In order to use the Virtualization framework at runtime, a macOS binary
must be signed with the appropriate entitlement(s). The default targets
in the linuxkit Makefiles would do this for us, but the current package
definition does not use those Makefiles, so we must call the right
target directly.
The wrapper that linuxkit uses around the macOS Virtualization framework
tries to detect which OS it is running on, and aborts if it thinks that
the macOS version is not new enough to have the required framework
features. This commit (mostly) fixes that macOS version detection when
the code is linked as if it is linked against the 10.12 SDK (as the
current Darwin ld wrapper does via the -platform_version switch), but is
then run on macOS 11 or later.
Nixpkgs on Darwin can currently build against either the macOS 10.12 or
the 11 SDK, but some vendored code in linuxkit expects at least the
macOS 12 SDK at build time, even though useful parts of that vendored
code still run on macOS 11, and the rest of linuxkit still runs on
10.12. This commit enables building against the macOS 11 SDK.
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.