1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-19 12:28:51 +00:00
Commit graph

272 commits

Author SHA1 Message Date
Tim Steinbach 312c2f7961
virtualbox: Add ability to disable 32-bit guest support 2017-06-28 22:24:19 -04:00
aszlig 63fb845fcf
virtualbox: Rebase hardened.patch on top of 5.1.22
The merge of the version bump in
6fb9f89238 didn't take care of our patch
for the hardening mode and thus enabling VirtualBox without also
force-disabling hardening mode will result in a build error.

While the patch is largely identical with the old version, I've removed
one particular change around the following code:

    if (pFsObjState->Stat.st_mode & S_IWOTH)
        return supR3HardenedSetError3(VERR_SUPLIB_WORLD_WRITABLE, pErrInfo,
                                      "World writable: '", pszPath, "'");

In the old version of the patch we have checked whether the path is
within the Nix store and suppressed the error return if that's the case.

The reason why I did that in the first place was because we had a bunch
of symlinks which were writable.

In VirtualBox 5.1.22 the code specifically checks whether the file is a
symlink, so we can safely drop our change.

Tested via all of the "virtualbox" NixOS VM subtests and they now all
succeed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-23 05:48:54 +02:00
Tim Steinbach 6fb9f89238 Merge pull request #25368 from bachp/virtualbox-5.1.22
virtualbox: 5.1.18 -> 5.1.22
2017-06-22 21:23:47 -04:00
Thomas Tuegel c816bbc8a8
qt5: remove makeQtWrapper 2017-06-18 08:44:42 -05:00
Vladimír Čunát cc9a72a286
virtualboxGuestAdditions: don't install setuid/setgid 2017-06-09 13:09:21 +02:00
Pascal Bach c4a48600bf virtualbox: 5.1.18 -> 5.1.22 2017-04-30 22:55:23 +02:00
Kosyrev Serge 0c3138e602 virtualbox: a more maintenance-free way of patching refs to dlopen()-affected dependencies 2017-03-28 01:32:11 +03:00
Nikolay Amiantov 52451067c7 virtualbox: wrap with Qt dependencies
Fixes GTK file open dialogs. Also make sure that linked applications really
exist, and update their list.
2017-03-28 00:29:40 +03:00
Robin Gloster 07252dc83b
virtualbox: 5.1.14 -> 5.1.18 2017-03-20 16:05:20 +01:00
Alexey Shmalko 0d31a76813
virtualbox: fix build
The issue was caused by upgrading `qt` from `qt56` to `qt57`, which
now requires C++11.

For more info, see https://github.com/NixOS/nixpkgs/issues/23257.
2017-02-28 05:35:52 +02:00
Parnell Springmeyer 9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Vladimír Čunát 31eba21d1d
virtualbox: force xorg-server-1.18 for now
This is getting a little hacky, but hopefully it won't break anything.
2017-02-12 21:07:49 +01:00
Pascal Bach 5ca3a7e56f virtualbox: remove upstream-info.json as it is no longer used
We keep the script as it might be useful in the future.
2017-02-02 21:11:08 +01:00
Pascal Bach 599df5e108 virtualbox: 5.1.10 -> 5.1.14 2017-02-02 21:10:01 +01:00
Eelco Dolstra c20cc6d0b3
Excise use of importJSON
Putting information in external JSON files is IMHO not an improvement
over the idiomatic style of Nix expressions. The use of JSON doesn't
add anything over Nix expressions (in fact it removes expressive
power). And scattering package info over lots of little files makes
packages less readable over having the info in one file.
2017-01-30 11:44:08 +01:00
Parnell Springmeyer 4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Peter Hoeg bea3209d5f virtualbox: 5.1.8 -> 5.1.10 2016-12-15 16:20:33 +08:00
Frederik Rietdijk 84e9328028 virtualbox: python is always needed
even when not building bindings.
2016-11-14 19:09:25 +01:00
Frederik Rietdijk 95c54db397 virtualbox: use python2
and remove python buildInput. Python should only be added when
`pythonBindings` is true.
2016-11-08 22:48:54 +01:00
Graham Christensen 69e8bac9cd
virtualbox: 5.1.6 -> 5.1.8 for many CVEs:
From LWN:
From the NVD entries:

CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5538.

CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5501.

CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.1.4 in Oracle Virtualization allows remote
attackers to affect confidentiality and integrity via vectors related
to VRDE.

CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5613.

CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core.

CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality via
vectors related to Core.

CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5608.
2016-10-26 22:18:00 -04:00
Robin Gloster 2d0c1c6a7c
linuxPackages.virtualboxGuestAdditions: fix with grsecurity 2016-09-26 14:52:49 +02:00
Domen Kožar 5d1db88a7c virtualboxGuestAdditions: mark as broken on grsecurity
(cherry picked from commit 4821fa2d19)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:19 +02:00
Eelco Dolstra ddd41a509a virtualbox: Drop dontPatchELF hack
However, this also requires ad8f31df7f
to get rid of gcc_multi.out in the closure.
2016-09-20 18:02:19 +02:00
aszlig e19aa3819e
virtualbox: 5.1.4 -> 5.1.6
Upstream changelog without bug numbers:

  * GUI: fixed issue with opening '.vbox' files and it's aliases
  * GUI: keyboard grabbing fixes
  * GUI: fix for passing through Ctrl + mouse-click
  * GUI: fixed automatic deletion of extension pack files
  * USB: fixed showing unknown device instead of the manufacturer or
         product description under certain circumstances
  * XHCI: another fix for a hanging guest under certain conditions, this
          time for Windows 7 guests
  * Serial: fixed high CPU usage with certain USB to serial converters
            on Linux hosts
  * Storage: fixed attaching stream optimized VMDK images
  * Storage: reject image variants which are unsupported by the backend
  * Storage: fixed loading saved states created with VirtualBox 5.0.10
             and older when using a SCSI controller
  * Storage: fixed broken NVMe emulation if the host I/O cache setting
             is enabled
  * Storage: fixed using multiple NVMe controllers if ICH9 is used
  * NVMe: fixed a crash during reset which could happen under certain
          circumstances
  * Audio: fixed microphone input (5.1.2 regression)
  * Audio: fixed crashes under certain conditions (5.1.0 regression)
  * Audio: fixed recording with the ALSA backend (5.1 regression)
  * Audio: fixed stream access mode with OSS backend (5.1 regression,
           thanks to Jung-uk Kim)
  * E1000: do also return masked bits when reading the ICR register,
           this fixes booting from iPXE (5.1.2 regression)
  * BIOS: fixed 4bpp scanline calculation
  * API: relax the check for the version attribute in OVF/OVA appliances
  * Windows hosts: fixed crashes when terminating the VM selector or
                   other VBox COM clients
  * Linux Installer: fixed path to the documentation in .rpm packages
                     (5.1.0 regression)
  * Linux Installer: fixed the vboxdrv.sh script to prevent an SELinux
                     complaint
  * Linux hosts: don't use 32-bit legacy capabilities
  * Linux Additions: Linux 4.8 fix for the kernel display driver
  * Linux Additions: don't load the kernel modules provided by the Linux
                     distribution but load the kernel modules from the
                     official Guest Additions package instead
  * Linux Additions: fix dynamic resizing problems in recent Linux
                     guests
  * User Manual: fixed error in the VBoxManage chapter for the
                 getextradata enumerate example

The full upstream changelog with bug numbers can be found at:

https://www.virtualbox.org/wiki/Changelog-5.1#v6

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:07:56 +02:00
aszlig d2af4c6722
virtualbox: Explicitly state Qt 5 dependencies
In 2942815968, the dependencies for Qt 5
were passed using buildEnv with all the development binaries, headers
and libs. Unfortunately, the build output references that environment
which also increases the size of the runtime closure.

The upstream makefile assumes a common Qt 5 library path, but that's not
the case within Nix, because we have separate paths for the Qt 5
modules.

We now patch the makefile to recognize PATH_QT5_X11_EXTRAS_{LIB,INC} so
that we can pass in the relevant paths from Qt5X11Extras.

In summary, the closure size goes down to 525559600 bytes (501 MB)
instead of 863035544 bytes (823 MB) with vbox-qt5-env.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:42 +02:00
aszlig 8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
aszlig 6d69293f26
virtualbox: Generate and use upstream-info.json
We now no longer need to update VirtualBox manually, which has a few
advantages. Along with making it just easier to update this also makes
the update procedure way less error-prone, for example if people forget
to bump the extension pack revision or to update the guest additions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:34 +02:00
aszlig f5ab9c81a8
virtualbox: Add an update script
Just a small updater which should fetch the latest sha256sums from the
upstream site and check whether the current version is the latest one.

The output is in a JSON file in the same directory, which then will be
used by the Nix expressions to fetch the upstream files.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 03:24:47 +02:00
Christian Albrecht 2942815968 virtualbox: 5.0.26 -> 5.1.4 2016-09-12 17:22:31 +02:00
Parnell Springmeyer 98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Данило Глинський (Danylo Hlynskyi) 78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Tuomas Tynkkynen feed8beb47 virtualbox: Fix glibc dev reference 2016-08-31 12:32:34 +03:00
obadz c7142c1aa3 Merge branch 'master' into staging 2016-08-28 13:33:13 +01:00
David Guibert 21f2f30740 virtualbox: 5.0.20 -> 5.0.26 2016-08-28 13:45:49 +02:00
obadz 0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Tuomas Tynkkynen 51ad423716 treewide: Use makeLibraryPath in 'patchelf --set-rpath' calls 2016-08-23 00:04:39 +03:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Vladimír Čunát a02e5ad926 virtualbox: fix build with gcc-5.4 by Debian patch 2016-06-19 10:40:07 +02:00
Robin Gloster 8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
zimbatm a6593a16f7 virtualbox: give full url for downloading the ext (#15869)
The user only has to agree on the terms and conditions before
downloading the file. We might as well give him access to the full URL
by default.
2016-06-01 10:01:04 +01:00
Robin Gloster 2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Tuomas Tynkkynen f81af4e6f0 treewide: Make explicit that 'dev' output of glib is used 2016-05-19 10:00:35 +02:00
Franz Pletz f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Michael Raskin fde921578a virtualboxGuestAdditions: update hash for virtualbox 5.0.20 2016-05-17 08:44:32 +02:00
Michael Raskin 4f5e4ad69c virtualbox: 5.0.14 -> 5.0.20 2016-05-16 22:42:27 +02:00
Robin Gloster c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Sheena Artrip 50d6c3ba38
virtualbox: obey NIX_BUILD_CORES for make invocation 2016-04-22 02:41:23 -04:00
Robin Gloster d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
obadz bf5e339d24 virtualbox: dontPatchELF = true
Workaround patchelf#93 and help move forward on #14595
2016-04-14 17:05:31 +01:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Robin Gloster 1b4ec4b495 linuxPackages.virtualbox: disable fortify/pic/stackprotector 2016-03-06 15:48:16 +00:00
Franz Pletz aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster d47857c3d9 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-01 21:09:17 +00:00
Herwig Hochleitner bd3ca11e0d virtualbox: 5.0.12 -> 5.0.14 2016-02-16 21:59:11 +01:00
Robin Gloster 859a150373 linuxPackages.virtualboxGuestAdditions: no pic hardening 2016-02-07 22:45:28 +00:00
Vladimír Čunát ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Tobias Geerinckx-Rice b01b11c657 virtualbox: 5.0.10 -> 5.0.12
This is a maintenance release.
Changes: https://www.virtualbox.org/wiki/Changelog.
2016-01-18 03:57:09 +01:00
Luca Bruno 5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Ambroz Bizjak 067141621e virtualboxGuestAdditions: Add missing library paths to patchelf, fixes #11509 2015-12-07 15:15:03 +01:00
Herwig Hochleitner 088c3fc9dd virtualbox: 5.0.6 -> 5.0.10, fixes #11115 2015-12-06 13:23:46 +01:00
Vladimír Čunát 333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Vladimír Čunát 783c40eb68 dbus: split into multiple outputs and fix referrers 2015-10-13 20:19:01 +02:00
Vladimír Čunát 1fdbc3097b alsa-lib: split "dev" output and fix referrers 2015-10-13 20:18:55 +02:00
Bjørn Forsman 5fee5c6d08 virtualbox: 5.0.4 -> 5.0.6
Tested on release-15.09 branch.
2015-10-07 15:12:51 +02:00
Vladimír Čunát 32b31398eb xorg.libXt: re-split into multiple outputs
Fixed all 'libXt}' references, too.
2015-10-05 11:23:34 +02:00
Vladimír Čunát 5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
aszlig 89b6831ffd
virtualbox: Fix load of dbus library at runtime.
VirtualBox had support for DBUS even in version 4.x, but it appears that
nothing in our VM test triggered it to load, thus I didn't notice the
runtime error:

rtldrNativeLoad: dlopen('libdbus-1.so.3', RTLD_NOW | RTLD_LOCAL) failed:
                 libdbus-1.so.3: cannot open shared object file: No such
                 file or directory

The upstream commits I think are responsible for this to come to surface
are _probably_ (did I ever mention that I love SVN? *cough*) one of
these:

https://www.virtualbox.org/changeset/55664/vbox
https://www.virtualbox.org/changeset/55602/vbox

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-09-16 00:19:52 +02:00
Eelco Dolstra 972c0e5df4 virtualbox: Update to 5.0.4 2015-09-10 20:48:16 +02:00
aszlig 8be8193bd5
virtualbox: Fix revision/hash for guest additions.
Regression introduced in 7ffb1f3bde.

Also added a small notice so that this hopefully won't happen with
future updates.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-09-10 17:03:36 +02:00
Eelco Dolstra 7ffb1f3bde virtualbox: Update to 5.0.2 2015-09-04 19:41:06 +02:00
aszlig 86b695a18e
vbox-guest: Remove all references to sbin/.
Using $storepath/sbin is deprecated according to commit 98cedb3, so
let's avoid putting anything in .../sbin for the guest additions.

This is a continuation of the initial commit done by @ctheune at
1fb1360, which unfortunately broke VM tests and only changed the path of
the mount.vboxsf helper.

With this commit, the VM test is fixed and I've also verified on my
machine that it is indeed working again.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-08-04 03:03:24 +02:00
Christian Theune 1fb1360ae2 virtualbox: place mount.vboxsf in bin/ instead of sbin/
The mount tools aren't looking in sbin/ any longer.
2015-07-31 06:38:28 +00:00
Vladimír Čunát e998ecd351 virtualbox: hack-fix the build, issue #8962
For now, until a better resolution is found.
2015-07-24 14:35:38 +02:00
aszlig 13e83251a0
virtualbox: Fix load of libpulse.so at runtime.
Within fractions* of a second, the beautifully crafted history and
branching mechanisms of SVN found out the exact revision which caused
this to be visible in version 5.x but not in version 4.x:

https://www.virtualbox.org/changeset?old_path=%2Fvbox%2Ftrunk&old=30933&new_path=%2Fvbox%2Ftrunk&new=30934

Also note the very short URL and the informative changeset message which
shows you exactly what was the issue, I think.

Be warned however, it may contain traces of history amnesia, revision
epilepsy and other related diseases.

As for the issue itself: This was very much broken in 4.x as well, but
it didn't show an error message in the UI. The PulseAudio library is
loaded at runtime and it's not able to do that unless it's in
LD_LIBRARY_PATH.

Now, we're doing the same as with the ALSA libraries: We're hardcoding
the path to the shared object file in patchPhase.

Thanks to @devhell for reporting and testing.

*: Might be off several minutes or hours due to rounding errors in
   floating point arithmetic.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
Tested-by: devhell <"^"@regexmail.net>
2015-07-13 20:11:57 +02:00
aszlig 29993682a2
virtualbox+guest: Update to major version 5.0.0.
The official press release on major changes:

https://www.oracle.com/corporate/pressrelease/oracle-vm-virtualbox-5-070915.html

More details on the changes can be found here:

https://www.virtualbox.org/wiki/Changelog

Built and tested using the Virtualbox NixOS VM test successfully on my
machine but I haven't tested it outside of the NixOS VM test, so please
open an issue if I have fucked up this update.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-11 02:25:30 +02:00
William A. Kennington III b07929b0a3 Use libpulseaudio instead of pulseaudio 2015-05-29 14:32:56 -07:00
aszlig 1e517dbd45
virtualbox+guest: Update to new version 4.3.28.
Contains quite a lot of fixes, so for information and details about
them, please have a look at https://www.virtualbox.org/wiki/Changelog.

We also needed to drop the hunk about NATNetworkServiceRunner.cpp in the
hardened.patch, because the file was unused and thus has been removed
from upstream in r54821:

https://www.virtualbox.org/changeset?reponame=vbox&new=54821

Tested successfully against nixos/tests/virtualbox.nix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-05-15 02:28:15 +02:00
Vladimír Čunát 3b9ef2c71b fix "libc}/lib" and similar references
Done mostly without any verification.
I didn't bother with libc}/include, as the path is still correct.
2015-05-05 11:52:08 +02:00
aszlig b0e3d7c4b5
virtualbox: Update to version 4.3.26.
Upstream changelog:

 * GUI: in the snapshots pane, protect the age of snapshots against
        wrong host time
 * NAT Network: fixed a bug which prevented to propagate any DNS name
                server / domain / search string information to the NAT
                network (4.3.24 regression)
 * NAT Network: don't delay the shutdown of VBoxSVC on Windows hosts
 * Mouse support: the mouse could not be moved under rare conditions if
                  no Guest Additions are installed (4.3.24 regression)
 * Storage: if the guest ejects a virtual CD/DVD medium, make the change
            permanent
 * VGA: made saving secondary screen sizes possible in X11 guests
 * SDK: fixed the VirtualBox.tlb file (4.3.20 regression)
 * rdesktop-vrdp: make it work with USB devices again (4.3.14
                  regression)
 * USB: fixed a possible BSOD on Windows hosts under rare conditions
 * iPXE: enable the HTTP download protocol on non-Linux hosts
 * Mac OS X hosts: don't panic on hosts with activated SMAP (Broadwell
                   and later)
 * Linux hosts: don't crash Linux 4.0 hosts

The same with bug IDs can be found at:

https://www.virtualbox.org/wiki/Changelog

Tested on my machine using the virtualbox NixOS VM test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-04 17:09:15 +02:00
aszlig 416545a57b
virtualbox: Remove group check on /nix/store.
This is espacially cruicial when it comes to Nix 1.9, where we even have
a more restrictive /nix/store. In any event, VirtualBox in hardenend
mode doesn't have to check the /nix/store path, because it's read-only
on NixOS systems. So this check would not introduce more security but
more hurdles, thus I'm removing it (of course _only_ for /nix/store).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-04 17:09:15 +02:00
aszlig 54a8e13f2a
virtualbox: Update to new upstream version 4.3.24.
New maintenance release, changes:

 * VMM: emulation fix for the ENTER instruction under certain
   conditions; fixes Solaris 10 guests (VT-x without unrestricted guest
   execution)
 * VMM: fix for handling NMIs on Linux hosts with X2APIC enabled
 * NAT/NAT Network: fix connection drops when the host's DHCP lease was
   renewed (4.3.22 regression; Windows hosts only)
 * NAT: don't crash on an empty domain list when switching the DNS host
   configuration (4.3.22 regression; Mac OS X hosts only)
 * PXE: re-enable it on Windows hosts (4.3.22 regression; Windows hosts
   only)
 * Shared Folders: fixed a problem with Windows guests (4.3.22
   regression)
 * Audio: improved record quality when using the DirectSound audio
   backend
 * VBoxManage: when executing the controlvm command take care that the
   corresponding VM runtime changes are saved permanently
 * Windows Installer: properly install the 32-bit version of VBoxRes.dll
   on 32-bit hosts
 * Linux hosts / guests: Linux 4.0 fixes
 * OS/2 Additions: fixed mouse integration (4.3.22 regression)
 * X11 Additions: fixed a sporadic failure to deactivate virtual screens

Full changelog with bug IDs can be found at:

https://www.virtualbox.org/wiki/Changelog

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-03-04 15:14:16 +01:00
Tobias Geerinckx-Rice 39ff896253 virtualbox 4.3.20 -> 4.3.22 2015-03-02 21:52:14 +01:00
Eric Seidel f3c6827373 rename all occurrences of stdenv.cc.gcc to stdenv.cc.cc 2015-01-14 20:27:55 -08:00
John Wiegley 28b6fb61e6 Change occurrences of gcc to the more general cc
This is done for the sake of Yosemite, which does not have gcc, and yet
this change is also compatible with Linux.
2014-12-26 11:06:21 -06:00
aszlig ac603e208c
virtualbox: Fix runtime paths in hardening mode.
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.

Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig b69ac6c159
virtualbox: Allow to easily change the build type.
Not really changes anything in functionality, but makes it easier to
change the build type to "debug", for example.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:12 +01:00
aszlig 14ef3446e1
virtualbox: Fix hardcoded /sbin/ifconfig path.
Just accidentally found this while debugging and it's needed for
fetching a few interface details, not sure however whether because of
this anything has been broken so far.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:12 +01:00
aszlig 5a8c5d2768
virtualbox: Explicitly excempt src during install.
Instead of coping it to $out and later deleting it, we now exclude the
src directory during copy. Also, we no longer cd into the release
directory during installPhase, which should make sure that we are
constantly in $sourceRoot.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:12 +01:00
aszlig eb561f0798
virtualbox: Fix extension pack without hardening.
We divert to the $out/share/virtualbox directory only if we have
hardening enabled, so let's put the extension pack into
$out/libexec/virtualbox instead if we're compiling without hardening.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-16 11:24:55 +01:00
Eelco Dolstra d9ce3ae57f virtualbox: Get tid of runtime dependency on linux.dev 2014-12-15 17:54:06 +01:00
aszlig a199eedfce
virtualbox package: Disable hardening by default.
Yes, this is only on the package level, so it's possible to use
VirtualBox for example installed by nix-env -i, which of course doesn't
have access to the functionality provided by the various VirtualBox
kernel modules.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:18 +01:00
aszlig 2b58a6ab0d
virtualbox: Fix extension pack installation.
With hardening, we need to go a bit further rather than just allowing
/nix/store being world-writable. We now use fakeroot to make sure the
VBoxExtPackHelperApp won't moan that the files are not owned by root.

They are, but only outside of the chrooted build process.

Another issue with using fakeroot is that it doesn't seem to cope well
with arguments that contain spaces. That's why I've piped the call into
${stdenv.shell}.

Now, the really gory and confusing part is the introduction of
VBOX_PATH_APP_PRIVATE_ARCH_TOP and the change of VBOX_PATH_APP_PRIVATE.

The VBOX_PATH_APP_PRIVATE_ARCH is *only* for modules and is checked by
the hardened implementation against whether things like VMMR0.r0 or
VBoxVMM.so reside in that directory. As a side note: I admit that the
whole libexec directory is quite polluted with stuff that shouldn't be
there, but for now we've broken enough things and will tear apart the
whole structure at some day in the future[TM].

For the confusing part we have VBOX_PATH_APP_PRIVATE_ARCH_TOP, which
_should_ be the same as VBOX_PATH_APP_PRIVATE_ARCH but unfortunately,
the hardened implementation is checking against this directory (in
IsValidBaseDir) for the extension pack(why!?).

Of course, we could put even that into the libexec directory, somewhat
similar as the official package, but after all, let's at least *try* to
separate things.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-01 03:32:55 +01:00
aszlig 318fbb34e7
virtualbox: Allow /nix/store being world-writable.
We are already checking whether /nix/store has the sticky bit set, so if
it is world-writable as well it doesn't mean that the actual store path
is writable. Let alone the fact that it is only writable during the
build process.

This should fix installing the extension pack when enableExtensionPack
is used.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 18:23:19 +01:00
aszlig 017e6b72c1
virtualbox: Update to upstream version 4.3.20.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 06:25:50 +01:00
aszlig 3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig deec767efa
virtualbox: Disable depmod only where necessary.
Traversing the full source tree is unneccessary, because the calls are
only done within make files. Hence we only substitute make files now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
Jonathan Rudenberg 29d708176c virtualbox: 4.3.16 -> 4.3.18 2014-11-03 21:47:59 +01:00
Corey O'Connor 48dc0eacb8 add pulseaudio to virtualbox 2014-10-22 20:56:25 +02:00