diff options
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox')
8 files changed, 708 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix new file mode 100644 index 000000000000..c320eca0bbee --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix @@ -0,0 +1,236 @@ +{ config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook +, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL +, libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras +, qttools, qtsvg, qtwayland, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43 +, alsaLib, curl, libvpx, nettools, dbus, substituteAll, fetchpatch +# If open-watcom-bin is not passed, VirtualBox will fall back to use +# the shipped alternative sources (assembly). +, open-watcom-bin ? null +, makeself, perl +, javaBindings ? true, jdk ? null # Almost doesn't affect closure size +, pythonBindings ? false, python3 ? null +, extensionPack ? null, fakeroot ? null +, pulseSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio ? null +, enableHardening ? false +, headless ? false +, enable32bitGuests ? true +}: + +with stdenv.lib; + +let + python = python3; + buildType = "release"; + # Use maintainers/scripts/update.nix to update the version and all related hashes or + # change the hashes in extpack.nix and guest-additions/default.nix as well manually. + version = "6.1.14"; + tarballVersion = "${version}a"; + + iasl' = iasl.overrideAttrs (old: rec { + inherit (old) pname; + version = "20190108"; + src = fetchurl { + url = "https://acpica.org/sites/acpica/files/acpica-unix-${version}.tar.gz"; + sha256 = "0bqhr3ndchvfhxb31147z8gd81dysyz5dwkvmp56832d0js2564q"; + }; + NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE + " -Wno-error=stringop-truncation"; + }); +in stdenv.mkDerivation { + pname = "virtualbox"; + inherit version; + + src = fetchurl { + url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${tarballVersion}.tar.bz2"; + sha256 = "16f3cb83ab3c4dacf2a9d3cc638cbd18db23767828bba6b8ba1c1b57abeb6aef"; + }; + + outputs = [ "out" "modsrc" ]; + + nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 ] + ++ optional (!headless) wrapQtAppsHook; + + # Wrap manually because we wrap just a small number of executables. + dontWrapQtApps = true; + + buildInputs = + [ iasl' dev86 libxslt libxml2 xorgproto libX11 libXext libXcursor libIDL + libcap glib lvm2 alsaLib curl libvpx pam makeself perl + libXmu libpng libopus python ] + ++ optional javaBindings jdk + ++ optional pythonBindings python # Python is needed even when not building bindings + ++ optional pulseSupport libpulseaudio + ++ optionals (headless) [ libXrandr libGL ] + ++ optionals (!headless) [ qtbase qtx11extras libXinerama SDL ]; + + hardeningDisable = [ "format" "fortify" "pic" "stackprotector" ]; + + prePatch = '' + set -x + sed -e 's@MKISOFS --version@MKISOFS -version@' \ + -e 's@PYTHONDIR=.*@PYTHONDIR=${if pythonBindings then python else ""}@' \ + -e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++11 \1"@' \ + ${optionalString (!headless) '' + -e 's@TOOLQT5BIN=.*@TOOLQT5BIN="${getDev qtbase}/bin"@' \ + ''} -i configure + ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux.so.2 + ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux-x86-64.so.2 + + grep 'libpulse\.so\.0' src include -rI --files-with-match | xargs sed -i -e ' + ${optionalString pulseSupport + ''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}' + + grep 'libdbus-1\.so\.3' src include -rI --files-with-match | xargs sed -i -e ' + s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g' + + grep 'libasound\.so\.2' src include -rI --files-with-match | xargs sed -i -e ' + s@"libasound\.so\.2"@"${alsaLib.out}/lib/libasound.so.2"@g' + + export USER=nix + set +x + ''; + + patches = + optional enableHardening ./hardened.patch + ++ [ ./extra_symbols.patch ] + # When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees + # the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH. + # This is because VirtualBoxVM would detect that it is wrapped that and refuse to run, + # and also because it would unset QT_PLUGIN_PATH for security reasons. We work around + # these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths, + # after the code that unsets it. Note that qtsvg is included so that SVG icons from + # the user's icon theme can be loaded. + ++ optional (!headless && enableHardening) (substituteAll { + src = ./qt-env-vars.patch; + qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}"; + }) + ++ [ + ./qtx11extras.patch + ]; + + postPatch = '' + sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \ + src/VBox/HostDrivers/adpctl/VBoxNetAdpCtl.cpp + '' + optionalString headless '' + # Fix compile error in version 6.1.6 + substituteInPlace src/VBox/HostServices/SharedClipboard/VBoxSharedClipboardSvc-x11-stubs.cpp \ + --replace PSHCLFORMATDATA PSHCLFORMATS + ''; + + # first line: ugly hack, and it isn't yet clear why it's a problem + configurePhase = '' + NIX_CFLAGS_COMPILE=$(echo "$NIX_CFLAGS_COMPILE" | sed 's,\-isystem ${lib.getDev stdenv.cc.libc}/include,,g') + + cat >> LocalConfig.kmk <<LOCAL_CONFIG + VBOX_WITH_TESTCASES := + VBOX_WITH_TESTSUITE := + VBOX_WITH_VALIDATIONKIT := + VBOX_WITH_DOCS := + VBOX_WITH_WARNINGS_AS_ERRORS := + + VBOX_WITH_ORIGIN := + VBOX_PATH_APP_PRIVATE_ARCH_TOP := $out/share/virtualbox + VBOX_PATH_APP_PRIVATE_ARCH := $out/libexec/virtualbox + VBOX_PATH_SHARED_LIBS := $out/libexec/virtualbox + VBOX_WITH_RUNPATH := $out/libexec/virtualbox + VBOX_PATH_APP_PRIVATE := $out/share/virtualbox + VBOX_PATH_APP_DOCS := $out/doc + ${optionalString javaBindings '' + VBOX_JAVA_HOME := ${jdk} + ''} + ${optionalString (!headless) '' + PATH_QT5_X11_EXTRAS_LIB := ${getLib qtx11extras}/lib + PATH_QT5_X11_EXTRAS_INC := ${getDev qtx11extras}/include + TOOL_QT5_LRC := ${getDev qttools}/bin/lrelease + ''} + LOCAL_CONFIG + + ./configure \ + ${optionalString headless "--build-headless"} \ + ${optionalString (!javaBindings) "--disable-java"} \ + ${optionalString (!pythonBindings) "--disable-python"} \ + ${optionalString (!pulseSupport) "--disable-pulse"} \ + ${optionalString (!enableHardening) "--disable-hardening"} \ + ${optionalString (!enable32bitGuests) "--disable-vmmraw"} \ + ${optionalString (open-watcom-bin != null) "--with-ow-dir=${open-watcom-bin}"} \ + --disable-kmods + sed -e 's@PKG_CONFIG_PATH=.*@PKG_CONFIG_PATH=${libIDL}/lib/pkgconfig:${glib.dev}/lib/pkgconfig ${libIDL}/bin/libIDL-config-2@' \ + -i AutoConfig.kmk + sed -e 's@arch/x86/@@' \ + -i Config.kmk + substituteInPlace Config.kmk --replace "VBOX_WITH_TESTCASES = 1" "#" + ''; + + enableParallelBuilding = true; + + buildPhase = '' + source env.sh + kmk -j $NIX_BUILD_CORES BUILD_TYPE="${buildType}" + ''; + + installPhase = '' + libexec="$out/libexec/virtualbox" + share="${if enableHardening then "$out/share/virtualbox" else "$libexec"}" + + # Install VirtualBox files + mkdir -p "$libexec" + find out/linux.*/${buildType}/bin -mindepth 1 -maxdepth 1 \ + -name src -o -exec cp -avt "$libexec" {} + + + mkdir -p $out/bin + for file in ${optionalString (!headless) "VirtualBox VBoxSDL rdesktop-vrdp"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do + echo "Linking $file to /bin" + test -x "$libexec/$file" + ln -s "$libexec/$file" $out/bin/$file + done + + ${optionalString (extensionPack != null) '' + mkdir -p "$share" + "${fakeroot}/bin/fakeroot" "${stdenv.shell}" <<EXTHELPER + "$libexec/VBoxExtPackHelperApp" install \ + --base-dir "$share/ExtensionPacks" \ + --cert-dir "$share/ExtPackCertificates" \ + --name "Oracle VM VirtualBox Extension Pack" \ + --tarball "${extensionPack}" \ + --sha-256 "${extensionPack.outputHash}" + EXTHELPER + ''} + + ${optionalString (!headless) '' + # Create and fix desktop item + mkdir -p $out/share/applications + sed -i -e "s|Icon=VBox|Icon=$libexec/VBox.png|" $libexec/virtualbox.desktop + ln -sfv $libexec/virtualbox.desktop $out/share/applications + # Icons + mkdir -p $out/share/icons/hicolor + for size in `ls -1 $libexec/icons`; do + mkdir -p $out/share/icons/hicolor/$size/apps + ln -s $libexec/icons/$size/*.png $out/share/icons/hicolor/$size/apps + done + ''} + + cp -rv out/linux.*/${buildType}/bin/src "$modsrc" + ''; + + preFixup = optionalString (!headless) '' + wrapQtApp $out/bin/VirtualBox + '' + # If hardening is disabled, wrap the VirtualBoxVM binary instead of patching + # the source code (see postPatch). + + optionalString (!headless && !enableHardening) '' + wrapQtApp $out/libexec/virtualbox/VirtualBoxVM + ''; + + passthru = { + inherit version; # for guest additions + inherit extensionPack; # for inclusion in profile to prevent gc + updateScript = ./update.sh; + }; + + meta = { + description = "PC emulator"; + license = licenses.gpl2; + homepage = "https://www.virtualbox.org/"; + maintainers = with maintainers; [ sander ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix new file mode 100644 index 000000000000..03b3be7e96e0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -0,0 +1,25 @@ +{fetchurl, lib, virtualbox}: + +with lib; + +let + inherit (virtualbox) version; +in +fetchurl rec { + name = "Oracle_VM_VirtualBox_Extension_Pack-${version}.vbox-extpack"; + url = "https://download.virtualbox.org/virtualbox/${version}/${name}"; + sha256 = + # Manually sha256sum the extensionPack file, must be hex! + # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. + # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS + let value = "b224e796e886b19bce69f0aaedf6ca82bad0ca29c61fb0ed86166efb84356942"; + in assert (builtins.stringLength value) == 64; value; + + meta = { + description = "Oracle Extension pack for VirtualBox"; + license = licenses.virtualbox-puel; + homepage = "https://www.virtualbox.org/"; + maintainers = with maintainers; [ sander cdepillabout ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extra_symbols.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extra_symbols.patch new file mode 100644 index 000000000000..44d3d972cfc2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extra_symbols.patch @@ -0,0 +1,25 @@ +diff --git a/src/VBox/HostDrivers/linux/Makefile b/src/VBox/HostDrivers/linux/Makefile +index 8ba33952..3b8abe60 100644 +--- a/src/VBox/HostDrivers/linux/Makefile ++++ b/src/VBox/HostDrivers/linux/Makefile +@@ -99,17 +99,17 @@ install-vboxdrv: + + install-vboxnetflt: + +@if [ -d vboxnetflt ]; then \ +- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetflt install; \ ++ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetflt/Module.symvers) -C vboxnetflt install; \ + fi + + install-vboxnetadp: + +@if [ -d vboxnetadp ]; then \ +- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetadp install; \ ++ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetadp/Module.symvers) -C vboxnetadp install; \ + fi + + install-vboxpci: + +@if [ -d vboxpci ]; then \ +- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxpci install; \ ++ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxpci/Module.symvers) -C vboxpci install; \ + fi + + install: install-vboxdrv install-vboxnetflt install-vboxnetadp install-vboxpci diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix new file mode 100644 index 000000000000..3937d70e869d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -0,0 +1,166 @@ +{ stdenv, fetchurl, lib, patchelf, cdrkit, kernel, which, makeWrapper +, zlib, xorg, dbus, virtualbox}: + +let + version = virtualbox.version; + xserverVListFunc = builtins.elemAt (stdenv.lib.splitVersion xorg.xorgserver.version); + + # Forced to 1.18 in <nixpkgs/nixos/modules/services/x11/xserver.nix> + # as it even fails to build otherwise. Still, override this even here, + # in case someone does just a standalone build + # (not via videoDrivers = ["vboxvideo"]). + # It's likely to work again in some future update. + xserverABI = let abi = xserverVListFunc 0 + xserverVListFunc 1; + in if abi == "119" || abi == "120" then "118" else abi; + + # Specifies how to patch binaries to make sure that libraries loaded using + # dlopen are found. We grep binaries for specific library names and patch + # RUNPATH in matching binaries to contain the needed library paths. + dlopenLibs = [ + { name = "libdbus-1.so"; pkg = dbus; } + { name = "libXfixes.so"; pkg = xorg.libXfixes; } + { name = "libXrandr.so"; pkg = xorg.libXrandr; } + ]; + +in stdenv.mkDerivation rec { + name = "VirtualBox-GuestAdditions-${version}-${kernel.version}"; + + src = fetchurl { + url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; + sha256 = "dd9f176abb89043c01cea7ec7e20130e76db71bd83beafeb2dc5858d4c9c86cd"; + }; + + KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include"; + + hardeningDisable = [ "pic" ]; + + NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration"; + + nativeBuildInputs = [ patchelf makeWrapper ]; + buildInputs = [ cdrkit ] ++ kernel.moduleBuildDependencies; + + + prePatch = '' + substituteInPlace src/vboxguest-${version}/vboxvideo/vbox_ttm.c \ + --replace "<ttm/" "<drm/ttm/" + ''; + + patchFlags = [ "-p1" "-d" "src/vboxguest-${version}" ]; + + unpackPhase = '' + ${if stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux" then '' + isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run + chmod 755 ./VBoxLinuxAdditions.run + # An overflow leads the is-there-enough-space check to fail when there's too much space available, so fake how much space there is + sed -i 's/\$leftspace/16383/' VBoxLinuxAdditions.run + ./VBoxLinuxAdditions.run --noexec --keep + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + + # Unpack files + cd install + ${if stdenv.hostPlatform.system == "i686-linux" then '' + tar xfvj VBoxGuestAdditions-x86.tar.bz2 + '' + else if stdenv.hostPlatform.system == "x86_64-linux" then '' + tar xfvj VBoxGuestAdditions-amd64.tar.bz2 + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + ''; + + buildPhase = '' + # Build kernel modules. + cd src + find . -type f | xargs sed 's/depmod -a/true/' -i + cd vboxguest-${version} + # Run just make first. If we only did make install, we get symbol warnings during build. + make + cd ../.. + + # Change the interpreter for various binaries + for i in sbin/VBoxService bin/{VBoxClient,VBoxControl} other/mount.vboxsf; do + patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} $i + patchelf --set-rpath ${lib.makeLibraryPath [ stdenv.cc.cc stdenv.cc.libc zlib + xorg.libX11 xorg.libXt xorg.libXext xorg.libXmu xorg.libXfixes xorg.libXrandr xorg.libXcursor ]} $i + done + + for i in lib/VBoxOGL*.so + do + patchelf --set-rpath ${lib.makeLibraryPath [ "$out" + xorg.libXcomposite xorg.libXdamage xorg.libXext xorg.libXfixes ]} $i + done + + # FIXME: Virtualbox 4.3.22 moved VBoxClient-all (required by Guest Additions + # NixOS module) to 98vboxadd-xclient. For now, just work around it: + mv other/98vboxadd-xclient bin/VBoxClient-all + + # Remove references to /usr from various scripts and files + sed -i -e "s|/usr/bin|$out/bin|" other/vboxclient.desktop + sed -i -e "s|/usr/bin|$out/bin|" bin/VBoxClient-all + ''; + + installPhase = '' + # Install kernel modules. + cd src/vboxguest-${version} + make install INSTALL_MOD_PATH=$out KBUILD_EXTRA_SYMBOLS=$PWD/vboxsf/Module.symvers + cd ../.. + + # Install binaries + install -D -m 755 other/mount.vboxsf $out/bin/mount.vboxsf + install -D -m 755 sbin/VBoxService $out/bin/VBoxService + + mkdir -p $out/bin + install -m 755 bin/VBoxClient $out/bin + install -m 755 bin/VBoxControl $out/bin + install -m 755 bin/VBoxClient-all $out/bin + + wrapProgram $out/bin/VBoxClient-all \ + --prefix PATH : "${which}/bin" + + # Don't install VBoxOGL for now + # It seems to be broken upstream too, and fixing it is far down the priority list: + # https://www.virtualbox.org/pipermail/vbox-dev/2017-June/014561.html + # Additionally, 3d support seems to rely on VBoxOGL.so being symlinked from + # libGL.so (which we can't), and Oracle doesn't plan on supporting libglvnd + # either. (#18457) + ## Install OpenGL libraries + #mkdir -p $out/lib + #cp -v lib/VBoxOGL*.so $out/lib + #mkdir -p $out/lib/dri + #ln -s $out/lib/VBoxOGL.so $out/lib/dri/vboxvideo_dri.so + + # Install desktop file + mkdir -p $out/share/autostart + cp -v other/vboxclient.desktop $out/share/autostart + + # Install Xorg drivers + mkdir -p $out/lib/xorg/modules/{drivers,input} + install -m 644 other/vboxvideo_drv_${xserverABI}.so $out/lib/xorg/modules/drivers/vboxvideo_drv.so + ''; + + # Stripping breaks these binaries for some reason. + dontStrip = true; + + # Patch RUNPATH according to dlopenLibs (see the comment there). + postFixup = lib.concatMapStrings (library: '' + for i in $(grep -F ${lib.escapeShellArg library.name} -l -r $out/{lib,bin}); do + origRpath=$(patchelf --print-rpath "$i") + patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ library.pkg ]}" "$i" + done + '') dlopenLibs; + + meta = { + description = "Guest additions for VirtualBox"; + longDescription = '' + Various add-ons which makes NixOS work better as guest OS inside VirtualBox. + This add-on provides support for dynamic resizing of the X Display, shared + host/guest clipboard support and guest OpenGL support. + ''; + license = "GPL"; + maintainers = [ lib.maintainers.sander ]; + platforms = lib.platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch new file mode 100644 index 000000000000..180ea88461ef --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch @@ -0,0 +1,182 @@ +diff --git a/include/iprt/mangling.h b/include/iprt/mangling.h +index c1daa8f..8618371 100644 +--- a/include/iprt/mangling.h ++++ b/include/iprt/mangling.h +@@ -1440,6 +1440,7 @@ + # define RTPathStripSuffix RT_MANGLER(RTPathStripSuffix) + # define RTPathStripFilename RT_MANGLER(RTPathStripFilename) + # define RTPathStripTrailingSlash RT_MANGLER(RTPathStripTrailingSlash) ++# define RTPathSuidDir RT_MANGLER(RTPathSuidDir) + # define RTPathTemp RT_MANGLER(RTPathTemp) + # define RTPathTraverseList RT_MANGLER(RTPathTraverseList) + # define RTPathUnlink RT_MANGLER(RTPathUnlink) +@@ -1478,6 +1479,7 @@ + # define RTProcGetAffinityMask RT_MANGLER(RTProcGetAffinityMask) + # define RTProcGetExecutablePath RT_MANGLER(RTProcGetExecutablePath) + # define RTProcGetPriority RT_MANGLER(RTProcGetPriority) ++# define RTProcGetSuidPath RT_MANGLER(RTProcGetSuidPath) + # define RTProcIsRunningByName RT_MANGLER(RTProcIsRunningByName) + # define RTProcQueryParent RT_MANGLER(RTProcQueryParent) + # define RTProcQueryUsername RT_MANGLER(RTProcQueryUsername) +diff --git a/include/iprt/path.h b/include/iprt/path.h +index 8bd42bc..2c23d3e 100644 +--- a/include/iprt/path.h ++++ b/include/iprt/path.h +@@ -1064,6 +1064,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, + RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath); + + /** ++ * Gets the path to the NixOS setuid wrappers directory. ++ * ++ * @returns iprt status code. ++ * @param pszPath Buffer where to store the path. ++ * @param cchPath Buffer size in bytes. ++ */ ++RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath); ++ ++/** + * Gets the user home directory. + * + * @returns iprt status code. +diff --git a/include/iprt/process.h b/include/iprt/process.h +index 043653e..1070280 100644 +--- a/include/iprt/process.h ++++ b/include/iprt/process.h +@@ -327,6 +327,16 @@ RTR3DECL(const char *) RTProcShortName(void); + RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath); + + /** ++ * Gets the path to the NixOS setuid wrappers directory. ++ * ++ * @returns pszExecPath on success. NULL on buffer overflow or other errors. ++ * ++ * @param pszExecPath Where to store the path. ++ * @param cbExecPath The size of the buffer. ++ */ ++RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath); ++ ++/** + * Daemonize the current process, making it a background process. + * + * The way this work is that it will spawn a detached / backgrounded / +diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +index ce0f288..6193108 100644 +--- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp ++++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +@@ -1502,9 +1502,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo + bool fBad = !fRelaxed || pFsObjState->Stat.st_gid != 2 /*bin*/ || suplibHardenedStrCmp(pszPath, "/usr/lib/iconv"); + # else + NOREF(fRelaxed); +- bool fBad = true; ++ bool fBad = !(fDir && pFsObjState->Stat.st_mode & S_ISVTX && !suplibHardenedStrCmp(pszPath, "/nix/store")); + # endif +- if (fBad) ++ if (fBad && suplibHardenedStrCmp(pszPath, "/nix/store")) + return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo, + "An unknown (and thus untrusted) group has write access to '", pszPath, + "' and we therefore cannot trust the directory content or that of any subdirectory"); +diff --git a/src/VBox/Main/src-server/generic/NetIf-generic.cpp b/src/VBox/Main/src-server/generic/NetIf-generic.cpp +index 98dc91a..43a819f 100644 +--- a/src/VBox/Main/src-server/generic/NetIf-generic.cpp ++++ b/src/VBox/Main/src-server/generic/NetIf-generic.cpp +@@ -47,7 +47,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char + const char *args[] = { NULL, pcszIfName, pszAddr, pszOption, pszMask, NULL }; + + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); + if (RT_FAILURE(rc)) + { + LogRel(("NetIfAdpCtl: failed to get program path, rc=%Rrc.\n", rc)); +@@ -89,7 +89,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch + int NetIfAdpCtlOut(const char * pcszName, const char * pcszCmd, char *pszBuffer, size_t cBufSize) + { + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); + if (RT_FAILURE(rc)) + { + LogRel(("NetIfAdpCtlOut: Failed to get program path, rc=%Rrc\n", rc)); +@@ -201,7 +201,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox, + progress.queryInterfaceTo(aProgress); + + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add")); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add")); + if (RT_FAILURE(rc)) + { + progress->i_notifyComplete(E_FAIL, +diff --git a/src/VBox/Runtime/r3/path.cpp b/src/VBox/Runtime/r3/path.cpp +index 944848e..744a261 100644 +--- a/src/VBox/Runtime/r3/path.cpp ++++ b/src/VBox/Runtime/r3/path.cpp +@@ -81,6 +81,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath) + } + + ++RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath) ++{ ++ return RTStrCopy(pszPath, cchPath, "/run/wrappers/bin"); ++} ++ ++ + RTDECL(int) RTPathAppPrivateNoArch(char *pszPath, size_t cchPath) + { + #if !defined(RT_OS_WINDOWS) && defined(RTPATH_APP_PRIVATE) +diff --git a/src/VBox/Runtime/r3/process.cpp b/src/VBox/Runtime/r3/process.cpp +index 2aab645..9795f21 100644 +--- a/src/VBox/Runtime/r3/process.cpp ++++ b/src/VBox/Runtime/r3/process.cpp +@@ -111,6 +111,26 @@ RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath) + return NULL; + } + ++/* ++ * Note the / at the end! This is important, because the functions using this ++ * will cut off everything after the rightmost / as this function is analogous ++ * to RTProcGetExecutablePath(). ++ */ ++#define SUIDDIR "/run/wrappers/bin/" ++ ++RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath) ++{ ++ if (cbExecPath >= sizeof(SUIDDIR)) ++ { ++ memcpy(pszExecPath, SUIDDIR, sizeof(SUIDDIR)); ++ pszExecPath[sizeof(SUIDDIR)] = '\0'; ++ return pszExecPath; ++ } ++ ++ AssertMsgFailed(("Buffer too small (%zu <= %zu)\n", cbExecPath, sizeof(SUIDDIR))); ++ return NULL; ++} ++ + + RTR3DECL(const char *) RTProcShortName(void) + { +diff --git a/src/VBox/Main/src-server/NetworkServiceRunner.cpp b/src/VBox/Main/src-server/NetworkServiceRunner.cpp +index 2e57690..3272c84 100644 +--- a/src/VBox/Main/src-server/NetworkServiceRunner.cpp ++++ b/src/VBox/Main/src-server/NetworkServiceRunner.cpp +@@ -188,7 +188,7 @@ int NetworkServiceRunner::start(bool aKillProcessOnStop) + * ASSUME it is relative to the directory that holds VBoxSVC. + */ + char szExePath[RTPATH_MAX]; +- AssertReturn(RTProcGetExecutablePath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG); ++ AssertReturn(RTProcGetSuidPath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG); + RTPathStripFilename(szExePath); + int vrc = RTPathAppend(szExePath, sizeof(szExePath), m->pszProcName); + AssertLogRelRCReturn(vrc, vrc); +diff --git a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp +index 2991d3a7..d042a08b 100644 +--- a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp ++++ b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp +@@ -90,7 +90,7 @@ int MachineLaunchVMCommonWorker(const Utf8Str &aNameOrId, + + /* Get the path to the executable directory w/ trailing slash: */ + char szPath[RTPATH_MAX]; +- int vrc = RTPathAppPrivateArch(szPath, sizeof(szPath)); ++ int vrc = RTStrCopy(szPath, sizeof(szPath) - 1, "/run/wrappers/bin"); + AssertRCReturn(vrc, vrc); + size_t cbBufLeft = RTPathEnsureTrailingSeparator(szPath, sizeof(szPath)); + AssertReturn(cbBufLeft > 0, VERR_FILENAME_TOO_LONG); diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch new file mode 100644 index 000000000000..ad1d1fd11f87 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch @@ -0,0 +1,14 @@ +--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp ++++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp +@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp) + /** @todo Call NT API to do the same. */ + #endif + } ++ ++ /* ++ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins. ++ */ ++ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1); + } + + diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch new file mode 100644 index 000000000000..a3aa98b081d1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch @@ -0,0 +1,16 @@ +diff --git a/kBuild/units/qt5.kmk b/kBuild/units/qt5.kmk +index 71b96a3..73391f0 100644 +--- a/kBuild/units/qt5.kmk ++++ b/kBuild/units/qt5.kmk +@@ -1054,9 +1054,9 @@ else + $(eval $(target)_LIBS += $(PATH_SDK_QT5_LIB)/$(qt_prefix)qtmain$(qt_infix)$(SUFF_LIB) ) + endif + else +- $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT5_LIB)/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) ++ $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(if $(filter X11Extras,$(module)),$(PATH_QT5_X11_EXTRAS_LIB),$(PATH_SDK_QT5_LIB))/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) + endif +- $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) ) ++ $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) $(PATH_QT5_X11_EXTRAS_INC)/QtX11Extras ) + endif + $(eval $(target)_DEFS += $(foreach module,$(toupper $(qt_modules)), QT_$(module)_LIB) ) + diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/update.sh b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/update.sh new file mode 100755 index 000000000000..fcd02ae8a27b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/update.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl common-updater-scripts nix-prefetch-scripts jq + +set -xeuo pipefail + +nixpkgs="$(git rev-parse --show-toplevel)" + +attr=virtualbox +oldVersion="$(nix-instantiate --eval -E "with import $nixpkgs {}; $attr.version or (builtins.parseDrvName $attr.name).version" | tr -d '"')" +latestVersion="$(curl -sS https://download.virtualbox.org/virtualbox/LATEST.TXT)" + +function fileShaSum() { + echo "$1" | grep -w $2 | cut -f1 -d' ' +} +function oldHash() { + nix-instantiate --eval --strict -A "$1.drvAttrs.outputHash" | tr -d '"' +} +function nixFile() { + nix-instantiate --eval --strict -A "${1}.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/' +} + +if [ ! "$oldVersion" = "$latestVersion" ]; then + shaSums=$(curl -sS https://download.virtualbox.org/virtualbox/$latestVersion/SHA256SUMS) + + virtualBoxShaSum=$(fileShaSum "$shaSums" "VirtualBox-$latestVersion.tar.bz2") + extpackShaSum=$(fileShaSum "$shaSums" "Oracle_VM_VirtualBox_Extension_Pack-$latestVersion.vbox-extpack") + guestAdditionsShaSum=$(fileShaSum "$shaSums" "*VBoxGuestAdditions_$latestVersion.iso") + + virtualboxNixFile=$(nixFile ${attr}) + extpackNixFile=$(nixFile ${attr}Extpack) + guestAdditionsNixFile=$(nixFile linuxPackages.${attr}GuestAdditions) + + extpackOldShaSum=$(oldHash ${attr}Extpack) + guestAdditionsOldShaSum=$(oldHash linuxPackages.${attr}GuestAdditions.src) + + update-source-version $attr $latestVersion $virtualBoxShaSum + sed -i -e 's|value = "'$extpackOldShaSum'"|value = "'$extpackShaSum'"|' $extpackNixFile + sed -i -e 's|sha256 = "'$guestAdditionsOldShaSum'"|sha256 = "'$guestAdditionsShaSum'"|' $guestAdditionsNixFile + + git add $virtualboxNixFile $extpackNixFile $guestAdditionsNixFile + git commit -m "$attr: ${oldVersion} -> ${latestVersion}" +else + echo "$attr is already up-to-date" +fi |