diff options
Diffstat (limited to 'pkgs/applications')
4 files changed, 0 insertions, 214 deletions
diff --git a/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff b/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff deleted file mode 100644 index f1aa50ee102..00000000000 --- a/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/crosvm.rs b/src/crosvm.rs -index b7055df..5989c87 100644 ---- a/src/crosvm.rs -+++ b/src/crosvm.rs -@@ -141,7 +141,9 @@ impl Default for Config { - x_display: None, - shared_dirs: Vec::new(), - sandbox: !cfg!(feature = "default-no-sandbox"), -- seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR), -+ seccomp_policy_dir: PathBuf::from( -+ option_env!("DEFAULT_SECCOMP_POLICY_DIR").unwrap_or(SECCOMP_POLICY_DIR), -+ ), - seccomp_log_failures: false, - cras_audio: false, - cras_capture: false, diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix deleted file mode 100644 index 5035b65f981..00000000000 --- a/pkgs/applications/virtualization/crosvm/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ stdenv, rustPlatform, fetchgit, runCommand, symlinkJoin -, pkgconfig, minijail, dtc, libusb1, libcap -}: - -let - - upstreamInfo = with builtins; fromJSON (readFile ./upstream-info.json); - - arch = with stdenv.hostPlatform; - if isAarch64 then "arm" - else if isx86_64 then "x86_64" - else throw "no seccomp policy files available for host platform"; - - crosvmSrc = fetchgit { - inherit (upstreamInfo.components."chromiumos/platform/crosvm") - url rev sha256 fetchSubmodules; - }; - - adhdSrc = fetchgit { - inherit (upstreamInfo.components."chromiumos/third_party/adhd") - url rev sha256 fetchSubmodules; - }; - -in - - rustPlatform.buildRustPackage rec { - pname = "crosvm"; - inherit (upstreamInfo) version; - - unpackPhase = '' - runHook preUnpack - - mkdir -p chromiumos/platform chromiumos/third_party - - pushd chromiumos/platform - unpackFile ${crosvmSrc} - mv ${crosvmSrc.name} crosvm - popd - - pushd chromiumos/third_party - unpackFile ${adhdSrc} - mv ${adhdSrc.name} adhd - popd - - chmod -R u+w -- "$sourceRoot" - - runHook postUnpack - ''; - - sourceRoot = "chromiumos/platform/crosvm"; - - patches = [ - ./default-seccomp-policy-dir.diff - ]; - - cargoSha256 = "1d7y07wkliy5qnlyx5zj6ni39avhs3s48sqgvwxm5g5zrahg2a85"; - - nativeBuildInputs = [ pkgconfig ]; - - buildInputs = [ dtc libcap libusb1 minijail ]; - - postPatch = '' - sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \ - seccomp/*/*.policy - ''; - - preBuild = '' - export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy - ''; - - postInstall = '' - mkdir -p $out/share/policy/ - cp seccomp/${arch}/* $out/share/policy/ - ''; - - passthru = { - inherit adhdSrc; - src = crosvmSrc; - updateScript = ./update.py; - }; - - meta = with stdenv.lib; { - description = "A secure virtual machine monitor for KVM"; - homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/"; - maintainers = with maintainers; [ qyliss ]; - license = licenses.bsd3; - platforms = [ "aarch64-linux" "x86_64-linux" ]; - }; - } diff --git a/pkgs/applications/virtualization/crosvm/update.py b/pkgs/applications/virtualization/crosvm/update.py deleted file mode 100755 index 280d6ec1811..00000000000 --- a/pkgs/applications/virtualization/crosvm/update.py +++ /dev/null @@ -1,91 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -p nix-prefetch-git "python3.withPackages (ps: with ps; [ lxml ])" -#! nix-shell -i python - -import base64 -import json -import re -import subprocess -from codecs import iterdecode -from os.path import dirname, splitext -from lxml import etree -from lxml.etree import HTMLParser -from urllib.request import urlopen - -# ChromiumOS components required to build crosvm. -components = ['chromiumos/platform/crosvm', 'chromiumos/third_party/adhd'] - -git_root = 'https://chromium.googlesource.com/' -manifest_versions = f'{git_root}chromiumos/manifest-versions' -buildspecs_url = f'{manifest_versions}/+/refs/heads/master/paladin/buildspecs/' - -# CrOS version numbers look like this: -# [<chrome-major-version>.]<tip-build>.<branch-build>.<branch-branch-build> -# -# As far as I can tell, branches are where internal Google -# modifications are added to turn Chromium OS into Chrome OS, and -# branch branches are used for fixes for specific devices. So for -# Chromium OS they will always be 0. This is a best guess, and is not -# documented. -with urlopen('https://cros-updates-serving.appspot.com/') as resp: - document = etree.parse(resp, HTMLParser()) - # bgcolor="lightgreen" is set on the most up-to-date version for - # each channel, so find a lightgreen cell in the "Stable" column. - (platform_version, chrome_version) = document.xpath(""" - (//table[@id="cros-updates"]/tr/td[1 + count( - //table[@id="cros-updates"]/thead/tr[1]/th[text() = "Stable"] - /preceding-sibling::*) - ][@bgcolor="lightgreen"])[1]/text() - """) - -chrome_major_version = re.match(r'\d+', chrome_version)[0] -chromeos_tip_build = re.match(r'\d+', platform_version)[0] - -# Find the most recent buildspec for the stable Chrome version and -# Chromium OS build number. Its branch build and branch branch build -# numbers will (almost?) certainly be 0. It will then end with an rc -# number -- presumably these are release candidates, one of which -# becomes the final release. Presumably the one with the highest rc -# number. -with urlopen(f'{buildspecs_url}{chrome_major_version}/?format=TEXT') as resp: - listing = base64.decodebytes(resp.read()).decode('utf-8') - buildspecs = [(line.split('\t', 1)[1]) for line in listing.splitlines()] - buildspecs = [s for s in buildspecs if s.startswith(chromeos_tip_build)] - buildspecs.sort(reverse=True) - buildspec = splitext(buildspecs[0])[0] - -revisions = {} - -# Read the buildspec, and extract the git revisions for each component. -with urlopen(f'{buildspecs_url}{chrome_major_version}/{buildspec}.xml?format=TEXT') as resp: - xml = base64.decodebytes(resp.read()) - root = etree.fromstring(xml) - for project in root.findall('project'): - revisions[project.get('name')] = project.get('revision') - -# Initialize the data that will be output from this script. Leave the -# rc number in buildspec so nobody else is subject to the same level -# of confusion I have been. -data = {'version': f'{chrome_major_version}.{buildspec}', 'components': {}} - -# Fill in the 'components' dictionary with the output from -# nix-prefetch-git, which can be passed straight to fetchGit when -# imported by Nix. -for component in components: - argv = ['nix-prefetch-git', - '--url', git_root + component, - '--rev', revisions[component]] - - output = subprocess.check_output(argv) - data['components'][component] = json.loads(output.decode('utf-8')) - -# Find the path to crosvm's default.nix, so the srcs data can be -# written into the same directory. -argv = ['nix-instantiate', '--eval', '--json', '-A', 'crosvm.meta.position'] -position = json.loads(subprocess.check_output(argv).decode('utf-8')) -filename = re.match(r'[^:]*', position)[0] - -# Finally, write the output. -with open(dirname(filename) + '/upstream-info.json', 'w') as out: - json.dump(data, out, indent=2) - out.write('\n') diff --git a/pkgs/applications/virtualization/crosvm/upstream-info.json b/pkgs/applications/virtualization/crosvm/upstream-info.json deleted file mode 100644 index 690eca38bff..00000000000 --- a/pkgs/applications/virtualization/crosvm/upstream-info.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "79.12607.0.0-rc4", - "components": { - "chromiumos/platform/crosvm": { - "url": "https://chromium.googlesource.com/chromiumos/platform/crosvm", - "rev": "cfb7db44eb9e5a0bca9a22bfb985252ef74ab251", - "date": "2019-10-17T23:22:08+00:00", - "sha256": "0gm1ggyzh9qfizm36jmh71c3anygxj1840cm94h71kzg9kiw0330", - "fetchSubmodules": false - }, - "chromiumos/third_party/adhd": { - "url": "https://chromium.googlesource.com/chromiumos/third_party/adhd", - "rev": "a8df1c52bde3bfd2aebc1d7adcd6f195eb212cb1", - "date": "2019-10-17T18:53:18+00:00", - "sha256": "1hyvnvwr5ka9zw4h7hhl6fpsfl2acp3zy4wr5qrw8s1cn8ljr9vy", - "fetchSubmodules": false - } - } -} |