diff options
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/applications/virtualization')
31 files changed, 320 insertions, 410 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix index 94d0ae94dbde..6301182771fb 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, edk2, utillinux, nasm, iasl +{ stdenv, lib, edk2, util-linux, nasm, iasl , csmSupport ? false, seabios ? null , secureBoot ? false }: @@ -24,7 +24,7 @@ edk2.mkDerivation projectDscPath { outputs = [ "out" "fd" ]; - buildInputs = [ utillinux nasm iasl ]; + buildInputs = [ util-linux nasm iasl ]; hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ]; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix index a7e8260765fe..d6cbc25d883b 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { - version = "0.19"; + version = "0.20"; pname = "charliecloud"; src = fetchFromGitHub { owner = "hpc"; repo = "charliecloud"; rev = "v${version}"; - sha256 = "1rmvm0s1jdpzfg32b3hwsbdkzws7gsy4xq227hmzv3n2dv64svm6"; + sha256 = "15ihffwhpjnzgz0ir5vc9la4fwkqj91vmrcsb2r58ikq7h9sk45j"; }; nativeBuildInputs = [ autoreconfHook makeWrapper ]; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/containerd/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/containerd/default.nix index eded437a62db..cece3cc6b673 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/containerd/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/containerd/default.nix @@ -1,24 +1,24 @@ -{ lib, fetchFromGitHub, buildGoPackage, btrfs-progs, go-md2man, installShellFiles, utillinux }: +{ lib, fetchFromGitHub, buildGoPackage, btrfs-progs, go-md2man, installShellFiles, util-linux, nixosTests }: with lib; buildGoPackage rec { pname = "containerd"; - version = "1.4.1"; + version = "1.4.3"; # git commit for the above version's tag - commit = "7ad184331fa3e55e52b890ea95e65ba581ae3429"; + commit = "269548fa27e0089a8b8278fc4fc781d7f65a939b"; src = fetchFromGitHub { owner = "containerd"; repo = "containerd"; rev = "v${version}"; - sha256 = "1k6dqaidnldf7kpxdszf0wn6xb8m6vaizm2aza81fri1q0051213"; + sha256 = "09xvhjg5f8h90w1y94kqqnqzhbhd62dcdd9wb9sdqakisjk6zrl0"; }; goPackagePath = "github.com/containerd/containerd"; outputs = [ "out" "man" ]; - nativeBuildInputs = [ go-md2man installShellFiles utillinux ]; + nativeBuildInputs = [ go-md2man installShellFiles util-linux ]; buildInputs = [ btrfs-progs ]; @@ -42,6 +42,8 @@ buildGoPackage rec { installManPage man/*.[1-9] ''; + passthru.tests = { inherit (nixosTests) docker; }; + meta = { homepage = "https://containerd.io/"; description = "A daemon to control runC"; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/cri-o/wrapper.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/cri-o/wrapper.nix index 6d72623d86cb..5aca291a6018 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/cri-o/wrapper.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/cri-o/wrapper.nix @@ -7,7 +7,7 @@ , runc # Default container runtime , crun # Container runtime (default with cgroups v2 for podman/buildah) , conmon # Container runtime monitor -, utillinux # nsenter +, util-linux # nsenter , cni-plugins # not added to path , iptables }: @@ -19,7 +19,7 @@ let runc crun conmon - utillinux + util-linux iptables ] ++ extraPackages); diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/crun/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/crun/default.nix index e52401ba35fc..ef506c01cfb6 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/crun/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/crun/default.nix @@ -35,13 +35,13 @@ let in stdenv.mkDerivation rec { pname = "crun"; - version = "0.15"; + version = "0.16"; src = fetchFromGitHub { owner = "containers"; repo = pname; rev = version; - sha256 = "0cqzk2lm1w0g2v6qhiliq565cf4p7hzh839jb01p3i5cr9kx11kc"; + sha256 = "03547axiwv161sbymh2vxqx591xr4nq6b9y8y45m15xvfv0f7vl8"; fetchSubmodules = true; }; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix index 058f6fd8ccca..84e0135f665b 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix @@ -40,6 +40,6 @@ buildGoPackage rec { description = "Minify and secure Docker containers"; homepage = "https://dockersl.im/"; license = licenses.asl20; - maintainers = with maintainers; [ filalex77 marsam mbrgm ]; + maintainers = with maintainers; [ Br1ght0ne marsam mbrgm ]; }; } diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker/default.nix index a1d48b0588a6..1d55744efb49 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/docker/default.nix @@ -1,9 +1,10 @@ { stdenv, lib, fetchFromGitHub, fetchpatch, buildGoPackage -, makeWrapper, removeReferencesTo, installShellFiles, pkgconfig +, makeWrapper, installShellFiles, pkgconfig , go-md2man, go, containerd, runc, docker-proxy, tini, libtool , sqlite, iproute, lvm2, systemd -, btrfs-progs, iptables, e2fsprogs, xz, utillinux, xfsprogs, git +, btrfs-progs, iptables, e2fsprogs, xz, util-linux, xfsprogs, git , procps, libseccomp +, nixosTests }: with lib; @@ -29,15 +30,20 @@ rec { patches = []; }); - docker-containerd = containerd.overrideAttrs (oldAttrs: { + docker-containerd = let + withlibseccomp = lib.versionAtLeast version "19.03"; + in containerd.overrideAttrs (oldAttrs: { name = "docker-containerd-${version}"; inherit version; src = fetchFromGitHub { - owner = "docker"; + owner = "containerd"; repo = "containerd"; rev = containerdRev; sha256 = containerdSha256; }; + # This should be removed once Docker uses containerd >=1.4 + nativeBuildInputs = oldAttrs.nativeBuildInputs ++ lib.optional withlibseccomp pkgconfig; + buildInputs = oldAttrs.buildInputs ++ lib.optional withlibseccomp libseccomp; }); docker-tini = tini.overrideAttrs (oldAttrs: { @@ -89,7 +95,7 @@ rec { goPackagePath = "github.com/docker/docker-ce"; - nativeBuildInputs = [ pkgconfig go-md2man go libtool removeReferencesTo installShellFiles ]; + nativeBuildInputs = [ pkgconfig go-md2man go libtool installShellFiles ]; buildInputs = [ makeWrapper ] ++ optionals (stdenv.isLinux) [ @@ -134,7 +140,7 @@ rec { outputs = ["out" "man"]; - extraPath = optionals (stdenv.isLinux) (makeBinPath [ iproute iptables e2fsprogs xz xfsprogs procps utillinux git ]); + extraPath = optionals (stdenv.isLinux) (makeBinPath [ iproute iptables e2fsprogs xz xfsprogs procps util-linux git ]); installPhase = '' cd ./go/src/${goPackagePath} @@ -179,11 +185,7 @@ rec { installManPage man/*/*.[1-9] ''; - preFixup = '' - find $out -type f -exec remove-references-to -t ${stdenv.cc.cc} '{}' + - '' + optionalString (stdenv.isLinux) '' - find $out -type f -exec remove-references-to -t ${stdenv.glibc.dev} '{}' + - ''; + passthru.tests = { inherit (nixosTests) docker; }; meta = { homepage = "https://www.docker.com/"; @@ -210,13 +212,14 @@ rec { }; docker_19_03 = makeOverridable dockerGen rec { - version = "19.03.12"; + version = "19.03.14"; rev = "v${version}"; - sha256 = "0i5xr8q3yjrz5zsjcq63v4g1mzqpingjr1hbf9amk14484i2wkw7"; + sha256 = "0szr5dgfrypb5kyj5l1rf7rw4iqj0d0cyx6skdqlbgf4dqwa6g9y"; runcRev = "dc9208a3303feef5b3839f4323d9beb36df0a9dd"; # v1.0.0-rc10 runcSha256 = "0pi3rvj585997m4z9ljkxz2z9yxf9p2jr0pmqbqrc7bc95f5hagk"; - containerdRev = "7ad184331fa3e55e52b890ea95e65ba581ae3429"; # v1.2.13 - containerdSha256 = "1rac3iak3jpz57yarxc72bxgxvravwrl0j6s6w2nxrmh2m3kxqzn"; + # Note: Once all packaged Docker versions use containerd <=1.2 or >=1.4 remove the libseccomp and pkgconfig inputs above + containerdRev = "ea765aba0d05254012b0b9e595e995c09186427f"; # v1.3.9 + containerdSha256 = "1isi1wgq61b4l0lxy1d8n6dnmcb8s5ihn2yqjb6525y3dj5c5i1j"; tiniRev = "fec3683b971d9c3ef73f284f176672c44b448662"; # v0.18.0 tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix index c7be90222c2e..5e1bc9489d3f 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "dumb-init"; - version = "1.2.2"; + version = "1.2.3"; src = fetchFromGitHub { owner = "Yelp"; repo = pname; rev = "v${version}"; - sha256 = "15hgl8rz5dmrl5gx21sq5269l1hq539qn68xghjx0bv9hgbx0g20"; + sha256 = "1ws944y8gch6h7iqvznfwlh9hnmdn36aqh9w6cbc7am8vbyq0ffa"; }; buildInputs = [ glibc.static ]; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix index 9513457d86d3..98b95fa2bec3 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix @@ -1,7 +1,7 @@ { fetchurl, stdenv }: let - version = "0.22.0"; + version = "0.23.0"; suffix = { x86_64-linux = "x86_64"; @@ -15,13 +15,13 @@ let }; firecracker-bin = fetchbin "firecracker" { - x86_64-linux = "1jl7cmw53fbykcji8a0bkdy82mgpfr8km3ab6iwsrswvahh4srx7"; - aarch64-linux = "15vi6441gr4jy0698ifashgv1ic7iz0kbm7c28m2jd8z08p6bnlz"; + x86_64-linux = "11h6qkq55y1w0mlkfkbnpxxai73rzxkiz07i747m7a9azbrmldp8"; + aarch64-linux = "0zyx7md54w0fhqk1anfyjfdqrkg2mjyy17y9jk17p34yrw8j9y29"; }; jailer-bin = fetchbin "jailer" { - x86_64-linux = "0wir7fi1iqvw02908axfaqzp9q5qyg4yk5jicp8s493iz3vhm9h7"; - aarch64-linux = "1l3yc9j27vxfyn89xmxi1ir635v7l8ikwpw9a30dhh50wa3rm4jy"; + x86_64-linux = "15slr2azqvyqlhvlh7zk1n0rkfq282kj0pllp19r0yl1w8ns1gw5"; + aarch64-linux = "1d92jhd6fb7w7ciz15rcfp8jf74r2503w2fl1b6pznpc8h4qscfd"; }; in diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix index a0ec55dd895b..74370aafa40e 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix @@ -1,36 +1,30 @@ -{ stdenv, fetchFromGitHub, fetchpatch -, cmake, pkgconfig, SDL2, SDL, SDL2_ttf, openssl, spice-protocol, fontconfig -, libX11, freefont_ttf, nettle, libconfig, wayland, libpthreadstubs, libXdmcp -, libXfixes, libbfd +{ stdenv, fetchFromGitHub, cmake, pkgconfig, SDL2, SDL2_ttf, spice-protocol +, fontconfig, libX11, freefont_ttf, nettle, libpthreadstubs, libXau, libXdmcp +, libXi, libXext, wayland, libffi, libGLU, expat, libbfd }: stdenv.mkDerivation rec { pname = "looking-glass-client"; - version = "B1"; + version = "B2"; src = fetchFromGitHub { owner = "gnif"; repo = "LookingGlass"; rev = version; - sha256 = "0vykv7yjz4fima9d82m83acd8ab72nq4wyzyfs1c499i27wz91ia"; + sha256 = "100b5kzh8gr81kzw5fdqz2jsms25hv3815d31vy3qd6lrlm5gs3d"; + fetchSubmodules = true; }; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ - SDL SDL2 SDL2_ttf openssl spice-protocol fontconfig - libX11 freefont_ttf nettle libconfig wayland libpthreadstubs - libXdmcp libXfixes libbfd cmake + SDL2 SDL2_ttf spice-protocol fontconfig libX11 freefont_ttf nettle + libpthreadstubs libXau libXdmcp libXi libXext wayland libffi libGLU expat + libbfd ]; - enableParallelBuilding = true; - sourceRoot = "source/client"; - - installPhase = '' - mkdir -p $out/bin - mv looking-glass-client $out/bin - ''; + NIX_CFLAGS_COMPILE = "-mavx"; # Fix some sort of AVX compiler problem. meta = with stdenv.lib; { description = "A KVM Frame Relay (KVMFR) implementation"; @@ -41,9 +35,9 @@ stdenv.mkDerivation rec { step required to move away from dual booting with other operating systems for legacy programs that require high performance graphics. ''; - homepage = "https://looking-glass.hostfission.com/"; + homepage = "https://looking-glass.io/"; license = licenses.gpl2Plus; - maintainers = [ maintainers.alexbakker ]; + maintainers = with maintainers; [ alexbakker ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/avoid-static-libtirpc-build.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/avoid-static-libtirpc-build.patch new file mode 100644 index 000000000000..d3f207de00b2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/avoid-static-libtirpc-build.patch @@ -0,0 +1,21 @@ +diff --git a/Makefile b/Makefile +index 0070ada..802cef0 100644 +--- a/Makefile ++++ b/Makefile +@@ -202,7 +202,7 @@ $(BIN_NAME): $(BIN_OBJS) + ##### Public rules ##### + + all: CPPFLAGS += -DNDEBUG +-all: shared static tools ++all: shared tools + + # Run with ASAN_OPTIONS="protect_shadow_gap=0" to avoid CUDA OOM errors + debug: CFLAGS += -pedantic -fsanitize=undefined -fno-omit-frame-pointer -fno-common -fsanitize=address +@@ -232,7 +232,6 @@ install: all + # Install header files + $(INSTALL) -m 644 $(LIB_INCS) $(DESTDIR)$(includedir) + # Install library files +- $(INSTALL) -m 644 $(LIB_STATIC) $(DESTDIR)$(libdir) + $(INSTALL) -m 755 $(LIB_SHARED) $(DESTDIR)$(libdir) + $(LN) -sf $(LIB_SONAME) $(DESTDIR)$(libdir)/$(LIB_SYMLINK) + $(LDCONFIG) -n $(DESTDIR)$(libdir) diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix index 5b97d7fffa29..6079f215ec80 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix @@ -1,17 +1,23 @@ -{ stdenv, lib, fetchFromGitHub, pkgconfig, libelf, libcap, libseccomp }: - -with lib; let - +{ stdenv +, lib +, fetchFromGitHub +, pkgconfig +, libelf +, libcap +, libseccomp +, rpcsvc-proto +, libtirpc +}: +let modp-ver = "396.51"; - nvidia-modprobe = fetchFromGitHub { owner = "NVIDIA"; repo = "nvidia-modprobe"; rev = modp-ver; sha256 = "1fw2qwc84k64agw6fx2v0mjf88aggph9c6qhs4cv7l3gmflv8qbk"; }; - -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "libnvidia-container"; version = "1.0.6"; @@ -22,19 +28,32 @@ in stdenv.mkDerivation rec { sha256 = "1pnpc9knwh8d1zqb28zc3spkjc00w0z10vd3jna8ksvpl35jl7w3"; }; - # locations of nvidia-driver libraries are not resolved via ldconfig which - # doesn't get used on NixOS. Additional support binaries like nvidia-smi are - # not resolved via the environment PATH but via the derivation output path. - patches = [ ./libnvc-ldconfig-and-path-fixes.patch ]; + patches = [ + # locations of nvidia-driver libraries are not resolved via ldconfig which + # doesn't get used on NixOS. Additional support binaries like nvidia-smi + # are not resolved via the environment PATH but via the derivation output + # path. + ./libnvc-ldconfig-and-path-fixes.patch + + # the libnvidia-container Makefile wants to build and install static + # libtirpc libraries; this patch prevents that from happening + ./avoid-static-libtirpc-build.patch + ]; makeFlags = [ "WITH_LIBELF=yes" "prefix=$(out)" + # we can't use the WITH_TIRPC=yes flag that exists in the Makefile for the + # same reason we patch out the static library use of libtirpc so we set the + # define in CFLAGS + "CFLAGS=-DWITH_TIRPC" ]; postPatch = '' - sed -i 's/^REVISION :=.*/REVISION = ${src.rev}/' mk/common.mk - sed -i 's/^COMPILER :=.*/COMPILER = $(CC)/' mk/common.mk + sed -i \ + -e 's/^REVISION :=.*/REVISION = ${src.rev}/' \ + -e 's/^COMPILER :=.*/COMPILER = $(CC)/' \ + mk/common.mk mkdir -p deps/src/nvidia-modprobe-${modp-ver} cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modp-ver} @@ -42,11 +61,14 @@ in stdenv.mkDerivation rec { touch deps/src/nvidia-modprobe-${modp-ver}/.download_stamp ''; - nativeBuildInputs = [ pkgconfig ]; + NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ]; + NIX_LDFLAGS = [ "-L${libtirpc.dev}/lib" "-ltirpc" ]; + + nativeBuildInputs = [ pkgconfig rpcsvc-proto ]; - buildInputs = [ libelf libcap libseccomp ]; + buildInputs = [ libelf libcap libseccomp libtirpc ]; - meta = { + meta = with lib; { homepage = "https://github.com/NVIDIA/libnvidia-container"; description = "NVIDIA container runtime library"; license = licenses.bsd3; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix index df9a89293f2c..4cdce2172a21 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix @@ -1,18 +1,18 @@ { stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook, - fuse, libmspack, openssl, pam, xercesc, icu, libdnet, procps, + fuse, libmspack, openssl, pam, xercesc, icu, libdnet, procps, libtirpc, rpcsvc-proto, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst, pkgconfig, glib, gdk-pixbuf-xlib, gtk3, gtkmm3, iproute, dbus, systemd, which, withX ? true }: stdenv.mkDerivation rec { pname = "open-vm-tools"; - version = "11.1.0"; + version = "11.2.0"; src = fetchFromGitHub { owner = "vmware"; repo = "open-vm-tools"; rev = "stable-${version}"; - sha256 = "1wyiz8j5b22ajrr1fh9cn55lsgd5g13q0i8wvk2a0yw0vaw1883s"; + sha256 = "125y3zdhj353dmmjmssdaib2zp1jg5aiqmvpgkrzhnh5nx2icfv6"; }; sourceRoot = "${src.name}/open-vm-tools"; @@ -20,14 +20,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; nativeBuildInputs = [ autoreconfHook makeWrapper pkgconfig ]; - buildInputs = [ fuse glib icu libdnet libmspack openssl pam procps xercesc ] + buildInputs = [ fuse glib icu libdnet libmspack libtirpc openssl pam procps rpcsvc-proto xercesc ] ++ lib.optionals withX [ gdk-pixbuf-xlib gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ]; - patches = [ - ./recognize_nixos.patch - ./find_gdk_pixbuf_xlib.patch #See https://github.com/vmware/open-vm-tools/pull/438 - ]; - postPatch = '' # Build bugfix for 10.1.0, stolen from Arch PKGBUILD mkdir -p common-agent/etc/config diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/find_gdk_pixbuf_xlib.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/find_gdk_pixbuf_xlib.patch deleted file mode 100644 index 6606c50e77d9..000000000000 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/find_gdk_pixbuf_xlib.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/lib/appUtil/Makefile.am b/lib/appUtil/Makefile.am -index a0d8e391..899cd4e9 100644 ---- a/lib/appUtil/Makefile.am -+++ b/lib/appUtil/Makefile.am -@@ -21,4 +21,6 @@ libAppUtil_la_SOURCES = - libAppUtil_la_SOURCES += appUtil.c - libAppUtil_la_SOURCES += appUtilX11.c - --AM_CFLAGS = @GTK_CPPFLAGS@ -+AM_CFLAGS = -+AM_CFLAGS += @GTK_CPPFLAGS@ -+AM_CFLAGS += @GDK_PIXBUF_XLIB2_CPPFLAGS@ diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch deleted file mode 100644 index 95b0951b5853..000000000000 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/lib/include/guest_os.h b/lib/include/guest_os.h -index 868dec68..0b9a2ad7 100644 ---- a/lib/include/guest_os.h -+++ b/lib/include/guest_os.h -@@ -278,6 +278,7 @@ Bool Gos_InSetArray(uint32 gos, const uint32 *set); - #define STR_OS_MANDRAKE_FULL "Mandrake Linux" - #define STR_OS_MANDRIVA "mandriva" - #define STR_OS_MKLINUX "MkLinux" -+#define STR_OS_NIXOS "NixOS" - #define STR_OS_NOVELL "nld9" - #define STR_OS_NOVELL_FULL "Novell Linux Desktop 9" - #define STR_OS_ORACLE6 "oraclelinux6" -diff --git a/lib/misc/hostinfoPosix.c b/lib/misc/hostinfoPosix.c -index 348a67ec..5f8beb2b 100644 ---- a/lib/misc/hostinfoPosix.c -+++ b/lib/misc/hostinfoPosix.c -@@ -203,6 +203,7 @@ static const DistroInfo distroArray[] = { - { "Mandrake", "/etc/mandrake-release" }, - { "Mandriva", "/etc/mandriva-release" }, - { "MkLinux", "/etc/mklinux-release" }, -+ { "NixOS", "/etc/os-release" }, - { "Novell", "/etc/nld-release" }, - { "OracleLinux", "/etc/oracle-release" }, - { "Photon", "/etc/lsb-release" }, -@@ -865,6 +866,8 @@ HostinfoGetOSShortName(const char *distro, // IN: full distro name - } - } else if (strstr(distroLower, "mandrake")) { - Str_Strcpy(distroShort, STR_OS_MANDRAKE, distroShortSize); -+ } else if (strstr(distroLower, "nixos")) { -+ Str_Strcpy(distroShort, STR_OS_NIXOS, distroShortSize); - } else if (strstr(distroLower, "turbolinux")) { - Str_Strcpy(distroShort, STR_OS_TURBO, distroShortSize); - } else if (strstr(distroLower, "sun")) { diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/default.nix index b05149fd1500..dd56efe60f83 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/default.nix @@ -16,13 +16,13 @@ buildGoModule rec { pname = "podman"; - version = "2.1.1"; + version = "2.2.0"; src = fetchFromGitHub { owner = "containers"; repo = "podman"; rev = "v${version}"; - sha256 = "0cy842wlyasxlxnwxkwhwgj148s30kfxnhgxa6ar26fly432aa68"; + sha256 = "13na6ms0dapcmfb4pg8z3sds9nprr1lyyjs0v2izqifcyb1r1c00"; }; vendorSha256 = null; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix index d97d182496a4..863888227b37 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix @@ -9,7 +9,7 @@ , conmon # Container runtime monitor , slirp4netns # User-mode networking for unprivileged namespaces , fuse-overlayfs # CoW for images, much faster than default vfs -, utillinux # nsenter +, util-linux # nsenter , cni-plugins # not added to path , iptables }: @@ -23,7 +23,7 @@ let conmon slirp4netns fuse-overlayfs - utillinux + util-linux iptables ] ++ extraPackages); diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch new file mode 100644 index 000000000000..fa708b298365 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch @@ -0,0 +1,43 @@ +From 6d19c0cc6c5a9bba308fc29d7c0edc2dc372c41b Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Wed, 21 Oct 2020 11:35:50 +0530 +Subject: [PATCH] net: remove an assert call in eth_get_gso_type + +eth_get_gso_type() routine returns segmentation offload type based on +L3 protocol type. It calls g_assert_not_reached if L3 protocol is +unknown, making the following return statement unreachable. Remove the +g_assert call, it maybe triggered by a guest user. + +Reported-by: Gaoning Pan <pgn@zju.edu.cn> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +--- + net/eth.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/net/eth.c b/net/eth.c +index 0c1d413ee2..eee77071f9 100644 +--- a/net/eth.c ++++ b/net/eth.c +@@ -16,6 +16,7 @@ + */ + + #include "qemu/osdep.h" ++#include "qemu/log.h" + #include "net/eth.h" + #include "net/checksum.h" + #include "net/tap.h" +@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t l4proto) + return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state; + } + } +- +- /* Unsupported offload */ +- g_assert_not_reached(); ++ qemu_log_mask(LOG_GUEST_ERROR, "%s: probably not GSO frame, " ++ "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto); + + return VIRTIO_NET_HDR_GSO_NONE | ecn_state; + } +-- +2.28.0 + diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix index 535f83711534..5d4b891ad5de 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix @@ -1,17 +1,19 @@ { stdenv, fetchurl, fetchpatch, python, zlib, pkgconfig, glib -, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex +, perl, pixman, vde2, alsaLib, texinfo, flex , bison, lzo, snappy, libaio, gnutls, nettle, curl , makeWrapper , attr, libcap, libcap_ng , CoreServices, Cocoa, Hypervisor, rez, setfile , numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl , seccompSupport ? stdenv.isLinux, libseccomp -, pulseSupport ? !stdenv.isDarwin, libpulseaudio -, sdlSupport ? !stdenv.isDarwin, SDL2 -, gtkSupport ? !stdenv.isDarwin && !xenSupport, gtk3, gettext, vte, wrapGAppsHook -, vncSupport ? true, libjpeg, libpng -, smartcardSupport ? true, libcacard -, spiceSupport ? !stdenv.isDarwin, spice, spice-protocol +, alsaSupport ? stdenv.lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner +, pulseSupport ? !stdenv.isDarwin && !nixosTestRunner, libpulseaudio +, sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2 +, gtkSupport ? !stdenv.isDarwin && !xenSupport && !nixosTestRunner, gtk3, gettext, vte, wrapGAppsHook +, vncSupport ? !nixosTestRunner, libjpeg, libpng +, smartcardSupport ? !nixosTestRunner, libcacard +, spiceSupport ? !stdenv.isDarwin && !nixosTestRunner, spice, spice-protocol +, ncursesSupport ? !nixosTestRunner, ncurses , usbredirSupport ? spiceSupport, usbredir , xenSupport ? false, xen , cephSupport ? false, ceph @@ -29,7 +31,7 @@ with stdenv.lib; let - audio = optionalString (hasSuffix "linux" stdenv.hostPlatform.system) "alsa," + audio = optionalString alsaSupport "alsa," + optionalString pulseSupport "pa," + optionalString sdlSupport "sdl,"; @@ -50,10 +52,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ python python.pkgs.sphinx pkgconfig flex bison ] ++ optionals gtkSupport [ wrapGAppsHook ]; buildInputs = - [ zlib glib ncurses perl pixman + [ zlib glib perl pixman vde2 texinfo makeWrapper lzo snappy gnutls nettle curl ] + ++ optionals ncursesSupport [ ncurses ] ++ optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ] ++ optionals seccompSupport [ libseccomp ] ++ optionals numaSupport [ numactl ] @@ -79,6 +82,13 @@ stdenv.mkDerivation rec { ./no-etc-install.patch ./fix-qemu-ga.patch ./9p-ignore-noatime.patch + ./CVE-2020-27617.patch + (fetchpatch { + # e1000e: infinite loop scenario in case of null packet descriptor, remove for QEMU >= 5.2.0-rc3 + name = "CVE-2020-28916.patch"; + url = "https://git.qemu.org/?p=qemu.git;a=patch;h=c2cb511634012344e3d0fe49a037a33b12d8a98a"; + sha256 = "1kvm6wl4vry0npiisxsn76h8nf1iv5fmqsyjvb46203f1yyg5pis"; + }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optionals stdenv.hostPlatform.isMusl [ (fetchpatch { @@ -96,6 +106,15 @@ stdenv.mkDerivation rec { }) ]; + # Remove CVE-2020-{29129,29130} for QEMU >5.1.0 + postPatch = '' + (cd slirp && patch -p1 < ${fetchpatch { + name = "CVE-2020-29129_CVE-2020-29130.patch"; + url = "https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f.patch"; + sha256 = "01vbjqgnc0kp881l5p6b31cyyirhwhavm6x36hlgkymswvl3wh9w"; + }}) + ''; + hardeningDisable = [ "stackprotector" ]; preConfigure = '' diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/runc/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/runc/default.nix index fd3d914af662..c3882ae9472e 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/runc/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/runc/default.nix @@ -9,6 +9,8 @@ , apparmor-parser , libseccomp , libselinux +, makeWrapper +, procps , nixosTests }: @@ -26,7 +28,7 @@ buildGoPackage rec { goPackagePath = "github.com/opencontainers/runc"; outputs = [ "out" "man" ]; - nativeBuildInputs = [ go-md2man installShellFiles pkg-config which ]; + nativeBuildInputs = [ go-md2man installShellFiles makeWrapper pkg-config which ]; buildInputs = [ libselinux libseccomp libapparmor apparmor-parser ]; @@ -43,9 +45,12 @@ buildGoPackage rec { installPhase = '' install -Dm755 runc $out/bin/runc installManPage man/*/*.[1-9] + wrapProgram $out/bin/runc \ + --prefix PATH : ${lib.makeBinPath [ procps ]} \ + --prefix PATH : /run/current-system/systemd/bin ''; - passthru.tests = { inherit (nixosTests) cri-o podman; }; + passthru.tests = { inherit (nixosTests) cri-o docker podman; }; meta = with lib; { homepage = "https://github.com/opencontainers/runc"; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/singularity/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/singularity/default.nix index 2f2d66f3b2f5..b11f8d68189c 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/singularity/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/singularity/default.nix @@ -1,8 +1,7 @@ {stdenv -, removeReferencesTo , lib , fetchurl -, utillinux +, util-linux , gpgme , openssl , libuuid @@ -18,17 +17,17 @@ with lib; buildGoPackage rec { pname = "singularity"; - version = "3.6.3"; + version = "3.7.0"; src = fetchurl { url = "https://github.com/hpcng/singularity/releases/download/v${version}/singularity-${version}.tar.gz"; - sha256 = "1zd29s8lggv4x5xracgzywayg1skl9qc2bqh1zdxh1wrg9sqbadi"; + sha256 = "0y6lm23g6a2ljm78w8iyak7yivxvpj3i55fjbd56m9b2ykssm5pv"; }; goPackagePath = "github.com/sylabs/singularity"; buildInputs = [ gpgme openssl libuuid ]; - nativeBuildInputs = [ removeReferencesTo utillinux which makeWrapper cryptsetup ]; + nativeBuildInputs = [ util-linux which makeWrapper cryptsetup ]; propagatedBuildInputs = [ coreutils squashfsTools ]; postPatch = '' diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix index 45d1146f4300..1d2a32c54e3a 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix @@ -1,7 +1,7 @@ { mkDerivation, lib, fetchFromGitHub, fetchpatch, cmake, pkgconfig , qtbase, qtmultimedia, qtsvg, qttools, krdc , libvncserver, libvirt, pcre, pixman, qtermwidget, spice-gtk, spice-protocol -, libselinux, libsepol, utillinux +, libselinux, libsepol, util-linux }: mkDerivation rec { @@ -32,7 +32,7 @@ mkDerivation rec { buildInputs = [ qtbase qtmultimedia qtsvg krdc libvirt libvncserver pcre pixman qtermwidget spice-gtk spice-protocol - libselinux libsepol utillinux + libselinux libsepol util-linux ]; nativeBuildInputs = [ cmake pkgconfig qttools ]; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix index 7ad60405f1b8..692b5f01b5c6 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, ocamlPackages, autoreconfHook }: +{ stdenv, fetchgit, fetchpatch, ocamlPackages, autoreconfHook }: stdenv.mkDerivation rec { pname = "virt-top"; @@ -10,6 +10,14 @@ stdenv.mkDerivation rec { sha256 = "0m7pm8lzlpngsj0vjv0hg8l9ck3gvwpva7r472f8f03xpjffwiga"; }; + patches = [ + (fetchpatch { + name = "ocaml-libvirt-0.6.1.5-fix.patch"; + url = "http://git.annexia.org/?p=virt-top.git;a=patch;h=24a461715d5bce47f63cb0097606fc336230589f"; + sha256 = "15w7w9iggvlw8m9w8g4h08251wzb3m3zkb58glr7ifsgi3flbn61"; + }) + ]; + nativeBuildInputs = [ autoreconfHook ]; buildInputs = with ocamlPackages; [ ocaml findlib ocaml_extlib ocaml_libvirt gettext-stub curses csv xml-light ]; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix index c320eca0bbee..e80edf72677a 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix @@ -23,8 +23,7 @@ let buildType = "release"; # Use maintainers/scripts/update.nix to update the version and all related hashes or # change the hashes in extpack.nix and guest-additions/default.nix as well manually. - version = "6.1.14"; - tarballVersion = "${version}a"; + version = "6.1.16"; iasl' = iasl.overrideAttrs (old: rec { inherit (old) pname; @@ -40,8 +39,8 @@ in stdenv.mkDerivation { inherit version; src = fetchurl { - url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${tarballVersion}.tar.bz2"; - sha256 = "16f3cb83ab3c4dacf2a9d3cc638cbd18db23767828bba6b8ba1c1b57abeb6aef"; + url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; + sha256 = "49c1990da16d8a3d5bda8cdb961ec8195a901e67e4c79aea44c1521a5fc2f9f1"; }; outputs = [ "out" "modsrc" ]; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix index 03b3be7e96e0..302f2b5945a4 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -12,7 +12,7 @@ fetchurl rec { # Manually sha256sum the extensionPack file, must be hex! # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS - let value = "b224e796e886b19bce69f0aaedf6ca82bad0ca29c61fb0ed86166efb84356942"; + let value = "9802482b77b95a954cb5111793da10d009009a4e9a9c4eaa4bd1ae5dafe9db46"; in assert (builtins.stringLength value) == 64; value; meta = { diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix index 3937d70e869d..180970d51dac 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -27,7 +27,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; - sha256 = "dd9f176abb89043c01cea7ec7e20130e76db71bd83beafeb2dc5858d4c9c86cd"; + sha256 = "88db771a5efd7c048228e5c1e0b8fba56542e9d8c1b75f7af5b0c4cf334f0584"; }; KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch new file mode 100644 index 000000000000..a103cb161710 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch @@ -0,0 +1,36 @@ +diff -Naur xen-4.10.4-orig/xen/arch/x86/Makefile xen-4.10.4-patched/xen/arch/x86/Makefile +--- xen-4.10.4-orig/xen/arch/x86/Makefile 2019-07-04 01:28:50.000000000 +1000 ++++ xen-4.10.4-patched/xen/arch/x86/Makefile 2020-03-03 13:32:34.607951507 +1100 +@@ -166,7 +166,7 @@ + # Check if the compiler supports the MS ABI. + export XEN_BUILD_EFI := $(shell $(CC) $(filter-out $(CFLAGS-y) .%.d,$(CFLAGS)) -c efi/check.c -o efi/check.o 2>/dev/null && echo y) + # Check if the linker supports PE. +-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) -mi386pep --subsystem=10 -o efi/check.efi efi/check.o 2>/dev/null && echo y)) ++XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) -mi386pep --subsystem=10 -o efi/check.efi efi/check.o 2>/dev/null && echo y)) + CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI + + $(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') +@@ -188,20 +188,20 @@ + + $(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o $(BASEDIR)/common/symbols-dummy.o efi/mkreloc + $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ +- $(guard) $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \ ++ $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \ + $(BASEDIR)/common/symbols-dummy.o $(note_file) -o $(@D)/.$(@F).$(base).0 &&) : + $(guard) efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S + $(guard) $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ + | $(guard) $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S + $(guard) $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o + $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ +- $(guard) $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ ++ $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ + $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file) -o $(@D)/.$(@F).$(base).1 &&) : + $(guard) efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S + $(guard) $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ + | $(guard) $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S + $(guard) $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o +- $(guard) $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ ++ $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ + $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file) -o $@ + if $(guard) false; then rm -f $@; echo 'EFI support disabled'; \ + else $(NM) -pa --format=sysv $(@D)/$(@F) \ diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch new file mode 100644 index 000000000000..11989e86c770 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch @@ -0,0 +1,35 @@ +EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something +like that, and (on my machine) has directories within that called +{Boot, nixos, gummiboot}. + +This patch does two things: + +1) Xen apparently wants to put files in +$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name +because I can't see why we have it + +2) Ensures the said directory exists + + +--- a/xen/Makefile 2016-01-08 01:50:58.028045657 +0000 ++++ b/xen/Makefile 2016-01-08 01:51:33.560268718 +0000 +@@ -49,7 +49,9 @@ + ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ + ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ + if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ +- $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ ++ [ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \ ++ $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\ ++ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ + elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ + echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ + fi; \ +@@ -69,7 +69,7 @@ + rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).$(XEN_SUBVERSION).efi + rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi + rm -f $(D)$(EFI_DIR)/$(T).efi +- rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ++ rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi + + .PHONY: _debug + _debug: diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix deleted file mode 100644 index 6fa30462df08..000000000000 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix +++ /dev/null @@ -1,198 +0,0 @@ -{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit -, ocaml-ng -, withInternalQemu ? true -, withInternalTraditionalQemu ? true -, withInternalSeabios ? true -, withSeabios ? !withInternalSeabios, seabios ? null -, withInternalOVMF ? false # FIXME: tricky to build -, withOVMF ? false, OVMF -, withLibHVM ? true - -# qemu -, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir -, alsaLib -, ... } @ args: - -assert withInternalSeabios -> !withSeabios; -assert withInternalOVMF -> !withOVMF; - -with stdenv.lib; - -# Patching XEN? Check the XSAs at -# https://xenbits.xen.org/xsa/ -# and try applying all the ones we don't have yet. - -let - xsa = import ./xsa-patches.nix { inherit fetchpatch; }; - - xenlockprofpatch = (fetchpatch { - name = "xenlockprof-gcc7.patch"; - url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222"; - sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70"; - }); - - xenpmdpatch = (fetchpatch { - name = "xenpmd-gcc7.patch"; - url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3"; - sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq"; - }); - - qemuMemfdBuildFix = fetchpatch { - name = "xen-4.8-memfd-build-fix.patch"; - url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; - sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; - }; - - # Ported from - #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=e014dbe74e0484188164c61ff6843f8a04a8cb9d"; - #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=0e3b891fefacc0e49f3c8ffa3a753b69eb7214d2"; - qemuGlusterfs6Fix = ./qemu-gluster-6-compat.diff; - - qemuDeps = [ - udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir - alsaLib - ]; -in - -callPackage (import ./generic.nix (rec { - version = "4.8.5"; - - src = fetchurl { - url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; - sha256 = "04xcf01jad1lpqnmjblzhnjzp0bss9fjd9awgcycjx679arbaxqz"; - }; - - # Sources needed to build tools and firmwares. - xenfiles = optionalAttrs withInternalQemu { - qemu-xen = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/qemu-xen.git"; - rev = "refs/tags/qemu-xen-${version}"; - sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4"; - }; - patches = [ - qemuMemfdBuildFix - qemuGlusterfs6Fix - ]; - buildInputs = qemuDeps; - meta.description = "Xen's fork of upstream Qemu"; - }; - } // optionalAttrs withInternalTraditionalQemu { - qemu-xen-traditional = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; - rev = "refs/tags/xen-${version}"; - sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk"; - }; - buildInputs = qemuDeps; - patches = [ - ]; - postPatch = '' - substituteInPlace xen-hooks.mak \ - --replace /usr/include/pci ${pciutils}/include/pci - ''; - meta.description = "Xen's fork of upstream Qemu that uses old device model"; - }; - } // optionalAttrs withInternalSeabios { - "firmware/seabios-dir-remote" = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/seabios.git"; - rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; - sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; - }; - patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; - meta.description = "Xen's fork of Seabios"; - }; - } // optionalAttrs withInternalOVMF { - "firmware/ovmf-dir-remote" = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/ovmf.git"; - rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; - sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; - }; - meta.description = "Xen's fork of OVMF"; - }; - } // { - # TODO: patch Xen to make this optional? - "firmware/etherboot/ipxe.git" = { - src = fetchgit { - url = "https://git.ipxe.org/ipxe.git"; - rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; - sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; - }; - meta.description = "Xen's fork of iPXE"; - }; - } // optionalAttrs withLibHVM { - xen-libhvm-dir-remote = { - src = fetchgit { - name = "xen-libhvm"; - url = "https://github.com/michalpalka/xen-libhvm"; - rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; - sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; - }; - buildPhase = '' - make - cd biospt - cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm - ''; - installPhase = '' - make install - cp biospt/biospt $out/bin/ - ''; - meta = { - description = '' - Helper library for reading ACPI and SMBIOS firmware values - from the host system for use with the HVM guest firmware - pass-through feature in Xen''; - license = licenses.bsd2; - }; - }; - }; - - configureFlags = [] - ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH - ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" - ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" - - ++ optional (withSeabios) "--with-system-seabios=${seabios}" - ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" - - ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" - ++ optional (withInternalOVMF) "--enable-ovmf"; - - patches = with xsa; flatten [ - # 253: 4.8 not affected - # 254: no patch supplied by xen project (Meltdown/Spectre) - xenlockprofpatch - xenpmdpatch - ]; - - NIX_CFLAGS_COMPILE = toString [ - # Fix build on Glibc 2.24 - "-Wno-error=deprecated-declarations" - # Fix build with GCC8 - "-Wno-error=maybe-uninitialized" - "-Wno-error=stringop-truncation" - "-Wno-error=format-truncation" - "-Wno-error=array-bounds" - # Fix build with GCC9 - "-Wno-error=address-of-packed-member" - "-Wno-error=format-overflow" - "-Wno-error=absolute-value" - ]; - - postPatch = '' - # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. - sed 1i'#include <sys/sysmacros.h>' \ - -i tools/blktap2/control/tap-ctl-allocate.c \ - -i tools/libxl/libxl_device.c \ - ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"} - - sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c - ''; - - passthru.qemu-system-i386 = if withInternalQemu - then "lib/xen/bin/qemu-system-i386" - else throw "this xen has no qemu builtin"; - -})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/generic.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/generic.nix index 854debc458a3..7cd02e69c5ef 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/generic.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/generic.nix @@ -14,12 +14,14 @@ config: # Scripts , coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools , iproute, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd -, lvm2, utillinux, procps, systemd +, lvm2, util-linux, procps, systemd # Documentation # python2Packages.markdown , transfig, ghostscript, texinfo, pandoc +, binutils-unwrapped + , ...} @ args: with stdenv.lib; @@ -28,7 +30,7 @@ let #TODO: fix paths instead scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [ which perl - coreutils gawk gnused gnugrep diffutils utillinux multipath-tools + coreutils gawk gnused gnugrep diffutils util-linux multipath-tools iproute inetutils iptables bridge-utils openvswitch nbd drbd ]; @@ -42,6 +44,17 @@ let } ( __do ) ''); + + # We don't want to use the wrapped version, because this version of ld is + # only used for linking the Xen EFI binary, and the build process really + # needs control over the LDFLAGS used + efiBinutils = binutils-unwrapped.overrideAttrs (oldAttrs: { + name = "efi-binutils"; + configureFlags = oldAttrs.configureFlags ++ [ + "--enable-targets=x86_64-pep" + ]; + doInstallCheck = false; # We get a spurious failure otherwise, due to host/target mis-match + }); in stdenv.mkDerivation (rec { @@ -119,10 +132,12 @@ stdenv.mkDerivation (rec { '')} ''; - patches = [ ./0000-fix-ipxe-src.patch - ./0000-fix-install-python.patch - ] ++ optional (versionOlder version "4.8.5") ./acpica-utils-20180427.patch - ++ (config.patches or []); + patches = [ + ./0000-fix-ipxe-src.patch + ./0000-fix-install-python.patch + ./0004-makefile-use-efi-ld.patch + ./0005-makefile-fix-efi-mountdir-use.patch + ] ++ (config.patches or []); postPatch = '' ### Hacks @@ -146,8 +161,8 @@ stdenv.mkDerivation (rec { --replace /usr/sbin/lvs ${lvm2}/bin/lvs substituteInPlace tools/misc/xenpvnetboot \ - --replace /usr/sbin/mount ${utillinux}/bin/mount \ - --replace /usr/sbin/umount ${utillinux}/bin/umount + --replace /usr/sbin/mount ${util-linux}/bin/mount \ + --replace /usr/sbin/umount ${util-linux}/bin/umount substituteInPlace tools/xenmon/xenmon.py \ --replace /usr/bin/pkill ${procps}/bin/pkill @@ -186,6 +201,9 @@ stdenv.mkDerivation (rec { --replace /bin/ls ls ''; + EFI_LD = "${efiBinutils}/bin/ld"; + EFI_VENDOR = "nixos"; + # TODO: Flask needs more testing before enabling it by default. #makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ]; makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ] diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/packages.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/packages.nix index e30006fbcc1a..55e3b12c3b7e 100644 --- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/packages.nix +++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/xen/packages.nix @@ -1,57 +1,11 @@ { callPackage -, stdenv, overrideCC +, stdenv }: # TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim # light] for each ./<version>.nix. rec { - xen_4_8-vanilla = callPackage ./4.8.nix { - meta = { - description = "vanilla"; - longDescription = '' - Vanilla version of Xen. Uses forks of Qemu and Seabios bundled - with Xen. This gives vanilla experince, but wastes space and - build time: typical NixOS setup that runs lots of VMs will - build three different versions of Qemu when using this (two - forks and upstream). - ''; - }; - }; - - xen_4_8-slim = xen_4_8-vanilla.override { - withInternalQemu = false; - withInternalTraditionalQemu = true; - withInternalSeabios = false; - withSeabios = true; - - meta = { - description = "slim"; - longDescription = '' - Slimmed-down version of Xen that reuses nixpkgs packages as - much as possible. Different parts may get out of sync, but - this builds faster and uses less space than vanilla. Use with - `qemu_xen` from nixpkgs. - ''; - }; - }; - - xen_4_8-light = xen_4_8-vanilla.override { - withInternalQemu = false; - withInternalTraditionalQemu = false; - withInternalSeabios = false; - withSeabios = true; - - meta = { - description = "light"; - longDescription = '' - Slimmed-down version of Xen without `qemu-traditional` (you - don't need it if you don't know what it is). Use with - `qemu_xen-light` from nixpkgs. - ''; - }; - }; - xen_4_10-vanilla = callPackage ./4.10.nix { meta = { description = "vanilla"; @@ -98,8 +52,8 @@ rec { }; }; - xen-vanilla = xen_4_8-vanilla; - xen-slim = xen_4_8-slim; - xen-light = xen_4_8-light; + xen-vanilla = xen_4_10-vanilla; + xen-slim = xen_4_10-slim; + xen-light = xen_4_10-light; } |