summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorzimbatm <zimbatm@zimbatm.com>2018-08-15 18:05:07 +0100
committerGitHub <noreply@github.com>2018-08-15 18:05:07 +0100
commit9976f37c771d3bd29bd24637a7265eb7d7eb5195 (patch)
tree691082ae1d105172bce61b8150d23e8e10fb606f /nixos
parent27ddcc5babc818ef78b25b946b6d036c7c2901d2 (diff)
parente04e92d38b944dd5729ed023f9f5e131acf0e95a (diff)
downloadnixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.tar
nixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.tar.gz
nixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.tar.bz2
nixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.tar.lz
nixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.tar.xz
nixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.tar.zst
nixpkgs-9976f37c771d3bd29bd24637a7265eb7d7eb5195.zip
Merge pull request #44896 from cdepillabout/vbox-extpack
add derivation for the virtualbox oracle extension pack
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/virtualisation/virtualbox-host.nix16
-rw-r--r--nixos/tests/virtualbox.nix39
2 files changed, 47 insertions, 8 deletions
diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix
index b69860a199a..60779579402 100644
--- a/nixos/modules/virtualisation/virtualbox-host.nix
+++ b/nixos/modules/virtualisation/virtualbox-host.nix
@@ -6,7 +6,8 @@ let
   cfg = config.virtualisation.virtualbox.host;
 
   virtualbox = cfg.package.override {
-    inherit (cfg) enableExtensionPack enableHardening headless;
+    inherit (cfg) enableHardening headless;
+    extensionPack = if cfg.enableExtensionPack then pkgs.virtualboxExtpack else null;
   };
 
   kernelModules = config.boot.kernelPackages.virtualbox.override {
@@ -28,6 +29,17 @@ in
       '';
     };
 
+    enableExtensionPack = mkEnableOption "VirtualBox extension pack" // {
+      description = ''
+        Whether to install the Oracle Extension Pack for VirtualBox.
+
+        <important><para>
+          You must set <literal>nixpkgs.config.allowUnfree = true</literal> in
+          order to use this.  This requires you accept the VirtualBox PUEL.
+        </para></important>
+      '';
+    };
+
     package = mkOption {
       type = types.package;
       default = pkgs.virtualbox;
@@ -45,8 +57,6 @@ in
       '';
     };
 
-    enableExtensionPack = mkEnableOption "VirtualBox extension pack";
-
     enableHardening = mkOption {
       type = types.bool;
       default = true;
diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix
index 008dab8459c..4207112cf16 100644
--- a/nixos/tests/virtualbox.nix
+++ b/nixos/tests/virtualbox.nix
@@ -293,6 +293,11 @@ let
     "--hostonlyadapter2 vboxnet0"
   ];
 
+  # The VirtualBox Oracle Extension Pack lets you use USB 3.0 (xHCI).
+  enableExtensionPackVMFlags = [
+    "--usbxhci on"
+  ];
+
   dhcpScript = pkgs: ''
     ${pkgs.dhcp}/bin/dhclient \
       -lf /run/dhcp.leases \
@@ -323,13 +328,17 @@ let
     headless.services.xserver.enable = false;
   };
 
-  mkVBoxTest = name: testScript: makeTest {
+  vboxVMsWithExtpack = mapAttrs createVM {
+    testExtensionPack.vmFlags = enableExtensionPackVMFlags;
+  };
+
+  mkVBoxTest = useExtensionPack: vms: name: testScript: makeTest {
     name = "virtualbox-${name}";
 
     machine = { lib, config, ... }: {
       imports = let
         mkVMConf = name: val: val.machine // { key = "${name}-config"; };
-        vmConfigs = mapAttrsToList mkVMConf vboxVMs;
+        vmConfigs = mapAttrsToList mkVMConf vms;
       in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
       virtualisation.memorySize = 2048;
       virtualisation.virtualbox.host.enable = true;
@@ -337,6 +346,8 @@ let
       users.users.alice.extraGroups = let
         inherit (config.virtualisation.virtualbox.host) enableHardening;
       in lib.mkIf enableHardening (lib.singleton "vboxusers");
+      virtualisation.virtualbox.host.enableExtensionPack = useExtensionPack;
+      nixpkgs.config.allowUnfree = useExtensionPack;
     };
 
     testScript = ''
@@ -353,7 +364,7 @@ let
         return join("\n", grep { $_ !~ /^UUID:/ } split(/\n/, $_[0]))."\n";
       }
 
-      ${concatStrings (mapAttrsToList (_: getAttr "testSubs") vboxVMs)}
+      ${concatStrings (mapAttrsToList (_: getAttr "testSubs") vms)}
 
       $machine->waitForX;
 
@@ -363,11 +374,11 @@ let
     '';
 
     meta = with pkgs.stdenv.lib.maintainers; {
-      maintainers = [ aszlig wkennington ];
+      maintainers = [ aszlig wkennington cdepillabout ];
     };
   };
 
-in mapAttrs mkVBoxTest {
+in mapAttrs (mkVBoxTest false vboxVMs) {
   simple-gui = ''
     createVM_simple;
     $machine->succeed(ru "VirtualBox &");
@@ -473,4 +484,22 @@ in mapAttrs mkVBoxTest {
     destroyVM_test1;
     destroyVM_test2;
   '';
+} // mapAttrs (mkVBoxTest true vboxVMsWithExtpack) {
+  enable-extension-pack = ''
+    createVM_testExtensionPack;
+    vbm("startvm testExtensionPack");
+    waitForStartup_testExtensionPack;
+    $machine->screenshot("cli_started");
+    waitForVMBoot_testExtensionPack;
+    $machine->screenshot("cli_booted");
+
+    $machine->nest("Checking for privilege escalation", sub {
+      $machine->fail("test -e '/root/VirtualBox VMs'");
+      $machine->fail("test -e '/root/.config/VirtualBox'");
+      $machine->succeed("test -e '/home/alice/VirtualBox VMs'");
+    });
+
+    shutdownVM_testExtensionPack;
+    destroyVM_testExtensionPack;
+  '';
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 23:06:18 +0000