nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-12 08:43:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
4c1ddb3a57
nixpkgs/pkgs/applications/virtualization/qemu/default.nix
aszlig 4c1ddb3a57
qemu: Apply interim fix for overlayfs + O_NOATIME 
Our VM tests and everything related to our virtualisation infrastructure
is currently broken if used with kernel 4.19 or later.

The reason for this is that since 4.19, overlayfs uses the O_NOATIME
flag when opening files in lowerdir and this doesn't play nice with the
way we pass the Nix store to our QEMU guests.

On a NixOS system, paths in the Nix store are typically owned by root
but the QEMU process is usually run by an ordinary user. Using O_NOATIME
on a file where you're not the owner (or superuser) will return with
EPERM (Operation not permitted).

This is exactly what happens in our VM tests, because we're using
overlayfs in the guests to allow writes to the store.

Another implication of this is that the default kernel version for NixOS
19.03 has been reverted to Linux 4.14.

Work on getting this upstream is still ongoing and the patch I posted
previously was incomplete, needs rework and also some more review from
upstream maintainers - in summary: This will take a while.

So instead of rushing in a kernel patch to nixpkgs, which will affect
all users of overlayfs, not just NixOS VM tests, I opted to patch QEMU
for now to ignore the O_NOATIME flag in 9p.

I think this is also the least impacting change, because even if you
care about whether access times are written or not, you get the same
behaviour as with Linux 4.19 in conjunction with QEMU.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/54509
2019-03-18 13:34:30 +01:00

159 lines
5.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, fetchpatch, python2, zlib, pkgconfig, glib
, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex
, bison, lzo, snappy, libaio, gnutls, nettle, curl
, makeWrapper
, attr, libcap, libcap_ng
, CoreServices, Cocoa, Hypervisor, rez, setfile
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
, seccompSupport ? stdenv.isLinux, libseccomp
, pulseSupport ? !stdenv.isDarwin, libpulseaudio
, sdlSupport ? !stdenv.isDarwin, SDL2
, gtkSupport ? !stdenv.isDarwin && !xenSupport, gtk3, gettext, vte
, vncSupport ? true, libjpeg, libpng
, smartcardSupport ? true, libcacard
, spiceSupport ? !stdenv.isDarwin, spice, spice-protocol
, usbredirSupport ? spiceSupport, usbredir
, xenSupport ? false, xen
, cephSupport ? false, ceph
, openGLSupport ? sdlSupport, mesa_noglu, epoxy, libdrm
, virglSupport ? openGLSupport, virglrenderer
, smbdSupport ? false, samba
, hostCpuOnly ? false
, hostCpuTargets ? (if hostCpuOnly
then (stdenv.lib.optional stdenv.isx86_64 "i386-softmmu"
++ ["${stdenv.hostPlatform.qemuArch}-softmmu"])
else null)
, nixosTestRunner ? false
}:
with stdenv.lib;
let
audio = optionalString (hasSuffix "linux" stdenv.hostPlatform.system) "alsa,"
+ optionalString pulseSupport "pa,"
+ optionalString sdlSupport "sdl,";
in
stdenv.mkDerivation rec {
version = "3.1.0";
name = "qemu-"
+ stdenv.lib.optionalString xenSupport "xen-"
+ stdenv.lib.optionalString hostCpuOnly "host-cpu-only-"
+ stdenv.lib.optionalString nixosTestRunner "for-vm-tests-"
+ version;
src = fetchurl {
url = "https://wiki.qemu.org/download/qemu-${version}.tar.bz2";
sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq";
};
buildInputs =
[ python2 zlib pkgconfig glib ncurses perl pixman
vde2 texinfo flex bison makeWrapper lzo snappy
gnutls nettle curl
]
++ optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ]
++ optionals seccompSupport [ libseccomp ]
++ optionals numaSupport [ numactl ]
++ optionals pulseSupport [ libpulseaudio ]
++ optionals sdlSupport [ SDL2 ]
++ optionals gtkSupport [ gtk3 gettext vte ]
++ optionals vncSupport [ libjpeg libpng ]
++ optionals smartcardSupport [ libcacard ]
++ optionals spiceSupport [ spice-protocol spice ]
++ optionals usbredirSupport [ usbredir ]
++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ]
++ optionals xenSupport [ xen ]
++ optionals cephSupport [ ceph ]
++ optionals openGLSupport [ mesa_noglu epoxy libdrm ]
++ optionals virglSupport [ virglrenderer ]
++ optionals smbdSupport [ samba ];
enableParallelBuilding = true;
outputs = [ "out" "ga" ];
patches = [
./no-etc-install.patch
./fix-qemu-ga.patch
./9p-ignore-noatime.patch
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optional pulseSupport ./fix-hda-recording.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {
url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/xattr_size_max.patch;
sha256 = "1xfdjs1jlvs99hpf670yianb8c3qz2ars8syzyz8f2c2cp5y4bxb";
})
(fetchpatch {
url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/musl-F_SHLCK-and-F_EXLCK.patch;
sha256 = "1gm67v41gw6apzgz7jr3zv9z80wvkv0jaxd2w4d16hmipa8bhs0k";
})
./sigrtminmax.patch
(fetchpatch {
url = https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch;
sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav";
})
];
hardeningDisable = [ "stackprotector" ];
preConfigure = ''
unset CPP # intereferes with dependency calculation
'' + optionalString stdenv.hostPlatform.isMusl ''
NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H"
'';
configureFlags =
[ "--audio-drv-list=${audio}"
"--sysconfdir=/etc"
"--localstatedir=/var"
]
# disable sysctl check on darwin.
++ optional stdenv.isDarwin "--cpu=x86_64"
++ optional numaSupport "--enable-numa"
++ optional seccompSupport "--enable-seccomp"
++ optional smartcardSupport "--enable-smartcard"
++ optional spiceSupport "--enable-spice"
++ optional usbredirSupport "--enable-usb-redir"
++ optional (hostCpuTargets != null) "--target-list=${stdenv.lib.concatStringsSep "," hostCpuTargets}"
++ optional stdenv.isDarwin "--enable-cocoa"
++ optional stdenv.isDarwin "--enable-hvf"
++ optional stdenv.isLinux "--enable-linux-aio"
++ optional gtkSupport "--enable-gtk"
++ optional xenSupport "--enable-xen"
++ optional cephSupport "--enable-rbd"
++ optional openGLSupport "--enable-opengl"
++ optional virglSupport "--enable-virglrenderer"
++ optional smbdSupport "--smbd=${samba}/bin/smbd";
doCheck = false; # tries to access /dev
postFixup =
''
# copy qemu-ga (guest agent) to separate output
mkdir -p $ga/bin
cp $out/bin/qemu-ga $ga/bin/
'';
# Add a qemu-kvm wrapper for compatibility/convenience.
postInstall = ''
if [ -x $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} ]; then
makeWrapper $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} \
$out/bin/qemu-kvm \
--add-flags "\$([ -e /dev/kvm ] && echo -enable-kvm)"
fi
'';
passthru = {
qemu-system-i386 = "bin/qemu-system-i386";
};
meta = with stdenv.lib; {
homepage = http://www.qemu.org/;
description = "A generic and open source machine emulator and virtualizer";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ eelco ];
platforms = platforms.linux ++ platforms.darwin;
};
}
Reference in New Issue View Git Blame Copy Permalink