Commit Graph

162 Commits

Author SHA1 Message Date
Alyssa Ross
8e71416e5d qemu: set localstatedir
Otherwise qemu-qa, qemu-pr-helper, and virtiofsd, try to write to
$out/var at runtime.

Fixes: https://github.com/NixOS/nixpkgs/issues/113909
Fixes: https://github.com/NixOS/nixpkgs/pull/112886
2021-03-29 17:19:06 +00:00
Jörg Thalheim
c3b9c62eba
Merge pull request #112881 from alyssais/qemu-stack
qemu: re-enable stack protection
2021-03-07 11:40:24 +00:00
Sandro Jäckel
993fb95e78
qemu: remove not require enableParallelBuild 2021-03-03 16:23:53 +01:00
Sandro Jäckel
4ad340f37c
Revert "qemu: guard desktop file removal"
This reverts commit e74ae54da5.

rm -f ignores if the file exists or not.
2021-03-01 18:32:39 +01:00
Jörg Thalheim
3f2321e5c1
Merge pull request #112440 from bobrik/ivan/qemu-aarch64-darwin-prep 2021-02-16 06:49:16 +00:00
Florian Klink
c70a8c8d92
Merge pull request #113189 from nix-things-mobile/fix/qemu-repair
qemu: guard desktop file removal
2021-02-15 21:54:29 +01:00
daniel
e74ae54da5 qemu: guard desktop file removal
The qemu.desktop file should only be attempted to be removed if available.
2021-02-15 09:33:18 +01:00
TredwellGit
dd441204f6 qemu: set sysconfdir
Fixes https://github.com/NixOS/nixpkgs/issues/111675 and https://github.com/NixOS/nixpkgs/issues/110142.
2021-02-13 00:25:28 +00:00
Alyssa Ross
8f0bd879da
qemu: re-enable stack protection
5e25995295 ("qemu: 2.6.1 -> 2.7.0") added this, because the QEMU
build failed without it.  That's no longer the case, so we can bring
back stack protection.
2021-02-09 21:26:43 +00:00
Ivan Babrou
251add14cf qemu: only apply autoPatchelfHook on linux
It fails on darwin due to missing `patchelf` and the missing ELFs:

```
/nix/store/...-auto-patchelf-hook/nix-support/setup-hook: line 220: -l: command not found
```
2021-02-08 13:48:16 -08:00
Ivan Babrou
d29e8f0e59 qemu: rename VERSION to QEMU_VERSION to avoid name clash
In libc++ starting with LLVM8 there's `<version>` include in `cstddef`:

The following things also align:

* QEMU has a file called `VERSION` in repo root
* QEMU prepends repo root to include path in build
* macOS has a case-insensetive filesystem

All of this combined means that `VERSION` file is included as a header.

Working around this be renaming `VERSION` -> `QEMU_VERSION` to resolve ambiguity.

The problem really only appears on `aarch64-darwin`, since on `x86_64-darwin`
there are no C++ files to compile. The workaround is harmless enough to apply.
2021-02-08 13:45:47 -08:00
Ivan Babrou
bb475b01d2 qemu: do not force x86_64 cpu on darwin
This change produces the following warning:

```
... configure: line 619: sysctl: command not found
```

It's benign and sysctl is only useful on MacOS X Leopard:

* https://github.com/qemu/qemu/blob/v5.2.0/configure#L615-L621

Leopard is 13 years old and is not supported by Nix.

The sysctl check is removed in qemu master branch already.

Plus aarch64-darwin is coming in #105026, so there's no reason to force x86_64.
2021-02-08 13:39:10 -08:00
Milan
b7871c3f2d
qemu: fix build when desktop file does not exist (#110721)
The qemu-user variants as used by binfmt emulation through
`(lib.systems.elaborate lib.systems.examples.aarch64-multiplatform).emulator pkgs`
does not install a .desktop file since qemu 5.2.0. This change allows
the build to continue if deletion of the desktop file fails.
2021-01-25 19:24:32 +01:00
Drew Risinger
9e403b19a1 qemu: 5.1.0 -> 5.2.0
Updates to latest version of QEMU.
The build system has changed to ninja.
There are several configuration flags that aren't enabled. I will
defer to maintainers on those.

Adds autoPatchelfHook for patching output dynamically linked binaries.

qemu: use Nix's meson vs bundled

qemu: remove custom directory locations

It appears that these directories are no longer automatically prefixed
with $out/, so they are now trying to write to the system /etc/, /var/
directories, which is not permitted in sandbox.
The default directories seem to work OK, so using those.
2021-01-19 14:06:28 -05:00
Sandro
1afec60627
Merge pull request #95274 from misuzu/qemu-iscsi 2021-01-17 20:16:06 +01:00
Ben Siraphob
5d566c43b4 pkgs/applications: pkgconfig -> pkg-config 2021-01-16 23:49:59 -08:00
Ben Siraphob
108bdac3d9 pkgs/applications: stdenv.lib -> lib 2021-01-15 14:24:03 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
misuzu
c5dd597870 qemu: libiscsi support 2020-12-29 16:19:42 +02:00
Martin Weinelt
c3f268000e
qemu: fix CVE-2020-28916
While receiving packets via e1000e_write_packet_to_guest an infinite
loop could be triggered if the receive descriptor had a NULL buffer
address.

A privileged guest user could use this to induce a DoS Scenario.

Fixes: CVE-2020-28916
2020-12-01 16:54:21 +01:00
Martin Weinelt
bd3ce46719
qemu: fix CVE-2020-29129, CVE-2020-29130 in vendored libslirp
Fixes out-of-bounds access in libslirp while processing ARP/NCSI packets.

Fixes: CVE-2020-29129, CVE-2020-29130
2020-11-28 02:47:44 +01:00
Martin Weinelt
0c54b757e9
qemu: apply patch for CVE-2020-27617
An assert(3) failure issue was found in the networking helper functions of QEMU. It could occur in the eth_get_gso_type() routine, if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. A guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Fixes: CVE-2020-27617
2020-11-02 14:01:01 +01:00
Andreas Rammhold
2451796b49
qemu: make ncurses optional for the test runner
This shaves another 3MB off the closure size of QEMU.
2020-10-19 17:49:31 +02:00
Andreas Rammhold
e79eed4840
qemu: strip down the features for the test runner
This allows much faster VM-test based systemd testing as the closure of
qemu suddenly shrinks to reasonable sizes again.
2020-10-19 17:39:47 +02:00
Arthur Gautier
4e73ee6a53 qemu: adds tpm support 2020-08-23 17:24:38 -07:00
misuzu
24028674a1 qemu: 5.0.0 -> 5.1.0 2020-08-16 08:12:55 +00:00
Peter Hoeg
cde67612b2 qemu: drop invalid and redundant qemu.desktop 2020-07-22 13:38:23 +08:00
Frederik Rietdijk
08900c0554 Merge master into staging-next 2020-06-04 15:25:54 +02:00
Florian Klink
c7eb16cec3 qemu: wrap GTK binaries
Applications using a different GTK version than the user session don't
work well, and people often run NixOS VM tests on different channels.

Wrapping these GTK binaries is a common way to fix this.

Fixes #69158
2020-06-01 23:06:28 +02:00
Scott Worley
f2406c602a qemu: 4.2.0 -> 5.0.0 2020-05-19 21:51:33 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Andrew Dunham
ef3addb1cb qemu: add patches for CVE-2020-7039 and CVE-2020-7211
Fixes #78762
2020-02-01 16:37:15 -08:00
Robert Scott
f5c0d150e7 qemu: add patch for CVE-2019-15890 2019-12-19 00:51:04 +00:00
Robert Scott
8c3a97fa7e qemu: 4.1.0 -> 4.2.0 2019-12-18 22:00:49 +00:00
hyperfekt
4dce5d71c6 qemu: name -> pname 2019-11-05 23:39:12 +00:00
Izorkin
a2226d7de5 qemu: 4.0.0 -> 4.1.0 2019-08-17 21:00:40 +03:00
Nikolay Amiantov
ef8addb919 qemu: fix documentation 2019-07-03 21:11:59 +03:00
Matthew Bauer
4d6f65b81f
Merge pull request #62167 from matthewbauer/alias-libgl
Add libGL* aliases
2019-06-17 15:18:29 -04:00
Matthew Bauer
263f5891b6 treewide: mesa_noglu, mesa_drivers, libGL_driver -> mesa
Just use mesa for these to be more clear. Move these to aliases.nix
2019-06-17 14:43:18 -04:00
Marek Mahut
a4e6261173 qemu: CVE-2019-12155 2019-06-15 23:54:01 +02:00
Will Dietz
35dea87c70
Merge pull request #60133 from dtzWill/update/qemu-4.0.0
qemu: 3.1.0 -> 4.0.0
2019-05-21 03:12:21 -05:00
volth
56b25e7034 qemu: fix cross (#60261) 2019-04-27 09:19:06 +02:00
Will Dietz
bf35e8f0ba qemu: drop fix-hda-recording.patch, appears applied upstream
(across multiple commits, maybe?)
2019-04-23 21:44:25 -05:00
Will Dietz
b6f020fe51 qemu: fix patch, drop CVE patch included 2019-04-23 21:44:23 -05:00
Will Dietz
9a711ccb8c qemu: 3.1.0 -> 4.0.0 2019-04-23 20:31:13 -05:00
Andreas Rammhold
c7d7c6fc41
qemu: apply CVE-2019-3812 patch 2019-03-20 11:15:41 +01:00
aszlig
4c1ddb3a57
qemu: Apply interim fix for overlayfs + O_NOATIME
Our VM tests and everything related to our virtualisation infrastructure
is currently broken if used with kernel 4.19 or later.

The reason for this is that since 4.19, overlayfs uses the O_NOATIME
flag when opening files in lowerdir and this doesn't play nice with the
way we pass the Nix store to our QEMU guests.

On a NixOS system, paths in the Nix store are typically owned by root
but the QEMU process is usually run by an ordinary user. Using O_NOATIME
on a file where you're not the owner (or superuser) will return with
EPERM (Operation not permitted).

This is exactly what happens in our VM tests, because we're using
overlayfs in the guests to allow writes to the store.

Another implication of this is that the default kernel version for NixOS
19.03 has been reverted to Linux 4.14.

Work on getting this upstream is still ongoing and the patch I posted
previously was incomplete, needs rework and also some more review from
upstream maintainers - in summary: This will take a while.

So instead of rushing in a kernel patch to nixpkgs, which will affect
all users of overlayfs, not just NixOS VM tests, I opted to patch QEMU
for now to ignore the O_NOATIME flag in 9p.

I think this is also the least impacting change, because even if you
care about whether access times are written or not, you get the same
behaviour as with Linux 4.19 in conjunction with QEMU.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/54509
2019-03-18 13:34:30 +01:00
Marcus Geiger
355d9a6378 qemu: Add support for the Hypervisor framework on Darwin
This provides macOS native hardware acceleration to Qemu.
2019-02-12 22:58:50 +01:00
Daniel Kuehn
3b7713a4d6 qemu: Add argument to enable support for ceph rbd storage 2019-02-06 19:53:23 +01:00
worldofpeace
2c76519900 vte, vte_290, vte-ng: rename frome gnome3.vte* 2018-12-25 20:14:32 -05:00