Merge pull request #202847 from sandydoo/feature/support-rosetta

nixos/rosetta: init module
This commit is contained in:
Arian van Putten 2022-11-29 10:52:02 +00:00 committed by GitHub
commit 251e8305bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 90 additions and 1 deletions

View File

@ -82,7 +82,7 @@
</section>
<section xml:id="sec-release-23.05-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist spacing="compact">
<itemizedlist>
<listitem>
<para>
The module for the application firewall
@ -91,6 +91,19 @@
<link linkend="opt-services.opensnitch.rules">services.opensnitch.rules</link>
</para>
</listitem>
<listitem>
<para>
A new <literal>virtualisation.rosetta</literal> module was
added to allow running <literal>x86_64</literal> binaries
through
<link xlink:href="https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment">Rosetta</link>
inside virtualised NixOS guests on Apple silicon. This feature
works by default with the
<link xlink:href="https://docs.getutm.app/">UTM</link>
virtualisation
<link xlink:href="https://search.nixos.org/packages?channel=unstable&amp;show=utm&amp;from=0&amp;size=1&amp;sort=relevance&amp;type=packages&amp;query=utm">package</link>.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View File

@ -34,3 +34,5 @@ In addition to numerous new and upgraded packages, this release has the followin
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules)
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).

View File

@ -1329,6 +1329,7 @@
./virtualisation/parallels-guest.nix
./virtualisation/podman/default.nix
./virtualisation/qemu-guest-agent.nix
./virtualisation/rosetta.nix
./virtualisation/spice-usb-redirection.nix
./virtualisation/virtualbox-guest.nix
./virtualisation/virtualbox-host.nix

View File

@ -0,0 +1,73 @@
{ config, lib, pkgs, ... }:
let
cfg = config.virtualisation.rosetta;
inherit (lib) types;
in
{
options = {
virtualisation.rosetta.enable = lib.mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) support.
This feature requires the system to be a virtualised guest on an Apple silicon host.
The default settings are suitable for the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
Make sure to select 'Apple Virtualization' as the virtualisation engine and then tick the 'Enable Rosetta' option.
'';
};
virtualisation.rosetta.mountPoint = lib.mkOption {
type = types.str;
default = "/run/rosetta";
internal = true;
description = lib.mdDoc ''
The mount point for the Rosetta runtime inside the guest system.
The proprietary runtime is exposed through a VirtioFS directory share and then mounted at this directory.
'';
};
virtualisation.rosetta.mountTag = lib.mkOption {
type = types.str;
default = "rosetta";
description = lib.mdDoc ''
The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software.
If supported, your virtualisation software should provide instructions on how register the Rosetta runtime inside Linux guests.
These instructions should mention the name of the mount tag used for the VirtioFS directory share that contains the Rosetta runtime.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = pkgs.stdenv.hostPlatform.isAarch64;
message = "Rosetta is only supported on aarch64 systems";
}
];
fileSystems."${cfg.mountPoint}" = {
device = cfg.mountTag;
fsType = "virtiofs";
};
boot.binfmt.registrations.rosetta = {
interpreter = "${cfg.mountPoint}/rosetta";
# The required flags for binfmt are documented by Apple:
# https://developer.apple.com/documentation/virtualization/running_intel_binaries_in_linux_vms_with_rosetta
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
fixBinary = true;
matchCredentials = true;
preserveArgvZero = false;
# Remove the shell wrapper and call the runtime directly
wrapInterpreterInShell = false;
};
};
}