summary refs log tree commit diff
path: root/pkgs/os-specific/linux/chromium-os/crosvm/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/chromium-os/crosvm/default.nix')
-rw-r--r--pkgs/os-specific/linux/chromium-os/crosvm/default.nix85
1 files changed, 85 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/chromium-os/crosvm/default.nix b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix
new file mode 100644
index 00000000000..25fa4e2d937
--- /dev/null
+++ b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix
@@ -0,0 +1,85 @@
+{ stdenv, lib, rustPlatform, fetchFromGitiles, upstreamInfo
+, pkg-config, minigbm, minijail, wayland, wayland-protocols, dtc, libusb1
+, libcap, linux
+}:
+
+let
+  arch = with stdenv.hostPlatform;
+    if isAarch64 then "arm"
+    else if isx86_64 then "x86_64"
+    else throw "no seccomp policy files available for host platform";
+
+  getSrc = path: fetchFromGitiles upstreamInfo.components.${path};
+  srcs = lib.genAttrs [
+    "src/aosp/external/minijail"
+    "src/platform/crosvm"
+    "src/platform2"
+    "src/third_party/adhd"
+    "src/third_party/rust-vmm/vhost"
+  ] getSrc;
+in
+
+  rustPlatform.buildRustPackage rec {
+    pname = "crosvm";
+    inherit (upstreamInfo) version;
+
+    unpackPhase = ''
+      runHook preUnpack
+
+      ${lib.concatStringsSep "\n" (lib.mapAttrsToList (path: src: ''
+        mkdir -p ${dirOf path}
+        pushd ${dirOf path}
+        unpackFile ${src}
+        popd
+      '') srcs)}
+
+      chmod -R u+w -- "$sourceRoot"
+
+      runHook postUnpack
+    '';
+
+    sourceRoot = "src/platform/crosvm";
+
+    patches = [
+      ./default-seccomp-policy-dir.diff
+      ./VIRTIO_NET_F_MAC.patch
+    ];
+
+    cargoSha256 = "1yhxw19niqwipi1fbrskrpvhs915lrs8sdcpknmqd9izq67r3a06";
+
+    nativeBuildInputs = [ pkg-config wayland ];
+
+    buildInputs = [ dtc libcap libusb1 minigbm minijail wayland wayland-protocols ];
+
+    postPatch = ''
+      sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \
+             seccomp/*/*.policy
+    '';
+
+    preBuild = ''
+      export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy
+    '';
+
+    postInstall = ''
+      mkdir -p $out/share/policy/
+      cp seccomp/${arch}/* $out/share/policy/
+    '';
+
+    CROSVM_CARGO_TEST_KERNEL_BINARY =
+      lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform)
+        "${linux}/${stdenv.hostPlatform.linux-kernel.target}";
+
+    passthru = {
+      inherit srcs;
+      src = srcs.${sourceRoot};
+      updateScript = ../update.py;
+    };
+
+    meta = with lib; {
+      description = "A secure virtual machine monitor for KVM";
+      homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/";
+      maintainers = with maintainers; [ qyliss ];
+      license = licenses.bsd3;
+      platforms = [ "aarch64-linux" "x86_64-linux" ];
+    };
+  }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-01 08:23:25 +0000