1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00
nixpkgs/pkgs/build-support/vm/default.nix
Lancelot SIX 337cd5cc8a vmTools.fillDiskWithRPMs: fix cpio use
When updating to cpio-2.13 in fe758f5fa3,
a patch from SUSE was dropped. This patch was intended to resolve
CVE-2015-1197, and introduced the '--extract-over-symlink' option to
disable its own effects.

The CVE-2015-1197 was fixed in cpio-2.13 release[1] by other means,
making this patch useless.

Given that this patch is no longer used, we do not need to disable its
effects anymore with the `--extract-over-symlink` argument switch.

This Commit fixes #74984

[1] https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
2019-12-08 21:03:39 +01:00

1196 lines
36 KiB
Nix

{ pkgs
, kernel ? pkgs.linux
, img ? pkgs.stdenv.hostPlatform.platform.kernelTarget
, storeDir ? builtins.storeDir
, rootModules ?
[ "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_balloon" "virtio_rng" "ext4" "unix" "9p" "9pnet_virtio" "crc32c_generic" ]
++ pkgs.lib.optional (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) "rtc_cmos"
}:
with pkgs;
with import ../../../nixos/lib/qemu-flags.nix { inherit pkgs; };
rec {
qemu = pkgs.qemu_kvm;
modulesClosure = makeModulesClosure {
inherit kernel rootModules;
firmware = kernel;
};
hd = "vda"; # either "sda" or "vda"
initrdUtils = runCommand "initrd-utils"
{ buildInputs = [ nukeReferences ];
allowedReferences = [ "out" modulesClosure ]; # prevent accidents like glibc being included in the initrd
}
''
mkdir -p $out/bin
mkdir -p $out/lib
# Copy what we need from Glibc.
cp -p ${pkgs.stdenv.glibc.out}/lib/ld-linux*.so.? $out/lib
cp -p ${pkgs.stdenv.glibc.out}/lib/libc.so.* $out/lib
cp -p ${pkgs.stdenv.glibc.out}/lib/libm.so.* $out/lib
cp -p ${pkgs.stdenv.glibc.out}/lib/libresolv.so.* $out/lib
# Copy BusyBox.
cp -pd ${pkgs.busybox}/bin/* $out/bin
# Run patchelf to make the programs refer to the copied libraries.
for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs $i; fi; done
for i in $out/bin/*; do
if [ -f "$i" -a ! -L "$i" ]; then
echo "patching $i..."
patchelf --set-interpreter $out/lib/ld-linux*.so.? --set-rpath $out/lib $i || true
fi
done
''; # */
stage1Init = writeScript "vm-run-stage1" ''
#! ${initrdUtils}/bin/ash -e
export PATH=${initrdUtils}/bin
mkdir /etc
echo -n > /etc/fstab
mount -t proc none /proc
mount -t sysfs none /sys
echo 2 > /proc/sys/vm/panic_on_oom
for o in $(cat /proc/cmdline); do
case $o in
mountDisk=1)
mountDisk=1
;;
command=*)
set -- $(IFS==; echo $o)
command=$2
;;
out=*)
set -- $(IFS==; echo $o)
export out=$2
;;
esac
done
echo "loading kernel modules..."
for i in $(cat ${modulesClosure}/insmod-list); do
insmod $i || echo "warning: unable to load $i"
done
mount -t devtmpfs devtmpfs /dev
ifconfig lo up
mkdir /fs
if test -z "$mountDisk"; then
mount -t tmpfs none /fs
else
mount /dev/${hd} /fs
fi
mkdir -p /fs/dev
mount -o bind /dev /fs/dev
mkdir -p /fs/dev/shm /fs/dev/pts
mount -t tmpfs -o "mode=1777" none /fs/dev/shm
mount -t devpts none /fs/dev/pts
echo "mounting Nix store..."
mkdir -p /fs${storeDir}
mount -t 9p store /fs${storeDir} -o trans=virtio,version=9p2000.L,cache=loose
mkdir -p /fs/tmp /fs/run /fs/var
mount -t tmpfs -o "mode=1777" none /fs/tmp
mount -t tmpfs -o "mode=755" none /fs/run
ln -sfn /run /fs/var/run
echo "mounting host's temporary directory..."
mkdir -p /fs/tmp/xchg
mount -t 9p xchg /fs/tmp/xchg -o trans=virtio,version=9p2000.L,cache=loose
mkdir -p /fs/proc
mount -t proc none /fs/proc
mkdir -p /fs/sys
mount -t sysfs none /fs/sys
mkdir -p /fs/etc
ln -sf /proc/mounts /fs/etc/mtab
echo "127.0.0.1 localhost" > /fs/etc/hosts
echo "starting stage 2 ($command)"
exec switch_root /fs $command $out
'';
initrd = makeInitrd {
contents = [
{ object = stage1Init;
symlink = "/init";
}
];
};
stage2Init = writeScript "vm-run-stage2" ''
#! ${bash}/bin/sh
source /tmp/xchg/saved-env
# Set the system time from the hardware clock. Works around an
# apparent KVM > 1.5.2 bug.
${pkgs.utillinux}/bin/hwclock -s
export NIX_STORE=${storeDir}
export NIX_BUILD_TOP=/tmp
export TMPDIR=/tmp
export PATH=/empty
out="$1"
cd "$NIX_BUILD_TOP"
if ! test -e /bin/sh; then
${coreutils}/bin/mkdir -p /bin
${coreutils}/bin/ln -s ${bash}/bin/sh /bin/sh
fi
# Set up automatic kernel module loading.
export MODULE_DIR=${kernel}/lib/modules/
${coreutils}/bin/cat <<EOF > /run/modprobe
#! ${bash}/bin/sh
export MODULE_DIR=$MODULE_DIR
exec ${kmod}/bin/modprobe "\$@"
EOF
${coreutils}/bin/chmod 755 /run/modprobe
echo /run/modprobe > /proc/sys/kernel/modprobe
# For debugging: if this is the second time this image is run,
# then don't start the build again, but instead drop the user into
# an interactive shell.
if test -n "$origBuilder" -a ! -e /.debug; then
exec < /dev/null
${coreutils}/bin/touch /.debug
$origBuilder $origArgs
echo $? > /tmp/xchg/in-vm-exit
${busybox}/bin/mount -o remount,ro dummy /
${busybox}/bin/poweroff -f
else
export PATH=/bin:/usr/bin:${coreutils}/bin
echo "Starting interactive shell..."
echo "(To run the original builder: \$origBuilder \$origArgs)"
exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemuSerialDevice} &> /dev/${qemuSerialDevice}
fi
'';
qemuCommandLinux = ''
${qemuBinary qemu} \
-nographic -no-reboot \
-device virtio-rng-pci \
-virtfs local,path=${storeDir},security_model=none,mount_tag=store \
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \
-kernel ${kernel}/${img} \
-initrd ${initrd}/initrd \
-append "console=${qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \
$QEMU_OPTS
'';
vmRunCommand = qemuCommand: writeText "vm-run" ''
export > saved-env
PATH=${coreutils}/bin
mkdir xchg
mv saved-env xchg/
eval "$preVM"
if [ "$enableParallelBuilding" = 1 ]; then
if [ ''${NIX_BUILD_CORES:-0} = 0 ]; then
QEMU_OPTS+=" -smp cpus=$(nproc)"
else
QEMU_OPTS+=" -smp cpus=$NIX_BUILD_CORES"
fi
fi
# Write the command to start the VM to a file so that the user can
# debug inside the VM if the build fails (when Nix is called with
# the -K option to preserve the temporary build directory).
cat > ./run-vm <<EOF
#! ${bash}/bin/sh
''${diskImage:+diskImage=$diskImage}
TMPDIR=$TMPDIR
cd $TMPDIR
${qemuCommand}
EOF
mkdir -p -m 0700 $out
chmod +x ./run-vm
source ./run-vm
if ! test -e xchg/in-vm-exit; then
echo "Virtual machine didn't produce an exit code."
exit 1
fi
exitCode="$(cat xchg/in-vm-exit)"
if [ "$exitCode" != "0" ]; then
exit "$exitCode"
fi
eval "$postVM"
'';
createEmptyImage = {size, fullName}: ''
mkdir $out
diskImage=$out/disk-image.qcow2
${qemu}/bin/qemu-img create -f qcow2 $diskImage "${toString size}M"
mkdir $out/nix-support
echo "${fullName}" > $out/nix-support/full-name
'';
defaultCreateRootFS = ''
mkdir /mnt
${e2fsprogs}/bin/mkfs.ext4 /dev/${hd}
${utillinux}/bin/mount -t ext4 /dev/${hd} /mnt
if test -e /mnt/.debug; then
exec ${bash}/bin/sh
fi
touch /mnt/.debug
mkdir /mnt/proc /mnt/dev /mnt/sys
'';
/* Run a derivation in a Linux virtual machine (using Qemu/KVM). By
default, there is no disk image; the root filesystem is a tmpfs,
and the nix store is shared with the host (via the 9P protocol).
Thus, any pure Nix derivation should run unmodified, e.g. the
call
runInLinuxVM patchelf
will build the derivation `patchelf' inside a VM. The attribute
`preVM' can optionally contain a shell command to be evaluated
*before* the VM is started (i.e., on the host). The attribute
`memSize' specifies the memory size of the VM in megabytes,
defaulting to 512. The attribute `diskImage' can optionally
specify a file system image to be attached to /dev/sda. (Note
that currently we expect the image to contain a filesystem, not a
full disk image with a partition table etc.)
If the build fails and Nix is run with the `-K' option, a script
`run-vm' will be left behind in the temporary build directory
that allows you to boot into the VM and debug it interactively. */
runInLinuxVM = drv: lib.overrideDerivation drv ({ memSize ? 512, QEMU_OPTS ? "", args, builder, ... }: {
requiredSystemFeatures = [ "kvm" ];
builder = "${bash}/bin/sh";
args = ["-e" (vmRunCommand qemuCommandLinux)];
origArgs = args;
origBuilder = builder;
QEMU_OPTS = "${QEMU_OPTS} -m ${toString memSize}";
passAsFile = []; # HACK fix - see https://github.com/NixOS/nixpkgs/issues/16742
});
extractFs = {file, fs ? null} :
with pkgs; runInLinuxVM (
stdenv.mkDerivation {
name = "extract-file";
buildInputs = [ utillinux ];
buildCommand = ''
ln -s ${kernel}/lib /lib
${kmod}/bin/modprobe loop
${kmod}/bin/modprobe ext4
${kmod}/bin/modprobe hfs
${kmod}/bin/modprobe hfsplus
${kmod}/bin/modprobe squashfs
${kmod}/bin/modprobe iso9660
${kmod}/bin/modprobe ufs
${kmod}/bin/modprobe cramfs
mkdir -p $out
mkdir -p tmp
mount -o loop,ro,ufstype=44bsd ${lib.optionalString (fs != null) "-t ${fs} "}${file} tmp ||
mount -o loop,ro ${lib.optionalString (fs != null) "-t ${fs} "}${file} tmp
cp -Rv tmp/* $out/ || exit 0
'';
});
extractMTDfs = {file, fs ? null} :
with pkgs; runInLinuxVM (
stdenv.mkDerivation {
name = "extract-file-mtd";
buildInputs = [ utillinux mtdutils ];
buildCommand = ''
ln -s ${kernel}/lib /lib
${kmod}/bin/modprobe mtd
${kmod}/bin/modprobe mtdram total_size=131072
${kmod}/bin/modprobe mtdchar
${kmod}/bin/modprobe mtdblock
${kmod}/bin/modprobe jffs2
${kmod}/bin/modprobe zlib
mkdir -p $out
mkdir -p tmp
dd if=${file} of=/dev/mtd0
mount ${lib.optionalString (fs != null) "-t ${fs} "}/dev/mtdblock0 tmp
cp -R tmp/* $out/
'';
});
/* Like runInLinuxVM, but run the build not using the stdenv from
the Nix store, but using the tools provided by /bin, /usr/bin
etc. from the specified filesystem image, which typically is a
filesystem containing a non-NixOS Linux distribution. */
runInLinuxImage = drv: runInLinuxVM (lib.overrideDerivation drv (attrs: {
mountDisk = true;
/* Mount `image' as the root FS, but use a temporary copy-on-write
image since we don't want to (and can't) write to `image'. */
preVM = ''
diskImage=$(pwd)/disk-image.qcow2
origImage=${attrs.diskImage}
if test -d "$origImage"; then origImage="$origImage/disk-image.qcow2"; fi
${qemu}/bin/qemu-img create -b "$origImage" -f qcow2 $diskImage
'';
/* Inside the VM, run the stdenv setup script normally, but at the
very end set $PATH and $SHELL to the `native' paths for the
distribution inside the VM. */
postHook = ''
PATH=/usr/bin:/bin:/usr/sbin:/sbin
SHELL=/bin/sh
eval "$origPostHook"
'';
origPostHook = if attrs ? postHook then attrs.postHook else "";
/* Don't run Nix-specific build steps like patchelf. */
fixupPhase = "true";
}));
/* Create a filesystem image of the specified size and fill it with
a set of RPM packages. */
fillDiskWithRPMs =
{ size ? 4096, rpms, name, fullName, preInstall ? "", postInstall ? ""
, runScripts ? true, createRootFS ? defaultCreateRootFS
, QEMU_OPTS ? "", memSize ? 512
, unifiedSystemDir ? false
}:
runInLinuxVM (stdenv.mkDerivation {
inherit name preInstall postInstall rpms QEMU_OPTS memSize;
preVM = createEmptyImage {inherit size fullName;};
buildCommand = ''
${createRootFS}
chroot=$(type -tP chroot)
# Make the Nix store available in /mnt, because that's where the RPMs live.
mkdir -p /mnt${storeDir}
${utillinux}/bin/mount -o bind ${storeDir} /mnt${storeDir}
# Newer distributions like Fedora 18 require /lib etc. to be
# symlinked to /usr.
${lib.optionalString unifiedSystemDir ''
mkdir -p /mnt/usr/bin /mnt/usr/sbin /mnt/usr/lib /mnt/usr/lib64
ln -s /usr/bin /mnt/bin
ln -s /usr/sbin /mnt/sbin
ln -s /usr/lib /mnt/lib
ln -s /usr/lib64 /mnt/lib64
${utillinux}/bin/mount -t proc none /mnt/proc
''}
echo "unpacking RPMs..."
set +o pipefail
for i in $rpms; do
echo "$i..."
${rpm}/bin/rpm2cpio "$i" | chroot /mnt ${cpio}/bin/cpio -i --make-directories --unconditional
done
eval "$preInstall"
echo "initialising RPM DB..."
PATH=/usr/bin:/bin:/usr/sbin:/sbin $chroot /mnt \
ldconfig -v || true
PATH=/usr/bin:/bin:/usr/sbin:/sbin $chroot /mnt \
rpm --initdb
${utillinux}/bin/mount -o bind /tmp /mnt/tmp
echo "installing RPMs..."
PATH=/usr/bin:/bin:/usr/sbin:/sbin $chroot /mnt \
rpm -iv --nosignature ${if runScripts then "" else "--noscripts"} $rpms
echo "running post-install script..."
eval "$postInstall"
rm /mnt/.debug
${utillinux}/bin/umount /mnt${storeDir} /mnt/tmp ${lib.optionalString unifiedSystemDir "/mnt/proc"}
${utillinux}/bin/umount /mnt
'';
passthru = { inherit fullName; };
});
/* Generate a script that can be used to run an interactive session
in the given image. */
makeImageTestScript = image: writeScript "image-test" ''
#! ${bash}/bin/sh
if test -z "$1"; then
echo "Syntax: $0 <copy-on-write-temp-file>"
exit 1
fi
diskImage="$1"
if ! test -e "$diskImage"; then
${qemu}/bin/qemu-img create -b ${image}/disk-image.qcow2 -f qcow2 "$diskImage"
fi
export TMPDIR=$(mktemp -d)
export out=/dummy
export origBuilder=
export origArgs=
mkdir $TMPDIR/xchg
export > $TMPDIR/xchg/saved-env
mountDisk=1
${qemuCommandLinux}
'';
/* Build RPM packages from the tarball `src' in the Linux
distribution installed in the filesystem `diskImage'. The
tarball must contain an RPM specfile. */
buildRPM = attrs: runInLinuxImage (stdenv.mkDerivation ({
phases = "prepareImagePhase sysInfoPhase buildPhase installPhase";
outDir = "rpms/${attrs.diskImage.name}";
prepareImagePhase = ''
if test -n "$extraRPMs"; then
for rpmdir in $extraRPMs ; do
rpm -iv $(ls $rpmdir/rpms/*/*.rpm | grep -v 'src\.rpm' | sort | head -1)
done
fi
'';
sysInfoPhase = ''
echo "System/kernel: $(uname -a)"
if test -e /etc/fedora-release; then echo "Fedora release: $(cat /etc/fedora-release)"; fi
if test -e /etc/SuSE-release; then echo "SUSE release: $(cat /etc/SuSE-release)"; fi
header "installed RPM packages"
rpm -qa --qf "%{Name}-%{Version}-%{Release} (%{Arch}; %{Distribution}; %{Vendor})\n"
stopNest
'';
buildPhase = ''
eval "$preBuild"
# Hacky: RPM looks for <basename>.spec inside the tarball, so
# strip off the hash.
srcName="$(stripHash "$src")"
cp "$src" "$srcName" # `ln' doesn't work always work: RPM requires that the file is owned by root
export HOME=/tmp/home
mkdir $HOME
rpmout=/tmp/rpmout
mkdir $rpmout $rpmout/SPECS $rpmout/BUILD $rpmout/RPMS $rpmout/SRPMS
echo "%_topdir $rpmout" >> $HOME/.rpmmacros
if [ `uname -m` = i686 ]; then extra="--target i686-linux"; fi
rpmbuild -vv $extra -ta "$srcName"
eval "$postBuild"
'';
installPhase = ''
eval "$preInstall"
mkdir -p $out/$outDir
find $rpmout -name "*.rpm" -exec cp {} $out/$outDir \;
for i in $out/$outDir/*.rpm; do
header "Generated RPM/SRPM: $i"
rpm -qip $i
stopNest
done
eval "$postInstall"
''; # */
} // attrs));
/* Create a filesystem image of the specified size and fill it with
a set of Debian packages. `debs' must be a list of list of
.deb files, namely, the Debian packages grouped together into
strongly connected components. See deb/deb-closure.nix. */
fillDiskWithDebs =
{ size ? 4096, debs, name, fullName, postInstall ? null, createRootFS ? defaultCreateRootFS
, QEMU_OPTS ? "", memSize ? 512 }:
runInLinuxVM (stdenv.mkDerivation {
inherit name postInstall QEMU_OPTS memSize;
debs = (lib.intersperse "|" debs);
preVM = createEmptyImage {inherit size fullName;};
buildCommand = ''
${createRootFS}
PATH=$PATH:${stdenv.lib.makeBinPath [ dpkg dpkg glibc lzma ]}
# Unpack the .debs. We do this to prevent pre-install scripts
# (which have lots of circular dependencies) from barfing.
echo "unpacking Debs..."
for deb in $debs; do
if test "$deb" != "|"; then
echo "$deb..."
dpkg-deb --extract "$deb" /mnt
fi
done
# Make the Nix store available in /mnt, because that's where the .debs live.
mkdir -p /mnt/inst${storeDir}
${utillinux}/bin/mount -o bind ${storeDir} /mnt/inst${storeDir}
${utillinux}/bin/mount -o bind /proc /mnt/proc
${utillinux}/bin/mount -o bind /dev /mnt/dev
# Misc. files/directories assumed by various packages.
echo "initialising Dpkg DB..."
touch /mnt/etc/shells
touch /mnt/var/lib/dpkg/status
touch /mnt/var/lib/dpkg/available
touch /mnt/var/lib/dpkg/diversions
# Now install the .debs. This is basically just to register
# them with dpkg and to make their pre/post-install scripts
# run.
echo "installing Debs..."
export DEBIAN_FRONTEND=noninteractive
oldIFS="$IFS"
IFS="|"
for component in $debs; do
IFS="$oldIFS"
echo
echo ">>> INSTALLING COMPONENT: $component"
debs=
for i in $component; do
debs="$debs /inst/$i";
done
chroot=$(type -tP chroot)
# Create a fake start-stop-daemon script, as done in debootstrap.
mv "/mnt/sbin/start-stop-daemon" "/mnt/sbin/start-stop-daemon.REAL"
echo "#!/bin/true" > "/mnt/sbin/start-stop-daemon"
chmod 755 "/mnt/sbin/start-stop-daemon"
PATH=/usr/bin:/bin:/usr/sbin:/sbin $chroot /mnt \
/usr/bin/dpkg --install --force-all $debs < /dev/null || true
# Move the real start-stop-daemon back into its place.
mv "/mnt/sbin/start-stop-daemon.REAL" "/mnt/sbin/start-stop-daemon"
done
echo "running post-install script..."
eval "$postInstall"
ln -sf dash /mnt/bin/sh
rm /mnt/.debug
${utillinux}/bin/umount /mnt/inst${storeDir}
${utillinux}/bin/umount /mnt/proc
${utillinux}/bin/umount /mnt/dev
${utillinux}/bin/umount /mnt
'';
passthru = { inherit fullName; };
});
/* Generate a Nix expression containing fetchurl calls for the
closure of a set of top-level RPM packages from the
`primary.xml.gz' file of a Fedora or openSUSE distribution. */
rpmClosureGenerator =
{name, packagesLists, urlPrefixes, packages, archs ? []}:
assert (builtins.length packagesLists) == (builtins.length urlPrefixes);
runCommand "${name}.nix" {buildInputs = [perl perlPackages.XMLSimple]; inherit archs;} ''
${lib.concatImapStrings (i: pl: ''
gunzip < ${pl} > ./packages_${toString i}.xml
'') packagesLists}
perl -w ${rpm/rpm-closure.pl} \
${lib.concatImapStrings (i: pl: "./packages_${toString i}.xml ${pl.snd} " ) (lib.zipLists packagesLists urlPrefixes)} \
${toString packages} > $out
'';
/* Helper function that combines rpmClosureGenerator and
fillDiskWithRPMs to generate a disk image from a set of package
names. */
makeImageFromRPMDist =
{ name, fullName, size ? 4096
, urlPrefix ? "", urlPrefixes ? [urlPrefix]
, packagesList ? "", packagesLists ? [packagesList]
, packages, extraPackages ? []
, preInstall ? "", postInstall ? "", archs ? ["noarch" "i386"]
, runScripts ? true, createRootFS ? defaultCreateRootFS
, QEMU_OPTS ? "", memSize ? 512
, unifiedSystemDir ? false }:
fillDiskWithRPMs {
inherit name fullName size preInstall postInstall runScripts createRootFS unifiedSystemDir QEMU_OPTS memSize;
rpms = import (rpmClosureGenerator {
inherit name packagesLists urlPrefixes archs;
packages = packages ++ extraPackages;
}) { inherit fetchurl; };
};
/* Like `rpmClosureGenerator', but now for Debian/Ubuntu releases
(i.e. generate a closure from a Packages.bz2 file). */
debClosureGenerator =
{name, packagesLists, urlPrefix, packages}:
runCommand "${name}.nix" { buildInputs = [ perl dpkg ]; } ''
for i in ${toString packagesLists}; do
echo "adding $i..."
case $i in
*.xz | *.lzma)
xz -d < $i >> ./Packages
;;
*.bz2)
bunzip2 < $i >> ./Packages
;;
*.gz)
gzip -dc < $i >> ./Packages
;;
esac
done
# Work around this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452279
sed -i ./Packages -e s/x86_64-linux-gnu/x86-64-linux-gnu/g
perl -w ${deb/deb-closure.pl} \
./Packages ${urlPrefix} ${toString packages} > $out
'';
/* Helper function that combines debClosureGenerator and
fillDiskWithDebs to generate a disk image from a set of package
names. */
makeImageFromDebDist =
{ name, fullName, size ? 4096, urlPrefix
, packagesList ? "", packagesLists ? [packagesList]
, packages, extraPackages ? [], postInstall ? ""
, extraDebs ? [], createRootFS ? defaultCreateRootFS
, QEMU_OPTS ? "", memSize ? 512 }:
let
expr = debClosureGenerator {
inherit name packagesLists urlPrefix;
packages = packages ++ extraPackages;
};
in
(fillDiskWithDebs {
inherit name fullName size postInstall createRootFS QEMU_OPTS memSize;
debs = import expr {inherit fetchurl;} ++ extraDebs;
}) // {inherit expr;};
/* The set of supported RPM-based distributions. */
rpmDistros = {
# Note: no i386 release for Fedora >= 26
fedora26x86_64 =
let version = "26";
in {
name = "fedora-${version}-x86_64";
fullName = "Fedora ${version} (x86_64)";
packagesList = fetchurl rec {
url = "mirror://fedora/linux/releases/${version}/Everything/x86_64/os/repodata/${sha256}-primary.xml.gz";
sha256 = "880055a50c05b20641530d09b23f64501a000b2f92fe252417c530178730a95e";
};
urlPrefix = "mirror://fedora/linux/releases/${version}/Everything/x86_64/os";
archs = ["noarch" "x86_64"];
packages = commonFedoraPackages ++ [ "cronie" "util-linux" ];
unifiedSystemDir = true;
};
fedora27x86_64 =
let version = "27";
in {
name = "fedora-${version}-x86_64";
fullName = "Fedora ${version} (x86_64)";
packagesList = fetchurl rec {
url = "mirror://fedora/linux/releases/${version}/Everything/x86_64/os/repodata/${sha256}-primary.xml.gz";
sha256 = "48986ce4583cd09825c6d437150314446f0f49fa1a1bd62dcfa1085295030fe9";
};
urlPrefix = "mirror://fedora/linux/releases/${version}/Everything/x86_64/os";
archs = ["noarch" "x86_64"];
packages = commonFedoraPackages ++ [ "cronie" "util-linux" ];
unifiedSystemDir = true;
};
centos6i386 =
let version = "6.9";
in rec {
name = "centos-${version}-i386";
fullName = "CentOS ${version} (i386)";
urlPrefix = "mirror://centos/${version}/os/i386";
packagesList = fetchurl rec {
url = "${urlPrefix}/repodata/${sha256}-primary.xml.gz";
sha256 = "b826a45082ef68340325c0855f3d2e5d5a4d0f77d28ba3b871791d6f14a97aeb";
};
archs = ["noarch" "i386"];
packages = commonCentOSPackages ++ [ "procps" ];
};
centos6x86_64 =
let version = "6.9";
in rec {
name = "centos-${version}-x86_64";
fullName = "CentOS ${version} (x86_64)";
urlPrefix = "mirror://centos/${version}/os/x86_64";
packagesList = fetchurl rec {
url = "${urlPrefix}/repodata/${sha256}-primary.xml.gz";
sha256 = "ed2b2d4ac98d774d4cd3e91467e1532f7e8b0275cfc91a0d214b532dcaf1e979";
};
archs = ["noarch" "x86_64"];
packages = commonCentOSPackages ++ [ "procps" ];
};
# Note: no i386 release for 7.x
centos7x86_64 =
let version = "7.4.1708";
in rec {
name = "centos-${version}-x86_64";
fullName = "CentOS ${version} (x86_64)";
urlPrefix = "mirror://centos/${version}/os/x86_64";
packagesList = fetchurl rec {
url = "${urlPrefix}/repodata/${sha256}-primary.xml.gz";
sha256 = "b686d3a0f337323e656d9387b9a76ce6808b26255fc3a138b1a87d3b1cb95ed5";
};
archs = ["noarch" "x86_64"];
packages = commonCentOSPackages ++ [ "procps-ng" ];
};
};
/* The set of supported Dpkg-based distributions. */
debDistros = {
# Interestingly, the SHA-256 hashes provided by Ubuntu in
# http://nl.archive.ubuntu.com/ubuntu/dists/{gutsy,hardy}/Release are
# wrong, but the SHA-1 and MD5 hashes are correct. Intrepid is fine.
ubuntu1204i386 = {
name = "ubuntu-12.04-precise-i386";
fullName = "Ubuntu 12.04 Precise (i386)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/precise/main/binary-i386/Packages.bz2;
sha256 = "18ns9h4qhvjfcip9z55grzi371racxavgqkp6b5kfkdq2wwwax2d";
})
(fetchurl {
url = mirror://ubuntu/dists/precise/universe/binary-i386/Packages.bz2;
sha256 = "085lkzbnzkc74kfdmwdc32sfqyfz8dr0rbiifk8kx9jih3xjw2jk";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" ];
};
ubuntu1204x86_64 = {
name = "ubuntu-12.04-precise-amd64";
fullName = "Ubuntu 12.04 Precise (amd64)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/precise/main/binary-amd64/Packages.bz2;
sha256 = "1aabpn0hdih6cbabyn87yvhccqj44q9k03mqmjsb920iqlckl3fc";
})
(fetchurl {
url = mirror://ubuntu/dists/precise/universe/binary-amd64/Packages.bz2;
sha256 = "0x4hz5aplximgb7gnpvrhkw8m7a40s80rkm5b8hil0afblwlg4vr";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" ];
};
ubuntu1404i386 = {
name = "ubuntu-14.04-trusty-i386";
fullName = "Ubuntu 14.04 Trusty (i386)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/trusty/main/binary-i386/Packages.bz2;
sha256 = "1d5y3v3v079gdq45hc07ja0bjlmzqfwdwwlq0brwxi8m75k3iz7x";
})
(fetchurl {
url = mirror://ubuntu/dists/trusty/universe/binary-i386/Packages.bz2;
sha256 = "03x9w92by320rfklrqhcl3qpwmnxds9c8ijl5zhcb21d6dcz5z1a";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1404x86_64 = {
name = "ubuntu-14.04-trusty-amd64";
fullName = "Ubuntu 14.04 Trusty (amd64)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/trusty/main/binary-amd64/Packages.bz2;
sha256 = "1hhzbyqfr5i0swahwnl5gfp5l9p9hspywb1vpihr3b74p1z935bh";
})
(fetchurl {
url = mirror://ubuntu/dists/trusty/universe/binary-amd64/Packages.bz2;
sha256 = "04560ba8s4z4v5iawknagrkn9q1nzvpn081ycmqvhh73p3p3g1jm";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1604i386 = {
name = "ubuntu-16.04-xenial-i386";
fullName = "Ubuntu 16.04 Xenial (i386)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/xenial/main/binary-i386/Packages.xz;
sha256 = "13r75sp4slqy8w32y5dnr7pp7p3cfvavyr1g7gwnlkyrq4zx4ahy";
})
(fetchurl {
url = mirror://ubuntu/dists/xenial/universe/binary-i386/Packages.xz;
sha256 = "14fid1rqm3sc0wlygcvn0yx5aljf51c2jpd4x0zxij4019316hsh";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1604x86_64 = {
name = "ubuntu-16.04-xenial-amd64";
fullName = "Ubuntu 16.04 Xenial (amd64)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/xenial/main/binary-amd64/Packages.xz;
sha256 = "110qnkhjkkwm316fbig3aivm2595ydz6zskc4ld5cr8ngcrqm1bn";
})
(fetchurl {
url = mirror://ubuntu/dists/xenial/universe/binary-amd64/Packages.xz;
sha256 = "0mm7gj491yi6q4v0n4qkbsm94s59bvqir6fk60j73w7y4la8rg68";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1710i386 = {
name = "ubuntu-17.10-artful-i386";
fullName = "Ubuntu 17.10 Artful (i386)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/artful/main/binary-i386/Packages.xz;
sha256 = "18yrj4kqdzm39q0527m97h5ing58hkm9yq9iyj636zh2rclym3c8";
})
(fetchurl {
url = mirror://ubuntu/dists/artful/universe/binary-i386/Packages.xz;
sha256 = "1v0njw2w80xfmxi7by76cs8hyxlla5h3gqajlpdw5srjgx2qrm2g";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1710x86_64 = {
name = "ubuntu-17.10-artful-amd64";
fullName = "Ubuntu 17.10 Artful (amd64)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/artful/main/binary-amd64/Packages.xz;
sha256 = "104g57j1l3vi8wb5f7rgjvjhf82ccs0vwhc59jfc4ynd51z7fqjk";
})
(fetchurl {
url = mirror://ubuntu/dists/artful/universe/binary-amd64/Packages.xz;
sha256 = "1qzs95wfy9inaskfx9cf1l5yd3aaqwzy72zzi9xyvkxi75k5gcn4";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1804i386 = {
name = "ubuntu-18.04-bionic-i386";
fullName = "Ubuntu 18.04 Bionic (i386)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/bionic/main/binary-i386/Packages.xz;
sha256 = "0f0v4131kwf7m7f8j3288rlqdxk1k3vqy74b7fcfd6jz9j8d840i";
})
(fetchurl {
url = mirror://ubuntu/dists/bionic/universe/binary-i386/Packages.xz;
sha256 = "1v75c0dqr0wp0dqd4hnci92qqs4hll8frqdbpswadgxm5chn91bw";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1804x86_64 = {
name = "ubuntu-18.04-bionic-amd64";
fullName = "Ubuntu 18.04 Bionic (amd64)";
packagesLists =
[ (fetchurl {
url = mirror://ubuntu/dists/bionic/main/binary-amd64/Packages.xz;
sha256 = "1ls81bjyvmfz6i919kszl7xks1ibrh1xqhsk6698ackndkm0wp39";
})
(fetchurl {
url = mirror://ubuntu/dists/bionic/universe/binary-amd64/Packages.xz;
sha256 = "1832nqpn4ap95b3sj870xqayrza9in4kih9jkmjax27pq6x15v1r";
})
];
urlPrefix = mirror://ubuntu;
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
debian8i386 = {
name = "debian-8.11-jessie-i386";
fullName = "Debian 8.11 Jessie (i386)";
packagesList = fetchurl {
url = mirror://debian/dists/jessie/main/binary-i386/Packages.xz;
sha256 = "0adblarhx50yga900il6m25ng0csa81i3wid1dxxmydbdmri7v7d";
};
urlPrefix = mirror://debian;
packages = commonDebianPackages;
};
debian8x86_64 = {
name = "debian-8.11-jessie-amd64";
fullName = "Debian 8.11 Jessie (amd64)";
packagesList = fetchurl {
url = mirror://debian/dists/jessie/main/binary-amd64/Packages.xz;
sha256 = "09y1mv4kqllhxpk1ibjsyl5jig5bp0qxw6pp4sn56rglrpygmn5x";
};
urlPrefix = mirror://debian;
packages = commonDebianPackages;
};
debian9i386 = {
name = "debian-9.8-stretch-i386";
fullName = "Debian 9.8 Stretch (i386)";
packagesList = fetchurl {
url = http://snapshot.debian.org/archive/debian/20190503T090946Z/dists/stretch/main/binary-i386/Packages.xz;
sha256 = "1dr3skl35iyj85qlc33lq4whippbqf327vnbcyfqqrv6h86k68mw";
};
urlPrefix = mirror://debian;
packages = commonDebianPackages;
};
debian9x86_64 = {
name = "debian-9.8-stretch-amd64";
fullName = "Debian 9.8 Stretch (amd64)";
packagesList = fetchurl {
url = http://snapshot.debian.org/archive/debian/20190503T090946Z/dists/stretch/main/binary-amd64/Packages.xz;
sha256 = "01q00nl47p12n7wx0xclx59wf3zlkzrgj3zxpshyvb91xdnw5sh6";
};
urlPrefix = mirror://debian;
packages = commonDebianPackages;
};
};
/* Common packages for Fedora images. */
commonFedoraPackages = [
"autoconf"
"automake"
"basesystem"
"bzip2"
"curl"
"diffutils"
"fedora-release"
"findutils"
"gawk"
"gcc-c++"
"gzip"
"make"
"patch"
"perl"
"pkgconf-pkg-config"
"rpm"
"rpm-build"
"tar"
"unzip"
];
commonCentOSPackages = [
"autoconf"
"automake"
"basesystem"
"bzip2"
"curl"
"diffutils"
"centos-release"
"findutils"
"gawk"
"gcc-c++"
"gzip"
"make"
"patch"
"perl"
"pkgconfig"
"rpm"
"rpm-build"
"tar"
"unzip"
];
commonRHELPackages = [
"autoconf"
"automake"
"basesystem"
"bzip2"
"curl"
"diffutils"
"findutils"
"gawk"
"gcc-c++"
"gzip"
"make"
"patch"
"perl"
"pkgconfig"
"procps-ng"
"rpm"
"rpm-build"
"tar"
"unzip"
];
/* Common packages for openSUSE images. */
commonOpenSUSEPackages = [
"aaa_base"
"autoconf"
"automake"
"bzip2"
"curl"
"diffutils"
"findutils"
"gawk"
"gcc-c++"
"gzip"
"make"
"patch"
"perl"
"pkg-config"
"rpm"
"tar"
"unzip"
"util-linux"
"gnu-getopt"
];
/* Common packages for Debian/Ubuntu images. */
commonDebPackages = [
"base-passwd"
"dpkg"
"libc6-dev"
"perl"
"bash"
"dash"
"gzip"
"bzip2"
"tar"
"grep"
"mawk"
"sed"
"findutils"
"g++"
"make"
"curl"
"patch"
"locales"
"coreutils"
# Needed by checkinstall:
"util-linux"
"file"
"dpkg-dev"
"pkg-config"
# Needed because it provides /etc/login.defs, whose absence causes
# the "passwd" post-installs script to fail.
"login"
"passwd"
];
commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" "mktemp" ];
/* A set of functions that build the Linux distributions specified
in `rpmDistros' and `debDistros'. For instance,
`diskImageFuns.ubuntu1004x86_64 { }' builds an Ubuntu 10.04 disk
image containing the default packages specified above. Overrides
of the default image parameters can be given. In particular,
`extraPackages' specifies the names of additional packages from
the distribution that should be included in the image; `packages'
allows the entire set of packages to be overriden; and `size'
sets the size of the disk in megabytes. E.g.,
`diskImageFuns.ubuntu1004x86_64 { extraPackages = ["firefox"];
size = 8192; }' builds an 8 GiB image containing Firefox in
addition to the default packages. */
diskImageFuns =
(lib.mapAttrs (name: as: as2: makeImageFromRPMDist (as // as2)) rpmDistros) //
(lib.mapAttrs (name: as: as2: makeImageFromDebDist (as // as2)) debDistros);
/* Shorthand for `diskImageFuns.<attr> { extraPackages = ... }'. */
diskImageExtraFuns =
lib.mapAttrs (name: f: extraPackages: f { inherit extraPackages; }) diskImageFuns;
/* Default disk images generated from the `rpmDistros' and
`debDistros' sets. */
diskImages = lib.mapAttrs (name: f: f {}) diskImageFuns;
} // import ./windows pkgs