Commit graph

1138 commits

Author SHA1 Message Date
Austin Seipp
0399c5ee24 grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
Benno Fünfstück
7ac13c40ab Add hackage mirror to mirrors.nix 2014-06-21 20:15:45 +02:00
Michael Raskin
258040a939 Add a function to overwrite just the version and sha256 by grepping them 2014-06-13 13:37:12 +04:00
Michael Raskin
c5f019e9a0 Merge pull request #2063 from redbaron/libmsgpack
Proper separation between build and runtime outputs
2014-06-12 13:05:40 +04:00
Benno Fünfstück
063efadd69 nix-prefetch-{bzr,hg,svn}: print fetched revision 2014-06-11 14:42:39 +02:00
Benno Fünfstück
be25ce8f58 nix-prefetch-git: fix printing of revision
If the user explictly gives a ref such as "refs/heads/master", `git
rev-parse` failed because we only checked out the `fetchgit`
branch. Now, we also try `git rev-parse fetchgit` if the first call
fails, which fixes the issue.
2014-06-11 14:09:58 +02:00
Benno Fünfstück
c6bd4d2973 nix-prefetch-scripts: new expression 2014-06-10 19:26:20 +02:00
Michael Raskin
c2fb8b1364 Addnig a package to copy nix-prefetch-* to bin/. Hopefully fixes #1130 2014-06-09 01:11:03 +04:00
Jonathan Glines
0672cfcc5f Added mirrors for sourceforge.jp. 2014-06-08 11:47:37 -06:00
Peter Simons
7d1c124647 Merge pull request #2767 from jwiegley/hscolour
Build Haddocks with source hyperlinks unless doHscolour is false
2014-06-03 10:50:04 +02:00
John Wiegley
0df8ca2b52 Merge pull request #2743 from jwiegley/rpath
Correctly patch the rpath for GHC-built executables on Darwin
2014-05-31 17:01:42 -05:00
John Wiegley
176797576c Build Haddocks with source hyperlinks unless doHscolour is false 2014-05-29 20:00:04 -05:00
Rob Vermaas
a089dbfe8a Fix regression in fetchhg. 2014-05-29 09:06:13 +02:00
Rob Vermaas
ea23ea00e4 Make fetchhg do the same as nix-prefetch-hg, use hg archive. Fixes #2781. 2014-05-28 10:40:21 +02:00
Eelco Dolstra
a0072b4d2d hipchat: Fix access to /usr/share/X11/xkb
HipChat (or rather its copy of Qt) expects to find keyboard data in
/usr/share/X11/xkb. So use a LD_PRELOAD library to intercept and
rewrite the Glibc calls that access those paths. We've been doing the
same thing with packages like Spotify, but now this functionality has
been abstracted into a reusable library, libredirect.so. It uses an
environment variable $NIX_REDIRECTS containing a colon-separated list
of path prefixes to be rewritten, e.g. "/foo=bar:/xyzzy=/fnord".
2014-05-27 01:06:54 +02:00
Maxim Ivanov
e7d5e1cdbc Don't hardcode shell, use $SHELL instead 2014-05-26 14:48:39 +01:00
John Wiegley
b09a788e13 Correct patch the rpath for GHC-built executables on Darwin
@peti This addresses #2488.
2014-05-25 03:29:24 -05:00
Aristid Breitkreuz
eb928c5d46 fhs-chrootenv: use -l to umount for the rbind mount 2014-05-22 22:18:30 +02:00
Aristid Breitkreuz
ecee297a18 fhs-chrootenv (steam): support directly using users other than root, fix sound support, fix /run/user 2014-05-22 22:01:00 +02:00
Eelco Dolstra
139608dd34 Update Ubuntu Packages.bz2 hashes 2014-05-20 13:39:06 +02:00
Austin Seipp
06de946355 Merge pull request #2668 from sol/print-git-revision
nix-prefetch-git: Print git revision
2014-05-18 07:47:27 -05:00
Austin Seipp
85b5dc3949 grsec: Fix vserver/stable packaging
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1 grsec: refactor grsecurity packages
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Vladimír Čunát
137eae0b55 Merge #2630: add and use fetchpatch
fetchpatch is fetchurl that determinizes the patch.
Some parts of generated patches change from time to time, e.g. see #1983 and
http://comments.gmane.org/gmane.linux.distributions.nixos/12815
Using fetchpatch should prevent the hash from changing.

Conflicts (auto-solved):
	pkgs/development/libraries/haskell/gitit/default.nix
2014-05-17 07:31:03 +02:00
Simon Hengel
26fb26e331 nix-prefetch-git: Print git revision 2014-05-16 15:22:28 +08:00
Chris Double
a6ddfbceac Add -p to mkdir in build-fhs-chrootenv to prevent error if directory exists 2014-05-15 18:38:45 +12:00
Peter Simons
fd0f9e6fc1 Re-write the Haskell Platform out of haskell-defaults.nix.
1) Packages formerly called haskell-haskell-platform-ghcXYZ-VVVV.X.Y.Z are
    now called haskell-platform-VVVV.X.Y.Z. The latest version can be
    installed by running "nix-env -i haskell-platform".

 2) The attributes haskellPackages_ghcXYZ.haskellPlatform no longer exist.
    Instead, we have attributes like haskellPlatformPackages."2012_4_0_0".
    (The last numeric bit must be quoted when used in a Nix file, but not on
    the command line to nix-env, nix-build, etc.) The latest Platform has a
    top-level alias called simply haskellPlatform.

 3) The haskellPackages_ghcXYZ package sets offer the latest version of every
    library that GHC x.y.z can compile. For example, if 2.7 is the latest
    version of QuickCheck and if GHC 7.0.4 can compile that version, then
    haskellPackages_ghc704.QuickCheck refers to version 2.7.

 4) All intermediate GHC releases were dropped from all-packages.nix to
    simplify our configuration. What remains is a haskellPackages_ghcXYZ set
    for the latest version of every major release branch, i.e. GHC 6.10.4,
    6.12.3, 7.0.4, 7.2.2, 7.4.2, 7.6.3, 7.8.2, and 7.9.x (HEAD snapshot).

 5) The ghcXYZPrefs functions in haskell-defaults.nix now inherit overrides
    from newer to older compilers, i.e. an override configured for GHC 7.0.4
    will automatically apply to GHC 6.12.3 and 6.10.4, too. This change has
    reduced the redundancy in those configuration functions. The downside is
    that overriding an attribute for only one particular GHC version has become
    more difficult. In practice, this case doesn't occur much, though.

 6) The 'cabal' builder has a brand-new argument called 'extension'. That
    function is "self : super : {}" by default and users can override it to
    mess with the attribute set passed to cabal.mkDerivation. An example use
    would be the definition of darcs in all-packages.nix:

    | darcs = haskellPackages.darcs.override {
    |   cabal = haskellPackages.cabal.override {
    |     extension = self : super : {
    |       isLibrary = false;
    |       configureFlags = "-f-library " + super.configureFlags or "";
    |     };
    |   };
    | };

    In this case, extension disables building the library part of the package
    to give us an executable-only version that has no dependencies on GHC or
    any other Haskell packages.

    The 'self' argument refers to the final version of the attribute set and
    'super' refers to the original attribute set.

Note that ...

 - Haskell Platform packages always provide the Haddock binary that came with
   the compiler.

 - Haskell Platform 2009.2.0.2 is broken because of build failures in cgi and
   cabal-install.

 - Haskell Platform 2010.1.0.0 is broken becasue of build failures in cgi.
2014-05-14 14:59:52 +02:00
Austin Seipp
dde404325b Merge pull request #2552 from CodeBlock/font-find
Use `find` instead of cp for installFonts.
2014-05-13 19:46:44 -05:00
Linquize
f40db99c7b fetchurl: Fix typo in comment (close #2591) 2014-05-13 11:23:50 +02:00
Eelco Dolstra
ea36f3b868 fetchFromGitHub: Use .tar.gz instead of .zip
Also clean up the name attribute of fetchzip derivations a bit.
2014-05-09 15:53:44 +02:00
Eelco Dolstra
c8df888858 Add a function "fetchzip"
This function downloads and unpacks a file in one fixed-output
derivation. This is primarily useful for dynamically generated zip
files, such as GitHub's /archive URLs, where the unpacked content of
the zip file doesn't change, but the zip file itself may (e.g. due to
minor changes in the compression algorithm, or changes in timestamps).

Fetchzip is implemented by extending fetchurl with a "postFetch" hook
that is executed after the file has been downloaded. This hook can
thus perform arbitrary checks or transformations on the downloaded
file.
2014-05-08 15:30:17 +02:00
Peter Simons
fc51c1d163 cabal: enable the split-objects feature again for current versions of GHC 2014-05-07 19:13:06 +02:00
Rob Vermaas
7cd55c7744 USe maven.test.skip in stead of maven.test.skip.exec in mvn assembly, to prevent unnecessary compilation. 2014-05-07 16:37:38 +02:00
Ricky Elrod
8263996d3a Use find instead of cp for installFonts.
This allows fonts to be installed from anywhere in an unzipped file
rather than having to cd deep into the directory and come back out in
order for e.g. `forceCopy` to work correctly.
2014-05-07 03:52:21 -04:00
aszlig
97dc8a88e5
vm/windows: Wait for migration to finish.
This ensures that the intermediate machine is shut down only after the
migration has finished writing the memory dump to disk, to ensure we
don't end up with empty state files depending on how fast the migration
finished before we actually shut down the VM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-05-07 07:21:10 +02:00
aszlig
bd78e674c5
vm/windows: Exit if VM has dropped out.
This ensures that the builder isn't waiting forever if the Windows VM
drops dead while we're waiting for the controller VM to signal that a
particular command has been executed on the Windows VM. It won't ever
happen in such cases so it doesn't make sense to wait for the timeout.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-05-07 07:21:10 +02:00
Maxim Ivanov
e2e77950f3 Scatter output hook
This hook allows to scatter files in $out to multiple outputs.
For "bin" and "doc" outputs there are prefefined default masks, but
they can be overriden by setting files_<outname>, for example:

files_bin = [ "/bin/*" "/lib/libexec/" ];

To make an effect hook must be specified in buildInputs.
2014-05-06 22:47:45 +01:00
Ricky Elrod
4c8aa8f333 Add a bunch of Fedora mirrors and remove an old one 2014-05-06 01:58:43 -04:00
Eelco Dolstra
0ff68e81b9 debian: Update to 7.5
[Note from Austin: I think @edolstra forgot to merge this to master.]

(cherry picked from commit 02b056c5b180b4b8ba22ddc3061d78258e2ef98f on
release-14.04)
2014-05-03 10:55:26 -05:00
Austin Seipp
2be1b4c034 build-support/vm: add Ubuntu 14.04 Trusty Tahir
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-03 10:51:32 -05:00
Austin Seipp
76b05b1630 releaseTools: add {clang,coverity}Analysis tools
These two expressions greatly simplify using the clang-analyzer or
Coverity static analyzer on your C/C++ projects. In fact, they are
identical to nixBuild in every way out of the box, and should 'Just
Work' providing your code can be compiled with Clang already.

The trick is that when running 'make', we actually just alias it to the
appropriate scan build tool, and add a post-build hook that will bundle
up the results appropriately and unalias it.

For Clang, we put the results in $out/analysis and add an 'analysis'
report to $out/nix-support/hydra-build-products pointing to the result
HTML - this means that if the analyzer finds any bugs, the HTML results
will automatically show up Hydra for easy viewing.

For Coverity, it's slightly different. Instead we run the build tool and
after we're done, we tar up the results in a format that Coverity Scan's
service understands. We put the tarball in $out/tarballs under the name
'foo-cov-int.xz' and add an entry for the file to hydra-build-products
as well for easy viewing.

Of course for Coverity you must then upload the build. A Hydra plugin to
do this is on the way, and it will automatically pick up the
cov-int.tar.xz for uploading.

Note that coverityAnalysis requires allowUnfree = true;, as well as the
cov-build tools, which you can download from https://scan.coverity.com -
they're not linked to your account or anything, it's just an annoying
registration wall.

Note this is a first draft. In particular, scan-build fixes the C/C++
compiler to be Clang, and it's perfectly reasonable to want to use Clang
for the analyzer but have scan-build invoke GCC instead.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-02 14:07:37 -05:00
Peter Simons
5849a91e8d pkgs/build-support/cabal: revert "the release version of GHC 7.8.x no longer requires"
This reverts commit a2a398fbda. The
issue *does* still exist in GHC 7.8.2. Compiled binaries have no -rpath
into their own install directory ("$out") and thus cannot find their own
shared libraries. To work around this issue, we pass an explicit -rpath
argument at configure time. We do that only on Linux, though, because
-rpath is known to cause trouble on Darwin, which was the reason I
originally reverted that patch.
2014-05-01 23:14:55 +02:00
Rob Vermaas
eaedf303a0 Add RHEL7 to vm functions. 2014-05-01 15:13:35 +02:00
Eelco Dolstra
1bae93cb82 debian: Update to 6.0.9 2014-04-25 10:43:26 +02:00
aszlig
625d7b9043
Merge pull request #1928 from 'cross-win-osx'.
This includes a lot of fixes for cross-building to Windows and Mac OS X
and could possibly fix things even for non-cross-builds, like for
example OpenSSL on Windows.

The main reason for merging this in 14.04 already is that we already
have runInWindowsVM in master and it doesn't work until we actually
cross-build Cygwin's setup binary as the upstream version is a fast
moving target which gets _overwritten_ on every new release.

Conflicts:
	pkgs/top-level/all-packages.nix
2014-04-21 10:00:35 +02:00
Sander van der Burg
104c841c85 Move su to the base packages of chrootenv builder 2014-04-18 13:30:24 +02:00
Peter Simons
a2a398fbda pkgs/build-support/cabal: the release version of GHC 7.8.x no longer requires
the -rpath hack added in 63c60638fc and
edaa56041c to produce dynamically linked
executables
2014-04-18 01:23:45 +02:00
Mathijs Kwik
b21853f255 Fix initrd breaking by recent repeatable-builds changes
See the comments at f67015cae4
for more information.

Please note: this makes initrd unrepeatable again, but most people will prefer that above an unbootable system.
2014-04-12 00:06:30 +02:00
Shea Levy
9949d0255e Merge branch 'make-the-kernel-build-repeatable' of git://github.com/alexanderkjeldaas/nixpkgs
Make the kernel build and initrd generation binary repeatable (#2128)
2014-04-06 17:02:16 -04:00
Alexander Kjeldaas
f67015cae4 Make initrd and the kernel builds repeatable. 2014-04-05 08:41:06 +02:00
Vladimír Čunát
1ed628acb2 gcc-wrapper: don't fail when cpp doesn't exist
This is fixup for 1d3917bb #1820. Gnatboot doesn't have cpp.
2014-04-02 19:07:58 +02:00
Vladimír Čunát
de11c288c1 gcc-wrapper: preferLocalBuild, as it does little work
This is re-revert of e31523a369.
2014-04-02 19:05:57 +02:00
Bjørn Forsman
25f0b7cb50 gcc-{,cross-}wrapper: add 'cpp' wrapper (close #1820)
The gcc-wrapper doesn't wrap 'cpp'. This breaks some software (such as
Buildroot) because the 'cpp' they get come from the non-wrapped gcc
package which doesn't know about any standard include paths.

gcc-cross-wrapper is untested.
2014-04-02 19:05:57 +02:00
Peter Simons
903df21f65 Merge pull request #2010 from ambrop72/fetchgit-no-submodules
fetchgit: Implement option to not check out submodules.
2014-03-26 11:11:25 +01:00
ambrop7@gmail.com
3a765a7309 fetchgit: Implement option to not check out submodules. 2014-03-25 20:03:55 +01:00
Shea Levy
d4c711ee1d Add memcache php module 2014-03-24 08:37:36 -04:00
Shea Levy
e07b58fee3 Merge branch 'pkgs/build-support/writeTextDir' of git://github.com/offlinehacker/nixpkgs
build-support: Add writeTextDir
2014-03-23 20:50:14 -04:00
Jaka Hudoklin
7c2d00aefd build-support: Add writeTextDir
This `writeTextFile` based helper function is especially usefull for writing a
bunch of configuration files to root of the output folder
2014-03-23 10:05:38 +00:00
Eelco Dolstra
f73ff0529e runInLinuxVM: Set the clock properly 2014-03-18 15:02:09 +01:00
Shea Levy
a330e244ad Revert "Merge branch 'nix-run' of git://github.com/rickynils/nixpkgs"
nix-run's functionality is subsumed by nix-shell -p.

This reverts commit 3cc2b243c7, reversing
changes made to 4d5d6aed29.
2014-03-15 08:15:22 -04:00
Shea Levy
3cc2b243c7 Merge branch 'nix-run' of git://github.com/rickynils/nixpkgs
Add nix-run and myEnvRun
2014-03-14 18:52:50 -04:00
aszlig
b25ac9ea55
gcc-cross-wrapper: Revert adding LD program name.
This reverts commit c5ab2bfd25.

As mentioned in the previous commit, this is now no longer needed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:58:55 +01:00
aszlig
c7bac81c66
Merge 'mingw-w64' and 'darwin' into cross-win-osx.
Both branches have quite a lot in common, so it's time for a merge and
do the cleanups with respect to both implementations and also generalize
both implementations as much as possible.

This also closes #1876.

Conflicts:
	pkgs/development/interpreters/lua-5/5.2.nix
	pkgs/development/libraries/SDL/default.nix
	pkgs/development/libraries/glew/default.nix
	pkgs/top-level/all-packages.nix
2014-03-12 10:16:51 +01:00
aszlig
2d17335f68
gcc-cross-wrapper: Allow to pass US X min version.
This allows to pass a new attribute osxMinVersion to crossSystem, which
specifies the minimum Mac OS X version you want to be compatible to.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:47 +01:00
Vladimír Čunát
9d4a3f83e8 Merge pull request #1869 from lovek323/texlive-full
texLiveFull: fix build on Darwin
2014-03-08 08:12:04 +01:00
aszlig
bd2d120c08
vm/windows: Allow to specify a different arch.
So far, we determined this based on stdenv.is64bit, but there are cases
where you want to run/build a 32bit program on a 64 bit Windows.

This is now possible, by passing windowsImage.arch = "i686" | "x86_64"
to runInWindowsVM. Based an what was passed, the corresponding Cygwin
packages and setup.exe are bootstrapped.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-04 09:22:18 +01:00
aszlig
e86ffa08b7
vm/windows: Update SHAs for Cygwin setup.ini.
Another very annoying part. Unfortunately, the only option we might have
here is to include it in nixpkgs or maybe make a fixed Hash on the
result of the closure fetcher.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-03 23:37:41 +01:00
aszlig
5bd52771ba
vm/windows: Replace binary with cross cygwinSetup.
As the official Cygwin setup binary download doesn't come in snapshots
or even versioned, the fetchurl of setup.exe will frequently fail, which
in turn will annoy us as hell (or at least me).

One warning though: The fetchurl is currently broken and the cross-build
might not work yet for example on mingw32 (mingw-w64 branch on its way),
but the upstream URL has already changed and the new version contains a
bug (not yet tracked down) which breaks our Windows bootstrap process.

So to conclude: If it's already broken, make it at least "less broken".

"Not broken" is coming soon with the merge of the mingw-w64 branch.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-03 23:21:34 +01:00
aszlig
40635ed343
vm/windows: Remove stray "import <nixpkgs>".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-03 22:45:14 +01:00
aszlig
ca8cdcda06
vm/windows: Fix typo in runInWindowsVM.
Coincidentally, even with this typo, most tests work anyway, so I didn't
notice it in the first place.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-03 22:42:10 +01:00
Eelco Dolstra
497997cc38 Move generation of coverage reports from nixos/lib/testing to releaseTools
Also, turn some stdenv adapters into setup hooks.
2014-03-03 13:57:08 +01:00
Jason "Don" O'Conal
a577082e5e re-enable au debian mirror 2014-03-03 21:57:38 +11:00
aszlig
c5ab2bfd25
gcc-cross-wrapper: Explicitly add LD program name.
This is because autoconf is passing -print-prog-name=ld to the
cross-gcc, which in turn assumes a FHS compliant filesystem hierarchy
and searches ../../../../$crossConfig/bin/ld for the correct ld.

Of course, this won't work on Nix, hence we're explicitly passing the
correct LD program name.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-27 18:28:32 +01:00
aszlig
88ea17284e
vmTools: Hook in runInWindowsVM function.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 06:21:48 +01:00
aszlig
895a683d39
vm/windows: Add setup.ini for 32bit architecture.
Also update 64bit setup.ini and check whether we have a 64 bit stdenv in
order to choose the proper Cygwin version. Otherwise we now have the
setup.ini for 32bit available as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 06:20:24 +01:00
aszlig
623f1940c0
vm/windows: Make list of dependencies explicit.
So far, the VMs have always been using the native architecture, because
it was reimporting <nixpkgs> several times. Now, we propagate a list of
packages down to all sub-imports, which not only makes clearer which
dependencies a part actually has, but also will make it easier in case
we want to refactor those parts to use callPackage.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 05:43:34 +01:00
aszlig
d8e66722a3
vm/windows: Factor out bootstrapping process.
This now isolates the vmTools integration from the bootstrap process and
thus removes our fixed Windows ISO and product key. The latter can now
be provided by an attribute "windowsImage" to runInWindowsVM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:52:01 +01:00
aszlig
e40f41e505
vm/windows: Collect exit code from xchg.
This is the last item that was missing to get a fully working
runInWindowsVM function. Apart from checking exit codes, we also now
have preVM/postVM hooks which we can use to write arbitrary constructs
around this architecture, without the need to worry about specific
details.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:52:00 +01:00
aszlig
b01c9624cf
vm/windows: Add new runInWindowsVM function.
This function is quite similar to runInLinuxVM, but also ensures that
the builder is run decoupled of the Nix store and using the userland
inside the VM.

We're now picking up the environment variables saved in the previous
commit.

The reason we suppress all errors from the source operation is that it
would emit a ton of errors because we're trying to set read-only
variables.

Also, detecting whether the origBuilder is using the default builder
from the stdenv is currently a bit of a workaround until we have a
specialized pseudo-cross-stdenv someday in the future[TM].

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:52:00 +01:00
aszlig
dd8b0fcf52
vm/windows: Save envirenoment before running VM.
Later, when we start the actual builder, we're going to restore those
environment variables. We're using "(set; declare -p)", here, because
the former is just printing _all_ environment variables, even those not
supported, and the latter only lists specifically declared variables,
which also encludes exports.

The "declare -p" command also emits those variables in a format similar
to the "export" command.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:52:00 +01:00
aszlig
707b7ad1bd
vm/windows: Generate mounts from an attribute set.
This is mainly to make it easier to quickly change mappings, without
making room for errors such as typos.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig
5258bbe4c9
vm/windows: Create fstab entries in suspended VM.
Cygwin initializes mounts on _every_ login via SSH and doesn't keep them
consistently like on Unix systems, that's why we need to also add fstab
entries for the bind mounts to the store and xchg shares.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig
d16dae8d32
vm/windows: Use &&, not set -e in runAndSuspend.
We now have proper quoting, so we no longer need the workaround using
"set -e".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig
084238c6ec
vm/windows: Fix perms of the Samba shares.
We now map all guest accounts to the root user, because in the end the
permissions of the current user boil down to the build user of the Nix
builder of the host. That way it's not possible to gain more permissions
at all and just makes the VM communication a lot easier.

However, setting "writable" to yes instead of "read only" to no doesn't
change anything here, I just found it to be clearer.

Also, we now no longer need to have a "nobody" user.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig
5241bb1d5e
vm/windows: Avoid shadowing the Nix store.
This is done by putting the non-initrd /nix/store into a subdirectory,
which we then chroot to and pass along the SSH command.

Also, we now collect the exit code after the chroot command and power
off the VM thereafter, because the store is no longer shadowed and we
have still access to the busybox inside the initrd.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig
a1d7974acd
vm/windows: Remove Samba from installMode.
This should trim down possible dependencies on the base installation and
hereby reduce the need for reinstallation of the damn VM to only changes
that affect the Windows installation and the base Cygwin + OpenSSH
setup.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig
fedf13e6cf
vm/windows: Implement and use "xchg" share.
This now finally introduces our xchg share and also uses it for
exchanging state while suspending a VM. However, accessing the _real_
Nix store still isn't possible because we're shadowing the directory in
the initrd.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig
0ce1fd07fe
vm/windows: Reintroduce setting up /nix/store.
Now we're doing this at the point where we're saving the VM state.
Unfortunately it's not quite right, because the controller VM is shut
down _before_ we're saving the state, so the share gets disconnected
despite autodisconnect being deactivated during setup.

We can get around this issue by finally introducing the xchg share,
which is the last item to be implemented before we can merge to master.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig
aa65a7057f
vm/windows: Properly escape shell command.
Security-wise it's not a big issue because we're still sandboxed, but I
really don't want to write something like \\\\\\\\192.168.0.2\\\\share
in order to set up network shares.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig
cfa859d792
vm/windows: Don't init /nix/store on install.
We're going to do this during the suspendedVM phase, so we're able to
more easily change the shares without reinstalling the whole VM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig
3e91192f07
vm/windows: Wait for VDE switch to startup.
This could possibly cause flapping whenever qemu is too fast in starting
up. As we are running with the shell's -e flag, the socat check also
ensures that the VDE switch is properly started and causes the whole
build to fail, should it not start up within 20 seconds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig
c731467e2c
vm/windows: Split install into several stages.
These stages are in particular:

 * Install of the bare Windows VM with Cygwin and shut down.
 * Boot up the same VM again without the installation media and dump the
   VMs memory to state.gz.
 * Resume from state.gz and build whatever we want to build.

Every single stage involves a new "controller", which is more like an
abstraction on the Nix side that constructs the madness described in
276b72fb93.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig
5105e7f0bf
vm/windows: Update sha256 of Cygwin's setup.ini.
This is kinda stupid to do every little time the file is automatically
regenerated upstream. But let's see how often that happens and whether
it will become a major annoyance or not, and if yes, we might be forced
to include it in our source tree.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:55 +01:00
aszlig
9b1862ca1f
vm/windows: Move creating SSH key into install/.
This SSH key is specifically only for accessing the installed Cygwin
within the Windows VM, so we only need to expose the private key. Yes,
you heard right, the private key. It's not security-relevant because the
machine is completely read-only, only exposed to the filesystem and
networking is not available.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig
4e21215d52
vm/windows: Move the installer into install/.
At least the largest portion of the installer, because in the end we
don't want the installer to *actually* save the state but only prepare
the base image.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig
276b72fb93
vm: Introduce new Windows VM installer for Cygwin.
After quite a lot of fighting against Windows and its various
limitations, this new is the base architecture for installing and
accessing the Windows VM and thus the Cygwin environment inside it:

                .------------.
          .---> | vde_switch |
          |     `-[#]----[#]-'
          |        |      |
         ,'       .'      `---.___
       ,'    192.168.0.1          `.
       |          |            192.168.0.2
      ,'    _____[#]____           |
    ,'     |            |   ______[#]______
    |      | Windows VM |  |    .--'       |
    |      |____________|  |    |          |
    |             |  /|\   |  .-|          |
    | .---------. |   |    |  | |          |
  .-|-| manager |-'   |    |  | |          |
  | | `---------'     |    |  | |          |
  | |                 |    |  | |          |
  | | .-------------. |    | Samba         |
  | | | BOOTSTRAP   | |    |  | |          |
  | | |-------------| |    |  | |   .------|
  | `-| spawn VMs   |-+--> |  | `---| xchg | <-------.
  |   |-------------|      |  | .---^------|         |
  |   | install     |---.  |  `-| nixstore | <----.  |
  |   |-------------|   |  |    `----------|      |  |
  |---| suspend VM  |   |  |               |      |  |
  |   `------.------'   |  | Controller VM |      |  |
  |          |          |  |_______________|      |  |
  |       .--'          |         /|\            VirtIO
  |       |           __|__________:____________  |  |
  |      \|/         |  |          `.           | |  |
  | .------------.   |  |           :           | |  |
  | | REAL BUILD |   |  |   .-------^--------.  | |  |
  | |------------|   |  `-> | serial console |  | |  |
  `-| revive VM  |   |      `----------------'  | |  |
    |------------|   |------------.             | |  |
    | build      |-->| /nix/store >>>-----------|-'  |
    |------------|   |------------|             |    |
    | collect    |<--| xchg       >>>-----------|----'
    `-----.------'   |------------'             |
          |          |                          |
         \|/         |    |  |  __   ___  |     |
                     |    |--| |  | (__  -|-    |
    F I N I S H E D  |    |  | |__| ___)  |     |
                     |__________________________|

This might look a bit overwhelming, but let me try to explain:

We're starting at the base derivation ("BOOTSTRAP" above), where we
actually install the Cygwin envirenment. Over there we basically fire up
a vde_switch process and two virtual machines: One is the Windows
machine, the other is a NixOS machine, which serves as some kind of
proxy between the host and the Windows machine.

The reason we're doing this, is because we don't have a lot of options
for sharing files between a stock Windows machine and the host. In
earlier experiments, I've tried to communicate with the Windows guest by
using pipes and OpenSSH, but obviously this wasn't a big speed rush (or
to say it bluntly: It was fucking slow).

Using TCP/IP directly for accessing the guest would have been another
option, but it could lead to possible errors when the port or a range of
ports are in use at the Host system. Also, we would need to punch a hole
into the sandbox of the Nix builder (as it doesn't allow networking),
which in turn will possibly undermine deterministic builds/runs (well,
at least as deterministic as it can be, we're running Windows,
remember?).

So, let's continue: The responsibility of the NixOS (controller) VM is
to just wait until an SSH port becomes available on the Windows VM,
whereas the Windows VM itself is installed using an unattended
installation file provided via a virtual floppy image.

With the installation of the basic Windows OS, we directly install
Cygwin and start up an OpenSSH service.

At this point the bootstrapping is almost finished and as soon as the
port is available, the controller VM sets up Samba shares and makes it
available as drive letters within Windows and as bind mounts (for
example /nix/store) within Cygwin.

Finally we're making a snapshot of the memory of the Windows VM in order
to revive it within a few seconds when we want to build something.

Now, the build process itself is fairly straightforward: Revive VM and
build based on existing store derivations and collect the result _and_
the exit code from the xchg share/directory.

Conclusion: This architecture may sound a bit complicated, but we're
trying to achieve deterministic and reproducable builds and/or test
runs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:53 +01:00
aszlig
92c59d37a7
gcc-cross-wrapper: Enable dontStrip in setup hook.
At least for x86_64-w64-mingw32, it doesn't make sense to use the native
strip tool for stripping of symbols. To the contrary it results in
unusable archive files.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-24 07:26:23 +01:00
Eelco Dolstra
83ca2c272a fetchurl: Ensure that ‘urls’ is a list 2014-02-19 13:58:42 +01:00
Eelco Dolstra
a8ded9d5d3 fetchgit: Require a content hash
Without this, the result will not be a fixed-output derivation and
won't work in general.
2014-02-18 19:13:07 +01:00
Petr Rockai
97721af469 VMs: Add Fedora 17 to the list of distros (only had 16 and 18). 2014-02-15 12:57:21 +01:00