diff options
| author | Jan Tojnar <jtojnar@gmail.com> | 2019-09-06 03:20:09 +0200 |
|---|---|---|
| committer | Jan Tojnar <jtojnar@gmail.com> | 2019-09-06 03:20:09 +0200 |
| commit | cdf426488b5dc3a7c051d7ad1c90c07dc0c3a89f (patch) | |
| tree | 3fdd8ed1c086fb0ddf93941114bb1cbbb4659af9 /pkgs/applications/virtualization | |
| parent | e7cccdbb139ccf2f9f170500f40c04a6237a2da1 (diff) | |
| parent | ed54a5b51dc9542df94f70b25a13d86d1f494e64 (diff) | |
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
Diffstat (limited to 'pkgs/applications/virtualization')
3 files changed, 40 insertions, 7 deletions
diff --git a/pkgs/applications/virtualization/docker-compose/default.nix b/pkgs/applications/virtualization/docker-compose/default.nix index 2d983d009f1..b1c42b099b6 100644 --- a/pkgs/applications/virtualization/docker-compose/default.nix +++ b/pkgs/applications/virtualization/docker-compose/default.nix @@ -5,6 +5,7 @@ , six, texttable, websocket_client, cached-property , enum34, functools32, paramiko }: + buildPythonApplication rec { version = "1.24.1"; pname = "docker-compose"; @@ -32,15 +33,17 @@ buildPythonApplication rec { ''; postInstall = '' - mkdir -p $out/share/bash-completion/completions/ - cp contrib/completion/bash/docker-compose $out/share/bash-completion/completions/docker-compose + install -D -m 0444 contrib/completion/bash/docker-compose \ + $out/share/bash-completion/completions/docker-compose + + install -D -m 0444 contrib/completion/zsh/_docker-compose \ + $out/share/zsh-completion/zsh/site-functions/_docker-compose ''; meta = with stdenv.lib; { homepage = https://docs.docker.com/compose/; description = "Multi-container orchestration for Docker"; license = licenses.asl20; - maintainers = with maintainers; [ - ]; + maintainers = [ ]; }; } diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index 20930b86537..104fc8a89bf 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -1,8 +1,8 @@ { config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook , libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL , libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras -, qttools, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43 -, alsaLib, curl, libvpx, nettools, dbus +, qttools, qtsvg, qtwayland, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43 +, alsaLib, curl, libvpx, nettools, dbus, substituteAll , makeself, perl , javaBindings ? true, jdk ? null # Almost doesn't affect closure size , pythonBindings ? false, python3 ? null @@ -37,7 +37,7 @@ in stdenv.mkDerivation { nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ] ++ optional (!headless) wrapQtAppsHook; - # Wrap manually because we just need to wrap one executable + # Wrap manually because we wrap just a small number of executables. dontWrapQtApps = true; buildInputs = @@ -79,6 +79,17 @@ in stdenv.mkDerivation { patches = optional enableHardening ./hardened.patch + # When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees + # the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH. + # This is because VirtualBoxVM would detect that it is wrapped that and refuse to run, + # and also because it would unset QT_PLUGIN_PATH for security reasons. We work around + # these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths, + # after the code that unsets it. Note that qtsvg is included so that SVG icons from + # the user's icon theme can be loaded. + ++ optional (!headless && enableHardening) (substituteAll { + src = ./qt-env-vars.patch; + qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}"; + }) ++ [ ./qtx11extras.patch ]; @@ -184,6 +195,11 @@ in stdenv.mkDerivation { preFixup = optionalString (!headless) '' wrapQtApp $out/bin/VirtualBox + '' + # If hardening is disabled, wrap the VirtualBoxVM binary instead of patching + # the source code (see postPatch). + + optionalString (!headless && !enableHardening) '' + wrapQtApp $out/libexec/virtualbox/VirtualBoxVM ''; passthru = { diff --git a/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch b/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch new file mode 100644 index 00000000000..ad1d1fd11f8 --- /dev/null +++ b/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch @@ -0,0 +1,14 @@ +--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp ++++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp +@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp) + /** @todo Call NT API to do the same. */ + #endif + } ++ ++ /* ++ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins. ++ */ ++ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1); + } + + |