summary refs log tree commit diff
path: root/pkgs/os-specific/linux/chromium-os/crosvm/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/chromium-os/crosvm/default.nix')
-rw-r--r--pkgs/os-specific/linux/chromium-os/crosvm/default.nix74
1 files changed, 74 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/chromium-os/crosvm/default.nix b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix
new file mode 100644
index 00000000000..648fef71616
--- /dev/null
+++ b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix
@@ -0,0 +1,74 @@
+{ stdenv, rustPlatform, fetchFromGitiles, upstreamInfo
+, pkgconfig, minijail, dtc, libusb1, libcap
+}:
+
+let
+  arch = with stdenv.hostPlatform;
+    if isAarch64 then "arm"
+    else if isx86_64 then "x86_64"
+    else throw "no seccomp policy files available for host platform";
+
+  crosvmSrc = fetchFromGitiles
+    upstreamInfo.components."chromiumos/platform/crosvm";
+
+  adhdSrc = fetchFromGitiles
+    upstreamInfo.components."chromiumos/third_party/adhd";
+in
+
+  rustPlatform.buildRustPackage rec {
+    pname = "crosvm";
+    inherit (upstreamInfo) version;
+
+    unpackPhase = ''
+      runHook preUnpack
+
+      mkdir -p chromiumos/platform chromiumos/third_party
+
+      pushd chromiumos/platform
+      unpackFile ${crosvmSrc}
+      popd
+
+      pushd chromiumos/third_party
+      unpackFile ${adhdSrc}
+      popd
+
+      chmod -R u+w -- "$sourceRoot"
+
+      runHook postUnpack
+    '';
+
+    sourceRoot = "chromiumos/platform/crosvm";
+
+    patches = [
+      ./default-seccomp-policy-dir.diff
+    ];
+
+    cargoSha256 = "1b5i9gwrw55p89f7vwjy801q26hwyn8hd64w6qp66fl9fr7vgvbi";
+
+    nativeBuildInputs = [ pkgconfig ];
+
+    buildInputs = [ dtc libcap libusb1 minijail ];
+
+    postPatch = ''
+      sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \
+             seccomp/*/*.policy
+    '';
+
+    preBuild = ''
+      export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy
+    '';
+
+    postInstall = ''
+      mkdir -p $out/share/policy/
+      cp seccomp/${arch}/* $out/share/policy/
+    '';
+
+    passthru.updateScript = ./update.py;
+
+    meta = with stdenv.lib; {
+      description = "A secure virtual machine monitor for KVM";
+      homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/";
+      license = licenses.bsd3;
+      platforms = [ "aarch64-linux" "x86_64-linux" ];
+    };
+  }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-02 21:07:54 +0000