Skip to content

nixos/binfmt: Add support for using statically-linked QEMU#160802

Closed
zhaofengli wants to merge 9 commits intoNixOS:masterfrom
zhaofengli:binfmt-qemu-static
Closed

nixos/binfmt: Add support for using statically-linked QEMU#160802
zhaofengli wants to merge 9 commits intoNixOS:masterfrom
zhaofengli:binfmt-qemu-static

Conversation

@zhaofengli
Copy link
Member

@zhaofengli zhaofengli commented Feb 19, 2022

Motivation for this change

This PR adds support for using a statically-linked build of QEMU without any intermediate wrapper to the binfmt-misc integration in NixOS. It also enables the "F" (fix binary) flag, allowing chroot into a foreign root filesystem without first having to make the interpreter available inside the rootfs. This fixes #160300 so foreign chroots "just work."

To use the statically-linked QEMU, set boot.binfmt.preferStaticEmulators = true;.

Currently, qemu-user-static is built with musl and has a couple of hard-to-debug problems. When building coreutils for aarch64-linux on x86_64-linux with it (see #143060 for background), all tests pass except for test-free where it segfaults the tests become stuck. Other distros ship qemu-user-static with static glibc. To prevent introducing new breakages, this PR keeps the dynamically-linked QEMU as the default.

How To Test

  1. Run nix-build -A nixosTests.systemd-binfmt
    • The chroot test is added which makes use of the new qemu-user-static
  2. Activate a config with this PR applied
  3. Confirm that nix-build --system aarch64-linux -A hello --check works
  4. Activate a config with boot.binfmt.preferStaticEmulators = true;
  5. Open /etc/nix/nix.conf and observe that extra-sandbox-paths is now empty
    • Yay purity!
  6. Confirm that nix-build --system aarch64-linux -A hello --check still works
    • Sadly nix-build --system aarch64-linux -A coreutils --check doesn't work now
  7. Try chrooting into ArchLinuxARM-aarch64-latest.tar.gz
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Feb 19, 2022
@ofborg ofborg bot added the 8.has: package (new) This PR adds a new package label Feb 19, 2022
@ofborg ofborg bot requested review from alyssais and edolstra February 19, 2022 00:42
@ofborg ofborg bot added 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels Feb 19, 2022
@eddyb
Copy link
Contributor

eddyb commented Aug 15, 2022

What's the status of this?

I ran into the need for aarch64 containers (to try and reproduce some weird ar archive corruption/format mismatch), and ended up rebasing this PR (of note is guestAgentSupport that was added after this PR, and I also ended up adding a commit for numaSupport = false; - not sure why that's only a problem now?).

For the limited testing needs I have I can probably just keep rebasing if I need to update, and just disable the binfmt config once I no longer need it - but it would be great to land this functionality in nixpkgs.

EDIT: heh, didn't really need this, turns out the real issue was a much weirder "high UID/GID" thing, not specific to any architecture - but I'll keep my branch around if it helps anyone.

Comment on lines 19 to 35
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should combine this into a minimal option or package?

@tartavull
Copy link

This is great work, how can we contribute to finalize it?

@zhaofengli
Copy link
Member Author

I guess we can first get the support for building QEMU statically as well as qemu-user-static in first. After that, we can iterate on it and finally replace the binfmt implementation to use qemu-user-static in another PR.

@YisuiDenghua
Copy link
Member

Error occurred when I was trying to build NixOS from github:zhaofengli/nixpkgs/binfmt-qemu-static. Adding numaSupport = false to user-binfmt.nix may solve the problem.
图片

@Detegr
Copy link
Contributor

Detegr commented Jan 16, 2023

This looks great, I'd love to see this getting merged.

@zhaofengli
Copy link
Member Author

Hi all, glad to see this finally getting some attention. I'm currently busy with something else at the moment but will get back to this PR in the coming days.

@Detegr
Copy link
Contributor

Detegr commented Feb 11, 2023

Is there anything I can do to help getting this forward?

@ImBearChild
Copy link
Contributor

This is a friendly ping. Since the allocation failure is intentional, would it be possible to merge the pull request now? I believe that this feature would be very useful for developers who work on embedded Linux products.

muellerbernd added a commit to muellerbernd/nixpkgs that referenced this pull request Feb 27, 2024
Signed-off-by: Bernd Müller <github@muellerbernd.de>
@Detegr
Copy link
Contributor

Detegr commented Feb 27, 2024

I ran into this limitation today once again. +1 for merging this.

@muellerbernd
Copy link

I also ran into this problem. +1 for merging

@ck3d
Copy link
Contributor

ck3d commented Feb 29, 2024

Could you please solve the merge conflicts. I will merge afterwards.

@wegank wegank added 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 2.status: merge conflict This PR has merge conflicts with the target branch labels Mar 19, 2024
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 20, 2024
@TECHNOFAB11
Copy link

Ran into this the last few days and took me a while to figure out why binfmt was working on Debian but not on NixOS, +1 for merging, would allow me to run different arch images in Kubernetes

@bltavares
Copy link

I'm not familiar with the etiquette on updating the PR of others, but I did attempt to update it to fix merge conflicts and new compilation issues on #300070

I did not find yet the right git commands to keep #160802 authorship during the merge I'd like to thank @zhaofengli for the original PR and I'll investigate how to keep the authorship intact meanwhile

bltavares added a commit to bltavares/nixpkgs-upstream that referenced this pull request Apr 1, 2024
Built on top of NixOS#160802, this commit
addresses necessary updates to bring it up to parity with `nixpkgs-unstable`:

- Introduce `pipewireSupport: false` as a new override option
- Remove 8.1.1 patch as qemu is 8.2.2 in nixpkgs-unstable
- Introduce new patch to expose libaio static due to upstream meson.build changes

In order to compile, the `perl` dependency must also be fixed
(NixOS#299623) on the `pkgsStatic` environment.
With this additional changeset, `nix-shell -p qemu-user-static` compiles.

**Tested on**:
- `x86_64-linux`
- `aarch64-linux`

**Depends on:**
- [ ] NixOS#299623
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/docker-ignoring-platform-when-run-in-nixos/21120/17

@SuperSandro2000 SuperSandro2000 marked this pull request as draft May 19, 2024 16:15
jcaesar pushed a commit to jcaesar/fork2pr-nixpkgs that referenced this pull request May 28, 2024
Built on top of NixOS#160802, this commit
addresses necessary updates to bring it up to parity with `nixpkgs-unstable`:

- Introduce `pipewireSupport: false` as a new override option
- Remove 8.1.1 patch as qemu is 8.2.2 in nixpkgs-unstable
- Introduce new patch to expose libaio static due to upstream meson.build changes

**Tested on**:
- `x86_64-linux`
- `aarch64-linux`

**Depends on:**
- [ ] NixOS#299623
@wegank wegank added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 4, 2024
@zhaofengli
Copy link
Member Author

zhaofengli commented Nov 12, 2024

Superseded by #334859 (and previously #300070)

@zhaofengli zhaofengli closed this Nov 12, 2024
@oxalica
Copy link
Contributor

oxalica commented Nov 12, 2024

Superseded by #160802 (and previously #300070).

Do you mean #334859? Your link is a self-reference to this one.

@zhaofengli
Copy link
Member Author

Do you mean #334859? Your link is a self-reference to this one.

Oops, you’re right. I fixed the link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

2.status: merge conflict This PR has merge conflicts with the target branch 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Cannot chroot to a different CPU architecture using boot.binfmt.emulatedSystems