nixos/binfmt: Add option to use static emulators when available

The fixBinary flag will be enabled if a static emulator is in use.
2023-05-27 11:11:49 -06:00 · 2023-05-27 11:11:49 -06:00 · b8c1ef98e4
commit b8c1ef98e4
parent 4658a06076
3 changed files with 33 additions and 8 deletions
--- a/lib/systems/default.nix
+++ b/lib/systems/default.nix
@ -296,6 +296,10 @@ let
      in {
        emulatorAvailable = pkgs: (selectEmulator pkgs) != null;
        # whether final.emulator pkgs.pkgsStatic works
        staticEmulatorAvailable = pkgs: final.emulatorAvailable pkgs
          && (final.isLinux || final.isWasi || final.isMmix);
        emulator = pkgs:
          if (final.emulatorAvailable pkgs)
          then selectEmulator pkgs
--- a/lib/tests/systems.nix
+++ b/lib/tests/systems.nix
@ -96,6 +96,7 @@ lib.runTests (
        canExecute = null;
        emulator = null;
        emulatorAvailable = null;
        staticEmulatorAvailable = null;
        isCompatible = null;
      }?${platformAttrName};
    };
--- a/nixos/modules/system/boot/binfmt.nix
+++ b/nixos/modules/system/boot/binfmt.nix
@ -28,8 +28,6 @@ let
         ''
    else interpreter;
  getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
  getQemuArch = system: (lib.systems.elaborate { inherit system; }).qemuArch;
  # Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
  # - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
@ -280,28 +278,50 @@ in {
        '';
        type = types.listOf (types.enum (builtins.attrNames magics));
      };
      preferStaticEmulators = mkOption {
        default = false;
        description = ''
          Whether to use static emulators when available.
          This enables the kernel to preload the emulator binaries when
          the binfmt registrations are added, obviating the need to make
          the emulator binaries available inside chroots and chroot-like
          sandboxes.
        '';
        type = types.bool;
      };
    };
  };
  config = {
    assertions = lib.mapAttrsToList (name: reg: {
      assertion = reg.fixBinary -> !reg.wrapInterpreterInShell;
      message = "boot.binfmt.registrations.\"${name}\" cannot have fixBinary when the interpreter is invoked through a shell.";
    }) cfg.registrations;
    boot.binfmt.registrations = builtins.listToAttrs (map (system: assert system != pkgs.stdenv.hostPlatform.system; {
      name = system;
      value = { config, ... }: let
-        interpreter = getEmulator system;
+        elaborated = lib.systems.elaborate { inherit system; };
-        qemuArch = getQemuArch system;
+        useStaticEmulator = cfg.preferStaticEmulators && elaborated.staticEmulatorAvailable pkgs;
        interpreter = elaborated.emulator (if useStaticEmulator then pkgs.pkgsStatic else pkgs);
        inherit (elaborated) qemuArch;
        isQemu = "qemu-${qemuArch}" == baseNameOf interpreter;
        preserveArgvZero = "qemu-${qemuArch}" == baseNameOf interpreter;
        interpreterReg = let
          wrapperName = "qemu-${qemuArch}-binfmt-P";
          wrapper = pkgs.wrapQemuBinfmtP wrapperName interpreter;
        in
-          if preserveArgvZero then "${wrapper}/bin/${wrapperName}"
+          if isQemu && !useStaticEmulator then "${wrapper}/bin/${wrapperName}"
          else interpreter;
      in ({
-        preserveArgvZero = mkDefault preserveArgvZero;
+        preserveArgvZero = mkDefault isQemu;
        interpreter = mkDefault interpreterReg;
-        wrapInterpreterInShell = mkDefault (!config.preserveArgvZero);
+        fixBinary = mkDefault useStaticEmulator;
        wrapInterpreterInShell = mkDefault (!config.preserveArgvZero && !config.fixBinary);
        interpreterSandboxPath = mkDefault (dirOf (dirOf config.interpreter));
      } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}")));
    }) cfg.emulatedSystems);