Commit graph

261 commits

Author SHA1 Message Date
aszlig
aa65a7057f
vm/windows: Properly escape shell command.
Security-wise it's not a big issue because we're still sandboxed, but I
really don't want to write something like \\\\\\\\192.168.0.2\\\\share
in order to set up network shares.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig
cfa859d792
vm/windows: Don't init /nix/store on install.
We're going to do this during the suspendedVM phase, so we're able to
more easily change the shares without reinstalling the whole VM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig
3e91192f07
vm/windows: Wait for VDE switch to startup.
This could possibly cause flapping whenever qemu is too fast in starting
up. As we are running with the shell's -e flag, the socat check also
ensures that the VDE switch is properly started and causes the whole
build to fail, should it not start up within 20 seconds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig
c731467e2c
vm/windows: Split install into several stages.
These stages are in particular:

 * Install of the bare Windows VM with Cygwin and shut down.
 * Boot up the same VM again without the installation media and dump the
   VMs memory to state.gz.
 * Resume from state.gz and build whatever we want to build.

Every single stage involves a new "controller", which is more like an
abstraction on the Nix side that constructs the madness described in
276b72fb93.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig
5105e7f0bf
vm/windows: Update sha256 of Cygwin's setup.ini.
This is kinda stupid to do every little time the file is automatically
regenerated upstream. But let's see how often that happens and whether
it will become a major annoyance or not, and if yes, we might be forced
to include it in our source tree.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:55 +01:00
aszlig
9b1862ca1f
vm/windows: Move creating SSH key into install/.
This SSH key is specifically only for accessing the installed Cygwin
within the Windows VM, so we only need to expose the private key. Yes,
you heard right, the private key. It's not security-relevant because the
machine is completely read-only, only exposed to the filesystem and
networking is not available.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig
4e21215d52
vm/windows: Move the installer into install/.
At least the largest portion of the installer, because in the end we
don't want the installer to *actually* save the state but only prepare
the base image.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig
276b72fb93
vm: Introduce new Windows VM installer for Cygwin.
After quite a lot of fighting against Windows and its various
limitations, this new is the base architecture for installing and
accessing the Windows VM and thus the Cygwin environment inside it:

                .------------.
          .---> | vde_switch |
          |     `-[#]----[#]-'
          |        |      |
         ,'       .'      `---.___
       ,'    192.168.0.1          `.
       |          |            192.168.0.2
      ,'    _____[#]____           |
    ,'     |            |   ______[#]______
    |      | Windows VM |  |    .--'       |
    |      |____________|  |    |          |
    |             |  /|\   |  .-|          |
    | .---------. |   |    |  | |          |
  .-|-| manager |-'   |    |  | |          |
  | | `---------'     |    |  | |          |
  | |                 |    |  | |          |
  | | .-------------. |    | Samba         |
  | | | BOOTSTRAP   | |    |  | |          |
  | | |-------------| |    |  | |   .------|
  | `-| spawn VMs   |-+--> |  | `---| xchg | <-------.
  |   |-------------|      |  | .---^------|         |
  |   | install     |---.  |  `-| nixstore | <----.  |
  |   |-------------|   |  |    `----------|      |  |
  |---| suspend VM  |   |  |               |      |  |
  |   `------.------'   |  | Controller VM |      |  |
  |          |          |  |_______________|      |  |
  |       .--'          |         /|\            VirtIO
  |       |           __|__________:____________  |  |
  |      \|/         |  |          `.           | |  |
  | .------------.   |  |           :           | |  |
  | | REAL BUILD |   |  |   .-------^--------.  | |  |
  | |------------|   |  `-> | serial console |  | |  |
  `-| revive VM  |   |      `----------------'  | |  |
    |------------|   |------------.             | |  |
    | build      |-->| /nix/store >>>-----------|-'  |
    |------------|   |------------|             |    |
    | collect    |<--| xchg       >>>-----------|----'
    `-----.------'   |------------'             |
          |          |                          |
         \|/         |    |  |  __   ___  |     |
                     |    |--| |  | (__  -|-    |
    F I N I S H E D  |    |  | |__| ___)  |     |
                     |__________________________|

This might look a bit overwhelming, but let me try to explain:

We're starting at the base derivation ("BOOTSTRAP" above), where we
actually install the Cygwin envirenment. Over there we basically fire up
a vde_switch process and two virtual machines: One is the Windows
machine, the other is a NixOS machine, which serves as some kind of
proxy between the host and the Windows machine.

The reason we're doing this, is because we don't have a lot of options
for sharing files between a stock Windows machine and the host. In
earlier experiments, I've tried to communicate with the Windows guest by
using pipes and OpenSSH, but obviously this wasn't a big speed rush (or
to say it bluntly: It was fucking slow).

Using TCP/IP directly for accessing the guest would have been another
option, but it could lead to possible errors when the port or a range of
ports are in use at the Host system. Also, we would need to punch a hole
into the sandbox of the Nix builder (as it doesn't allow networking),
which in turn will possibly undermine deterministic builds/runs (well,
at least as deterministic as it can be, we're running Windows,
remember?).

So, let's continue: The responsibility of the NixOS (controller) VM is
to just wait until an SSH port becomes available on the Windows VM,
whereas the Windows VM itself is installed using an unattended
installation file provided via a virtual floppy image.

With the installation of the basic Windows OS, we directly install
Cygwin and start up an OpenSSH service.

At this point the bootstrapping is almost finished and as soon as the
port is available, the controller VM sets up Samba shares and makes it
available as drive letters within Windows and as bind mounts (for
example /nix/store) within Cygwin.

Finally we're making a snapshot of the memory of the Windows VM in order
to revive it within a few seconds when we want to build something.

Now, the build process itself is fairly straightforward: Revive VM and
build based on existing store derivations and collect the result _and_
the exit code from the xchg share/directory.

Conclusion: This architecture may sound a bit complicated, but we're
trying to achieve deterministic and reproducable builds and/or test
runs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:53 +01:00
Petr Rockai
97721af469 VMs: Add Fedora 17 to the list of distros (only had 16 and 18). 2014-02-15 12:57:21 +01:00
Eelco Dolstra
8ba1fdef00 debian: Update to 7.4 2014-02-14 20:29:43 +01:00
Shea Levy
b529a34b4a Add Fedora 20
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-19 20:50:46 -05:00
Rob Vermaas
1625743902 Fix Fedora8 vm builds. 2014-01-15 21:32:38 +01:00
Rob Vermaas
ed9520bfb5 Allow specifying extra qemu flags using QEMU_OPTS. Replace CentOS 6.3 with CentOS 6.5 (6.3 is removed from site). 2014-01-14 22:51:26 +01:00
Eelco Dolstra
3abcd7e268 debian: Update to 7.3 2014-01-06 15:51:00 +01:00
Eelco Dolstra
4747796a9e Build RPMs for i686 rather than i386
The default target (i386-linux) causes flags like "-march i386" to be
added, which breaks on recent Fedora releases (18 and up), resulting
in errors like:

  /usr/lib/gcc/i686-redhat-linux/4.7.2/../../../../include/c++/4.7.2/ext/atomicity.h:48: undefined reference to `__atomic_fetch_add_4'

So set the target to i686-linux.

http://hydra.nixos.org/build/6567357
2013-10-23 12:55:07 +02:00
Eelco Dolstra
391de89913 Debian 7: Update to 7.2
Also rename "debian70" to "debian7" to reflect the Wheezy's new
versioning scheme.
2013-10-23 11:30:51 +02:00
Eelco Dolstra
d6f97c3601 Debian 6: Update to 6.0.8 2013-10-23 11:17:20 +02:00
Eelco Dolstra
27e91e0044 Add Fedora 19 2013-10-23 11:15:45 +02:00
Eelco Dolstra
34fcf33c0b Add Ubuntu 13.10 2013-10-23 11:08:12 +02:00
Eelco Dolstra
d846e97656 VM builds: Use Linux 3.10
3.4 apparently gives corrupt 9pfs data on x86.  See e.g.

  http://hydra.nixos.org/build/5661036

where reading /nix/store/kfldnrrsq0lbbv13gjxdfb3vb1sbaz88-vm-run-stage2
gives garbage.  Strangely it doesn't happen here:

  http://hydra.nixos.org/build/5658978

Ah well.
2013-08-07 14:48:22 +02:00
Eelco Dolstra
4342a32deb VM builds: Reduce kernel verbosity 2013-08-01 14:35:31 +02:00
Eelco Dolstra
d077851b7d VM builds: Use the default kernel 2013-08-01 14:35:31 +02:00
Eelco Dolstra
b5fcb5b67d Use the qemu-kvm wrapper 2013-07-31 14:53:35 +02:00
aszlig
69dccda3c0
VM builds: Update debian Wheezy image to v7.1.
Wheezy has been released on June 15th and on all mirrors the SHA256 hash
of Packages.bz2 has changed to reflect the new release, so let's update.

Here is the release announcement from Debian:

http://www.debian.org/News/2013/20130615

It also seems that the versioning scheme has changed in version 7.x, so
they seem to have switched to a two digit versioning scheme. This means,
that the attribute name "debian70..." should really be something like
"debian7...", but I'm keeping the attribute as-is to not break
references.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-30 05:59:59 +02:00
aszlig
cd4b5e1a35
fillDiskWithDebs: Create fake start-stop-daemon.
This is needed in order to prevent services from starting while
populating the image with the contents of the .deb files. The procedure
used here is exactly the same as used in debootstrap.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-30 05:59:40 +02:00
Eelco Dolstra
59aca26975 * Use 'or'. 2013-07-15 14:33:27 +02:00
Rob Vermaas
da7db90068 Add CentOS 6.4 to vm images 2013-07-05 17:52:42 +02:00
Rob Vermaas
51a22a8f8a Add loopback network device and localhost entry to /etc/hosts for VM tests. 2013-07-05 15:02:43 +02:00
Eelco Dolstra
9f5f30a7e6 Remove runInGenericVM
It's not used anywhere and probably doesn't work anymore.
2013-07-05 00:17:04 +02:00
Eelco Dolstra
0e386d0c13 VM builds: Use 9p/virtfs instead of CIFS
9p (with caching enabled) is much faster than CIFS and doesn't require
Samba or virtual networking.  For instance, building GNU Hello with
CIFS takes ~323s on my laptop, but with 9p it takes 54s.

More measurements will be needed to see if "cache=fscache" is really
faster than "cache=loose" (the former seems to be a little bit
faster).
2013-07-05 00:17:04 +02:00
Eelco Dolstra
9efe759dd8 VM builds: Increase the default memory size to 512 MB 2013-07-05 00:17:04 +02:00
Eelco Dolstra
2321f2d55c VM builds: Panic on OOM 2013-07-05 00:17:04 +02:00
Eelco Dolstra
5f8571405b VM builds: Use ext4 instead of ext2 2013-07-05 00:17:03 +02:00
Eelco Dolstra
ed37a6b465 VM builds: Use qemu instead of the obsolete qemu-kvm 2013-07-05 00:17:03 +02:00
Eelco Dolstra
7afc1149d9 testRPMImage: Use x86_64 image 2013-07-04 18:27:26 +02:00
Eelco Dolstra
5cfa68ab50 Reinstate sec=none
Seems to be required, despite the subsequent sec=ntlm. But the NixOS
VM tests work fine without this flag :-S

http://hydra.nixos.org/build/5451901
2013-07-03 14:38:56 +02:00
Eelco Dolstra
75e34854f6 Remove redundant cifs option 2013-07-02 17:03:29 +02:00
Shea Levy
dd42dd480b runInLinuxImage: Fix derivation overriding.
This only ever worked because runInLinuxVM happened to call
overrideDerivation, which itself erroneously passed arbitrarily-added
attributes to the new call to derivation.

Hopefully this time Eelco won't have to revert my change ;)

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-15 01:15:16 -04:00
Eelco Dolstra
9f9620f566 Doh 2013-05-13 22:04:33 +02:00
Eelco Dolstra
278b255388 Restore unintentionally deleted line 2013-05-13 18:15:02 +02:00
Eelco Dolstra
9df603b300 Use Linux 3.9 for VM builds
This seems to fix CIFS hangs like: http://hydra.nixos.org/build/4916655
2013-05-13 18:12:12 +02:00
Eelco Dolstra
6fb4c62f25 Fix some old Fedora builds
http://hydra.nixos.org/build/4949447
2013-05-13 17:47:20 +02:00
Eelco Dolstra
5815d18460 Add Fedora 18 2013-05-08 14:08:59 +02:00
Eelco Dolstra
e7480d9cb7 Add Debian 7.0 2013-05-07 11:19:46 +02:00
Eelco Dolstra
1073187f78 Add Ubuntu 13.04 2013-05-03 14:01:32 +02:00
Eelco Dolstra
fb600a5d99 Debian VM image: Update to 6.0.7 2013-03-15 12:48:35 +01:00
Eelco Dolstra
b643316a42 VM builds: Use BusyBox
http://hydra.nixos.org/build/3510928
2012-12-18 16:57:11 +01:00
Lluís Batlle i Rossell
62fa1b8782 Adding ext4 to vmTools. Otherwise, nixos build-vm fails with 'useBootLoader'. 2012-12-16 21:43:35 +01:00
Eelco Dolstra
7f115621ca Add Ubuntu 12.10 2012-12-04 20:06:07 +01:00
Eelco Dolstra
85650db656 Update Debian Squeeze to 6.0.6 2012-12-04 19:58:21 +01:00
Eelco Dolstra
b29d424115 Get deb-closure.pl to work with the latest dpkg 2012-12-04 19:56:31 +01:00
Eelco Dolstra
2ab46949cf Add universe repo for older Ubuntu releases 2012-09-13 17:15:58 -04:00
Eelco Dolstra
fc35bed470 Fix incorrect version of Ubuntu Maverick (10.10) 2012-09-13 17:15:58 -04:00
Eelco Dolstra
20de8c8086 Make the "universe" repository available to the Ubuntu image generator
Also fix Ubuntu 12.04 name from "oneiric" to "precise".
2012-08-27 13:53:07 -04:00
Eelco Dolstra
bacc6ab790 Remove trailing whitespace 2012-08-27 13:53:07 -04:00
Eelco Dolstra
395718e927 Create /dev/random and /dev/urandom in VMs
WWW::Curl needs this to prevent "Fatal: no entropy gathering module
detected".
2012-08-27 13:53:07 -04:00
Eelco Dolstra
a54734e087 vmTools: Provide hook to add more Samba shares 2012-08-16 10:55:13 -04:00
Rob Vermaas
0cbfd8ff04 * update hashes for debian queeze
svn path=/nixpkgs/trunk/; revision=34316
2012-06-01 17:53:53 +00:00
Eelco Dolstra
b6917d3b73 * Added Ubuntu 12.04.
svn path=/nixpkgs/trunk/; revision=34055
2012-05-11 02:04:14 +00:00
Eelco Dolstra
9aa30ba705 * Pass -cpu kvm64 to keep GMP from barfing.
svn path=/nixpkgs/trunk/; revision=33848
2012-04-19 18:44:02 +00:00
Eelco Dolstra
8b0bc7a745 * Add modules required by Linux 3.2.
svn path=/nixpkgs/trunk/; revision=33742
2012-04-11 07:45:12 +00:00
Ludovic Courtès
9d125d64bf VM: Upgrade to Debian 5.0.10.
svn path=/nixpkgs/trunk/; revision=33008
2012-03-12 08:13:10 +00:00
Ludovic Courtès
0a433261c5 VM: Make sure `smbd' is in QEMU's $PATH.
svn path=/nixpkgs/trunk/; revision=32987
2012-03-11 14:23:32 +00:00
Ludovic Courtès
5d159f8a06 runInGenericVM: Use whatever the current system is.
svn path=/nixpkgs/trunk/; revision=32970
2012-03-10 11:44:47 +00:00
Ludovic Courtès
2f01e58e61 vmTools: Use stdenv's glibc in `initrd-utils'.
svn path=/nixpkgs/trunk/; revision=32878
2012-03-08 09:40:45 +00:00
Eelco Dolstra
ed325cd1ae * We accidentally lost xz support in rpm. This broke RPM builds
(http://hydra.nixos.org/build/2230623).

svn path=/nixpkgs/trunk/; revision=32847
2012-03-07 09:47:22 +00:00
Eelco Dolstra
5e4c7aa8f3 * This substitution causes bash to hang. Urgh. Bash's pattern
substitutions aren't very reliable.

svn path=/nixpkgs/trunk/; revision=32830
2012-03-06 18:49:44 +00:00
Yury G. Kudryashov
5144a19987 svn merge ^/nixpkgs/trunk
There were a few merge conflicts due to ensureDir->mkdir -p migration

svn path=/nixpkgs/branches/stdenv-updates/; revision=32174
2012-02-10 10:24:30 +00:00
Eelco Dolstra
f680a3c175 * Put back the Ubuntu 10.10 images that I accidentally removed.
svn path=/nixpkgs/trunk/; revision=32141
2012-02-08 11:38:46 +00:00
Eelco Dolstra
c303784a89 * Debian 6.0.4.
svn path=/nixpkgs/trunk/; revision=32112
2012-02-07 13:19:03 +00:00
Eelco Dolstra
78ab1dd995 * Added Fedora 16 images.
svn path=/nixpkgs/trunk/; revision=32110
2012-02-07 13:14:25 +00:00
Eelco Dolstra
b22276deea * Add disk images for Ubuntu 11.10.
svn path=/nixpkgs/trunk/; revision=32109
2012-02-07 12:38:32 +00:00
Yury G. Kudryashov
215a07c1a9 svn merge ^/nixpkgs/trunk
Merge conflicts:
* unzip (almost trivial)
* dvswitch (trivial)
* gmp (copied result of `git merge`)

The last item introduced gmp-5.0.3, thus full rebuild.
+ensureDir->mkdir -p in TeX packages was catched by git but not svn.

svn path=/nixpkgs/branches/stdenv-updates/; revision=32091
2012-02-06 23:03:12 +00:00
Rob Vermaas
d52b0c377f rpmclosure, remove exit
svn path=/nixpkgs/trunk/; revision=31965
2012-02-02 09:54:16 +00:00
Rob Vermaas
6a3feaa3dc rpmclosure, also take into account rel attribute when versions are the same
svn path=/nixpkgs/trunk/; revision=31964
2012-02-02 09:53:45 +00:00
Eelco Dolstra
c556a6ea46 * "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
function, so obsolete it.

svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Yury G. Kudryashov
08761e83fc Merge trunk
svn path=/nixpkgs/branches/stdenv-updates/; revision=31207
2012-01-02 14:12:40 +00:00
Rob Vermaas
a8785e7b72 use simple version compare in stead of timestamps to determine newer package
svn path=/nixpkgs/trunk/; revision=31108
2011-12-27 12:56:07 +00:00
Eelco Dolstra
c044d7f56f * Forgot a few utillinuxng references.
svn path=/nixpkgs/branches/stdenv-updates/; revision=30866
2011-12-13 12:57:32 +00:00
Eelco Dolstra
4d0b546566 * Update Debian Squeeze to 6.0.3.
svn path=/nixpkgs/trunk/; revision=30310
2011-11-07 23:05:50 +00:00
Rob Vermaas
40f1e4e289 * rpm-closure.pl: add possibility to use multiple repositories
* default.nix: do not assume fixed filesystem type when mounting, to allow using other filesystems


svn path=/nixpkgs/trunk/; revision=29757
2011-10-11 13:22:09 +00:00
Ludovic Courtès
e1fb6adbe8 Update Debian Lenny (5.0.9).
svn path=/nixpkgs/trunk/; revision=29699
2011-10-06 13:27:58 +00:00
Eelco Dolstra
eb9a0145ea * Don't mount the entire host filesystem, but just /nix/store and a
temporary directory.  This is necessary to isolate NixOS VMs from
  the host filesystem for security.

svn path=/nixpkgs/trunk/; revision=28427
2011-08-09 14:05:40 +00:00
Eelco Dolstra
b6d96e9782 * For building Fedora disk images, use the "Everything" repo rather
than the "Fedora" repo, since the latter doesn't contain some
  packages (like perl-DBD-SQLite).

svn path=/nixpkgs/trunk/; revision=28389
2011-08-08 14:01:16 +00:00
Eelco Dolstra
4e7e83a7ee * Debian Squeeze updated to 6.0.2.1.
svn path=/nixpkgs/trunk/; revision=28385
2011-08-08 13:16:20 +00:00
Eelco Dolstra
aa5646ff3b * For some reason Samba insists on setting the g+w bit on newly
created directories, which is a security risk.  So create $out with
  the proper permissions before starting the VM.

svn path=/nixpkgs/trunk/; revision=27095
2011-05-02 14:55:16 +00:00
Eelco Dolstra
377b97a37b * Drop the unnecessary boot=on flag.
svn path=/nixpkgs/trunk/; revision=26104
2011-02-24 21:48:32 +00:00
Eelco Dolstra
167c520570 * Added Debian 6.0 and Ubuntu 10.10.
svn path=/nixpkgs/trunk/; revision=25968
2011-02-14 16:52:32 +00:00
Rob Vermaas
81019cbdb9 vmTools: add some arguments with previous defaults
svn path=/nixpkgs/trunk/; revision=25742
2011-02-01 12:11:05 +00:00
Rob Vermaas
ebf9889a9e extractmtdfs: bigger size mtdram, extractfs: support cramfs
svn path=/nixpkgs/trunk/; revision=25739
2011-01-31 18:02:46 +00:00
Rob Vermaas
06be15cb76 add hfs/hfsplus/squashfs support to extractfs
svn path=/nixpkgs/trunk/; revision=25737
2011-01-31 15:26:03 +00:00
Eelco Dolstra
7f4a312e35 * Handle FreeBSD filesystems.
svn path=/nixpkgs/trunk/; revision=25624
2011-01-19 10:59:26 +00:00
Rob Vermaas
ba23376718 added vm function to extract some filesystem
svn path=/nixpkgs/trunk/; revision=25622
2011-01-19 09:06:12 +00:00
Rob Vermaas
adeb63e4c2 remove aterm242fixes
svn path=/nixpkgs/trunk/; revision=25407
2011-01-05 09:42:56 +00:00
Eelco Dolstra
04ec671c8a * Run smbd in its own session / process group (setsid) because smbd
now kills its process group when it exits.  Without setsid, this
  ends up killing the parent (i.e., the builder).
* Use port 445 instead of 139 because the CIFS kernel module tries
  port 445 first.  If there is an actual Samba running on the host, it
  would end up connecting to that one instead of our own and fail.

svn path=/nixpkgs/trunk/; revision=25017
2010-12-06 19:03:32 +00:00
Rob Vermaas
f26b267858 fix debian lenny hashes
svn path=/nixpkgs/trunk/; revision=24986
2010-12-06 08:03:11 +00:00
Rob Vermaas
a074da499c vm/default.nix: updating debian lenny hashes
svn path=/nixpkgs/trunk/; revision=23674
2010-09-07 14:33:46 +00:00
Eelco Dolstra
3cdc3c4abe * Mark the VM builds as requiring KVM support.
svn path=/nixpkgs/trunk/; revision=23526
2010-08-29 21:27:06 +00:00
Rob Vermaas
105d0e540b startSamba: reintroduce force user option set to current user
svn path=/nixpkgs/trunk/; revision=23242
2010-08-19 08:31:13 +00:00
Rob Vermaas
fa7ec152db revert earlier change
svn path=/nixpkgs/trunk/; revision=23222
2010-08-18 11:03:36 +00:00