Yes, this is only on the package level, so it's possible to use
VirtualBox for example installed by nix-env -i, which of course doesn't
have access to the functionality provided by the various VirtualBox
kernel modules.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
With hardening, we need to go a bit further rather than just allowing
/nix/store being world-writable. We now use fakeroot to make sure the
VBoxExtPackHelperApp won't moan that the files are not owned by root.
They are, but only outside of the chrooted build process.
Another issue with using fakeroot is that it doesn't seem to cope well
with arguments that contain spaces. That's why I've piped the call into
${stdenv.shell}.
Now, the really gory and confusing part is the introduction of
VBOX_PATH_APP_PRIVATE_ARCH_TOP and the change of VBOX_PATH_APP_PRIVATE.
The VBOX_PATH_APP_PRIVATE_ARCH is *only* for modules and is checked by
the hardened implementation against whether things like VMMR0.r0 or
VBoxVMM.so reside in that directory. As a side note: I admit that the
whole libexec directory is quite polluted with stuff that shouldn't be
there, but for now we've broken enough things and will tear apart the
whole structure at some day in the future[TM].
For the confusing part we have VBOX_PATH_APP_PRIVATE_ARCH_TOP, which
_should_ be the same as VBOX_PATH_APP_PRIVATE_ARCH but unfortunately,
the hardened implementation is checking against this directory (in
IsValidBaseDir) for the extension pack(why!?).
Of course, we could put even that into the libexec directory, somewhat
similar as the official package, but after all, let's at least *try* to
separate things.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We are already checking whether /nix/store has the sticky bit set, so if
it is world-writable as well it doesn't mean that the actual store path
is writable. Let alone the fact that it is only writable during the
build process.
This should fix installing the extension pack when enableExtensionPack
is used.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.
The hardened.patch implements two things:
* Set the binary directory to the setuid-wrappers dir so that
VboxSVC calls them instead of the binaries from the store path. The
reason behind this is because nothing in the Nix store can have the
setuid flag.
* Excempt /nix/store from the group permission check, because while it
is group-writeable indeed it also has the sticky bit set (and also
the whole store is mounted read-only on most NixOS systems), so we're
checking on that as well.
Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Traversing the full source tree is unneccessary, because the calls are
only done within make files. Hence we only substitute make files now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The dependency on gsettings_desktop_schemas wasn't specified correctly.
Now it works.
Fixes this error, as seen when trying to open a guest VM when
virt-manager is accessed over ssh with X forwarding:
GLib-GIO-ERROR **: Settings schema 'org.gnome.system.proxy' is not installed
Now, Bochs expression has a bunch of configurable options!
Unhappily, it is a big and complex project, and some configure options
are in constant clash. But the set created for now is very usable and
stable.
Closes#4366
This version of module has disabled socketActivation, because until
nixos upgrade systemd to at least 214, systemd does not support
SocketGroup. So socket is created with "root" group when
socketActivation enabled. Should be fixed as soon as systemd upgraded.
Includes changes from #3015 and supersedes #3028
Without this it'll complain and abort when clicking "Take Screenshot" or
"Browse Local" when creating a new VM and looking for an CD-ROM image to boot
from:
GLib-GIO-ERROR **: Settings schema 'org.gtk.Settings.FileChooser' is not installed
- Vte, add gtk3 support, enable introspection, update to 0.35.90
- Spice-gtk, add gtk3 support
- gtk-vnc, add gtk3 support
- Add libvirt-glib (thanks @bjornfor)
- Add usbredir
- qemu, enable usbredir
- spice-gtk, enable usbredir
- virt-manager, update to 1.0.1
[Bjørn:
* Set namePrefix = "" to preserve package name "virt-manager"
(instead of "python2.7-virt-manager")
* Add dconf to GIO_EXTRA_MODULES to get persistent settings in
virt-manager. Without it:
GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications.
* Add ${gtk3}/share to XDG_DATA_DIRS to unbreak "Take Screenshot"
feature (fixes "Settings schema 'org.gtk.Settings.FileChooser' is not installed")
* gtk-vnc: don't pull "pkgs" attrset for optionalString, use stdenv.lib.optionalString instead.
]
Update VirtualBox (and implicitly VirtualBox Guest Additions) to 4.3.6
and Oracle VM VirtualBox Extension Pack to 91406
Conflicts due to minor upgrade in the mean time
Conflicts:
nixos/modules/virtualisation/virtualbox-guest.nix
pkgs/applications/virtualization/virtualbox/default.nix
pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
This is needed to compile the Virtual Box guest additions with the 3.13
kernel (and thus the grsecurity testing kernel).
Signed-off-by: Austin Seipp <aseipp@pobox.com>
This removes nixpkgs' custom runners and instead copies the main python source
files to the bin directory, then wraps them up as usual.
Hopefully this will be more reliable than other previous wrapping methods.
In most cases, this just meant changing kernelDev (now removed from
linuxPackagesFor) to kernel.dev. Some packages needed more work (though
whether that was because of my changes or because they were already
broken, I'm not sure). Specifics:
* psmouse-alps builds on 3.4 but not 3.10, as noted in the comments that
were already there
* blcr builds on 3.4 but not 3.10, as noted in comments that were
already there
* open-iscsi, ati-drivers, wis-go7007, and openafsClient don't build on
3.4 or 3.10 on this branch or on master, so they're marked broken
* A version-specific kernelHeaders package was added
The following packages were removed:
* atheros/madwifi is superceded by official ath*k modules
* aufs is no longer used by any of our kernels
* broadcom-sta v6 (which was already packaged) replaces broadcom-sta
* exmap has not been updated since 2011 and doesn't build
* iscis-target has not been updated since 2010 and doesn't build
* iwlwifi is part of mainline now and doesn't build
* nivida-x11-legacy-96 hasn't been updated since 2008 and doesn't build
Everything not specifically mentioned above builds successfully on 3.10.
I haven't yet tested on 3.4, but will before opening a pull request.
Signed-off-by: Shea Levy <shea@shealevy.com>
* Remove package name
* Start with upper case letter
* Remove trailing period
Also reword some descriptions and move some long descriptions to
longDescription.
I'm not touching generated packages.
We already enable VNC and SDL support by default and adding spice only
increases the closure size from 513 MB to 518 MB.
Closure size:
du -sch $(nix-store -qR ./result)
A recent X update broke VirtualBox guest additions (vboxvideo driver version
mismatch, desktop won't start). This fixes it.
Here is the error log:
(II) "glx" will be loaded by default.
(II) LoadModule: "glx"
(II) Loading /nix/store/kzvmnjlps51q4piqmwr7zbmxcg2z9vgk-xorg-server-1.13.4/lib/xorg/modules/extensions/libglx.so
(II) Module glx: vendor="X.Org Foundation"
compiled for 1.13.4, module version = 1.0.0
ABI class: X.Org Server Extension, version 7.0
(==) AIGLX enabled
Loading extension GLX
(II) LoadModule: "vboxvideo"
(II) Loading /nix/store/4kbxi00h8xsmfgbws2qqh674lcfp03h6-VirtualBox-GuestAdditions-4.2.14-3.2.46/lib/xorg/modules/drivers/vboxvideo_drv.so
(II) Module vboxvideo: vendor="Oracle Corporation"
compiled for 10.12.0, module version = 1.0.1
Module class: X.Org Video Driver
ABI class: X.Org Video Driver, version 12.0
(EE) module ABI major version (12) doesn't match the server's version (13)
(II) UnloadModule: "vboxvideo"
(II) Unloading vboxvideo
(EE) Failed to load module "vboxvideo" (module requirement mismatch, 0)
(II) LoadModule: "vboxmouse"
(WW) Warning, couldn't open module vboxmouse
(II) UnloadModule: "vboxmouse"
(II) Unloading vboxmouse
(EE) Failed to load module "vboxmouse" (module does not exist, 0)
(EE) No drivers available.
Fatal server error:
no screens found