Merge pull request #187003 from jiegec/krunvm-darwin

krunvm: add support for darwin
2022-09-11 16:55:07 +01:00 · 2022-09-11 16:55:07 +01:00 · 0e63de944b
parent dbdec0edab 372b94bef6
commit 0e63de944b
5 changed files with 74 additions and 14 deletions
--- a/pkgs/applications/virtualization/krunvm/default.nix
+++ b/pkgs/applications/virtualization/krunvm/default.nix
@ -3,7 +3,12 @@
 , rustPlatform
 , fetchFromGitHub
 , asciidoctor
+, buildah
+, buildah-unwrapped
+, libiconv
 , libkrun
+, makeWrapper
+, sigtool
 }:

 stdenv.mkDerivation rec {
@ -22,17 +27,41 @@ stdenv.mkDerivation rec {
    hash = "sha256-3WiXm90XiQHpCbhlkigg/ZATQeDdUKTstN7hwcsKm4o=";
  };

-  nativeBuildInputs = with rustPlatform;[
+  nativeBuildInputs = with rustPlatform; [
    cargoSetupHook
    rust.cargo
    rust.rustc
    asciidoctor
+    makeWrapper
+  ] ++ lib.optionals stdenv.isDarwin [ sigtool ];
+
+  buildInputs = [ libkrun ] ++ lib.optionals stdenv.isDarwin [
+    libiconv
  ];

-  buildInputs = [ libkrun ];
-
  makeFlags = [ "PREFIX=${placeholder "out"}" ];

+  postPatch = ''
+    # do not pollute etc
+    substituteInPlace src/utils.rs \
+      --replace "etc/containers" "share/krunvm/containers"
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/krunvm/containers
+    install -D -m755 ${buildah-unwrapped.src}/docs/samples/registries.conf $out/share/krunvm/containers/registries.conf
+    install -D -m755 ${buildah-unwrapped.src}/tests/policy.json $out/share/krunvm/containers/policy.json
+  '';
+
+  # It attaches entitlements with codesign and strip removes those,
+  # voiding the entitlements and making it non-operational.
+  dontStrip = stdenv.isDarwin;
+
+  postFixup = ''
+    wrapProgram $out/bin/krunvm \
+      --prefix PATH : ${lib.makeBinPath [ buildah ]} \
+  '';
+
  meta = with lib; {
    description = "A CLI-based utility for creating microVMs from OCI images";
    homepage = "https://github.com/containers/krunvm";
--- a/pkgs/development/compilers/dtc/default.nix
+++ b/pkgs/development/compilers/dtc/default.nix
@ -44,6 +44,10 @@ stdenv.mkDerivation rec {
  makeFlags = [ "PYTHON=python" "STATIC_BUILD=${toString stdenv.hostPlatform.isStatic}" ];
  installFlags = [ "INSTALL=install" "PREFIX=$(out)" "SETUP_PREFIX=$(out)" ];

+  postFixup = lib.optionalString stdenv.isDarwin ''
+    install_name_tool -id $out/lib/libfdt.dylib $out/lib/libfdt-${version}.dylib
+  '';
+
  # Checks are broken on aarch64 darwin
  # https://github.com/NixOS/nixpkgs/pull/118700#issuecomment-885892436
  doCheck = !stdenv.isDarwin;
--- a/pkgs/development/libraries/libkrun/default.nix
+++ b/pkgs/development/libraries/libkrun/default.nix
@ -1,11 +1,15 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchurl
 , rustPlatform
 , pkg-config
+, dtc
 , glibc
 , openssl
+, libiconv
 , libkrunfw
+, Hypervisor
 , sevVariant ? false
 }:

@ -13,11 +17,14 @@ stdenv.mkDerivation rec {
  pname = "libkrun";
  version = "1.3.0";

-  src = fetchFromGitHub {
+  src = if stdenv.isLinux then fetchFromGitHub {
    owner = "containers";
    repo = pname;
    rev = "v${version}";
    hash = "sha256-qVyEqiqaQ8wfZhL5u+Bsaa1yXlgHUitSj5bo7FJ5Y8c=";
+  } else fetchurl {
+    url = "https://github.com/containers/libkrun/releases/download/v${version}/v${version}-with_macos_prebuilts.tar.gz";
+    hash = "sha256-RBqeGUhB6Sdt+JujyQBW/76mZwnT0LNs9AMYr8+OCVU=";
  };

  cargoDeps = rustPlatform.fetchCargoTarball {
@ -25,21 +32,30 @@ stdenv.mkDerivation rec {
    hash = "sha256-jxSzhj1iU8qY+sZEVCYTaUqpaA4egjJi9qxrapASQF0=";
  };

-  nativeBuildInputs = with rustPlatform;[
+  nativeBuildInputs = with rustPlatform; [
    cargoSetupHook
    rust.cargo
    rust.rustc
  ] ++ lib.optional sevVariant pkg-config;

  buildInputs = [
+    (libkrunfw.override { inherit sevVariant; })
+  ] ++ lib.optionals stdenv.isLinux [
    glibc
    glibc.static
-    (libkrunfw.override { inherit sevVariant; })
+  ] ++ lib.optionals stdenv.isDarwin [
+    libiconv
+    Hypervisor
+    dtc
  ] ++ lib.optional sevVariant openssl;

  makeFlags = [ "PREFIX=${placeholder "out"}" ]
    ++ lib.optional sevVariant "SEV=1";

+  postFixup = lib.optionalString stdenv.isDarwin ''
+    install_name_tool -id $out/lib/libkrun.dylib $out/lib/libkrun.${version}.dylib
+  '';
+
  meta = with lib; {
    description = "A dynamic library providing Virtualization-based process isolation capabilities";
    homepage = "https://github.com/containers/libkrun";
--- a/pkgs/development/libraries/libkrunfw/default.nix
+++ b/pkgs/development/libraries/libkrunfw/default.nix
@ -15,11 +15,14 @@ stdenv.mkDerivation rec {
  pname = "libkrunfw";
  version = "3.3.0";

-  src = fetchFromGitHub {
+  src = if stdenv.isLinux then fetchFromGitHub {
    owner = "containers";
    repo = pname;
    rev = "v${version}";
    hash = "sha256-ay+E5AgJeA0i3T4JDosDawwtezDGquzAvYEWHGbPidg=";
+  } else fetchurl {
+    url = "https://github.com/containers/libkrunfw/releases/download/v${version}/v${version}-with_macos_prebuilts.tar.gz";
+    hash = "sha256-9Wp93PC+PEqUpWHIe6BUnfDMpFvYL8rGGjTU2nWSUVY=";
  };

  kernelSrc = fetchurl {
@ -28,14 +31,18 @@ stdenv.mkDerivation rec {
  };

  preBuild = ''
-    substituteInPlace Makefile --replace 'curl $(KERNEL_REMOTE) -o $(KERNEL_TARBALL)' 'ln -s $(kernelSrc) $(KERNEL_TARBALL)'
+    substituteInPlace Makefile \
+      --replace 'curl $(KERNEL_REMOTE) -o $(KERNEL_TARBALL)' 'ln -s $(kernelSrc) $(KERNEL_TARBALL)' \
+      --replace 'gcc' '$(CC)'
  '';

  nativeBuildInputs = [ flex bison bc python3 python3.pkgs.pyelftools ];
-  buildInputs = [ elfutils ];
+  buildInputs = lib.optionals stdenv.isLinux [ elfutils ];

-  makeFlags = [ "PREFIX=${placeholder "out"}" ]
-    ++ lib.optional sevVariant "SEV=1";
+  makeFlags = [
+    "PREFIX=${placeholder "out"}"
+    "SONAME_Darwin=-Wl,-install_name,${placeholder "out"}/lib/libkrunfw.dylib"
+  ] ++ lib.optional sevVariant "SEV=1";

  enableParallelBuilding = true;

@ -44,6 +51,6 @@ stdenv.mkDerivation rec {
    homepage = "https://github.com/containers/libkrunfw";
    license = with licenses; [ lgpl2Only lgpl21Only ];
    maintainers = with maintainers; [ nickcao ];
-    platforms = [ "x86_64-linux" "aarch64-linux" ];
+    platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ];
  };
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -8021,7 +8021,9 @@ with pkgs;

  krunner-pass = libsForQt5.callPackage ../tools/security/krunner-pass { };

-  krunvm = callPackage ../applications/virtualization/krunvm { };
+  krunvm = callPackage ../applications/virtualization/krunvm {
+    inherit (darwin) sigtool;
+  };

  kronometer = libsForQt5.callPackage ../tools/misc/kronometer { };

@ -24236,7 +24238,9 @@ with pkgs;

  libcgroup = callPackage ../os-specific/linux/libcgroup { };

-  libkrun = callPackage ../development/libraries/libkrun { };
+  libkrun = callPackage ../development/libraries/libkrun {
+    inherit (darwin.apple_sdk.frameworks) Hypervisor;
+  };

  libkrun-sev = callPackage ../development/libraries/libkrun { sevVariant = true; };