From 90235f0ad8acf0d446ec14d7f3bb09f3c01d5bb8 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 11 Sep 2021 14:26:03 +0000 Subject: [PATCH 01/18] brave: 1.29.77 -> 1.29.79 --- pkgs/applications/networking/browsers/brave/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/brave/default.nix b/pkgs/applications/networking/browsers/brave/default.nix index f15abbd0d003..59ecbc304f50 100644 --- a/pkgs/applications/networking/browsers/brave/default.nix +++ b/pkgs/applications/networking/browsers/brave/default.nix @@ -90,11 +90,11 @@ in stdenv.mkDerivation rec { pname = "brave"; - version = "1.29.77"; + version = "1.29.79"; src = fetchurl { url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb"; - sha256 = "LJykdig44ACpvlaGogbwrbY9hCJT3CB4ZKDZ/IzaBOU="; + sha256 = "7GJfnq2PWO4Bks4jb3DOQhKShrALP2hdMl5up4FYsnU="; }; dontConfigure = true; From c1fd51f490c418203087239eac1d69b04cf4ec3e Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:45:04 +0200 Subject: [PATCH 02/18] nixos/qemu: fix several shellcheck issues - Fix shell quoting issues - Fix unsafe cd in run-machine-vm script --- nixos/lib/qemu-flags.nix | 2 +- nixos/modules/virtualisation/qemu-vm.nix | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/nixos/lib/qemu-flags.nix b/nixos/lib/qemu-flags.nix index f786745ba324..5f96391d2af8 100644 --- a/nixos/lib/qemu-flags.nix +++ b/nixos/lib/qemu-flags.nix @@ -14,7 +14,7 @@ rec { qemuNICFlags = nic: net: machine: [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}" - "-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}" + ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"'' ]; qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index b51c29f83d6d..4bd7403ed3c5 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -108,7 +108,7 @@ let '' #! ${pkgs.runtimeShell} - NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) + NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}") if ! test -e "$NIX_DISK_IMAGE"; then ${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ @@ -121,14 +121,14 @@ let fi # Create a directory for exchanging data with the VM. - mkdir -p $TMPDIR/xchg + mkdir -p "$TMPDIR/xchg" ${if cfg.useBootLoader then '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. - ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img $TMPDIR/disk.img || exit 1 + ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 - NIX_EFI_VARS=$(readlink -f ''${NIX_EFI_VARS:-${cfg.efiVars}}) + NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") ${if cfg.useEFIBoot then '' # VM needs writable EFI vars @@ -139,7 +139,8 @@ let '' else ""} '' else ""} - cd $TMPDIR + cd "$TMPDIR" || exit 1 + idx=0 ${flip concatMapStrings cfg.emptyDiskImages (size: '' if ! test -e "empty$idx.qcow2"; then @@ -646,7 +647,7 @@ in virtualisation.qemu.drives = mkMerge [ [{ name = "root"; - file = "$NIX_DISK_IMAGE"; + file = ''"$NIX_DISK_IMAGE"''; driveExtraOpts.cache = "writeback"; driveExtraOpts.werror = "report"; }] @@ -655,7 +656,7 @@ in # note [Disk layout with `useBootLoader`]. { name = "boot"; - file = "$TMPDIR/disk.img"; + file = ''"$TMPDIR"/disk.img''; driveExtraOpts.media = "disk"; deviceExtraOpts.bootindex = "1"; } From 65e83389efd983bbfc9b0408c4502d4b48a4b4c6 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:48:52 +0200 Subject: [PATCH 03/18] nixos/qemu: fix deprecation warning --- nixos/modules/virtualisation/qemu-vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 4bd7403ed3c5..3802543bdf5c 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -126,7 +126,7 @@ let ${if cfg.useBootLoader then '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. - ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 + ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") From 2af5413cc6cd7d2384854185848765ac1a0e21f9 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:55:53 +0200 Subject: [PATCH 04/18] nixos/qemu: set a reasonable msize by default --- nixos/modules/virtualisation/qemu-vm.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 3802543bdf5c..447bd29e49a8 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -280,11 +280,11 @@ in virtualisation.msize = mkOption { - default = null; - type = types.nullOr types.ints.unsigned; + type = types.ints.positive; + default = 16384; description = '' - msize (maximum packet size) option passed to 9p file systems, in + The msize (maximum packet size) option passed to 9p file systems, in bytes. Increasing this should increase performance significantly, at the cost of higher RAM usage. ''; From f1f434c4f777c7c7202965e1c3b82724fdce5787 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:58:33 +0200 Subject: [PATCH 05/18] nixos/qemu: cleaner formatting of the run-machine-vm script --- nixos/modules/virtualisation/qemu-vm.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 447bd29e49a8..255e23204dcb 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -75,7 +75,7 @@ let in "-drive ${driveOpts} ${device}"; - drivesCmdLine = drives: concatStringsSep " " (imap1 driveCmdline drives); + drivesCmdLine = drives: concatStringsSep "\\\n " (imap1 driveCmdline drives); # Creates a device name from a 1-based a numerical index, e.g. @@ -123,25 +123,27 @@ let # Create a directory for exchanging data with the VM. mkdir -p "$TMPDIR/xchg" - ${if cfg.useBootLoader then '' + ${lib.optionalString cfg.useBootLoader + '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") - ${if cfg.useEFIBoot then '' + ${lib.optionalString cfg.useEFIBoot + '' # VM needs writable EFI vars if ! test -e "$NIX_EFI_VARS"; then cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1 chmod 0644 "$NIX_EFI_VARS" || exit 1 fi - '' else ""} - '' else ""} + ''} + ''} cd "$TMPDIR" || exit 1 - idx=0 + ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} ${flip concatMapStrings cfg.emptyDiskImages (size: '' if ! test -e "empty$idx.qcow2"; then ${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" @@ -160,7 +162,7 @@ let -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ ${drivesCmdLine config.virtualisation.qemu.drives} \ - ${toString config.virtualisation.qemu.options} \ + ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ $QEMU_OPTS \ "$@" ''; @@ -456,7 +458,7 @@ in type = types.listOf types.str; description = '' Networking-related command-line options that should be passed to qemu. - The default is to use userspace networking (slirp). + The default is to use userspace networking (SLiRP). If you override this option, be advised to keep ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default) From 30f0faac22b6d8a6c6b308a0aa44ee672f2827eb Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:09:18 +0200 Subject: [PATCH 06/18] nixos/qemu: add types to all options --- nixos/lib/build-vms.nix | 2 +- nixos/modules/virtualisation/qemu-vm.nix | 30 +++++++++++++++++------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix index f0a58628c68a..b009108e43f9 100644 --- a/nixos/lib/build-vms.nix +++ b/nixos/lib/build-vms.nix @@ -93,7 +93,7 @@ rec { "${config.networking.hostName}\n")); virtualisation.qemu.options = - forEach interfacesNumbered + flip concatMap interfacesNumbered ({ fst, snd }: qemuNICFlags snd fst m.snd); }; } diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 255e23204dcb..503c146dbbde 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -273,10 +273,11 @@ in virtualisation.memorySize = mkOption { + type = types.ints.positive; default = 384; description = '' - Memory size (M) of virtual machine. + The memory size in megabytes of the virtual machine. ''; }; @@ -294,15 +295,17 @@ in virtualisation.diskSize = mkOption { + type = types.nullOr types.ints.positive; default = 512; description = '' - Disk size (M) of virtual machine. + The disk size in megabytes of the virtual machine. ''; }; virtualisation.diskImage = mkOption { + type = types.str; default = "./${config.system.name}.qcow2"; description = '' @@ -314,7 +317,7 @@ in virtualisation.bootDevice = mkOption { - type = types.str; + type = types.path; example = "/dev/vda"; description = '' @@ -324,8 +327,8 @@ in virtualisation.emptyDiskImages = mkOption { + type = types.listOf types.ints.positive; default = []; - type = types.listOf types.int; description = '' Additional disk images to provide to the VM. The value is @@ -336,6 +339,7 @@ in virtualisation.graphics = mkOption { + type = types.bool; default = true; description = '' @@ -347,8 +351,8 @@ in virtualisation.cores = mkOption { + type = types.ints.positive; default = 1; - type = types.int; description = '' Specify the number of cores the guest is permitted to use. @@ -359,6 +363,7 @@ in virtualisation.pathsInNixDB = mkOption { + type = types.listOf types.path; default = []; description = '' @@ -372,6 +377,7 @@ in virtualisation.vlans = mkOption { + type = types.listOf types.ints.unsigned; default = [ 1 ]; example = [ 1 2 ]; description = @@ -389,6 +395,7 @@ in virtualisation.writableStore = mkOption { + type = types.bool; default = true; # FIXME description = '' @@ -400,6 +407,7 @@ in virtualisation.writableStoreUseTmpfs = mkOption { + type = types.bool; default = true; description = '' @@ -410,6 +418,7 @@ in networking.primaryIPAddress = mkOption { + type = types.str; default = ""; internal = true; description = "Primary IP address used in /etc/hosts."; @@ -426,7 +435,7 @@ in options = mkOption { - type = types.listOf types.unspecified; + type = types.listOf types.str; default = []; example = [ "-vga std" ]; description = "Options passed to QEMU."; @@ -475,16 +484,16 @@ in diskInterface = mkOption { + type = types.enum [ "virtio" "scsi" "ide" ]; default = "virtio"; example = "scsi"; - type = types.enum [ "virtio" "scsi" "ide" ]; description = "The interface used for the virtual hard disks."; }; guestAgent.enable = mkOption { - default = true; type = types.bool; + default = true; description = '' Enable the Qemu guest agent. ''; @@ -493,6 +502,7 @@ in virtualisation.useBootLoader = mkOption { + type = types.bool; default = false; description = '' @@ -507,6 +517,7 @@ in virtualisation.useEFIBoot = mkOption { + type = types.bool; default = false; description = '' @@ -518,6 +529,7 @@ in virtualisation.efiVars = mkOption { + type = types.str; default = "./${config.system.name}-efi-vars.fd"; description = '' @@ -528,8 +540,8 @@ in virtualisation.bios = mkOption { - default = null; type = types.nullOr types.package; + default = null; description = '' An alternate BIOS (such as qboot) with which to start the VM. From ec6c604b6ece1e43d98ae9df161980259f08acf1 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:17:15 +0200 Subject: [PATCH 07/18] nixos/qemu: make shared directories configurable --- nixos/modules/virtualisation/qemu-vm.nix | 89 ++++++++++++++++-------- 1 file changed, 60 insertions(+), 29 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 503c146dbbde..481c4f974cce 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -158,9 +158,10 @@ let -smp ${toString config.virtualisation.cores} \ -device virtio-rng-pci \ ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ - -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ - -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ - -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ + ${concatStringsSep " \\\n " + (mapAttrsToList + (tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}") + config.virtualisation.sharedDirectories)} \ ${drivesCmdLine config.virtualisation.qemu.drives} \ ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ $QEMU_OPTS \ @@ -361,6 +362,31 @@ in ''; }; + virtualisation.sharedDirectories = + mkOption { + type = types.attrsOf + (types.submodule { + options.source = mkOption { + type = types.str; + description = "The path of the directory to share, can be a shell variable"; + }; + options.target = mkOption { + type = types.path; + description = "The mount point of the directory inside the virtual machine"; + }; + }); + default = { }; + example = { + my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; }; + }; + description = + '' + An attributes set of directories that will be shared with the + virtual machine using VirtFS (9P filesystem over VirtIO). + The attribute name will be used as the 9P mount tag. + ''; + }; + virtualisation.pathsInNixDB = mkOption { type = types.listOf types.path; @@ -633,6 +659,12 @@ in virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; + virtualisation.sharedDirectories = { + nix-store = { source = "/nix/store"; target = "/nix/store"; }; + xchg = { source = ''"$TMPDIR"/xchg''; target = "/tmp/xchg"; }; + shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; }; + }; + # FIXME: Consolidate this one day. virtualisation.qemu.options = mkMerge [ (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ @@ -687,15 +719,26 @@ in # configuration, where the regular value for the `fileSystems' # attribute should be disregarded for the purpose of building a VM # test image (since those filesystems don't exist in the VM). - fileSystems = mkVMOverride ( - cfg.fileSystems // - { "/".device = cfg.bootDevice; - ${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} = - { device = "store"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; + fileSystems = + let + mkSharedDir = tag: share: + { + name = + if tag == "nix-store" && cfg.writableStore + then "/nix/.ro-store" + else share.target; + value.device = tag; + value.fsType = "9p"; + value.neededForBoot = true; + value.options = + [ "trans=virtio" "version=9p2000.L" "msize=${toString cfg.msize}" ] + ++ lib.optional (tag == "nix-store") "cache=loose"; + }; + in + mkVMOverride (cfg.fileSystems // + { + "/".device = cfg.bootDevice; + "/tmp" = mkIf config.boot.tmpOnTmpfs { device = "tmpfs"; fsType = "tmpfs"; @@ -703,32 +746,20 @@ in # Sync with systemd's tmp.mount; options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ]; }; - "/tmp/xchg" = - { device = "xchg"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; - "/tmp/shared" = - { device = "shared"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; - } // optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs) - { "/nix/.rw-store" = + + "/nix/.rw-store" = mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs) { fsType = "tmpfs"; options = [ "mode=0755" ]; neededForBoot = true; }; - } // optionalAttrs cfg.useBootLoader - { "/boot" = + + "/boot" = mkIf cfg.useBootLoader # see note [Disk layout with `useBootLoader`] { device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk` fsType = "vfat"; noCheck = true; # fsck fails on a r/o filesystem }; - }); + } // lib.mapAttrs' mkSharedDir cfg.sharedDirectories); swapDevices = mkVMOverride [ ]; boot.initrd.luks.devices = mkVMOverride {}; From 44d95b773b0998d5db577c7a856b4d8af2aeec19 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:18:21 +0200 Subject: [PATCH 08/18] nixos/qemu: make display resolution configurable --- nixos/modules/virtualisation/qemu-vm.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 481c4f974cce..bf65c7f3d898 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -350,6 +350,16 @@ in ''; }; + virtualisation.resolution = + mkOption { + type = options.services.xserver.resolutions.type.nestedTypes.elemType; + default = { x = 1024; y = 768; }; + description = + '' + The resolution of the virtual machine display. + ''; + }; + virtualisation.cores = mkOption { type = types.ints.positive; @@ -601,6 +611,7 @@ in then driveDeviceName 2 # second disk else cfg.bootDevice ); + boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}"; boot.initrd.extraUtilsCommands = '' @@ -780,7 +791,7 @@ in # video driver the host uses. services.xserver.videoDrivers = mkVMOverride [ "modesetting" ]; services.xserver.defaultDepth = mkVMOverride 0; - services.xserver.resolutions = mkVMOverride [ { x = 1024; y = 768; } ]; + services.xserver.resolutions = mkVMOverride [ cfg.resolution ]; services.xserver.monitorSection = '' # Set a higher refresh rate so that resolutions > 800x600 work. From b8bfc81d5b2d88b734a311f712fc0ba2b267f9e0 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:24:29 +0200 Subject: [PATCH 09/18] nixos/qemu: add option to forward ports --- nixos/modules/virtualisation/qemu-vm.nix | 117 +++++++++++++++++++++-- 1 file changed, 111 insertions(+), 6 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index bf65c7f3d898..9a26e328e4dc 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -411,6 +411,75 @@ in ''; }; + virtualisation.forwardPorts = mkOption { + type = types.listOf + (types.submodule { + options.from = mkOption { + type = types.enum [ "host" "guest" ]; + default = "host"; + description = + '' + Controls the direction in which the ports are mapped: + + - "host" means traffic from the host ports + is forwarded to the given guest port. + + - "guest" means traffic from the guest ports + is forwarded to the given host port. + ''; + }; + options.proto = mkOption { + type = types.enum [ "tcp" "udp" ]; + default = "tcp"; + description = "The protocol to forward."; + }; + options.host.address = mkOption { + type = types.str; + default = ""; + description = "The IPv4 address of the host."; + }; + options.host.port = mkOption { + type = types.port; + description = "The host port to be mapped."; + }; + options.guest.address = mkOption { + type = types.str; + default = ""; + description = "The IPv4 address on the guest VLAN."; + }; + options.guest.port = mkOption { + type = types.port; + description = "The guest port to be mapped."; + }; + }); + default = []; + example = lib.literalExample + '' + [ # forward local port 2222 -> 22, to ssh into the VM + { from = "host"; host.port = 2222; guest.port = 22; } + + # forward local port 80 -> 10.0.2.10:80 in the VLAN + { from = "guest"; + guest.address = "10.0.2.10"; guest.port = 80; + host.address = "127.0.0.1"; host.port = 80; + } + ] + ''; + description = + '' + When using the SLiRP user networking (default), this option allows to + forward ports to/from the host/guest. + + + If the NixOS firewall on the virtual machine is enabled, you also + have to open the guest ports to enable the traffic between host and + guest. + + + Currently QEMU supports only IPv4 forwarding. + ''; + }; + virtualisation.vlans = mkOption { type = types.listOf types.ints.unsigned; @@ -480,7 +549,7 @@ in consoles = mkOption { type = types.listOf types.str; default = let - consoles = [ "${qemuSerialDevice},115200n8" "tty0" ]; + consoles = [ "${qemu-flags.qemuSerialDevice},115200n8" "tty0" ]; in if cfg.graphics then consoles else reverseList consoles; example = [ "console=tty1" ]; description = '' @@ -496,17 +565,18 @@ in networkingOptions = mkOption { - default = [ - "-net nic,netdev=user.0,model=virtio" - "-netdev user,id=user.0\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" - ]; type = types.listOf types.str; + default = [ ]; + example = [ + "-net nic,netdev=user.0,model=virtio" + "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" + ]; description = '' Networking-related command-line options that should be passed to qemu. The default is to use userspace networking (SLiRP). If you override this option, be advised to keep - ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default) + ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example) to keep the default runtime behaviour. ''; }; @@ -590,6 +660,25 @@ in config = { + assertions = + lib.concatLists (lib.flip lib.imap cfg.forwardPorts (i: rule: + [ + { assertion = rule.from == "guest" -> rule.proto == "tcp"; + message = + '' + Invalid virtualisation.forwardPorts..proto: + Guest forwarding supports only TCP connections. + ''; + } + { assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address; + message = + '' + Invalid virtualisation.forwardPorts..guest.address: + The address must be in the default VLAN (10.0.2.0/24). + ''; + } + ])); + # Note [Disk layout with `useBootLoader`] # # If `useBootLoader = true`, we configure 2 drives: @@ -676,6 +765,22 @@ in shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; }; }; + virtualisation.qemu.networkingOptions = + let + forwardingOptions = flip concatMapStrings cfg.forwardPorts + ({ proto, from, host, guest }: + if from == "host" + then "hostfwd=${proto}:${host.address}:${toString host.port}-" + + "${guest.address}:${toString guest.port}," + else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" + + "cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}'," + ); + in + [ + "-net nic,netdev=user.0,model=virtio" + "-netdev user,id=user.0,${forwardingOptions}\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" + ]; + # FIXME: Consolidate this one day. virtualisation.qemu.options = mkMerge [ (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ From b29c2f97c37f7cb4a1b3411ff9888a49873597d2 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:46:46 +0200 Subject: [PATCH 10/18] nixos/lib/qemu-flags: rename to qemu-common The current name is misleading: it doesn't contain cli arguments, but several constants and utility functions related to qemu. This commit also removes the use of `with import ...` for clarity. --- nixos/lib/build-vms.nix | 10 +++++----- nixos/lib/{qemu-flags.nix => qemu-common.nix} | 8 ++++---- nixos/lib/testing-python.nix | 3 +-- nixos/modules/testing/test-instrumentation.nix | 17 ++++++++++------- nixos/modules/virtualisation/qemu-vm.nix | 6 +++--- nixos/tests/networking.nix | 4 ++-- pkgs/build-support/vm/default.nix | 8 ++++---- 7 files changed, 29 insertions(+), 27 deletions(-) rename nixos/lib/{qemu-flags.nix => qemu-common.nix} (89%) diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix index b009108e43f9..0f0bdb4a86cb 100644 --- a/nixos/lib/build-vms.nix +++ b/nixos/lib/build-vms.nix @@ -4,15 +4,14 @@ , # Ignored config ? null , # Nixpkgs, for qemu, lib and more - pkgs + pkgs, lib , # !!! See comment about args in lib/modules.nix specialArgs ? {} , # NixOS configuration to add to the VMs extraConfigurations ? [] }: -with pkgs.lib; -with import ../lib/qemu-flags.nix { inherit pkgs; }; +with lib; rec { @@ -93,8 +92,9 @@ rec { "${config.networking.hostName}\n")); virtualisation.qemu.options = - flip concatMap interfacesNumbered - ({ fst, snd }: qemuNICFlags snd fst m.snd); + let qemu-common = import ../lib/qemu-common.nix { inherit lib pkgs; }; + in flip concatMap interfacesNumbered + ({ fst, snd }: qemu-common.qemuNICFlags snd fst m.snd); }; } ) diff --git a/nixos/lib/qemu-flags.nix b/nixos/lib/qemu-common.nix similarity index 89% rename from nixos/lib/qemu-flags.nix rename to nixos/lib/qemu-common.nix index 5f96391d2af8..84f9060acd63 100644 --- a/nixos/lib/qemu-flags.nix +++ b/nixos/lib/qemu-common.nix @@ -1,12 +1,12 @@ -# QEMU flags shared between various Nix expressions. -{ pkgs }: +# QEMU-related utilities shared between various Nix expressions. +{ lib, pkgs }: let zeroPad = n: - pkgs.lib.optionalString (n < 16) "0" + + lib.optionalString (n < 16) "0" + (if n > 255 then throw "Can't have more than 255 nets or nodes!" - else pkgs.lib.toHexString n); + else lib.toHexString n); in rec { diff --git a/nixos/lib/testing-python.nix b/nixos/lib/testing-python.nix index 7c8c64211f18..a1c3624d1499 100644 --- a/nixos/lib/testing-python.nix +++ b/nixos/lib/testing-python.nix @@ -217,7 +217,7 @@ rec { nodes = qemu_pkg: let build-vms = import ./build-vms.nix { - inherit system pkgs minimal specialArgs; + inherit system lib pkgs minimal specialArgs; extraConfigurations = extraConfigurations ++ [( { virtualisation.qemu.package = qemu_pkg; @@ -257,7 +257,6 @@ rec { inherit test driver driverInteractive nodes; }; - abortForFunction = functionName: abort ''The ${functionName} function was removed because it is not an essential part of the NixOS testing infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index be5fa88b8ade..a7011be7e042 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -4,7 +4,10 @@ { options, config, lib, pkgs, ... }: with lib; -with import ../../lib/qemu-flags.nix { inherit pkgs; }; + +let + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; +in { @@ -12,8 +15,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; systemd.services.backdoor = { wantedBy = [ "multi-user.target" ]; - requires = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; - after = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; + requires = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ]; + after = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ]; script = '' export USER=root @@ -30,7 +33,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; cd /tmp exec < /dev/hvc0 > /dev/hvc0 - while ! exec 2> /dev/${qemuSerialDevice}; do sleep 0.1; done + while ! exec 2> /dev/${qemu-common.qemuSerialDevice}; do sleep 0.1; done echo "connecting to host..." >&2 stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion echo @@ -42,7 +45,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # Prevent agetty from being instantiated on the serial device, since it # interferes with the backdoor (writes to it will randomly fail # with EIO). Likewise for hvc0. - systemd.services."serial-getty@${qemuSerialDevice}".enable = false; + systemd.services."serial-getty@${qemu-common.qemuSerialDevice}".enable = false; systemd.services."serial-getty@hvc0".enable = false; # Only set these settings when the options exist. Some tests (e.g. those @@ -57,7 +60,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # we avoid defining consoles if not possible. # TODO: refactor such that test-instrumentation can import qemu-vm # or declare virtualisation.qemu.console option in a module that's always imported - consoles = [ qemuSerialDevice ]; + consoles = [ qemu-common.qemuSerialDevice ]; package = lib.mkDefault pkgs.qemu_test; }; }; @@ -88,7 +91,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # Panic if an error occurs in stage 1 (rather than waiting for # user intervention). boot.kernelParams = - [ "console=${qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; + [ "console=${qemu-common.qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; # `xwininfo' is used by the test driver to query open windows. environment.systemPackages = [ pkgs.xorg.xwininfo ]; diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 9a26e328e4dc..f7b6b4eac39c 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -10,10 +10,10 @@ { config, lib, pkgs, options, ... }: with lib; -with import ../../lib/qemu-flags.nix { inherit pkgs; }; let + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; cfg = config.virtualisation; @@ -152,7 +152,7 @@ let '')} # Start QEMU. - exec ${qemuBinary qemu} \ + exec ${qemu-common.qemuBinary qemu} \ -name ${config.system.name} \ -m ${toString config.virtualisation.memorySize} \ -smp ${toString config.virtualisation.cores} \ @@ -549,7 +549,7 @@ in consoles = mkOption { type = types.listOf types.str; default = let - consoles = [ "${qemu-flags.qemuSerialDevice},115200n8" "tty0" ]; + consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ]; in if cfg.graphics then consoles else reverseList consoles; example = [ "console=tty1" ]; description = '' diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 22f7ca5a9b82..8b947ddf0cf4 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -8,7 +8,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let - qemu-flags = import ../lib/qemu-flags.nix { inherit pkgs; }; + qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; router = { config, pkgs, lib, ... }: with pkgs.lib; @@ -42,7 +42,7 @@ let machines = flip map vlanIfs (vlan: { hostName = "client${toString vlan}"; - ethernetAddress = qemu-flags.qemuNicMac vlan 1; + ethernetAddress = qemu-common.qemuNicMac vlan 1; ipAddress = "192.168.${toString vlan}.2"; } ); diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index 3a52d756571c..350f8780b527 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -9,9 +9,9 @@ }: with pkgs; -with import ../../../nixos/lib/qemu-flags.nix { inherit pkgs; }; rec { + qemu-common = import ../../../nixos/lib/qemu-common.nix { inherit lib pkgs; }; qemu = pkgs.qemu_kvm; @@ -192,13 +192,13 @@ rec { export PATH=/bin:/usr/bin:${coreutils}/bin echo "Starting interactive shell..." echo "(To run the original builder: \$origBuilder \$origArgs)" - exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemuSerialDevice} &> /dev/${qemuSerialDevice} + exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemu-common.qemuSerialDevice} &> /dev/${qemu-common.qemuSerialDevice} fi ''; qemuCommandLinux = '' - ${qemuBinary qemu} \ + ${qemu-common.qemuBinary qemu} \ -nographic -no-reboot \ -device virtio-rng-pci \ -virtfs local,path=${storeDir},security_model=none,mount_tag=store \ @@ -206,7 +206,7 @@ rec { ''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \ -kernel ${kernel}/${img} \ -initrd ${initrd}/initrd \ - -append "console=${qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \ + -append "console=${qemu-common.qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \ $QEMU_OPTS ''; From e4e5d4d8995a44514f5a279984f52259790886b7 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 15 Sep 2021 02:20:55 +0200 Subject: [PATCH 11/18] nixos/documentation: always show qemu-vm options --- nixos/modules/misc/documentation.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index 1d23b9b72442..ec6b2ad3b881 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -6,7 +6,11 @@ let cfg = config.documentation; - manualModules = baseModules ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); + manualModules = + baseModules + # Modules for which to show options even when not imported + ++ [ ../virtualisation/qemu-vm.nix ] + ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); /* For the purpose of generating docs, evaluate options with each derivation in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}". From bd3cb03c6f7993050fe21b787e6f6a8595204be2 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 15 Sep 2021 02:21:53 +0200 Subject: [PATCH 12/18] nixos/docs: document new qemu-vm features --- .../from_md/release-notes/rl-2111.section.xml | 34 +++++++++++++++++++ .../manual/release-notes/rl-2111.section.md | 8 +++++ 2 files changed, 42 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 165c83148e6a..19f852a6e374 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -1020,6 +1020,40 @@ Superuser created successfully. linuxPackages_latest) remain untouched. + + + In NixOS virtual machines (QEMU), the + virtualisation module has been updated with + new options to configure: + + + + + IPv4 port forwarding + (virtualisation.forwardPorts), + + + + + shared host directories + (virtualisation.sharedDirectories), + + + + + screen resolution + (virtualisation.resolution). + + + + + In addition, the default + msize + parameter in 9P filesystems (including /nix/store and all + shared directories) has been increased to 16K for improved + performance. + + The setting diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 8e7bdbb87440..5661d8cab31e 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -310,9 +310,17 @@ To be able to access the web UI this port needs to be opened in the firewall. ## Other Notable Changes {#sec-release-21.11-notable-changes} + - The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set. In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched. +- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options to configure: + - IPv4 port forwarding ([`virtualisation.forwardPorts`](options.html#opt-virtualisation.forwardPorts)), + - shared host directories ([`virtualisation.sharedDirectories`](options.html#opt-virtualisation.sharedDirectories)), + - screen resolution ([`virtualisation.resolution`](options.html#opt-virtualisation.resolution)). + + In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance. + - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs. From d3a174415c83f3d020ffc3d98d5827657c0e1cbb Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Mon, 27 Sep 2021 12:40:29 +0200 Subject: [PATCH 13/18] httpie: 2.4.0 -> 2.5.0 --- pkgs/tools/networking/httpie/default.nix | 97 ++++++++++-------------- 1 file changed, 38 insertions(+), 59 deletions(-) diff --git a/pkgs/tools/networking/httpie/default.nix b/pkgs/tools/networking/httpie/default.nix index a7ecabe8e627..e81706a34359 100644 --- a/pkgs/tools/networking/httpie/default.nix +++ b/pkgs/tools/networking/httpie/default.nix @@ -1,88 +1,67 @@ -{ lib, fetchFromGitHub, python3Packages, docutils }: +{ lib +, fetchFromGitHub +, installShellFiles +, python3Packages +, pandoc +}: python3Packages.buildPythonApplication rec { pname = "httpie"; - version = "2.4.0"; + version = "2.5.0"; src = fetchFromGitHub { owner = "httpie"; repo = "httpie"; rev = version; - sha256 = "00lafjqg9nfnak0nhcr2l2hzzkwn2y6qv0wdkm6r6f69snizy3hf"; + sha256 = "sha256-GwwZLXf9CH024gKfWsYPnr/oqQcxR/lQIToFRh59B+E="; }; - patches = [ - ./strip-venv.patch + nativeBuildInputs = [ + installShellFiles + pandoc ]; - outputs = [ "out" "doc" "man" ]; - - nativeBuildInputs = [ docutils ]; - - propagatedBuildInputs = with python3Packages; [ pygments requests requests-toolbelt setuptools ]; + propagatedBuildInputs = with python3Packages; [ + defusedxml + pygments + requests + requests-toolbelt + setuptools + ]; checkInputs = with python3Packages; [ mock pytest pytest-httpbin pytestCheckHook + responses ]; postInstall = '' # install completions - install -Dm555 \ - extras/httpie-completion.bash \ - $out/share/bash-completion/completions/http.bash - install -Dm555 \ - extras/httpie-completion.fish \ - $out/share/fish/vendor_completions.d/http.fish + installShellCompletion --bash \ + --name http.bash extras/httpie-completion.bash + installShellCompletion --fish \ + --name http.fish extras/httpie-completion.fish - mkdir -p $man/share/man/man1 - - docdir=$doc/share/doc/httpie - mkdir -p $docdir/html - - cp AUTHORS.rst CHANGELOG.rst CONTRIBUTING.rst $docdir - - # helpfully, the readme has a `no-web` class to exclude - # the parts that are not relevant for offline docs - - # this one build link was not marked however - sed -e 's/^|build|//g' -i README.rst - - toHtml() { - rst2html5 \ - --strip-elements-with-class=no-web \ - --title=http \ - --no-generator \ - --no-datestamp \ - --no-source-link \ - "$1" \ - "$2" - } - - toHtml README.rst $docdir/html/index.html - toHtml CHANGELOG.rst $docdir/html/CHANGELOG.html - toHtml CONTRIBUTING.rst $docdir/html/CONTRIBUTING.html - - rst2man \ - --strip-elements-with-class=no-web \ - --title=http \ - --no-generator \ - --no-datestamp \ - --no-source-link \ - README.rst \ - $man/share/man/man1/http.1 + # convert the docs/README.md file + pandoc --standalone -f markdown -t man docs/README.md -o docs/http.1 + installManPage docs/http.1 ''; - # the tests call rst2pseudoxml.py from docutils - preCheck = '' - export PATH=${docutils}/bin:$PATH - ''; + pytestFlagsArray = [ + "httpie" + "tests" + ]; - checkPhase = '' - py.test ./httpie ./tests --doctest-modules --verbose ./httpie ./tests -k 'not test_chunked and not test_verbose_chunked and not test_multipart_chunked and not test_request_body_from_file_by_path_chunked' - ''; + disabledTests = [ + "test_chunked" + "test_verbose_chunked" + "test_multipart_chunked" + "test_request_body_from_file_by_path_chunked" + ]; + + pythonImportsCheck = [ "httpie" ]; meta = with lib; { description = "A command line HTTP client whose goal is to make CLI human-friendly"; From 41afede67329d4879f6131d1058deaf023c36dc7 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 28 Sep 2021 13:02:58 +1000 Subject: [PATCH 14/18] crun: 1.0 -> 1.1 https://github.com/containers/crun/releases/tag/1.1 --- pkgs/applications/virtualization/crun/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/crun/default.nix b/pkgs/applications/virtualization/crun/default.nix index cc9d02681790..3175e00f4a9b 100644 --- a/pkgs/applications/virtualization/crun/default.nix +++ b/pkgs/applications/virtualization/crun/default.nix @@ -38,13 +38,13 @@ let in stdenv.mkDerivation rec { pname = "crun"; - version = "1.0"; + version = "1.1"; src = fetchFromGitHub { owner = "containers"; repo = pname; rev = version; - sha256 = "sha256-xpNwhNAbcTKkXl5i4L8aayMAx8O8SWdFlgHguHNiqqw="; + sha256 = "sha256-0UyxQ0eOsU3hIh7B56ClynjLFBIsBF+WTqOw4mSqulQ="; fetchSubmodules = true; }; From 6ae789833fa53325bb0df973d92138a7f6f1b0ef Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Tue, 28 Sep 2021 00:05:14 -0600 Subject: [PATCH 15/18] quill: 0.2.5 -> 0.2.7 --- pkgs/tools/security/quill/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/security/quill/default.nix b/pkgs/tools/security/quill/default.nix index 9f5465901b17..9cf0f2f0c09c 100644 --- a/pkgs/tools/security/quill/default.nix +++ b/pkgs/tools/security/quill/default.nix @@ -2,13 +2,13 @@ rustPlatform.buildRustPackage rec { pname = "quill"; - version = "0.2.5"; + version = "0.2.7"; src = fetchFromGitHub { owner = "dfinity"; repo = "quill"; rev = "v${version}"; - sha256 = "sha256-lvINDtOG2mmz0ESxL11DQVZh3IcEiZYYMu5oN5Q9WKA="; + sha256 = "sha256-3OlsCRpxRDKlfC0sa9MlFCupyRbDuqJQzDb9SQob1O0="; }; ic = fetchFromGitHub { @@ -30,7 +30,7 @@ rustPlatform.buildRustPackage rec { export OPENSSL_LIB_DIR=${openssl.out}/lib ''; - cargoSha256 = "sha256-F2RMfHVFqCq9cb+9bjPWaRcQWKYIwwffWCssoQ6sSdU="; + cargoSha256 = "sha256-YxuBABGaZ+ti31seEYR6bB+OMgrSvl1lZyu4bqdxPIk="; nativeBuildInputs = [ pkg-config protobuf ]; buildInputs = [ openssl ] From 786e36dcd274bbb636aced4de9a091e49e29b691 Mon Sep 17 00:00:00 2001 From: Johannes Schleifenbaum Date: Tue, 28 Sep 2021 08:32:44 +0200 Subject: [PATCH 16/18] dnsviz: 0.9.3 -> 0.9.4 --- pkgs/tools/networking/dnsviz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/dnsviz/default.nix b/pkgs/tools/networking/dnsviz/default.nix index ba31aba8d6c2..aebf7e3cd14f 100644 --- a/pkgs/tools/networking/dnsviz/default.nix +++ b/pkgs/tools/networking/dnsviz/default.nix @@ -8,13 +8,13 @@ buildPythonApplication rec { pname = "dnsviz"; - version = "0.9.3"; + version = "0.9.4"; src = fetchFromGitHub { owner = "dnsviz"; repo = "dnsviz"; rev = "v${version}"; - sha256 = "sha256-QsTYpNaAJiIRUrr2JYjXWOKFihENhAccvmB/DRhX1PA="; + sha256 = "sha256-x6LdPVQFfsJIuKde1+LbFKz5bBEi+Mri9sVH0nGsbCU="; }; patches = [ From b0815e9825ded6cccabe0a93c95b8ec646ddf155 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Tue, 28 Sep 2021 21:25:36 +0200 Subject: [PATCH 17/18] privoxy: switch to openssl mbedtls lacks a number of features (like TLS 1.3 and fragmented handshakes) that makes everyday browsing a bit unpractical. --- pkgs/tools/networking/privoxy/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/networking/privoxy/default.nix b/pkgs/tools/networking/privoxy/default.nix index 9fce8d7a5f41..9fc159d810c1 100644 --- a/pkgs/tools/networking/privoxy/default.nix +++ b/pkgs/tools/networking/privoxy/default.nix @@ -2,7 +2,7 @@ , nixosTests , fetchurl, autoreconfHook , zlib, pcre, w3m, man -, mbedtls, brotli +, openssl, brotli }: stdenv.mkDerivation rec { @@ -18,11 +18,11 @@ stdenv.mkDerivation rec { hardeningEnable = [ "pie" ]; nativeBuildInputs = [ autoreconfHook w3m man ]; - buildInputs = [ zlib pcre mbedtls brotli ]; + buildInputs = [ zlib pcre openssl brotli ]; makeFlags = [ "STRIP=" ]; configureFlags = [ - "--with-mbedtls" + "--with-openssl" "--with-brotli" "--enable-external-filters" "--enable-compression" @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { description = "Non-caching web proxy with advanced filtering capabilities"; # When linked with mbedtls, the license becomes GPLv3 (or later), otherwise # GPLv2 (or later). See https://www.privoxy.org/user-manual/copyright.html - license = licenses.gpl3Plus; + license = licenses.gpl2Plus; platforms = platforms.all; maintainers = [ maintainers.phreedom ]; }; From 41a997c8b2cb191bd588d991cc11803c5e0eb24b Mon Sep 17 00:00:00 2001 From: Kira Bruneau Date: Tue, 28 Sep 2021 20:04:45 -0400 Subject: [PATCH 18/18] =?UTF-8?q?ccache:=204.4.1=20=E2=86=92=204.4.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/tools/misc/ccache/default.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/pkgs/development/tools/misc/ccache/default.nix b/pkgs/development/tools/misc/ccache/default.nix index a6fbacfa6f16..357a46c081c5 100644 --- a/pkgs/development/tools/misc/ccache/default.nix +++ b/pkgs/development/tools/misc/ccache/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitHub -, fetchpatch , substituteAll , binutils , asciidoctor @@ -15,25 +14,18 @@ let ccache = stdenv.mkDerivation rec { pname = "ccache"; - version = "4.4.1"; + version = "4.4.2"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - hash = "sha256-zsJoaaxYVV78vsxq2nbOh9ZAU1giKp8Kh6qJFL120CQ="; + hash = "sha256-VtwykRX5so6LqyC0En/Jx7anXD7qW47zqq3awCY0lJE="; }; outputs = [ "out" "man" ]; patches = [ - # Use the shell builtin pwd for the basedir test - # See https://github.com/ccache/ccache/pull/933 - (fetchpatch { - url = "https://github.com/ccache/ccache/commit/58fd1fbe75a1b5dc3f9151947ace15164fdef91c.patch"; - sha256 = "BoBn4YSDy8pQxJ+fQHSsrUZDBVeLFWXIQ6CunDwMO7o="; - }) - # When building for Darwin, test/run uses dwarfdump, whereas on # Linux it uses objdump. We don't have dwarfdump packaged for # Darwin, so this patch updates the test to also use objdump on