pkgs/development/libraries/libvirt/default.nix at release-19.03

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / libraries / libvirt / default.nix
at release-19.03 176 lines 6.4 kB view raw
wrap content
  1{ stdenv, fetchurl, fetchgit
  2, pkgconfig, makeWrapper, libtool, autoconf, automake, fetchpatch
  3, coreutils, libxml2, gnutls, perl, python2, attr
  4, iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext
  5, libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor
  6, dnsmasq, libnl, libpcap, libxslt, xhtml1, numad, numactl, perlPackages
  7, curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode
  8, enableXen ? false, xen ? null
  9, enableIscsi ? false, openiscsi
 10, enableCeph ? false, ceph
 11}:
 12
 13with stdenv.lib;
 14
 15# if you update, also bump <nixpkgs/pkgs/development/python-modules/libvirt/default.nix> and SysVirt in <nixpkgs/pkgs/top-level/perl-packages.nix>
 16let
 17  buildFromTarball = stdenv.isDarwin;
 18in stdenv.mkDerivation rec {
 19  name = "libvirt-${version}";
 20  version = "4.10.0";
 21
 22  src =
 23    if buildFromTarball then
 24      fetchurl {
 25        url = "http://libvirt.org/sources/${name}.tar.xz";
 26        sha256 = "0v17zzyyb25nn9l18v5244myg7590dp6ppwgi8xysipifc0q77bz";
 27      }
 28    else
 29      fetchgit {
 30        url = git://libvirt.org/libvirt.git;
 31        rev = "v${version}";
 32        sha256 = "0dlpv3v6jpbmgvhpn29ryp0w2a1xny8ciqid8hnlf3klahz9kwz9";
 33        fetchSubmodules = true;
 34      };
 35
 36  patches = [
 37    (fetchpatch {
 38      name = "4.10.0-CVE-2019-10132-1.patch";
 39      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=8d12118171a250150f2cb16448c49271a1dcb077";
 40      sha256 = "1s8xm0zn63wciaxzrcf5ld9d3r2hn9k31p41addhyrxivgvkvk4d";
 41    })
 42    (fetchpatch {
 43      name = "4.10.0-CVE-2019-10132-2.patch";
 44      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=a712f01682078f48d3c258bff8cd523ab9100b0d";
 45      sha256 = "12wzv190l7gp3fpa1qirgy5l6w674pfpw06jb15gifrwhy7x9j06";
 46    })
 47    (fetchpatch {
 48      name = "4.10.0-CVE-2019-10132-3.patch";
 49      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=f8d8a7a182c0854fa50d3976077b3a3d8de8980f";
 50      sha256 = "08306952a32khl8mkw1xarh084dqp9vxhl6hwm2cmf30zkp8jlff";
 51    })
 52  ] ++ optionals (!stdenv.isDarwin) [  # this patch appears to be broken on darwin
 53    (fetchpatch {
 54      name = "4.10.0-CVE-2019-10161.patch";
 55      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=3572564893d1710beb1862797fe32cc2e9cb1e38";
 56      sha256 = "118541d8w1jg92kqzrjhf631f753wncx6xm64jwzhnc096l7swsj";
 57    })
 58  ] ++ [
 59    (fetchpatch {
 60      name = "4.10.0-CVE-2019-10166.patch";
 61      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=3f744efec31959f7643849f6a3708198bcdfc6ae";
 62      sha256 = "0alkw14iwcdy32r6g2lm660ss6fax9c1d9l53s5788vkjfw3jnz0";
 63    })
 64    (fetchpatch {
 65      name = "4.10.0-CVE-2019-10167.patch";
 66      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=d238f132e6e0432a42d3cdff4571730dae3a85eb";
 67      sha256 = "0pnvzdhdiqd4hvc5ip59iszahkfrwvf7f99p2v2lb438z9c5bb32";
 68    })
 69    (fetchpatch {
 70      name = "4.10.0-CVE-2019-10168.patch";
 71      url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=09c2635d0deec198de0f250abc2958f2d1c09eaa";
 72      sha256 = "0s4hc3hsjncx1852ndjas1nng9v23pxf4mi1jxcajsqvhw89la0g";
 73    })
 74  ];
 75
 76  nativeBuildInputs = [ makeWrapper pkgconfig ];
 77  buildInputs = [
 78    libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl
 79    libxslt xhtml1 perlPackages.XMLXPath curl libpcap
 80  ] ++ optionals (!buildFromTarball) [
 81    libtool autoconf automake
 82  ] ++ optionals stdenv.isLinux [
 83    libpciaccess lvm2 utillinux systemd libnl numad zfs
 84    libapparmor libcap_ng numactl attr parted
 85  ] ++ optionals (enableXen && stdenv.isLinux && stdenv.isx86_64) [
 86    xen
 87  ] ++ optionals enableIscsi [
 88    openiscsi
 89  ] ++ optionals enableCeph [
 90    ceph
 91  ] ++ optionals stdenv.isDarwin [
 92    libiconv gmp
 93  ];
 94
 95  preConfigure = ''
 96    ${ optionalString (!buildFromTarball) "./bootstrap --no-git --gnulib-srcdir=$(pwd)/.gnulib" }
 97
 98    PATH=${stdenv.lib.makeBinPath ([ dnsmasq ] ++ optionals stdenv.isLinux [ iproute iptables ebtables lvm2 systemd numad ] ++ optionals enableIscsi [ openiscsi ])}:$PATH
 99
100    # the path to qemu-kvm will be stored in VM's .xml and .save files
101    # do not use "''${qemu_kvm}/bin/qemu-kvm" to avoid bound VMs to particular qemu derivations
102    substituteInPlace src/lxc/lxc_conf.c \
103      --replace 'lxc_path,' '"/run/libvirt/nix-emulators/libvirt_lxc",'
104
105    patchShebangs . # fixes /usr/bin/python references
106  '';
107
108  configureFlags = [
109    "--localstatedir=/var"
110    "--sysconfdir=/var/lib"
111    "--with-libpcap"
112    "--with-qemu"
113    "--with-vmware"
114    "--with-vbox"
115    "--with-test"
116    "--with-esx"
117    "--with-remote"
118  ] ++ optionals stdenv.isLinux [
119    "--with-attr"
120    "--with-apparmor"
121    "--with-secdriver-apparmor"
122    "--with-numad"
123    "--with-macvtap"
124    "--with-virtualport"
125    "--with-init-script=systemd+redhat"
126    "--with-storage-disk"
127  ] ++ optionals (stdenv.isLinux && zfs != null) [
128    "--with-storage-zfs"
129  ] ++ optionals enableIscsi [
130    "--with-storage-iscsi"
131  ] ++ optionals enableCeph [
132    "--with-storage-rbd"
133  ] ++ optionals stdenv.isDarwin [
134    "--with-init-script=none"
135  ];
136
137  installFlags = [
138    "localstatedir=$(TMPDIR)/var"
139    "sysconfdir=$(out)/var/lib"
140  ];
141
142
143  postInstall = let
144    binPath = [ iptables iproute pmutils numad numactl bridge-utils dmidecode dnsmasq ebtables ] ++ optionals enableIscsi [ openiscsi ];
145  in ''
146    substituteInPlace $out/libexec/libvirt-guests.sh \
147      --replace 'ON_SHUTDOWN=suspend' 'ON_SHUTDOWN=''${ON_SHUTDOWN:-suspend}' \
148      --replace "$out/bin"            '${gettext}/bin' \
149      --replace 'lock/subsys'         'lock' \
150      --replace 'gettext.sh'          'gettext.sh
151  # Added in nixpkgs:
152  gettext() { "${gettext}/bin/gettext" "$@"; }
153  '
154  '' + optionalString stdenv.isLinux ''
155    substituteInPlace $out/lib/systemd/system/libvirtd.service --replace /bin/kill ${coreutils}/bin/kill
156    rm $out/lib/systemd/system/{virtlockd,virtlogd}.*
157    wrapProgram $out/sbin/libvirtd \
158      --prefix PATH : /run/libvirt/nix-emulators:${makeBinPath binPath}
159  '';
160
161  enableParallelBuilding = true;
162
163  NIX_CFLAGS_COMPILE = "-fno-stack-protector";
164
165  meta = {
166    homepage = http://libvirt.org/;
167    repositories.git = git://libvirt.org/libvirt.git;
168    description = ''
169      A toolkit to interact with the virtualization capabilities of recent
170      versions of Linux (and other OSes)
171    '';
172    license = licenses.lgpl2Plus;
173    platforms = platforms.unix;
174    maintainers = with maintainers; [ fpletz ];
175  };
176}