3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

285 commits

Author SHA1 Message Date
aszlig 2b58a6ab0d
virtualbox: Fix extension pack installation.
With hardening, we need to go a bit further rather than just allowing
/nix/store being world-writable. We now use fakeroot to make sure the
VBoxExtPackHelperApp won't moan that the files are not owned by root.

They are, but only outside of the chrooted build process.

Another issue with using fakeroot is that it doesn't seem to cope well
with arguments that contain spaces. That's why I've piped the call into
${stdenv.shell}.

Now, the really gory and confusing part is the introduction of
VBOX_PATH_APP_PRIVATE_ARCH_TOP and the change of VBOX_PATH_APP_PRIVATE.

The VBOX_PATH_APP_PRIVATE_ARCH is *only* for modules and is checked by
the hardened implementation against whether things like VMMR0.r0 or
VBoxVMM.so reside in that directory. As a side note: I admit that the
whole libexec directory is quite polluted with stuff that shouldn't be
there, but for now we've broken enough things and will tear apart the
whole structure at some day in the future[TM].

For the confusing part we have VBOX_PATH_APP_PRIVATE_ARCH_TOP, which
_should_ be the same as VBOX_PATH_APP_PRIVATE_ARCH but unfortunately,
the hardened implementation is checking against this directory (in
IsValidBaseDir) for the extension pack(why!?).

Of course, we could put even that into the libexec directory, somewhat
similar as the official package, but after all, let's at least *try* to
separate things.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-01 03:32:55 +01:00
aszlig 318fbb34e7
virtualbox: Allow /nix/store being world-writable.
We are already checking whether /nix/store has the sticky bit set, so if
it is world-writable as well it doesn't mean that the actual store path
is writable. Let alone the fact that it is only writable during the
build process.

This should fix installing the extension pack when enableExtensionPack
is used.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 18:23:19 +01:00
aszlig 017e6b72c1
virtualbox: Update to upstream version 4.3.20.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 06:25:50 +01:00
aszlig 3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig deec767efa
virtualbox: Disable depmod only where necessary.
Traversing the full source tree is unneccessary, because the calls are
only done within make files. Hence we only substitute make files now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
Rob Vermaas f54c852a36 docker: update from 1.3.0 to 1.3.1, potentially fixes CVE-2014-5277 2014-11-18 16:06:36 +01:00
AndersonTorres c7d83e5ee0 Bochs: upgrade to 2.6.7
Now, with SDL2 upgrade!
2014-11-18 10:53:40 -02:00
Jonathan Rudenberg 29d708176c virtualbox: 4.3.16 -> 4.3.18 2014-11-03 21:47:59 +01:00
Michael Raskin 830af476eb Update virtviewer 2014-11-03 16:54:38 +03:00
Corey O'Connor 48dc0eacb8 add pulseaudio to virtualbox 2014-10-22 20:56:25 +02:00
Paul Colomiets f86967ac8a docker: upgrade to 1.3.0 2014-10-17 23:20:09 +03:00
Bjørn Forsman fb8a2b3be7 virt-manager: fix missing schema error
The dependency on gsettings_desktop_schemas wasn't specified correctly.
Now it works.

Fixes this error, as seen when trying to open a guest VM when
virt-manager is accessed over ssh with X forwarding:

  GLib-GIO-ERROR **: Settings schema 'org.gnome.system.proxy' is not installed
2014-10-03 16:09:03 +02:00
Domen Kožar 58b6c4fce9 xen: note about security for next bump 2014-10-02 10:23:09 +02:00
AndersonTorres 59418454e6 Bochs: adding configurable options
Now, Bochs expression has a bunch of configurable options!

Unhappily, it is a big and complex project, and some configure options
are in constant clash. But the set created for now is very usable and
stable.

Closes #4366
2014-10-02 06:48:50 +01:00
ambrop7@gmail.com f8738a6d09 Update VirtualBox to 4.3.16. 2014-09-18 23:43:11 +02:00
ambrop7@gmail.com 2f79a85767 VirtualBox: Fix ALSA audio.
Use a sed replacement to ensure that dynamic loading of libasound works.
2014-09-14 11:28:34 +02:00
Pascal Wittmann 8d67b9a240 transformed meta.maintainers of some packages into lists 2014-09-13 13:52:02 +02:00
AndersonTorres b39e5ce957 Small style fixups
In this commit, I modified some files, conforming them to a
idiosyncratic standard - mainly, a template for meta attribs.
2014-09-10 21:34:50 -03:00
Vladimír Čunát 06fea81c6e Merge recent master into staging
Hydra: ?compare=1150594
2014-09-06 16:52:45 +02:00
Jaka Hudoklin 0c398f6040 docker: add xz to PATH, make importing from archives work 2014-09-04 01:30:59 +02:00
Jaka Hudoklin e5194e5aea docker: fix docker not finding dockerinit 2014-09-03 18:24:51 +02:00
Vladimír Čunát e51f73652d Merge recent master into staging
Hydra: ?compare=1149952

Conflicts:
	nixos/doc/manual/configuration.xml (changed split file)
	nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
	pkgs/development/libraries/readline/readline6.3.nix (auto-solved)
2014-08-30 10:04:02 +02:00
Aristid Breitkreuz a2eb68a6dc update virtualbox to 4.3.14 2014-08-28 21:27:08 +02:00
Aristid Breitkreuz 10a3369c99 virtinst: fix name resolution ambiguity breaking the runnability 2014-08-27 21:24:13 +02:00
Domen Kožar d52d71a04b pythonPackages.boto_1_9: remove 2014-08-27 13:26:00 +02:00
Jaka Hudoklin 88391a5c65 docker: update to 1.2.0 2014-08-24 17:30:50 +02:00
Michael Raskin ff4c6f39da Merge pull request #3671 from madjar/master
Added e2fsprogs to docker dependencies.
2014-08-23 13:08:07 +04:00
Michael Raskin 2991b5a2f3 Merge pull request #3529 from AndersonTorres/bochs
Bochs: update to version 2.6.6
2014-08-23 12:48:05 +04:00
AndersonTorres 6a78135865 Bochs: update to version 2.6.6 2014-08-21 07:08:09 -03:00
Georges Dubus a82e9e4b5c Added e2fsprogs to docker dependencies.
Otherwise, it complains about mkfs.ext4 not being present at service
start (and stops).
2014-08-19 11:00:46 +02:00
Luca Bruno 36bef2b267 gobject-introspection: refer to shlibs with absolute paths in typelibs
After this, LD_LIBRARY_PATH should not be required anymore.
The patch has been applied only for .la files, so there may
be some other cases missing.
2014-08-14 23:16:51 +02:00
Russell O'Connor a431a96df9 Allow QEMU to fallback to full simulation if /dev/kvm is not available. 2014-08-13 23:26:26 +02:00
Eelco Dolstra 8a7f3c3618 Mark a bunch of packages as broken or not supported on Darwin 2014-08-08 17:59:02 +02:00
Rob Vermaas 64561b437d Remove broken flag for xen, build with gcc45. 2014-08-01 17:18:27 +02:00
Paul Colomiets 9bc1676e5a Upgrade docker to 1.1.2 and add docker module
This version of module has disabled socketActivation, because until
nixos upgrade systemd to at least 214, systemd does not support
SocketGroup. So socket is created with "root" group when
socketActivation enabled. Should be fixed as soon as systemd upgraded.

Includes changes from #3015 and supersedes #3028
2014-07-28 21:45:49 +02:00
Mateusz Kowalczyk 7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
Austin Seipp de96d25294 qemu: 1.7.1 -> 2.0.0
The patch for CVE-2014-0150 is still required.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 15:52:44 -05:00
Benno Fünfstück 8b6300822b virtualbox: update 4.3.10 -> 4.3.12
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:33:25 -05:00
Austin Seipp aae821493d Revert "virtualbox: update 4.3.10 -> 4.3.12"
This reverts commit a0ae412a10.

It snuck by me in #2677. I'll test it more first.
2014-05-17 16:45:58 -05:00
Benno Fünfstück a0ae412a10 virtualbox: update 4.3.10 -> 4.3.12 2014-05-17 12:28:33 +02:00
AndersonTorres 2e950bd72e 8086tiny: update to 1.25
Locally build BIOS support
2014-05-14 22:40:09 +02:00
Benjamin Podszun 2ce5162252 Bump virt-viewer to 0.6.0, from the 2009 version 2014-05-14 22:24:01 +02:00
cillianderoiste 7adc00b8bc Merge pull request #2484 from chexxor/feature/bump-docker-0.10.0
Bump docker version to 0.10.0
2014-05-11 10:33:43 +02:00
Bjørn Forsman cb7c920e24 virt-manager: add missing gsettings schema
Without this it'll complain and abort when clicking "Take Screenshot" or
"Browse Local" when creating a new VM and looking for an CD-ROM image to boot
from:

GLib-GIO-ERROR **: Settings schema 'org.gtk.Settings.FileChooser' is not installed
2014-05-11 01:03:27 +02:00
Alex Berg 47090c9bdc Bump docker version to 0.10.0. 2014-05-03 17:03:33 +02:00
Eelco Dolstra 39faed1f2f qemu: Apply patch for CVE-2014-0150, CVE-2014-2894 2014-04-28 14:37:46 +02:00
Eelco Dolstra 0af5d11a6f qemu-image: Remove (obsolete) 2014-04-28 14:34:34 +02:00
Eelco Dolstra f2cb4def59 qemu: Update to 1.7.1 2014-04-17 15:54:42 +02:00
Alex Berg 7dff8a8aaf Bump Docker to v0.9.1. Tested pulling, committing, pushing.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 15:08:07 -05:00
Jaka Hudoklin 413ebfb246 virt-manager: update to 1.0.1, fix & update dependencies, gtk3 support
- Vte, add gtk3 support, enable introspection, update to 0.35.90
- Spice-gtk, add gtk3 support
- gtk-vnc, add gtk3 support
- Add libvirt-glib (thanks @bjornfor)
- Add usbredir
- qemu, enable usbredir
- spice-gtk, enable usbredir
- virt-manager, update to 1.0.1

[Bjørn:
* Set namePrefix = "" to preserve package name "virt-manager"
  (instead of "python2.7-virt-manager")
* Add dconf to GIO_EXTRA_MODULES to get persistent settings in
  virt-manager. Without it:
  GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications.
* Add ${gtk3}/share to XDG_DATA_DIRS to unbreak "Take Screenshot"
  feature (fixes "Settings schema 'org.gtk.Settings.FileChooser' is not installed")
* gtk-vnc: don't pull "pkgs" attrset for optionalString, use stdenv.lib.optionalString instead.
]
2014-04-05 18:37:05 +02:00