| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
This will be useful for testing portals.
GDK_DEBUG is set to force the use of portals. In future, we might be
able to use the /.flatpak-info interface instead of using the debug
environment variable.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
| |
A VM that just powers itself off once it's successfully booted is very
useful for testing, especially automated testing.
I don't think there's any reason to actually install this on the
rootfs / user data partition at the moment.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This moves every directly-buildable Nix file in Spectrum from the old
eval-config.nix interface to a new callPackage-based interface. This
moves us in the direction of stopping files from directly importing
each other, in favor of having a global package set that contains the
Spectrum-specific packages.
Aside from consistency with packages from Nixpkgs, the main advantage
to this is that the packages will be correctly spliced, and so
e.g. lseek being in nativeBuildInputs will now do the right thing.
This is implemented using a scope, so the Spectrum packages are
invisible to Nixpkgs, and are applied on top afterwards, in contrast
to if an overlay was used.
Having a customised package set also paves the way for bringing
modifications to upstream packages (e.g. the Cloud Hypervisor
virtio-gpu patches) into the Spectrum repository, allowing us to use
an unmodified upstream Nixpkgs.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
| |
This wasn't updated when eval-config.nix was changed and moved into
lib. Importing the file and passing config in worked, but evaluating
it directly didn't, because it tried to import a path that no longer
exists.
Fixes: c3fbeca ("lib/common.mk: init")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
| |
This was useful while it was the only Wayland client we could run, but
since it doesn't start reliably[1], and we can now run complex
clients, appvm-hello-wayland isn't really providing value any more.
[1]: https://github.com/emersion/hello-wayland/pull/19
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
| |
There are no Mesa drivers in VMs since the previous commit. I didn't
notice this line was still here, now not doing anything useful.
Fixes: 16db4a0 ("vm: remove mesa drivers")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes a revert of commit 1a754374028ced6eea2dd77a2f829b511d2e90ba.
vm-lib/make-vm.nix was not the right place for the Mesa drivers to be
added — it meant that every VM had its own copy of the drivers,
whether it used them or not. And right now, nothing uses the Mesa
drivers. This will only be the case if we do GPU passthrough at some
point. When that happens, we can add them in a more sensible way, in
img/app.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
| |
This demonstrates that, as a result of upstream developments, we are
now able to run clients without them freezing after a couple of
seconds [1], and without crashing if they use the keymap [2].
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=70d1ace56db6c79d39dbe9c0d5244452b67e2fde
[2]: https://chromium.googlesource.com/chromiumos/platform/crosvm/+/998597a1bd29432bdee28d298511549edff1434a
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
| |
hello-wayland is the simplest possible Wayland client. This VM is
used to demonstrate Spectrum's new Wayland capabilities.
Signed-off-by: Alyssa Ross <alyssa.ross@unikie.com>
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20230721180015.597099-7-hi@alyssa.is>
|
|
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
| |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221010232909.1953738-11-hi@alyssa.is>
|
|
|
|
|
|
|
|
| |
mg is a text editor with a built-in filesystem browser, so it will be
useful for testing virtiofs.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221010232909.1953738-10-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
| |
Not all VMs will even have networking! So it makes more sense to put
waiting for the network in the application-specific part.
The "listen" and "wait" scripts are copied from the host system.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221010232909.1953738-8-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can simplify our Makefiles a bit by moving some things into a
library file. So far, I've done this for non-component-specific
macros, and inference rules.
Some tar2ext4 rules used a temporary file for the tar2ext4 invocation,
and then moved the file into place when it was done, to prevent a
half-built image sticking around if tar2ext4 died. According to
POSIX, make should clean up any targets that didn't finish building if
it's interrupted, so we should only end up with a half-built image if
tar2ext4 crashes, e.g. due to running out of disk space. I think we
should just ignore that possibility, since otherwise we'd have to
write annoying make rules using temporary file names for every target,
and if it does happen recovery is just a make clean away.
With this, I've also made a small reorganisation. I got rid of the
"nix" directory and created a "lib" directory, where I put
eval-config.nix and the new common.mk file, since both are library
code. checks.nix isn't really a library though, so I moved it into
the "release" directory, since the only reference to it is in
release.nix.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When I introduced the global src attribute, I broke custom
configurations, since they wouldn't be passing that key in, and nor
should they. To allow for non-customisable globals like src, we need
to separate them from config. Here, I've modified eval-config.nix to
take a callback, so that it can provide multiple attributes, and
handle command line arguments itself so that doesn't need to be in
every entry point any more. This gives us an interface similar to the
NixOS module system's, where a variety of globals are available that
can be pulled out of the passed attribute set as required, but with
the additional advantage that files are usable directly from
nix-build, and support command line arguments.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Fixes: 0149885 ("nix: centralise source cleaning")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a generic application VM image. It mounts a
filesystem containing the application, and then launches a "run"
script on that filesystem to start the application. The Nix store on
the application filesystem is overlaid onto the generic Nix store, so
shared paths don't have to be duplicated in the application
filesystem.
The "appvm" image is part of the Spectrum system — it lives on the
root filesystem, not the user data partition. Users of course have
the choice not to use the built in image if they don't want to, but
this gives us a default to use for future features like starting VMs
at runtime.
Individual application VMs are now defined in a single Nix file each,
using a VM builder function. I expect this is how Nix-based VMs would
be defined in the user data partition, and then built with Nix into
Spectrum VM configurations.
The new top-level vm-lib directory is intended to be copied into user
Nix expressions that build VMs, and therefore has to be usable
standalone. User-defined VMs should not do any path deduplication
with the system-provided base VM, so that the two can independently
update Nixpkgs. But for VMs that are part of the system (which I
consider the pre-built VMs to be, even though they're currently on the
user data partition), we can safely deduplicate paths that we know to
be present in the base image. So they go through vm/make-vm.nix,
which is a wrapper around vm-lib/make-vm.nix that does this
deduplication.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-7-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow booting reliably from multiple disk images, without
relying on order or requiring udev in an initramfs. (The only
deterministic way of doing boot order on Linux without special
userspace support is to set "root" on the kernel command line to
either a GPT partition UUID or label.)
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-4-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first step to being able to do things like having a static
base image for an application VM, and another image containing the
application to run.
When we actually use multiple images we'll need to change how we boot
so we know the kernel is booting from the right image — probably by
PARTUUID or PARTLABEL — because we can't guarantee how the kernel
orders disks inside the VM.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-2-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, a file called "config.nix" in the root of the Spectrum
repository will be read if it exists. That file should contain an
attribute set. Currently, only a "pkgs" key is supported, which
allows specifying a custom package set that will be used throughout
the Spectrum Nix files. This will allow us to provide configuartion
options for people who want to build Spectrum in ways that are
probably not suitable for upstreaming.
For example, using the "pkgs" config option I'm introducing here, it
would be possible to use an overlay to patch individual components,
like so:
{
pkgs = import <nixpkgs> {
overlays = [
(final: super: {
weston = super.weston.overrideAttrs ({ patches ? [], ... }: {
patches = patches ++ [
path/to/weston.patch
];
});
})
];
};
}
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20220831093727.282797-1-hi@alyssa.is>
Reviewed-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
|
|
|
|
|
|
|
| |
This will save having to download gcc and binutils just to change a
config file in a VM.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This isn't a license change — the code was always available under
potential future EUPL versions because of this language in the EUPL:
> Copyleft clause: If the Licensee distributes or communicates copies of the
> Original Works or Derivative Works, this Distribution or Communication will be
> done under the terms of this Licence or of a later version of this Licence
> unless the Original Work is expressly distributed only under this version of the
> Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee
> (becoming Licensor) cannot offer or impose any additional terms or conditions on
> the Work or Derivative Work that alter or restrict the terms of the Licence.
But now that reuse 1.0.0 is out, and supports SPDX '+' expressions, we
can express this more clearly in SPDX.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
| |
Nix files shouldn't be considered part of the sources, and so they
should be filtered out. This way, changes to them (that don't change
their meaning) won't force rebuilds.
|
|
|
|
|
|
| |
Whoops.
Fixes: e64a796 ("host/appvm-lynx-vmm: reduce VM memory")
|
|
|
|
|
|
|
|
|
| |
When I set the virtio console to go to a new PTY by default, it was
because I was working on / testing patches for terminal emulators to
get them to attach to PTYs and send resize events. Now that I'm not
doing that so much, let's show the console intended for VM output by
default, rather than requiring running another process to connect to
it.
|
| |
|
|
|
|
|
| |
Not worth pulling this in any more just for another mkdir
implementation!
|
|
|
|
|
|
|
| |
The main improvement things brings is that it should resolve a rare
race condition in early boot, where s6-rc-init would run before
s6-svscan, and so the boot would hang because s6-rc would never end up
properly running.
|
|
|
|
| |
This is preparatory work before a switch to s6-linux-init.
|
|
|
|
|
|
|
| |
These never needed to be separate. They were the result of some
confusion while I was trying to hack on the Musl fstab parser, briefly
broke comment parsing, and then didn't realise I'd introduced that
breakage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These fields are pretty much obsolete and are supposed to be optional
according to fstab(5), but upstream Musl requires them. Long ago, I
wrote a patch[1] to fix it, sent it upstream, and then applied it in
Spectrum's Nixpkgs as a temporary measure, to avoid churn in the fstab
files, thinking it would quickly be applied upstream.
But it has now been more than half a year since the last discussion on
my patch. I do think it'll probably be accepted eventually, but at
this point it's not worth patching Musl ourselves for to avoid the
very minor churn of doing this change now, and reverting it when my
patch is finally accepted. So just add the fields, and then we can
drop the patch from our Nixpkgs, and then we won't have to rebuild the
Musl-targetting compilers we could otherwise get from Hydra.
[1]: https://inbox.vuxu.org/musl/20210915221155.3977763-4-hi@alyssa.is/
|
|
|
|
| |
The reuse tool is fortunately smart enough to ignore these.
|
|
|
|
|
|
|
|
| |
It apparently doesn't on Ubuntu, and this way we also don't have to
hack around it being missing in the Nix sandbox.
Reported-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Message-Id: <20220406082038.4012718-1-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
| |
Problems with s6-mount:
• s6-mount -a will fail if some filesystems have already been mounted
• Does not support LABEL= device patterns.
We also already have a mount implementation in Busybox, so
standardising on that lets us drop the s6-linux-utils package entirely.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Trying to use modprobe from Busybox has caused nothing but problems.
The latest issue is that it doesn't implement softdep at all.
rootfs.ext4 before: 509M
rootfs.ext4 after: 513M
Thanks-to: Puck Meerburg <puck@puckipedia.com>
Message-Id: <20220321140107.1043654-1-hi@alyssa.is>
Tested-by: Ville Ilvonen <ville.ilvonen@unikie.com>
|
|
|
|
|
| |
We take linux from buildPackages so don't need the separate linux
argument.
|
| |
|
|
|
|
| |
These have nothing to do with s6-rc.
|
|
|
|
|
|
|
|
| |
This way, we don't allow arbitrary code from the ext partition to run
on the host system, which gives us better integrity guarantees when
paired with Secure Boot. This new scheme also makes it easy to
introspect VMs, since they're defined using a very limited
configuration language.
|
|
|
|
|
|
|
| |
I don't think Nix files are likely to contain anything particularly
worth protecting with copyleft, and I'd like to make code sharing with
Nixpkgs as easy as possible, so I think it's a good idea to adopt the
policy that Nix files are MIT-licensed by default to match Nixpkgs.
|
| |
|
| |
|
| |
|
|\ |
|
| |
|
|
|