Commit Graph

338 Commits

Author SHA1 Message Date
aszlig
a199eedfce
virtualbox package: Disable hardening by default.
Yes, this is only on the package level, so it's possible to use
VirtualBox for example installed by nix-env -i, which of course doesn't
have access to the functionality provided by the various VirtualBox
kernel modules.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:18 +01:00
Michael Raskin
a199693cab Update/Fix OVMF 2014-12-11 08:46:13 +03:00
William A. Kennington III
63ae630c6c qemu: 2.0.0 -> 2.2.0
Additionally, add support for more external features as well as more
sound system types.
2014-12-10 15:18:54 -08:00
aszlig
2b58a6ab0d
virtualbox: Fix extension pack installation.
With hardening, we need to go a bit further rather than just allowing
/nix/store being world-writable. We now use fakeroot to make sure the
VBoxExtPackHelperApp won't moan that the files are not owned by root.

They are, but only outside of the chrooted build process.

Another issue with using fakeroot is that it doesn't seem to cope well
with arguments that contain spaces. That's why I've piped the call into
${stdenv.shell}.

Now, the really gory and confusing part is the introduction of
VBOX_PATH_APP_PRIVATE_ARCH_TOP and the change of VBOX_PATH_APP_PRIVATE.

The VBOX_PATH_APP_PRIVATE_ARCH is *only* for modules and is checked by
the hardened implementation against whether things like VMMR0.r0 or
VBoxVMM.so reside in that directory. As a side note: I admit that the
whole libexec directory is quite polluted with stuff that shouldn't be
there, but for now we've broken enough things and will tear apart the
whole structure at some day in the future[TM].

For the confusing part we have VBOX_PATH_APP_PRIVATE_ARCH_TOP, which
_should_ be the same as VBOX_PATH_APP_PRIVATE_ARCH but unfortunately,
the hardened implementation is checking against this directory (in
IsValidBaseDir) for the extension pack(why!?).

Of course, we could put even that into the libexec directory, somewhat
similar as the official package, but after all, let's at least *try* to
separate things.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-01 03:32:55 +01:00
aszlig
318fbb34e7
virtualbox: Allow /nix/store being world-writable.
We are already checking whether /nix/store has the sticky bit set, so if
it is world-writable as well it doesn't mean that the actual store path
is writable. Let alone the fact that it is only writable during the
build process.

This should fix installing the extension pack when enableExtensionPack
is used.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 18:23:19 +01:00
aszlig
017e6b72c1
virtualbox: Update to upstream version 4.3.20.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 06:25:50 +01:00
aszlig
3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig
deec767efa
virtualbox: Disable depmod only where necessary.
Traversing the full source tree is unneccessary, because the calls are
only done within make files. Hence we only substitute make files now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
Rob Vermaas
f54c852a36 docker: update from 1.3.0 to 1.3.1, potentially fixes CVE-2014-5277 2014-11-18 16:06:36 +01:00
AndersonTorres
c7d83e5ee0 Bochs: upgrade to 2.6.7
Now, with SDL2 upgrade!
2014-11-18 10:53:40 -02:00
Jonathan Rudenberg
29d708176c virtualbox: 4.3.16 -> 4.3.18 2014-11-03 21:47:59 +01:00
Michael Raskin
830af476eb Update virtviewer 2014-11-03 16:54:38 +03:00
Corey O'Connor
48dc0eacb8 add pulseaudio to virtualbox 2014-10-22 20:56:25 +02:00
Paul Colomiets
f86967ac8a docker: upgrade to 1.3.0 2014-10-17 23:20:09 +03:00
Bjørn Forsman
fb8a2b3be7 virt-manager: fix missing schema error
The dependency on gsettings_desktop_schemas wasn't specified correctly.
Now it works.

Fixes this error, as seen when trying to open a guest VM when
virt-manager is accessed over ssh with X forwarding:

  GLib-GIO-ERROR **: Settings schema 'org.gnome.system.proxy' is not installed
2014-10-03 16:09:03 +02:00
Domen Kožar
58b6c4fce9 xen: note about security for next bump 2014-10-02 10:23:09 +02:00
AndersonTorres
59418454e6 Bochs: adding configurable options
Now, Bochs expression has a bunch of configurable options!

Unhappily, it is a big and complex project, and some configure options
are in constant clash. But the set created for now is very usable and
stable.

Closes #4366
2014-10-02 06:48:50 +01:00
ambrop7@gmail.com
f8738a6d09 Update VirtualBox to 4.3.16. 2014-09-18 23:43:11 +02:00
ambrop7@gmail.com
2f79a85767 VirtualBox: Fix ALSA audio.
Use a sed replacement to ensure that dynamic loading of libasound works.
2014-09-14 11:28:34 +02:00
Pascal Wittmann
8d67b9a240 transformed meta.maintainers of some packages into lists 2014-09-13 13:52:02 +02:00
AndersonTorres
b39e5ce957 Small style fixups
In this commit, I modified some files, conforming them to a
idiosyncratic standard - mainly, a template for meta attribs.
2014-09-10 21:34:50 -03:00
Vladimír Čunát
06fea81c6e Merge recent master into staging
Hydra: ?compare=1150594
2014-09-06 16:52:45 +02:00
Jaka Hudoklin
0c398f6040 docker: add xz to PATH, make importing from archives work 2014-09-04 01:30:59 +02:00
Jaka Hudoklin
e5194e5aea docker: fix docker not finding dockerinit 2014-09-03 18:24:51 +02:00
Vladimír Čunát
e51f73652d Merge recent master into staging
Hydra: ?compare=1149952

Conflicts:
	nixos/doc/manual/configuration.xml (changed split file)
	nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
	pkgs/development/libraries/readline/readline6.3.nix (auto-solved)
2014-08-30 10:04:02 +02:00
Aristid Breitkreuz
a2eb68a6dc update virtualbox to 4.3.14 2014-08-28 21:27:08 +02:00
Aristid Breitkreuz
10a3369c99 virtinst: fix name resolution ambiguity breaking the runnability 2014-08-27 21:24:13 +02:00
Domen Kožar
d52d71a04b pythonPackages.boto_1_9: remove 2014-08-27 13:26:00 +02:00
Jaka Hudoklin
88391a5c65 docker: update to 1.2.0 2014-08-24 17:30:50 +02:00
Michael Raskin
ff4c6f39da Merge pull request #3671 from madjar/master
Added e2fsprogs to docker dependencies.
2014-08-23 13:08:07 +04:00
Michael Raskin
2991b5a2f3 Merge pull request #3529 from AndersonTorres/bochs
Bochs: update to version 2.6.6
2014-08-23 12:48:05 +04:00
AndersonTorres
6a78135865 Bochs: update to version 2.6.6 2014-08-21 07:08:09 -03:00
Georges Dubus
a82e9e4b5c Added e2fsprogs to docker dependencies.
Otherwise, it complains about mkfs.ext4 not being present at service
start (and stops).
2014-08-19 11:00:46 +02:00
Luca Bruno
36bef2b267 gobject-introspection: refer to shlibs with absolute paths in typelibs
After this, LD_LIBRARY_PATH should not be required anymore.
The patch has been applied only for .la files, so there may
be some other cases missing.
2014-08-14 23:16:51 +02:00
Russell O'Connor
a431a96df9 Allow QEMU to fallback to full simulation if /dev/kvm is not available. 2014-08-13 23:26:26 +02:00
Eelco Dolstra
8a7f3c3618 Mark a bunch of packages as broken or not supported on Darwin 2014-08-08 17:59:02 +02:00
Rob Vermaas
64561b437d Remove broken flag for xen, build with gcc45. 2014-08-01 17:18:27 +02:00
Paul Colomiets
9bc1676e5a Upgrade docker to 1.1.2 and add docker module
This version of module has disabled socketActivation, because until
nixos upgrade systemd to at least 214, systemd does not support
SocketGroup. So socket is created with "root" group when
socketActivation enabled. Should be fixed as soon as systemd upgraded.

Includes changes from #3015 and supersedes #3028
2014-07-28 21:45:49 +02:00
Mateusz Kowalczyk
7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
Austin Seipp
de96d25294 qemu: 1.7.1 -> 2.0.0
The patch for CVE-2014-0150 is still required.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 15:52:44 -05:00
Benno Fünfstück
8b6300822b virtualbox: update 4.3.10 -> 4.3.12
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:33:25 -05:00
Austin Seipp
aae821493d Revert "virtualbox: update 4.3.10 -> 4.3.12"
This reverts commit a0ae412a10.

It snuck by me in #2677. I'll test it more first.
2014-05-17 16:45:58 -05:00
Benno Fünfstück
a0ae412a10 virtualbox: update 4.3.10 -> 4.3.12 2014-05-17 12:28:33 +02:00
AndersonTorres
2e950bd72e 8086tiny: update to 1.25
Locally build BIOS support
2014-05-14 22:40:09 +02:00
Benjamin Podszun
2ce5162252 Bump virt-viewer to 0.6.0, from the 2009 version 2014-05-14 22:24:01 +02:00
cillianderoiste
7adc00b8bc Merge pull request #2484 from chexxor/feature/bump-docker-0.10.0
Bump docker version to 0.10.0
2014-05-11 10:33:43 +02:00
Bjørn Forsman
cb7c920e24 virt-manager: add missing gsettings schema
Without this it'll complain and abort when clicking "Take Screenshot" or
"Browse Local" when creating a new VM and looking for an CD-ROM image to boot
from:

GLib-GIO-ERROR **: Settings schema 'org.gtk.Settings.FileChooser' is not installed
2014-05-11 01:03:27 +02:00
Alex Berg
47090c9bdc Bump docker version to 0.10.0. 2014-05-03 17:03:33 +02:00
Eelco Dolstra
39faed1f2f qemu: Apply patch for CVE-2014-0150, CVE-2014-2894 2014-04-28 14:37:46 +02:00
Eelco Dolstra
0af5d11a6f qemu-image: Remove (obsolete) 2014-04-28 14:34:34 +02:00
Eelco Dolstra
f2cb4def59 qemu: Update to 1.7.1 2014-04-17 15:54:42 +02:00
Alex Berg
7dff8a8aaf Bump Docker to v0.9.1. Tested pulling, committing, pushing.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 15:08:07 -05:00
Jaka Hudoklin
413ebfb246 virt-manager: update to 1.0.1, fix & update dependencies, gtk3 support
- Vte, add gtk3 support, enable introspection, update to 0.35.90
- Spice-gtk, add gtk3 support
- gtk-vnc, add gtk3 support
- Add libvirt-glib (thanks @bjornfor)
- Add usbredir
- qemu, enable usbredir
- spice-gtk, enable usbredir
- virt-manager, update to 1.0.1

[Bjørn:
* Set namePrefix = "" to preserve package name "virt-manager"
  (instead of "python2.7-virt-manager")
* Add dconf to GIO_EXTRA_MODULES to get persistent settings in
  virt-manager. Without it:
  GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications.
* Add ${gtk3}/share to XDG_DATA_DIRS to unbreak "Take Screenshot"
  feature (fixes "Settings schema 'org.gtk.Settings.FileChooser' is not installed")
* gtk-vnc: don't pull "pkgs" attrset for optionalString, use stdenv.lib.optionalString instead.
]
2014-04-05 18:37:05 +02:00
Moritz Maxeiner
99d639d750 Update Virtualbox and Guest Additions to 4.3.10, Oracle Extensions to 93012 2014-03-29 13:44:50 +01:00
Shea Levy
1aa5589eef Merge branch 'virtualbox' of git://github.com/Calrama/nixpkgs
Update VirtualBox (and implicitly VirtualBox Guest Additions) to 4.3.6
and Oracle VM VirtualBox Extension Pack to 91406

Conflicts due to minor upgrade in the mean time

Conflicts:
	nixos/modules/virtualisation/virtualbox-guest.nix
	pkgs/applications/virtualization/virtualbox/default.nix
	pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
2014-03-29 00:23:54 -04:00
AndersonTorres
d8648c47cf Merge remote-tracking branch 'upstream/master' 2014-03-23 11:52:03 -03:00
AndersonTorres
e48ae6a079 A minor fix to maintainers field for some packages (aegisub,mpv,8086tiny and bochs) 2014-03-22 14:30:45 -03:00
Peter Simons
ceb7673bf0 Fix broken references to 'maintainers' attribute set. 2014-03-22 10:01:42 +01:00
Peter Simons
57db4ba855 Merge pull request #1998 from AndersonTorres/master
Maintainer and license modifications for some packages
2014-03-22 09:01:07 +01:00
AndersonTorres
f7498e5a7e Adding info about maintainer (myself - AndersonTorres) and modifying the meta.license field for some packages I have made. 2014-03-22 01:12:48 -03:00
William A. Kennington III
b6d3526c53 qemu: Update 1.5.2 -> 1.7.0 2014-03-18 14:24:46 +01:00
Moritz Maxeiner
53e743fa08 Update Virtualbox and Guest Additions to 4.3.8, Oracle Extensions to 92456 2014-02-28 17:19:48 +01:00
AndersonTorres
ad6bdfaf56 Deleting the "runme" stuff - it is not needed at all,
and the run method is fully documented
2014-02-24 00:12:00 -03:00
AndersonTorres
2c09d55904 Merge remote-tracking branch 'upstream/master' 2014-02-24 00:07:02 -03:00
AndersonTorres
4670b503b1 New package: 8086tiny, a tiny 8086 emulator 2014-02-24 00:01:43 -03:00
Austin Seipp
0441bb1b7a virtualbox: 4.2.18 -> 4.2.22
This is needed to compile the Virtual Box guest additions with the 3.13
kernel (and thus the grsecurity testing kernel).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-19 23:58:53 +01:00
Shea Levy
72b5403ee8 edk2/OVMF: Update
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:32:21 -05:00
Moritz Maxeiner
ba0ca53615 Update VirtualBox (and implicitly VirtualBox Guest Additions) to 4.3.6 and Oracle VM VirtualBox Extension Pack to 91406 2014-01-31 00:34:04 +01:00
Jaka Hudoklin
cc33c351b8 Add docker 2014-01-27 00:56:51 +01:00
Ricardo M. Correia
0cf9a083d9 virt-manager: Fix running with --no-fork
This removes nixpkgs' custom runners and instead copies the main python source
files to the bin directory, then wraps them up as usual.

Hopefully this will be more reliable than other previous wrapping methods.
2014-01-18 20:45:27 +00:00
Ricardo M. Correia
4ede302207 virt-manager: Add graphical support for the Spice protocol 2014-01-11 22:01:52 +01:00
Ricardo M. Correia
aed957bae7 virt-manager: Fix error: 'ImportError: No module named libvirt'
The problem was that libvirt 1.2.0 no longer includes the python bindings; it is
a separate package now.
2014-01-11 22:01:52 +01:00
Ricardo M. Correia
d82530440f virt-manager: Update to 0.9.5 virtinst: Update to 0.600.4 2014-01-11 19:21:09 +01:00
Shea Levy
a589bfae17 Update and fix kernel packages to new kernel build
In most cases, this just meant changing kernelDev (now removed from
linuxPackagesFor) to kernel.dev. Some packages needed more work (though
whether that was because of my changes or because they were already
broken, I'm not sure). Specifics:

* psmouse-alps builds on 3.4 but not 3.10, as noted in the comments that
  were already there
* blcr builds on 3.4 but not 3.10, as noted in comments that were
  already there
* open-iscsi, ati-drivers, wis-go7007, and openafsClient don't build on
  3.4 or 3.10 on this branch or on master, so they're marked broken
* A version-specific kernelHeaders package was added

The following packages were removed:

* atheros/madwifi is superceded by official ath*k modules
* aufs is no longer used by any of our kernels
* broadcom-sta v6 (which was already packaged) replaces broadcom-sta
* exmap has not been updated since 2011 and doesn't build
* iscis-target has not been updated since 2010 and doesn't build
* iwlwifi is part of mainline now and doesn't build
* nivida-x11-legacy-96 hasn't been updated since 2008 and doesn't build

Everything not specifically mentioned above builds successfully on 3.10.
I haven't yet tested on 3.4, but will before opening a pull request.

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-04 21:17:04 -05:00
AndersonTorres
81d7906e19 Minor changes to Bochs expression. 2013-11-24 16:30:16 +01:00
Anderson Torres
fee5929a42 First commit.
Added Nix expression for Bochs - "the highly portable x86 emulator".
2013-11-23 02:22:05 +01:00
Eelco Dolstra
754704ea18 Allow packages to be marked as "broken" by setting meta.broken
The effect is that they won't show up in "nix-env -qa" anymore.
2013-11-04 21:11:00 +01:00
Jaka Hudoklin
9653d9bbbd virt-manager: add vte as build input, so console works for lxc 2013-10-19 18:07:14 +02:00
Shea Levy
74d72d89ea Update edk2 and OVMF
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-10-09 10:30:44 -04:00
Bjørn Forsman
083d0890f5 More description fixes
* Remove package name
* Start with upper case letter
* Remove trailing period

Also reword some descriptions and move some long descriptions to
longDescription.

I'm not touching generated packages.
2013-10-06 12:01:38 +02:00
Eelco Dolstra
01fdb87a03 virtualbox: Update to 4.2.18 2013-09-17 17:44:28 +02:00
Jaka Hudoklin
c3cd361927 virt-viewer: fix build, add libcap-ng to build inputs, needed after libvirt update to 1.1.2 2013-09-16 00:39:17 +02:00
Eelco Dolstra
7ee76ebd0c qemu: Revert to 1.5.2
1.6.0 breaks many VM builds because it gives incorrect RTC values to
the guest.  See

  http://hydra.nixos.org/eval/981543
  http://hydra.nixos.org/eval/981440
2013-08-26 15:48:21 +02:00
Rickard Nilsson
5303fb0f0f qemu: Update to 1.6.0 2013-08-23 10:26:29 +02:00
Bjørn Forsman
e242ae058d virtualbox: fix extension pack hash (must be base16) 2013-08-10 14:30:53 +02:00
Eelco Dolstra
f4681d8e08 virtualbox: Update to 4.2.16 2013-08-09 18:48:52 +02:00
Eelco Dolstra
c8c817a3b4 qemu-kvm: Disambiguate 2013-07-31 14:53:35 +02:00
Eelco Dolstra
00e311e438 qemu-kvm: Remove
But install a qemu-kvm wrapper in qemu.
2013-07-31 14:53:34 +02:00
Eelco Dolstra
945c70202f qemu: Update to 1.5.2 2013-07-31 14:53:34 +02:00
Bjørn Forsman
f142483de0 qemu: enable spice protocol support by default
We already enable VNC and SDL support by default and adding spice only
increases the closure size from 513 MB to 518 MB.

Closure size:
  du -sch $(nix-store -qR ./result)
2013-07-18 02:40:24 +02:00
Baptist BENOIST
8db7ff9b83 virtualbox: Comply with the Personal Use and Evaluation License
The direct download was unfortunately not compliant with the VirtualBox
Extension Pack's Personal Use and Evaluation License (PUEL) which
stipulates that any end-user should fetch the binaries from the official
Downloads page.

See https://github.com/NixOS/nixpkgs/issues/672 and
http://www.virtualbox.org/wiki/VirtualBox_PUEL for more info.
2013-07-16 21:24:34 +02:00
Eelco Dolstra
abc10b4715 qemu: Allow building only the x86 emulator 2013-07-04 18:27:26 +02:00
Eelco Dolstra
b625a16068 qemu: Merge qemu-kvm dependencies 2013-07-04 18:27:26 +02:00
Eelco Dolstra
d199fe766a qemu: Merge stuff from qemu-kvm 2013-07-04 18:27:26 +02:00
Eelco Dolstra
9da1586d75 qemu: Update to 1.5.1 2013-07-04 18:27:26 +02:00
Rickard Nilsson
e382e34f51 qemu: Enable support for VDE networking 2013-06-25 19:47:17 +02:00
Rickard Nilsson
270da328b9 qemu: Enable virtfs
This makes it possible to share host directories to qemu guests
using 9P.
2013-06-25 12:20:10 +02:00
Vladimír Čunát
6c86398ff3 virtualbox: minor update, lock versions with guest-additions
I saw no reason to use requireFile, it seems normally downloadable.
2013-06-23 16:14:31 +02:00
Vladimír Čunát
45f7b9c319 virtualbox: make guest additions use driver according to xserver version 2013-06-23 14:16:21 +02:00
Bjørn Forsman
43c9ab900b virtualbox-guestadditions: fix xorg incompatibility
A recent X update broke VirtualBox guest additions (vboxvideo driver version
mismatch, desktop won't start). This fixes it.

Here is the error log:

 (II) "glx" will be loaded by default.
 (II) LoadModule: "glx"
 (II) Loading /nix/store/kzvmnjlps51q4piqmwr7zbmxcg2z9vgk-xorg-server-1.13.4/lib/xorg/modules/extensions/libglx.so
 (II) Module glx: vendor="X.Org Foundation"
 	compiled for 1.13.4, module version = 1.0.0
 	ABI class: X.Org Server Extension, version 7.0
 (==) AIGLX enabled
 Loading extension GLX
 (II) LoadModule: "vboxvideo"
 (II) Loading /nix/store/4kbxi00h8xsmfgbws2qqh674lcfp03h6-VirtualBox-GuestAdditions-4.2.14-3.2.46/lib/xorg/modules/drivers/vboxvideo_drv.so
 (II) Module vboxvideo: vendor="Oracle Corporation"
 	compiled for 10.12.0, module version = 1.0.1
 	Module class: X.Org Video Driver
 	ABI class: X.Org Video Driver, version 12.0
 (EE) module ABI major version (12) doesn't match the server's version (13)
 (II) UnloadModule: "vboxvideo"
 (II) Unloading vboxvideo
 (EE) Failed to load module "vboxvideo" (module requirement mismatch, 0)
 (II) LoadModule: "vboxmouse"
 (WW) Warning, couldn't open module vboxmouse
 (II) UnloadModule: "vboxmouse"
 (II) Unloading vboxmouse
 (EE) Failed to load module "vboxmouse" (module does not exist, 0)
 (EE) No drivers available.

Fatal server error:
 no screens found
2013-06-23 13:06:03 +02:00