dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #173110 from symphorien/ovmf-cross

Browse Source 
nixos/libvirtd: make it possible to boot a UEFI aarch64 vm on x86_64
This commit is contained in:
Guillaume Girol 2022-05-29 21:46:45 +00:00 committed by GitHub
commit f2493e87d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 62 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
nixos/modules/virtualisation/libvirtd.nix
View File

@ -11,10 +11,9 @@ let
auth_unix_rw = "polkit" auth_unix_rw = "polkit"
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
ovmfFilePrefix = if pkgs.stdenv.isAarch64 then "AAVMF" else "OVMF";
qemuConfigFile = pkgs.writeText "qemu.conf" '' qemuConfigFile = pkgs.writeText "qemu.conf" ''
${optionalString cfg.qemu.ovmf.enable '' ${optionalString cfg.qemu.ovmf.enable ''
nvram = [ "/run/libvirt/nix-ovmf/${ovmfFilePrefix}_CODE.fd:/run/libvirt/nix-ovmf/${ovmfFilePrefix}_VARS.fd" ] nvram = [ "/run/libvirt/nix-ovmf/AAVMF_CODE.fd:/run/libvirt/nix-ovmf/AAVMF_VARS.fd", "/run/libvirt/nix-ovmf/OVMF_CODE.fd:/run/libvirt/nix-ovmf/OVMF_VARS.fd" ]
''} ''}
${optionalString (!cfg.qemu.runAsRoot) '' ${optionalString (!cfg.qemu.runAsRoot) ''
user = "qemu-libvirtd" user = "qemu-libvirtd"
@ -36,13 +35,20 @@ let
''; '';
}; };
# mkRemovedOptionModule does not work in submodules, do it manually
package = mkOption { package = mkOption {
type = types.package; type = types.nullOr types.package;
default = pkgs.OVMF; default = null;
defaultText = literalExpression "pkgs.OVMF"; internal = true;
example = literalExpression "pkgs.OVMFFull"; };
packages = mkOption {
type = types.listOf types.package;
default = [ pkgs.OVMF.fd ];
defaultText = literalExpression "[ pkgs.OVMF.fd ]";
example = literalExpression "[ pkgs.OVMFFull.fd pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd ]";
description = '' description = ''
OVMF package to use. List of OVMF packages to use. Each listed package must contain files names FV/OVMF_CODE.fd and FV/OVMF_VARS.fd or FV/AAVMF_CODE.fd and FV/AAVMF_VARS.fd
''; '';
}; };
}; };
@ -141,9 +147,9 @@ in
(mkRenamedOptionModule (mkRenamedOptionModule
[ "virtualisation" "libvirtd" "qemuOvmf" ] [ "virtualisation" "libvirtd" "qemuOvmf" ]
[ "virtualisation" "libvirtd" "qemu" "ovmf" "enable" ]) [ "virtualisation" "libvirtd" "qemu" "ovmf" "enable" ])
(mkRenamedOptionModule (mkRemovedOptionModule
[ "virtualisation" "libvirtd" "qemuOvmfPackage" ] [ "virtualisation" "libvirtd" "qemuOvmfPackage" ]
[ "virtualisation" "libvirtd" "qemu" "ovmf" "package" ]) "If this option was set to `foo`, set the option `virtualisation.libvirtd.qemu.ovmf.packages' to `[foo.fd]` instead.")
(mkRenamedOptionModule (mkRenamedOptionModule
[ "virtualisation" "libvirtd" "qemuSwtpm" ] [ "virtualisation" "libvirtd" "qemuSwtpm" ]
[ "virtualisation" "libvirtd" "qemu" "swtpm" "enable" ]) [ "virtualisation" "libvirtd" "qemu" "swtpm" "enable" ])
@ -238,12 +244,15 @@ in
assertions = [ assertions = [
{ {
assertion = config.security.polkit.enable; assertion = config.virtualisation.libvirtd.qemu.ovmf.package == null;
message = "The libvirtd module currently requires Polkit to be enabled ('security.polkit.enable = true')."; message = ''
The option virtualisation.libvirtd.qemu.ovmf.package is superseded by virtualisation.libvirtd.qemu.ovmf.packages.
If this option was set to `foo`, set the option `virtualisation.libvirtd.qemu.ovmf.packages' to `[foo.fd]` instead.
'';
} }
{ {
assertion = builtins.elem "fd" cfg.qemu.ovmf.package.outputs; assertion = config.security.polkit.enable;
message = "The option 'virtualisation.libvirtd.qemuOvmfPackage' needs a package that has an 'fd' output."; message = "The libvirtd module currently requires Polkit to be enabled ('security.polkit.enable = true').";
} }
]; ];
@ -303,10 +312,18 @@ in
ln -s --force ${cfg.qemu.package}/$helper /run/${dirName}/nix-helpers/ ln -s --force ${cfg.qemu.package}/$helper /run/${dirName}/nix-helpers/
done done
${optionalString cfg.qemu.ovmf.enable '' ${optionalString cfg.qemu.ovmf.enable (let
ln -s --force ${cfg.qemu.ovmf.package.fd}/FV/${ovmfFilePrefix}_CODE.fd /run/${dirName}/nix-ovmf/ ovmfpackage = pkgs.buildEnv {
ln -s --force ${cfg.qemu.ovmf.package.fd}/FV/${ovmfFilePrefix}_VARS.fd /run/${dirName}/nix-ovmf/ name = "qemu-ovmf";
''} paths = cfg.qemu.ovmf.packages;
};
in
''
ln -s --force ${ovmfpackage}/FV/AAVMF_CODE.fd /run/${dirName}/nix-ovmf/
ln -s --force ${ovmfpackage}/FV/OVMF_CODE.fd /run/${dirName}/nix-ovmf/
ln -s --force ${ovmfpackage}/FV/AAVMF_VARS.fd /run/${dirName}/nix-ovmf/
ln -s --force ${ovmfpackage}/FV/OVMF_VARS.fd /run/${dirName}/nix-ovmf/
'')}
''; '';
serviceConfig = { serviceConfig = {

3
pkgs/applications/virtualization/OVMF/default.nix
View File

@ -27,7 +27,8 @@ edk2.mkDerivation projectDscPath {
outputs = [ "out" "fd" ]; outputs = [ "out" "fd" ];
buildInputs = [ util-linux nasm acpica-tools ]; nativeBuildInputs = [ util-linux nasm acpica-tools ];
strictDeps = true;
hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ]; hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ];

30
pkgs/development/compilers/edk2/default.nix
View File

@ -7,10 +7,11 @@
, bc , bc
, llvmPackages_9 , llvmPackages_9
, lib , lib
, buildPackages
}: }:
let let
pythonEnv = python3.withPackages (ps: [ps.tkinter]); pythonEnv = buildPackages.python3.withPackages (ps: [ps.tkinter]);
targetArch = if stdenv.isi686 then targetArch = if stdenv.isi686 then
"IA32" "IA32"
@ -35,6 +36,14 @@ edk2 = buildStdenv.mkDerivation {
pname = "edk2"; pname = "edk2";
version = "202202"; version = "202202";
patches = [
# pass targetPrefix as an env var
(fetchpatch {
url = "https://src.fedoraproject.org/rpms/edk2/raw/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/0021-Tweak-the-tools_def-to-support-cross-compiling.patch";
sha256 = "sha256-E1/fiFNVx0aB1kOej2DJ2DlBIs9tAAcxoedym2Zhjxw=";
})
];
# submodules # submodules
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "tianocore"; owner = "tianocore";
@ -44,7 +53,12 @@ edk2 = buildStdenv.mkDerivation {
sha256 = "0srmhi6c27n5vyl01nhh0fq8k4vngbwn79siyjvcacjbj2ivhh8d"; sha256 = "0srmhi6c27n5vyl01nhh0fq8k4vngbwn79siyjvcacjbj2ivhh8d";
}; };
buildInputs = [ libuuid pythonEnv ]; nativeBuildInputs = [ pythonEnv ];
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.util-linux buildPackages.bash ];
strictDeps = true;
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
${"GCC5_${targetArch}_PREFIX"}=stdenv.cc.targetPrefix;
makeFlags = [ "-C BaseTools" ] makeFlags = [ "-C BaseTools" ]
++ lib.optional (stdenv.cc.isClang) [ "BUILD_CC=clang BUILD_CXX=clang++ BUILD_AS=clang" ]; ++ lib.optional (stdenv.cc.isClang) [ "BUILD_CC=clang BUILD_CXX=clang++ BUILD_AS=clang" ];
@ -57,6 +71,10 @@ edk2 = buildStdenv.mkDerivation {
mkdir -vp $out mkdir -vp $out
mv -v BaseTools $out mv -v BaseTools $out
mv -v edksetup.sh $out mv -v edksetup.sh $out
# patchShebangs fails to see these when cross compiling
for i in $out/BaseTools/BinWrappers/PosixLike/*; do
substituteInPlace $i --replace '/usr/bin/env bash' ${buildPackages.bash}/bin/bash
done
''; '';
enableParallelBuilding = true; enableParallelBuilding = true;
@ -72,7 +90,11 @@ edk2 = buildStdenv.mkDerivation {
mkDerivation = projectDscPath: attrs: buildStdenv.mkDerivation ({ mkDerivation = projectDscPath: attrs: buildStdenv.mkDerivation ({
inherit (edk2) src; inherit (edk2) src;
buildInputs = [ bc pythonEnv ] ++ attrs.buildInputs or []; depsBuildBuild = [ buildPackages.stdenv.cc ] ++ attrs.depsBuildBuild or [];
nativeBuildInputs = [ bc pythonEnv ] ++ attrs.nativeBuildInputs or [];
strictDeps = true;
${"GCC5_${targetArch}_PREFIX"}=stdenv.cc.targetPrefix;
prePatch = '' prePatch = ''
rm -rf BaseTools rm -rf BaseTools
@ -97,7 +119,7 @@ edk2 = buildStdenv.mkDerivation {
mv -v Build/*/* $out mv -v Build/*/* $out
runHook postInstall runHook postInstall
''; '';
} // removeAttrs attrs [ "buildInputs" ]); } // removeAttrs attrs [ "nativeBuildInputs" "depsBuildBuild" ]);
}; };
}; };