commit 76406bb31ef9dffafea3d104e40b49df42eb2717 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

ovftool: init at 4.6.2 for x86_64-darwin

Morgan Jones 2 years ago 76406bb3 2cd70794

+221 -103

1 changed file

expand all

unified split

pkgs

tools

virtualization

ovftool

default.nix

+221 -103

pkgs/tools/virtualization/ovftool/default.nix

··· 1 - { lib, stdenv, fetchurl, system ? builtins.currentSystem, ovftoolBundles ? {} 2 - , autoPatchelfHook, makeWrapper, unzip 3 - , glibc, c-ares, libxcrypt-legacy, expat, icu60, xercesc, zlib 1 + { autoPatchelfHook 2 + , c-ares 3 + , darwin 4 + , expat 5 + , fetchurl 6 + , glibc 7 + , icu60 8 + , lib 9 + , libiconv 10 + , libredirect 11 + , libxcrypt-legacy 12 + , libxml2 13 + , makeWrapper 14 + , stdenv 15 + , unzip 16 + , xercesc 17 + , zlib 4 18 }: 5 19 6 20 let 7 - version = "4.6.2-22220919"; 8 - version_i686 = "4.6.0-21452615"; 9 21 10 - ovftoolZipUnpackPhase = '' 11 - runHook preUnpack 12 - unzip ${ovftoolSource} 13 - extracted=ovftool/ 14 - if [ -d "$extracted" ]; then 15 - echo "ovftool extracted successfully" >&2 16 - else 17 - echo "Could not find $extracted - are you sure this is ovftool?" >&2 18 - exit 1 19 - fi 20 - runHook postUnpack 21 - ''; 22 - 23 - ovftoolSystems = let 24 - baseUrl = "https://vdc-download.vmware.com/vmwb-repository/dcr-public"; 25 - in { 26 - "i686-linux" = rec { 27 - name = "VMware-ovftool-${version_i686}-lin.i386.zip"; 28 - url = "${baseUrl}/7254abb2-434d-4f5d-83e2-9311ced9752e/57e666a2-874c-48fe-b1d2-4b6381f7fe97/${name}"; 29 - hash = "sha256-qEOr/3SW643G5ZQQNJTelZbUxB8HmxPd5uD+Gqsoxz0="; 30 - unpackPhase = ovftoolZipUnpackPhase; 31 - }; 32 - "x86_64-linux" = rec { 33 - name = "VMware-ovftool-${version}-lin.x86_64.zip"; 34 - url = "${baseUrl}/8a93ce23-4f88-4ae8-b067-ae174291e98f/c609234d-59f2-4758-a113-0ec5bbe4b120/${name}"; 35 - hash = "sha256-3B1cUDldoTqLsbSARj2abM65nv+Ot0z/Fa35/klJXEY="; 36 - unpackPhase = ovftoolZipUnpackPhase; 22 + ovftoolSystems = 23 + let 24 + baseUrl = "https://vdc-download.vmware.com/vmwb-repository/dcr-public"; 25 + in 26 + { 27 + "i686-linux" = rec { 28 + name = "VMware-ovftool-${version}-lin.i386.zip"; 29 + # As of 2024-02-20 the "Zip of OVF Tool for 32-bit Linux" download link 30 + # on the v4.6.2 page links to v4.6.0. 31 + version = "4.6.0-21452615"; 32 + url = "${baseUrl}/7254abb2-434d-4f5d-83e2-9311ced9752e/57e666a2-874c-48fe-b1d2-4b6381f7fe97/${name}"; 33 + hash = "sha256-qEOr/3SW643G5ZQQNJTelZbUxB8HmxPd5uD+Gqsoxz0="; 34 + }; 35 + "x86_64-linux" = rec { 36 + name = "VMware-ovftool-${version}-lin.x86_64.zip"; 37 + version = "4.6.2-22220919"; 38 + url = "${baseUrl}/8a93ce23-4f88-4ae8-b067-ae174291e98f/c609234d-59f2-4758-a113-0ec5bbe4b120/${name}"; 39 + hash = "sha256-3B1cUDldoTqLsbSARj2abM65nv+Ot0z/Fa35/klJXEY="; 40 + }; 41 + "x86_64-darwin" = rec { 42 + name = "VMware-ovftool-${version}-mac.x64.zip"; 43 + version = "4.6.2-22220919"; 44 + url = "${baseUrl}/91091b23-280a-487a-a048-0c2594303c92/dc666e23-104f-4b9b-be11-6d88dcf3ab98/${name}"; 45 + hash = "sha256-AZufZ0wxt5DYjnpahDfy36W8i7kjIfEkW6MoELSx11k="; 46 + }; 37 47 }; 38 - }; 39 48 40 - ovftoolSystem = if builtins.hasAttr system ovftoolSystems then 41 - ovftoolSystems.${system} 42 - else throw "System '${system}' is unsupported by ovftool"; 49 + ovftoolSystem = ovftoolSystems.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); 43 50 44 - ovftoolSource = if builtins.hasAttr system ovftoolBundles then 45 - ovftoolBundles.${system} 46 - else 47 - fetchurl { 48 - inherit (ovftoolSystem) name url hash; 49 - }; 50 51 in 51 - stdenv.mkDerivation rec { 52 + stdenv.mkDerivation { 52 53 pname = "ovftool"; 53 - inherit version; 54 + inherit (ovftoolSystem) version; 54 55 55 - src = ovftoolSource; 56 + src = fetchurl { 57 + inherit (ovftoolSystem) name url hash; 58 + }; 56 59 57 60 buildInputs = [ 58 - glibc 59 - libxcrypt-legacy 60 61 c-ares 61 62 expat 62 63 icu60 64 + libiconv 65 + libxcrypt-legacy 63 66 xercesc 64 67 zlib 68 + ] ++ lib.optionals stdenv.isLinux [ 69 + glibc 70 + ] ++ lib.optionals stdenv.isDarwin [ 71 + darwin.Libsystem 72 + libxml2 65 73 ]; 66 74 67 - nativeBuildInputs = [ autoPatchelfHook makeWrapper unzip ]; 75 + nativeBuildInputs = [ unzip makeWrapper ] 76 + ++ lib.optionals stdenv.isLinux [ autoPatchelfHook ]; 68 77 69 - preferLocalBuild = true; 78 + postUnpack = '' 79 + # The linux package wraps ovftool.bin with ovftool. Wrapping 80 + # below in installPhase. 81 + # Rename to ovftool on install for all systems to ovftool 82 + if [[ -f ovftool.bin ]]; then 83 + mv -v ovftool.bin ovftool 84 + fi 85 + ''; 70 86 71 - sourceRoot = "."; 87 + installPhase = '' 88 + runHook preInstall 72 89 73 - unpackPhase = ovftoolSystem.unpackPhase; 90 + # Based on https://aur.archlinux.org/packages/vmware-ovftool/ 91 + # with the addition of a libexec directory and a Nix-style binary wrapper. 92 + 93 + # Almost all libs in the package appear to be VMware proprietary except for 94 + # libgoogleurl and libcurl. The rest of the libraries that the installer 95 + # extracts are omitted here, and provided in buildInputs. Since libcurl 96 + # depends on VMware's OpenSSL, both libs are still used. 97 + # FIXME: Replace libgoogleurl? Possibly from Chromium? 98 + # FIXME: Tell VMware to use a modern version of OpenSSL. As of ovftool 99 + # v4.6.2 ovftool uses openssl-1.0.2zh which in seems to be the extended 100 + # support LTS release: https://www.openssl.org/support/contracts.html 74 101 75 - # Expects a directory named 'ovftool' containing the ovftool install. 76 - # Based on https://aur.archlinux.org/packages/vmware-ovftool/ 77 - # with the addition of a libexec directory and a Nix-style binary wrapper. 78 - installPhase = '' 79 - runHook preInstall 80 - if [ -d ovftool ]; then 81 - # Ensure we're in the staging directory 82 - cd ovftool 83 - fi 84 - # libraries 85 - install -m 755 -d "$out/lib/${pname}" 86 - # These all appear to be VMWare proprietary except for libgoogleurl and libcurl. 87 - # The rest of the libraries that the installer extracts are omitted here, 88 - # and provided in buildInputs. Since libcurl depends on VMWare's OpenSSL, 89 - # we have to use both here too. 90 - # 91 - # FIXME: can we replace libgoogleurl? Possibly from Chromium? 92 - # FIXME: tell VMware to use a modern version of OpenSSL. 93 - # 94 - install -m 644 -t "$out/lib/${pname}" \ 102 + # Install all libs that are not patched in preFixup. 103 + # Darwin dylibs are under `lib` in the zip. 104 + install -m 755 -d "$out/lib" 105 + install -m 644 -t "$out/lib" \ 106 + '' + lib.optionalString stdenv.isLinux '' 107 + libcrypto.so.1.0.2 \ 108 + libcurl.so.4 \ 95 109 libgoogleurl.so.59 \ 110 + libssl.so.1.0.2 \ 96 111 libssoclient.so \ 97 - libvim-types.so libvmacore.so libvmomi.so \ 98 - libcurl.so.4 libcrypto.so.1.0.2 libssl.so.1.0.2 99 - # libexec binaries 100 - install -m 755 -d "$out/libexec/${pname}" 101 - install -m 755 -t "$out/libexec/${pname}" ovftool.bin 102 - install -m 644 -t "$out/libexec/${pname}" icudt44l.dat 103 - # libexec resources 112 + libvim-types.so \ 113 + libvmacore.so \ 114 + libvmomi.so 115 + '' + lib.optionalString stdenv.isDarwin '' 116 + lib/libcrypto.1.0.2.dylib \ 117 + lib/libcurl.4.dylib \ 118 + lib/libgoogleurl.59.0.30.45.2.dylib \ 119 + lib/libssl.1.0.2.dylib \ 120 + lib/libssoclient.dylib \ 121 + lib/libvim-types.dylib \ 122 + lib/libvmacore.dylib \ 123 + lib/libvmomi.dylib 124 + '' + '' 125 + # Install libexec binaries 126 + # ovftool expects to be run relative to certain directories, namely `env`. 127 + # Place the binary and those dirs in libexec. 128 + install -m 755 -d "$out/libexec" 129 + install -m 755 -t "$out/libexec" ovftool 130 + [ -f ovftool.bin ] && install -m 755 -t "$out/libexec" ovftool.bin 131 + install -m 644 -t "$out/libexec" icudt44l.dat 132 + 133 + # Install other libexec resources that need to be relative to the `ovftool` 134 + # binary. 104 135 for subdir in "certs" "env" "env/en" "schemas/DMTF" "schemas/vmware"; do 105 - install -m 755 -d "$out/libexec/${pname}/$subdir" 106 - install -m 644 -t "$out/libexec/${pname}/$subdir" "$subdir"/*.* 136 + install -m 755 -d "$out/libexec/$subdir" 137 + install -m 644 -t "$out/libexec/$subdir" "$subdir"/*.* 107 138 done 108 - # EULA/OSS files 109 - install -m 755 -d "$out/share/licenses/${pname}" 110 - install -m 644 -t "$out/share/licenses/${pname}" \ 111 - "vmware.eula" "vmware-eula.rtf" "open_source_licenses.txt" 112 - # documentation files 113 - install -m 755 -d "$out/share/doc/${pname}" 114 - install -m 644 -t "$out/share/doc/${pname}" "README.txt" 115 - # binary wrapper; note that LC_CTYPE is defaulted to en_US.UTF-8 by 116 - # VMWare's wrapper script. We use C.UTF-8 instead. 139 + 140 + # Install EULA/OSS files 141 + install -m 755 -d "$out/share/licenses" 142 + install -m 644 -t "$out/share/licenses" \ 143 + "vmware.eula" \ 144 + "vmware-eula.rtf" \ 145 + "open_source_licenses.txt" 146 + 147 + # Install Docs 148 + install -m 755 -d "$out/share/doc" 149 + install -m 644 -t "$out/share/doc" "README.txt" 150 + 151 + # Install final executable 117 152 install -m 755 -d "$out/bin" 118 - makeWrapper "$out/libexec/${pname}/ovftool.bin" "$out/bin/ovftool" \ 119 - --set-default LC_CTYPE C.UTF-8 \ 153 + makeWrapper "$out/libexec/ovftool" "$out/bin/ovftool" \ 154 + '' + lib.optionalString stdenv.isLinux '' 120 155 --prefix LD_LIBRARY_PATH : "$out/lib" 156 + '' + lib.optionalString stdenv.isDarwin '' 157 + --prefix DYLD_LIBRARY_PATH : "$out/lib" 158 + '' + '' 121 159 runHook postInstall 122 160 ''; 123 161 124 - preFixup = '' 162 + preFixup = lib.optionalString stdenv.isLinux '' 125 163 addAutoPatchelfSearchPath "$out/lib" 164 + '' + lib.optionalString stdenv.isDarwin '' 165 + change_args=() 166 + 167 + # Change relative @loader_path dylibs to absolute paths. 168 + for lib in $out/lib/*.dylib; do 169 + libname=$(basename $lib) 170 + change_args+=(-change "@loader_path/lib/$libname" "$out/lib/$libname") 171 + done 172 + 173 + # Patches for ovftool binary 174 + change_args+=(-change /usr/lib/libSystem.B.dylib ${darwin.Libsystem}/lib/libSystem.B.dylib) 175 + change_args+=(-change /usr/lib/libc++.1.dylib ${stdenv.cc.libcxx}/lib/libc++.1.dylib) 176 + change_args+=(-change /usr/lib/libiconv.2.dylib ${libiconv}/lib/libiconv.2.dylib) 177 + change_args+=(-change /usr/lib/libxml2.2.dylib ${libxml2}/lib/libxml2.2.dylib) 178 + change_args+=(-change /usr/lib/libz.1.dylib ${zlib}/lib/libz.1.dylib) 179 + change_args+=(-change @loader_path/lib/libcares.2.dylib ${c-ares}/lib/libcares.2.dylib) 180 + change_args+=(-change @loader_path/lib/libexpat.dylib ${expat}/lib/libexpat.dylib) 181 + change_args+=(-change @loader_path/lib/libicudata.60.2.dylib ${icu60}/lib/libicudata.60.2.dylib) 182 + change_args+=(-change @loader_path/lib/libicuuc.60.2.dylib ${icu60}/lib/libicuuc.60.2.dylib) 183 + change_args+=(-change @loader_path/lib/libxerces-c-3.2.dylib ${xercesc}/lib/libxerces-c-3.2.dylib) 184 + 185 + # Patch binary 186 + install_name_tool "''${change_args[@]}" "$out/libexec/ovftool" 187 + 188 + # Additional patches for ovftool dylibs 189 + change_args+=(-change /usr/lib/libresolv.9.dylib ${darwin.Libsystem}/lib/libresolv.9.dylib) 190 + change_args+=(-change @loader_path/libcares.2.dylib ${c-ares}/lib/libcares.2.dylib) 191 + change_args+=(-change @loader_path/libexpat.dylib ${expat}/lib/libexpat.dylib) 192 + change_args+=(-change @loader_path/libicudata.60.2.dylib ${icu60}/lib/libicudata.60.2.dylib) 193 + change_args+=(-change @loader_path/libicuuc.60.2.dylib ${icu60}/lib/libicuuc.60.2.dylib) 194 + change_args+=(-change @loader_path/libxerces-c-3.2.dylib ${xercesc}/lib/libxerces-c-3.2.dylib) 195 + 196 + # Add new abolute paths for other libs to all libs 197 + for lib in $out/lib/*.dylib; do 198 + libname=$(basename $lib) 199 + change_args+=(-change "@loader_path/$libname" "$out/lib/$libname") 200 + done 201 + 202 + # Patch all libs 203 + for lib in $out/lib/*.dylib; do 204 + libname=$(basename $lib) 205 + install_name_tool -id "$libname" "$lib" 206 + install_name_tool "''${change_args[@]}" "$lib" 207 + done 208 + ''; 209 + 210 + # These paths are need for install check tests 211 + propagatedSandboxProfile = lib.optionalString stdenv.isDarwin '' 212 + (allow file-read* (subpath "/usr/share/locale")) 213 + (allow file-read* (subpath "/var/db/timezone")) 214 + (allow file-read* (subpath "/System/Library/TextEncodings")) 126 215 ''; 127 216 128 217 doInstallCheck = true; 129 218 130 - installCheckPhase = '' 131 - # This is a NixOS 22.11 image (doesn't actually matter) with a 1 MiB root disk that's all zero. 132 - # Make sure that it converts properly. 133 - mkdir -p ovftool-check 134 - cd ovftool-check 219 + postInstallCheck = lib.optionalString stdenv.isDarwin '' 220 + export HOME=$TMPDIR 221 + # Construct a dummy /etc/passwd file - ovftool attempts to determine the 222 + # user's "real" home using this 223 + DUMMY_PASSWD="$(realpath $HOME/dummy-passwd)" 224 + cat > $DUMMY_PASSWD <<EOF 225 + $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL 226 + EOF 227 + export DYLD_INSERT_LIBRARIES="${libredirect}/lib/libredirect.dylib" 228 + export NIX_REDIRECTS="/etc/passwd=$DUMMY_PASSWD" 229 + '' + '' 230 + mkdir -p ovftool-check && cd ovftool-check 135 231 136 - $out/bin/ovftool ${./installCheckPhase.ova} nixos.ovf 137 - if [ ! -f nixos.ovf ] || [ ! -f nixos.mf ] || [ ! -f nixos-disk1.vmdk ]; then 138 - exit 1 139 - fi 232 + ovftool_with_args="$out/bin/ovftool --X:logToConsole" 233 + 234 + # `installCheckPhase.ova` is a NixOS 22.11 image (doesn't actually matter) 235 + # with a 1 MiB root disk that's all zero. Make sure that it converts 236 + # properly. 237 + 238 + $ovftool_with_args --schemaValidate ${./installCheckPhase.ova} 239 + $ovftool_with_args --sourceType=OVA --targetType=OVF ${./installCheckPhase.ova} nixos.ovf 240 + 241 + # Test that the output files are there 242 + test -f nixos.ovf 243 + test -f nixos.mf 244 + test -f nixos-disk1.vmdk 245 + 246 + $ovftool_with_args --schemaValidate nixos.ovf 140 247 ''; 141 248 142 249 meta = with lib; { 143 - description = "VMWare tools for working with OVF, OVA, and VMX images"; 250 + description = "VMware tools for working with OVF, OVA, and VMX images"; 251 + homepage = "https://developer.vmware.com/web/tool/ovf-tool/"; 144 252 sourceProvenance = with sourceTypes; [ binaryNativeCode ]; 145 253 license = licenses.unfree; 146 - maintainers = with maintainers; [ numinit wolfangaukang ]; 254 + maintainers = with maintainers; [ numinit wolfangaukang thanegill ]; 147 255 platforms = builtins.attrNames ovftoolSystems; 148 256 mainProgram = "ovftool"; 257 + knownVulnerabilities = [ 258 + "The bundled version of openssl 1.0.2zh in ovftool has open vulnerabilities." 259 + "CVE-2024-0727" 260 + "CVE-2023-5678" 261 + "CVE-2023-3817" 262 + "CVE-2009-3767" 263 + "CVE-2009-3766" 264 + "CVE-2009-3765" 265 + "CVE-2009-1390" 266 + ]; 149 267 }; 150 268 }