qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xen: move to by-name

Browse Source 
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
Co-authored-by: Emily <vcs@emily.moe>
This commit is contained in:
Fernando Rodrigues 2024-09-29 01:54:25 +00:00
parent 7030f11620
commit 8cf52f2c03
No known key found for this signature in database
GPG Key ID: CC3AE2EA00000000
6 changed files with 33 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
pkgs/applications/virtualization/xen/4.18/default.nix
View File

@ -1,56 +0,0 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../generic/patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten (
with upstreamPatches;
[
QUBES_REPRODUCIBLE_BUILDS
XSA_462
]
);
in
callPackage (import ../generic/default.nix {
pname = "xen";
branch = "4.18";
version = "4.18.3";
latest = false;
pkg = {
xen = {
rev = "bd51e573a730efc569646379cd59ccba967cde97";
hash = "sha256-OFiFdpPCXR+sWjzFHCORtY4DkWyggvxkcsGdgEyO1ts=";
patches = [ ] ++ upstreamPatchList;
};
qemu = {
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
patches = [ ];
};
seaBIOS = {
rev = "ea1b7a0733906b8425d948ae94fba63c32b1d425";
hash = "sha256-J2FuT+FXn9YoFLSfxDOxyKZvKrys59a6bP1eYvEXVNU=";
patches = [ ];
};
ovmf = {
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

58
pkgs/applications/virtualization/xen/4.19/default.nix
View File

@ -1,58 +0,0 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../generic/patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten (
with upstreamPatches;
[
QUBES_REPRODUCIBLE_BUILDS
XSA_460
XSA_461
XSA_462
]
);
in
callPackage (import ../generic/default.nix {
pname = "xen";
branch = "4.19";
version = "4.19.0";
latest = true;
pkg = {
xen = {
rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";
hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";
patches = [ ] ++ upstreamPatchList;
};
qemu = {
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
patches = [ ];
};
seaBIOS = {
rev = "a6ed6b701f0a57db0569ab98b0661c12a6ec3ff8";
hash = "sha256-hWemj83cxdY8p+Jhkh5GcPvI0Sy5aKYZJCsKDjHTUUk=";
patches = [ ];
};
ovmf = {
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

71
pkgs/applications/virtualization/xen/packages.nix
View File

@ -1,71 +0,0 @@
{
python3Packages,
python311Packages,
callPackage,
}:
let
standard = {
# Broken with python 3.12+ when using internal QEMU due to https://github.com/NixOS/nixpkgs/issues/253751
python3Packages = python311Packages;
meta = {
description = "Standard";
longDescription = ''
Standard version of the Xen Project Hypervisor. Uses forks of QEMU, SeaBIOS,
OVMF and iPXE provided by the Xen Project. This provides the vanilla Xen
experience, but wastes space and build time. A typical NixOS setup that runs
lots of VMs will usually need to build two different versions of QEMU when using
this Xen derivation (one fork and upstream).
'';
};
};
slim = {
inherit python3Packages;
meta = {
description = "Without Internal Components";
longDescription = ''
Slimmed-down version of the Xen Project Hypervisor that reuses nixpkgs packages
as much as possible. Instead of using the Xen Project forks for various internal
components, this version uses `seabios`, `ovmf` and `ipxe` from Nixpkgs. These
components may ocasionally get out of sync with the hypervisor itself, but this
builds faster and uses less space than the default derivation.
'';
};
};
in
# TODO: generalise this to automatically generate both Xen variants for each ./<version>/default.nix.
rec {
xen_4_19 = callPackage ./4.19/default.nix {
inherit (standard) meta python3Packages;
};
xen_4_19-slim = xen_4_19.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta python3Packages;
};
xen_4_18 = callPackage ./4.18/default.nix {
inherit (standard) meta python3Packages;
};
xen_4_18-slim = xen_4_18.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta python3Packages;
};
xen_4_17 = callPackage ./4.17/default.nix {
inherit (standard) meta python3Packages;
};
xen_4_17-slim = xen_4_17.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta;
# Broken with python 3.12+ due to distutils missing.
python3Packages = python311Packages;
};
}

65
pkgs/applications/virtualization/xen/README.md → pkgs/by-name/xe/xen/README.md
View File

@ -17,7 +17,7 @@
# Xen Project Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>
This directory includes the build recipes for the [Xen Project Hypervisor](https://xenproject.org/).
This directory begins the [Xen Project Hypervisor](https://xenproject.org/) build process.
Some other notable packages that compose the Xen Project Ecosystem include:
@ -32,81 +32,56 @@ Some other notable packages that compose the Xen Project Ecosystem include:
### Manually
1. Create one directory per branch.
1. [Update](https://xenbits.xenproject.org/gitweb/) the `default.nix` files for
the branches that already exist and copy a new one to any branches that do
not yet exist in Nixpkgs.
- Do not forget to set the `branch`, `version`, and `latest` attributes for
each of the `default.nix` files.
1. [Update](https://xenbits.xenproject.org/gitweb/) the `package.nix` file for
the latest branch of Xen.
- Do not forget to set the `branch`, `version`, and `latest` attributes.
- The revisions are preferably commit hashes, but tag names are acceptable
as well.
1. Make sure all branches build. (Both the `standard` and `slim` versions)
1. Use the NixOS module to test if dom0 boots successfully on all new versions.
1. Make sure it builds.
1. Use the NixOS module to test if dom0 boots successfully on the new version.
1. Make sure the `meta` attributes evaluate to something that makes sense. The
following one-line command is useful for testing this:
```console
xenToEvaluate=xen; echo -e "\033[1m$(nix eval .#"$xenToEvaluate".meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#"$xenToEvaluate".meta.longDescription --raw 2> /dev/null)"
echo -e "\033[1m$(nix eval .#xen.meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#xen.meta.longDescription --raw 2> /dev/null)"
```
Change the value of `xenToEvaluate` to evaluate all relevant Xen packages.
1. Run `xtf --all --host` as root when booted into the Xen update, and make
sure no tests fail.
sure no important tests fail.
1. Clean up your changes and commit them, making sure to follow the
[Nixpkgs Contribution Guidelines](../../../../CONTRIBUTING.md).
1. Open a PR and await a review from the current maintainers.
## Features
### Pre-fetched Sources
### Generic Builder
On a typical Xen build, the Xen Makefiles will fetch more required sources with
`git` and `wget`. Due to the Nix Sandbox, build-time fetching will fail, so we
pre-fetch the required sources before building.[^1] To accomplish this, we have
a `prefetchedSources` attribute that contains the required derivations, if they
are requested by the main Xen build.
`buildXenPackage` is a helpful utility capable of building Xen when passed
certain attributes. The `package.nix` file on this directory includes all
important attributes for building a Xen package with Nix. Downstreams can
pin their Xen revision or include extra patches if the default Xen package
does not meet their needs.
### EFI
Building `xen.efi` requires an `ld` with PE support.[^2]
We use a `makeFlag` to override the `$LD` environment variable to point to our
patched `efiBinutils`. For more information, see the comment in `./generic/default.nix`.
patched `efiBinutils`. For more information, see the comment in `pkgs/build-support/xen/default.nix`.
> [!TIP]
> If you are certain you will not be running Xen in an x86 EFI environment, disable
the `withEFI` flag with an [override](https://nixos.org/manual/nixpkgs/stable/#chap-overrides)
to save you the need to compile `efiBinutils`.
### Default Overrides
By default, Xen also builds
[QEMU](https://www.qemu.org/),
[SeaBIOS](https://www.seabios.org/SeaBIOS),
[OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) and
[iPXE](https://ipxe.org/).
- QEMU is used for stubdomains and handling devices.
- SeaBIOS is the default legacy BIOS ROM for HVM domains.
- OVMF is the default UEFI ROM for HVM domains.
- iPXE provides a PXE boot environment for HVMs.
However, those packages are already available on Nixpkgs, and Xen does not
necessarily need to build them into the main hypervisor build. For this reason,
we also have the `withInternal<Component>` flags, which enables and disables
building those built-in components. The two most popular Xen configurations will
be the default build, with all built-in components, and a `slim` build, with none
of those components. To simplify this process, the `./packages.nix` file includes
the `xen-slim` package overrides that have all `withInternal<Component>` flags
disabled. See the `meta.longDescription` attribute for the `xen-slim` packages
for more information.
## Security
We aim to support all **security-supported** versions of Xen at any given time.
We aim to support the **latest** version of Xen at any given time.
See the [Xen Support Matrix](https://xenbits.xen.org/docs/unstable/support-matrix.html)
for a list of versions. As soon as a version is no longer **security-supported**,
it should be removed from Nixpkgs.
for a list of versions. As soon as a version is no longer the newest, it should
be removed from Nixpkgs (`master`). If you need earlier versions of Xen, consider
building your own Xen by following the instructions in the **Generic Builder**
section.
> [!CAUTION]
> Pull requests that introduce XSA patches

11
pkgs/by-name/xe/xen/package.nix Normal file
View File

@ -0,0 +1,11 @@
{
buildXenPackage,
python3Packages,
}:
buildXenPackage.override { inherit python3Packages; } {
pname = "xen";
version = "4.19.0";
rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";
hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";
}

9
pkgs/top-level/all-packages.nix
View File

@ -26413,10 +26413,9 @@ with pkgs;
glusterfsSupport = lib.meta.availableOn stdenv.hostPlatform glusterfs && lib.meta.availableOn stdenv.hostPlatform libuuid;
});
# See `xenPackages` source for explanations.
# Building with `xen` instead of `xen-slim` is possible, but makes no sense.
qemu_xen_4_19 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_19-slim; });
qemu_xen_4_18 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_18-slim; });
qemu_xen_4_19 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xen_4_19-slim; });
qemu_xen_4_18 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xen_4_18-slim; });
qemu_xen = qemu_xen_4_19;
qemu_test = lowPrio (qemu.override { hostCpuOnly = true; nixosTestRunner = true; });
@ -33848,10 +33847,6 @@ with pkgs;
xdotool = callPackage ../tools/X11/xdotool { };
xenPackages = recurseIntoAttrs (callPackage ../applications/virtualization/xen/packages.nix {});
xen = xenPackages.xen_4_19;
xen-slim = xenPackages.xen_4_19-slim;
buildXenPackage = callPackage ../build-support/xen { };
xkbset = callPackage ../tools/X11/xkbset { };