nixpkgs/pkgs/applications/virtualization/qemu/default.nix

283 lines
13 KiB
Nix
Raw Normal View History

{ lib, stdenv, fetchurl, fetchpatch, python, zlib, pkg-config, glib
, perl, pixman, vde2, alsa-lib, texinfo, flex
2021-08-27 08:16:15 +00:00
, bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool
, makeWrapper, runtimeShell
, attr, libcap, libcap_ng
, CoreServices, Cocoa, Hypervisor, rez, setfile
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
, seccompSupport ? stdenv.isLinux, libseccomp
, alsaSupport ? lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner
, pulseSupport ? !stdenv.isDarwin && !nixosTestRunner, libpulseaudio
, sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2, SDL2_image
, gtkSupport ? !stdenv.isDarwin && !xenSupport && !nixosTestRunner, gtk3, gettext, vte, wrapGAppsHook
, vncSupport ? !nixosTestRunner, libjpeg, libpng
, smartcardSupport ? !nixosTestRunner, libcacard
, spiceSupport ? !stdenv.isDarwin && !nixosTestRunner, spice, spice-protocol
, ncursesSupport ? !nixosTestRunner, ncurses
, usbredirSupport ? spiceSupport, usbredir
2016-11-02 16:06:48 +00:00
, xenSupport ? false, xen
, cephSupport ? false, ceph
2021-05-05 20:05:21 +00:00
, glusterfsSupport ? false, glusterfs, libuuid
, openGLSupport ? sdlSupport, mesa, libepoxy, libdrm
2018-03-25 21:33:23 +00:00
, virglSupport ? openGLSupport, virglrenderer
2020-08-12 11:47:41 +00:00
, libiscsiSupport ? true, libiscsi
, smbdSupport ? false, samba
2020-07-11 20:33:40 +00:00
, tpmSupport ? true
2021-11-14 22:12:02 +00:00
, uringSupport ? stdenv.isLinux, liburing
, hostCpuOnly ? false
, hostCpuTargets ? (if hostCpuOnly
then (lib.optional stdenv.isx86_64 "i386-softmmu"
++ ["${stdenv.hostPlatform.qemuArch}-softmmu"])
else null)
, nixosTestRunner ? false
2013-07-04 15:44:44 +00:00
}:
let
2021-08-04 18:54:48 +00:00
audio = lib.optionalString alsaSupport "alsa,"
+ lib.optionalString pulseSupport "pa,"
+ lib.optionalString sdlSupport "sdl,";
in
2013-07-31 12:50:42 +00:00
stdenv.mkDerivation rec {
2019-11-05 15:20:59 +00:00
pname = "qemu"
2021-01-15 05:42:41 +00:00
+ lib.optionalString xenSupport "-xen"
+ lib.optionalString hostCpuOnly "-host-cpu-only"
+ lib.optionalString nixosTestRunner "-for-vm-tests";
2021-08-27 08:16:15 +00:00
version = "6.1.0";
src = fetchurl {
2020-04-27 19:48:18 +00:00
url= "https://download.qemu.org/qemu-${version}.tar.xz";
2021-08-27 08:16:15 +00:00
sha256 = "15iw7982g6vc4jy1l9kk1z9sl5bm1bdbwr74y7nvwjs1nffhig7f";
};
nativeBuildInputs = [ makeWrapper python python.pkgs.sphinx python.pkgs.sphinx_rtd_theme pkg-config flex bison meson ninja ]
2021-08-04 18:54:48 +00:00
++ lib.optionals gtkSupport [ wrapGAppsHook ]
2021-08-27 08:16:15 +00:00
++ lib.optionals stdenv.isDarwin [ sigtool ];
2021-08-04 18:54:48 +00:00
buildInputs = [ zlib glib perl pixman
2021-08-27 08:16:15 +00:00
vde2 texinfo lzo snappy libtasn1
2021-08-04 18:54:48 +00:00
gnutls nettle curl
]
++ lib.optionals ncursesSupport [ ncurses ]
++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ]
++ lib.optionals seccompSupport [ libseccomp ]
++ lib.optionals numaSupport [ numactl ]
++ lib.optionals alsaSupport [ alsa-lib ]
2021-08-04 18:54:48 +00:00
++ lib.optionals pulseSupport [ libpulseaudio ]
++ lib.optionals sdlSupport [ SDL2 SDL2_image ]
++ lib.optionals gtkSupport [ gtk3 gettext vte ]
++ lib.optionals vncSupport [ libjpeg libpng ]
++ lib.optionals smartcardSupport [ libcacard ]
++ lib.optionals spiceSupport [ spice-protocol spice ]
++ lib.optionals usbredirSupport [ usbredir ]
++ lib.optionals stdenv.isLinux [ libaio libcap_ng libcap attr ]
2021-08-04 18:54:48 +00:00
++ lib.optionals xenSupport [ xen ]
++ lib.optionals cephSupport [ ceph ]
++ lib.optionals glusterfsSupport [ glusterfs libuuid ]
++ lib.optionals openGLSupport [ mesa libepoxy libdrm ]
2021-08-04 18:54:48 +00:00
++ lib.optionals virglSupport [ virglrenderer ]
++ lib.optionals libiscsiSupport [ libiscsi ]
2021-11-14 22:12:02 +00:00
++ lib.optionals smbdSupport [ samba ]
++ lib.optionals uringSupport [ liburing ];
dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build
outputs = [ "out" "ga" ];
# On aarch64-linux we would shoot over the Hydra's 2G output limit.
separateDebugInfo = !(stdenv.isAarch64 && stdenv.isLinux);
2018-08-10 18:59:53 +00:00
patches = [
./fix-qemu-ga.patch
qemu: Apply interim fix for overlayfs + O_NOATIME Our VM tests and everything related to our virtualisation infrastructure is currently broken if used with kernel 4.19 or later. The reason for this is that since 4.19, overlayfs uses the O_NOATIME flag when opening files in lowerdir and this doesn't play nice with the way we pass the Nix store to our QEMU guests. On a NixOS system, paths in the Nix store are typically owned by root but the QEMU process is usually run by an ordinary user. Using O_NOATIME on a file where you're not the owner (or superuser) will return with EPERM (Operation not permitted). This is exactly what happens in our VM tests, because we're using overlayfs in the guests to allow writes to the store. Another implication of this is that the default kernel version for NixOS 19.03 has been reverted to Linux 4.14. Work on getting this upstream is still ongoing and the patch I posted previously was incomplete, needs rework and also some more review from upstream maintainers - in summary: This will take a while. So instead of rushing in a kernel patch to nixpkgs, which will affect all users of overlayfs, not just NixOS VM tests, I opted to patch QEMU for now to ignore the O_NOATIME flag in 9p. I think this is also the least impacting change, because even if you care about whether access times are written or not, you get the same behaviour as with Linux 4.19 in conjunction with QEMU. Signed-off-by: aszlig <aszlig@nix.build> Fixes: https://github.com/NixOS/nixpkgs/issues/54509
2019-03-14 13:56:55 +00:00
./9p-ignore-noatime.patch
2021-08-27 08:16:15 +00:00
# Cocoa clipboard support only works on macOS 10.14+
(fetchpatch {
2021-08-27 08:16:15 +00:00
url = "https://gitlab.com/qemu-project/qemu/-/commit/7e3e20d89129614f4a7b2451fe321cc6ccca3b76.diff";
sha256 = "09xz06g57wxbacic617pq9c0qb7nly42gif0raplldn5lw964xl2";
revert = true;
})
(fetchpatch {
name = "CVE-2021-3713.patch"; # remove with next release
url = "https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a.patch";
sha256 = "0lkzfc7gdlvj4rz9wk07fskidaqysmx8911g914ds1jnczgk71mf";
})
# Fixes a crash that frequently happens in some setups that share /nix/store over 9p like nixos tests
# on some systems. Remove with next release.
(fetchpatch {
name = "fix-crash-in-v9fs_walk.patch";
url = "https://gitlab.com/qemu-project/qemu/-/commit/f83df00900816476cca41bb536e4d532b297d76e.patch";
sha256 = "sha256-LYGbBLS5YVgq8Bf7NVk7HBFxXq34NmZRPCEG79JPwk8=";
})
# Fixes an io error on discard/unmap operation for aio/file backend. Remove with next release.
(fetchpatch {
name = "fix-aio-discard-return-value.patch";
url = "https://gitlab.com/qemu-project/qemu/-/commit/13a028336f2c05e7ff47dfdaf30dfac7f4883e80.patch";
sha256 = "sha256-23xVixVl+JDBNdhe5j5WY8CB4MsnUo+sjrkAkG+JS6M=";
})
# Fixes managedsave (snapshot creation) with QXL video device. Remove with next release.
(fetchpatch {
name = "qxl-fix-pre-save-logic.patch";
url = "https://gitlab.com/qemu-project/qemu/-/commit/eb94846280df3f1e2a91b6179fc05f9890b7e384.patch";
sha256 = "sha256-p31fd47RTSw928DOMrubQQybnzDAGm23z4Yhe+hGJQ8=";
})
# Fixes socket_sockaddr_to_address_unix assertion errors in some setups. Remove with next release.
(fetchpatch {
name = "fix-unix-socket-path-copy-again.patch";
url = "https://gitlab.com/qemu-project/qemu/-/commit/118d527f2e4baec5fe8060b22a6212468b8e4d3f.patch";
sha256 = "sha256-ox+JSpc0pqd3bMi5Ot7ljQyk70SX8g+BLufR06mZPps=";
})
2021-08-04 18:54:48 +00:00
] ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch
++ lib.optionals stdenv.hostPlatform.isMusl [
./sigrtminmax.patch
(fetchpatch {
url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch";
sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav";
})
] ++ lib.optionals stdenv.isDarwin [
# The Hypervisor.framework support patch converted something that can be applied:
# * https://patchwork.kernel.org/project/qemu-devel/list/?series=548227
# The base revision is whatever commit there is before the series starts:
# * https://github.com/patchew-project/qemu/commits/patchew/20210916155404.86958-1-agraf%40csgraf.de
# The target revision is what patchew has as the series tag from patchwork:
# * https://github.com/patchew-project/qemu/releases/tag/patchew%2F20210916155404.86958-1-agraf%40csgraf.de
(fetchpatch {
url = "https://github.com/patchew-project/qemu/compare/7adb961995a3744f51396502b33ad04a56a317c3..d2603c06d9c4a28e714b9b70fe5a9d0c7b0f934d.diff";
sha256 = "sha256-nSi5pFf9+EefUmyJzSEKeuxOt39ztgkXQyUB8fTHlcY=";
})
];
postPatch = ''
# Otherwise tries to ensure /var/run exists.
sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \
qga/meson.build
2021-05-31 16:34:55 +00:00
# glibc 2.33 compat fix: if `has_statx = true` is set, `tools/virtiofsd/passthrough_ll.c` will
# rely on `stx_mnt_id`[1] which is not part of glibc's `statx`-struct definition.
#
# `has_statx` will be set to `true` if a simple C program which uses a few `statx`
# consts & struct fields successfully compiles. It seems as this only builds on glibc-2.33
# since most likely[2] and because of that, the problematic code-path will be used.
#
# [1] https://github.com/torvalds/linux/commit/fa2fcf4f1df1559a0a4ee0f46915b496cc2ebf60#diff-64bab5a0a3fcb55e1a6ad77b1dfab89d2c9c71a770a07ecf44e6b82aae76a03a
# [2] https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=io/bits/statx-generic.h;h=c34697e3c1fd79cddd60db294302e461ed8db6e2;hp=7a09e94be2abb92d2df612090c132e686a24d764;hb=88a2cf6c4bab6e94a65e9c0db8813709372e9180;hpb=c4e4b2e149705559d28b16a9b47ba2f6142d6a6c
substituteInPlace meson.build \
--replace 'has_statx = cc.links(statx_test)' 'has_statx = false'
'';
preConfigure = ''
unset CPP # intereferes with dependency calculation
# this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang
chmod +x ./scripts/shaderinclude.pl
patchShebangs .
# avoid conflicts with libc++ include for <version>
mv VERSION QEMU_VERSION
substituteInPlace configure \
--replace '$source_path/VERSION' '$source_path/QEMU_VERSION'
substituteInPlace meson.build \
--replace "'VERSION'" "'QEMU_VERSION'"
2021-08-04 18:54:48 +00:00
'' + lib.optionalString stdenv.hostPlatform.isMusl ''
NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H"
'';
2021-08-04 18:54:48 +00:00
configureFlags = [
"--audio-drv-list=${audio}"
"--disable-strip" # We'll strip ourselves after separating debug info.
2021-08-04 18:54:48 +00:00
"--enable-docs"
"--enable-tools"
"--enable-guest-agent"
"--localstatedir=/var"
"--sysconfdir=/etc"
# Always use our Meson, not the bundled version, which doesn't
# have our patches and will be subtly broken because of that.
"--meson=meson"
2021-08-04 18:54:48 +00:00
] ++ lib.optional numaSupport "--enable-numa"
++ lib.optional seccompSupport "--enable-seccomp"
++ lib.optional smartcardSupport "--enable-smartcard"
++ lib.optional spiceSupport "--enable-spice"
++ lib.optional usbredirSupport "--enable-usb-redir"
++ lib.optional (hostCpuTargets != null) "--target-list=${lib.concatStringsSep "," hostCpuTargets}"
++ lib.optional stdenv.isDarwin "--enable-cocoa"
++ lib.optional stdenv.isDarwin "--enable-hvf"
++ lib.optional stdenv.isLinux "--enable-linux-aio"
++ lib.optional gtkSupport "--enable-gtk"
++ lib.optional xenSupport "--enable-xen"
++ lib.optional cephSupport "--enable-rbd"
++ lib.optional glusterfsSupport "--enable-glusterfs"
++ lib.optional openGLSupport "--enable-opengl"
++ lib.optional virglSupport "--enable-virglrenderer"
++ lib.optional tpmSupport "--enable-tpm"
++ lib.optional libiscsiSupport "--enable-libiscsi"
2021-11-14 22:12:02 +00:00
++ lib.optional smbdSupport "--smbd=${samba}/bin/smbd"
++ lib.optional uringSupport "--enable-linux-io-uring";
doCheck = false; # tries to access /dev
dontWrapGApps = true;
# QEMU attaches entitlements with codesign and strip removes those,
# voiding the entitlements and making it non-operational.
# The alternative is to re-sign with entitlements after stripping:
# * https://github.com/qemu/qemu/blob/v6.1.0/scripts/entitlement.sh#L25
dontStrip = stdenv.isDarwin;
postFixup = ''
# the .desktop is both invalid and pointless
rm -f $out/share/applications/qemu.desktop
# copy qemu-ga (guest agent) to separate output
mkdir -p $ga/bin
cp $out/bin/qemu-ga $ga/bin/
2021-08-04 18:54:48 +00:00
'' + lib.optionalString gtkSupport ''
# wrap GTK Binaries
for f in $out/bin/qemu-system-*; do
wrapGApp $f
done
'';
preBuild = "cd build";
2016-04-07 23:45:53 +00:00
# Add a qemu-kvm wrapper for compatibility/convenience.
postInstall = ''
2021-12-02 08:54:49 +00:00
install -m755 -D $emitKvmWarningsPath $out/libexec/emit-kvm-warnings
if [ -x $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} ]; then
makeWrapper $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} \
$out/bin/qemu-kvm \
--run $out/libexec/emit-kvm-warnings \
--add-flags "\$([ -r /dev/kvm -a -w /dev/kvm ] && echo -enable-kvm)"
fi
'';
passthru = {
qemu-system-i386 = "bin/qemu-system-i386";
};
# Builds in ~3h with 2 cores, and ~20m with a big-parallel builder.
requiredSystemFeatures = [ "big-parallel" ];
emitKvmWarnings = ''
#!${runtimeShell}
WARNCOL='\033[1;35m'
NEUTRALCOL='\033[0m'
WARNING="''${WARNCOL}warning:''${NEUTRALCOL}"
if [ ! -e /dev/kvm ]; then
echo -e "''${WARNING} KVM is not available - execution will be slow" >&2
echo "Consider installing KVM for hardware-accelerated execution." >&2
echo "If KVM is already installed make sure the kernel module is loaded." >&2
elif [ ! -r /dev/kvm -o ! -w /dev/kvm ]; then
echo -e "''${WARNING} /dev/kvm is not read-/writable - execution will be slow" >&2
echo "/dev/kvm needs to be read-/writable by the user executing QEMU." >&2
echo "" >&2
echo "For hardware-acceleration inside the nix build sandbox /dev/kvm" >&2
echo "must be world-read-/writable (rw-rw-rw-)." >&2
fi
'';
passAsFile = [ "emitKvmWarnings" ];
meta = with lib; {
homepage = "http://www.qemu.org/";
2013-07-04 14:52:43 +00:00
description = "A generic and open source machine emulator and virtualizer";
2014-02-20 20:02:55 +00:00
license = licenses.gpl2Plus;
maintainers = with maintainers; [ eelco qyliss ];
platforms = platforms.unix;
};
}