pkgs/applications/virtualization/qemu/default.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / applications / virtualization / qemu / default.nix
at devShellTools-shell 458 lines 15 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchurl,
  5  fetchpatch,
  6  python3Packages,
  7  zlib,
  8  pkg-config,
  9  glib,
 10  buildPackages,
 11  pixman,
 12  vde2,
 13  alsa-lib,
 14  flex,
 15  bison,
 16  lzo,
 17  snappy,
 18  libaio,
 19  libtasn1,
 20  gnutls,
 21  curl,
 22  dtc,
 23  ninja,
 24  meson,
 25  perl,
 26  sigtool,
 27  makeWrapper,
 28  removeReferencesTo,
 29  attr,
 30  libcap,
 31  libcap_ng,
 32  socat,
 33  libslirp,
 34  libcbor,
 35  apple-sdk_13,
 36  darwinMinVersionHook,
 37  guestAgentSupport ?
 38    (with stdenv.hostPlatform; isLinux || isNetBSD || isOpenBSD || isSunOS || isWindows) && !minimal,
 39  numaSupport ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAarch32 && !minimal,
 40  numactl,
 41  seccompSupport ? stdenv.hostPlatform.isLinux && !minimal,
 42  libseccomp,
 43  alsaSupport ? lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner && !minimal,
 44  pulseSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
 45  libpulseaudio,
 46  pipewireSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
 47  pipewire,
 48  sdlSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
 49  SDL2,
 50  SDL2_image,
 51  jackSupport ? !stdenv.hostPlatform.isDarwin && !nixosTestRunner && !minimal,
 52  libjack2,
 53  gtkSupport ? !stdenv.hostPlatform.isDarwin && !xenSupport && !nixosTestRunner && !minimal,
 54  gtk3,
 55  gettext,
 56  vte,
 57  wrapGAppsHook3,
 58  vncSupport ? !nixosTestRunner && !minimal,
 59  libjpeg,
 60  libpng,
 61  smartcardSupport ? !nixosTestRunner && !minimal,
 62  libcacard,
 63  spiceSupport ? true && !nixosTestRunner && !minimal,
 64  spice,
 65  spice-protocol,
 66  ncursesSupport ? !nixosTestRunner && !minimal,
 67  ncurses,
 68  usbredirSupport ? spiceSupport,
 69  usbredir,
 70  xenSupport ? false,
 71  xen,
 72  cephSupport ? false,
 73  ceph,
 74  glusterfsSupport ? false,
 75  glusterfs,
 76  libuuid,
 77  openGLSupport ? sdlSupport,
 78  libgbm,
 79  libepoxy,
 80  libdrm,
 81  rutabagaSupport ?
 82    openGLSupport && !minimal && lib.meta.availableOn stdenv.hostPlatform rutabaga_gfx,
 83  rutabaga_gfx,
 84  virglSupport ? openGLSupport,
 85  virglrenderer,
 86  libiscsiSupport ? !minimal,
 87  libiscsi,
 88  smbdSupport ? false,
 89  samba,
 90  tpmSupport ? !minimal,
 91  uringSupport ? stdenv.hostPlatform.isLinux && !userOnly,
 92  liburing,
 93  canokeySupport ? !minimal,
 94  canokey-qemu,
 95  capstoneSupport ? !minimal,
 96  capstone,
 97  valgrindSupport ? false,
 98  valgrind-light,
 99  pluginsSupport ? !stdenv.hostPlatform.isStatic,
100  enableDocs ? !minimal || toolsOnly,
101  enableTools ? !minimal || toolsOnly,
102  enableBlobs ? !minimal || toolsOnly,
103  hostCpuOnly ? false,
104  hostCpuTargets ? (
105    if toolsOnly then
106      [ ]
107    else if xenSupport then
108      [ "i386-softmmu" ]
109    else if hostCpuOnly then
110      (
111        lib.optional stdenv.hostPlatform.isx86_64 "i386-softmmu"
112        ++ [ "${stdenv.hostPlatform.qemuArch}-softmmu" ]
113      )
114    else
115      null
116  ),
117  nixosTestRunner ? false,
118  toolsOnly ? false,
119  userOnly ? false,
120  minimal ? toolsOnly || userOnly,
121  gitUpdater,
122  qemu-utils, # for tests attribute
123}:
124
125assert lib.assertMsg (
126  xenSupport -> hostCpuTargets == [ "i386-softmmu" ]
127) "Xen should not use any other QEMU architecture other than i386.";
128
129let
130  hexagonSupport = hostCpuTargets == null || lib.elem "hexagon" hostCpuTargets;
131
132  # needed in buildInputs and depsBuildBuild
133  # check log for warnings eg: `warning: 'hv_vm_config_get_max_ipa_size' is only available on macOS 13.0`
134  # to indicate if min version needs to get bumped.
135  darwinSDK = [
136    apple-sdk_13
137    (darwinMinVersionHook "13")
138  ];
139in
140
141stdenv.mkDerivation (finalAttrs: {
142  pname =
143    "qemu"
144    + lib.optionalString xenSupport "-xen"
145    + lib.optionalString hostCpuOnly "-host-cpu-only"
146    + lib.optionalString nixosTestRunner "-for-vm-tests"
147    + lib.optionalString toolsOnly "-utils"
148    + lib.optionalString userOnly "-user";
149  version = "10.0.2";
150
151  src = fetchurl {
152    url = "https://download.qemu.org/qemu-${finalAttrs.version}.tar.xz";
153    hash = "sha256-73hvI5jLUYRgD2mu9NXWke/URXajz/QSbTjUxv7Id1k=";
154  };
155
156  depsBuildBuild = [
157    buildPackages.stdenv.cc
158  ]
159  ++ lib.optionals stdenv.buildPlatform.isDarwin darwinSDK
160  ++ lib.optionals hexagonSupport [ pkg-config ];
161
162  nativeBuildInputs = [
163    makeWrapper
164    removeReferencesTo
165    pkg-config
166    flex
167    bison
168    meson
169    ninja
170    perl
171
172    # Don't change this to python3 and python3.pkgs.*, breaks cross-compilation
173    python3Packages.python
174  ]
175  ++ lib.optionals gtkSupport [ wrapGAppsHook3 ]
176  ++ lib.optionals enableDocs [
177    python3Packages.sphinx
178    python3Packages.sphinx-rtd-theme
179  ]
180  ++ lib.optionals hexagonSupport [ glib ]
181  ++ lib.optionals stdenv.hostPlatform.isDarwin [
182    sigtool
183  ]
184  ++ lib.optionals (!userOnly) [ dtc ];
185
186  # gnutls is required for crypto support (luks) in qemu-img
187  buildInputs = [
188    glib
189    gnutls
190    zlib
191  ]
192  ++ lib.optionals (!minimal) [
193    dtc
194    pixman
195    vde2
196    lzo
197    snappy
198    libtasn1
199    libslirp
200    libcbor
201  ]
202  ++ lib.optionals (!userOnly) [ curl ]
203  ++ lib.optionals ncursesSupport [ ncurses ]
204  ++ lib.optionals stdenv.hostPlatform.isDarwin darwinSDK
205  ++ lib.optionals seccompSupport [ libseccomp ]
206  ++ lib.optionals numaSupport [ numactl ]
207  ++ lib.optionals alsaSupport [ alsa-lib ]
208  ++ lib.optionals pulseSupport [ libpulseaudio ]
209  ++ lib.optionals pipewireSupport [ pipewire ]
210  ++ lib.optionals sdlSupport [
211    SDL2
212    SDL2_image
213  ]
214  ++ lib.optionals jackSupport [ libjack2 ]
215  ++ lib.optionals gtkSupport [
216    gtk3
217    gettext
218    vte
219  ]
220  ++ lib.optionals vncSupport [
221    libjpeg
222    libpng
223  ]
224  ++ lib.optionals smartcardSupport [ libcacard ]
225  ++ lib.optionals spiceSupport [
226    spice-protocol
227    spice
228  ]
229  ++ lib.optionals usbredirSupport [ usbredir ]
230  ++ lib.optionals (stdenv.hostPlatform.isLinux && !userOnly) [
231    libcap_ng
232    libcap
233    attr
234    libaio
235  ]
236  ++ lib.optionals xenSupport [ xen ]
237  ++ lib.optionals cephSupport [ ceph ]
238  ++ lib.optionals glusterfsSupport [
239    glusterfs
240    libuuid
241  ]
242  ++ lib.optionals openGLSupport [
243    libgbm
244    libepoxy
245    libdrm
246  ]
247  ++ lib.optionals rutabagaSupport [ rutabaga_gfx ]
248  ++ lib.optionals virglSupport [ virglrenderer ]
249  ++ lib.optionals libiscsiSupport [ libiscsi ]
250  ++ lib.optionals smbdSupport [ samba ]
251  ++ lib.optionals uringSupport [ liburing ]
252  ++ lib.optionals canokeySupport [ canokey-qemu ]
253  ++ lib.optionals capstoneSupport [ capstone ]
254  ++ lib.optionals valgrindSupport [ valgrind-light ];
255
256  dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build
257  dontAddStaticConfigureFlags = true;
258
259  outputs = [ "out" ] ++ lib.optional enableDocs "doc" ++ lib.optional guestAgentSupport "ga";
260  # On aarch64-linux we would shoot over the Hydra's 2G output limit.
261  separateDebugInfo = !(stdenv.hostPlatform.isAarch64 && stdenv.hostPlatform.isLinux);
262
263  patches = [
264    ./fix-qemu-ga.patch
265
266    # On macOS, QEMU uses `Rez(1)` and `SetFile(1)` to attach its icon
267    # to the binary. Unfortunately, those commands are proprietary,
268    # deprecated since Xcode 6, and operate on resource forks, which
269    # these days are stored in extended attributes, which aren’t
270    # supported in the Nix store. So we patch out the calls.
271    ./skip-macos-icon.patch
272
273    # Workaround for upstream issue with nested virtualisation: https://gitlab.com/qemu-project/qemu/-/issues/1008
274    (fetchpatch {
275      url = "https://gitlab.com/qemu-project/qemu/-/commit/3e4546d5bd38a1e98d4bd2de48631abf0398a3a2.diff";
276      sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E=";
277      revert = true;
278    })
279  ]
280  ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;
281
282  postPatch = ''
283    # Otherwise tries to ensure /var/run exists.
284    sed -i "/install_emptydir(get_option('localstatedir') \/ 'run')/d" \
285        qga/meson.build
286  '';
287
288  preConfigure = ''
289    unset CPP # intereferes with dependency calculation
290    # this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang
291    chmod +x ./scripts/shaderinclude.py
292    patchShebangs .
293    # avoid conflicts with libc++ include for <version>
294    mv VERSION QEMU_VERSION
295    substituteInPlace configure \
296      --replace '$source_path/VERSION' '$source_path/QEMU_VERSION'
297    substituteInPlace meson.build \
298      --replace "'VERSION'" "'QEMU_VERSION'"
299    substituteInPlace python/qemu/machine/machine.py \
300      --replace-fail /var/tmp "$TMPDIR"
301  '';
302
303  configureFlags = [
304    "--disable-strip" # We'll strip ourselves after separating debug info.
305    "--enable-gnutls" # auto detection only works when building with --enable-system
306    (lib.enableFeature enableDocs "docs")
307    (lib.enableFeature enableTools "tools")
308    "--localstatedir=/var"
309    "--sysconfdir=/etc"
310    "--cross-prefix=${stdenv.cc.targetPrefix}"
311    (lib.enableFeature guestAgentSupport "guest-agent")
312  ]
313  ++ lib.optional numaSupport "--enable-numa"
314  ++ lib.optional seccompSupport "--enable-seccomp"
315  ++ lib.optional smartcardSupport "--enable-smartcard"
316  ++ lib.optional spiceSupport "--enable-spice"
317  ++ lib.optional usbredirSupport "--enable-usb-redir"
318  ++ lib.optional (hostCpuTargets != null) "--target-list=${lib.concatStringsSep "," hostCpuTargets}"
319  ++ lib.optionals stdenv.hostPlatform.isDarwin [
320    "--enable-cocoa"
321    "--enable-hvf"
322  ]
323  ++ lib.optional (stdenv.hostPlatform.isLinux && !userOnly) "--enable-linux-aio"
324  ++ lib.optional gtkSupport "--enable-gtk"
325  ++ lib.optional xenSupport "--enable-xen"
326  ++ lib.optional cephSupport "--enable-rbd"
327  ++ lib.optional glusterfsSupport "--enable-glusterfs"
328  ++ lib.optional openGLSupport "--enable-opengl"
329  ++ lib.optional virglSupport "--enable-virglrenderer"
330  ++ lib.optional tpmSupport "--enable-tpm"
331  ++ lib.optional libiscsiSupport "--enable-libiscsi"
332  ++ lib.optional smbdSupport "--smbd=${samba}/bin/smbd"
333  ++ lib.optional uringSupport "--enable-linux-io-uring"
334  ++ lib.optional canokeySupport "--enable-canokey"
335  ++ lib.optional capstoneSupport "--enable-capstone"
336  ++ lib.optional (!pluginsSupport) "--disable-plugins"
337  ++ lib.optional (!enableBlobs) "--disable-install-blobs"
338  ++ lib.optional userOnly "--disable-system"
339  ++ lib.optional stdenv.hostPlatform.isStatic "--static";
340
341  dontWrapGApps = true;
342
343  # QEMU attaches entitlements with codesign and strip removes those,
344  # voiding the entitlements and making it non-operational.
345  # The alternative is to re-sign with entitlements after stripping:
346  # * https://github.com/qemu/qemu/blob/v6.1.0/scripts/entitlement.sh#L25
347  dontStrip = stdenv.hostPlatform.isDarwin;
348
349  postFixup = ''
350    # the .desktop is both invalid and pointless
351    rm -f $out/share/applications/qemu.desktop
352  ''
353  + lib.optionalString guestAgentSupport ''
354    # move qemu-ga (guest agent) to separate output
355    mkdir -p $ga/bin
356    mv $out/bin/qemu-ga $ga/bin/
357    ln -s $ga/bin/qemu-ga $out/bin
358    remove-references-to -t $out $ga/bin/qemu-ga
359  ''
360  + lib.optionalString gtkSupport ''
361    # wrap GTK Binaries
362    for f in $out/bin/qemu-system-*; do
363      wrapGApp $f
364    done
365  ''
366  + lib.optionalString stdenv.hostPlatform.isStatic ''
367    # HACK: Otherwise the result will have the entire buildInputs closure
368    # injected by the pkgsStatic stdenv
369    # <https://github.com/NixOS/nixpkgs/issues/83667>
370    rm -f $out/nix-support/propagated-build-inputs
371  '';
372  preBuild = "cd build";
373
374  # tests can still timeout on slower systems
375  doCheck = false;
376  nativeCheckInputs = [ socat ];
377  preCheck = ''
378    # time limits are a little meagre for a build machine that's
379    # potentially under load.
380    substituteInPlace ../tests/unit/meson.build \
381      --replace 'timeout: slow_tests' 'timeout: 50 * slow_tests'
382    substituteInPlace ../tests/qtest/meson.build \
383      --replace 'timeout: slow_qtests' 'timeout: 50 * slow_qtests'
384    substituteInPlace ../tests/fp/meson.build \
385      --replace 'timeout: 90)' 'timeout: 300)'
386
387    # point tests towards correct binaries
388    substituteInPlace ../tests/unit/test-qga.c \
389      --replace '/bin/bash' "$(type -P bash)" \
390      --replace '/bin/echo' "$(type -P echo)"
391    substituteInPlace ../tests/unit/test-io-channel-command.c \
392      --replace '/bin/socat' "$(type -P socat)"
393
394    # combined with a long package name, some temp socket paths
395    # can end up exceeding max socket name len
396    substituteInPlace ../tests/qtest/bios-tables-test.c \
397      --replace 'qemu-test_acpi_%s_tcg_%s' '%s_%s'
398
399    # get-fsinfo attempts to access block devices, disallowed by sandbox
400    sed -i -e '/\/qga\/get-fsinfo/d' -e '/\/qga\/blacklist/d' \
401      ../tests/unit/test-qga.c
402
403    # xattrs are not allowed in the sandbox
404    substituteInPlace ../tests/qtest/virtio-9p-test.c \
405      --replace-fail mapped-xattr mapped-file
406  ''
407  + lib.optionalString stdenv.hostPlatform.isDarwin ''
408    # skip test that stalls on darwin, perhaps due to subtle differences
409    # in fifo behaviour
410    substituteInPlace ../tests/unit/meson.build \
411      --replace "'test-io-channel-command'" "#'test-io-channel-command'"
412  '';
413
414  # Add a ‘qemu-kvm’ wrapper for compatibility/convenience.
415  postInstall = lib.optionalString (!minimal && !xenSupport) ''
416    ln -s $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} $out/bin/qemu-kvm
417  '';
418
419  passthru = {
420    qemu-system-i386 = "bin/qemu-system-i386";
421    tests = lib.optionalAttrs (!toolsOnly) {
422      qemu-tests = finalAttrs.finalPackage.overrideAttrs (_: {
423        doCheck = true;
424      });
425      qemu-utils-builds = qemu-utils;
426    };
427    updateScript = gitUpdater {
428      # No nicer place to find latest release.
429      url = "https://gitlab.com/qemu-project/qemu.git";
430      rev-prefix = "v";
431      ignoredVersions = "(alpha|beta|rc).*";
432    };
433  };
434
435  # Builds in ~3h with 2 cores, and ~20m with a big-parallel builder.
436  requiredSystemFeatures = [ "big-parallel" ];
437
438  meta =
439    with lib;
440    {
441      homepage = "https://www.qemu.org/";
442      description = "Generic and open source machine emulator and virtualizer";
443      license = licenses.gpl2Plus;
444      maintainers = with maintainers; [ qyliss ];
445      teams = lib.optionals xenSupport xen.meta.teams;
446      platforms = platforms.unix;
447    }
448    # toolsOnly: Does not have qemu-kvm and there's no main support tool
449    # userOnly: There's one qemu-<arch> for every architecture
450    // lib.optionalAttrs (!toolsOnly && !userOnly) {
451      mainProgram = "qemu-kvm";
452    }
453    # userOnly: https://qemu.readthedocs.io/en/v9.0.2/user/main.html
454    // lib.optionalAttrs userOnly {
455      platforms = with platforms; (linux ++ freebsd ++ openbsd ++ netbsd);
456      description = "QEMU User space emulator - launch executables compiled for one CPU on another CPU";
457    };
458})