3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

213 commits

Author SHA1 Message Date
Will Dietz 35dea87c70
Merge pull request #60133 from dtzWill/update/qemu-4.0.0
qemu: 3.1.0 -> 4.0.0
2019-05-21 03:12:21 -05:00
volth 56b25e7034 qemu: fix cross (#60261) 2019-04-27 09:19:06 +02:00
Will Dietz bf35e8f0ba qemu: drop fix-hda-recording.patch, appears applied upstream
(across multiple commits, maybe?)
2019-04-23 21:44:25 -05:00
Will Dietz b6f020fe51 qemu: fix patch, drop CVE patch included 2019-04-23 21:44:23 -05:00
Will Dietz 9a711ccb8c qemu: 3.1.0 -> 4.0.0 2019-04-23 20:31:13 -05:00
Cole Mickens 23576f225c qemu-utils: init 2019-03-27 20:44:54 -07:00
Andreas Rammhold c7d7c6fc41
qemu: apply CVE-2019-3812 patch 2019-03-20 11:15:41 +01:00
aszlig 4c1ddb3a57
qemu: Apply interim fix for overlayfs + O_NOATIME
Our VM tests and everything related to our virtualisation infrastructure
is currently broken if used with kernel 4.19 or later.

The reason for this is that since 4.19, overlayfs uses the O_NOATIME
flag when opening files in lowerdir and this doesn't play nice with the
way we pass the Nix store to our QEMU guests.

On a NixOS system, paths in the Nix store are typically owned by root
but the QEMU process is usually run by an ordinary user. Using O_NOATIME
on a file where you're not the owner (or superuser) will return with
EPERM (Operation not permitted).

This is exactly what happens in our VM tests, because we're using
overlayfs in the guests to allow writes to the store.

Another implication of this is that the default kernel version for NixOS
19.03 has been reverted to Linux 4.14.

Work on getting this upstream is still ongoing and the patch I posted
previously was incomplete, needs rework and also some more review from
upstream maintainers - in summary: This will take a while.

So instead of rushing in a kernel patch to nixpkgs, which will affect
all users of overlayfs, not just NixOS VM tests, I opted to patch QEMU
for now to ignore the O_NOATIME flag in 9p.

I think this is also the least impacting change, because even if you
care about whether access times are written or not, you get the same
behaviour as with Linux 4.19 in conjunction with QEMU.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/54509
2019-03-18 13:34:30 +01:00
Marcus Geiger 355d9a6378 qemu: Add support for the Hypervisor framework on Darwin
This provides macOS native hardware acceleration to Qemu.
2019-02-12 22:58:50 +01:00
Daniel Kuehn 3b7713a4d6 qemu: Add argument to enable support for ceph rbd storage 2019-02-06 19:53:23 +01:00
worldofpeace 2c76519900 vte, vte_290, vte-ng: rename frome gnome3.vte* 2018-12-25 20:14:32 -05:00
Jörg Thalheim 1b146a8c6f
treewide: remove paxutils from stdenv
More then one year ago we removed grsecurity kernels from nixpkgs:
https://github.com/NixOS/nixpkgs/pull/25277

This removes now also paxutils from stdenv.
2018-12-22 12:55:05 +01:00
volth b686f38c40
qemu: 3.0.0 -> 3.1.0 2018-12-15 00:22:08 +00:00
Matthew Bauer 9c8fd41224 treewide: add emulator to platform
You can use stdenv.hostPlatform.emulator to get an executable that
runs cross-built binaries. This could be any emulator. For instance,
we use QEMU to emulate Linux targets and Wine to emulate Windows
targets. To work with qemu, we need to support custom targets.

I’ve reworked the cross tests in pkgs/test/cross to use this
functionality.

Also, I’ve used talloc to cross-execute with the emulator. There
appears to be a cross-execute for all waf builds. In the future, it
would be nice to set this for all waf builds.

Adds stdenv.hostPlatform.qemuArch attrbute to get the qemuArch for
each platform.
2018-11-29 19:15:30 -06:00
Yegor Timoshenko 475da25b40
qemu: enable smartcard support 2018-10-12 20:38:55 +00:00
Will Dietz 8fc2799e02 qemu: port musl patch to new version (#46449) 2018-09-10 08:14:37 +02:00
John Ericson 2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
volth 341250fa10 qemu: 2.12.1 -> 3.0.0 2018-08-20 22:02:02 +00:00
R. RyanTM f5bd6b8bfe qemu: 2.12.0 -> 2.12.1 (#44711)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/qemu/versions.
2018-08-16 21:33:50 +02:00
Izorkin e2c98528e9 qemu: add path to bin utilites 2018-08-15 11:17:44 +03:00
Lluís Batlle i Rossell 66d7126255 Take me (viric) out of most maintenance
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
2018-07-22 21:50:19 +02:00
Ruben Maher 0b3f13d442 pkgs/qemu: tell qemu where to find smbd if smbdSupport is true (#41615) 2018-06-11 00:18:31 +02:00
Matthew Bauer 6748534d83 Merge remote-tracking branch 'upstream/master' into staging 2018-05-08 09:36:00 -05:00
Florian Klink 70c57fe363 qemu: fix spaces in postInstall 2018-05-07 19:23:47 +03:00
Matthew Justin Bauer eeb016e8f0
Merge branch 'staging' into fix-ncurses-darwin-extensions 2018-05-02 15:40:38 -05:00
xeji 00610fe090 qemu-riscv: remove, obsolete with qemu 2.12
upstream qemu 2.12 includes riscv support
2018-04-26 18:15:21 +02:00
Will Dietz 3d4aa7e95d qemu: workaround 'struct sysinfo' conflict musl <--> linux
Most everyone using musl patches the linux headers instead,
but various software uses a local workaround like the
one added in this commit (psutils, for example).

It's not obvious to me which project has the "bug",
and I'm reluctant to even propose modifying our headers
without clear answer on the issue.

Also, modifying those headers triggers rebuild-all-the-things.

Hopefully upstream projects sort this out, in the meantime
adding this define is a bit of a kludge but does the job.

-------

For the curious, the patch usually is something like this:
https://patchwork.kernel.org/patch/3833241/

Here's an updated version that also ensures
kernel users get the sysinfo struct as expected too:
https://raw.githubusercontent.com/openwrt/openwrt/e3c43ade0bae9491aeea50fa361e846bb5002dc0/target/linux/generic/pending-4.14/270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch

(cherry picked from commit dtzWill/nixpkgs@91b5f5a463)
2018-04-26 17:58:16 +02:00
xeji 3e3b39f173 qemu: 2.11.1 -> 2.12.0 2018-04-26 01:41:53 +02:00
John Ericson ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Jan Malakhovski 7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Daiderd Jordan bca24c02ac
qemu: fix darwin build 2018-04-24 00:19:34 +02:00
xeji 5be6943696 qemu: add separate output for qemu-ga guest agent 2018-04-20 11:05:50 +02:00
xeji 10149ef5e3 qemu: add option to build with gtk support 2018-04-15 23:31:42 +02:00
Frederik Rietdijk 595a72589f Merge master into staging 2018-04-08 10:54:17 +02:00
Austin Seipp 4b7f2dd622 qemu-riscv: update to qemu-2.11.92pre60378_f733c7b5f
This obsoletes two of the included patches, one of them RISC-V specific,
since they've been picked up by upstream.

This build has been confirmed as being able to build and run an (extremely
recent) RISC-V Fedora 28 Rawhide image, available from:

    https://fedorapeople.org/groups/risc-v/disk-images/

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-07 22:25:30 -05:00
Jan Malakhovski 228eee6cd4 qemu: fix options 2018-03-26 14:02:06 +03:00
Nikolay Amiantov e2d59e06bf qemu: add virgl renderer support 2018-03-26 14:01:49 +03:00
Nikolay Amiantov 1de04e45cb qemu: add OpenGL support 2018-03-26 14:01:49 +03:00
Nikolay Amiantov 5f44faaca9 qemu: use SDL2 as SDL library
This is needed for OpenGL support.
2018-03-26 14:01:49 +03:00
Will Dietz 55e59e4557 qemu: musl patches
(cherry picked from commit 1bf8ff49d55fc7dfdd460f3d4f02c148ed2a2b40)
2018-03-25 18:41:11 -05:00
Shea Levy 9bfd74deff
qemu-riscv: Don't apply already-applied glibc-2.27 patch 2018-03-24 07:33:04 -04:00
Shea Levy 34898469f7
qemu: Add upstream glibc 2.27-compat patch 2018-03-17 21:58:14 -04:00
Jan Tojnar a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Shea Levy 0022708d6d
qemu-riscv: Add initrd support patch 2018-02-20 09:11:06 -05:00
Shea Levy 2f310cfa8b
qemu: Fix statfs flag.
Compile-tested the right package this time...
2018-02-18 21:47:07 -05:00
Shea Levy e3f947a19a
Add missing files 2018-02-18 14:33:43 -05:00
Shea Levy 4839b568de
qemu: Add patch for statfs f_flags in Linux user mode. 2018-02-18 14:08:22 -05:00
Shea Levy d4e1ef7b7b
qemu-riscv: 2.11.50pre57991_713f2c1164 -> 2.11.50pre58771_af435b709d 2018-02-18 09:28:54 -05:00
Shea Levy 890c0b9654
qemu-riscv: Init at 2.11.50pre57991_713f2c1164.
Fixes #35087
2018-02-17 20:29:11 -05:00
Shea Levy ecf4825f32
qemu: 2.11.0 -> 2.11.1 2018-02-17 19:32:13 -05:00
Jan Malakhovski 06adc17455 xen, qemu: passthru the path to qemu-system-i386 2018-02-09 19:51:07 +00:00
Graham Christensen b5a61f2c59
Revert "nixos: doc: implement related packages in the manual" 2017-12-23 07:19:45 -05:00
Arseniy Seroka 36e02645eb
Merge pull request #32424 from oxij/nixos/related-packages
nixos: doc: implement related packages in the manual
2017-12-23 03:34:58 +03:00
volth 489d3e7d06 qemu: fix bin/qemu-kvm on aarch64 + minor fixes
* $out/bin/qemu-kvm should point to qemu-system-aarch64 on aarch64, libvirt expect it
 * makeWrapper codes are separated as some architectures might require additional command flags (https://github.com/NixOS/nixpkgs/issues/31606#issuecomment-349675127)
 * x86_64-on-i686 is not a native emulation and not supported by KVM, so it is removed from the list
2017-12-19 06:22:16 +02:00
volth fbaa749621
qemu: 2.10.1 -> 2.11.0 2017-12-15 08:49:32 +00:00
Jan Malakhovski 7a92c2074d xen, qemu: passthru the path to qemu-system-i386 2017-12-07 21:27:32 +00:00
Andreas Rammhold d72974a207 qemu: apply patch for CVE-2017-17381
More details at [1].

[1] http://www.openwall.com/lists/oss-security/2017/12/05/2
2017-12-05 10:18:42 +01:00
Antoine Eiche 268d3656db qemu: fix CVE-2017-15118
See https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
2017-11-29 11:19:50 +01:00
Tuomas Tynkkynen 3b2056536c qemu: Rename x86Only option to hostCpuOnly
And also make it work on ARM and Aarch64.
2017-11-26 11:13:20 +02:00
Tuomas Tynkkynen eb3925ff62 qemu: Disable numactl on ARM
32-bit ARM doesn't do numa.
2017-11-26 11:13:20 +02:00
Franz Pletz b3dc24c8c8
qemu: 2.9.1 -> 2.10.1 2017-10-25 17:49:35 +02:00
Franz Pletz 536ab403d4
qemu: 2.9.0 -> 2.9.1
Security and bugfix release.
2017-09-28 16:59:41 +02:00
Tim Jäger 0c1c3d2b99 qemu: fix HDA recording latency
Very long latency occurs for audio inputs when simulating an Intel HDA device.

Patch courtesy of Volker Rümeling.
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03336.html
2017-08-16 09:48:49 +02:00
Thomas Tuegel fe800447c2
qemu: unset CPP
Commit 093cc00cdd sets the environment variable
`CPP' by default, but this interferes with dependency calculation.
2017-07-21 16:49:24 -05:00
Volth 1931ad0e2c qemu: 2.8.1 -> 2.9.0 2017-04-23 14:20:48 +02:00
Volth 160a84013e qemu: 2.8.0 -> 2.8.1 2017-04-02 00:21:56 +00:00
aszlig 0a7673d202
qemu_test: Rebase force-uid0-on-9p.patch
This reverts commit 3a4e2376e4.

The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.

So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.

I've tested this with the "misc" NixOS test and it succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-03-11 15:16:49 +01:00
Franz Pletz 3a4e2376e4
qemu_test: don't apply patch for CVE-2016-9602
Both patches are conflicting. Keeping the vulnerability unpatched in qemu
binaries used for nixos test is tolerable.
2017-03-11 13:43:42 +01:00
Franz Pletz 621e7a9945
qemu: fetch vnc bugfix patch from debian
This version of the patch applies cleanly to the 2.8.0 release.
2017-03-11 09:32:48 +01:00
Franz Pletz c512180f9c
qemu: add patches for multiple CVEs
New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:

  * CVE-2016-7907
  * CVE-2016-9602
  * CVE-2016-10155
  * CVE-2017-2620
  * CVE-2017-2630
  * CVE-2017-5525
  * CVE-2017-5526
  * CVE-2017-5579
  * CVE-2017-5856
  * CVE-2017-5857
  * CVE-2017-5987
  * CVE-2017-6058
2017-03-11 08:14:29 +01:00
Jan Malakhovski 1c8940a2b8 qemu: add xen support 2017-03-05 13:59:28 +00:00
Jan Malakhovski eff9b09fb7 qemu: separate usbredirSupport option out of spiceSupport option 2017-03-05 13:59:28 +00:00
Franz Pletz 6bafe64a20
qemu: apply patches for multiple CVEs
Fixes:

  * CVE-2017-2615
  * CVE-2017-5667
  * CVE-2017-5898
  * CVE-2017-5931
  * CVE-2017-5973

We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.

cc #23072
2017-02-25 09:40:53 +01:00
Graham Christensen f46c5b293b
qemu: 2.7 -> 2.8, drop 2.7 2017-01-26 20:23:40 -05:00
Antoine Eiche 9f1514f086 qemu: fix several CVEs
- CVE 2016-9845
- CVE-2016-9846
- CVE-2016-9907
- CVE-2016-9912
2017-01-20 11:09:02 +01:00
Antoine Eiche 0bd3f82a67 qemu: fix the url of patch for CVE-2016-9921 and CVE-2016-9922 2017-01-20 11:02:22 +01:00
Graham Christensen f5ca9a4212
Merge branch 'roundup-15' 2016-12-28 21:04:51 -05:00
Antoine Eiche bc63738c6f
qemu: fix CVE-2016-9921 and CVE-2016-9922 2016-12-28 20:37:00 -05:00
Antoine Eiche a5dd311208
qemu: fix CVE-2016-9911 2016-12-28 20:36:53 -05:00
Michael Raskin 442623e499 qemu_28: init at 2.8.0; not updating the main Qemu expression yet because there were some claims about NixOS test fragility 2016-12-28 15:04:51 +01:00
Eelco Dolstra 8a0843c3c4
qemu-kvm: Mark the version for tests
(cherry picked from commit d58a4ec1ba)
2016-12-20 10:52:46 +01:00
aszlig 38ea64e867
qemu_test: Make chown() calls to the store a no-op
The "misc" NixOS test is using Nix to query the store and it tries to
change the ownership of it while doing so.

This fails if Nix is not in a seccomp-sandboxed userid namespace, so
let's make chown() a no-op when applied to store paths.

Fixes the misc test (and possibly future tests) on older Nix versions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-16 13:06:25 +01:00
Eelco Dolstra 705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Vladimír Čunát 925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk 97259c811e qemu: use python2 2016-11-24 22:28:03 +01:00
Franz Pletz 336bacfa1d
qemu: add patch to fix CVE-2016-7907
cc #20647
2016-11-23 23:23:49 -05:00
Bjørn Forsman bbe5f99e0b qemu: add curl to buildInputs
Enables support for accessing files over HTTP:

  qemu-system-x86_64 -drive media=cdrom,file=http://host/path.iso,readonly

Increases the closures size from 445 to 447 MiB.
2016-11-23 17:44:02 +01:00
Franz Pletz f4a318b528
qemu: add patches for CVE-2016-7994 & CVE-2016-8668 2016-11-17 22:00:44 +01:00
aszlig 6cfb3b6364
nixos/tests: Use a patched QEMU for testing
The reason to patch QEMU is that with latest Nix, tests like "printing"
or "misc" fail because they expect the store paths to be owned by uid 0
and gid 0.

Starting with NixOS/nix@5e51ffb1c2, Nix
builds inside of a new user namespace. Unfortunately this also means
that bind-mounted store paths that are part of the derivation's inputs
are no longer owned by uid 0 and gid 0 but by uid 65534 and gid 65534.

This in turn causes things like sudo or cups to fail with errors about
insecure file permissions.

So in order to avoid that, let's make sure the VM always gets files
owned by uid 0 and gid 0 and does a no-op when doing a chmod on a store
path.

In addition, this adds a virtualisation.qemu.program option so that we
can make sure that we only use the patched version if we're *really*
running NixOS VM tests (that is, whenever we have imported
test-instrumentation.nix).

Tested against the "misc" and "printing" tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-17 17:16:16 +01:00
Franz Pletz 25c01931bb
qemu: add patches to fix lots of CVEs
Patches from Debian and upstream git repo.

Fixes:

 * CVE-2016-6836
 * CVE-2016-7155
 * CVE-2016-7156
 * CVE-2016-7157
 * CVE-2016-7421
 * CVE-2016-7422
 * CVE-2016-7423
 * CVE-2016-7466
 * CVE-2016-8909
 * CVE-2016-8910
 * CVE-2016-9102
 * CVE-2016-9103
 * CVE-2016-9104
 * CVE-2016-9105
 * CVE-2016-9106

cc #20078
2016-11-03 02:45:16 +01:00
Graham Christensen 5e25995295
qemu: 2.6.1 -> 2.7.0 2016-09-25 15:40:47 -04:00
Robin Gloster 7b1597bec2
qemu: 2.6.0 -> 2.6.1 2016-08-31 13:31:22 +02:00
Robin Gloster 7eaa83a3e9
qemu: patch security issues in 9pfs
CVE-2016-7116, others have no ID assigned, yet.
Fixes from 2.7 tree.
2016-08-31 13:31:22 +02:00
Joachim Fasting dae5f53d25
qemu: apply PaX markings 2016-06-14 03:38:18 +02:00
Rickard Nilsson 13b8606241 qemu: 2.5.1 -> 2.6.0 2016-05-25 10:42:45 +02:00
Domen Kožar 8a34a3b37a qemu: 2.5.0 -> 2.5.1
Hopefully this also fixes installer tests on i686
2016-03-30 15:12:41 +01:00
Matthew Bauer 864ec69c84 qemu: compile with cocoa for darwin support
This uses the --enable-cocoa flag in qemu to build in Darwin.
2016-03-04 17:45:34 -06:00
Franz Pletz 6b20b7c4d7 qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
Domen Kožar caa9c53d6e qemu: enable numa 2015-12-15 23:41:55 +01:00
William A. Kennington III cfda3f3eed qemu: 2.4.0.1 -> 2.4.1 2015-11-05 18:18:35 -08:00