4 files changed, 22 insertions, 4 deletions
diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix
index 41ab5ef2c99..1f02219c831 100644
--- a/pkgs/applications/virtualization/bochs/default.nix
+++ b/pkgs/applications/virtualization/bochs/default.nix
@@ -53,6 +53,7 @@ stdenv.mkDerivation rec {
 
     "--with-rfb=no"
     "--with-vncsrv=no"
+    "--with-nogui"
 
     # These will always be "yes" on NixOS
     "--enable-ltdl-install=yes"
diff --git a/pkgs/applications/virtualization/docker-slim/default.nix b/pkgs/applications/virtualization/docker-slim/default.nix
index 5a4532fc6c7..277c06438f5 100644
--- a/pkgs/applications/virtualization/docker-slim/default.nix
+++ b/pkgs/applications/virtualization/docker-slim/default.nix
@@ -6,7 +6,7 @@
 
 buildGoPackage rec {
   pname = "docker-slim";
-  version = "1.36.4";
+  version = "1.37.0";
 
   goPackagePath = "github.com/docker-slim/docker-slim";
 
@@ -14,7 +14,7 @@ buildGoPackage rec {
     owner = "docker-slim";
     repo = "docker-slim";
     rev = version;
-    sha256 = "0hgiigai5jpczjll4s4r4jzbq272s3p8f0r6mj4r3mjjs89hkqz1";
+    sha256 = "1gxbgn61qv4zhzxwdd917hywwicr3jand34ghjzha35r44lmyzgz";
   };
 
   subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ];
diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index e4cd268758b..a945b2c79d7 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -17,13 +17,13 @@
 
 buildGoModule rec {
   pname = "podman";
-  version = "3.3.1";
+  version = "3.4.0";
 
   src = fetchFromGitHub {
     owner = "containers";
     repo = "podman";
     rev = "v${version}";
-    sha256 = "sha256-DVRLdJFYD5Ovc0n5SoMv71GPTuBO3wfqREcGRJEuND0=";
+    sha256 = "sha256-AeddndkKyUs9i0bg0XO5QCmYgqgWREnHWsmce6VM7Oo=";
   };
 
   vendorSha256 = null;
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index a00d87f0447..224969cc264 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -103,6 +103,17 @@ stdenv.mkDerivation rec {
       url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch";
       sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav";
     })
+  ] ++ lib.optionals stdenv.isDarwin [
+    # The Hypervisor.framework support patch converted something that can be applied:
+    # * https://patchwork.kernel.org/project/qemu-devel/list/?series=548227
+    # The base revision is whatever commit there is before the series starts:
+    # * https://github.com/patchew-project/qemu/commits/patchew/20210916155404.86958-1-agraf%40csgraf.de
+    # The target revision is what patchew has as the series tag from patchwork:
+    # * https://github.com/patchew-project/qemu/releases/tag/patchew%2F20210916155404.86958-1-agraf%40csgraf.de
+    (fetchpatch {
+      url = "https://github.com/patchew-project/qemu/compare/7adb961995a3744f51396502b33ad04a56a317c3..d2603c06d9c4a28e714b9b70fe5a9d0c7b0f934d.diff";
+      sha256 = "sha256-nSi5pFf9+EefUmyJzSEKeuxOt39ztgkXQyUB8fTHlcY=";
+    })
   ];
 
   postPatch = ''
@@ -167,6 +178,12 @@ stdenv.mkDerivation rec {
   doCheck = false; # tries to access /dev
   dontWrapGApps = true;
 
+  # QEMU attaches entitlements with codesign and strip removes those,
+  # voiding the entitlements and making it non-operational.
+  # The alternative is to re-sign with entitlements after stripping:
+  # * https://github.com/qemu/qemu/blob/v6.1.0/scripts/entitlement.sh#L25
+  dontStrip = stdenv.isDarwin;
+
   postFixup = ''
     # the .desktop is both invalid and pointless
     rm -f $out/share/applications/qemu.desktop