2019-07-03 18:33:16 +02:00
|
|
|
|
{ stdenv, fetchurl, fetchpatch, python, zlib, pkgconfig, glib
|
2017-01-25 15:33:23 +01:00
|
|
|
|
, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex
|
2016-11-23 13:01:32 +01:00
|
|
|
|
, bison, lzo, snappy, libaio, gnutls, nettle, curl
|
2015-06-01 20:55:53 +02:00
|
|
|
|
, makeWrapper
|
2016-02-29 01:22:06 +01:00
|
|
|
|
, attr, libcap, libcap_ng
|
2019-02-12 22:52:28 +01:00
|
|
|
|
, CoreServices, Cocoa, Hypervisor, rez, setfile
|
treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
2018-03-20 03:41:06 +01:00
|
|
|
|
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
|
2016-02-29 01:22:06 +01:00
|
|
|
|
, seccompSupport ? stdenv.isLinux, libseccomp
|
|
|
|
|
, pulseSupport ? !stdenv.isDarwin, libpulseaudio
|
2018-03-18 03:26:38 +01:00
|
|
|
|
, sdlSupport ? !stdenv.isDarwin, SDL2
|
2018-12-26 00:15:46 +01:00
|
|
|
|
, gtkSupport ? !stdenv.isDarwin && !xenSupport, gtk3, gettext, vte
|
2015-06-01 20:55:53 +02:00
|
|
|
|
, vncSupport ? true, libjpeg, libpng
|
2018-10-12 20:58:49 +02:00
|
|
|
|
, smartcardSupport ? true, libcacard
|
2018-02-25 03:23:58 +01:00
|
|
|
|
, spiceSupport ? !stdenv.isDarwin, spice, spice-protocol
|
2016-09-05 20:37:03 +02:00
|
|
|
|
, usbredirSupport ? spiceSupport, usbredir
|
2016-11-02 17:06:48 +01:00
|
|
|
|
, xenSupport ? false, xen
|
2019-02-06 19:53:23 +01:00
|
|
|
|
, cephSupport ? false, ceph
|
2019-05-28 21:09:34 +02:00
|
|
|
|
, openGLSupport ? sdlSupport, mesa, epoxy, libdrm
|
2018-03-25 23:33:23 +02:00
|
|
|
|
, virglSupport ? openGLSupport, virglrenderer
|
2018-06-11 00:18:31 +02:00
|
|
|
|
, smbdSupport ? false, samba
|
2017-11-24 13:34:04 +01:00
|
|
|
|
, hostCpuOnly ? false
|
2018-11-13 23:54:08 +01:00
|
|
|
|
, hostCpuTargets ? (if hostCpuOnly
|
|
|
|
|
then (stdenv.lib.optional stdenv.isx86_64 "i386-softmmu"
|
|
|
|
|
++ ["${stdenv.hostPlatform.qemuArch}-softmmu"])
|
|
|
|
|
else null)
|
2016-11-17 17:06:17 +01:00
|
|
|
|
, nixosTestRunner ? false
|
2013-07-04 17:44:44 +02:00
|
|
|
|
}:
|
2013-02-08 02:44:02 +01:00
|
|
|
|
|
2014-08-28 20:21:23 +02:00
|
|
|
|
with stdenv.lib;
|
|
|
|
|
let
|
2018-08-20 21:11:29 +02:00
|
|
|
|
audio = optionalString (hasSuffix "linux" stdenv.hostPlatform.system) "alsa,"
|
2015-06-01 20:55:53 +02:00
|
|
|
|
+ optionalString pulseSupport "pa,"
|
|
|
|
|
+ optionalString sdlSupport "sdl,";
|
2017-11-24 13:34:04 +01:00
|
|
|
|
|
2014-08-28 20:21:23 +02:00
|
|
|
|
in
|
2013-07-31 14:50:42 +02:00
|
|
|
|
|
2013-02-08 02:44:02 +01:00
|
|
|
|
stdenv.mkDerivation rec {
|
2019-12-18 23:00:49 +01:00
|
|
|
|
version = "4.2.0";
|
2019-11-05 16:20:59 +01:00
|
|
|
|
pname = "qemu"
|
|
|
|
|
+ stdenv.lib.optionalString xenSupport "-xen"
|
|
|
|
|
+ stdenv.lib.optionalString hostCpuOnly "-host-cpu-only"
|
|
|
|
|
+ stdenv.lib.optionalString nixosTestRunner "-for-vm-tests";
|
2013-02-08 02:44:02 +01:00
|
|
|
|
|
|
|
|
|
src = fetchurl {
|
2018-07-18 16:28:48 +02:00
|
|
|
|
url = "https://wiki.qemu.org/download/qemu-${version}.tar.bz2";
|
2019-12-18 23:00:49 +01:00
|
|
|
|
sha256 = "1gczv8hn3wqci86css3mhzrppp3z8vppxw25l08j589k6bvz7x1w";
|
2013-02-08 02:44:02 +01:00
|
|
|
|
};
|
|
|
|
|
|
2019-07-03 18:33:16 +02:00
|
|
|
|
nativeBuildInputs = [ python python.pkgs.sphinx pkgconfig flex bison ];
|
2015-06-01 20:55:53 +02:00
|
|
|
|
buildInputs =
|
2019-04-27 09:19:07 +02:00
|
|
|
|
[ zlib glib ncurses perl pixman
|
|
|
|
|
vde2 texinfo makeWrapper lzo snappy
|
2016-11-23 13:01:32 +01:00
|
|
|
|
gnutls nettle curl
|
2015-06-01 20:55:53 +02:00
|
|
|
|
]
|
2019-02-12 22:52:28 +01:00
|
|
|
|
++ optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ]
|
2016-02-29 01:22:06 +01:00
|
|
|
|
++ optionals seccompSupport [ libseccomp ]
|
|
|
|
|
++ optionals numaSupport [ numactl ]
|
2015-06-01 20:55:53 +02:00
|
|
|
|
++ optionals pulseSupport [ libpulseaudio ]
|
2018-03-18 03:26:38 +01:00
|
|
|
|
++ optionals sdlSupport [ SDL2 ]
|
2018-12-26 00:15:46 +01:00
|
|
|
|
++ optionals gtkSupport [ gtk3 gettext vte ]
|
2015-06-01 20:55:53 +02:00
|
|
|
|
++ optionals vncSupport [ libjpeg libpng ]
|
2018-10-12 20:58:49 +02:00
|
|
|
|
++ optionals smartcardSupport [ libcacard ]
|
2018-02-25 03:23:58 +01:00
|
|
|
|
++ optionals spiceSupport [ spice-protocol spice ]
|
2016-09-05 20:37:03 +02:00
|
|
|
|
++ optionals usbredirSupport [ usbredir ]
|
2016-11-02 17:06:48 +01:00
|
|
|
|
++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ]
|
2018-03-18 03:27:01 +01:00
|
|
|
|
++ optionals xenSupport [ xen ]
|
2019-02-06 19:53:23 +01:00
|
|
|
|
++ optionals cephSupport [ ceph ]
|
2019-05-28 21:09:34 +02:00
|
|
|
|
++ optionals openGLSupport [ mesa epoxy libdrm ]
|
2018-06-11 00:18:31 +02:00
|
|
|
|
++ optionals virglSupport [ virglrenderer ]
|
|
|
|
|
++ optionals smbdSupport [ samba ];
|
2013-02-08 02:44:02 +01:00
|
|
|
|
|
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
|
2018-04-20 11:05:50 +02:00
|
|
|
|
outputs = [ "out" "ga" ];
|
|
|
|
|
|
2018-08-10 20:59:53 +02:00
|
|
|
|
patches = [
|
|
|
|
|
./no-etc-install.patch
|
|
|
|
|
./fix-qemu-ga.patch
|
2019-03-14 14:56:55 +01:00
|
|
|
|
./9p-ignore-noatime.patch
|
2019-12-19 01:51:04 +01:00
|
|
|
|
(fetchpatch {
|
|
|
|
|
name = "CVE-2019-15890.patch";
|
|
|
|
|
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=c59279437eda91841b9d26079c70b8a540d41204";
|
|
|
|
|
sha256 = "1q2rc67mfdz034mk81z9bw105x9zad7n954sy3kq068b1svrf7iy";
|
|
|
|
|
stripLen = 1;
|
|
|
|
|
extraPrefix = "slirp/";
|
|
|
|
|
})
|
2020-02-01 23:27:05 +01:00
|
|
|
|
# patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7039
|
|
|
|
|
(fetchpatch {
|
|
|
|
|
name = "CVE-2020-7039-1.patch";
|
|
|
|
|
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=2655fffed7a9e765bcb4701dd876e9dab975f289";
|
|
|
|
|
sha256 = "1jh0k3lg3553c2x1kq1kl3967jabhba5gm584wjpmr5mjqk3lnz1";
|
|
|
|
|
stripLen = 1;
|
|
|
|
|
extraPrefix = "slirp/";
|
|
|
|
|
excludes = ["slirp/CHANGELOG.md"];
|
|
|
|
|
})
|
|
|
|
|
(fetchpatch {
|
|
|
|
|
name = "CVE-2020-7039-2.patch";
|
|
|
|
|
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=82ebe9c370a0e2970fb5695aa19aa5214a6a1c80";
|
|
|
|
|
sha256 = "08ccxcmrhzknnzd1a1q2brszv3a7h02n26r73kpli10b0hn12r2l";
|
|
|
|
|
stripLen = 1;
|
|
|
|
|
extraPrefix = "slirp/";
|
|
|
|
|
})
|
|
|
|
|
(fetchpatch {
|
|
|
|
|
name = "CVE-2020-7039-3.patch";
|
|
|
|
|
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9";
|
|
|
|
|
sha256 = "18ypj9an2jmsmdn58853rbz42r10587h7cz5fdws2x4635778ibd";
|
|
|
|
|
stripLen = 1;
|
|
|
|
|
extraPrefix = "slirp/";
|
|
|
|
|
})
|
|
|
|
|
# patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7211
|
|
|
|
|
(fetchpatch {
|
|
|
|
|
name = "CVE-2020-7211.patch";
|
|
|
|
|
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=14ec36e107a8c9af7d0a80c3571fe39b291ff1d4";
|
|
|
|
|
sha256 = "1lc8zabqs580iqrsr5k7zwgkx6qjmja7apwfbc36lkvnrxwfzmrc";
|
|
|
|
|
stripLen = 1;
|
|
|
|
|
extraPrefix = "slirp/";
|
|
|
|
|
})
|
2018-08-10 20:59:53 +02:00
|
|
|
|
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
|
2018-03-25 04:15:43 +02:00
|
|
|
|
++ optionals stdenv.hostPlatform.isMusl [
|
|
|
|
|
(fetchpatch {
|
2020-04-01 03:11:51 +02:00
|
|
|
|
url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/xattr_size_max.patch";
|
2018-03-25 04:15:43 +02:00
|
|
|
|
sha256 = "1xfdjs1jlvs99hpf670yianb8c3qz2ars8syzyz8f2c2cp5y4bxb";
|
|
|
|
|
})
|
|
|
|
|
(fetchpatch {
|
2020-04-01 03:11:51 +02:00
|
|
|
|
url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/musl-F_SHLCK-and-F_EXLCK.patch";
|
2018-03-25 04:15:43 +02:00
|
|
|
|
sha256 = "1gm67v41gw6apzgz7jr3zv9z80wvkv0jaxd2w4d16hmipa8bhs0k";
|
|
|
|
|
})
|
2018-09-10 08:14:37 +02:00
|
|
|
|
./sigrtminmax.patch
|
2018-03-25 04:15:43 +02:00
|
|
|
|
(fetchpatch {
|
2020-04-01 03:11:51 +02:00
|
|
|
|
url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch";
|
2018-03-25 04:15:43 +02:00
|
|
|
|
sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav";
|
|
|
|
|
})
|
|
|
|
|
];
|
2017-02-22 09:06:49 +01:00
|
|
|
|
|
2016-09-25 21:40:47 +02:00
|
|
|
|
hardeningDisable = [ "stackprotector" ];
|
2015-06-01 20:55:53 +02:00
|
|
|
|
|
2017-07-21 18:39:50 +02:00
|
|
|
|
preConfigure = ''
|
|
|
|
|
unset CPP # intereferes with dependency calculation
|
2018-04-26 14:27:23 +02:00
|
|
|
|
'' + optionalString stdenv.hostPlatform.isMusl ''
|
|
|
|
|
NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H"
|
2017-07-21 18:39:50 +02:00
|
|
|
|
'';
|
|
|
|
|
|
2015-06-01 20:55:53 +02:00
|
|
|
|
configureFlags =
|
2018-06-11 00:18:31 +02:00
|
|
|
|
[ "--audio-drv-list=${audio}"
|
2015-06-01 20:55:53 +02:00
|
|
|
|
"--sysconfdir=/etc"
|
|
|
|
|
"--localstatedir=/var"
|
2019-07-03 18:33:16 +02:00
|
|
|
|
"--enable-docs"
|
2015-06-01 20:55:53 +02:00
|
|
|
|
]
|
2018-04-24 00:19:34 +02:00
|
|
|
|
# disable sysctl check on darwin.
|
|
|
|
|
++ optional stdenv.isDarwin "--cpu=x86_64"
|
2016-02-29 01:22:06 +01:00
|
|
|
|
++ optional numaSupport "--enable-numa"
|
|
|
|
|
++ optional seccompSupport "--enable-seccomp"
|
2018-10-12 20:58:49 +02:00
|
|
|
|
++ optional smartcardSupport "--enable-smartcard"
|
2015-06-01 20:55:53 +02:00
|
|
|
|
++ optional spiceSupport "--enable-spice"
|
2016-09-05 20:37:03 +02:00
|
|
|
|
++ optional usbredirSupport "--enable-usb-redir"
|
2018-11-13 23:54:08 +01:00
|
|
|
|
++ optional (hostCpuTargets != null) "--target-list=${stdenv.lib.concatStringsSep "," hostCpuTargets}"
|
2016-02-29 01:22:06 +01:00
|
|
|
|
++ optional stdenv.isDarwin "--enable-cocoa"
|
2019-02-12 22:52:28 +01:00
|
|
|
|
++ optional stdenv.isDarwin "--enable-hvf"
|
2016-11-02 17:06:48 +01:00
|
|
|
|
++ optional stdenv.isLinux "--enable-linux-aio"
|
2018-04-14 02:33:25 +02:00
|
|
|
|
++ optional gtkSupport "--enable-gtk"
|
2018-03-18 03:27:01 +01:00
|
|
|
|
++ optional xenSupport "--enable-xen"
|
2019-02-06 19:53:23 +01:00
|
|
|
|
++ optional cephSupport "--enable-rbd"
|
2018-03-17 17:14:52 +01:00
|
|
|
|
++ optional openGLSupport "--enable-opengl"
|
2018-06-11 00:18:31 +02:00
|
|
|
|
++ optional virglSupport "--enable-virglrenderer"
|
|
|
|
|
++ optional smbdSupport "--smbd=${samba}/bin/smbd";
|
2015-06-01 20:55:53 +02:00
|
|
|
|
|
2018-04-25 05:20:18 +02:00
|
|
|
|
doCheck = false; # tries to access /dev
|
|
|
|
|
|
2016-04-08 01:45:53 +02:00
|
|
|
|
postFixup =
|
|
|
|
|
''
|
2018-04-20 11:05:50 +02:00
|
|
|
|
# copy qemu-ga (guest agent) to separate output
|
|
|
|
|
mkdir -p $ga/bin
|
|
|
|
|
cp $out/bin/qemu-ga $ga/bin/
|
2016-04-08 01:45:53 +02:00
|
|
|
|
'';
|
|
|
|
|
|
2017-12-06 19:06:33 +01:00
|
|
|
|
# Add a ‘qemu-kvm’ wrapper for compatibility/convenience.
|
2018-11-13 23:54:08 +01:00
|
|
|
|
postInstall = ''
|
|
|
|
|
if [ -x $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} ]; then
|
|
|
|
|
makeWrapper $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} \
|
|
|
|
|
$out/bin/qemu-kvm \
|
|
|
|
|
--add-flags "\$([ -e /dev/kvm ] && echo -enable-kvm)"
|
|
|
|
|
fi
|
|
|
|
|
'';
|
2013-07-31 14:31:04 +02:00
|
|
|
|
|
2017-12-07 22:26:42 +01:00
|
|
|
|
passthru = {
|
|
|
|
|
qemu-system-i386 = "bin/qemu-system-i386";
|
|
|
|
|
};
|
|
|
|
|
|
2014-02-20 21:02:55 +01:00
|
|
|
|
meta = with stdenv.lib; {
|
2020-04-01 03:11:51 +02:00
|
|
|
|
homepage = "http://www.qemu.org/";
|
2013-07-04 16:52:43 +02:00
|
|
|
|
description = "A generic and open source machine emulator and virtualizer";
|
2014-02-20 21:02:55 +01:00
|
|
|
|
license = licenses.gpl2Plus;
|
2018-07-22 21:50:19 +02:00
|
|
|
|
maintainers = with maintainers; [ eelco ];
|
2016-02-29 01:22:06 +01:00
|
|
|
|
platforms = platforms.linux ++ platforms.darwin;
|
2013-02-08 02:44:02 +01:00
|
|
|
|
};
|
|
|
|
|
}
|