixOS + sed -i 's,/sbin/shutdown,shutdown,' lib/system/systemLinux.c + ''; + + configureFlags = [ "--without-kernel-modules" "--without-xmlsecurity" ] + ++ lib.optional (!withX) "--without-x"; + + enableParallelBuilding = true; + + postInstall = '' + wrapProgram "$out/etc/vmware-tools/scripts/vmware/network" \ + --prefix PATH ':' "${lib.makeBinPath [ iproute dbus systemd which ]}" + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/vmware/open-vm-tools; + description = "Set of tools for VMWare guests to improve host-guest interaction"; + longDescription = '' + A set of services and modules that enable several features in VMware products for + better management of, and seamless user interactions with, guests. + ''; + license = licenses.gpl2; + platforms = [ "x86_64-linux" "i686-linux" ]; + maintainers = with maintainers; [ joamaki ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch new file mode 100644 index 000000000000..46d8ea7f7f3f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch @@ -0,0 +1,33 @@ +diff --git a/lib/include/guest_os.h b/open-vm-tools/lib/include/guest_os.h +index ef202e3..c7a105d 100644 +--- a/lib/include/guest_os.h ++++ b/lib/include/guest_os.h +@@ -238,6 +238,7 @@ Bool Gos_InSetArray(uint32 gos, const uint32 *set); + #define STR_OS_MANDRAKE_FULL "Mandrake Linux" + #define STR_OS_MANDRIVA "mandriva" + #define STR_OS_MKLINUX "MkLinux" ++#define STR_OS_NIXOS "NixOS" + #define STR_OS_NOVELL "nld9" + #define STR_OS_NOVELL_FULL "Novell Linux Desktop 9" + #define STR_OS_ORACLE6 "oraclelinux6" +diff --git a/lib/misc/hostinfoPosix.c b/open-vm-tools/lib/misc/hostinfoPosix.c +index 0f55070..2d8467c 100644 +--- a/lib/misc/hostinfoPosix.c ++++ b/lib/misc/hostinfoPosix.c +@@ -195,6 +195,7 @@ static const DistroInfo distroArray[] = { + {"Mandrake", "/etc/mandrake-release"}, + {"Mandriva", "/etc/mandriva-release"}, + {"MkLinux", "/etc/mklinux-release"}, ++ {"NixOS", "/etc/os-release"}, + {"Novell", "/etc/nld-release"}, + {"OracleLinux", "/etc/oracle-release"}, + {"Photon", "/etc/lsb-release"}, +@@ -554,6 +555,8 @@ HostinfoGetOSShortName(char *distro, // IN: full distro name + } + } else if (strstr(distroLower, "mandrake")) { + Str_Strcpy(distroShort, STR_OS_MANDRAKE, distroShortSize); ++ } else if (strstr(distroLower, "nixos")) { ++ Str_Strcpy(distroShort, STR_OS_NIXOS, distroShortSize); + } else if (strstr(distroLower, "turbolinux")) { + Str_Strcpy(distroShort, STR_OS_TURBO, distroShortSize); + } else if (strstr(distroLower, "sun")) { diff --git a/nixpkgs/pkgs/applications/virtualization/podman/conmon.nix b/nixpkgs/pkgs/applications/virtualization/podman/conmon.nix new file mode 100644 index 000000000000..6089aa7f69cd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/podman/conmon.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, fetchFromGitHub, pkgconfig, glib }: + +with lib; + +stdenv.mkDerivation rec { + name = "conmon-${version}"; + version = "unstable-2019-02-15"; + rev = "cc2b49590a485da9bd358440f92f219dfd6b230f"; + + src = fetchFromGitHub { + owner = "containers"; + repo = "conmon"; + sha256 = "13f5as4a9y6nkmr7cg0n27c2hfx9pkr75fxq2m0hlpcwhaardbm7"; + inherit rev; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + glib + ]; + + installPhase = '' + install -D -m 555 bin/conmon $out/bin/conmon + ''; + + meta = { + homepage = https://github.com/containers/conmon; + description = "An OCI container runtime monitor"; + license = licenses.asl20; + maintainers = with maintainers; [ vdemeester ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/podman/default.nix b/nixpkgs/pkgs/applications/virtualization/podman/default.nix new file mode 100644 index 000000000000..2e98194bb9d3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/podman/default.nix @@ -0,0 +1,47 @@ +{ stdenv, fetchFromGitHub, pkgconfig +, buildGoPackage, gpgme, lvm2, btrfs-progs, libseccomp +, go-md2man +}: + +buildGoPackage rec { + name = "podman-${version}"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "containers"; + repo = "libpod"; + rev = "v${version}"; + sha256 = "1fk9gqhr9yijf0fbxvidmza455x59d94id6d142isv8s36rkw858"; + }; + + goPackagePath = "github.com/containers/libpod"; + + outputs = [ "bin" "out" "man" ]; + + # Optimizations break compilation of libseccomp c bindings + hardeningDisable = [ "fortify" ]; + nativeBuildInputs = [ pkgconfig go-md2man ]; + + buildInputs = [ + btrfs-progs libseccomp gpgme lvm2 + ]; + + buildPhase = '' + pushd $NIX_BUILD_TOP/go/src/${goPackagePath} + patchShebangs . + make binaries docs + ''; + + installPhase = '' + install -Dm555 bin/podman $bin/bin/podman + MANDIR=$man/share/man make install.man + ''; + + meta = with stdenv.lib; { + homepage = https://podman.io/; + description = "A program for managing pods, containers and container images"; + license = licenses.asl20; + maintainers = with maintainers; [ vdemeester ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/qboot/default.nix b/nixpkgs/pkgs/applications/virtualization/qboot/default.nix new file mode 100644 index 000000000000..0678591fc2a3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qboot/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation { + name = "qboot-20170330"; + + src = fetchFromGitHub { + owner = "bonzini"; + repo = "qboot"; + rev = "ac9488f26528394856b94bda0797f5bd9c69a26a"; + sha256 = "0l83nbjndin1cbcimkqkiqr5df8d76cnhyk26rd3aygb2bf7cspy"; + }; + + installPhase = '' + mkdir -p $out + cp bios.bin* $out/. + ''; + + hardeningDisable = [ "stackprotector" "pic" ]; + + meta = { + description = "A simple x86 firmware for booting Linux"; + homepage = https://github.com/bonzini/qboot; + license = stdenv.lib.licenses.gpl2; + maintainers = with stdenv.lib.maintainers; [ tstrobel ]; + platforms = ["x86_64-linux" "i686-linux"]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/default.nix b/nixpkgs/pkgs/applications/virtualization/qemu/default.nix new file mode 100644 index 000000000000..67a863b6fb7c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/default.nix @@ -0,0 +1,157 @@ +{ stdenv, fetchurl, fetchpatch, python2, zlib, pkgconfig, glib +, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex +, bison, lzo, snappy, libaio, gnutls, nettle, curl +, makeWrapper +, attr, libcap, libcap_ng +, CoreServices, Cocoa, Hypervisor, rez, setfile +, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl +, seccompSupport ? stdenv.isLinux, libseccomp +, pulseSupport ? !stdenv.isDarwin, libpulseaudio +, sdlSupport ? !stdenv.isDarwin, SDL2 +, gtkSupport ? !stdenv.isDarwin && !xenSupport, gtk3, gettext, vte +, vncSupport ? true, libjpeg, libpng +, smartcardSupport ? true, libcacard +, spiceSupport ? !stdenv.isDarwin, spice, spice-protocol +, usbredirSupport ? spiceSupport, usbredir +, xenSupport ? false, xen +, cephSupport ? false, ceph +, openGLSupport ? sdlSupport, mesa_noglu, epoxy, libdrm +, virglSupport ? openGLSupport, virglrenderer +, smbdSupport ? false, samba +, hostCpuOnly ? false +, hostCpuTargets ? (if hostCpuOnly + then (stdenv.lib.optional stdenv.isx86_64 "i386-softmmu" + ++ ["${stdenv.hostPlatform.qemuArch}-softmmu"]) + else null) +, nixosTestRunner ? false +}: + +with stdenv.lib; +let + audio = optionalString (hasSuffix "linux" stdenv.hostPlatform.system) "alsa," + + optionalString pulseSupport "pa," + + optionalString sdlSupport "sdl,"; + +in + +stdenv.mkDerivation rec { + version = "3.1.0"; + name = "qemu-" + + stdenv.lib.optionalString xenSupport "xen-" + + stdenv.lib.optionalString hostCpuOnly "host-cpu-only-" + + stdenv.lib.optionalString nixosTestRunner "for-vm-tests-" + + version; + + src = fetchurl { + url = "https://wiki.qemu.org/download/qemu-${version}.tar.bz2"; + sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq"; + }; + + buildInputs = + [ python2 zlib pkgconfig glib ncurses perl pixman + vde2 texinfo flex bison makeWrapper lzo snappy + gnutls nettle curl + ] + ++ optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ] + ++ optionals seccompSupport [ libseccomp ] + ++ optionals numaSupport [ numactl ] + ++ optionals pulseSupport [ libpulseaudio ] + ++ optionals sdlSupport [ SDL2 ] + ++ optionals gtkSupport [ gtk3 gettext vte ] + ++ optionals vncSupport [ libjpeg libpng ] + ++ optionals smartcardSupport [ libcacard ] + ++ optionals spiceSupport [ spice-protocol spice ] + ++ optionals usbredirSupport [ usbredir ] + ++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ] + ++ optionals xenSupport [ xen ] + ++ optionals cephSupport [ ceph ] + ++ optionals openGLSupport [ mesa_noglu epoxy libdrm ] + ++ optionals virglSupport [ virglrenderer ] + ++ optionals smbdSupport [ samba ]; + + enableParallelBuilding = true; + + outputs = [ "out" "ga" ]; + + patches = [ + ./no-etc-install.patch + ./fix-qemu-ga.patch + ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch + ++ optional pulseSupport ./fix-hda-recording.patch + ++ optionals stdenv.hostPlatform.isMusl [ + (fetchpatch { + url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/xattr_size_max.patch; + sha256 = "1xfdjs1jlvs99hpf670yianb8c3qz2ars8syzyz8f2c2cp5y4bxb"; + }) + (fetchpatch { + url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/musl-F_SHLCK-and-F_EXLCK.patch; + sha256 = "1gm67v41gw6apzgz7jr3zv9z80wvkv0jaxd2w4d16hmipa8bhs0k"; + }) + ./sigrtminmax.patch + (fetchpatch { + url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch; + sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav"; + }) + ]; + + hardeningDisable = [ "stackprotector" ]; + + preConfigure = '' + unset CPP # intereferes with dependency calculation + '' + optionalString stdenv.hostPlatform.isMusl '' + NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H" + ''; + + configureFlags = + [ "--audio-drv-list=${audio}" + "--sysconfdir=/etc" + "--localstatedir=/var" + ] + # disable sysctl check on darwin. + ++ optional stdenv.isDarwin "--cpu=x86_64" + ++ optional numaSupport "--enable-numa" + ++ optional seccompSupport "--enable-seccomp" + ++ optional smartcardSupport "--enable-smartcard" + ++ optional spiceSupport "--enable-spice" + ++ optional usbredirSupport "--enable-usb-redir" + ++ optional (hostCpuTargets != null) "--target-list=${stdenv.lib.concatStringsSep "," hostCpuTargets}" + ++ optional stdenv.isDarwin "--enable-cocoa" + ++ optional stdenv.isDarwin "--enable-hvf" + ++ optional stdenv.isLinux "--enable-linux-aio" + ++ optional gtkSupport "--enable-gtk" + ++ optional xenSupport "--enable-xen" + ++ optional cephSupport "--enable-rbd" + ++ optional openGLSupport "--enable-opengl" + ++ optional virglSupport "--enable-virglrenderer" + ++ optional smbdSupport "--smbd=${samba}/bin/smbd"; + + doCheck = false; # tries to access /dev + + postFixup = + '' + # copy qemu-ga (guest agent) to separate output + mkdir -p $ga/bin + cp $out/bin/qemu-ga $ga/bin/ + ''; + + # Add a ‘qemu-kvm’ wrapper for compatibility/convenience. + postInstall = '' + if [ -x $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} ]; then + makeWrapper $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} \ + $out/bin/qemu-kvm \ + --add-flags "\$([ -e /dev/kvm ] && echo -enable-kvm)" + fi + ''; + + passthru = { + qemu-system-i386 = "bin/qemu-system-i386"; + }; + + meta = with stdenv.lib; { + homepage = http://www.qemu.org/; + description = "A generic and open source machine emulator and virtualizer"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ eelco ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/fix-hda-recording.patch b/nixpkgs/pkgs/applications/virtualization/qemu/fix-hda-recording.patch new file mode 100644 index 000000000000..b4e21f4f3477 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/fix-hda-recording.patch @@ -0,0 +1,34 @@ +diff --git a/audio/paaudio.c b/audio/paaudio.c +index fea6071..c1169d4 100644 +--- a/audio/paaudio.c ++++ b/audio/paaudio.c +@@ -608,6 +608,7 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque) + { + int error; + pa_sample_spec ss; ++ pa_buffer_attr ba; + struct audsettings obt_as = *as; + PAVoiceIn *pa = (PAVoiceIn *) hw; + paaudio *g = pa->g = drv_opaque; +@@ -616,6 +617,12 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque) + ss.channels = as->nchannels; + ss.rate = as->freq; + ++ ba.fragsize = pa_frame_size (&ss) * g->conf.samples; ++ ba.maxlength = 5 * ba.fragsize; ++ ba.tlength = -1; ++ ba.prebuf = -1; ++ ba.minreq = -1; ++ + obt_as.fmt = pa_to_audfmt (ss.format, &obt_as.endianness); + + pa->stream = qpa_simple_new ( +@@ -625,7 +632,7 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque) + g->conf.source, + &ss, + NULL, /* channel map */ +- NULL, /* buffering attributes */ ++ &ba, /* buffering attributes */ + &error + ); + if (!pa->stream) { diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch b/nixpkgs/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch new file mode 100644 index 000000000000..c2f051e2b944 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch @@ -0,0 +1,22 @@ +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index 0dc219d..9d020d3 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -102,6 +102,8 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + reopen_fd_to_null(1); + reopen_fd_to_null(2); + ++ execle("/run/current-system/sw/bin/shutdown", "shutdown", "-h", shutdown_flag, "+0", ++ "hypervisor initiated shutdown", (char*)NULL, environ); + execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", + "hypervisor initiated shutdown", (char*)NULL, environ); + _exit(EXIT_FAILURE); +@@ -189,6 +191,8 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp) + + /* Use '/sbin/hwclock -w' to set RTC from the system time, + * or '/sbin/hwclock -s' to set the system time from RTC. */ ++ execle("/run/current-system/sw/bin/hwclock", "hwclock", has_time ? "-w" : "-s", ++ NULL, environ); + execle("/sbin/hwclock", "hwclock", has_time ? "-w" : "-s", + NULL, environ); + _exit(EXIT_FAILURE); diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch b/nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch new file mode 100644 index 000000000000..33c4ffff6fe5 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch @@ -0,0 +1,81 @@ +diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c +index 45e9a1f9b0..494ee00c66 100644 +--- a/hw/9pfs/9p-local.c ++++ b/hw/9pfs/9p-local.c +@@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags) + + #define VIRTFS_META_DIR ".virtfs_metadata" + ++static int is_in_store_path(const char *path) ++{ ++ static char *store_path = NULL; ++ int store_path_len = -1; ++ ++ if (store_path_len == -1) { ++ if ((store_path = getenv("NIX_STORE")) != NULL) ++ store_path_len = strlen(store_path); ++ else ++ store_path_len = 0; ++ } ++ ++ if (store_path_len > 0) ++ return strncmp(path, store_path, strlen(store_path)) == 0; ++ return 0; ++} ++ + static FILE *local_fopenat(int dirfd, const char *name, const char *mode) + { + int fd, o_mode = 0; +@@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) + if (err) { + goto err_out; + } ++ stbuf->st_uid = 0; ++ stbuf->st_gid = 0; + if (fs_ctx->export_flags & V9FS_SM_MAPPED) { + /* Actual credentials are part of extended attrs */ + uid_t tmp_uid; +@@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode) + { + int fd, ret; + ++ if (is_in_store_path(name)) ++ return 0; ++ + /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW). + * Unfortunately, the linux kernel doesn't implement it yet. As an + * alternative, let's open the file and use fchmod() instead. This +@@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, + if (err) { + return err; + } ++ stbuf->st_uid = 0; ++ stbuf->st_gid = 0; + if (fs_ctx->export_flags & V9FS_SM_MAPPED) { + /* Actual credentials are part of extended attrs */ + uid_t tmp_uid; +@@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, + if (err) { + goto out; + } +- err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, +- AT_SYMLINK_NOFOLLOW); ++ if (is_in_store_path(name)) ++ err = 0; ++ else ++ err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, ++ AT_SYMLINK_NOFOLLOW); + if (err == -1) { + /* + * If we fail to change ownership and if we are +@@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) + goto out; + } + +- if ((credp->fc_uid == -1 && credp->fc_gid == -1) || ++ if (is_in_store_path(name)) { ++ ret = 0; ++ } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) || + (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || + (fs_ctx->export_flags & V9FS_SM_NONE)) { + ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/no-etc-install.patch b/nixpkgs/pkgs/applications/virtualization/qemu/no-etc-install.patch new file mode 100644 index 000000000000..47b4b3176dc8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/no-etc-install.patch @@ -0,0 +1,10 @@ +--- a/Makefile ++++ b/Makefile +@@ -597,7 +597,7 @@ + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/sigrtminmax.patch b/nixpkgs/pkgs/applications/virtualization/qemu/sigrtminmax.patch new file mode 100644 index 000000000000..41050447ac64 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/sigrtminmax.patch @@ -0,0 +1,30 @@ +From 2697fcc42546e814a2d2617671cb8398b15256fb Mon Sep 17 00:00:00 2001 +From: Will Dietz <w@wdtz.org> +Date: Fri, 17 Aug 2018 00:22:35 -0500 +Subject: [PATCH] quick port __SIGRTMIN/__SIGRTMAX patch for qemu 3.0 + +--- + linux-user/signal.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/linux-user/signal.c b/linux-user/signal.c +index 602b631b92..87f9240134 100644 +--- a/linux-user/signal.c ++++ b/linux-user/signal.c +@@ -26,6 +26,13 @@ + #include "trace.h" + #include "signal-common.h" + ++#ifndef __SIGRTMIN ++#define __SIGRTMIN 32 ++#endif ++#ifndef __SIGRTMAX ++#define __SIGRTMAX (NSIG-1) ++#endif ++ + struct target_sigaltstack target_sigaltstack_used = { + .ss_sp = 0, + .ss_size = 0, +-- +2.18.0 + diff --git a/nixpkgs/pkgs/applications/virtualization/railcar/cargo-lock.patch b/nixpkgs/pkgs/applications/virtualization/railcar/cargo-lock.patch new file mode 100644 index 000000000000..bb9d5420f32a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/railcar/cargo-lock.patch @@ -0,0 +1,435 @@ +From 97e1e2ca82c20317a6de1f345d2fb0adcde0b7fd Mon Sep 17 00:00:00 2001 +From: Katharina Fey <kookie@spacekookie.de> +Date: Mon, 10 Dec 2018 17:42:58 +0100 +Subject: [PATCH] Adding `Cargo.lock` for release `v1.0.4` + +--- + Cargo.lock | 416 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 416 insertions(+) + create mode 100644 Cargo.lock + +diff --git a/Cargo.lock b/Cargo.lock +new file mode 100644 +index 0000000..bf6aa0e +--- /dev/null ++++ b/Cargo.lock +@@ -0,0 +1,416 @@ ++[[package]] ++name = "ansi_term" ++version = "0.11.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "atty" ++version = "0.2.11" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "backtrace" ++version = "0.3.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "backtrace-sys" ++version = "0.1.24" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "bitflags" ++version = "0.7.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "bitflags" ++version = "1.0.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "caps" ++version = "0.0.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", ++ "enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", ++ "error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "cc" ++version = "1.0.25" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "cfg-if" ++version = "0.1.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "clap" ++version = "2.32.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", ++ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", ++ "vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "custom_derive" ++version = "0.1.7" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "dtoa" ++version = "0.4.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "enum_derive" ++version = "0.1.7" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "error-chain" ++version = "0.8.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "error-chain" ++version = "0.10.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "itoa" ++version = "0.3.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "lazy_static" ++version = "0.2.11" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "libc" ++version = "0.2.45" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "log" ++version = "0.3.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "log" ++version = "0.4.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "nix" ++version = "0.8.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "nix" ++version = "0.12.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "num-traits" ++version = "0.1.43" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "num-traits" ++version = "0.2.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "oci" ++version = "0.1.0" ++dependencies = [ ++ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "prctl" ++version = "1.0.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "quote" ++version = "0.3.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "railcar" ++version = "1.0.4" ++dependencies = [ ++ "caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", ++ "nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++ "oci 0.1.0", ++ "prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "redox_syscall" ++version = "0.1.43" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "redox_termios" ++version = "0.1.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "rustc-demangle" ++version = "0.1.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "scopeguard" ++version = "0.3.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "seccomp-sys" ++version = "0.1.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "serde" ++version = "0.9.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "serde_codegen_internals" ++version = "0.14.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "serde_derive" ++version = "0.9.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)", ++ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "serde_json" ++version = "0.9.10" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "strsim" ++version = "0.7.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "syn" ++version = "0.11.11" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "synom" ++version = "0.11.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "termion" ++version = "1.5.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++ "redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "textwrap" ++version = "0.10.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "unicode-width" ++version = "0.1.5" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "unicode-xid" ++version = "0.0.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "vec_map" ++version = "0.8.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "void" ++version = "1.0.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "winapi" ++version = "0.3.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "winapi-i686-pc-windows-gnu" ++version = "0.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "winapi-x86_64-pc-windows-gnu" ++version = "0.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[metadata] ++"checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" ++"checksum atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "9a7d5b8723950951411ee34d271d99dddcc2035a16ab25310ea2c8cfd4369652" ++"checksum backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "89a47830402e9981c5c41223151efcced65a0510c13097c769cede7efb34782a" ++"checksum backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)" = "c66d56ac8dabd07f6aacdaf633f4b8262f5b3601a810a0dcddffd5c22c69daa0" ++"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d" ++"checksum bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "228047a76f468627ca71776ecdebd732a3423081fcf5125585bcd7c49886ce12" ++"checksum caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2c238ba41e8d1d354c8576228110585046ae379efd7af972932993d5c1d41c7d" ++"checksum cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)" = "f159dfd43363c4d08055a07703eb7a3406b0dac4d0584d96965a3262db3c9d16" ++"checksum cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "082bb9b28e00d3c9d39cc03e64ce4cea0f1bb9b3fde493f0cbc008472d22bdf4" ++"checksum clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b957d88f4b6a63b9d70d5f454ac8011819c6efa7727858f458ab71c756ce2d3e" ++"checksum custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "ef8ae57c4978a2acd8b869ce6b9ca1dfe817bff704c220209fdef2c0b75a01b9" ++"checksum dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6d301140eb411af13d3115f9a562c85cc6b541ade9dfa314132244aaee7489dd" ++"checksum enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "406ac2a8c9eedf8af9ee1489bee9e50029278a6456c740f7454cf8a158abc816" ++"checksum error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9435d864e017c3c6afeac1654189b06cdb491cf2ff73dbf0d73b0f292f42ff8" ++"checksum error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6930e04918388a9a2e41d518c25cf679ccafe26733fb4127dbf21993f2575d46" ++"checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c" ++"checksum lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73" ++"checksum libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)" = "2d2857ec59fadc0773853c664d2d18e7198e83883e7060b63c924cb077bd5c74" ++"checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b" ++"checksum log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c84ec4b527950aa83a329754b01dbe3f58361d1c5efacd1f6d68c494d08a17c6" ++"checksum nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "921f61dc817b379d0834e45d5ec45beaacfae97082090a49c2cf30dcbc30206f" ++"checksum nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "47e49f6982987135c5e9620ab317623e723bd06738fd85377e8d55f57c8b6487" ++"checksum num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31" ++"checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1" ++"checksum prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52" ++"checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a" ++"checksum redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "679da7508e9a6390aeaf7fbd02a800fdc64b73fe2204dd2c8ae66d22d9d5ad5d" ++"checksum redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7e891cfe48e9100a70a3b6eb652fef28920c117d366339687bd5576160db0f76" ++"checksum rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "bcfe5b13211b4d78e5c2cadfebd7769197d95c639c35a50057eb4c05de811395" ++"checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27" ++"checksum seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d4082b110d25cf281ddbf78dc56e1a65c929fd72ac6c2deb1a4c20a23999dfa" ++"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af" ++"checksum serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bc888bd283bd2420b16ad0d860e35ad8acb21941180a83a189bb2046f9d00400" ++"checksum serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "978fd866f4d4872084a81ccc35e275158351d3b9fe620074e7d7504b816b74ba" ++"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1" ++"checksum strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bb4f380125926a99e52bc279241539c018323fab05ad6368b56f93d9369ff550" ++"checksum syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)" = "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad" ++"checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6" ++"checksum termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "689a3bdfaab439fd92bc87df5c4c78417d3cbe537487274e9b0b2dce76e92096" ++"checksum textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "307686869c93e71f94da64286f9a9524c0f308a9e1c87a583de8e9c9039ad3f6" ++"checksum unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "882386231c45df4700b275c7ff55b6f3698780a650026380e72dabe76fa46526" ++"checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc" ++"checksum vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a" ++"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" ++"checksum winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "92c1eb33641e276cfa214a0522acad57be5c56b10cb348b3c5117db75f3ac4b0" ++"checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" ++"checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +-- +2.17.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/railcar/default.nix b/nixpkgs/pkgs/applications/virtualization/railcar/default.nix new file mode 100644 index 000000000000..517a8e39a1e9 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/railcar/default.nix @@ -0,0 +1,28 @@ +{ stdenv, lib, fetchFromGitHub, fetchpatch, rustPlatform, libseccomp }: + +rustPlatform.buildRustPackage rec { + name = "railcar-${version}"; + version = "1.0.4"; + + src = fetchFromGitHub { + owner = "oracle"; + repo = "railcar"; + rev = "v${version}"; + sha256 = "09zn160qxd7760ii6rs5nhr00qmaz49x1plclscznxh9hinyjyh9"; + }; + + cargoSha256 = "16f3ys0zzha8l5jdklmrqivl8hmrb9qgqgzcm3jn06v45hls9lan"; + + buildInputs = [ libseccomp ]; + + # Submitted upstream https://github.com/oracle/railcar/pull/44 + cargoPatches = [ ./cargo-lock.patch ]; + + meta = with lib; { + description = "Rust implementation of the Open Containers Initiative oci-runtime"; + homepage = https://github.com/oracle/railcar; + license = with licenses; [ asl20 /* or */ upl ]; + maintainers = [ maintainers.spacekookie ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/remotebox/default.nix b/nixpkgs/pkgs/applications/virtualization/remotebox/default.nix new file mode 100644 index 000000000000..8777f7cc2db2 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/remotebox/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + name = "remotebox-${version}"; + version = "2.6"; + + src = fetchurl { + url = "http://remotebox.knobgoblin.org.uk/downloads/RemoteBox-${version}.tar.bz2"; + sha256 = "1bbdnf13vp35ddfmk4pn167vfxgmdw0fd8bqg51wd8dd4cj8y3wp"; + }; + + buildInputs = with perlPackages; [ perl Glib Gtk2 Pango SOAPLite ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -pv $out/bin + + substituteInPlace remotebox --replace "\$Bin/" "\$Bin/../" + install -v -t $out/bin remotebox + wrapProgram $out/bin/remotebox --prefix PERL5LIB : $PERL5LIB + + cp -av docs/ share/ $out + + mkdir -pv $out/share/applications + cp -pv packagers-readme/*.desktop $out/share/applications + ''; + + meta = with stdenv.lib; { + description = "VirtualBox client with remote management"; + homepage = http://remotebox.knobgoblin.org.uk/; + license = licenses.gpl2Plus; + longDescription = '' + VirtualBox is traditionally considered to be a virtualization solution + aimed at the desktop. While it is certainly possible to install + VirtualBox on a server, it offers few remote management features beyond + using the vboxmanage command line. + RemoteBox aims to fill this gap by providing a graphical VirtualBox + client which is able to manage a VirtualBox server installation. + ''; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/rkt/default.nix b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix new file mode 100644 index 000000000000..42aad06d0c05 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix @@ -0,0 +1,73 @@ +{ stdenv, lib, autoreconfHook, acl, go, file, git, wget, gnupg1, trousers, squashfsTools, + cpio, fetchurl, fetchFromGitHub, iptables, systemd, makeWrapper, glibc }: + +let + # Always get the information from + # https://github.com/coreos/rkt/blob/v${VERSION}/stage1/usr_from_coreos/coreos-common.mk + coreosImageRelease = "1478.0.0"; + coreosImageSystemdVersion = "233"; + + # TODO: track https://github.com/coreos/rkt/issues/1758 to allow "host" flavor. + stage1Flavours = [ "coreos" "fly" ]; + stage1Dir = "lib/rkt/stage1-images"; + +in stdenv.mkDerivation rec { + version = "1.30.0"; + name = "rkt-${version}"; + BUILDDIR="build-${name}"; + + src = fetchFromGitHub { + owner = "coreos"; + repo = "rkt"; + rev = "v${version}"; + sha256 = "0dqf83b7iin1np8k8k1m8i99ybga8vx932q7n2q64yghkw7p6i00"; + }; + + stage1BaseImage = fetchurl { + url = "http://alpha.release.core-os.net/amd64-usr/${coreosImageRelease}/coreos_production_pxe_image.cpio.gz"; + sha256 = "0s4qdkkfp0iirfnm5ds3b3hxq0249kvpygyhflma8z90ivkzk5wq"; + }; + + buildInputs = [ + glibc.out glibc.static + autoreconfHook go file git wget gnupg1 trousers squashfsTools cpio acl systemd + makeWrapper + ]; + + preConfigure = '' + ./autogen.sh + configureFlagsArray=( + --with-stage1-flavors=${builtins.concatStringsSep "," stage1Flavours} + ${if lib.findFirst (p: p == "coreos") null stage1Flavours != null then " + --with-coreos-local-pxe-image-path=${stage1BaseImage} + --with-coreos-local-pxe-image-systemd-version=v${coreosImageSystemdVersion} + " else "" } + --with-stage1-default-location=$out/${stage1Dir}/stage1-${builtins.elemAt stage1Flavours 0}.aci + ); + ''; + + preBuild = '' + export BUILDDIR + export GOCACHE="$TMPDIR/go-cache" + ''; + + installPhase = '' + mkdir -p $out/bin + cp -Rv $BUILDDIR/target/bin/rkt $out/bin + + mkdir -p $out/lib/rkt/stage1-images/ + cp -Rv $BUILDDIR/target/bin/stage1-*.aci $out/${stage1Dir}/ + + wrapProgram $out/bin/rkt \ + --prefix LD_LIBRARY_PATH : "${systemd.lib}/lib:${acl.out}/lib" \ + --prefix PATH : ${iptables}/bin + ''; + + meta = with lib; { + description = "A fast, composable, and secure App Container runtime for Linux"; + homepage = https://github.com/coreos/rkt; + license = licenses.asl20; + maintainers = with maintainers; [ ragge steveej ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/runc/default.nix b/nixpkgs/pkgs/applications/virtualization/runc/default.nix new file mode 100644 index 000000000000..b89ef1dd7bff --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/runc/default.nix @@ -0,0 +1,59 @@ +{ stdenv, lib, fetchFromGitHub, buildGoPackage, go-md2man +, pkgconfig, libapparmor, apparmor-parser, libseccomp, which }: + +with lib; + +buildGoPackage rec { + name = "runc-${version}"; + version = "1.0.0-rc6"; + + src = fetchFromGitHub { + owner = "opencontainers"; + repo = "runc"; + rev = "v${version}"; + sha256 = "1jwacb8xnmx5fr86gximhbl9dlbdwj3rpf27hav9q1si86w5pb1j"; + }; + + goPackagePath = "github.com/opencontainers/runc"; + outputs = [ "bin" "out" "man" ]; + + hardeningDisable = ["fortify"]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ go-md2man libseccomp libapparmor apparmor-parser which ]; + + makeFlags = ''BUILDTAGS+=seccomp BUILDTAGS+=apparmor''; + + buildPhase = '' + cd go/src/${goPackagePath} + patchShebangs . + substituteInPlace libcontainer/apparmor/apparmor.go \ + --replace /sbin/apparmor_parser ${apparmor-parser}/bin/apparmor_parser + make ${makeFlags} runc + ''; + + installPhase = '' + install -Dm755 runc $bin/bin/runc + + # Include contributed man pages + man/md2man-all.sh -q + manRoot="$man/share/man" + mkdir -p "$manRoot" + for manDir in man/man?; do + manBase="$(basename "$manDir")" # "man1" + for manFile in "$manDir"/*; do + manName="$(basename "$manFile")" # "docker-build.1" + mkdir -p "$manRoot/$manBase" + gzip -c "$manFile" > "$manRoot/$manBase/$manName.gz" + done + done + ''; + + meta = { + homepage = https://runc.io/; + description = "A CLI tool for spawning and running containers according to the OCI specification"; + license = licenses.asl20; + maintainers = with maintainers; [ offline vdemeester ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/seabios/default.nix b/nixpkgs/pkgs/applications/virtualization/seabios/default.nix new file mode 100644 index 000000000000..5aa73528e9d7 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/seabios/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, iasl, python }: + +stdenv.mkDerivation rec { + + name = "seabios-${version}"; + version = "1.11.0"; + + src = fetchurl { + url = "http://code.coreboot.org/p/seabios/downloads/get/${name}.tar.gz"; + sha256 = "1xwvp77djxbxbxg82hzj26pv6zka3556vkdcp09hnfwapcp46av2"; + }; + + buildInputs = [ iasl python ]; + + hardeningDisable = [ "pic" "stackprotector" "fortify" ]; + + configurePhase = '' + # build SeaBIOS for CSM + cat > .config << EOF + CONFIG_CSM=y + CONFIG_QEMU_HARDWARE=y + CONFIG_PERMIT_UNALIGNED_PCIROM=y + EOF + + make olddefconfig + ''; + + installPhase = '' + mkdir $out + cp out/Csm16.bin $out/Csm16.bin + ''; + + meta = with stdenv.lib; { + description = "Open source implementation of a 16bit X86 BIOS"; + longDescription = '' + SeaBIOS is an open source implementation of a 16bit X86 BIOS. + It can run in an emulator or it can run natively on X86 hardware with the use of coreboot. + SeaBIOS is the default BIOS for QEMU and KVM. + ''; + homepage = http://www.seabios.org; + license = licenses.lgpl3; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "i686-linux" "x86_64-linux" ]; + }; +} + diff --git a/nixpkgs/pkgs/applications/virtualization/singularity/default.nix b/nixpkgs/pkgs/applications/virtualization/singularity/default.nix new file mode 100644 index 000000000000..ab9416fd3d68 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/singularity/default.nix @@ -0,0 +1,78 @@ +{stdenv +, removeReferencesTo +, lib +, fetchgit +, fetchFromGitHub +, utillinux +, openssl +, coreutils +, gawk +, go +, which +, makeWrapper +, squashfsTools +, buildGoPackage}: + +with lib; + +buildGoPackage rec { + name = "singularity-${version}"; + version = "3.0.1"; + + src = fetchFromGitHub { + owner = "sylabs"; + repo = "singularity"; + rev = "v${version}"; + sha256 = "1wpsd0il2ipa2n5cnbj8dzs095jycdryq2rx62kikbq7ahzz4fsi"; + }; + + goPackagePath = "github.com/sylabs/singularity"; + goDeps = ./deps.nix; + + buildInputs = [ openssl ]; + nativeBuildInputs = [ removeReferencesTo utillinux which makeWrapper ]; + propagatedBuildInputs = [ coreutils squashfsTools ]; + + postConfigure = '' + find . -name vendor -type d -print0 | xargs -0 rm -rf + + cd go/src/github.com/sylabs/singularity + + patchShebangs . + sed -i 's|defaultEnv := "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"|defaultEnv := "${stdenv.lib.makeBinPath propagatedBuildInputs}"|' src/cmd/singularity/cli/singularity.go + + ./mconfig -V ${version} -p $bin --localstatedir=/var + touch builddir/.dep-done + touch builddir/vendors-done + + # Don't install SUID binaries + sed -i 's/-m 4755/-m 755/g' builddir/Makefile + + # Point to base gopath + sed -i "s|^cni_vendor_GOPATH :=.*\$|cni_vendor_GOPATH := $NIX_BUILD_TOP/go/src/github.com/containernetworking/plugins/plugins|" builddir/Makefile + ''; + + buildPhase = '' + make -C builddir + ''; + + installPhase = '' + make -C builddir install LOCALSTATEDIR=$bin/var + chmod 755 $bin/libexec/singularity/bin/starter-suid + ''; + + postFixup = '' + find $bin/ -type f -executable -exec remove-references-to -t ${go} '{}' + || true + + # These etc scripts shouldn't have their paths patched + cp etc/actions/* $bin/etc/singularity/actions/ + ''; + + meta = with stdenv.lib; { + homepage = http://www.sylabs.io/; + description = "Application containers for linux"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = [ maintainers.jbedo ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/singularity/deps.nix b/nixpkgs/pkgs/applications/virtualization/singularity/deps.nix new file mode 100644 index 000000000000..526202e75ae5 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/singularity/deps.nix @@ -0,0 +1,669 @@ +# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +[ + { + goPackagePath = "github.com/Microsoft/go-winio"; + fetch = { + type = "git"; + url = "https://github.com/Microsoft/go-winio"; + rev = "7da180ee92d8bd8bb8c37fc560e673e6557c392f"; + sha256 = "19gjjhmzswhm11wzj38r5alxypmflmy0z42flhc3czhmmwv7b1av"; + }; + } + { + goPackagePath = "github.com/alexflint/go-filemutex"; + fetch = { + type = "git"; + url = "https://github.com/alexflint/go-filemutex"; + rev = "d358565f3c3f5334209f1e80693e4f621650c489"; + sha256 = "19fzbm0x8821awsmqj9ig49dxxkd72p1yfqbijmdwwszvw2r0ggz"; + }; + } + { + goPackagePath = "github.com/beorn7/perks"; + fetch = { + type = "git"; + url = "https://github.com/beorn7/perks"; + rev = "3a771d992973f24aa725d07868b467d1ddfceafb"; + sha256 = "1l2lns4f5jabp61201sh88zf3b0q793w4zdgp9nll7mmfcxxjif3"; + }; + } + { + goPackagePath = "github.com/blang/semver"; + fetch = { + type = "git"; + url = "https://github.com/blang/semver"; + rev = "2ee87856327ba09384cabd113bc6b5d174e9ec0f"; + sha256 = "13ws259bwcibkclbr82ilhk6zadm63kxklxhk12wayklj8ghhsmy"; + }; + } + { + goPackagePath = "github.com/containerd/cgroups"; + fetch = { + type = "git"; + url = "https://github.com/containerd/cgroups"; + rev = "5017d4e9a9cf2d4381db99eacd9baf84b95bfb14"; + sha256 = "02pvcmj91j3maa9j1v91m2z9kpa6p822h06r007b3pl7h0paiqnj"; + }; + } + { + goPackagePath = "github.com/containerd/continuity"; + fetch = { + type = "git"; + url = "https://github.com/containerd/continuity"; + rev = "246e49050efdf45e8f17fbbcf1547ee376f9939e"; + sha256 = "1zc1f0yixf32lprp5r77z2j9xq7fk0hijq8xzl08j4zrk0fcy8aq"; + }; + } + { + goPackagePath = "github.com/containernetworking/cni"; + fetch = { + type = "git"; + url = "https://github.com/containernetworking/cni"; + rev = "a7885cb6f8ab03fba07852ded351e4f5e7a112bf"; + sha256 = "00ajs2r5r2z3l0vqwxrcwhjfc9px12qbcv5vnvs2mdipvvls1y2y"; + }; + } + { + goPackagePath = "github.com/containernetworking/plugins"; + fetch = { + type = "git"; + url = "https://github.com/containernetworking/plugins"; + rev = "2b8b1ac0af4568e928d96ccc5f47b075416eeabd"; + sha256 = "1yl9m8pwjmqxj3hf0w9s6rykszhcww54z07yjgxzabmqf2dhchxv"; + }; + } + { + goPackagePath = "github.com/containers/image"; + fetch = { + type = "git"; + url = "https://github.com/containers/image"; + rev = "2e4f799f5eba49a2498d2793cfb2a4bc823ca3f6"; + sha256 = "0b9symgbkd2vgvp7mfpz1l03i2zivwbc5ycccwv78b1ikk9m6b75"; + }; + } + { + goPackagePath = "github.com/containers/storage"; + fetch = { + type = "git"; + url = "https://github.com/containers/storage"; + rev = "88d80428f9b146f8f9fe7e2e8cc8688a5aae1a4e"; + sha256 = "13fagjisbg55dhgjd72h0hiy6jfg8ggkcnjl5haqj13c2gkf6sam"; + }; + } + { + goPackagePath = "github.com/coreos/go-iptables"; + fetch = { + type = "git"; + url = "https://github.com/coreos/go-iptables"; + rev = "b5b1876b170881a8259f036445ee89c8669db386"; + sha256 = "1s1c04x47pk3168606x4vkg4avs8a7m407hpha8py1xni08cgb6m"; + }; + } + { + goPackagePath = "github.com/coreos/go-systemd"; + fetch = { + type = "git"; + url = "https://github.com/coreos/go-systemd"; + rev = "39ca1b05acc7ad1220e09f133283b8859a8b71ab"; + sha256 = "1kzqrrzqspa5qm7kwslxl3m16lqzns23c24rv474ajzwmj3ixmx1"; + }; + } + { + goPackagePath = "github.com/cpuguy83/go-md2man"; + fetch = { + type = "git"; + url = "https://github.com/cpuguy83/go-md2man"; + rev = "20f5889cbdc3c73dbd2862796665e7c465ade7d1"; + sha256 = "1w22dfdamsq63b5rvalh9k2y7rbwfkkjs7vm9vd4a13h2ql70lg2"; + }; + } + { + goPackagePath = "github.com/d2g/dhcp4"; + fetch = { + type = "git"; + url = "https://github.com/d2g/dhcp4"; + rev = "a1d1b6c41b1ce8a71a5121a9cee31809c4707d9c"; + sha256 = "191hzw6yqzkm042h6miyycq3g0zrhqjhhpl27f8vhwzp4wanasiz"; + }; + } + { + goPackagePath = "github.com/d2g/dhcp4client"; + fetch = { + type = "git"; + url = "https://github.com/d2g/dhcp4client"; + rev = "e612998962035b93ba16cfd1ad2f3221985c1b8c"; + sha256 = "1612wh99fblc9ashmm6mjc9110fhal95z0mn9qn7av3px13yd9fs"; + }; + } + { + goPackagePath = "github.com/docker/distribution"; + fetch = { + type = "git"; + url = "https://github.com/docker/distribution"; + rev = "749f6afb4572201e3c37325d0ffedb6f32be8950"; + sha256 = "05jn2wvikyw0pbmi74w5axr0zgxn5y3ynn9rhsq87rmwqj7raxhd"; + }; + } + { + goPackagePath = "github.com/docker/docker"; + fetch = { + type = "git"; + url = "https://github.com/docker/docker"; + rev = "da99009bbb1165d1ac5688b5c81d2f589d418341"; + sha256 = "02hhx7s8vm45rcl2mx9xamkncl2pb6qhsmz35mffbg4n6l5rn5x5"; + }; + } + { + goPackagePath = "github.com/docker/docker-credential-helpers"; + fetch = { + type = "git"; + url = "https://github.com/docker/docker-credential-helpers"; + rev = "d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1"; + sha256 = "1ff829h5p1j6qiivjvnwyiybrff3dddv1ij71nz5whmgavdqgd49"; + }; + } + { + goPackagePath = "github.com/docker/go-connections"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-connections"; + rev = "3ede32e2033de7505e6500d6c868c2b9ed9f169d"; + sha256 = "0v1pkr8apwmhyzbjfriwdrs1ihlk6pw7izm57r24mf9jdmg3fyb0"; + }; + } + { + goPackagePath = "github.com/docker/go-metrics"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-metrics"; + rev = "399ea8c73916000c64c2c76e8da00ca82f8387ab"; + sha256 = "0najfy92fq05b330cnjk5b326yi7dnnmvzfk6g5lsa1fci78yzw4"; + }; + } + { + goPackagePath = "github.com/docker/go-units"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-units"; + rev = "47565b4f722fb6ceae66b95f853feed578a4a51c"; + sha256 = "0npxsb3pp89slwf4a73fxm20hykad8xggij6i6hcd5jy19bjrd93"; + }; + } + { + goPackagePath = "github.com/docker/libtrust"; + fetch = { + type = "git"; + url = "https://github.com/docker/libtrust"; + rev = "aabc10ec26b754e797f9028f4589c5b7bd90dc20"; + sha256 = "1lwslbggzc2b0c4wxl5pn6i2nfgz5jz8f7s7vnid9mrlsk59h7s1"; + }; + } + { + goPackagePath = "github.com/ghodss/yaml"; + fetch = { + type = "git"; + url = "https://github.com/ghodss/yaml"; + rev = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"; + sha256 = "0skwmimpy7hlh7pva2slpcplnm912rp3igs98xnqmn859kwa5v8g"; + }; + } + { + goPackagePath = "github.com/globalsign/mgo"; + fetch = { + type = "git"; + url = "https://github.com/globalsign/mgo"; + rev = "113d3961e7311526535a1ef7042196563d442761"; + sha256 = "0m05ay993vv2jkc46bbdnq371s5jc0an2cycsj7p3b6lmv84jk9f"; + }; + } + { + goPackagePath = "github.com/godbus/dbus"; + fetch = { + type = "git"; + url = "https://github.com/godbus/dbus"; + rev = "a389bdde4dd695d414e47b755e95e72b7826432c"; + sha256 = "1ckvg15zdsgmbn4mi36cazkb407ixc9mmyf7vwj8b8wi3d00rgn9"; + }; + } + { + goPackagePath = "github.com/gogo/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/gogo/protobuf"; + rev = "1adfc126b41513cc696b209667c8656ea7aac67c"; + sha256 = "1j7azzlnihcvnd1apw5zr0bz30h7n0gyimqqkgc76vzb1n5dpi7m"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "b4deda0973fb4c70b50d226b1af49f3da59f5265"; + sha256 = "0ya4ha7m20bw048m1159ppqzlvda4x0vdprlbk5sdgmy74h3xcdq"; + }; + } + { + goPackagePath = "github.com/gorilla/context"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/context"; + rev = "08b5f424b9271eedf6f9f0ce86cb9396ed337a42"; + sha256 = "03p4hn87vcmfih0p9w663qbx9lpsf7i7j3lc7yl7n84la3yz63m4"; + }; + } + { + goPackagePath = "github.com/gorilla/mux"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/mux"; + rev = "e3702bed27f0d39777b0b37b664b6280e8ef8fbf"; + sha256 = "0pvzm23hklxysspnz52mih6h1q74vfrdhjfm1l3sa9r8hhqmmld2"; + }; + } + { + goPackagePath = "github.com/gorilla/websocket"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/websocket"; + rev = "ea4d1f681babbce9545c9c5f3d5194a789c89f5b"; + sha256 = "1bhgs2542qs49p1dafybqxfs2qc072xv41w5nswyrknwyjxxs2a1"; + }; + } + { + goPackagePath = "github.com/hashicorp/errwrap"; + fetch = { + type = "git"; + url = "https://github.com/hashicorp/errwrap"; + rev = "7554cd9344cec97297fa6649b055a8c98c2a1e55"; + sha256 = "0kmv0p605di6jc8i1778qzass18m0mv9ks9vxxrfsiwcp4la82jf"; + }; + } + { + goPackagePath = "github.com/hashicorp/go-multierror"; + fetch = { + type = "git"; + url = "https://github.com/hashicorp/go-multierror"; + rev = "b7773ae218740a7be65057fc60b366a49b538a44"; + sha256 = "09904bk7ac6qs9dgiv23rziq9h3makb9qg4jvxr71rlydsd7psfd"; + }; + } + { + goPackagePath = "github.com/inconshreveable/mousetrap"; + fetch = { + type = "git"; + url = "https://github.com/inconshreveable/mousetrap"; + rev = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"; + sha256 = "1mn0kg48xkd74brf48qf5hzp0bc6g8cf5a77w895rl3qnlpfw152"; + }; + } + { + goPackagePath = "github.com/j-keck/arping"; + fetch = { + type = "git"; + url = "https://github.com/j-keck/arping"; + rev = "2cf9dc699c5640a7e2c81403a44127bf28033600"; + sha256 = "1bid8mpx3j4546ni0a6q5xyz7hb854g95qnxqmg5jzs9vrcird3c"; + }; + } + { + goPackagePath = "github.com/kubernetes-sigs/cri-o"; + fetch = { + type = "git"; + url = "https://github.com/kubernetes-sigs/cri-o"; + rev = "8afc34092907d146906fcc31af112b2b46e7b5cd"; + sha256 = "0ghcjvk7grdcwb1936mnj56a7rla804glfknid9kmr3kgny3yi43"; + }; + } + { + goPackagePath = "github.com/magiconair/properties"; + fetch = { + type = "git"; + url = "https://github.com/magiconair/properties"; + rev = "c2353362d570a7bfa228149c62842019201cfb71"; + sha256 = "1a10362wv8a8qwb818wygn2z48lgzch940hvpv81hv8gc747ajxn"; + }; + } + { + goPackagePath = "github.com/mattn/go-runewidth"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-runewidth"; + rev = "9e777a8366cce605130a531d2cd6363d07ad7317"; + sha256 = "0vkrfrz3fzn5n6ix4k8s0cg0b448459sldq8bp4riavsxm932jzb"; + }; + } + { + goPackagePath = "github.com/mattn/go-shellwords"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-shellwords"; + rev = "02e3cf038dcea8290e44424da473dd12be796a8a"; + sha256 = "1pg7pl25wvpl2dbpyrv9p1r7prnqimxlf6136vn0dfm54j2x4mnr"; + }; + } + { + goPackagePath = "github.com/matttproud/golang_protobuf_extensions"; + fetch = { + type = "git"; + url = "https://github.com/matttproud/golang_protobuf_extensions"; + rev = "c12348ce28de40eed0136aa2b644d0ee0650e56c"; + sha256 = "1d0c1isd2lk9pnfq2nk0aih356j30k3h1gi2w0ixsivi5csl7jya"; + }; + } + { + goPackagePath = "github.com/mtrmac/gpgme"; + fetch = { + type = "git"; + url = "https://github.com/mtrmac/gpgme"; + rev = "b2432428689ca58c2b8e8dea9449d3295cf96fc9"; + sha256 = "0hs9gfwf3cmnvmmxb485icwlv8h8xnny3p52bj7qwv251pvwsnaf"; + }; + } + { + goPackagePath = "github.com/opencontainers/go-digest"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/go-digest"; + rev = "279bed98673dd5bef374d3b6e4b09e2af76183bf"; + sha256 = "01gc7fpn8ax429024p2fcx3yb18axwz5bjf2hqxlii1jbsgw4bh9"; + }; + } + { + goPackagePath = "github.com/opencontainers/image-spec"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/image-spec"; + rev = "e562b04403929d582d449ae5386ff79dd7961a11"; + sha256 = "0j24nk975di8hcv6ycn2p2hhw1xdiy4bpxamr6wn12k21kadlp7s"; + }; + } + { + goPackagePath = "github.com/opencontainers/image-tools"; + fetch = { + type = "git"; + url = "https://github.com/sylabs/image-tools"; + rev = "2814f498056809a9d5baaf76d1d82312180a5888"; + sha256 = "0q3ljb51df5hc58rhp5xni2gsy3gkxn47d9dwyfcffnq8kpf9d8a"; + }; + } + { + goPackagePath = "github.com/opencontainers/runc"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/runc"; + rev = "baf6536d6259209c3edfa2b22237af82942d3dfa"; + sha256 = "09fm7f1k4lvx8v3crqb0cli1x2brlz8ka7f7qa8d2sb6ln58h7w7"; + }; + } + { + goPackagePath = "github.com/opencontainers/runtime-spec"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/runtime-spec"; + rev = "5806c35637336642129d03657419829569abc5aa"; + sha256 = "13vw1b3j9sx7d5fr3w3jdg137nnqcr50fqchq8z8nf6s18lkhj93"; + }; + } + { + goPackagePath = "github.com/opencontainers/runtime-tools"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/runtime-tools"; + rev = "1c243a8a8eb44d491790798afc9b634c6f6a6380"; + sha256 = "1ll5wrbn84yb2l7k6hpwwj06wywib7ar4z1bhh1rc5h9xajng7jq"; + }; + } + { + goPackagePath = "github.com/opencontainers/selinux"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/selinux"; + rev = "ba1aefe8057f1d0cfb8e88d0ec1dc85925ef987d"; + sha256 = "1n283j7rsim7gysm91x99c41d7vnsjsgfm4dy11fnzpkpzfiksq5"; + }; + } + { + goPackagePath = "github.com/pelletier/go-toml"; + fetch = { + type = "git"; + url = "https://github.com/pelletier/go-toml"; + rev = "c01d1270ff3e442a8a57cddc1c92dc1138598194"; + sha256 = "1fjzpcjng60mc3a4b2ql5a00d5gah84wj740dabv9kq67mpg8fxy"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; + fetch = { + type = "git"; + url = "https://github.com/pkg/errors"; + rev = "645ef00459ed84a119197bfb8d8205042c6df63d"; + sha256 = "001i6n71ghp2l6kdl3qq1v2vmghcz3kicv9a5wgcihrzigm75pp5"; + }; + } + { + goPackagePath = "github.com/pquerna/ffjson"; + fetch = { + type = "git"; + url = "https://github.com/pquerna/ffjson"; + rev = "d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac"; + sha256 = "069w276lch2hhkvz26wdla8d4s0cg842bhqmih4sa33dsinlgs8g"; + }; + } + { + goPackagePath = "github.com/prometheus/client_golang"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/client_golang"; + rev = "faf4ec335fe01ae5a6a0eaa34a5a9333bfbd1a30"; + sha256 = "08xgqgx7vc27zc30chgi09lwrnvxr338dn624xnw4ysfm9r6lxrz"; + }; + } + { + goPackagePath = "github.com/prometheus/client_model"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/client_model"; + rev = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c"; + sha256 = "19y4ywsivhpxj7ikf2j0gm9k3cmyw37qcbfi78n526jxcc7kw998"; + }; + } + { + goPackagePath = "github.com/prometheus/common"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/common"; + rev = "7600349dcfe1abd18d72d3a1770870d9800a7801"; + sha256 = "0lsp94dqpj35dny4m4x15kg4wgwawlm3in7cnpajkkacgyxagk5f"; + }; + } + { + goPackagePath = "github.com/prometheus/procfs"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/procfs"; + rev = "7d6f385de8bea29190f15ba9931442a0eaef9af7"; + sha256 = "18cish8yas5r6xhgp8p8n7lg4wh3d4szzirszxra8m7rwy3swxxq"; + }; + } + { + goPackagePath = "github.com/russross/blackfriday"; + fetch = { + type = "git"; + url = "https://github.com/russross/blackfriday"; + rev = "55d61fa8aa702f59229e6cff85793c22e580eaf5"; + sha256 = "0qmavm5d14kj6im6sqzpqnlhpy524428vkn4hnfwknndr9rycmn0"; + }; + } + { + goPackagePath = "github.com/safchain/ethtool"; + fetch = { + type = "git"; + url = "https://github.com/safchain/ethtool"; + rev = "6e3f4faa84e1d8d48afec75ed064cf3611d3f8bf"; + sha256 = "15xjvny8bfhhjvvv654pimxxw5cd02q8skp1siwbfvrlw598j4lm"; + }; + } + { + goPackagePath = "github.com/satori/go.uuid"; + fetch = { + type = "git"; + url = "https://github.com/satori/go.uuid"; + rev = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"; + sha256 = "1j4s5pfg2ldm35y8ls8jah4dya2grfnx2drb4jcbjsyrp4cm5yfb"; + }; + } + { + goPackagePath = "github.com/seccomp/libseccomp-golang"; + fetch = { + type = "git"; + url = "https://github.com/seccomp/libseccomp-golang"; + rev = "e3496e3a417d1dc9ecdceca5af2513271fed37a0"; + sha256 = "0z8v90nk22h8r5licav1a8cbn6k7bs47l0j1crw7bjl9hv1bmr71"; + }; + } + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus"; + rev = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"; + sha256 = "0g5z7al7kky11ai2dhac6gkp3b5pxsvx72yj3xg4wg3265gbn7yz"; + }; + } + { + goPackagePath = "github.com/spf13/cobra"; + fetch = { + type = "git"; + url = "https://github.com/spf13/cobra"; + rev = "1e58aa3361fd650121dceeedc399e7189c05674a"; + sha256 = "1d6dy60dw7i2mcab10yp99wi5w28jzhzzf16w4ys6bna7ymndiin"; + }; + } + { + goPackagePath = "github.com/spf13/pflag"; + fetch = { + type = "git"; + url = "https://github.com/spf13/pflag"; + rev = "583c0c0531f06d5278b7d917446061adc344b5cd"; + sha256 = "0nr4mdpfhhk94hq4ymn5b2sxc47b29p1akxd8b0hx4dvdybmipb5"; + }; + } + { + goPackagePath = "github.com/sylabs/sif"; + fetch = { + type = "git"; + url = "https://github.com/sylabs/sif"; + rev = "177b9338f1ab9123be5b6217740be1f0ce924206"; + sha256 = "1dwpml36n06hglp2km1wsfzdiw1yva6a0h00f1y2933m3i8r3k2w"; + }; + } + { + goPackagePath = "github.com/syndtr/gocapability"; + fetch = { + type = "git"; + url = "https://github.com/syndtr/gocapability"; + rev = "33e07d32887e1e06b7c025f27ce52f62c7990bc0"; + sha256 = "1x88c0b320b13w7samicf19dqx9rr4dnrh3yglk3cba21nwsp57i"; + }; + } + { + goPackagePath = "github.com/vishvananda/netlink"; + fetch = { + type = "git"; + url = "https://github.com/vishvananda/netlink"; + rev = "a2ad57a690f3caf3015351d2d6e1c0b95c349752"; + sha256 = "0hpzghf1a4cwawzhkiwdzin80h6hd09fskl77d5ppgc084yvj8x0"; + }; + } + { + goPackagePath = "github.com/vishvananda/netns"; + fetch = { + type = "git"; + url = "https://github.com/vishvananda/netns"; + rev = "be1fbeda19366dea804f00efff2dd73a1642fdcc"; + sha256 = "0j0xin37zp34ajmhsgfbxr8l7vrljf1lc6z3j3miidlmfwcl2s0m"; + }; + } + { + goPackagePath = "github.com/xeipuuv/gojsonpointer"; + fetch = { + type = "git"; + url = "https://github.com/xeipuuv/gojsonpointer"; + rev = "4e3ac2762d5f479393488629ee9370b50873b3a6"; + sha256 = "13y6iq2nzf9z4ls66bfgnnamj2m3438absmbpqry64bpwjfbsi9q"; + }; + } + { + goPackagePath = "github.com/xeipuuv/gojsonreference"; + fetch = { + type = "git"; + url = "https://github.com/xeipuuv/gojsonreference"; + rev = "bd5ef7bd5415a7ac448318e64f11a24cd21e594b"; + sha256 = "1xby79padc7bmyb8rfbad8wfnfdzpnh51b1n8c0kibch0kwc1db5"; + }; + } + { + goPackagePath = "github.com/xeipuuv/gojsonschema"; + fetch = { + type = "git"; + url = "https://github.com/xeipuuv/gojsonschema"; + rev = "1d523034197ff1f222f6429836dd36a2457a1874"; + sha256 = "1z8c6x8sfh6d1ib2lm2jps7r139qip6h3zik3fxhy1yr1380qbzp"; + }; + } + { + goPackagePath = "go4.org"; + fetch = { + type = "git"; + url = "https://github.com/go4org/go4"; + rev = "9599cf28b011184741f249bd9f9330756b506cbc"; + sha256 = "0hssb6jmpjxvdx2k1zx0l2dbwpx52zxcq5n2bhqivr670r4wdrkq"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://github.com/sylabs/golang-x-crypto"; + rev = "4bce89e8e9a9f84a4cf02b9842c3eaff2af0a856"; + sha256 = "11wi2zd055ym9m36ba007rdg4ghrwaiqxc77qyqc37ln7l7accr9"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "db08ff08e8622530d9ed3a0e8ac279f6d4c02196"; + sha256 = "1f6q8kbijnrfy6wjqxrzgjf38ippckc5w34lhqsjs7kq045aar9a"; + }; + } + { + goPackagePath = "golang.org/x/sys"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sys"; + rev = "6c888cc515d3ed83fc103cf1d84468aad274b0a7"; + sha256 = "18anqrdajp4p015v3f5y641k3lmgp2jr0lfyx0pb3ia0qvn93mrp"; + }; + } + { + goPackagePath = "gopkg.in/cheggaaa/pb.v1"; + fetch = { + type = "git"; + url = "https://github.com/cheggaaa/pb"; + rev = "2af8bbdea9e99e83b3ac400d8f6b6d1b8cbbf338"; + sha256 = "0vxqiw6f3xyv0zy3g4lksf8za0z8i0hvfpw92hqimsy84f79j3dp"; + }; + } + { + goPackagePath = "gopkg.in/yaml.v2"; + fetch = { + type = "git"; + url = "https://github.com/go-yaml/yaml"; + rev = "5420a8b6744d3b0345ab293f6fcba19c978f1183"; + sha256 = "0dwjrs2lp2gdlscs7bsrmyc5yf6mm4fvgw71bzr9mv2qrd2q73s1"; + }; + } +] \ No newline at end of file diff --git a/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix new file mode 100644 index 000000000000..70ae09aa6ef8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix @@ -0,0 +1,32 @@ +{stdenv, fetchurl, pkgconfig, alsaLib, spice-protocol, glib, + libpciaccess, libxcb, libXrandr, libXinerama, libXfixes, dbus, + systemd}: +stdenv.mkDerivation rec { + name = "spice-vdagent-0.18.0"; + src = fetchurl { + url = "https://www.spice-space.org/download/releases/${name}.tar.bz2"; + sha256 = "1bmyvapwj1x0m6y8q0r1df2q37vsnb04qkgnnrfbnzf1qzipxvl0"; + }; + postPatch = '' + substituteInPlace data/spice-vdagent.desktop --replace /usr $out + ''; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ alsaLib spice-protocol glib + libpciaccess libxcb libXrandr libXinerama libXfixes + dbus systemd ] ; + meta = { + description = "Enhanced SPICE integration for linux QEMU guest"; + longDescription = '' + Spice agent for linux guests offering + * Client mouse mode + * Copy and paste + * Automatic adjustment of the X-session resolution + to the client resolution + * Multiple displays + ''; + homepage = https://www.spice-space.org/; + license = stdenv.lib.licenses.gpl3; + maintainers = [ stdenv.lib.maintainers.aboseley ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/tini/default.nix b/nixpkgs/pkgs/applications/virtualization/tini/default.nix new file mode 100644 index 000000000000..25c19cd79c7f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/tini/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, cmake, glibc }: + +stdenv.mkDerivation rec { + version = "0.18.0"; + name = "tini-${version}"; + + src = fetchFromGitHub { + owner = "krallin"; + repo = "tini"; + rev = "v${version}"; + sha256 ="1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; + }; + + patchPhase = "sed -i /tini-static/d CMakeLists.txt"; + + NIX_CFLAGS_COMPILE = [ + "-DPR_SET_CHILD_SUBREAPER=36" + "-DPR_GET_CHILD_SUBREAPER=37" + ]; + + buildInputs = [ cmake glibc glibc.static ]; + + meta = with stdenv.lib; { + description = "A tiny but valid init for containers"; + homepage = https://github.com/krallin/tini; + license = licenses.mit; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/tinyemu/default.nix b/nixpkgs/pkgs/applications/virtualization/tinyemu/default.nix new file mode 100644 index 000000000000..a8f113307251 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/tinyemu/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchurl, openssl, curl, SDL }: + +stdenv.mkDerivation rec { + name = "tinyemu-${version}"; + version = "2018-09-23"; + src = fetchurl { + url = "https://bellard.org/tinyemu/${name}.tar.gz"; + sha256 = "0d6payyqf4lpvmmzvlpq1i8wpbg4sf3h6llsw0xnqdgq3m9dan4v"; + }; + buildInputs = [ openssl curl SDL ]; + makeFlags = [ "DESTDIR=$(out)" "bindir=/bin" ]; + preInstall = '' + mkdir -p "$out/bin" + ''; + meta = { + homepage = https://bellard.org/tinyemu/; + description = "A system emulator for the RISC-V and x86 architectures"; + longDescription = "TinyEMU is a system emulator for the RISC-V and x86 architectures. Its purpose is to be small and simple while being complete."; + license = with stdenv.lib.licenses; [ mit bsd2 ]; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ jhhuh ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-manager/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-manager/default.nix new file mode 100644 index 000000000000..26307f3f38d6 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-manager/default.nix @@ -0,0 +1,71 @@ +{ stdenv, fetchurl, python3Packages, intltool, file +, wrapGAppsHook, gtk-vnc, vte, avahi, dconf +, gobject-introspection, libvirt-glib, system-libvirt +, gsettings-desktop-schemas, glib, libosinfo, gnome3, gtk3 +, spiceSupport ? true, spice-gtk ? null +, cpio, e2fsprogs, findutils, gzip +}: + +with stdenv.lib; + +python3Packages.buildPythonApplication rec { + name = "virt-manager-${version}"; + version = "2.1.0"; + namePrefix = ""; + + src = fetchurl { + url = "http://virt-manager.org/download/sources/virt-manager/${name}.tar.gz"; + sha256 = "1m038kyngmxlgz91c7z8g73lb2wy0ajyah871a3g3wb5cnd0dsil"; + }; + + nativeBuildInputs = [ + wrapGAppsHook intltool file + gobject-introspection # for setup hook populating GI_TYPELIB_PATH + ]; + + buildInputs = + [ libvirt-glib vte dconf gtk-vnc gnome3.adwaita-icon-theme avahi + gsettings-desktop-schemas libosinfo gtk3 + ] ++ optional spiceSupport spice-gtk; + + propagatedBuildInputs = with python3Packages; + [ + pygobject3 ipaddress libvirt libxml2 requests + ]; + + patchPhase = '' + sed -i 's|/usr/share/libvirt/cpu_map.xml|${system-libvirt}/share/libvirt/cpu_map.xml|g' virtinst/capabilities.py + sed -i "/'install_egg_info'/d" setup.py + ''; + + postConfigure = '' + ${python3Packages.python.interpreter} setup.py configure --prefix=$out + ''; + + postInstall = '' + ${glib.dev}/bin/glib-compile-schemas "$out"/share/glib-2.0/schemas + ''; + + preFixup = '' + gappsWrapperArgs+=(--set PYTHONPATH "$PYTHONPATH") + # these are called from virt-install in initrdinject.py + gappsWrapperArgs+=(--prefix PATH : "${makeBinPath [ cpio e2fsprogs file findutils gzip ]}") + ''; + + # Failed tests + doCheck = false; + + meta = with stdenv.lib; { + homepage = http://virt-manager.org; + description = "Desktop user interface for managing virtual machines"; + longDescription = '' + The virt-manager application is a desktop user interface for managing + virtual machines through libvirt. It primarily targets KVM VMs, but also + manages Xen and LXC (linux containers). + ''; + license = licenses.gpl2; + # exclude Darwin since libvirt-glib currently doesn't build there + platforms = platforms.linux; + maintainers = with maintainers; [ qknight offline fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix b/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix new file mode 100644 index 000000000000..c1dbad94250a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix @@ -0,0 +1,43 @@ +{ mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig +, qtbase, qtmultimedia, qtsvg, qttools, krdc +, libvncserver, libvirt, pcre, pixman, qtermwidget, spice-gtk, spice-protocol +, libselinux, libsepol, utillinux +}: + +mkDerivation rec { + name = "virt-manager-qt-${version}"; + version = "0.70.91"; + + src = fetchFromGitHub { + owner = "F1ash"; + repo = "qt-virt-manager"; + rev = "${version}"; + sha256 = "1z2kq88lljvr24z1kizvg3h7ckf545h4kjhhrjggkr0w4wjjwr43"; + }; + + cmakeFlags = [ + "-DBUILD_QT_VERSION=5" + "-DQTERMWIDGET_INCLUDE_DIRS=${qtermwidget}/include/qtermwidget5" + ]; + + buildInputs = [ + qtbase qtmultimedia qtsvg krdc + libvirt libvncserver pcre pixman qtermwidget spice-gtk spice-protocol + libselinux libsepol utillinux + ]; + + nativeBuildInputs = [ cmake pkgconfig qttools ]; + + meta = with lib; { + homepage = https://f1ash.github.io/qt-virt-manager; + description = "Desktop user interface for managing virtual machines (QT)"; + longDescription = '' + The virt-manager application is a desktop user interface for managing + virtual machines through libvirt. It primarily targets KVM VMs, but also + manages Xen and LXC (linux containers). + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ peterhoeg ]; + inherit (qtbase.meta) platforms; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix new file mode 100644 index 000000000000..493307d0d078 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchgit, ocamlPackages, autoreconfHook }: + +stdenv.mkDerivation rec { + name = "virt-top-${version}"; + version = "2017-11-18-unstable"; + + src = fetchgit { + url = git://git.annexia.org/git/virt-top.git; + rev = "18a751d8c26548bb090ff05e30ccda3092e3373b"; + sha256 = "0c4whjvw7p3yvd476i4ppdhi8j821r5y6caqrj2v9dc181cnp01i"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = with ocamlPackages; [ ocaml findlib ocaml_extlib ocaml_libvirt ocaml_gettext curses csv xml-light ]; + + buildPhase = "make opt"; + + meta = with stdenv.lib; { + description = "A top-like utility for showing stats of virtualized domains"; + homepage = https://people.redhat.com/~rjones/virt-top/; + license = licenses.gpl2; + maintainers = [ maintainers.volth ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-viewer/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-viewer/default.nix new file mode 100644 index 000000000000..746c45beccfa --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-viewer/default.nix @@ -0,0 +1,50 @@ +{ stdenv, fetchurl, pkgconfig, intltool, glib, libxml2, gtk3, gtk-vnc, gmp +, libgcrypt, gnupg, cyrus_sasl, shared-mime-info, libvirt, yajl, xen +, gsettings-desktop-schemas, wrapGAppsHook, libvirt-glib, libcap_ng, numactl +, libapparmor, gst_all_1 +, spiceSupport ? true +, spice-gtk ? null, spice-protocol ? null, libcap ? null, gdbm ? null +}: + +assert spiceSupport -> + spice-gtk != null && spice-protocol != null && libcap != null && gdbm != null; + +with stdenv.lib; + +stdenv.mkDerivation rec { + baseName = "virt-viewer"; + version = "7.0"; + name = "${baseName}-${version}"; + + src = fetchurl { + url = "http://virt-manager.org/download/sources/${baseName}/${name}.tar.gz"; + sha256 = "00y9vi69sja4pkrfnvrkwsscm41bqrjzvp8aijb20pvg6ymczhj7"; + }; + + nativeBuildInputs = [ pkgconfig intltool wrapGAppsHook ]; + buildInputs = [ + glib libxml2 gtk3 gtk-vnc gmp libgcrypt gnupg cyrus_sasl shared-mime-info + libvirt yajl gsettings-desktop-schemas libvirt-glib + libcap_ng numactl libapparmor + ] ++ optionals stdenv.isx86_64 [ + xen + ] ++ optionals spiceSupport [ + spice-gtk spice-protocol libcap gdbm + gst_all_1.gst-plugins-base gst_all_1.gst-plugins-good + ]; + + # Required for USB redirection PolicyKit rules file + propagatedUserEnvPkgs = optional spiceSupport spice-gtk; + + meta = { + description = "A viewer for remote virtual machines"; + maintainers = [ maintainers.raskin ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; + passthru = { + updateInfo = { + downloadPage = "http://virt-manager.org/download.html"; + }; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-what/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-what/default.nix new file mode 100644 index 000000000000..8a339ac83224 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-what/default.nix @@ -0,0 +1,19 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + name = "virt-what-${version}"; + version = "1.19"; + + src = fetchurl { + url = "https://people.redhat.com/~rjones/virt-what/files/${name}.tar.gz"; + sha256 = "00nhwly5q0ps8yv9cy3c2qp8lfshf3s0kdpwiy5zwk3g77z96rwk"; + }; + + meta = with lib; { + description = "Detect if running in a virtual machine and prints its type"; + homepage = "https://people.redhat.com/~rjones/virt-what/"; + maintainers = with maintainers; [ fpletz ]; + license = licenses.gpl2Plus; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtinst/default.nix b/nixpkgs/pkgs/applications/virtualization/virtinst/default.nix new file mode 100644 index 000000000000..8222fb50a8f9 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtinst/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, python2Packages, intltool, libxml2Python }: + +with stdenv.lib; + +let version = "0.600.4"; in + +stdenv.mkDerivation rec { + name = "virtinst-${version}"; + + src = fetchurl { + url = "http://virt-manager.org/download/sources/virtinst/virtinst-${version}.tar.gz"; + sha256 = "175laiy49dni8hzi0cn14bbsdsigvgr9h6d9z2bcvbpa29spldvf"; + }; + + pythonPath = with python2Packages; + [ setuptools eventlet greenlet gflags netaddr carrot routes + PasteDeploy m2crypto ipy twisted + distutils_extra simplejson cheetah lockfile httplib2 + # !!! should libvirt be a build-time dependency? Note that + # libxml2Python is a dependency of libvirt.py. + libvirt libxml2Python urlgrabber + ]; + + buildInputs = + [ python2Packages.python + python2Packages.wrapPython + python2Packages.mox + intltool + ] ++ pythonPath; + + buildPhase = "python setup.py build"; + + installPhase = + '' + python setup.py install --prefix="$out"; + wrapPythonPrograms + ''; + + meta = { + homepage = http://virt-manager.org; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = with stdenv.lib.maintainers; [qknight]; + description = "Command line tool which provides an easy way to provision operating systems into virtual machines"; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix b/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix new file mode 100644 index 000000000000..bd148733bc58 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix @@ -0,0 +1,197 @@ +{ config, stdenv, fetchurl, lib, fetchpatch, iasl, dev86, pam, libxslt, libxml2 +, libX11, xorgproto, libXext, libXcursor, libXmu, qt5, libIDL, SDL, libcap +, libpng, glib, lvm2, libXrandr, libXinerama, libopus +, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43 +, alsaLib, curl, libvpx, nettools, dbus +, makeself, perl +, javaBindings ? false, jdk ? null +, pythonBindings ? false, python2 ? null +, extensionPack ? null, fakeroot ? null +, pulseSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio ? null +, enableHardening ? false +, headless ? false +, enable32bitGuests ? true +, patchelfUnstable # needed until 0.10 is released +}: + +with stdenv.lib; + +let + python = python2; + buildType = "release"; + # Remember to change the extpackRev and version in extpack.nix and + # guest-additions/default.nix as well. + main = "0rylf1g0vmv0q19iyvyq4dj5h9yvyqqnmmqaqrx93qrv8s1ybssd"; + version = "5.2.26"; +in stdenv.mkDerivation { + name = "virtualbox-${version}"; + + src = fetchurl { + url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; + sha256 = main; + }; + + outputs = [ "out" "modsrc" ]; + + nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ]; + + buildInputs = + [ iasl dev86 libxslt libxml2 xorgproto libX11 libXext libXcursor libIDL + libcap glib lvm2 alsaLib curl libvpx pam makeself perl + libXmu libpng libopus python ] + ++ optional javaBindings jdk + ++ optional pythonBindings python # Python is needed even when not building bindings + ++ optional pulseSupport libpulseaudio + ++ optionals (headless) [ libXrandr ] + ++ optionals (!headless) [ qt5.qtbase qt5.qtx11extras libXinerama SDL ]; + + hardeningDisable = [ "format" "fortify" "pic" "stackprotector" ]; + + prePatch = '' + set -x + sed -e 's@MKISOFS --version@MKISOFS -version@' \ + -e 's@PYTHONDIR=.*@PYTHONDIR=${if pythonBindings then python else ""}@' \ + -e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++11 \1"@' \ + ${optionalString (!headless) '' + -e 's@TOOLQT5BIN=.*@TOOLQT5BIN="${getDev qt5.qtbase}/bin"@' \ + ''} -i configure + ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux.so.2 + ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux-x86-64.so.2 + + grep 'libpulse\.so\.0' src include -rI --files-with-match | xargs sed -i -e ' + ${optionalString pulseSupport + ''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}' + + grep 'libdbus-1\.so\.3' src include -rI --files-with-match | xargs sed -i -e ' + s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g' + + grep 'libasound\.so\.2' src include -rI --files-with-match | xargs sed -i -e ' + s@"libasound\.so\.2"@"${alsaLib.out}/lib/libasound.so.2"@g' + + export USER=nix + set +x + ''; + + patches = + optional enableHardening ./hardened.patch + ++ [ + ./qtx11extras.patch + (fetchpatch { + name = "010-qt-5.11.patch"; + url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/010-qt-5.11.patch?h=packages/virtualbox"; + sha256 = "0hjx99pg40wqyggnrpylrp5zngva4xrnk7r90i0ynrqc7n84g9pn"; + }) + ]; + + postPatch = '' + sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \ + src/VBox/HostDrivers/adpctl/VBoxNetAdpCtl.cpp + ''; + + # first line: ugly hack, and it isn't yet clear why it's a problem + configurePhase = '' + NIX_CFLAGS_COMPILE=$(echo "$NIX_CFLAGS_COMPILE" | sed 's,\-isystem ${lib.getDev stdenv.cc.libc}/include,,g') + + cat >> LocalConfig.kmk <<LOCAL_CONFIG + VBOX_WITH_TESTCASES := + VBOX_WITH_TESTSUITE := + VBOX_WITH_VALIDATIONKIT := + VBOX_WITH_DOCS := + VBOX_WITH_WARNINGS_AS_ERRORS := + + VBOX_WITH_ORIGIN := + VBOX_PATH_APP_PRIVATE_ARCH_TOP := $out/share/virtualbox + VBOX_PATH_APP_PRIVATE_ARCH := $out/libexec/virtualbox + VBOX_PATH_SHARED_LIBS := $out/libexec/virtualbox + VBOX_WITH_RUNPATH := $out/libexec/virtualbox + VBOX_PATH_APP_PRIVATE := $out/share/virtualbox + VBOX_PATH_APP_DOCS := $out/doc + ${optionalString javaBindings '' + VBOX_JAVA_HOME := ${jdk} + ''} + ${optionalString (!headless) '' + PATH_QT5_X11_EXTRAS_LIB := ${getLib qt5.qtx11extras}/lib + PATH_QT5_X11_EXTRAS_INC := ${getDev qt5.qtx11extras}/include + TOOL_QT5_LRC := ${getDev qt5.qttools}/bin/lrelease + ''} + LOCAL_CONFIG + + ./configure \ + ${optionalString headless "--build-headless"} \ + ${optionalString (!javaBindings) "--disable-java"} \ + ${optionalString (!pythonBindings) "--disable-python"} \ + ${optionalString (!pulseSupport) "--disable-pulse"} \ + ${optionalString (!enableHardening) "--disable-hardening"} \ + ${optionalString (!enable32bitGuests) "--disable-vmmraw"} \ + --disable-kmods + sed -e 's@PKG_CONFIG_PATH=.*@PKG_CONFIG_PATH=${libIDL}/lib/pkgconfig:${glib.dev}/lib/pkgconfig ${libIDL}/bin/libIDL-config-2@' \ + -i AutoConfig.kmk + sed -e 's@arch/x86/@@' \ + -i Config.kmk + substituteInPlace Config.kmk --replace "VBOX_WITH_TESTCASES = 1" "#" + ''; + + enableParallelBuilding = true; + + buildPhase = '' + source env.sh + kmk -j $NIX_BUILD_CORES BUILD_TYPE="${buildType}" + ''; + + installPhase = '' + libexec="$out/libexec/virtualbox" + share="${if enableHardening then "$out/share/virtualbox" else "$libexec"}" + + # Install VirtualBox files + mkdir -p "$libexec" + find out/linux.*/${buildType}/bin -mindepth 1 -maxdepth 1 \ + -name src -o -exec cp -avt "$libexec" {} + + + mkdir -p $out/bin + for file in ${optionalString (!headless) "VirtualBox VBoxSDL rdesktop-vrdp"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do + echo "Linking $file to /bin" + test -x "$libexec/$file" + ln -s "$libexec/$file" $out/bin/$file + done + + ${optionalString (extensionPack != null) '' + mkdir -p "$share" + "${fakeroot}/bin/fakeroot" "${stdenv.shell}" <<EXTHELPER + "$libexec/VBoxExtPackHelperApp" install \ + --base-dir "$share/ExtensionPacks" \ + --cert-dir "$share/ExtPackCertificates" \ + --name "Oracle VM VirtualBox Extension Pack" \ + --tarball "${extensionPack}" \ + --sha-256 "${extensionPack.outputHash}" + EXTHELPER + ''} + + ${optionalString (!headless) '' + # Create and fix desktop item + mkdir -p $out/share/applications + sed -i -e "s|Icon=VBox|Icon=$libexec/VBox.png|" $libexec/virtualbox.desktop + ln -sfv $libexec/virtualbox.desktop $out/share/applications + # Icons + mkdir -p $out/share/icons/hicolor + for size in `ls -1 $libexec/icons`; do + mkdir -p $out/share/icons/hicolor/$size/apps + ln -s $libexec/icons/$size/*.png $out/share/icons/hicolor/$size/apps + done + ''} + + cp -rv out/linux.*/${buildType}/bin/src "$modsrc" + ''; + + passthru = { + inherit version; # for guest additions + inherit extensionPack; # for inclusion in profile to prevent gc + }; + + meta = { + description = "PC emulator"; + license = licenses.gpl2; + homepage = https://www.virtualbox.org/; + maintainers = with maintainers; [ flokli sander ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix b/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix new file mode 100644 index 000000000000..96b4c7a8fbbd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -0,0 +1,23 @@ +{stdenv, fetchurl, lib}: + +with lib; + +let version = "5.2.26"; +in +fetchurl rec { + name = "Oracle_VM_VirtualBox_Extension_Pack-${version}.vbox-extpack"; + url = "https://download.virtualbox.org/virtualbox/${version}/${name}"; + sha256 = + # Manually sha256sum the extensionPack file, must be hex! + # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. + let value = "4b7caa9b722840d49f154c3e5efb6463b1b7129f09973a25813dfdbccd9debb7"; + in assert (builtins.stringLength value) == 64; value; + + meta = { + description = "Oracle Extension pack for VirtualBox"; + license = licenses.virtualbox-puel; + homepage = https://www.virtualbox.org/; + maintainers = with maintainers; [ flokli sander cdepillabout ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix new file mode 100644 index 000000000000..ccfedd1b2e1d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -0,0 +1,161 @@ +{ stdenv, fetchurl, lib, patchelf, cdrkit, kernel, which, makeWrapper +, xorg, dbus, virtualbox }: + +let + version = virtualbox.version; + xserverVListFunc = builtins.elemAt (stdenv.lib.splitString "." xorg.xorgserver.version); + + # Forced to 1.18 in <nixpkgs/nixos/modules/services/x11/xserver.nix> + # as it even fails to build otherwise. Still, override this even here, + # in case someone does just a standalone build + # (not via videoDrivers = ["vboxvideo"]). + # It's likely to work again in some future update. + xserverABI = let abi = xserverVListFunc 0 + xserverVListFunc 1; + in if abi == "119" || abi == "120" then "118" else abi; +in + +stdenv.mkDerivation { + name = "VirtualBox-GuestAdditions-${version}-${kernel.version}"; + + src = fetchurl { + url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; + sha256 = "0f3w9wjd5aj2khzqh37vdg86wqbbx4gx9aidaai9syn9sk8ca9xr"; + }; + + KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include"; + + patchFlags = [ "-p1" "-d" "install/src/vboxguest-${version}" ]; + + patches = [ + ./fix_kerndir.patch + ./fix_kernincl.patch + ]; + + hardeningDisable = [ "pic" ]; + + NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration"; + + nativeBuildInputs = [ patchelf makeWrapper ]; + buildInputs = [ cdrkit dbus ] ++ kernel.moduleBuildDependencies; + + installPhase = '' + mkdir -p $out + cp -r install/* $out + ''; + + buildCommand = with xorg; '' + ${if stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux" then '' + isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run + chmod 755 ./VBoxLinuxAdditions.run + ./VBoxLinuxAdditions.run --noexec --keep + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + + # Unpack files + cd install + ${if stdenv.hostPlatform.system == "i686-linux" then '' + tar xfvj VBoxGuestAdditions-x86.tar.bz2 + '' + else if stdenv.hostPlatform.system == "x86_64-linux" then '' + tar xfvj VBoxGuestAdditions-amd64.tar.bz2 + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + + cd ../ + patchPhase + cd install/src + + # Build kernel modules + export INSTALL_MOD_PATH=$out + + find . -type f | xargs sed 's/depmod -a/true/' -i + + cd vboxguest-${version} + + make + + cd ../.. + + # Change the interpreter for various binaries + for i in sbin/VBoxService bin/{VBoxClient,VBoxControl} other/mount.vboxsf + do + ${if stdenv.hostPlatform.system == "i686-linux" then '' + patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux.so.2 $i + '' + else if stdenv.hostPlatform.system == "x86_64-linux" then '' + patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux-x86-64.so.2 $i + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + patchelf --set-rpath ${lib.makeLibraryPath [ stdenv.cc.cc dbus libX11 libXt libXext libXmu libXfixes libXrandr libXcursor ]} $i + done + + for i in lib/VBoxOGL*.so + do + patchelf --set-rpath ${lib.makeLibraryPath [ "$out" dbus libXcomposite libXdamage libXext libXfixes ]} $i + done + + # FIXME: Virtualbox 4.3.22 moved VBoxClient-all (required by Guest Additions + # NixOS module) to 98vboxadd-xclient. For now, just work around it: + mv other/98vboxadd-xclient bin/VBoxClient-all + + # Remove references to /usr from various scripts and files + sed -i -e "s|/usr/bin|$out/bin|" other/vboxclient.desktop + sed -i -e "s|/usr/bin|$out/bin|" bin/VBoxClient-all + + # Install binaries + install -D -m 755 other/mount.vboxsf $out/bin/mount.vboxsf + install -D -m 755 sbin/VBoxService $out/bin/VBoxService + + mkdir -p $out/bin + install -m 755 bin/VBoxClient $out/bin + install -m 755 bin/VBoxControl $out/bin + install -m 755 bin/VBoxClient-all $out/bin + + wrapProgram $out/bin/VBoxClient-all \ + --prefix PATH : "${which}/bin" + + # Install OpenGL libraries + mkdir -p $out/lib + cp -v lib/VBoxOGL*.so $out/lib + mkdir -p $out/lib/dri + ln -s $out/lib/VBoxOGL.so $out/lib/dri/vboxvideo_dri.so + + # Install desktop file + mkdir -p $out/share/autostart + cp -v other/vboxclient.desktop $out/share/autostart + + # Install Xorg drivers + mkdir -p $out/lib/xorg/modules/{drivers,input} + install -m 644 other/vboxvideo_drv_${xserverABI}.so $out/lib/xorg/modules/drivers/vboxvideo_drv.so + + # Install kernel modules + cd src + + for i in * + do + cd $i + kernelVersion=$(cd ${kernel.dev}/lib/modules; ls) + export MODULE_DIR=$out/lib/modules/$kernelVersion/misc + find . -type f | xargs sed -i -e "s|-o root||g" \ + -e "s|-g root||g" + make install + cd .. + done + ''; # */ + + meta = { + description = "Guest additions for VirtualBox"; + longDescription = '' + Various add-ons which makes NixOS work better as guest OS inside VirtualBox. + This add-on provides support for dynamic resizing of the X Display, shared + host/guest clipboard support and guest OpenGL support. + ''; + license = "GPL"; + maintainers = [ lib.maintainers.sander ]; + platforms = lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/fix_kerndir.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/fix_kerndir.patch new file mode 100644 index 000000000000..0be949f63c92 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/fix_kerndir.patch @@ -0,0 +1,38 @@ +diff --git a/vboxsf/Makefile.include.header b/vboxsf/Makefile.include.header +index 8df1eb4d25..5a3e5604e7 100644 +--- a/vboxsf/Makefile.include.header ++++ b/vboxsf/Makefile.include.header +@@ -117,7 +117,6 @@ else # neq($(KERNELRELEASE),) + endif # neq($(KERNELRELEASE),) + + # Kernel build folder +-KERN_DIR := /lib/modules/$(KERN_VER)/build + ifneq ($(shell if test -d $(KERN_DIR); then echo yes; fi),yes) + $(error Error: unable to find the headers of the Linux kernel to build against. \ + Specify KERN_VER=<version> and run Make again) + +diff --git a/vboxguest/Makefile.include.header b/vboxguest/Makefile.include.header +index 8df1eb4d25..5a3e5604e7 100644 +--- a/vboxguest/Makefile.include.header ++++ b/vboxguest/Makefile.include.header +@@ -117,7 +117,6 @@ else # neq($(KERNELRELEASE),) + endif # neq($(KERNELRELEASE),) + + # Kernel build folder +-KERN_DIR := /lib/modules/$(KERN_VER)/build + ifneq ($(shell if test -d $(KERN_DIR); then echo yes; fi),yes) + $(error Error: unable to find the headers of the Linux kernel to build against. \ + Specify KERN_VER=<version> and run Make again) + +diff --git a/vboxvideo/Makefile.include.header b/vboxvideo/Makefile.include.header +index 8df1eb4d25..5a3e5604e7 100644 +--- a/vboxvideo/Makefile.include.header ++++ b/vboxvideo/Makefile.include.header +@@ -117,7 +117,6 @@ else # neq($(KERNELRELEASE),) + endif # neq($(KERNELRELEASE),) + + # Kernel build folder +-KERN_DIR := /lib/modules/$(KERN_VER)/build + ifneq ($(shell if test -d $(KERN_DIR); then echo yes; fi),yes) + $(error Error: unable to find the headers of the Linux kernel to build against. \ + Specify KERN_VER=<version> and run Make again) diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/fix_kernincl.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/fix_kernincl.patch new file mode 100644 index 000000000000..e59e2e98c1b3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/fix_kernincl.patch @@ -0,0 +1,12 @@ +diff --git a/vboxvideo/Makefile.include.header b/vboxvideo/Makefile.include.header +index 8df1eb4d25..5a3e5604e7 100644 +--- a/vboxvideo/Makefile.include.header ++++ b/vboxvideo/Makefile.include.header +@@ -122,7 +122,6 @@ ifneq ($(shell if test -d $(KERN_DIR); then echo yes; fi),yes) + Specify KERN_VER=<version> and run Make again) + endif + # Kernel include folder +-KERN_INCL := $(KERN_DIR)/include + # module install folder + INSTALL_MOD_DIR ?= misc + MODULE_DIR := $(INSTALL_MOD_PATH)/lib/modules/$(KERN_VER)/$(INSTALL_MOD_DIR) diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch new file mode 100644 index 000000000000..398100f3f398 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch @@ -0,0 +1,182 @@ +diff --git a/include/iprt/mangling.h b/include/iprt/mangling.h +index c1daa8f..8618371 100644 +--- a/include/iprt/mangling.h ++++ b/include/iprt/mangling.h +@@ -1440,6 +1440,7 @@ + # define RTPathStripSuffix RT_MANGLER(RTPathStripSuffix) + # define RTPathStripFilename RT_MANGLER(RTPathStripFilename) + # define RTPathStripTrailingSlash RT_MANGLER(RTPathStripTrailingSlash) ++# define RTPathSuidDir RT_MANGLER(RTPathSuidDir) + # define RTPathTemp RT_MANGLER(RTPathTemp) + # define RTPathTraverseList RT_MANGLER(RTPathTraverseList) + # define RTPathUnlink RT_MANGLER(RTPathUnlink) +@@ -1478,6 +1479,7 @@ + # define RTProcGetAffinityMask RT_MANGLER(RTProcGetAffinityMask) + # define RTProcGetExecutablePath RT_MANGLER(RTProcGetExecutablePath) + # define RTProcGetPriority RT_MANGLER(RTProcGetPriority) ++# define RTProcGetSuidPath RT_MANGLER(RTProcGetSuidPath) + # define RTProcIsRunningByName RT_MANGLER(RTProcIsRunningByName) + # define RTProcQueryParent RT_MANGLER(RTProcQueryParent) + # define RTProcQueryUsername RT_MANGLER(RTProcQueryUsername) +diff --git a/include/iprt/path.h b/include/iprt/path.h +index 8bd42bc..2c23d3e 100644 +--- a/include/iprt/path.h ++++ b/include/iprt/path.h +@@ -1064,6 +1064,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, + RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath); + + /** ++ * Gets the path to the NixOS setuid wrappers directory. ++ * ++ * @returns iprt status code. ++ * @param pszPath Buffer where to store the path. ++ * @param cchPath Buffer size in bytes. ++ */ ++RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath); ++ ++/** + * Gets the user home directory. + * + * @returns iprt status code. +diff --git a/include/iprt/process.h b/include/iprt/process.h +index 043653e..1070280 100644 +--- a/include/iprt/process.h ++++ b/include/iprt/process.h +@@ -327,6 +327,16 @@ RTR3DECL(const char *) RTProcShortName(void); + RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath); + + /** ++ * Gets the path to the NixOS setuid wrappers directory. ++ * ++ * @returns pszExecPath on success. NULL on buffer overflow or other errors. ++ * ++ * @param pszExecPath Where to store the path. ++ * @param cbExecPath The size of the buffer. ++ */ ++RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath); ++ ++/** + * Daemonize the current process, making it a background process. + * + * The way this work is that it will spawn a detached / backgrounded / +diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +index ce0f288..6193108 100644 +--- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp ++++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +@@ -1502,9 +1502,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo + bool fBad = !fRelaxed || pFsObjState->Stat.st_gid != 2 /*bin*/ || suplibHardenedStrCmp(pszPath, "/usr/lib/iconv"); + # else + NOREF(fRelaxed); +- bool fBad = true; ++ bool fBad = !(fDir && pFsObjState->Stat.st_mode & S_ISVTX && !suplibHardenedStrCmp(pszPath, "/nix/store")); + # endif +- if (fBad) ++ if (fBad && suplibHardenedStrCmp(pszPath, "/nix/store")) + return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo, + "An unknown (and thus untrusted) group has write access to '", pszPath, + "' and we therefore cannot trust the directory content or that of any subdirectory"); +diff --git a/src/VBox/Main/src-server/MachineImpl.cpp b/src/VBox/Main/src-server/MachineImpl.cpp +index 320c569..9bfe41f 100644 +--- a/src/VBox/Main/src-server/MachineImpl.cpp ++++ b/src/VBox/Main/src-server/MachineImpl.cpp +@@ -7543,7 +7543,7 @@ HRESULT Machine::i_launchVMProcess(IInternalSessionControl *aControl, + + /* get the path to the executable */ + char szPath[RTPATH_MAX]; +- RTPathAppPrivateArch(szPath, sizeof(szPath) - 1); ++ RTStrCopy(szPath, sizeof(szPath) - 1, "/run/wrappers/bin"); + size_t cchBufLeft = strlen(szPath); + szPath[cchBufLeft++] = RTPATH_DELIMITER; + szPath[cchBufLeft] = 0; +diff --git a/src/VBox/Main/src-server/NetworkServiceRunner.cpp b/src/VBox/Main/src-server/NetworkServiceRunner.cpp +index 1e38d99..5e43dda 100644 +--- a/src/VBox/Main/src-server/NetworkServiceRunner.cpp ++++ b/src/VBox/Main/src-server/NetworkServiceRunner.cpp +@@ -85,7 +85,7 @@ int NetworkServiceRunner::start(bool aKillProcOnStop) + + /* get the path to the executable */ + char exePathBuf[RTPATH_MAX]; +- const char *exePath = RTProcGetExecutablePath(exePathBuf, RTPATH_MAX); ++ const char *exePath = RTProcGetSuidPath(exePathBuf, RTPATH_MAX); + char *substrSl = strrchr(exePathBuf, '/'); + char *substrBs = strrchr(exePathBuf, '\\'); + char *suffix = substrSl ? substrSl : substrBs; +diff --git a/src/VBox/Main/src-server/generic/NetIf-generic.cpp b/src/VBox/Main/src-server/generic/NetIf-generic.cpp +index 98dc91a..43a819f 100644 +--- a/src/VBox/Main/src-server/generic/NetIf-generic.cpp ++++ b/src/VBox/Main/src-server/generic/NetIf-generic.cpp +@@ -47,7 +47,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char + const char *args[] = { NULL, pcszIfName, pszAddr, pszOption, pszMask, NULL }; + + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); + if (RT_FAILURE(rc)) + { + LogRel(("NetIfAdpCtl: failed to get program path, rc=%Rrc.\n", rc)); +@@ -89,7 +89,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch + int NetIfAdpCtlOut(const char * pcszName, const char * pcszCmd, char *pszBuffer, size_t cBufSize) + { + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); + if (RT_FAILURE(rc)) + { + LogRel(("NetIfAdpCtlOut: Failed to get program path, rc=%Rrc\n", rc)); +@@ -201,7 +201,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox, + progress.queryInterfaceTo(aProgress); + + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add")); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add")); + if (RT_FAILURE(rc)) + { + progress->i_notifyComplete(E_FAIL, +diff --git a/src/VBox/Runtime/r3/path.cpp b/src/VBox/Runtime/r3/path.cpp +index 944848e..744a261 100644 +--- a/src/VBox/Runtime/r3/path.cpp ++++ b/src/VBox/Runtime/r3/path.cpp +@@ -81,6 +81,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath) + } + + ++RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath) ++{ ++ return RTStrCopy(pszPath, cchPath, "/run/wrappers/bin"); ++} ++ ++ + RTDECL(int) RTPathAppPrivateNoArch(char *pszPath, size_t cchPath) + { + #if !defined(RT_OS_WINDOWS) && defined(RTPATH_APP_PRIVATE) +diff --git a/src/VBox/Runtime/r3/process.cpp b/src/VBox/Runtime/r3/process.cpp +index 2aab645..9795f21 100644 +--- a/src/VBox/Runtime/r3/process.cpp ++++ b/src/VBox/Runtime/r3/process.cpp +@@ -111,6 +111,26 @@ RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath) + return NULL; + } + ++/* ++ * Note the / at the end! This is important, because the functions using this ++ * will cut off everything after the rightmost / as this function is analogous ++ * to RTProcGetExecutablePath(). ++ */ ++#define SUIDDIR "/run/wrappers/bin/" ++ ++RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath) ++{ ++ if (cbExecPath >= sizeof(SUIDDIR)) ++ { ++ memcpy(pszExecPath, SUIDDIR, sizeof(SUIDDIR)); ++ pszExecPath[sizeof(SUIDDIR)] = '\0'; ++ return pszExecPath; ++ } ++ ++ AssertMsgFailed(("Buffer too small (%zu <= %zu)\n", cbExecPath, sizeof(SUIDDIR))); ++ return NULL; ++} ++ + + RTR3DECL(const char *) RTProcShortName(void) + { diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch new file mode 100644 index 000000000000..6ed74e3e23ed --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch @@ -0,0 +1,31 @@ +diff --git a/kBuild/units/qt5.kmk b/kBuild/units/qt5.kmk +index 71b96a3..73391f0 100644 +--- a/kBuild/units/qt5.kmk ++++ b/kBuild/units/qt5.kmk +@@ -1019,9 +1019,10 @@ else + $(eval $(target)_LIBS += $(PATH_SDK_QT5_LIB)/$(qt_prefix)qtmain$(qt_infix)$(SUFF_LIB) ) + endif + else +- $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT5_LIB)/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) ++ $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT5_LIB)/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) \ ++ $(PATH_QT5_X11_EXTRAS_LIB)/lib$(qt_prefix)Qt5X11Extras$(qt_infix)$(SUFF_DLL)) + endif +- $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) ) ++ $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) $(PATH_QT5_X11_EXTRAS_INC)/QtX11Extras ) + endif + $(eval $(target)_DEFS += $(foreach module,$(toupper $(qt_modules)), QT_$(module)_LIB) ) + +diff --git a/src/VBox/Frontends/VirtualBox/Makefile.kmk b/src/VBox/Frontends/VirtualBox/Makefile.kmk +index 3295bfefe7..796370623c 100644 +--- a/src/VBox/Frontends/VirtualBox/Makefile.kmk ++++ b/src/VBox/Frontends/VirtualBox/Makefile.kmk +@@ -916,9 +916,6 @@ endif + # The Qt modules we're using. + # (The include directory and lib/framework for each module will be added by the Qt unit.) + VirtualBox_QT_MODULES = Core Gui Widgets PrintSupport +-VirtualBox_QT_MODULES.linux += X11Extras +-VirtualBox_QT_MODULES.solaris += X11Extras +-VirtualBox_QT_MODULES.freebsd += X11Extras + VirtualBox_QT_MODULES.darwin += MacExtras + VirtualBox_QT_MODULES.win += WinExtras + if defined(VBOX_WITH_VIDEOHWACCEL) || defined(VBOX_GUI_USE_QGL) diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/update.py b/nixpkgs/pkgs/applications/virtualization/virtualbox/update.py new file mode 100755 index 000000000000..6e8bfd5c8250 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/update.py @@ -0,0 +1,85 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i python3 -p python3 + +import os +import re +import json +import urllib.request + +from distutils.version import LooseVersion + +UPSTREAM_INFO_FILE = os.path.join( + os.path.dirname(os.path.abspath(__file__)), + "upstream-info.json" +) + + +def fetch_latest_version(): + url = "http://download.virtualbox.org/virtualbox/LATEST.TXT" + return urllib.request.urlopen(url).read().strip().decode() + + +def load_upstream_info(): + try: + with open(UPSTREAM_INFO_FILE, 'r') as fp: + return json.load(fp) + except FileNotFoundError: + return {'version': "0"} + + +def save_upstream_info(contents): + remark = "Generated using update.py from the same directory." + contents['__NOTE'] = remark + data = json.dumps(contents, indent=2, sort_keys=True) + with open(UPSTREAM_INFO_FILE, 'w') as fp: + fp.write(data + "\n") + + +def fetch_file_table(version): + url = "http://download.virtualbox.org/virtualbox/{}/SHA256SUMS" + url = url.format(version) + result = {} + for line in urllib.request.urlopen(url): + sha, name = line.rstrip().split() + result[name.lstrip(b'*').decode()] = sha.decode() + return result + + +def update_to_version(version): + extpack_start = 'Oracle_VM_VirtualBox_Extension_Pack-' + version_re = version.replace('.', '\\.') + attribute_map = { + 'extpack': r'^' + extpack_start + r'[^-]+-[^.]+.vbox-extpack$', + 'extpackRev': r'^' + extpack_start + r'[^-]+-([^.]+).vbox-extpack$', + 'main': r'^VirtualBox-' + version_re + r'.tar.bz2$', + 'guest': r'^VBoxGuestAdditions_' + version_re + r'.iso$', + } + table = fetch_file_table(version) + new_attrs = {'version': version} + for attr, searchexpr in attribute_map.items(): + result = [re.search(searchexpr, key) for key in table.keys()] + filtered = filter(lambda m: m is not None, result) + found = [m.groups()[0] if len(m.groups()) > 0 else table[m.group(0)] + for m in filtered if m is not None] + + if len(found) == 0: + msg = "No package found for attribute {}".format(attr) + raise AssertionError(msg) + elif len(found) != 1: + msg = "More than one package found for attribute {}: ".format(attr) + msg += ', '.join(found) + raise AssertionError(msg) + else: + new_attrs[attr] = found[0] + return new_attrs + + +info = load_upstream_info() +latest = fetch_latest_version() +if LooseVersion(info['version']) < LooseVersion(latest): + print("Updating to version {}...".format(latest), end="", flush=True) + new_attrs = update_to_version(latest) + save_upstream_info(new_attrs) + print(" done.") +else: + print("Version {} is already the latest one.".format(info['version'])) diff --git a/nixpkgs/pkgs/applications/virtualization/vpcs/default.nix b/nixpkgs/pkgs/applications/virtualization/vpcs/default.nix new file mode 100644 index 000000000000..3d6efcfc8443 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/vpcs/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl, glibc }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "vpcs"; + version = "0.8"; + + src = fetchurl { + name = "${name}.tar.bz2"; + url = "mirror://sourceforge/project/${pname}/${version}/${name}-src.tbz"; + sha256 = "14y9nflcyq486vvw0na0fkfmg5dac004qb332v4m5a0vaz8059nw"; + }; + + patches = [ ./vpcs-0.8-glibc-2.26.patch ]; + + buildInputs = [ glibc.static ]; + + buildPhase = ''( + cd src + ./mk.sh ${stdenv.buildPlatform.platform.kernelArch} + )''; + + installPhase = '' + install -D -m555 src/vpcs $out/bin/vpcs; + install -D -m444 man/vpcs.1 $out/share/man/man1/vpcs.1; + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Virtual PC simulator"; + longDescription = '' + The VPCS can simulate up to 9 PCs. You can ping/traceroute them, or + ping/traceroute the other hosts/routers from the VPCS when you study the + Cisco routers in the dynamips. + ''; + homepage = "https://sourceforge.net/projects/vpcs/"; + license = licenses.bsd2; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/vpcs/vpcs-0.8-glibc-2.26.patch b/nixpkgs/pkgs/applications/virtualization/vpcs/vpcs-0.8-glibc-2.26.patch new file mode 100644 index 000000000000..d94a39ccd64d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/vpcs/vpcs-0.8-glibc-2.26.patch @@ -0,0 +1,14 @@ +diff --git a/src/getopt.h b/src/getopt.h +index 4394aa2..bf59e10 100644 +--- a/src/getopt.h ++++ b/src/getopt.h +@@ -49,9 +49,6 @@ extern int optind; + extern int opterr; + extern int optopt; + +-#ifndef FreeBSD +-int getopt(int argc, char** argv, char* optstr); +-#endif + int arg_to_int(const char* arg, int min, int max, int defalt); + + #ifdef __cplusplus diff --git a/nixpkgs/pkgs/applications/virtualization/x11docker/default.nix b/nixpkgs/pkgs/applications/virtualization/x11docker/default.nix new file mode 100644 index 000000000000..94682893d51c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/x11docker/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg }: +stdenv.mkDerivation rec { + name = "x11docker-${version}"; + version = "5.4.4"; + src = fetchFromGitHub { + owner = "mviereck"; + repo = "x11docker"; + rev = "v${version}"; + sha256 = "1p45dyd1zfjxlawsy190q71hwl083f90ryaslslhxsadsi9m64dq"; + }; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ nx-libs xorg.xhost xorg.xinit ]; + + dontBuild = true; + + PATH_PREFIX = "${nx-libs}/bin:${xorg.xdpyinfo}/bin:${xorg.xhost}/bin:${xorg.xinit}/bin"; + + installPhase = '' + install -D x11docker "$out/bin/x11docker"; + #install -D x11docker-gui "$out/bin/x11docker-gui"; + wrapProgram "$out/bin/x11docker" --prefix PATH : "${PATH_PREFIX}" + #wrapProgram "$out/bin/x11docker-gui" --prefix PATH : "${PATH_PREFIX}" + # GUI disabled because of missing `kaptain` dependency + ''; + + meta = { + description = "Run graphical applications with Docker"; + homepage = https://github.com/mviereck/x11docker; + license = stdenv.lib.licenses.mit; + maintainers = with stdenv.lib.maintainers; [ jD91mZM2 ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch new file mode 100644 index 000000000000..53821c0d9c51 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch @@ -0,0 +1,16 @@ +tools/python/install-wrap script brakes shebangs patching, disable + +diff --git a/tools/Rules.mk b/tools/Rules.mk +index 87a56dc..a7da869 100644 +--- a/tools/Rules.mk ++++ b/tools/Rules.mk +@@ -90,8 +90,7 @@ CFLAGS += $(CFLAGS-y) + + CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) + +-INSTALL_PYTHON_PROG = \ +- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) ++INSTALL_PYTHON_PROG = $(INSTALL_PROG) + + %.opic: %.c + $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch new file mode 100644 index 000000000000..072338b87aba --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch @@ -0,0 +1,27 @@ +hack to make etherboot use prefetched ipxe + +diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile +index a0578d2..64428a0 100644 +--- a/tools/firmware/etherboot/Makefile ++++ b/tools/firmware/etherboot/Makefile +@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz + + D=ipxe + T=ipxe.tar.gz ++G=ipxe.git + + ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS))) + +@@ -36,9 +37,9 @@ $T: + fi + mv _$T $T + +-$D/src/arch/i386/Makefile: $T Config +- rm -rf $D +- gzip -dc $T | tar xf - ++$D/src/arch/i386/Makefile: $G Config ++ mkdir $D ++ cp -a $G/* $D + for i in $$(cat patches/series) ; do \ + patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \ + done diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch new file mode 100644 index 000000000000..339972a2cdeb --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch @@ -0,0 +1,19 @@ +diff -uNr a/src/Kconfig b/src/Kconfig +--- a/src/Kconfig 2015-08-31 10:15:13.231134858 +0200 ++++ b/src/Kconfig 2015-08-31 10:14:24.039180178 +0200 +@@ -144,13 +144,13 @@ + config ATA_DMA + depends on ATA + bool "ATA DMA" +- default n ++ default y + help + Detect and try to use ATA bus mastering DMA controllers. + config ATA_PIO32 + depends on ATA + bool "ATA 32bit PIO" +- default n ++ default y + help + Use 32bit PIO accesses on ATA (minor optimization on PCI transfers). + config AHCI diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch new file mode 100644 index 000000000000..67b7ac777b5d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch @@ -0,0 +1,104 @@ +From bd71555985efc423b1a119b6a3177de855763453 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:26:30 +0100 +Subject: [PATCH] libxl: Spice image compression setting support for upstream + qemu + +Usage: +spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off] + +Specifies what image compression is to be used by spice (if given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 6 ++++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 24 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index e2f91fc..0c2cbac 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1427,6 +1427,12 @@ for redirection of up to 4 usb devices from spice client to domU's qemu. + It requires an usb controller and if not defined it will automatically adds + an usb2 controller. The default is disabled (0). + ++=item B<spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off]> ++ ++Specifies what image compression is to be used by spice (if given), otherwise ++the qemu default will be used. Please see documentations of your current qemu ++version for details. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 0a123f1..b8e0b67 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -528,6 +528,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_USBREDIREDIRECTION 1 + + /* ++ * LIBXL_HAVE_SPICE_IMAGECOMPRESSION ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: image_compression. This value defines what Spice image compression ++ * is used. ++ * ++ * If this is not defined, the Spice image compression setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index c2b0487..40c8649 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -398,6 +398,10 @@ static char *dm_spice_options(libxl__gc *gc, + if (!libxl_defbool_val(spice->clipboard_sharing)) + opt = libxl__sprintf(gc, "%s,disable-copy-paste", opt); + ++ if (spice->image_compression) ++ opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, ++ spice->image_compression); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 1214d2e..052ded9 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -241,6 +241,7 @@ libxl_spice_info = Struct("spice_info", [ + ("vdagent", libxl_defbool), + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), ++ ("image_compression", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 0b02a6c..00aa69d 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1948,6 +1948,8 @@ skip_vfb: + &b_info->u.hvm.spice.clipboard_sharing, 0); + if (!xlu_cfg_get_long (config, "spiceusbredirection", &l, 0)) + b_info->u.hvm.spice.usbredirection = l; ++ xlu_cfg_replace_string (config, "spice_image_compression", ++ &b_info->u.hvm.spice.image_compression, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch new file mode 100644 index 000000000000..acf9cff99251 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch @@ -0,0 +1,104 @@ +From 296c7f3284efe655d95a8ae045a5dc1a20d6fff0 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:33:17 +0100 +Subject: [PATCH] libxl: Spice streaming video setting support for upstream + qemu + +Usage: +spice_streaming_video=[filter|all|off] + +Specifies what streaming video setting is to be used by spice (if +given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 5 +++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 23 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index 0c2cbac..408653f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1433,6 +1433,11 @@ Specifies what image compression is to be used by spice (if given), otherwise + the qemu default will be used. Please see documentations of your current qemu + version for details. + ++=item B<spice_streaming_video=[filter|all|off]> ++ ++Specifies what streaming video setting is to be used by spice (if given), ++otherwise the qemu default will be used. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index b8e0b67..c219f59 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -539,6 +539,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 + + /* ++ * LIBXL_HAVE_SPICE_STREAMINGVIDEO ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: streaming_video. This value defines what Spice streaming video setting ++ * is used. ++ * ++ * If this is not defined, the Spice streaming video setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_STREAMINGVIDEO 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 40c8649..d8d6f0c 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -402,6 +402,10 @@ static char *dm_spice_options(libxl__gc *gc, + opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, + spice->image_compression); + ++ if (spice->streaming_video) ++ opt = libxl__sprintf(gc, "%s,streaming-video=%s", opt, ++ spice->streaming_video); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 052ded9..02be466 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -242,6 +242,7 @@ libxl_spice_info = Struct("spice_info", [ + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), + ("image_compression", string), ++ ("streaming_video", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 00aa69d..b7eac29 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1950,6 +1950,8 @@ skip_vfb: + b_info->u.hvm.spice.usbredirection = l; + xlu_cfg_replace_string (config, "spice_image_compression", + &b_info->u.hvm.spice.image_compression, 0); ++ xlu_cfg_replace_string (config, "spice_streaming_video", ++ &b_info->u.hvm.spice.streaming_video, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch new file mode 100644 index 000000000000..1771b662bc3a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch @@ -0,0 +1,165 @@ +From 161212ef02312c0681d2d809c8ff1e1f0ea6f6f9 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Wed, 29 Apr 2015 11:20:28 +0200 +Subject: [PATCH] libxl: Add qxl vga interface support for upstream qemu + +Usage: +vga="qxl" + +Qxl vga support many resolutions that not supported by stdvga, +mainly the 16:9 ones and other high up to 2560x1600. +With QXL you can get improved performance and smooth video also +with high resolutions and high quality. +Require their drivers installed in the domU and spice used +otherwise act as a simple stdvga. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Signed-off-by: Zhou Peng <zpengxen@gmail.com> +Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> +Acked-by: George Dunlap <george.dunlap@eu.citrix.com> +--- + docs/man/xl.cfg.pod.5 | 10 +++++++++- + tools/libxl/libxl.h | 10 ++++++++++ + tools/libxl/libxl_create.c | 13 +++++++++++++ + tools/libxl/libxl_dm.c | 8 ++++++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 6 files changed, 43 insertions(+), 1 deletion(-) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index f936dfc..8e4154f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1360,6 +1360,9 @@ qemu-xen-traditional device-model, the amount of video RAM is fixed at 4 MB, + which is sufficient for 1024x768 at 32 bpp. For the upstream qemu-xen + device-model, the default and minimum is 8 MB. + ++For B<qxl> vga, the default is both default and minimal 128MB. ++If B<videoram> is set less than 128MB, an error will be triggered. ++ + =item B<stdvga=BOOLEAN> + + Select a standard VGA card with VBE (VESA BIOS Extensions) as the +@@ -1371,9 +1374,14 @@ This option is deprecated, use vga="stdvga" instead. + + =item B<vga="STRING"> + +-Selects the emulated video card (none|stdvga|cirrus). ++Selects the emulated video card (none|stdvga|cirrus|qxl). + The default is cirrus. + ++In general, QXL should work with the Spice remote display protocol ++for acceleration, and QXL driver is necessary in guest in this case. ++QXL can also work with the VNC protocol, but it will be like a standard ++VGA without acceleration. ++ + =item B<vnc=BOOLEAN> + + Allow access to the display via the VNC protocol. This enables the +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 44bd8e2..efc0617 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -535,6 +535,16 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_DOMINFO_OUTSTANDING_MEMKB 1 + + /* ++ * LIBXL_HAVE_QXL ++ * ++ * If defined, then the libxl_vga_interface_type will contain another value: ++ * "QXL". This value define if qxl vga is supported. ++ * ++ * If this is not defined, the qxl vga support is missed. ++ */ ++#define LIBXL_HAVE_QXL 1 ++ ++/* + * LIBXL_HAVE_SPICE_VDAGENT + * + * If defined, then the libxl_spice_info structure will contain a boolean type: +diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c +index e5a343f..188f7df 100644 +--- a/tools/libxl/libxl_create.c ++++ b/tools/libxl/libxl_create.c +@@ -248,6 +248,10 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ LOG(ERROR,"qemu upstream required for qxl vga"); ++ return ERROR_INVAL; ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 8 * 1024; +@@ -272,6 +276,15 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) { ++ b_info->video_memkb = (128 * 1024); ++ } else if (b_info->video_memkb < (128 * 1024)) { ++ LOG(ERROR, ++ "128 Mib videoram is the minimum for qxl default"); ++ return ERROR_INVAL; ++ } ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 16 * 1024; +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 30c1578..58c9b99 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -251,6 +251,8 @@ static char ** libxl__build_device_model_args_old(libxl__gc *gc, + case LIBXL_VGA_INTERFACE_TYPE_NONE: + flexarray_append_pair(dm_args, "-vga", "none"); + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ break; + } + + if (b_info->u.hvm.boot) { +@@ -625,6 +627,12 @@ static char ** libxl__build_device_model_args_new(libxl__gc *gc, + break; + case LIBXL_VGA_INTERFACE_TYPE_NONE: + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ /* QXL have 2 ram regions, ram and vram */ ++ flexarray_append_pair(dm_args, "-device", ++ GCSPRINTF("qxl-vga,vram_size_mb=%"PRIu64",ram_size_mb=%"PRIu64, ++ (b_info->video_memkb/2/1024), (b_info->video_memkb/2/1024) ) ); ++ break; + } + + if (b_info->u.hvm.boot) { +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 117b61d..023b21e 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -183,6 +183,7 @@ libxl_vga_interface_type = Enumeration("vga_interface_type", [ + (1, "CIRRUS"), + (2, "STD"), + (3, "NONE"), ++ (4, "QXL"), + ], init_val = "LIBXL_VGA_INTERFACE_TYPE_CIRRUS") + + libxl_vendor_device = Enumeration("vendor_device", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 648ca08..526a1f6 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -2115,6 +2115,8 @@ skip_vfb: + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_CIRRUS; + } else if (!strcmp(buf, "none")) { + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_NONE; ++ } else if (!strcmp(buf, "qxl")) { ++ b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_QXL; + } else { + fprintf(stderr, "Unknown vga \"%s\" specified\n", buf); + exit(1); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix new file mode 100644 index 000000000000..f3055fc79c35 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix @@ -0,0 +1,181 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib, glib, python2 +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib glib python2 + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.10.0"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "0i38ap5b5m1kix6xb0vn9ya1yab35adyc98bzfnbq4lb7w1afqh2"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + "qemu-xen" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen.git; + # rev = "refs/tags/qemu-xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "b79708a8ed1b3d18bee67baeaf33b3fa529493e2"; + sha256 = "1yxxad6nvlfmrbgyc8ix19qmrsn1rx4zpyiqnfi4x4kg94acwa5w"; + }; + patches = [ + qemuMemfdBuildFix + ]; + buildInputs = qemuDeps; + postPatch = '' + # needed in build but /usr/bin/env is not available in sandbox + substituteInPlace scripts/tracetool.py \ + --replace "/usr/bin/env python" "${python2}/bin/python" + ''; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + "qemu-xen-traditional" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen-traditional.git; + # rev = "refs/tags/xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "c8ea0457495342c417c3dc033bba25148b279f60"; + sha256 = "0v5nl3c08kpjg57fb8l191h1y57ykp786kz6l525jgplif28vx13"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/seabios.git; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/ovmf.git; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = https://git.ipxe.org/ipxe.git; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + "xen-libhvm-dir-remote" = { + src = fetchgit { + name = "xen-libhvm"; + url = https://github.com/michalpalka/xen-libhvm; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + XSA_252 + XSA_253 + XSA_255_1 + XSA_255_2 + XSA_256 + ]; + + # Fix build on Glibc 2.24. + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + # Makefile didn't include previous PKG_CONFIG_PATH so glib wasn't found + substituteInPlace tools/Makefile \ + --replace 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config' 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config:$(PKG_CONFIG_PATH)' + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.5.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.5.nix new file mode 100644 index 000000000000..64704f73e7b1 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.5.nix @@ -0,0 +1,261 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsaPatch = { name , sha256 }: (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa${name}.patch"; + inherit sha256; + }); + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib + ]; + + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; +in + +callPackage (import ./generic.nix (rec { + version = "4.5.5"; + + meta = { + knownVulnerabilities = [ "Security support ended in January 2018" ]; + }; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "1y74ms4yc3znf8jc3fgyq94va2y0pf7jh8m9pfqnpgklywqnw8g2"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + "qemu-xen" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen.git; + rev = "refs/tags/qemu-xen-${version}"; + sha256 = "014s755slmsc7xzy7qhk9i3kbjr2grxb5yznjp71dl6xxfvnday2"; + }; + buildInputs = qemuDeps; + patches = [ + (xsaPatch { + name = "197-4.5-qemuu"; + sha256 = "09gp980qdlfpfmxy0nk7ncyaa024jnrpzx9gpq2kah21xygy5myx"; + }) + (xsaPatch { + name = "208-qemuu-4.7"; + sha256 = "0z9b1whr8rp2riwq7wndzcnd7vw1ckwx0vbk098k2pcflrzppgrb"; + }) + (xsaPatch { + name = "209-qemuu/0001-display-cirrus-ignore-source-pitch-value-as-needed-i"; + sha256 = "1xvxzsrsq05fj6szjlpbgg4ia3cw54dn5g7xzq1n1dymbhv606m0"; + }) + (xsaPatch { + name = "209-qemuu/0002-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput"; + sha256 = "0avxqs9922qjfsxxlk7bh10432a526j2yyykhags8dk1bzxkpxwv"; + }) + (xsaPatch { + name = "211-qemuu-4.6"; + sha256 = "1g090xs8ca8676vyi78b99z5yjdliw6mxkr521b8kimhf8crx4yg"; + }) + (xsaPatch { + name = "216-qemuu-4.5"; + sha256 = "0nh5akbal93czia1gh1pzvwq7gc4zwiyr1hbyk1m6wwdmqv6ph61"; + }) + ]; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + "qemu-xen-traditional" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen-traditional.git; + rev = "refs/tags/xen-${version}"; + sha256 = "0n0ycxlf1wgdjkdl8l2w1i0zzssk55dfv67x8i6b2ima01r0k93r"; + }; + buildInputs = qemuDeps; + patches = [ + (xsaPatch { + name = "197-4.5-qemut"; + sha256 = "17l7npw00gyhqzzaqamwm9cawfvzm90zh6jjyy95dmqbh7smvy79"; + }) + (xsaPatch { + name = "199-trad"; + sha256 = "0dfw6ciycw9a9s97sbnilnzhipnzmdm9f7xcfngdjfic8cqdcv42"; + }) + (xsaPatch { + name = "208-qemut"; + sha256 = "0960vhchixp60j9h2lawgbgzf6mpcdk440kblk25a37bd6172l54"; + }) + (xsaPatch { + name = "209-qemut"; + sha256 = "1hq8ghfzw6c47pb5vf9ngxwgs8slhbbw6cq7gk0nam44rwvz743r"; + }) + (xsaPatch { + name = "211-qemut-4.5"; + sha256 = "1z3phabvqmxv4b5923fx63hwdg4v1fnl15zbl88873ybqn0hp50f"; + }) + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/seabios.git; + rev = "e51488c5f8800a52ac5c8da7a31b85cca5cc95d2"; + #rev = "rel-1.7.5"; + sha256 = "0jk54ybhmw97pzyhpm6jr2x99f702kbn0ipxv5qxcbynflgdazyb"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/ovmf.git; + rev = "cb9a7ebabcd6b8a49dc0854b2f9592d732b5afbd"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcq"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = https://git.ipxe.org/ipxe.git; + rev = "9a93db3f0947484e30e753bbd61a10b17336e20e"; + sha256 = "1ga3h1b34q0cl9azj7j9nswn7mfcs3cgfjdihrm5zkp2xw2hpvr6"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + "xen-libhvm-dir-remote" = { + src = fetchgit { + name = "xen-libhvm"; + url = https://github.com/ts468/xen-libhvm; + rev = "442dcc4f6f4e374a51e4613532468bd6b48bdf63"; + sha256 = "9ba97c39a00a54c154785716aa06691d312c99be498ebbc00dc3769968178ba8"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + ./0001-libxl-Spice-image-compression-setting-support-for-up.patch + ./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch + ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch + XSA_190 + XSA_191 + XSA_192 + XSA_193 + XSA_195 + XSA_196 + XSA_198 + XSA_200 + XSA_202_45 + XSA_204_45 + XSA_206_45 + XSA_207 + XSA_212 + XSA_213_45 + XSA_214 + XSA_215 + XSA_217_45 + XSA_218_45 + XSA_219_45 + XSA_220_45 + XSA_221 + XSA_222_45 + XSA_223 + XSA_224_45 + XSA_227_45 + XSA_230 + XSA_231_45 + XSA_232 + XSA_233 + XSA_234_45 + XSA_235_45 + XSA_236_45 + XSA_237_45 + XSA_238_45 + XSA_239_45 + XSA_240_45 + XSA_241 + XSA_242 + XSA_243_45 + XSA_244_45 + XSA_245 + XSA_246_45 + XSA_247_45 + XSA_248_45 + XSA_249 + XSA_250_45 + XSA_251_45 + ]; + + # Fix build on Glibc 2.24. + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_02; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix new file mode 100644 index 000000000000..2a59cd1f0615 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix @@ -0,0 +1,185 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + xenlockprofpatch = (fetchpatch { + name = "xenlockprof-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222"; + sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70"; + }); + + xenpmdpatch = (fetchpatch { + name = "xenpmd-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3"; + sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq"; + }); + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.8.3"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "0vhkpyy5x7kc36hnav95fn194ngsmc3m2xcc78vccs00gdf6m8q9"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + "qemu-xen" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen.git; + rev = "refs/tags/qemu-xen-${version}"; + sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4"; + }; + patches = [ + qemuMemfdBuildFix + ]; + buildInputs = qemuDeps; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + "qemu-xen-traditional" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen-traditional.git; + rev = "refs/tags/xen-${version}"; + sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/seabios.git; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/ovmf.git; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = https://git.ipxe.org/ipxe.git; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + "xen-libhvm-dir-remote" = { + src = fetchgit { + name = "xen-libhvm"; + url = https://github.com/michalpalka/xen-libhvm; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + # XSA_231 to XSA-251 are fixed in 4.8.3 (verified with git log) + XSA_252_49 + # 253: 4.8 not affected + # 254: no patch supplied by xen project (Meltdown/Spectre) + XSA_255_49_1 + XSA_255_49_2 + XSA_256_48 + xenlockprofpatch + xenpmdpatch + ]; + + # Fix build on Glibc 2.24. + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch b/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch new file mode 100644 index 000000000000..aa4fd494082d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch @@ -0,0 +1,63 @@ +From 858dbaaeda33b05c1ac80aea0ba9a03924e09005 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Wed, 9 May 2018 11:08:12 +0100 +Subject: [PATCH] libacpi: fixes for iasl >= 20180427 +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +New versions of iasl have introduced improved C file generation, as +reported in the changelog: + +iASL: Enhanced the -tc option (which creates an AML hex file in C, +suitable for import into a firmware project): + 1) Create a unique name for the table, to simplify use of multiple +SSDTs. + 2) Add a protection #ifdef in the file, similar to a .h header file. + +The net effect of that on generated files is: + +-unsigned char AmlCode[] = ++#ifndef __SSDT_S4_HEX__ ++#define __SSDT_S4_HEX__ ++ ++unsigned char ssdt_s4_aml_code[] = + +The above example is from ssdt_s4.asl. + +Fix the build with newer versions of iasl by stripping the '_aml_code' +suffix from the variable name on generated files. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Wei Liu <wei.liu2@citrix.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> +Release-acked-by: Juergen Gross <jgross@suse.com> +--- + tools/libacpi/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/libacpi/Makefile b/tools/libacpi/Makefile +index a47a658a25..c17f3924cc 100644 +--- a/tools/libacpi/Makefile ++++ b/tools/libacpi/Makefile +@@ -43,7 +43,7 @@ all: $(C_SRC) $(H_SRC) + + $(H_SRC): $(ACPI_BUILD_DIR)/%.h: %.asl iasl + iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $< +- sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex >$@ ++ sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex >$@ + rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) + + $(MK_DSDT): mk_dsdt.c +@@ -76,7 +76,7 @@ $(ACPI_BUILD_DIR)/dsdt_anycpu_arm.asl: $(MK_DSDT) + + $(C_SRC): $(ACPI_BUILD_DIR)/%.c: iasl $(ACPI_BUILD_DIR)/%.asl + iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $(ACPI_BUILD_DIR)/$*.asl +- sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) ++ sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) + echo "int $*_len=sizeof($*);" >> $@.$(TMP_SUFFIX) + mv -f $@.$(TMP_SUFFIX) $@ + rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) +-- +2.11.0 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/generic.nix b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix new file mode 100644 index 000000000000..8dc2dffc6b6b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix @@ -0,0 +1,240 @@ +config: +{ stdenv, cmake, pkgconfig, which + +# Xen +, bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib +, iasl, libaio, libiconv, libuuid, ncurses, openssl, perl +, python2Packages +# python2Packages.python +, xz, yajl, zlib + +# Xen Optional +, ocamlPackages + +# Scripts +, coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools +, iproute, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd +, lvm2, utillinux, procps, systemd + +# Documentation +# python2Packages.markdown +, transfig, ghostscript, texinfo, pandoc + +, ...} @ args: + +with stdenv.lib; + +let + #TODO: fix paths instead + scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [ + which perl + coreutils gawk gnused gnugrep diffutils utillinux multipath-tools + iproute inetutils iptables bridge-utils openvswitch nbd drbd + ]; + + withXenfiles = f: concatStringsSep "\n" (mapAttrsToList f config.xenfiles); + + withTools = a: f: withXenfiles (name: x: optionalString (hasAttr a x) '' + echo "processing ${name}" + __do() { + cd "tools/${name}" + ${f name x} + } + ( __do ) + ''); +in + +stdenv.mkDerivation (rec { + inherit (config) version; + + name = "xen-${version}"; + + dontUseCmakeConfigure = true; + + hardeningDisable = [ "stackprotector" "fortify" "pic" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + cmake which + + # Xen + bison bzip2 checkpolicy dev86 figlet flex gettext glib iasl libaio + libiconv libuuid ncurses openssl perl python2Packages.python xz yajl zlib + + # oxenstored + ocamlPackages.findlib ocamlPackages.ocaml systemd + + # Python fixes + python2Packages.wrapPython + + # Documentation + python2Packages.markdown transfig ghostscript texinfo pandoc + + # Others + ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles)) + ++ (config.buildInputs or []); + + prePatch = '' + ### Generic fixes + + # Xen's stubdoms, tools and firmwares need various sources that + # are usually fetched at build time using wget and git. We can't + # have that, so we prefetch them in nix-expression and setup + # fake wget and git for debugging purposes. + + mkdir fake-bin + + # Fake git: just print what it wants and die + cat > fake-bin/wget << EOF + #!${stdenv.shell} -e + echo ===== FAKE WGET: Not fetching \$* + [ -e \$3 ] + EOF + + # Fake git: just print what it wants and die + cat > fake-bin/git << EOF + #!${stdenv.shell} + echo ===== FAKE GIT: Not cloning \$* + [ -e \$3 ] + EOF + + chmod +x fake-bin/* + export PATH=$PATH:$PWD/fake-bin + + # Remove in-tree qemu stuff in case we build from a tar-ball + rm -rf tools/qemu-xen tools/qemu-xen-traditional + + # Fix shebangs, mainly for build-scipts + # We want to do this before getting prefetched stuff to speed things up + # (prefetched stuff has lots of files) + find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g' + find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \ + | xargs sed -i 's@/bin/bash@${stdenv.shell}@g' + + # Get prefetched stuff + ${withXenfiles (name: x: '' + echo "${x.src} -> tools/${name}" + cp -r ${x.src} tools/${name} + chmod -R +w tools/${name} + '')} + ''; + + patches = [ ./0000-fix-ipxe-src.patch + ./0000-fix-install-python.patch + ./acpica-utils-20180427.patch] + ++ (config.patches or []); + + postPatch = '' + ### Hacks + + # Work around a bug in our GCC wrapper: `gcc -MF foo -v' doesn't + # print the GCC version number properly. + substituteInPlace xen/Makefile \ + --replace '$(CC) $(CFLAGS) -v' '$(CC) -v' + + # Hack to get `gcc -m32' to work without having 32-bit Glibc headers. + mkdir -p tools/include/gnu + touch tools/include/gnu/stubs-32.h + + ### Fixing everything else + + substituteInPlace tools/libfsimage/common/fsimage_plugin.c \ + --replace /usr $out + + substituteInPlace tools/blktap2/lvm/lvm-util.c \ + --replace /usr/sbin/vgs ${lvm2}/bin/vgs \ + --replace /usr/sbin/lvs ${lvm2}/bin/lvs + + substituteInPlace tools/misc/xenpvnetboot \ + --replace /usr/sbin/mount ${utillinux}/bin/mount \ + --replace /usr/sbin/umount ${utillinux}/bin/umount + + substituteInPlace tools/xenmon/xenmon.py \ + --replace /usr/bin/pkill ${procps}/bin/pkill + + substituteInPlace tools/xenstat/Makefile \ + --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h + + ${optionalString (builtins.compareVersions config.version "4.8" >= 0) '' + substituteInPlace tools/hotplug/Linux/launch-xenstore.in \ + --replace /bin/mkdir mkdir + ''} + + ${optionalString (builtins.compareVersions config.version "4.6" < 0) '' + # TODO: use this as a template and support our own if-up scripts instead? + substituteInPlace tools/hotplug/Linux/xen-backend.rules.in \ + --replace "@XEN_SCRIPT_DIR@" $out/etc/xen/scripts + + # blktap is not provided by xen, but by xapi + sed -i '/blktap/d' tools/hotplug/Linux/xen-backend.rules.in + ''} + + ${withTools "patches" (name: x: '' + ${concatMapStringsSep "\n" (p: '' + echo "# Patching with ${p}" + patch -p1 < ${p} + '') x.patches} + '')} + + ${withTools "postPatch" (name: x: x.postPatch)} + + ${config.postPatch or ""} + ''; + + postConfigure = '' + substituteInPlace tools/hotplug/Linux/xendomains \ + --replace /bin/ls ls + ''; + + # TODO: Flask needs more testing before enabling it by default. + #makeFlags = "XSM_ENABLE=y FLASK_ENABLE=y PREFIX=$(out) CONFIG_DIR=/etc XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files "; + makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ] + ++ (config.makeFlags or []); + + buildFlags = "xen tools"; + + postBuild = '' + make -C docs man-pages + + ${withTools "buildPhase" (name: x: x.buildPhase)} + ''; + + installPhase = '' + mkdir -p $out $out/share $out/share/man + cp -prvd dist/install/nix/store/*/* $out/ + cp -prvd dist/install/boot $out/boot + cp -prvd dist/install/etc $out + cp -dR docs/man1 docs/man5 $out/share/man/ + + ${withTools "installPhase" (name: x: x.installPhase)} + + # Hack + substituteInPlace $out/etc/xen/scripts/hotplugpath.sh \ + --replace SBINDIR=\"$out/sbin\" SBINDIR=\"$out/bin\" + + wrapPythonPrograms + # We also need to wrap pygrub, which lies in lib + wrapPythonProgramsIn "$out/lib" "$out $pythonPath" + + shopt -s extglob + for i in $out/etc/xen/scripts/!(*.sh); do + sed -i "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i + done + ''; + + enableParallelBuilding = true; + + # TODO(@oxij): Stop referencing args here + meta = { + homepage = http://www.xen.org/; + description = "Xen hypervisor and related components" + + optionalString (args ? meta && args.meta ? description) + " (${args.meta.description})"; + longDescription = (args.meta.longDescription or "") + + "\nIncludes:\n" + + withXenfiles (name: x: ''* ${name}: ${x.meta.description or "(No description)"}.''); + platforms = [ "x86_64-linux" ]; + maintainers = with stdenv.lib.maintainers; [ eelco tstrobel oxij ]; + license = stdenv.lib.licenses.gpl2; + } // (config.meta or {}); +} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/packages.nix b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix new file mode 100644 index 000000000000..791a3b91818a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix @@ -0,0 +1,156 @@ +{ callPackage +, stdenv, overrideCC, gcc49 +}: + +# TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim +# light] for each ./<version>.nix. + +rec { + + xen_4_5-vanilla = callPackage ./4.5.nix { + # At the very least included seabios and etherboot need gcc49, + # so we have to build all of it with gcc49. + stdenv = overrideCC stdenv gcc49; + + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_5-slim = xen_4_5-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_5-light = xen_4_5-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen_4_8-vanilla = callPackage ./4.8.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_8-slim = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_8-light = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen_4_10-vanilla = callPackage ./4.10.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_10-slim = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_10-light = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen-vanilla = xen_4_8-vanilla; + xen-slim = xen_4_8-slim; + xen-light = xen_4_8-light; + +} diff --git a/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix new file mode 100644 index 000000000000..727546b69fb0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix @@ -0,0 +1,936 @@ +{ fetchpatch }: + +let + xsaPatch = { name , sha256 }: (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa${name}.patch"; + inherit sha256; + }); +in rec { + # 4.5 + XSA_190 = (xsaPatch { + name = "190-4.5"; + sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm"; + }); + + # 4.5 + XSA_191 = (xsaPatch { + name = "191-4.6"; + sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg"; + }); + + # 4.5 + XSA_192 = (xsaPatch { + name = "192-4.5"; + sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm"; + }); + + # 4.5 + XSA_193 = (xsaPatch { + name = "193-4.5"; + sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr"; + }); + + # 4.5 + XSA_195 = (xsaPatch { + name = "195"; + sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7"; + }); + + # 4.5 + XSA_196 = [ + (xsaPatch { + name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject"; + sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6"; + }) + (xsaPatch { + name = "196-0002-x86-svm-Fix-injection-of-software-interrupts"; + sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz"; + }) + ]; + + # 4.5 + XSA_198 = (xsaPatch { + name = "198"; + sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9"; + }); + + # 4.5 + XSA_200 = (xsaPatch { + name = "200-4.6"; + sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7"; + }); + + # 4.5 + XSA_202_45 = (xsaPatch { + name = "202-4.6"; + sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f"; + }); + + # 4.8 + XSA_202 = (xsaPatch { + name = "202"; + sha256 = "0j1d5akcjgx8w2c6w6p9znv77fkmps0880m2xgpbgs1ra9grshm1"; + }); + + # 4.8 + XSA_203 = (xsaPatch { + name = "203"; + sha256 = "1s1q7xskvpg87ivwfaiqr0cj3ajdkhkhpmpikfkvq127h8hhmd8j"; + }); + + # 4.5 + XSA_204_45 = (xsaPatch { + name = "204-4.5"; + sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp"; + }); + + # 4.8 + XSA_204 = (xsaPatch { + name = "204-4.8"; + sha256 = "0rs498s4w2alz3h6jhlr2y0ni630vhggmxbrd1p1p3gcv8p6zzrr"; + }); + + # 4.5 + XSA_206_45 = [ + (xsaPatch { + name = "206-4.5/0001-xenstored-apply-a-write-transaction-rate-limit"; + sha256 = "07vsm8mlbxh2s01ny2xywnm1bqhhxas1az31fzwb6f1g14vkzwm4"; + }) + (xsaPatch { + name = "206-4.5/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; + sha256 = "17pnvxjmhny22abwwivacfig4vfsy5bqlki07z236whc2y7yzbsx"; + }) + (xsaPatch { + name = "206-4.5/0003-oxenstored-refactor-putting-response-on-wire"; + sha256 = "0xf566yicnisliy82cydb2s9k27l3bxc43qgmv6yr2ir3ixxlw5s"; + }) + (xsaPatch { + name = "206-4.5/0004-oxenstored-remove-some-unused-parameters"; + sha256 = "16cqx9i0w4w3x06qqdk9rbw4z96yhm0kbc32j40spfgxl82d1zlk"; + }) + (xsaPatch { + name = "206-4.5/0005-oxenstored-refactor-request-processing"; + sha256 = "1g2hzlv7w03sqnifbzda85mwlz3bw37rk80l248180sv3k7k6bgv"; + }) + (xsaPatch { + name = "206-4.5/0006-oxenstored-keep-track-of-each-transaction-s-operatio"; + sha256 = "0n65yfxvpfd4cz95dpbwqj3nablyzq5g7a0klvi2y9zybhch9cmg"; + }) + (xsaPatch { + name = "206-4.5/0007-oxenstored-move-functions-that-process-simple-operat"; + sha256 = "0qllvbc9rnj7jhhlslxxs35gvphvih0ywz52jszj4irm23ka5vnz"; + }) + (xsaPatch { + name = "206-4.5/0008-oxenstored-replay-transaction-upon-conflict"; + sha256 = "0lixkxjfzciy9l0f980cmkr8mcsx14c289kg0mn5w1cscg0hb46g"; + }) + (xsaPatch { + name = "206-4.5/0009-oxenstored-log-request-and-response-during-transacti"; + sha256 = "09ph8ddcx0k7rndd6hx6kszxh3fhxnvdjsq13p97n996xrpl1x7b"; + }) + (xsaPatch { + name = "206-4.5/0010-oxenstored-allow-compilation-prior-to-OCaml-3.12.0"; + sha256 = "1y0m7sqdz89z2vs4dfr45cyvxxas323rxar0xdvvvivgkgxawvxj"; + }) + (xsaPatch { + name = "206-4.5/0011-oxenstored-comments-explaining-some-variables"; + sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; + }) + (xsaPatch { + name = "206-4.5/0012-oxenstored-handling-of-domain-conflict-credit"; + sha256 = "12zgid5y9vrhhpk2syxp0x01lzzr6447fa76n6rjmzi1xgdzpaf8"; + }) + (xsaPatch { + name = "206-4.5/0013-oxenstored-ignore-domains-with-no-conflict-credit"; + sha256 = "0v3g9pm60w6qi360hdqjcw838s0qcyywz9qpl8gzmhrg7a35avxl"; + }) + (xsaPatch { + name = "206-4.5/0014-oxenstored-add-transaction-info-relevant-to-history-"; + sha256 = "0vv3w0h5xh554i9v2vbc8gzm8wabjf2vzya3dyv5yzvly6ygv0sb"; + }) + (xsaPatch { + name = "206-4.5/0015-oxenstored-support-commit-history-tracking"; + sha256 = "1iv2vy29g437vj73x9p33rdcr5ln2q0kx1b3pgxq202ghbc1x1zj"; + }) + (xsaPatch { + name = "206-4.5/0016-oxenstored-only-record-operations-with-side-effects-"; + sha256 = "1cjkw5ganbg6lq78qsg0igjqvbgph3j349faxgk1p5d6nr492zzy"; + }) + (xsaPatch { + name = "206-4.5/0017-oxenstored-discard-old-commit-history-on-txn-end"; + sha256 = "0lm15lq77403qqwpwcqvxlzgirp6ffh301any9g401hs98f9y4ps"; + }) + (xsaPatch { + name = "206-4.5/0018-oxenstored-track-commit-history"; + sha256 = "1jh92p6vjhkm3bn5vz260npvsjji63g2imsxflxs4f3r69sz1nkd"; + }) + (xsaPatch { + name = "206-4.5/0019-oxenstored-blame-the-connection-that-caused-a-transa"; + sha256 = "17k264pk0fvsamj85578msgpx97mw63nmj0j9v5hbj4bgfazvj4h"; + }) + (xsaPatch { + name = "206-4.5/0020-oxenstored-allow-self-conflicts"; + sha256 = "15z3rd49q0pa72si0s8wjsy2zvbm613d0hjswp4ikc6nzsnsh4qy"; + }) + (xsaPatch { + name = "206-4.5/0021-oxenstored-do-not-commit-read-only-transactions"; + sha256 = "04wpzazhv90lg3228z5i6vnh1z4lzd08z0d0fvc4br6pkd0w4va8"; + }) + (xsaPatch { + name = "206-4.5/0022-oxenstored-don-t-wake-to-issue-no-conflict-credit"; + sha256 = "1shbrn0w68rlywcc633zcgykfccck1a77igmg8ydzwjsbwxsmsjy"; + }) + (xsaPatch { + name = "206-4.5/0023-oxenstored-transaction-conflicts-improve-logging"; + sha256 = "1086y268yh8047k1vxnxs2nhp6izp7lfmq01f1gq5n7jiy1sxcq7"; + }) + (xsaPatch { + name = "206-4.5/0024-oxenstored-trim-history-in-the-frequent_ops-function"; + sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; + }) + ]; + + # 4.8 + XSA_206 = [ + (xsaPatch { + name = "206-4.8/0001-xenstored-apply-a-write-transaction-rate-limit"; + sha256 = "1c81d93i3qx7l38f9af0sd84w5x51zvn262mzl25ilcklql4kzl6"; + }) + (xsaPatch { + name = "206-4.8/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; + sha256 = "0b8iw409wi1x6p0swpnr51lcdlla1lgxjv5f910sj4wl96bca84q"; + }) + (xsaPatch { + name = "206-4.8/0003-oxenstored-comments-explaining-some-variables"; + sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; + }) + (xsaPatch { + name = "206-4.8/0004-oxenstored-handling-of-domain-conflict-credit"; + sha256 = "020rw7hgc0dmhr4admz91kd99b4z1bdpji47nsy1255bjgvwc01k"; + }) + (xsaPatch { + name = "206-4.8/0005-oxenstored-ignore-domains-with-no-conflict-credit"; + sha256 = "1ilhcgyn803bxvfbqv0ihfrh9jfpp0lidkv7i4613f9v9vjm8q0h"; + }) + (xsaPatch { + name = "206-4.8/0006-oxenstored-add-transaction-info-relevant-to-history-"; + sha256 = "1dbd9pzda6hn9wj9pck44dlgz9nxvch3bzgrpaivanww8llxdfzz"; + }) + (xsaPatch { + name = "206-4.8/0007-oxenstored-support-commit-history-tracking"; + sha256 = "1jfr56c22fqkhj6fnv1ha7zsid86zm9l0nihpb8m932xgc4a6h9h"; + }) + (xsaPatch { + name = "206-4.8/0008-oxenstored-only-record-operations-with-side-effects-"; + sha256 = "1y845hj8krjdrirbd2jx4jqgnylwjv7bxnk7474lkld5kdnlbjyf"; + }) + (xsaPatch { + name = "206-4.8/0009-oxenstored-discard-old-commit-history-on-txn-end"; + sha256 = "1lcr9gz2b77x74sr1flfymyyz4xzs04iv88rc1633ibyqxmvk0lx"; + }) + (xsaPatch { + name = "206-4.8/0010-oxenstored-track-commit-history"; + sha256 = "1qwnivak4y038mpby75aaz0y70r0l3yc3hsz6wl5x0b74q6yy0ja"; + }) + (xsaPatch { + name = "206-4.8/0011-oxenstored-blame-the-connection-that-caused-a-transa"; + sha256 = "0p2w5ddyhc6d95dnlxzc5k77j063p02d53ab7m7ijfm7m6gknq8y"; + }) + (xsaPatch { + name = "206-4.8/0012-oxenstored-allow-self-conflicts"; + sha256 = "1571l81m30cbmqm4pk33q33p3dy58sfy2lnkl2wbgl2b3mkk657l"; + }) + (xsaPatch { + name = "206-4.8/0013-oxenstored-do-not-commit-read-only-transactions"; + sha256 = "15985wl635w22dddjyx5l97b5p6m55mzv5ygk7xr0jx7mi192f9x"; + }) + (xsaPatch { + name = "206-4.8/0014-oxenstored-don-t-wake-to-issue-no-conflict-credit"; + sha256 = "08672w4gaf2n3r8xy09h874gh5lg2vnrkjzq6xzvzdhdl092mipw"; + }) + (xsaPatch { + name = "206-4.8/0015-oxenstored-transaction-conflicts-improve-logging"; + sha256 = "0ck98ms0py8wjsc38pbx6222x7n6l90zckfa7m7nnszsyc0sxxad"; + }) + (xsaPatch { + name = "206-4.8/0016-oxenstored-trim-history-in-the-frequent_ops-function"; + sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; + }) + ]; + + # 4.5 - 4.8 + XSA_207 = (xsaPatch { + name = "207"; + sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc"; + }); + + # 4.8 + XSA_210 = (xsaPatch { + name = "210"; + sha256 = "02mykxqxnsrd0sr4ij022j8y7618wzi2a6j6j761vx8qgmh11xai"; + }); + + # 4.5 - 4.8 + XSA_212 = (xsaPatch { + name = "212"; + sha256 = "1ggjbbym5irq534a3zc86md9jg8imlpc9wx8xsadb9akgjrr1r8d"; + }); + + # 4.5 + XSA_213_45 = (xsaPatch { + name = "213-4.5"; + sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm"; + }); + + # 4.8 + XSA_213 = (xsaPatch { + name = "213-4.8"; + sha256 = "0ia3zr6r3bqy2h48fdy7p0iz423lniy3i0qkdvzgv5a8m80darr2"; + }); + + # 4.5 - 4.8 + XSA_214 = (xsaPatch { + name = "214"; + sha256 = "0qapzx63z0yl84phnpnglpkxp6b9sy1y7cilhwjhxyigpfnm2rrk"; + }); + + # 4.5 + XSA_215 = (xsaPatch { + name = "215"; + sha256 = "0sv8ccc5xp09f1w1gj5a9n3mlsdsh96sdb1n560vh31f4kkd61xs"; + }); + + # 4.5 + XSA_217_45 = (xsaPatch { + name = "217-4.5"; + sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4"; + }); + + # 4.6 - 4.8 + XSA_217 = (xsaPatch { + name = "217"; + sha256 = "1khs5ilif14dzcm7lmikjzkwsrfzlmir1rgrgzkc411gf18ylzmj"; + }); + + # 4.5 + XSA_218_45 = [ + (xsaPatch { + name = "218-4.5/0001-IOMMU-handle-IOMMU-mapping-and-unmapping-failures"; + sha256 = "00y6j3yjxw0igpldsavikmhlxw711k2jsj1qx0s05w2k608gadkq"; + }) + (xsaPatch { + name = "218-4.5/0002-gnttab-fix-unmap-pin-accounting-race"; + sha256 = "0qbbfnnjlpdcd29mzmacfmi859k92c213l91q7w1rg2k6pzx928k"; + }) + (xsaPatch { + name = "218-4.5/0003-gnttab-Avoid-potential-double-put-of-maptrack-entry"; + sha256 = "1cndzvyhf41mk4my6vh3bk9jvh2y4gpmqdhvl9zhxhmppszslqkc"; + }) + (xsaPatch { + name = "218-4.5/0004-gnttab-correct-maptrack-table-accesses"; + sha256 = "02zpb0ffigijacqvyyjylwx3qpgibwslrka7mbxwnclf4s9c03a2"; + }) + ]; + + # 4.8 + XSA_218 = [ + (xsaPatch { + name = "218-4.8/0001-gnttab-fix-unmap-pin-accounting-race"; + sha256 = "0r363frai239r2wmwxi48kcr50gbk5l64nja0h9lppi3z2y3dkdd"; + }) + (xsaPatch { + name = "218-4.8/0002-gnttab-Avoid-potential-double-put-of-maptrack-entry"; + sha256 = "07wm06i7frv7bsaykakx3g9h0hfqv96zcadvwf6wv194dggq1plc"; + }) + (xsaPatch { + name = "218-4.8/0003-gnttab-correct-maptrack-table-accesses"; + sha256 = "0ad0irc3p4dmla8sp3frxbh2qciji1dipkslh0xqvy2hyf9p80y9"; + }) + ]; + + # 4.5 + XSA_219_45 = (xsaPatch { + name = "219-4.5"; + sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm"; + }); + + # 4.8 + XSA_219 = (xsaPatch { + name = "219-4.8"; + sha256 = "16q7kiamy86x8qdvls74wmq5j72kgzgdilryig4q1b21mp0ij1jq"; + }); + + # 4.5 + XSA_220_45 = (xsaPatch { + name = "220-4.5"; + sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp"; + }); + + # 4.8 + XSA_220 = (xsaPatch { + name = "220-4.8"; + sha256 = "0214qyqx7qap5y1pdi9fm0vz4y2fbyg71gaq36fisknj35dv2mh5"; + }); + + # 4.5 - 4.8 + XSA_221 = (xsaPatch { + name = "221"; + sha256 = "1mcr1nqgxyjrkywdg7qhlfwgz7vj2if1dhic425vgd41p9cdgl26"; + }); + + # 4.5 + XSA_222_45 = [ + (xsaPatch { + name = "222-1-4.6"; + sha256 = "1g4dqm5qx4wqlv1520jpfiscph95vllcp4gqp1rdfailk8xi0mcf"; + }) + (xsaPatch { + name = "222-2-4.5"; + sha256 = "1hw8rhc7q4v309f4w11gxfsn5x1pirvxkg7s4kr711fnmvp9hkzd"; + }) + ]; + + # 4.8 + XSA_222 = [ + (xsaPatch { + name = "222-1"; + sha256 = "0x02x4kqwfw255638fh2zcxwig1dy6kadlmqim1jgnjgmrvvqas2"; + }) + (xsaPatch { + name = "222-2-4.8"; + sha256 = "1xhyp6q3c5l8djh965g1i8201m2wvhms8k886h4sn30hks38giin"; + }) + ]; + + # 4.5 - 4.8 + XSA_223 = (xsaPatch { + name = "223"; + sha256 = "0803gjgcbq9vaz2mq0v5finf1fq8iik1g4hqsjqhjxvspn8l70c5"; + }); + + # 4.5 + XSA_224_45 = [ + (xsaPatch { + name = "224-4.5/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; + sha256 = "1aislj66ss4cb3v2bh12mrqsyrf288d4h54rj94jjq7h1hnycw7h"; + }) + (xsaPatch { + name = "224-4.5/0002-gnttab-never-create-host-mapping-unless-asked-to"; + sha256 = "1j6fgm1ccb07gg0mi5qmdr0vqwwc3n12z433g1jrija2gbk1x8aq"; + }) + (xsaPatch { + name = "224-4.5/0003-gnttab-correct-logic-to-get-page-references-during-m"; + sha256 = "166kmicwx280fjqjvgigbmhabjksa0hhvqx5h4v6kjlcjpmxqy08"; + }) + (xsaPatch { + name = "224-4.5/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; + sha256 = "1skc0yj1zsn8xgyq1y57bdc0scvvlmd0ynrjwwf1zkias1wlilav"; + }) + ]; + + # 4.8 + XSA_224 = [ + (xsaPatch { + name = "224-4.8/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; + sha256 = "1k326yan5811qzyvpdfkv801a19nyd09nsqayi8gyh58xx9c21m4"; + }) + (xsaPatch { + name = "224-4.8/0002-gnttab-never-create-host-mapping-unless-asked-to"; + sha256 = "06nj1x59bbx9hrj26xmvbw8z805lfqhld9hm0ld0fs6dmcpqzcck"; + }) + (xsaPatch { + name = "224-4.8/0003-gnttab-correct-logic-to-get-page-references-during-m"; + sha256 = "0kmag6fdsskgplcvzqp341yfi6pgc14wvjj58bp7ydb9hdk53qx2"; + }) + (xsaPatch { + name = "224-4.8/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; + sha256 = "1ww80pi7jr4gjpymkcw8qxmr5as18b2asdqv35527nqprylsff9f"; + }) + ]; + + # 4.6 - 4.8 + XSA_225 = (xsaPatch { + name = "225"; + sha256 = "0lcp2bs0r849xnvhrdf8s821v36cqdbzk8lwz6chrjhjalk6ha2g"; + }); + + # 4.5 + XSA_226_45 = [ + (xsaPatch { + name = "226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; + sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; + }) + (xsaPatch { + name = "226-4.5/0002-gnttab-fix-transitive-grant-handling"; + sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; + }) + ]; + + # 4.8 - 4.9 + XSA_226 = [ + (xsaPatch { + name = "226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; + sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; + }) + (xsaPatch { + name = "226-4.9/0002-gnttab-fix-transitive-grant-handling"; + sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; + }) + ]; + + # 4.5 + XSA_227_45 = (xsaPatch { + name = "227-4.5"; + sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8"; + }); + + # 4.8 - 4.9 + XSA_227 = (xsaPatch { + name = "227"; + sha256 = "0zdcm43i5n08rh7rrnb0fcssvd4fgawwmizsa16w2ak7pzvgmg94"; + }); + + # 4.8 + XSA_228_48 = (xsaPatch { + name = "228-4.8"; + sha256 = "085pnzwyv0rdb51hv5vhbhwfyxl0wg8sxcm912gjq8z7da5cv10n"; + }); + + # 4.9 + XSA_228 = (xsaPatch { + name = "228"; + sha256 = "0c9nvfpnr5ira7ha3fszhvvh71nsxrvmzrab56xwjhl2dbw2yy23"; + }); + + # 4.5 - 4.9 + XSA_230 = (xsaPatch { + name = "230"; + sha256 = "10x0j7wmzkrwycs1ng89fgjzvzh8vsdd4c5nb68b3j1azdx4ld83"; + }); + + # 4.5 + XSA_231_45 = (xsaPatch { + name = "231-4.5"; + sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6"; + }); + + # 4.8 - 4.9 + XSA_231 = (xsaPatch { + name = "231-4.9"; + sha256 = "09r8xxq2fd52wrk6i0y0sk3nbidfg6pzzrkx327hfmdjj76iyz3b"; + }); + + # 4.5 - 4.9 + XSA_232 = (xsaPatch { + name = "232"; + sha256 = "0n6irjpmraa3hbxxm64a1cplc6y6g07x7v2fmlpvn70ql3fs0220"; + }); + + # 4.5 - 4.9 + XSA_233 = (xsaPatch { + name = "233"; + sha256 = "1w3m8349cqav56av63w6jzvlsv4jw5rimwvskr9pq2rcbk2dx8kf"; + }); + + # 4.5 + XSA_234_45 = (xsaPatch { + name = "234-4.5"; + sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f"; + }); + + # 4.8 + XSA_234_48 = (xsaPatch { + name = "234-4.8"; + sha256 = "08n1pf7z5y67dmay1ap39bi81clgkx82fpmfn7jsh8k4aw94jrsa"; + }); + + # 4.9 + XSA_234 = (xsaPatch { + name = "234-4.9"; + sha256 = "1znmxg432is0virw8321gax8zqq2zcmi2pc5p2j31sixylixsvzx"; + }); + + # 4.5 + XSA_235_45 = (xsaPatch { + name = "235-4.5"; + sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff"; + }); + + # 4.8 - 4.9 + XSA_235 = (xsaPatch { + name = "235-4.9"; + sha256 = "1rj4jkmh79wm30jq9f8x65qv3al8l91zc3m5s23q0x6abn3pfb9z"; + }); + + # 4.5 + XSA_236_45 = (xsaPatch { + name = "236-4.5"; + sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz"; + }); + + # 4.8 - 4.9 + XSA_236 = (xsaPatch { + name = "236-4.9"; + sha256 = "0vqxy7mgflga05l33j3488fwxmdw3p9yxj4ylhk9n3nw8id72ghq"; + }); + + # 4.5 + XSA_237_45 = [ + (xsaPatch { + name = "237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "0hjxs20jhls4i0iph45a0qpw4znkm04gv74jmwhw84gy4hrhzq3b"; + }) + (xsaPatch { + name = "237-4.5/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "0ki8nmbc2g1l9wnqsph45a2k4c6dk5s7jvdlxg3zznyiyxjcv8yn"; + }) + (xsaPatch { + name = "237-4.5/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1hdz83qrjaqnihz8ji186dypxiblbfpgyb01j9m5alhk4whjqvp1"; + }) + (xsaPatch { + name = "237-4.5/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "0csdfn9kzn1k94pg3fcwsgqw14wcd4myi1jkcq5alj1fmkhw4wmk"; + }) + (xsaPatch { + name = "237-4.5/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "14b73rkvbkd1a2gh9kp0zrvv2d3kfwkiv24fg9agh4hrf2w3nx7y"; + }) + ]; + + # 4.8 + XSA_237_48 = [ + (xsaPatch { + name = "237-4.8/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "0qjisp37lwi2611mp7fbbm1s7m0bx726rrg79dnxs2mj0skw59iv"; + }) + (xsaPatch { + name = "237-4.8/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "05q1dny13jrqhjfwak7r635mqp9chpibjvn8b7d90japc1nzpq62"; + }) + (xsaPatch { + name = "237-4.8/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1907lv8nb2zhpb6k6jlw4m0hm0n0lyd69vfr3wpzbc56dn0w7jqd"; + }) + (xsaPatch { + name = "237-4.8/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "06nrq0bx3p9ipab2r1why6qm4g32dj0x5q24hfkwc6ih0l9xwf8h"; + }) + (xsaPatch { + name = "237-4.8/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "1nbg7bjw2hv55gnkhf6chkh35va6brs08acq1d5jxncl6kv0amc1"; + }) + ]; + + # 4.9 + XSA_237 = [ + (xsaPatch { + name = "237-4.9/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "1cbl24mqxa62h0wgsnrpcs6y6vs53znzj7g8dfsbmf74xwrd4px6"; + }) + (xsaPatch { + name = "237-4.9/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "0p60148j18b78pxz0dx5ymh1gyrhg2cgmxq0jxmbk090bc4jql35"; + }) + (xsaPatch { + name = "237-4.9/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1907lv8nb2zhpb6k6jlw4m0hm0n0lyd69vfr3wpzbc56dn0w7jqd"; + }) + (xsaPatch { + name = "237-4.9/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "0q95z5641amni53agimnzbspva53p0hz5wl16zaz2yhnjasj5pzr"; + }) + (xsaPatch { + name = "237-4.9/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "0bnqx9w7ppgx8wxj2zw09z0rkv1jzn3r0bd76cz0r22wz29fsdp2"; + }) + ]; + + # 4.5 + XSA_238_45 = (xsaPatch { + name = "238-4.5"; + sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z"; + }); + + # 4.8 - 4.9 + XSA_238 = (xsaPatch { + name = "238"; + sha256 = "1cbmg1bi5ajh7qbwsl92ynaxw2c3p7i24p3wds81r4n93r0y5dxk"; + }); + + # 4.5 + XSA_239_45 = (xsaPatch { + name = "239-4.5"; + sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6"; + }); + + # 4.8 - 4.9 + XSA_239 = (xsaPatch { + name = "239"; + sha256 = "1a9r8j7167s43ds5i7v7mm4y970vjnbhhkrjzpmzlcx8kcz96vh3"; + }); + + # 4.5 + XSA_240_45 = [ + (xsaPatch { + name = "240-4.5/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "0pmf10mbnmb88y7mly8s2l0j88cg0ayhkcnmj1zbjrkjmpccv395"; + }) + (xsaPatch { + name = "240-4.5/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "19f096ra3xndvzkjjasx73p2g25hfkm905px0p3yakwll0qzd029"; + }) + ]; + + # 4.8 + XSA_240_48 = [ + (xsaPatch { + name = "240-4.8/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "0m44qhhqk2pdwqg8g28pypqrylq6iw00k9qrzf6qd0iza2y42kgj"; + }) + (xsaPatch { + name = "240-4.8/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "1jd720wvngj9wq3fprdhakxvqlff0jd8zcx2pd3vsn2qvjbvr2gf"; + }) + ]; + + # 4.9 + XSA_240 = [ + (xsaPatch { + name = "240-4.9/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "1759ni80aifakm44g4cc6pnmbcn1xjic8j66fvj0vibm0wqk6xck"; + }) + (xsaPatch { + name = "240-4.9/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "0g6dpi006p5cjxw5d8h33p0429fdmdm6nqzj0m63ralpqvns3ib5"; + }) + ]; + + # 4.5 - 4.8 + XSA_241 = (xsaPatch { + name = "241-4.8"; + sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj"; + }); + + # 4.9 + XSA_241_49 = (xsaPatch { + name = "241-4.9"; + sha256 = "0xlhin7wkhmlnbp9mqcbq3q4drdwb5la482ja9nwkhi8i867p6wc"; + }); + + # 4.5 - 4.9 + XSA_242 = (xsaPatch { + name = "242-4.9"; + sha256 = "0yx3x0i2wybsm7lzdffxa2mm866bjl4ipbb9vipnw77dyg705zpr"; + }); + + # 4.5 + XSA_243_45 = [ + (xsaPatch { + name = "243-4.6-1"; + sha256 = "1cqanpyysa7px0j645z4jw9yqsvv6cbh7yq1b86ap134axfifcan"; + }) + (xsaPatch { + name = "243-4.5-2"; + sha256 = "0wbcgw4m0nzm2902jnda2020l7bd5adkq8j5myi1zmsfzbq03hwn"; + }) + ]; + + # 4.8 + XSA_243_48 = (xsaPatch { + name = "243-4.8"; + sha256 = "1q60zn55l9wpq45nrxh0av59sjz0jg8pkjm1gkyywkdsgg4fg5z4"; + }); + + # 4.9 + XSA_243 = (xsaPatch { + name = "243"; + sha256 = "06fnbnh9zlsbkqih9ipnb7a8gly54m7lp17d854j1r370ad3c4yg"; + }); + + # 4.5 + XSA_244_45 = (xsaPatch { + name = "244-4.5"; + sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l"; + }); + + # 4.8 - 4.9 + XSA_244 = (xsaPatch { + name = "244"; + sha256 = "10308xsgmhb0vg6fk0ql8v94zifv6dcv6vkaicryfp405yj2rzkm"; + }); + + # 4.5 - 4.9 + XSA_245 = [ + (xsaPatch { + name = "245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in"; + sha256 = "12brsgbn7xwakalsn10afykgqmx119mqg6vjj3v2b1pnmf4ss0w8"; + }) + (xsaPatch { + name = "245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du"; + sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8"; + }) + ]; + + # 4.5 - 4.7 + XSA_246_45 = [ + (xsaPatch { + name = "246-4.7"; + sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn"; + }) + ]; + + # 4.8 - 4.9 + XSA_246 = [ + (xsaPatch { + name = "246-4.9"; + sha256 = "0z68vm0z5zvv9gm06pxs9kxq2q9fdbl0l0cm71ggzdplg1vw0snz"; + }) + ]; + + # 4.8 + XSA_247_48 = [ + (xsaPatch { + name = "247-4.8/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; + sha256 = "0kvjrk90n69s721c2qj2df5raml3pjk6bg80aig353p620w6s3xh"; + }) + (xsaPatch { + name = "247-4.8/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; + sha256 = "1s9kv6h6dd8psi5qf5l5gpk9qhq8blckwhl76cjbldcgi6imb3nr"; + }) + ]; + + # 4.5 + XSA_247_45 = [ + (xsaPatch { + name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; + sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m"; + }) + (xsaPatch { + name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; + sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb"; + }) + ]; + + # 4.5 + XSA_248_45 = [ + (xsaPatch { + name = "248-4.5"; + sha256 = "0csxg6h492ddsa210b45av28iqf7cn2dfdqk4zx10zwf1pv2shyn"; + }) + ]; + + # 4.8 + XSA_248_48 = [ + (xsaPatch { + name = "248-4.8"; + sha256 = "1ycw29q22ymxg18kxpr5p7vhpmp8klssbp5gq77hspxzz2mb96q1"; + }) + ]; + + # 4.5 .. 4.9 + XSA_249 = [ + (xsaPatch { + name = "249"; + sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl"; + }) + ]; + # 4.5 + XSA_250_45 = [ + (xsaPatch { + name = "250-4.5"; + sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d"; + }) + ]; + # 4.8 ... + XSA_250 = [ + (xsaPatch { + name = "250"; + sha256 = "1wpigg8kmha57sspqqln3ih9nbczsw6rx3v72mc62lh62qvwd7x8"; + }) + ]; + # 4.5 + XSA_251_45 = [ + (xsaPatch { + name = "251-4.5"; + sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm"; + }) + ]; + # 4.8 + XSA_251_48 = [ + (xsaPatch { + name = "251-4.8"; + sha256 = "079wi0j6iydid2zj7k584w2c393kgh588w7sjz2nn4039qn8k9mq"; + }) + ]; + # 4.8 + XSA_252_49 = [ + (xsaPatch { + name = "252-4.9"; + sha256 = "03sbn90nlkk5ba1n168rxjkc7x3mqj7rfqvspbwblmwikfbnms2n"; + }) + ]; + # 4.8 + XSA_255_49_1= [ + (xsaPatch { + name = "255-4.9-1"; + sha256 = "0gbin7yxbkq40lvm3gvj1vffavvbng3zpd2m8l1kqyz0rv4vm9zc"; + }) + ]; + # 4.8 + XSA_255_49_2= [ + (xsaPatch { + name = "255-4.9-2"; + sha256 = "0fyg5nnyfpfr80qq83pr64zjp5w1nx94bdblzsjap8gaqcahyr12"; + }) + ]; + # 4.8 + XSA_256_48= [ + (xsaPatch { + name = "256-4.8"; + sha256 = "1w84f717kxwx0h3rw18r4f8pl0l1h5xlj5fy80sr0ws4xkp1qdn4"; + }) + ]; + + + # 4.10 + XSA_252 = [ + (xsaPatch { + name = "252"; + sha256 = "0v4sg20dnvnwrjh3x69gk81v2kmcql7g2s044vg3wcxhzvij1rrn"; + }) + ]; + + # 4.10 + XSA_253 = [ + (xsaPatch { + name = "253"; + sha256 = "0445vzlzy3gd499xraqh5r4qjar6qr0y3813h22jy1n84nhxz27i"; + }) + ]; + + # 4.10 + XSA_255_1 = [ + (xsaPatch { + name = "255-1"; + sha256 = "05g2f3ji1rrjlw3yw4nrns50pnmsib8ybrf64scr1817mj0q9myr"; + }) + ]; + + # 4.10 + XSA_255_2 = [ + (xsaPatch { + name = "255-2"; + sha256 = "08wbngw5z0f9g8di59hww3hhi7j9z49bpc4xlwn5akfcwbgf0961"; + }) + ]; + + # 4.10 + XSA_256 = [ + (xsaPatch { + name = "256"; + sha256 = "1hicwhbwj6k25px55f4ncx1c5xiihi8pfvsb3kv57k7kaicb7pza"; + }) + ]; + +} diff --git a/nixpkgs/pkgs/applications/virtualization/xhyve/default.nix b/nixpkgs/pkgs/applications/virtualization/xhyve/default.nix new file mode 100644 index 000000000000..2a685c590fa8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xhyve/default.nix @@ -0,0 +1,34 @@ +{ stdenv, lib, fetchurl, Hypervisor, vmnet, xpc, libobjc }: + +stdenv.mkDerivation rec { + name = "xhyve-${version}"; + version = "1f1dbe305"; + + src = fetchurl { + url = "https://github.com/mist64/xhyve/archive/1f1dbe3059904f885e4ab2b3328f4bb350ea5c37.tar.gz"; + sha256 = "0hfix8yr90szlv2yyqb2rlq5qsrxyam8kg52sly0adja0cpwfjvx"; + }; + + buildInputs = [ Hypervisor vmnet xpc libobjc ]; + + # Don't use git to determine version + prePatch = '' + substituteInPlace Makefile \ + --replace 'shell git describe --abbrev=6 --dirty --always --tags' "$version" + ''; + + + makeFlags = [ "CFLAGS+=-Wno-shift-sign-overflow" ''CFLAGS+=-DVERSION=\"${version}\"'' ]; + + installPhase = '' + mkdir -p $out/bin + cp build/xhyve $out/bin + ''; + + meta = { + description = "Lightweight Virtualization on macOS Based on bhyve"; + homepage = https://github.com/mist64/xhyve; + maintainers = [ lib.maintainers.lnl7 ]; + platforms = lib.platforms.darwin; + }; +} |