commit 8cf52f2c033c69cd05de7fd23cb6b5d89813911f · pyrox.dev/nixpkgs

-56

pkgs/applications/virtualization/xen/4.18/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         lib,

     

       3
       3
       -
         fetchpatch,

     

       4
       4
       -
         callPackage,

     

       5
       5
       -
         ocaml-ng,

     

       6
       6
       -
         ...

     

       7
       7
       -
       }@genericDefinition:

     

       8
       8
       -
       

     

       9
       9
       -
       let

     

       10
       10
       -
         upstreamPatches = import ../generic/patches.nix {

     

       11
       11
       -
           inherit lib;

     

       12
       12
       -
           inherit fetchpatch;

     

       13
       13
       -
         };

     

       14
       14
       -
       

     

       15
       15
       -
         upstreamPatchList = lib.lists.flatten (

     

       16
       16
       -
           with upstreamPatches;

     

       17
       17
       -
           [

     

       18
       18
       -
             QUBES_REPRODUCIBLE_BUILDS

     

       19
       19
       -
             XSA_462

     

       20
       20
       -
           ]

     

       21
       21
       -
         );

     

       22
       22
       -
       in

     

       23
       23
       -
       

     

       24
       24
       -
       callPackage (import ../generic/default.nix {

     

       25
       25
       -
         pname = "xen";

     

       26
       26
       -
         branch = "4.18";

     

       27
       27
       -
         version = "4.18.3";

     

       28
       28
       -
         latest = false;

     

       29
       29
       -
         pkg = {

     

       30
       30
       -
           xen = {

     

       31
       31
       -
             rev = "bd51e573a730efc569646379cd59ccba967cde97";

     

       32
       32
       -
             hash = "sha256-OFiFdpPCXR+sWjzFHCORtY4DkWyggvxkcsGdgEyO1ts=";

     

       33
       33
       -
             patches = [ ] ++ upstreamPatchList;

     

       34
       34
       -
           };

     

       35
       35
       -
           qemu = {

     

       36
       36
       -
             rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";

     

       37
       37
       -
             hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";

     

       38
       38
       -
             patches = [ ];

     

       39
       39
       -
           };

     

       40
       40
       -
           seaBIOS = {

     

       41
       41
       -
             rev = "ea1b7a0733906b8425d948ae94fba63c32b1d425";

     

       42
       42
       -
             hash = "sha256-J2FuT+FXn9YoFLSfxDOxyKZvKrys59a6bP1eYvEXVNU=";

     

       43
       43
       -
             patches = [ ];

     

       44
       44
       -
           };

     

       45
       45
       -
           ovmf = {

     

       46
       46
       -
             rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";

     

       47
       47
       -
             hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";

     

       48
       48
       -
             patches = [ ];

     

       49
       49
       -
           };

     

       50
       50
       -
           ipxe = {

     

       51
       51
       -
             rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";

     

       52
       52
       -
             hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";

     

       53
       53
       -
             patches = [ ];

     

       54
       54
       -
           };

     

       55
       55
       -
         };

     

       56
       56
       -
       }) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

-58

pkgs/applications/virtualization/xen/4.19/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         lib,

     

       3
       3
       -
         fetchpatch,

     

       4
       4
       -
         callPackage,

     

       5
       5
       -
         ocaml-ng,

     

       6
       6
       -
         ...

     

       7
       7
       -
       }@genericDefinition:

     

       8
       8
       -
       

     

       9
       9
       -
       let

     

       10
       10
       -
         upstreamPatches = import ../generic/patches.nix {

     

       11
       11
       -
           inherit lib;

     

       12
       12
       -
           inherit fetchpatch;

     

       13
       13
       -
         };

     

       14
       14
       -
       

     

       15
       15
       -
         upstreamPatchList = lib.lists.flatten (

     

       16
       16
       -
           with upstreamPatches;

     

       17
       17
       -
           [

     

       18
       18
       -
             QUBES_REPRODUCIBLE_BUILDS

     

       19
       19
       -
             XSA_460

     

       20
       20
       -
             XSA_461

     

       21
       21
       -
             XSA_462

     

       22
       22
       -
           ]

     

       23
       23
       -
         );

     

       24
       24
       -
       in

     

       25
       25
       -
       

     

       26
       26
       -
       callPackage (import ../generic/default.nix {

     

       27
       27
       -
         pname = "xen";

     

       28
       28
       -
         branch = "4.19";

     

       29
       29
       -
         version = "4.19.0";

     

       30
       30
       -
         latest = true;

     

       31
       31
       -
         pkg = {

     

       32
       32
       -
           xen = {

     

       33
       33
       -
             rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";

     

       34
       34
       -
             hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";

     

       35
       35
       -
             patches = [ ] ++ upstreamPatchList;

     

       36
       36
       -
           };

     

       37
       37
       -
           qemu = {

     

       38
       38
       -
             rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";

     

       39
       39
       -
             hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";

     

       40
       40
       -
             patches = [ ];

     

       41
       41
       -
           };

     

       42
       42
       -
           seaBIOS = {

     

       43
       43
       -
             rev = "a6ed6b701f0a57db0569ab98b0661c12a6ec3ff8";

     

       44
       44
       -
             hash = "sha256-hWemj83cxdY8p+Jhkh5GcPvI0Sy5aKYZJCsKDjHTUUk=";

     

       45
       45
       -
             patches = [ ];

     

       46
       46
       -
           };

     

       47
       47
       -
           ovmf = {

     

       48
       48
       -
             rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";

     

       49
       49
       -
             hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";

     

       50
       50
       -
             patches = [ ];

     

       51
       51
       -
           };

     

       52
       52
       -
           ipxe = {

     

       53
       53
       -
             rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";

     

       54
       54
       -
             hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";

     

       55
       55
       -
             patches = [ ];

     

       56
       56
       -
           };

     

       57
       57
       -
         };

     

       58
       58
       -
       }) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

+20 -45

pkgs/applications/virtualization/xen/README.md pkgs/by-name/xe/xen/README.md

···

       17
       17
        
       

     

       18
       18
        
       # Xen Project Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>

     

       19
       19
        
       

     

       20
       20
       -
       This directory includes the build recipes for the [Xen Project Hypervisor](https://xenproject.org/).

     

       20
       20
       +
       This directory begins the [Xen Project Hypervisor](https://xenproject.org/) build process.

     

       21
       21
        
       

     

       22
       22
        
       Some other notable packages that compose the Xen Project Ecosystem include:

     

       23
       23
        
       

     
···

       32
       32
        
       

     

       33
       33
        
       ### Manually

     

       34
       34
        
       

     

       35
       35
       -
       1. Create one directory per branch.

     

       36
       36
       -
       1. [Update](https://xenbits.xenproject.org/gitweb/) the `default.nix` files for

     

       37
       37
       -
          the branches that already exist and copy a new one to any branches that do

     

       38
       38
       -
          not yet exist in Nixpkgs.

     

       39
       39
       -
          - Do not forget to set the `branch`, `version`, and `latest` attributes for

     

       40
       40
       -
            each of the `default.nix` files.

     

       35
       35
       +
       1. [Update](https://xenbits.xenproject.org/gitweb/) the `package.nix` file for

     

       36
       36
       +
          the latest branch of Xen.

     

       37
       37
       +
          - Do not forget to set the `branch`, `version`, and `latest` attributes.

     

       41
       38
        
          - The revisions are preferably commit hashes, but tag names are acceptable

     

       42
       39
        
            as well.

     

       43
       43
       -
       1. Make sure all branches build. (Both the `standard` and `slim` versions)

     

       44
       44
       -
       1. Use the NixOS module to test if dom0 boots successfully on all new versions.

     

       40
       40
       +
       1. Make sure it builds.

     

       41
       41
       +
       1. Use the NixOS module to test if dom0 boots successfully on the new version.

     

       45
       42
        
       1. Make sure the `meta` attributes evaluate to something that makes sense. The

     

       46
       43
        
          following one-line command is useful for testing this:

     

       47
       44
        
       

     

       48
       45
        
          ```console

     

       49
       49
       -
          xenToEvaluate=xen; echo -e "\033[1m$(nix eval .#"$xenToEvaluate".meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#"$xenToEvaluate".meta.longDescription --raw 2> /dev/null)"

     

       46
       46
       +
          echo -e "\033[1m$(nix eval .#xen.meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#xen.meta.longDescription --raw 2> /dev/null)"

     

       50
       47
        
          ```

     

       51
       48
        
       

     

       52
       52
       -
          Change the value of `xenToEvaluate` to evaluate all relevant Xen packages.

     

       53
       49
        
       1. Run `xtf --all --host` as root when booted into the Xen update, and make

     

       54
       54
       -
          sure no tests fail.

     

       50
       50
       +
          sure no important tests fail.

     

       55
       51
        
       1. Clean up your changes and commit them, making sure to follow the

     

       56
       52
        
          [Nixpkgs Contribution Guidelines](../../../../CONTRIBUTING.md).

     

       57
       53
        
       1. Open a PR and await a review from the current maintainers.

     

       58
       54
        
       

     

       59
       55
        
       ## Features

     

       60
       56
        
       

     

       61
       61
       -
       ### Pre-fetched Sources

     

       57
       57
       +
       ### Generic Builder

     

       62
       58
        
       

     

       63
       63
       -
       On a typical Xen build, the Xen Makefiles will fetch more required sources with

     

       64
       64
       -
       `git` and `wget`. Due to the Nix Sandbox, build-time fetching will fail, so we

     

       65
       65
       -
       pre-fetch the required sources before building.[^1] To accomplish this, we have

     

       66
       66
       -
       a `prefetchedSources` attribute that contains the required derivations, if they

     

       67
       67
       -
       are requested by the main Xen build.

     

       59
       59
       +
       `buildXenPackage` is a helpful utility capable of building Xen when passed

     

       60
       60
       +
       certain attributes. The `package.nix` file on this directory includes all

     

       61
       61
       +
       important attributes for building a Xen package with Nix. Downstreams can

     

       62
       62
       +
       pin their Xen revision or include extra patches if the default Xen package

     

       63
       63
       +
       does not meet their needs.

     

       68
       64
        
       

     

       69
       65
        
       ### EFI

     

       70
       66
        
       

     

       71
       67
        
       Building `xen.efi` requires an `ld` with PE support.[^2]

     

       72
       68
        
       

     

       73
       69
        
       We use a `makeFlag` to override the `$LD` environment variable to point to our

     

       74
       74
       -
       patched `efiBinutils`. For more information, see the comment in `./generic/default.nix`.

     

       70
       70
       +
       patched `efiBinutils`. For more information, see the comment in `pkgs/build-support/xen/default.nix`.

     

       75
       71
        
       

     

       76
       72
        
       > [!TIP]

     

       77
       73
        
       > If you are certain you will not be running Xen in an x86 EFI environment, disable

     

       78
       74
        
       the `withEFI` flag with an [override](https://nixos.org/manual/nixpkgs/stable/#chap-overrides)

     

       79
       75
        
       to save you the need to compile `efiBinutils`.

     

       80
       76
        
       

     

       81
       81
       -
       ### Default Overrides

     

       82
       82
       -
       

     

       83
       83
       -
       By default, Xen also builds

     

       84
       84
       -
       [QEMU](https://www.qemu.org/),

     

       85
       85
       -
       [SeaBIOS](https://www.seabios.org/SeaBIOS),

     

       86
       86
       -
       [OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) and

     

       87
       87
       -
       [iPXE](https://ipxe.org/).

     

       88
       88
       -
       

     

       89
       89
       -
       - QEMU is used for stubdomains and handling devices.

     

       90
       90
       -
       - SeaBIOS is the default legacy BIOS ROM for HVM domains.

     

       91
       91
       -
       - OVMF is the default UEFI ROM for HVM domains.

     

       92
       92
       -
       - iPXE provides a PXE boot environment for HVMs.

     

       93
       93
       -
       

     

       94
       94
       -
       However, those packages are already available on Nixpkgs, and Xen does not

     

       95
       95
       -
       necessarily need to build them into the main hypervisor build. For this reason,

     

       96
       96
       -
       we also have the `withInternal<Component>` flags, which enables and disables

     

       97
       97
       -
       building those built-in components. The two most popular Xen configurations will

     

       98
       98
       -
       be the default build, with all built-in components, and a `slim` build, with none

     

       99
       99
       -
       of those components. To simplify this process, the `./packages.nix` file includes

     

       100
       100
       -
       the `xen-slim` package overrides that have all `withInternal<Component>` flags

     

       101
       101
       -
       disabled. See the `meta.longDescription` attribute for the `xen-slim` packages

     

       102
       102
       -
       for more information.

     

       103
       103
       -
       

     

       104
       77
        
       ## Security

     

       105
       78
        
       

     

       106
       106
       -
       We aim to support all **security-supported** versions of Xen at any given time.

     

       79
       79
       +
       We aim to support the **latest** version of Xen at any given time.

     

       107
       80
        
       See the [Xen Support Matrix](https://xenbits.xen.org/docs/unstable/support-matrix.html)

     

       108
       108
       -
       for a list of versions. As soon as a version is no longer **security-supported**,

     

       109
       109
       -
       it should be removed from Nixpkgs.

     

       81
       81
       +
       for a list of versions. As soon as a version is no longer the newest, it should

     

       82
       82
       +
       be removed from Nixpkgs (`master`). If you need earlier versions of Xen, consider

     

       83
       83
       +
       building your own Xen by following the instructions in the **Generic Builder**

     

       84
       84
       +
       section.

     

       110
       85
        
       

     

       111
       86
        
       > [!CAUTION]

     

       112
       87
        
       > Pull requests that introduce XSA patches

-71

pkgs/applications/virtualization/xen/packages.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         python3Packages,

     

       3
       3
       -
         python311Packages,

     

       4
       4
       -
         callPackage,

     

       5
       5
       -
       }:

     

       6
       6
       -
       let

     

       7
       7
       -
         standard = {

     

       8
       8
       -
           # Broken with python 3.12+ when using internal QEMU due to https://github.com/NixOS/nixpkgs/issues/253751

     

       9
       9
       -
           python3Packages = python311Packages;

     

       10
       10
       -
           meta = {

     

       11
       11
       -
             description = "Standard";

     

       12
       12
       -
             longDescription = ''

     

       13
       13
       -
               Standard version of the Xen Project Hypervisor. Uses forks of QEMU, SeaBIOS,

     

       14
       14
       -
               OVMF and iPXE provided by the Xen Project. This provides the vanilla Xen

     

       15
       15
       -
               experience, but wastes space and build time. A typical NixOS setup that runs

     

       16
       16
       -
               lots of VMs will usually need to build two different versions of QEMU when using

     

       17
       17
       -
               this Xen derivation (one fork and upstream).

     

       18
       18
       -
             '';

     

       19
       19
       -
           };

     

       20
       20
       -
         };

     

       21
       21
       -
         slim = {

     

       22
       22
       -
           inherit python3Packages;

     

       23
       23
       -
           meta = {

     

       24
       24
       -
             description = "Without Internal Components";

     

       25
       25
       -
             longDescription = ''

     

       26
       26
       -
               Slimmed-down version of the Xen Project Hypervisor that reuses nixpkgs packages

     

       27
       27
       -
               as much as possible. Instead of using the Xen Project forks for various internal

     

       28
       28
       -
               components, this version uses `seabios`, `ovmf` and `ipxe` from Nixpkgs. These

     

       29
       29
       -
               components may ocasionally get out of sync with the hypervisor itself, but this

     

       30
       30
       -
               builds faster and uses less space than the default derivation.

     

       31
       31
       -
             '';

     

       32
       32
       -
           };

     

       33
       33
       -
         };

     

       34
       34
       -
       in

     

       35
       35
       -
       # TODO: generalise this to automatically generate both Xen variants for each ./<version>/default.nix.

     

       36
       36
       -
       rec {

     

       37
       37
       -
         xen_4_19 = callPackage ./4.19/default.nix {

     

       38
       38
       -
           inherit (standard) meta python3Packages;

     

       39
       39
       -
         };

     

       40
       40
       -
         xen_4_19-slim = xen_4_19.override {

     

       41
       41
       -
           withInternalQEMU = false;

     

       42
       42
       -
           withInternalSeaBIOS = false;

     

       43
       43
       -
           withInternalOVMF = false;

     

       44
       44
       -
           withInternalIPXE = false;

     

       45
       45
       -
           inherit (slim) meta python3Packages;

     

       46
       46
       -
         };

     

       47
       47
       -
       

     

       48
       48
       -
         xen_4_18 = callPackage ./4.18/default.nix {

     

       49
       49
       -
           inherit (standard) meta python3Packages;

     

       50
       50
       -
         };

     

       51
       51
       -
         xen_4_18-slim = xen_4_18.override {

     

       52
       52
       -
           withInternalQEMU = false;

     

       53
       53
       -
           withInternalSeaBIOS = false;

     

       54
       54
       -
           withInternalOVMF = false;

     

       55
       55
       -
           withInternalIPXE = false;

     

       56
       56
       -
           inherit (slim) meta python3Packages;

     

       57
       57
       -
         };

     

       58
       58
       -
       

     

       59
       59
       -
         xen_4_17 = callPackage ./4.17/default.nix {

     

       60
       60
       -
           inherit (standard) meta python3Packages;

     

       61
       61
       -
         };

     

       62
       62
       -
         xen_4_17-slim = xen_4_17.override {

     

       63
       63
       -
           withInternalQEMU = false;

     

       64
       64
       -
           withInternalSeaBIOS = false;

     

       65
       65
       -
           withInternalOVMF = false;

     

       66
       66
       -
           withInternalIPXE = false;

     

       67
       67
       -
           inherit (slim) meta;

     

       68
       68
       -
           # Broken with python 3.12+ due to distutils missing.

     

       69
       69
       -
           python3Packages = python311Packages;

     

       70
       70
       -
         };

     

       71
       71
       -
       }

+11

pkgs/by-name/xe/xen/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         buildXenPackage,

     

       3
       3
       +
         python3Packages,

     

       4
       4
       +
       }:

     

       5
       5
       +
       

     

       6
       6
       +
       buildXenPackage.override { inherit python3Packages; } {

     

       7
       7
       +
         pname = "xen";

     

       8
       8
       +
         version = "4.19.0";

     

       9
       9
       +
         rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";

     

       10
       10
       +
         hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";

     

       11
       11
       +
       }

+2 -7

pkgs/top-level/all-packages.nix

···

       26413
       26413
        
           glusterfsSupport = lib.meta.availableOn stdenv.hostPlatform glusterfs && lib.meta.availableOn stdenv.hostPlatform libuuid;

     

       26414
       26414
        
         });

     

       26415
       26415
        
       

     

       26416
       26416
       -
         # See `xenPackages` source for explanations.

     

       26417
       26416
        
         # Building with `xen` instead of `xen-slim` is possible, but makes no sense.

     

       26418
       26418
       -
         qemu_xen_4_19 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_19-slim; });

     

       26419
       26419
       -
         qemu_xen_4_18 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_18-slim; });

     

       26417
       26417
       +
         qemu_xen_4_19 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xen_4_19-slim; });

     

       26418
       26418
       +
         qemu_xen_4_18 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xen_4_18-slim; });

     

       26420
       26419
        
         qemu_xen = qemu_xen_4_19;

     

       26421
       26420
        
       

     

       26422
       26421
        
         qemu_test = lowPrio (qemu.override { hostCpuOnly = true; nixosTestRunner = true; });

     
···

       33848
       33847
        
       

     

       33849
       33848
        
         xdotool = callPackage ../tools/X11/xdotool { };

     

       33850
       33849
        
       

     

       33851
       33851
       -
         xenPackages = recurseIntoAttrs (callPackage ../applications/virtualization/xen/packages.nix {});

     

       33852
       33852
       -
       

     

       33853
       33853
       -
         xen = xenPackages.xen_4_19;

     

       33854
       33854
       -
         xen-slim = xenPackages.xen_4_19-slim;

     

       33855
       33850
        
         buildXenPackage = callPackage ../build-support/xen { };

     

       33856
       33851
        
       

     

       33857
       33852
        
         xkbset = callPackage ../tools/X11/xkbset { };