nixos/binfmt: Add support for using statically-linked QEMU (continuation of #160802)#300070
nixos/binfmt: Add support for using statically-linked QEMU (continuation of #160802)#300070bltavares wants to merge 10 commits intoNixOS:masterfrom
Conversation
github-actions
bot
added
6.topic: nixos
The plugin .so's do not build statically.
Not needed for a minimal qemu-user-static build.
Not needed for a minimal qemu-user-static build.
This is synonymous with the "qemu-user-static" packages available in other distros.
The fixBinary flag will be enabled if a static emulator is in use.
bltavares
force-pushed
the
pkgs.qemu-user-static
branch
from
353b714 to
65da6e6
Compare
Built on top of NixOS#160802, this commit addresses necessary updates to bring it up to parity with `nixpkgs-unstable`: - Introduce `pipewireSupport: false` as a new override option - Remove 8.1.1 patch as qemu is 8.2.2 in nixpkgs-unstable - Introduce new patch to expose libaio static due to upstream meson.build changes In order to compile, the `perl` dependency must also be fixed (NixOS#299623) on the `pkgsStatic` environment. With this additional changeset, `nix-shell -p qemu-user-static` compiles. **Tested on**: - `x86_64-linux` - `aarch64-linux` **Depends on:** - [ ] NixOS#299623
bltavares
force-pushed
the
pkgs.qemu-user-static
branch
from
65da6e6 to
d01bb6a
Compare
|
I don't like how |
|
@Ericson2314 I'm not familiar with the original intention on #160802 but a similar question was asked in the PR https://github.com/NixOS/nixpkgs/pull/160802/files#r1208073679 |
|
In the interest of this not being left lying around for 2 years again, would it be possible to get the changes to PS: I'm testing this right now, and I'm not actually sure its working right.{lib, pkgs, ...}: {
environment.etc."binfmt.d/nix-hack-qemu-user-statc.conf".text = let
pr = pkgs.fetchFromGitHub {
owner = "NixOS";
repo = "nixpkgs";
rev = "pull/300070/head"; #"d01bb6a1f7b820437406b4b341f77537c04bdc50";
hash = "sha256-7uBcm17HVjPW5JBmEnyg+yVb1qDkiXHKfeLjR7wfyek=";
};
patched = import pr {system = "x86_64-linux";};
# Workaround for https://github.com/NixOS/nixpkgs/issues/295608
qus = patched.qemu-user-static.override {
pkgsStatic =
patched.pkgsStatic
// {
qemu = patched.pkgsStatic.qemu.override {
texinfo = patched.pkgsStatic.texinfo.override {
perl = pkgs.perl;
};
hostCpuTargets = ["aarch64-linux-user"];
};
};
};
in
lib.concatStringsSep ":" [
""
"aarch64-linux"
"M"
""
"\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00"
"\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"
"${qus}/bin/qemu-aarch64"
"FOCP"
];
}and running docker run --rm -ti --platform linux/arm64 ubuntu:jammy bash -c 'apt-get update && apt-get -y install dnsutils'yields me |
|
The |
|
I'm not familiar enough with conventions to understand how |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/docker-ignoring-platform-when-run-in-nixos/21120/17 |
| @@ -30,6 +30,7 @@ let | |||
|
|
|||
| getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs; | |||
There was a problem hiding this comment.
What @Ericson2314 probably means is to simply optionally do this:
| getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs; | |
| getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgsStatic; |
wegank
added
the
2.status: merge conflict
| in [ ] | ||
| ++ lib.optional hasNonFixedRule "/run/binfmt" |
There was a problem hiding this comment.
| in [ ] | |
| ++ lib.optional hasNonFixedRule "/run/binfmt" | |
| in lib.optional hasNonFixedRule "/run/binfmt" |
I've gone ahead and opened the PR for that. If that does get merged, you can already use the static binfmt interpreter with boot.binfmt.registrations = lib.genAttrs ["aarch64-linux" "armv7l-linux" "riscv64-linux"] (sys: {
interpreter = "${pkgs.pkgsStatic.qemu-user}/bin/qemu-${(lib.systems.elaborate sys).qemuArch}";
wrapInterpreterInShell = false;
preserveArgvZero = true;
matchCredentials = true;
fixBinary = true;
});so figuring out the module setup is less pressing. Though at least a test that ensures that |
| guestAgentSupport = false; | ||
| numaSupport = false; | ||
| seccompSupport = false; | ||
| alsaSupport = false; | ||
| pulseSupport = false; | ||
| sdlSupport = false; | ||
| jackSupport = false; | ||
| pipewireSupport = false; | ||
| gtkSupport = false; | ||
| vncSupport = false; | ||
| smartcardSupport = false; | ||
| spiceSupport = false; | ||
| ncursesSupport = false; | ||
| libiscsiSupport = false; | ||
| smbdSupport = false; | ||
| tpmSupport = false; | ||
| uringSupport = false; | ||
| capstoneSupport = false; | ||
| enableDocs = false; | ||
| enableTools = false; | ||
| enableBlobs = false; | ||
| hostCpuTargets = qemuTargets; |
There was a problem hiding this comment.
This is somewhat redundant with https://github.com/NixOS/nixpkgs/pull/300070/files#diff-2165823a8d82c5dd1353601bd290df8bd431f9ee2096750d9ef655cf5d251998L256-L274, right? I think it might be nice if only one of the two could be kept.
JeffLabonte
left a comment
JeffLabonte
left a comment
There was a problem hiding this comment.
With comments resolved, I approve. I need this
SuperSandro2000
changed the title
SuperSandro2000
left a comment
SuperSandro2000
left a comment
There was a problem hiding this comment.
This is already looking really good and I think we can almost merge this
| @@ -254,7 +254,9 @@ stdenv.mkDerivation (finalAttrs: { | |||
|
|
|||
| # Add a ‘qemu-kvm’ wrapper for compatibility/convenience. | |||
| postInstall = lib.optionalString (!toolsOnly) '' | |||
There was a problem hiding this comment.
Could we make this depend on an option we have? I think that would be nicer, to not accidentally drop it in some update.
There was a problem hiding this comment.
Can you rebase this commit and move the hunks into the initial commits to get a cleaner git history?
|
@SuperSandro2000 I have a significantly cleaned up version of the changes to qemu in #314998, maybe that's easier to merge? (Should have mentioned it here sooner.) But if you do go for this PR, note:
(Alternatively, there's also the option of having qemu-user as a completely separate package, like so.) |
|
The changes to
Not sure it's meaningful, but I can now answer that question: Not all targets can have emulators from |
|
#334859 has been merged and this functionality is now usable. @bltavares Would you mind if I close this PR? |
|
#334859 explicitly supersedes this PR. |
9 participants
(I'm not familiar with the etiquette on updating the PR of others, and I did not find the right git commands to keep #160802 authorship during the merge. I'd like to thank @zhaofengli for the original PR and I'll investigate how to keep the authorship intact meanwhile)
Description of changes
Built on top of #160802, this commit
addresses necessary updates to bring it up to parity with
nixpkgs-unstable:pipewireSupport: falseas a new override optionIn order to compile, the
perldependency must also be fixed(#299623) on the
pkgsStaticenvironment.With this additional changeset,
nix-shell -p qemu-user-staticcompiles.Tested on:
x86_64-linuxaarch64-linuxDepends on:
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.