diff options
| author | John Ericson <John.Ericson@Obsidian.Systems> | 2019-11-24 17:25:07 +0000 |
|---|---|---|
| committer | John Ericson <John.Ericson@Obsidian.Systems> | 2019-11-24 17:25:07 +0000 |
| commit | d0d5136cce5e0cbe2305c53090bd4bd886114746 (patch) | |
| tree | 70092947536a3c65e215df9df20e571e34652f7a /pkgs/applications/virtualization | |
| parent | 9b090ccbca3f7dd26d91db06e96e8bf8282c37ca (diff) | |
| parent | 195c263a812dec532656dcfd5d0360458cdc93fd (diff) | |
| download | nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.gz nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.bz2 nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.lz nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.xz nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.zst nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.zip | |
Merge remote-tracking branch 'upstream/master' into wrapper-pname-support
Diffstat (limited to 'pkgs/applications/virtualization')
32 files changed, 533 insertions, 590 deletions
diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix index 846f395671d..e475c4ed78a 100644 --- a/pkgs/applications/virtualization/OVMF/default.nix +++ b/pkgs/applications/virtualization/OVMF/default.nix @@ -42,7 +42,7 @@ edk2.mkDerivation projectDscPath { mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV # Uses Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec - # FIXME: why is it different from Debian dir layout? https://anonscm.debian.org/cgit/pkg-qemu/edk2.git/tree/debian/rules + # FIXME: why is it different from Debian dir layout? https://salsa.debian.org/qemu-team/edk2/blob/debian/debian/rules dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=/dev/zero bs=1M count=64 dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=$fd/FV/QEMU_EFI.fd conv=notrunc dd of=$fd/AAVMF/vars-template-pflash.raw if=/dev/zero bs=1M count=64 diff --git a/pkgs/applications/virtualization/arion/default.nix b/pkgs/applications/virtualization/arion/default.nix new file mode 100644 index 00000000000..f144ec97677 --- /dev/null +++ b/pkgs/applications/virtualization/arion/default.nix @@ -0,0 +1,83 @@ +{ pkgs +, lib +, haskellPackages +, haskell +, runCommand +}: + +let + + /* This derivation builds the arion tool. + + It is based on the arion-compose Haskell package, but adapted and extended to + - have the correct name + - have a smaller closure size + - have functions to use Arion from inside Nix: arion.eval and arion.build + - make it self-contained by including docker-compose + */ + arion = + justStaticExecutables ( + overrideCabal + arion-compose + cabalOverrides + ); + + inherit (haskell.lib) justStaticExecutables overrideCabal; + + inherit (haskellPackages) arion-compose; + + cabalOverrides = o: { + buildTools = (o.buildTools or []) ++ [pkgs.makeWrapper]; + passthru = (o.passthru or {}) // { + inherit eval build; + }; + # Patch away the arion-compose name. Unlike the Haskell library, the program + # is called arion (arion was already taken on hackage). + pname = "arion"; + src = arion-compose.src; + + # PYTHONPATH + # + # We close off the python module search path! + # + # Accepting directories from the environment into the search path + # tends to break things. Docker Compose does not have a plugin + # system as far as I can tell, so I don't expect this to break a + # feature, but rather to make the program more robustly self- + # contained. + + postInstall = ''${o.postInstall or ""} + mkdir -p $out/libexec + mv $out/bin/arion $out/libexec + makeWrapper $out/libexec/arion $out/bin/arion \ + --unset PYTHONPATH \ + --prefix PATH : ${lib.makeBinPath [ pkgs.docker-compose ]} \ + ; + ''; + }; + + # Unpacked sources for evaluation by `eval` + srcUnpacked = runCommand "arion-src" {} + "mkdir $out; tar -C $out --strip-components=1 -xf ${arion-compose.src}"; + + /* Function for evaluating a composition + + Re-uses this Nixpkgs evaluation instead of `arion-pkgs.nix`. + + Returns the module system's `config` and `options` variables. + */ + eval = args@{...}: + import (srcUnpacked + "/src/nix/eval-composition.nix") + ({ inherit pkgs; } // args); + + /* Function to derivation of the docker compose yaml file + NOTE: The output will change: https://github.com/hercules-ci/arion/issues/82 + + This function is particularly useful on CI, although the references + to image tarballs may not always be desirable. + */ + build = args@{...}: + let composition = eval args; + in composition.config.out.dockerComposeYaml; + +in arion diff --git a/pkgs/applications/virtualization/charliecloud/default.nix b/pkgs/applications/virtualization/charliecloud/default.nix index c55eb342e06..35c78dfd50a 100644 --- a/pkgs/applications/virtualization/charliecloud/default.nix +++ b/pkgs/applications/virtualization/charliecloud/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { - version = "0.9.8"; + version = "0.11"; pname = "charliecloud"; src = fetchFromGitHub { owner = "hpc"; repo = "charliecloud"; rev = "v${version}"; - sha256 = "1w1wy4sj9zqfysrpf04shhppcf5ap4rp7i3ja81sv2fm27k4m9nl"; + sha256 = "10dzas5fyh2lpa0kf1xv8z9c4g4cf0zlmnpilyvpcyccyfjf6cp2"; }; buildInputs = [ python ]; diff --git a/pkgs/applications/virtualization/conmon/default.nix b/pkgs/applications/virtualization/conmon/default.nix index 0b523d7b88d..a3576557f34 100644 --- a/pkgs/applications/virtualization/conmon/default.nix +++ b/pkgs/applications/virtualization/conmon/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { project = "conmon"; name = "${project}-${version}"; - version = "2.0.0"; + version = "2.0.3"; src = fetchFromGitHub { owner = "containers"; repo = project; rev = "v${version}"; - sha256 = "1sigcylya668f5jzkf1vgfsgqy26l3glh9a3g8lhd2468ax6wymk"; + sha256 = "0xsirdsgq84bsjb1xgzv3pnjhm9l13vwj79zd8rjdd7p28wsxb0y"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/applications/virtualization/containerd/default.nix b/pkgs/applications/virtualization/containerd/default.nix index b770c6ed0a5..70865ea848b 100644 --- a/pkgs/applications/virtualization/containerd/default.nix +++ b/pkgs/applications/virtualization/containerd/default.nix @@ -16,8 +16,6 @@ buildGoPackage rec { goPackagePath = "github.com/containerd/containerd"; outputs = [ "bin" "out" "man" ]; - hardeningDisable = [ "fortify" ]; - buildInputs = [ btrfs-progs go-md2man utillinux ]; buildFlags = "VERSION=v${version}"; diff --git a/pkgs/applications/virtualization/cri-o/default.nix b/pkgs/applications/virtualization/cri-o/default.nix index 0d2d0278cc3..fddf1741720 100644 --- a/pkgs/applications/virtualization/cri-o/default.nix +++ b/pkgs/applications/virtualization/cri-o/default.nix @@ -17,7 +17,7 @@ buildGoPackage rec { project = "cri-o"; - version = "1.15.1"; + version = "1.16.0"; name = "${project}-${version}${flavor}"; goPackagePath = "github.com/${project}/${project}"; @@ -26,7 +26,7 @@ buildGoPackage rec { owner = "cri-o"; repo = "cri-o"; rev = "v${version}"; - sha256 = "0yjj03qwwb6g05pzavimgj14p6805m3w8qqpl4fp4fpmbrsx4sb0"; + sha256 = "1kbg544v7c1apaxrpndgrap0pb5c67d8fazbkgykg6ynskx6n344"; }; outputs = [ "bin" "out" ]; @@ -42,17 +42,23 @@ buildGoPackage rec { pushd go/src/${goPackagePath} # Build pause - go build -tags ${makeFlags} -o bin/crio-config -buildmode=pie \ - -ldflags '-s -w ${ldflags}' ${goPackagePath}/cmd/crio-config - make -C pause - # Build the crio binary - go build -tags ${makeFlags} -o bin/crio -buildmode=pie \ - -ldflags '-s -w ${ldflags}' ${goPackagePath}/cmd/crio + # Build the crio binaries + function build() { + go build \ + -tags ${makeFlags} \ + -o bin/"$1" \ + -buildmode=pie \ + -ldflags '-s -w ${ldflags}' \ + ${goPackagePath}/cmd/"$1" + } + build crio + build crio-status ''; installPhase = '' install -Dm755 bin/crio $bin/bin/crio${flavor} + install -Dm755 bin/crio-status $bin/bin/crio-status${flavor} mkdir -p $bin/libexec/crio install -Dm755 bin/pause $bin/libexec/crio/pause${flavor} diff --git a/pkgs/applications/virtualization/crun/default.nix b/pkgs/applications/virtualization/crun/default.nix new file mode 100644 index 00000000000..7dddc3b533b --- /dev/null +++ b/pkgs/applications/virtualization/crun/default.nix @@ -0,0 +1,31 @@ +{ stdenv, lib, fetchFromGitHub, autoreconfHook, go-md2man, pkgconfig +, libcap, libseccomp, python3, systemd, yajl }: + +stdenv.mkDerivation rec { + pname = "crun"; + version = "0.8"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = version; + sha256 = "1anvlgw373031w0pp0b28l10yrnyhbj192n60bbbjahw487dk2fi"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ autoreconfHook go-md2man pkgconfig python3 ]; + + buildInputs = [ libcap libseccomp systemd yajl ]; + + enableParallelBuilding = true; + + # the tests require additional permissions + doCheck = false; + + meta = with lib; { + description = "A fast and lightweight fully featured OCI runtime and C library for running containers"; + license = licenses.gpl3; + platforms = platforms.linux; + inherit (src.meta) homepage; + }; +} diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 027404439cd..7b4e7787985 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -19,7 +19,7 @@ rec { name = "docker-runc-${version}"; inherit version; src = fetchFromGitHub { - owner = "docker"; + owner = "opencontainers"; repo = "runc"; rev = runcRev; sha256 = runcSha256; @@ -37,8 +37,6 @@ rec { rev = containerdRev; sha256 = containerdSha256; }; - - hardeningDisable = [ "fortify" ]; }); docker-tini = tini.overrideAttrs (oldAttrs: { @@ -82,9 +80,6 @@ rec { sha256 = sha256; }; - # Optimizations break compilation of libseccomp c bindings - hardeningDisable = [ "fortify" ]; - nativeBuildInputs = [ pkgconfig ]; buildInputs = [ makeWrapper removeReferencesTo go-md2man go libtool @@ -198,14 +193,14 @@ rec { }); # Get revisions from - # https://github.com/docker/docker-ce/tree/v${version}/components/engine/hack/dockerfile/install/* + # https://github.com/docker/docker-ce/tree/${version}/components/engine/hack/dockerfile/install/* docker_18_09 = makeOverridable dockerGen { version = "18.09.9"; rev = "039a7df9ba8097dd987370782fcdd6ea79b26016"; sha256 = "0wqhjx9qs96q2jd091wffn3cyv2aslqn2cvpdpgljk8yr9s0yg7h"; - runcRev = "425e105d5a03fabd737a126ad93d62a9eeede87f"; - runcSha256 = "05s4p12mgmdcy7gjralh41wlgds6m69zdgwbpdn1xjj2487dmhxf"; + runcRev = "3e425f80a8c931f88e6d94a8c831b9d5aa481657"; + runcSha256 = "18psc830b2rkwml1x6vxngam5b5wi3pj14mw817rshpzy87prspj"; containerdRev = "894b81a4b802e4eb2a91d1ce216b8817763c29fb"; containerdSha256 = "0sp5mn5wd3xma4svm6hf67hyhiixzkzz6ijhyjkwdrc4alk81357"; tiniRev = "fec3683b971d9c3ef73f284f176672c44b448662"; @@ -213,13 +208,13 @@ rec { }; docker_19_03 = makeOverridable dockerGen { - version = "19.03.2"; - rev = "6a30dfca03664a0b6bf0646a7d389ee7d0318e6e"; - sha256 = "0bghqwxlx4v06bwcv3c2wizbihhf983gvypx5sjcbgmiyd3bgb47"; - runcRev = "425e105d5a03fabd737a126ad93d62a9eeede87f"; - runcSha256 = "05s4p12mgmdcy7gjralh41wlgds6m69zdgwbpdn1xjj2487dmhxf"; - containerdRev = "894b81a4b802e4eb2a91d1ce216b8817763c29fb"; - containerdSha256 = "0sp5mn5wd3xma4svm6hf67hyhiixzkzz6ijhyjkwdrc4alk81357"; + version = "19.03.4"; + rev = "9013bf583a215dc1488d941f9b6f7f11e1ea899f"; + sha256 = "094d6d93jd7g1vw362cqbv9qbyv8h6pb6dj750pgqvnf1bn1mffb"; + runcRev = "3e425f80a8c931f88e6d94a8c831b9d5aa481657"; + runcSha256 = "18psc830b2rkwml1x6vxngam5b5wi3pj14mw817rshpzy87prspj"; + containerdRev = "b34a5c8af56e510852c35414db4c1f4fa6172339"; + containerdSha256 = "1kddhkd93wkrimk0yjcqiavdrqc818nd39rf3wrgxyilx1mfnrwb"; tiniRev = "fec3683b971d9c3ef73f284f176672c44b448662"; tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; diff --git a/pkgs/applications/virtualization/dumb-init/default.nix b/pkgs/applications/virtualization/dumb-init/default.nix new file mode 100644 index 00000000000..c7be90222c2 --- /dev/null +++ b/pkgs/applications/virtualization/dumb-init/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, glibc }: + +stdenv.mkDerivation rec { + pname = "dumb-init"; + version = "1.2.2"; + + src = fetchFromGitHub { + owner = "Yelp"; + repo = pname; + rev = "v${version}"; + sha256 = "15hgl8rz5dmrl5gx21sq5269l1hq539qn68xghjx0bv9hgbx0g20"; + }; + + buildInputs = [ glibc.static ]; + + installPhase = '' + runHook preInstall + + install -Dm755 -t $out/bin dumb-init + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "A minimal init system for Linux containers"; + homepage = "https://github.com/Yelp/dumb-init"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/virtualization/firecracker/default.nix b/pkgs/applications/virtualization/firecracker/default.nix index 45ec7383fc8..9fa06f5bf0b 100644 --- a/pkgs/applications/virtualization/firecracker/default.nix +++ b/pkgs/applications/virtualization/firecracker/default.nix @@ -1,35 +1,61 @@ { fetchurl, stdenv }: let - version = "0.15.2"; - baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download"; + version = "0.19.0"; + + suffix = { + x86_64-linux = ""; + aarch64-linux = "-aarch64"; + }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download"; fetchbin = name: sha256: fetchurl { - url = "${baseurl}/v${version}/${name}-v${version}"; - inherit sha256; + url = "${baseurl}/v${version}/${name}-v${version}${suffix}"; + sha256 = sha256."${stdenv.hostPlatform.system}"; + }; + + firecracker-bin = fetchbin "firecracker" { + x86_64-linux = "0yjhw77xc2nc96p36jhf0va95gf6hwi9n270g4iiwakycdy048mx"; + aarch64-linux = "165yca7pcwpqw3x6dihcjz1xcwjh37sdi9qrrjk9zasxx7xcniym"; + }; + + jailer-bin = fetchbin "jailer" { + x86_64-linux = "1q792b4bl1q3ach8nc8l0fbcil44knv3wa542xrskndzdz28lhsp"; + aarch64-linux = "1cnwlpy5bswjprk7fcjgf6lxidhp7z00qx691nkwhzjkby80j490"; }; - firecracker-bin = fetchbin "firecracker" "11g0iz1krsm6gzhvf0fb4101c6qyk6bl8j3kjidbb52x9i4aqsxk"; - jailer-bin = fetchbin "jailer" "0j1gc1cdsfsi82fkvvxla25791lcvk6vmp46i82f0ms9xm7xhswz"; in stdenv.mkDerivation { - name = "firecracker-${version}"; + pname = "firecracker"; inherit version; - srcs = [ firecracker-bin jailer-bin ]; - phases = [ "installPhase" ]; + + unpackPhase = ":"; + configurePhase = ":"; + + buildPhase = '' + cp ${firecracker-bin} firecracker + cp ${jailer-bin} jailer + chmod +x firecracker jailer + ''; + + doCheck = true; + checkPhase = '' + ./firecracker --version + ./jailer --version + ''; installPhase = '' mkdir -p $out/bin - install -D ${firecracker-bin} $out/bin/firecracker - install -D ${jailer-bin} $out/bin/jailer + install -D firecracker $out/bin/firecracker + install -D jailer $out/bin/jailer ''; meta = with stdenv.lib; { description = "Secure, fast, minimal micro-container virtualization"; homepage = http://firecracker-microvm.io; license = licenses.asl20; - platforms = [ "x86_64-linux" ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; maintainers = with maintainers; [ thoughtpolice ]; }; } diff --git a/pkgs/applications/virtualization/firectl/default.nix b/pkgs/applications/virtualization/firectl/default.nix new file mode 100644 index 00000000000..1f74318f2dd --- /dev/null +++ b/pkgs/applications/virtualization/firectl/default.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "firectl"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "firecracker-microvm"; + repo = pname; + rev = "v${version}"; + sha256 = "1ni3yx4rjhrkqk2038c6hkb2jwsdj2llx233wd5wgpvb6c57652p"; + }; + + modSha256 = "1nqjz1afklcxc3xcpmygjdh3lfxjk6zvmghr8z8fr3nw2wvw2ddr"; + + meta = with stdenv.lib; { + description = "A command-line tool to run Firecracker microVMs"; + homepage = https://github.com/firecracker-microvm/firectl; + license = licenses.asl20; + platforms = platforms.linux; + maintainers = with maintainers; [ xrelkd ]; + }; +} diff --git a/pkgs/applications/virtualization/lkl/default.nix b/pkgs/applications/virtualization/lkl/default.nix index 318929eb225..cd6600387cd 100644 --- a/pkgs/applications/virtualization/lkl/default.nix +++ b/pkgs/applications/virtualization/lkl/default.nix @@ -3,8 +3,8 @@ stdenv.mkDerivation rec { pname = "lkl"; - version = "2019-06-20"; - rev = "0a4ebeadad12b94db665b8daf30e44e949a02d90"; + version = "2019-10-04"; + rev = "06ca3ddb74dc5b84fa54fa1746737f2df502e047"; outputs = [ "dev" "lib" "out" ]; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { inherit rev; owner = "lkl"; repo = "linux"; - sha256 = "09y9ci3j0lp3z74h577ng2s9a4n4glqpqndyc9iy6wdqaj764gm6"; + sha256 = "0qjp0r338bwgrqdsvy5mkdh7ryas23m47yvxfwdknfyl0k3ylq62"; }; # Fix a /usr/bin/env reference in here that breaks sandboxed builds diff --git a/pkgs/applications/virtualization/open-vm-tools/default.nix b/pkgs/applications/virtualization/open-vm-tools/default.nix index ee241abda7f..49e77a5ec9d 100644 --- a/pkgs/applications/virtualization/open-vm-tools/default.nix +++ b/pkgs/applications/virtualization/open-vm-tools/default.nix @@ -46,6 +46,10 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # igrone glib-2.62 deprecations + # Drop in next stable release. + NIX_CFLAGS_COMPILE = [ "-DGLIB_DISABLE_DEPRECATION_WARNINGS" ]; + postInstall = '' wrapProgram "$out/etc/vmware-tools/scripts/vmware/network" \ --prefix PATH ':' "${lib.makeBinPath [ iproute dbus systemd which ]}" diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index ff768cb7878..9d94ced0bf2 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -5,21 +5,19 @@ buildGoPackage rec { pname = "podman"; - version = "1.5.1"; + version = "1.6.3"; src = fetchFromGitHub { owner = "containers"; repo = "libpod"; rev = "v${version}"; - sha256 = "1jg7fdshqz0x71339i0wndskb17x1k5rwpkjiwd463f96fnbfp4x"; + sha256 = "0y87pylpff2xl796n5s2vrm90pspzqfw8h4a5gndn1mx18s09s69"; }; goPackagePath = "github.com/containers/libpod"; outputs = [ "bin" "out" "man" ]; - # Optimizations break compilation of libseccomp c bindings - hardeningDisable = [ "fortify" ]; nativeBuildInputs = [ pkgconfig go-md2man ]; buildInputs = [ btrfs-progs libseccomp gpgme lvm2 systemd ]; diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index d64baca2cc7..f90873c6e33 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -35,16 +35,15 @@ let in stdenv.mkDerivation rec { - version = "4.0.0"; - name = "qemu-" - + stdenv.lib.optionalString xenSupport "xen-" - + stdenv.lib.optionalString hostCpuOnly "host-cpu-only-" - + stdenv.lib.optionalString nixosTestRunner "for-vm-tests-" - + version; + version = "4.1.0"; + pname = "qemu" + + stdenv.lib.optionalString xenSupport "-xen" + + stdenv.lib.optionalString hostCpuOnly "-host-cpu-only" + + stdenv.lib.optionalString nixosTestRunner "-for-vm-tests"; src = fetchurl { url = "https://wiki.qemu.org/download/qemu-${version}.tar.bz2"; - sha256 = "085g6f75si8hbn94mnnjn1r7ysixn5bqj4bhqwvadj00fhzp2zvd"; + sha256 = "1bpl6hwiw1jdxk4xmqp10qgki0dji0l2rzr10dyhyk8d85vxxw29"; }; nativeBuildInputs = [ python python.pkgs.sphinx pkgconfig flex bison ]; @@ -78,11 +77,6 @@ stdenv.mkDerivation rec { ./no-etc-install.patch ./fix-qemu-ga.patch ./9p-ignore-noatime.patch - (fetchpatch { - url = "https://git.qemu.org/?p=qemu.git;a=patch;h=d52680fc932efb8a2f334cc6993e705ed1e31e99"; - name = "CVE-2019-12155.patch"; - sha256 = "0h2q71mcz3gvlrbfkqcgla74jdg73hvzcrwr4max2ckpxx8x9207"; - }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optionals stdenv.hostPlatform.isMusl [ (fetchpatch { diff --git a/pkgs/applications/virtualization/qemu/no-etc-install.patch b/pkgs/applications/virtualization/qemu/no-etc-install.patch index 37c12ddbfeb..57e190f5ae7 100644 --- a/pkgs/applications/virtualization/qemu/no-etc-install.patch +++ b/pkgs/applications/virtualization/qemu/no-etc-install.patch @@ -1,25 +1,13 @@ -From 98b3e5993bbdb0013b6cc1814e0ad9555290c3af Mon Sep 17 00:00:00 2001 -From: Will Dietz <w@wdtz.org> -Date: Tue, 23 Apr 2019 21:31:45 -0500 -Subject: [PATCH] no install localstatedir - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - diff --git a/Makefile b/Makefile -index 04a0d45050..5dc82d0eb7 100644 +index 85862fb8..ed52c5ec 100644 --- a/Makefile +++ b/Makefile -@@ -786,7 +786,7 @@ endif +@@ -841,7 +841,7 @@ endif ICON_SIZES=16x16 24x24 32x32 48x48 64x64 128x128 256x256 512x512 --install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir -+install: all $(if $(BUILD_DOCS),install-doc) install-datadir +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir \ ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir \ + $(if $(INSTALL_BLOBS),$(edk2-decompressed)) \ + recurse-install ifneq ($(TOOLS),) - $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) - endif --- -2.21.GIT - diff --git a/pkgs/applications/virtualization/qemu/utils.nix b/pkgs/applications/virtualization/qemu/utils.nix new file mode 100644 index 00000000000..430d7122179 --- /dev/null +++ b/pkgs/applications/virtualization/qemu/utils.nix @@ -0,0 +1,16 @@ +{ stdenv, qemu }: + +stdenv.mkDerivation rec { + name = "qemu-utils-${version}"; + version = qemu.version; + + buildInputs = [ qemu ]; + unpackPhase = "true"; + + installPhase = '' + mkdir -p "$out/bin" + cp "${qemu}/bin/qemu-img" "$out/bin/qemu-img" + cp "${qemu}/bin/qemu-io" "$out/bin/qemu-io" + cp "${qemu}/bin/qemu-nbd" "$out/bin/qemu-nbd" + ''; +} diff --git a/pkgs/applications/virtualization/runc/default.nix b/pkgs/applications/virtualization/runc/default.nix index 6357f9fadff..c850a18c867 100644 --- a/pkgs/applications/virtualization/runc/default.nix +++ b/pkgs/applications/virtualization/runc/default.nix @@ -5,13 +5,13 @@ with lib; buildGoPackage rec { pname = "runc"; - version = "1.0.0-rc8"; + version = "1.0.0-rc9"; src = fetchFromGitHub { owner = "opencontainers"; repo = "runc"; rev = "v${version}"; - sha256 = "05s4p12mgmdcy7gjralh41wlgds6m69zdgwbpdn1xjj2487dmhxf"; + sha256 = "1ss5b46cbbckyqlwgj8dbd5l59c5y0kp679hcpc0ybaj53pmwxj7"; }; goPackagePath = "github.com/opencontainers/runc"; @@ -53,7 +53,7 @@ buildGoPackage rec { homepage = https://runc.io/; description = "A CLI tool for spawning and running containers according to the OCI specification"; license = licenses.asl20; - maintainers = with maintainers; [ offline vdemeester ]; + maintainers = with maintainers; [ offline vdemeester saschagrunert ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/virtualization/spike/default.nix b/pkgs/applications/virtualization/spike/default.nix new file mode 100644 index 00000000000..4dbb7fbe4a5 --- /dev/null +++ b/pkgs/applications/virtualization/spike/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchgit, dtc }: + +stdenv.mkDerivation rec { + pname = "spike"; + version = "1.0.0"; + + src = fetchgit { + url = "https://github.com/riscv/riscv-isa-sim.git"; + rev = "v${version}"; + sha256 = "1hcl01nj96s3rkz4mrq747s5lkw81lgdjdimb8b1b9h8qnida7ww"; + }; + + nativeBuildInputs = [ dtc ]; + enableParallelBuilding = true; + + patchPhase = '' + patchShebangs scripts/*.sh + patchShebangs tests/ebreak.py + ''; + + doCheck = true; + + meta = with stdenv.lib; { + description = "A RISC-V ISA Simulator"; + homepage = "https://github.com/riscv/riscv-isa-sim"; + license = licenses.bsd3; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ blitz ]; + }; +} diff --git a/pkgs/applications/virtualization/umoci/default.nix b/pkgs/applications/virtualization/umoci/default.nix new file mode 100644 index 00000000000..245bb841af6 --- /dev/null +++ b/pkgs/applications/virtualization/umoci/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + pname = "umoci"; + version = "0.4.4"; + + goPackagePath = "github.com/openSUSE/umoci"; + + src = fetchFromGitHub { + owner = "openSUSE"; + repo = "umoci"; + rev = "v${version}"; + sha256 = "1mmk9y6xk0qk5rgysmm7x16b025zzwa2sd13jd32drd48scai2dw"; + }; + + meta = with stdenv.lib; { + description = "umoci modifies Open Container images"; + homepage = https://umo.ci; + license = licenses.asl20; + maintainers = with maintainers; [ zokrezyl ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/virtualization/virt-top/default.nix b/pkgs/applications/virtualization/virt-top/default.nix index 9fc167f5e9d..f32a2a6ce1c 100644 --- a/pkgs/applications/virtualization/virt-top/default.nix +++ b/pkgs/applications/virtualization/virt-top/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchgit, ocamlPackages, autoreconfHook }: -stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "virt-top"; - version = "2017-11-18-unstable"; + version = "1.0.9"; src = fetchgit { - url = git://git.annexia.org/git/virt-top.git; - rev = "18a751d8c26548bb090ff05e30ccda3092e3373b"; - sha256 = "0c4whjvw7p3yvd476i4ppdhi8j821r5y6caqrj2v9dc181cnp01i"; + url = git://git.annexia.org/virt-top.git; + rev = "v${version}"; + sha256 = "0m7pm8lzlpngsj0vjv0hg8l9ck3gvwpva7r472f8f03xpjffwiga"; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/applications/virtualization/virt-what/default.nix b/pkgs/applications/virtualization/virt-what/default.nix index 7ea83b01559..f3004267ed7 100644 --- a/pkgs/applications/virtualization/virt-what/default.nix +++ b/pkgs/applications/virtualization/virt-what/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "virt-what"; - version = "1.19"; + version = "1.20"; src = fetchurl { url = "https://people.redhat.com/~rjones/virt-what/files/${pname}-${version}.tar.gz"; - sha256 = "00nhwly5q0ps8yv9cy3c2qp8lfshf3s0kdpwiy5zwk3g77z96rwk"; + sha256 = "1s0hg5w47gmnllbs935bx21k3zqrgvqx1wn0zzij2lfxkb9dq4zr"; }; meta = with lib; { diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index ac52b83e43d..addcf125e27 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -21,8 +21,8 @@ let buildType = "release"; # Remember to change the extpackRev and version in extpack.nix and # guest-additions/default.nix as well. - main = "1y6j73axjns8ng3m8zs31zwx71wmm91n6vrhdpxphx16jf518djj"; - version = "6.0.10"; + main = "1hxbvr78b0fddcn7npz72ki89lpmbgqj4b5qvxm1wik7v0d8v1y8"; + version = "6.0.12"; in stdenv.mkDerivation { pname = "virtualbox"; inherit version; @@ -92,6 +92,9 @@ in stdenv.mkDerivation { }) ++ [ ./qtx11extras.patch + # Kernel 5.3 fix, should be fixed with VirtualBox 6.0.14 + # https://www.virtualbox.org/ticket/18911 + ./kernel-5.3-fix.patch ]; postPatch = '' diff --git a/pkgs/applications/virtualization/virtualbox/extpack.nix b/pkgs/applications/virtualization/virtualbox/extpack.nix index 8c9f1aea7ba..56400a75945 100644 --- a/pkgs/applications/virtualization/virtualbox/extpack.nix +++ b/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -2,7 +2,7 @@ with lib; -let version = "6.0.10"; +let version = "6.0.12"; in fetchurl rec { name = "Oracle_VM_VirtualBox_Extension_Pack-${version}.vbox-extpack"; @@ -11,7 +11,7 @@ fetchurl rec { # Manually sha256sum the extensionPack file, must be hex! # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS - let value = "e5a9eb240379a57c9bf03954a594a03431698e67aef551e27f62170bed9b16ea"; + let value = "27a0956940654b0accf4d79692078bd496d9f062e4ed3da69e5421cba8d1e444"; in assert (builtins.stringLength value) == 64; value; meta = { diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix index e7f6fad79f9..af247af0051 100644 --- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix +++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -1,9 +1,9 @@ { stdenv, fetchurl, lib, patchelf, cdrkit, kernel, which, makeWrapper -, zlib, xorg, dbus, virtualbox }: +, zlib, xorg, dbus, virtualbox, dos2unix }: let version = virtualbox.version; - xserverVListFunc = builtins.elemAt (stdenv.lib.splitString "." xorg.xorgserver.version); + xserverVListFunc = builtins.elemAt (stdenv.lib.splitVersion xorg.xorgserver.version); # Forced to 1.18 in <nixpkgs/nixos/modules/services/x11/xserver.nix> # as it even fails to build otherwise. Still, override this even here, @@ -12,22 +12,26 @@ let # It's likely to work again in some future update. xserverABI = let abi = xserverVListFunc 0 + xserverVListFunc 1; in if abi == "119" || abi == "120" then "118" else abi; -in -stdenv.mkDerivation { + # Specifies how to patch binaries to make sure that libraries loaded using + # dlopen are found. We grep binaries for specific library names and patch + # RUNPATH in matching binaries to contain the needed library paths. + dlopenLibs = [ + { name = "libdbus-1.so"; pkg = dbus; } + { name = "libXfixes.so"; pkg = xorg.libXfixes; } + ]; + +in stdenv.mkDerivation { name = "VirtualBox-GuestAdditions-${version}-${kernel.version}"; src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; - sha256 = "098kibz8dkiqd8shm44n4h6iyszcbj0ikav1b4vsi75dqzw8d9n8"; + sha256 = "0hflsbx70dli34mpx94vd33p55ycfs3ahzwcdzqxdiwiiskjpykq"; }; KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include"; - # If you add a patch you probably need this. - #patchFlags = [ "-p1" "-d" "install/src/vboxguest-${version}" ]; - hardeningDisable = [ "pic" ]; NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration"; @@ -35,10 +39,24 @@ stdenv.mkDerivation { nativeBuildInputs = [ patchelf makeWrapper ]; buildInputs = [ cdrkit ] ++ kernel.moduleBuildDependencies; + + prePatch = '' + substituteInPlace src/vboxguest-${version}/vboxvideo/vbox_ttm.c \ + --replace "<ttm/" "<drm/ttm/" + ${dos2unix}/bin/dos2unix src/vboxguest-${version}/vboxguest/r0drv/linux/mp-r0drv-linux.c + ''; + + patchFlags = [ "-p1" "-d" "src/vboxguest-${version}" ]; + # Kernel 5.3 fix, should be fixed with VirtualBox 6.0.14 + # https://www.virtualbox.org/ticket/18911 + patches = [ ./kernel-5.3-fix.patch ]; + unpackPhase = '' ${if stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux" then '' isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run chmod 755 ./VBoxLinuxAdditions.run + # An overflow leads the is-there-enough-space check to fail when there's too much space available, so fake how much space there is + sed -i 's/\$leftspace/16383/' VBoxLinuxAdditions.run ./VBoxLinuxAdditions.run --noexec --keep '' else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") @@ -129,13 +147,13 @@ stdenv.mkDerivation { # Stripping breaks these binaries for some reason. dontStrip = true; - # Some code dlopen() libdbus, patch RUNPATH in fixupPhase so it isn't stripped. - postFixup = '' - for i in $(grep -F libdbus-1.so -l -r $out/{lib,bin}); do + # Patch RUNPATH according to dlopenLibs (see the comment there). + postFixup = lib.concatMapStrings (library: '' + for i in $(grep -F ${lib.escapeShellArg library.name} -l -r $out/{lib,bin}); do origRpath=$(patchelf --print-rpath "$i") - patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ dbus ]}" "$i" + patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ library.pkg ]}" "$i" done - ''; + '') dlopenLibs; meta = { description = "Guest additions for VirtualBox"; diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/kernel-5.3-fix.patch b/pkgs/applications/virtualization/virtualbox/guest-additions/kernel-5.3-fix.patch new file mode 100644 index 00000000000..0bdd9ec1056 --- /dev/null +++ b/pkgs/applications/virtualization/virtualbox/guest-additions/kernel-5.3-fix.patch @@ -0,0 +1,50 @@ +--- a/vboxguest/r0drv/linux/mp-r0drv-linux.c ++++ a/vboxguest/r0drv/linux/mp-r0drv-linux.c +@@ -283,12 +283,15 @@ + if (RTCpuSetCount(&OnlineSet) > 1) + { + /* Fire the function on all other CPUs without waiting for completion. */ +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0) ++ smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* wait */); ++# elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) + int rc = smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* wait */); ++ Assert(!rc); NOREF(rc); + # else + int rc = smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* retry */, 0 /* wait */); +-# endif + Assert(!rc); NOREF(rc); ++# endif + } + #endif + +@@ -326,7 +329,6 @@ + { + #ifdef CONFIG_SMP + IPRT_LINUX_SAVE_EFL_AC(); +- int rc; + RTMPARGS Args; + + RTTHREADPREEMPTSTATE PreemptState = RTTHREADPREEMPTSTATE_INITIALIZER; +@@ -337,14 +339,17 @@ + Args.cHits = 0; + + RTThreadPreemptDisable(&PreemptState); +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) +- rc = smp_call_function(rtmpLinuxWrapper, &Args, 1 /* wait */); ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0) ++ smp_call_function(rtmpLinuxWrapper, &Args, 1 /* wait */); ++# elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) ++ int rc = smp_call_function(rtmpLinuxWrapper, &Args, 1 /* wait */); ++ Assert(rc == 0); NOREF(rc); + # else /* older kernels */ +- rc = smp_call_function(rtmpLinuxWrapper, &Args, 0 /* retry */, 1 /* wait */); ++ int rc = smp_call_function(rtmpLinuxWrapper, &Args, 0 /* retry */, 1 /* wait */); ++ Assert(rc == 0); NOREF(rc); + # endif /* older kernels */ + RTThreadPreemptRestore(&PreemptState); + +- Assert(rc == 0); NOREF(rc); + IPRT_LINUX_RESTORE_EFL_AC(); + #else + RT_NOREF(pfnWorker, pvUser1, pvUser2); diff --git a/pkgs/applications/virtualization/virtualbox/kernel-5.3-fix.patch b/pkgs/applications/virtualization/virtualbox/kernel-5.3-fix.patch new file mode 100644 index 00000000000..ba9c7c941db --- /dev/null +++ b/pkgs/applications/virtualization/virtualbox/kernel-5.3-fix.patch @@ -0,0 +1,72 @@ +--- a/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c ++++ b/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c +@@ -2123,7 +2123,9 @@ + #endif + if (in_dev != NULL) + { +- for_ifa(in_dev) { ++ struct in_ifaddr *ifa; ++ ++ for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) { + if (VBOX_IPV4_IS_LOOPBACK(ifa->ifa_address)) + return NOTIFY_OK; + +@@ -2137,7 +2139,7 @@ + + pThis->pSwitchPort->pfnNotifyHostAddress(pThis->pSwitchPort, + /* :fAdded */ true, kIntNetAddrType_IPv4, &ifa->ifa_address); +- } endfor_ifa(in_dev); ++ } + } + + /* +--- a/src/VBox/Runtime/r0drv/linux/mp-r0drv-linux.c ++++ a/src/VBox/Runtime/r0drv/linux/mp-r0drv-linux.c +@@ -283,12 +283,15 @@ + if (RTCpuSetCount(&OnlineSet) > 1) + { + /* Fire the function on all other CPUs without waiting for completion. */ +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0) ++ smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* wait */); ++# elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) + int rc = smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* wait */); ++ Assert(!rc); NOREF(rc); + # else + int rc = smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* retry */, 0 /* wait */); +-# endif + Assert(!rc); NOREF(rc); ++# endif + } + #endif + +@@ -326,7 +329,6 @@ + { + #ifdef CONFIG_SMP + IPRT_LINUX_SAVE_EFL_AC(); +- int rc; + RTMPARGS Args; + + RTTHREADPREEMPTSTATE PreemptState = RTTHREADPREEMPTSTATE_INITIALIZER; +@@ -337,14 +339,17 @@ + Args.cHits = 0; + + RTThreadPreemptDisable(&PreemptState); +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) +- rc = smp_call_function(rtmpLinuxWrapper, &Args, 1 /* wait */); ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0) ++ smp_call_function(rtmpLinuxWrapper, &Args, 1 /* wait */); ++# elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) ++ int rc = smp_call_function(rtmpLinuxWrapper, &Args, 1 /* wait */); ++ Assert(rc == 0); NOREF(rc); + # else /* older kernels */ +- rc = smp_call_function(rtmpLinuxWrapper, &Args, 0 /* retry */, 1 /* wait */); ++ int rc = smp_call_function(rtmpLinuxWrapper, &Args, 0 /* retry */, 1 /* wait */); ++ Assert(rc == 0); NOREF(rc); + # endif /* older kernels */ + RTThreadPreemptRestore(&PreemptState); + +- Assert(rc == 0); NOREF(rc); + IPRT_LINUX_RESTORE_EFL_AC(); + #else + RT_NOREF(pfnWorker, pvUser1, pvUser2); diff --git a/pkgs/applications/virtualization/x11docker/default.nix b/pkgs/applications/virtualization/x11docker/default.nix index ea8a24e57a3..c57a7f6e771 100644 --- a/pkgs/applications/virtualization/x11docker/default.nix +++ b/pkgs/applications/virtualization/x11docker/default.nix @@ -1,26 +1,22 @@ -{ stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg }: +{ stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg, getopt, gnugrep, gawk, ps, mount, iproute }: stdenv.mkDerivation rec { pname = "x11docker"; - version = "6.0.0"; + version = "6.3.0"; src = fetchFromGitHub { owner = "mviereck"; repo = "x11docker"; rev = "v${version}"; - sha256 = "1sfdxlh50hv8j3dj5bphihqdyf8s7ixm6ckrmvqgr2y3gak1y840"; + sha256 = "0x2sx41y3ylzg511x52k3wh8mfbzp4ialpas6sn4ccagqxh2hc4y"; }; nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ nx-libs xorg.xhost xorg.xinit ]; dontBuild = true; - PATH_PREFIX = "${nx-libs}/bin:${xorg.xdpyinfo}/bin:${xorg.xhost}/bin:${xorg.xinit}/bin"; - + # Don't install `x11docker-gui`, because requires `kaptain` dependency installPhase = '' install -D x11docker "$out/bin/x11docker"; - #install -D x11docker-gui "$out/bin/x11docker-gui"; - wrapProgram "$out/bin/x11docker" --prefix PATH : "${PATH_PREFIX}" - #wrapProgram "$out/bin/x11docker-gui" --prefix PATH : "${PATH_PREFIX}" - # GUI disabled because of missing `kaptain` dependency + wrapProgram "$out/bin/x11docker" \ + --prefix PATH : "${stdenv.lib.makeBinPath [ getopt gnugrep gawk ps mount iproute nx-libs xorg.xdpyinfo xorg.xhost xorg.xinit ]}" ''; meta = { @@ -28,5 +24,6 @@ stdenv.mkDerivation rec { homepage = https://github.com/mviereck/x11docker; license = stdenv.lib.licenses.mit; maintainers = with stdenv.lib.maintainers; [ jD91mZM2 ]; + platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/applications/virtualization/xen/4.10.nix b/pkgs/applications/virtualization/xen/4.10.nix index 042b01e8678..d3c2ed9060c 100644 --- a/pkgs/applications/virtualization/xen/4.10.nix +++ b/pkgs/applications/virtualization/xen/4.10.nix @@ -38,11 +38,11 @@ let in callPackage (import ./generic.nix (rec { - version = "4.10.0"; + version = "4.10.4"; src = fetchurl { url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; - sha256 = "0i38ap5b5m1kix6xb0vn9ya1yab35adyc98bzfnbq4lb7w1afqh2"; + sha256 = "0ipkr7b3v3y183n6nfmz7q3gnzxa20011df4jpvxi6pmr8cpnkwh"; }; # Sources needed to build tools and firmwares. @@ -52,12 +52,9 @@ callPackage (import ./generic.nix (rec { url = https://xenbits.xen.org/git-http/qemu-xen.git; # rev = "refs/tags/qemu-xen-${version}"; # use revision hash - reproducible but must be updated with each new version - rev = "b79708a8ed1b3d18bee67baeaf33b3fa529493e2"; - sha256 = "1yxxad6nvlfmrbgyc8ix19qmrsn1rx4zpyiqnfi4x4kg94acwa5w"; + rev = "qemu-xen-${version}"; + sha256 = "0laxvhdjz1njxjvq3jzw2yqvdr9gdn188kqjf2gcrfzgih7xv2ym"; }; - patches = [ - qemuMemfdBuildFix - ]; buildInputs = qemuDeps; postPatch = '' # needed in build but /usr/bin/env is not available in sandbox @@ -151,17 +148,16 @@ callPackage (import ./generic.nix (rec { ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" ++ optional (withInternalOVMF) "--enable-ovmf"; - patches = with xsa; flatten [ - XSA_252 - XSA_253 - XSA_255_1 - XSA_255_2 - XSA_256 + NIX_CFLAGS_COMPILE = [ + # Fix build on Glibc 2.24. + "-Wno-error=deprecated-declarations" + # Fix build with GCC 8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" ]; - # Fix build on Glibc 2.24. - NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; - postPatch = '' # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. sed 1i'#include <sys/sysmacros.h>' \ diff --git a/pkgs/applications/virtualization/xen/4.8.nix b/pkgs/applications/virtualization/xen/4.8.nix index 1608fabf4b2..c7568d99062 100644 --- a/pkgs/applications/virtualization/xen/4.8.nix +++ b/pkgs/applications/virtualization/xen/4.8.nix @@ -167,8 +167,15 @@ callPackage (import ./generic.nix (rec { xenpmdpatch ]; - # Fix build on Glibc 2.24. - NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + NIX_CFLAGS_COMPILE = [ + # Fix build on Glibc 2.24 + "-Wno-error=deprecated-declarations" + # Fix build with GCC8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" + ]; postPatch = '' # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. diff --git a/pkgs/applications/virtualization/xen/xsa-patches.nix b/pkgs/applications/virtualization/xen/xsa-patches.nix index de692820d8f..26cdbc1f65f 100644 --- a/pkgs/applications/virtualization/xen/xsa-patches.nix +++ b/pkgs/applications/virtualization/xen/xsa-patches.nix @@ -66,30 +66,12 @@ in { sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f"; }); - # 4.8 - XSA_202 = (xsaPatch { - name = "202"; - sha256 = "0j1d5akcjgx8w2c6w6p9znv77fkmps0880m2xgpbgs1ra9grshm1"; - }); - - # 4.8 - XSA_203 = (xsaPatch { - name = "203"; - sha256 = "1s1q7xskvpg87ivwfaiqr0cj3ajdkhkhpmpikfkvq127h8hhmd8j"; - }); - # 4.5 XSA_204_45 = (xsaPatch { name = "204-4.5"; sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp"; }); - # 4.8 - XSA_204 = (xsaPatch { - name = "204-4.8"; - sha256 = "0rs498s4w2alz3h6jhlr2y0ni630vhggmxbrd1p1p3gcv8p6zzrr"; - }); - # 4.5 XSA_206_45 = [ (xsaPatch { @@ -190,86 +172,12 @@ in { }) ]; - # 4.8 - XSA_206 = [ - (xsaPatch { - name = "206-4.8/0001-xenstored-apply-a-write-transaction-rate-limit"; - sha256 = "1c81d93i3qx7l38f9af0sd84w5x51zvn262mzl25ilcklql4kzl6"; - }) - (xsaPatch { - name = "206-4.8/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; - sha256 = "0b8iw409wi1x6p0swpnr51lcdlla1lgxjv5f910sj4wl96bca84q"; - }) - (xsaPatch { - name = "206-4.8/0003-oxenstored-comments-explaining-some-variables"; - sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; - }) - (xsaPatch { - name = "206-4.8/0004-oxenstored-handling-of-domain-conflict-credit"; - sha256 = "020rw7hgc0dmhr4admz91kd99b4z1bdpji47nsy1255bjgvwc01k"; - }) - (xsaPatch { - name = "206-4.8/0005-oxenstored-ignore-domains-with-no-conflict-credit"; - sha256 = "1ilhcgyn803bxvfbqv0ihfrh9jfpp0lidkv7i4613f9v9vjm8q0h"; - }) - (xsaPatch { - name = "206-4.8/0006-oxenstored-add-transaction-info-relevant-to-history-"; - sha256 = "1dbd9pzda6hn9wj9pck44dlgz9nxvch3bzgrpaivanww8llxdfzz"; - }) - (xsaPatch { - name = "206-4.8/0007-oxenstored-support-commit-history-tracking"; - sha256 = "1jfr56c22fqkhj6fnv1ha7zsid86zm9l0nihpb8m932xgc4a6h9h"; - }) - (xsaPatch { - name = "206-4.8/0008-oxenstored-only-record-operations-with-side-effects-"; - sha256 = "1y845hj8krjdrirbd2jx4jqgnylwjv7bxnk7474lkld5kdnlbjyf"; - }) - (xsaPatch { - name = "206-4.8/0009-oxenstored-discard-old-commit-history-on-txn-end"; - sha256 = "1lcr9gz2b77x74sr1flfymyyz4xzs04iv88rc1633ibyqxmvk0lx"; - }) - (xsaPatch { - name = "206-4.8/0010-oxenstored-track-commit-history"; - sha256 = "1qwnivak4y038mpby75aaz0y70r0l3yc3hsz6wl5x0b74q6yy0ja"; - }) - (xsaPatch { - name = "206-4.8/0011-oxenstored-blame-the-connection-that-caused-a-transa"; - sha256 = "0p2w5ddyhc6d95dnlxzc5k77j063p02d53ab7m7ijfm7m6gknq8y"; - }) - (xsaPatch { - name = "206-4.8/0012-oxenstored-allow-self-conflicts"; - sha256 = "1571l81m30cbmqm4pk33q33p3dy58sfy2lnkl2wbgl2b3mkk657l"; - }) - (xsaPatch { - name = "206-4.8/0013-oxenstored-do-not-commit-read-only-transactions"; - sha256 = "15985wl635w22dddjyx5l97b5p6m55mzv5ygk7xr0jx7mi192f9x"; - }) - (xsaPatch { - name = "206-4.8/0014-oxenstored-don-t-wake-to-issue-no-conflict-credit"; - sha256 = "08672w4gaf2n3r8xy09h874gh5lg2vnrkjzq6xzvzdhdl092mipw"; - }) - (xsaPatch { - name = "206-4.8/0015-oxenstored-transaction-conflicts-improve-logging"; - sha256 = "0ck98ms0py8wjsc38pbx6222x7n6l90zckfa7m7nnszsyc0sxxad"; - }) - (xsaPatch { - name = "206-4.8/0016-oxenstored-trim-history-in-the-frequent_ops-function"; - sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; - }) - ]; - # 4.5 - 4.8 XSA_207 = (xsaPatch { name = "207"; sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc"; }); - # 4.8 - XSA_210 = (xsaPatch { - name = "210"; - sha256 = "02mykxqxnsrd0sr4ij022j8y7618wzi2a6j6j761vx8qgmh11xai"; - }); - # 4.5 - 4.8 XSA_212 = (xsaPatch { name = "212"; @@ -282,12 +190,6 @@ in { sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm"; }); - # 4.8 - XSA_213 = (xsaPatch { - name = "213-4.8"; - sha256 = "0ia3zr6r3bqy2h48fdy7p0iz423lniy3i0qkdvzgv5a8m80darr2"; - }); - # 4.5 - 4.8 XSA_214 = (xsaPatch { name = "214"; @@ -306,12 +208,6 @@ in { sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4"; }); - # 4.6 - 4.8 - XSA_217 = (xsaPatch { - name = "217"; - sha256 = "1khs5ilif14dzcm7lmikjzkwsrfzlmir1rgrgzkc411gf18ylzmj"; - }); - # 4.5 XSA_218_45 = [ (xsaPatch { @@ -332,46 +228,18 @@ in { }) ]; - # 4.8 - XSA_218 = [ - (xsaPatch { - name = "218-4.8/0001-gnttab-fix-unmap-pin-accounting-race"; - sha256 = "0r363frai239r2wmwxi48kcr50gbk5l64nja0h9lppi3z2y3dkdd"; - }) - (xsaPatch { - name = "218-4.8/0002-gnttab-Avoid-potential-double-put-of-maptrack-entry"; - sha256 = "07wm06i7frv7bsaykakx3g9h0hfqv96zcadvwf6wv194dggq1plc"; - }) - (xsaPatch { - name = "218-4.8/0003-gnttab-correct-maptrack-table-accesses"; - sha256 = "0ad0irc3p4dmla8sp3frxbh2qciji1dipkslh0xqvy2hyf9p80y9"; - }) - ]; - # 4.5 XSA_219_45 = (xsaPatch { name = "219-4.5"; sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm"; }); - # 4.8 - XSA_219 = (xsaPatch { - name = "219-4.8"; - sha256 = "16q7kiamy86x8qdvls74wmq5j72kgzgdilryig4q1b21mp0ij1jq"; - }); - # 4.5 XSA_220_45 = (xsaPatch { name = "220-4.5"; sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp"; }); - # 4.8 - XSA_220 = (xsaPatch { - name = "220-4.8"; - sha256 = "0214qyqx7qap5y1pdi9fm0vz4y2fbyg71gaq36fisknj35dv2mh5"; - }); - # 4.5 - 4.8 XSA_221 = (xsaPatch { name = "221"; @@ -390,18 +258,6 @@ in { }) ]; - # 4.8 - XSA_222 = [ - (xsaPatch { - name = "222-1"; - sha256 = "0x02x4kqwfw255638fh2zcxwig1dy6kadlmqim1jgnjgmrvvqas2"; - }) - (xsaPatch { - name = "222-2-4.8"; - sha256 = "1xhyp6q3c5l8djh965g1i8201m2wvhms8k886h4sn30hks38giin"; - }) - ]; - # 4.5 - 4.8 XSA_223 = (xsaPatch { name = "223"; @@ -428,32 +284,6 @@ in { }) ]; - # 4.8 - XSA_224 = [ - (xsaPatch { - name = "224-4.8/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; - sha256 = "1k326yan5811qzyvpdfkv801a19nyd09nsqayi8gyh58xx9c21m4"; - }) - (xsaPatch { - name = "224-4.8/0002-gnttab-never-create-host-mapping-unless-asked-to"; - sha256 = "06nj1x59bbx9hrj26xmvbw8z805lfqhld9hm0ld0fs6dmcpqzcck"; - }) - (xsaPatch { - name = "224-4.8/0003-gnttab-correct-logic-to-get-page-references-during-m"; - sha256 = "0kmag6fdsskgplcvzqp341yfi6pgc14wvjj58bp7ydb9hdk53qx2"; - }) - (xsaPatch { - name = "224-4.8/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; - sha256 = "1ww80pi7jr4gjpymkcw8qxmr5as18b2asdqv35527nqprylsff9f"; - }) - ]; - - # 4.6 - 4.8 - XSA_225 = (xsaPatch { - name = "225"; - sha256 = "0lcp2bs0r849xnvhrdf8s821v36cqdbzk8lwz6chrjhjalk6ha2g"; - }); - # 4.5 XSA_226_45 = [ (xsaPatch { @@ -466,42 +296,12 @@ in { }) ]; - # 4.8 - 4.9 - XSA_226 = [ - (xsaPatch { - name = "226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; - sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; - }) - (xsaPatch { - name = "226-4.9/0002-gnttab-fix-transitive-grant-handling"; - sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; - }) - ]; - # 4.5 XSA_227_45 = (xsaPatch { name = "227-4.5"; sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8"; }); - # 4.8 - 4.9 - XSA_227 = (xsaPatch { - name = "227"; - sha256 = "0zdcm43i5n08rh7rrnb0fcssvd4fgawwmizsa16w2ak7pzvgmg94"; - }); - - # 4.8 - XSA_228_48 = (xsaPatch { - name = "228-4.8"; - sha256 = "085pnzwyv0rdb51hv5vhbhwfyxl0wg8sxcm912gjq8z7da5cv10n"; - }); - - # 4.9 - XSA_228 = (xsaPatch { - name = "228"; - sha256 = "0c9nvfpnr5ira7ha3fszhvvh71nsxrvmzrab56xwjhl2dbw2yy23"; - }); - # 4.5 - 4.9 XSA_230 = (xsaPatch { name = "230"; @@ -514,12 +314,6 @@ in { sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6"; }); - # 4.8 - 4.9 - XSA_231 = (xsaPatch { - name = "231-4.9"; - sha256 = "09r8xxq2fd52wrk6i0y0sk3nbidfg6pzzrkx327hfmdjj76iyz3b"; - }); - # 4.5 - 4.9 XSA_232 = (xsaPatch { name = "232"; @@ -538,42 +332,18 @@ in { sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f"; }); - # 4.8 - XSA_234_48 = (xsaPatch { - name = "234-4.8"; - sha256 = "08n1pf7z5y67dmay1ap39bi81clgkx82fpmfn7jsh8k4aw94jrsa"; - }); - - # 4.9 - XSA_234 = (xsaPatch { - name = "234-4.9"; - sha256 = "1znmxg432is0virw8321gax8zqq2zcmi2pc5p2j31sixylixsvzx"; - }); - # 4.5 XSA_235_45 = (xsaPatch { name = "235-4.5"; sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff"; }); - # 4.8 - 4.9 - XSA_235 = (xsaPatch { - name = "235-4.9"; - sha256 = "1rj4jkmh79wm30jq9f8x65qv3al8l91zc3m5s23q0x6abn3pfb9z"; - }); - # 4.5 XSA_236_45 = (xsaPatch { name = "236-4.5"; sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz"; }); - # 4.8 - 4.9 - XSA_236 = (xsaPatch { - name = "236-4.9"; - sha256 = "0vqxy7mgflga05l33j3488fwxmdw3p9yxj4ylhk9n3nw8id72ghq"; - }); - # 4.5 XSA_237_45 = [ (xsaPatch { @@ -598,78 +368,18 @@ in { }) ]; - # 4.8 - XSA_237_48 = [ - (xsaPatch { - name = "237-4.8/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; - sha256 = "0qjisp37lwi2611mp7fbbm1s7m0bx726rrg79dnxs2mj0skw59iv"; - }) - (xsaPatch { - name = "237-4.8/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; - sha256 = "05q1dny13jrqhjfwak7r635mqp9chpibjvn8b7d90japc1nzpq62"; - }) - (xsaPatch { - name = "237-4.8/0003-x86-MSI-disallow-redundant-enabling"; - sha256 = "1907lv8nb2zhpb6k6jlw4m0hm0n0lyd69vfr3wpzbc56dn0w7jqd"; - }) - (xsaPatch { - name = "237-4.8/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; - sha256 = "06nrq0bx3p9ipab2r1why6qm4g32dj0x5q24hfkwc6ih0l9xwf8h"; - }) - (xsaPatch { - name = "237-4.8/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; - sha256 = "1nbg7bjw2hv55gnkhf6chkh35va6brs08acq1d5jxncl6kv0amc1"; - }) - ]; - - # 4.9 - XSA_237 = [ - (xsaPatch { - name = "237-4.9/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; - sha256 = "1cbl24mqxa62h0wgsnrpcs6y6vs53znzj7g8dfsbmf74xwrd4px6"; - }) - (xsaPatch { - name = "237-4.9/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; - sha256 = "0p60148j18b78pxz0dx5ymh1gyrhg2cgmxq0jxmbk090bc4jql35"; - }) - (xsaPatch { - name = "237-4.9/0003-x86-MSI-disallow-redundant-enabling"; - sha256 = "1907lv8nb2zhpb6k6jlw4m0hm0n0lyd69vfr3wpzbc56dn0w7jqd"; - }) - (xsaPatch { - name = "237-4.9/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; - sha256 = "0q95z5641amni53agimnzbspva53p0hz5wl16zaz2yhnjasj5pzr"; - }) - (xsaPatch { - name = "237-4.9/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; - sha256 = "0bnqx9w7ppgx8wxj2zw09z0rkv1jzn3r0bd76cz0r22wz29fsdp2"; - }) - ]; - # 4.5 XSA_238_45 = (xsaPatch { name = "238-4.5"; sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z"; }); - # 4.8 - 4.9 - XSA_238 = (xsaPatch { - name = "238"; - sha256 = "1cbmg1bi5ajh7qbwsl92ynaxw2c3p7i24p3wds81r4n93r0y5dxk"; - }); - # 4.5 XSA_239_45 = (xsaPatch { name = "239-4.5"; sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6"; }); - # 4.8 - 4.9 - XSA_239 = (xsaPatch { - name = "239"; - sha256 = "1a9r8j7167s43ds5i7v7mm4y970vjnbhhkrjzpmzlcx8kcz96vh3"; - }); - # 4.5 XSA_240_45 = [ (xsaPatch { @@ -682,42 +392,12 @@ in { }) ]; - # 4.8 - XSA_240_48 = [ - (xsaPatch { - name = "240-4.8/0001-x86-limit-linear-page-table-use-to-a-single-level"; - sha256 = "0m44qhhqk2pdwqg8g28pypqrylq6iw00k9qrzf6qd0iza2y42kgj"; - }) - (xsaPatch { - name = "240-4.8/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; - sha256 = "1jd720wvngj9wq3fprdhakxvqlff0jd8zcx2pd3vsn2qvjbvr2gf"; - }) - ]; - - # 4.9 - XSA_240 = [ - (xsaPatch { - name = "240-4.9/0001-x86-limit-linear-page-table-use-to-a-single-level"; - sha256 = "1759ni80aifakm44g4cc6pnmbcn1xjic8j66fvj0vibm0wqk6xck"; - }) - (xsaPatch { - name = "240-4.9/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; - sha256 = "0g6dpi006p5cjxw5d8h33p0429fdmdm6nqzj0m63ralpqvns3ib5"; - }) - ]; - # 4.5 - 4.8 XSA_241 = (xsaPatch { name = "241-4.8"; sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj"; }); - # 4.9 - XSA_241_49 = (xsaPatch { - name = "241-4.9"; - sha256 = "0xlhin7wkhmlnbp9mqcbq3q4drdwb5la482ja9nwkhi8i867p6wc"; - }); - # 4.5 - 4.9 XSA_242 = (xsaPatch { name = "242-4.9"; @@ -736,30 +416,12 @@ in { }) ]; - # 4.8 - XSA_243_48 = (xsaPatch { - name = "243-4.8"; - sha256 = "1q60zn55l9wpq45nrxh0av59sjz0jg8pkjm1gkyywkdsgg4fg5z4"; - }); - - # 4.9 - XSA_243 = (xsaPatch { - name = "243"; - sha256 = "06fnbnh9zlsbkqih9ipnb7a8gly54m7lp17d854j1r370ad3c4yg"; - }); - # 4.5 XSA_244_45 = (xsaPatch { name = "244-4.5"; sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l"; }); - # 4.8 - 4.9 - XSA_244 = (xsaPatch { - name = "244"; - sha256 = "10308xsgmhb0vg6fk0ql8v94zifv6dcv6vkaicryfp405yj2rzkm"; - }); - # 4.5 - 4.9 XSA_245 = [ (xsaPatch { @@ -780,26 +442,6 @@ in { }) ]; - # 4.8 - 4.9 - XSA_246 = [ - (xsaPatch { - name = "246-4.9"; - sha256 = "0z68vm0z5zvv9gm06pxs9kxq2q9fdbl0l0cm71ggzdplg1vw0snz"; - }) - ]; - - # 4.8 - XSA_247_48 = [ - (xsaPatch { - name = "247-4.8/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; - sha256 = "0kvjrk90n69s721c2qj2df5raml3pjk6bg80aig353p620w6s3xh"; - }) - (xsaPatch { - name = "247-4.8/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; - sha256 = "1s9kv6h6dd8psi5qf5l5gpk9qhq8blckwhl76cjbldcgi6imb3nr"; - }) - ]; - # 4.5 XSA_247_45 = [ (xsaPatch { @@ -820,14 +462,6 @@ in { }) ]; - # 4.8 - XSA_248_48 = [ - (xsaPatch { - name = "248-4.8"; - sha256 = "1ycw29q22ymxg18kxpr5p7vhpmp8klssbp5gq77hspxzz2mb96q1"; - }) - ]; - # 4.5 .. 4.9 XSA_249 = [ (xsaPatch { @@ -835,6 +469,7 @@ in { sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl"; }) ]; + # 4.5 XSA_250_45 = [ (xsaPatch { @@ -842,13 +477,7 @@ in { sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d"; }) ]; - # 4.8 ... - XSA_250 = [ - (xsaPatch { - name = "250"; - sha256 = "1wpigg8kmha57sspqqln3ih9nbczsw6rx3v72mc62lh62qvwd7x8"; - }) - ]; + # 4.5 XSA_251_45 = [ (xsaPatch { @@ -856,81 +485,4 @@ in { sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm"; }) ]; - # 4.8 - XSA_251_48 = [ - (xsaPatch { - name = "251-4.8"; - sha256 = "079wi0j6iydid2zj7k584w2c393kgh588w7sjz2nn4039qn8k9mq"; - }) - ]; - # 4.8 - XSA_252_49 = [ - (xsaPatch { - name = "252-4.9"; - sha256 = "03sbn90nlkk5ba1n168rxjkc7x3mqj7rfqvspbwblmwikfbnms2n"; - }) - ]; - # 4.8 - XSA_255_49_1= [ - (xsaPatch { - name = "255-4.9-1"; - sha256 = "0gbin7yxbkq40lvm3gvj1vffavvbng3zpd2m8l1kqyz0rv4vm9zc"; - }) - ]; - # 4.8 - XSA_255_49_2= [ - (xsaPatch { - name = "255-4.9-2"; - sha256 = "0fyg5nnyfpfr80qq83pr64zjp5w1nx94bdblzsjap8gaqcahyr12"; - }) - ]; - # 4.8 - XSA_256_48= [ - (xsaPatch { - name = "256-4.8"; - sha256 = "1w84f717kxwx0h3rw18r4f8pl0l1h5xlj5fy80sr0ws4xkp1qdn4"; - }) - ]; - - - # 4.10 - XSA_252 = [ - (xsaPatch { - name = "252"; - sha256 = "0v4sg20dnvnwrjh3x69gk81v2kmcql7g2s044vg3wcxhzvij1rrn"; - }) - ]; - - # 4.10 - XSA_253 = [ - (xsaPatch { - name = "253"; - sha256 = "0445vzlzy3gd499xraqh5r4qjar6qr0y3813h22jy1n84nhxz27i"; - }) - ]; - - # 4.10 - XSA_255_1 = [ - (xsaPatch { - name = "255-1"; - sha256 = "05g2f3ji1rrjlw3yw4nrns50pnmsib8ybrf64scr1817mj0q9myr"; - }) - ]; - - # 4.10 - XSA_255_2 = [ - (xsaPatch { - name = "255-2"; - sha256 = "08wbngw5z0f9g8di59hww3hhi7j9z49bpc4xlwn5akfcwbgf0961"; - }) - ]; - - # 4.10 - XSA_256 = [ - (xsaPatch { - name = "256"; - sha256 = "1hicwhbwj6k25px55f4ncx1c5xiihi8pfvsb3kv57k7kaicb7pza"; - }) - ]; - } diff --git a/pkgs/applications/virtualization/xhyve/default.nix b/pkgs/applications/virtualization/xhyve/default.nix index 26b55b364f1..e39877df829 100644 --- a/pkgs/applications/virtualization/xhyve/default.nix +++ b/pkgs/applications/virtualization/xhyve/default.nix @@ -1,12 +1,14 @@ -{ stdenv, lib, fetchurl, Hypervisor, vmnet, xpc, libobjc, zlib }: +{ stdenv, lib, fetchFromGitHub, Hypervisor, vmnet, xpc, libobjc, zlib }: stdenv.mkDerivation rec { pname = "xhyve"; - version = "20190124"; + version = "20191001"; - src = fetchurl { - url = "https://github.com/machyve/xhyve/archive/1dd9a5165848c7ed56dafc41932c553ea56a12af.tar.gz"; - sha256 = "18zd74pd0azf43csbqb14srbyclfgx28dpgm8ygjmbcazbnipc1k"; + src = fetchFromGitHub { + owner = "machyve"; + repo = "xhyve"; + rev = "1f46a3d0bbeb6c90883f302425844fcc3800a776"; + sha256 = "0mm9xa0v6n7xl2qypnppq5abdncd31vffiklrhcrlni5ymyh9ia5"; }; buildInputs = [ Hypervisor vmnet xpc libobjc zlib ]; |