Commit graph

33584 commits

Author SHA1 Message Date
aszlig fedf13e6cf
vm/windows: Implement and use "xchg" share.
This now finally introduces our xchg share and also uses it for
exchanging state while suspending a VM. However, accessing the _real_
Nix store still isn't possible because we're shadowing the directory in
the initrd.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig 0ce1fd07fe
vm/windows: Reintroduce setting up /nix/store.
Now we're doing this at the point where we're saving the VM state.
Unfortunately it's not quite right, because the controller VM is shut
down _before_ we're saving the state, so the share gets disconnected
despite autodisconnect being deactivated during setup.

We can get around this issue by finally introducing the xchg share,
which is the last item to be implemented before we can merge to master.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig aa65a7057f
vm/windows: Properly escape shell command.
Security-wise it's not a big issue because we're still sandboxed, but I
really don't want to write something like \\\\\\\\192.168.0.2\\\\share
in order to set up network shares.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig cfa859d792
vm/windows: Don't init /nix/store on install.
We're going to do this during the suspendedVM phase, so we're able to
more easily change the shares without reinstalling the whole VM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig 3e91192f07
vm/windows: Wait for VDE switch to startup.
This could possibly cause flapping whenever qemu is too fast in starting
up. As we are running with the shell's -e flag, the socat check also
ensures that the VDE switch is properly started and causes the whole
build to fail, should it not start up within 20 seconds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig c731467e2c
vm/windows: Split install into several stages.
These stages are in particular:

 * Install of the bare Windows VM with Cygwin and shut down.
 * Boot up the same VM again without the installation media and dump the
   VMs memory to state.gz.
 * Resume from state.gz and build whatever we want to build.

Every single stage involves a new "controller", which is more like an
abstraction on the Nix side that constructs the madness described in
276b72fb93.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig 5105e7f0bf
vm/windows: Update sha256 of Cygwin's setup.ini.
This is kinda stupid to do every little time the file is automatically
regenerated upstream. But let's see how often that happens and whether
it will become a major annoyance or not, and if yes, we might be forced
to include it in our source tree.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:55 +01:00
aszlig 9b1862ca1f
vm/windows: Move creating SSH key into install/.
This SSH key is specifically only for accessing the installed Cygwin
within the Windows VM, so we only need to expose the private key. Yes,
you heard right, the private key. It's not security-relevant because the
machine is completely read-only, only exposed to the filesystem and
networking is not available.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig 4e21215d52
vm/windows: Move the installer into install/.
At least the largest portion of the installer, because in the end we
don't want the installer to *actually* save the state but only prepare
the base image.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig 276b72fb93
vm: Introduce new Windows VM installer for Cygwin.
After quite a lot of fighting against Windows and its various
limitations, this new is the base architecture for installing and
accessing the Windows VM and thus the Cygwin environment inside it:

                .------------.
          .---> | vde_switch |
          |     `-[#]----[#]-'
          |        |      |
         ,'       .'      `---.___
       ,'    192.168.0.1          `.
       |          |            192.168.0.2
      ,'    _____[#]____           |
    ,'     |            |   ______[#]______
    |      | Windows VM |  |    .--'       |
    |      |____________|  |    |          |
    |             |  /|\   |  .-|          |
    | .---------. |   |    |  | |          |
  .-|-| manager |-'   |    |  | |          |
  | | `---------'     |    |  | |          |
  | |                 |    |  | |          |
  | | .-------------. |    | Samba         |
  | | | BOOTSTRAP   | |    |  | |          |
  | | |-------------| |    |  | |   .------|
  | `-| spawn VMs   |-+--> |  | `---| xchg | <-------.
  |   |-------------|      |  | .---^------|         |
  |   | install     |---.  |  `-| nixstore | <----.  |
  |   |-------------|   |  |    `----------|      |  |
  |---| suspend VM  |   |  |               |      |  |
  |   `------.------'   |  | Controller VM |      |  |
  |          |          |  |_______________|      |  |
  |       .--'          |         /|\            VirtIO
  |       |           __|__________:____________  |  |
  |      \|/         |  |          `.           | |  |
  | .------------.   |  |           :           | |  |
  | | REAL BUILD |   |  |   .-------^--------.  | |  |
  | |------------|   |  `-> | serial console |  | |  |
  `-| revive VM  |   |      `----------------'  | |  |
    |------------|   |------------.             | |  |
    | build      |-->| /nix/store >>>-----------|-'  |
    |------------|   |------------|             |    |
    | collect    |<--| xchg       >>>-----------|----'
    `-----.------'   |------------'             |
          |          |                          |
         \|/         |    |  |  __   ___  |     |
                     |    |--| |  | (__  -|-    |
    F I N I S H E D  |    |  | |__| ___)  |     |
                     |__________________________|

This might look a bit overwhelming, but let me try to explain:

We're starting at the base derivation ("BOOTSTRAP" above), where we
actually install the Cygwin envirenment. Over there we basically fire up
a vde_switch process and two virtual machines: One is the Windows
machine, the other is a NixOS machine, which serves as some kind of
proxy between the host and the Windows machine.

The reason we're doing this, is because we don't have a lot of options
for sharing files between a stock Windows machine and the host. In
earlier experiments, I've tried to communicate with the Windows guest by
using pipes and OpenSSH, but obviously this wasn't a big speed rush (or
to say it bluntly: It was fucking slow).

Using TCP/IP directly for accessing the guest would have been another
option, but it could lead to possible errors when the port or a range of
ports are in use at the Host system. Also, we would need to punch a hole
into the sandbox of the Nix builder (as it doesn't allow networking),
which in turn will possibly undermine deterministic builds/runs (well,
at least as deterministic as it can be, we're running Windows,
remember?).

So, let's continue: The responsibility of the NixOS (controller) VM is
to just wait until an SSH port becomes available on the Windows VM,
whereas the Windows VM itself is installed using an unattended
installation file provided via a virtual floppy image.

With the installation of the basic Windows OS, we directly install
Cygwin and start up an OpenSSH service.

At this point the bootstrapping is almost finished and as soon as the
port is available, the controller VM sets up Samba shares and makes it
available as drive letters within Windows and as bind mounts (for
example /nix/store) within Cygwin.

Finally we're making a snapshot of the memory of the Windows VM in order
to revive it within a few seconds when we want to build something.

Now, the build process itself is fairly straightforward: Revive VM and
build based on existing store derivations and collect the result _and_
the exit code from the xchg share/directory.

Conclusion: This architecture may sound a bit complicated, but we're
trying to achieve deterministic and reproducable builds and/or test
runs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:53 +01:00
Ricardo M. Correia 3c871ccbc9 chromium: Update all channels
stable: 32.0.1700.107 -> 33.0.1750.115
beta:   33.0.1750.46  -> 33.0.1750.115
dev:    34.0.1809.0   -> 34.0.1847.3
2014-02-20 14:32:09 +01:00
Sander van der Burg f5a9e5188d titaniumsdk: remove some obsolete debugging stuff 2014-02-20 14:19:32 +01:00
Ricardo Correia 1c645521bd Merge pull request #1796 from thoughtpolice/grsec
grsecurity: stable/testing updates
2014-02-20 14:18:29 +01:00
Rob Vermaas cf00cd5e36 Add support for printing qr code for google-authenticator. 2014-02-20 12:30:49 +01:00
Lluís Batlle i Rossell 94591762fe Updating rdesktop to 1.8.1. 2014-02-20 12:28:30 +01:00
Peter Simons 676f44eb04 Merge pull request #1790 from thoughtpolice/checksec
checksec: version 1.5
2014-02-20 12:03:24 +01:00
Austin Seipp 58e08a1a4f grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402152203 -> 3.0-3.2.55-201402192249
  - testing: 3.0-3.13.3-201402152204 -> 3.0-3.13.3-201402192252

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:53:19 -06:00
Austin Seipp 7411fabd3e checksec: version 1.5
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:26:17 -06:00
Shea Levy 21d1e7deb1 libev: bump 2014-02-19 20:03:30 -05:00
Domen Kožar a0ff8f687f python3.3: 3.3.3 -> 3.3.4 2014-02-20 00:44:51 +01:00
Domen Kožar 31949ead32 python2.7: 2.7.5 -> 2.7.6 2014-02-20 00:44:27 +01:00
Domen Kožar 67cc87a35a python2.6: 2.6.8 -> 2.6.9 2014-02-20 00:44:08 +01:00
Domen Kozar 342ed631a4 speedtest_cli: update from 0.2.4 to 0.2.5 2014-02-20 00:23:05 +01:00
Austin Seipp 0441bb1b7a virtualbox: 4.2.18 -> 4.2.22
This is needed to compile the Virtual Box guest additions with the 3.13
kernel (and thus the grsecurity testing kernel).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-19 23:58:53 +01:00
Cillian de Róiste 77041cbf45 linuxsampler: fix the build by using bison2 2014-02-19 23:50:24 +01:00
Cillian de Róiste 30fb0365df openimageio: update from 1.1.12 to 1.3.12 2014-02-19 22:49:21 +01:00
Cillian de Róiste f2b59904e5 opencolorio: update from 1.0.8 to 1.0.9 2014-02-19 22:49:07 +01:00
Cillian de Róiste 927ed152f4 minixml: upgrade from 2.6 to 2.8
Tested with yoshimi and zynaddsubfx
2014-02-19 21:58:43 +01:00
Sergey Mironov 2142d7542b zathura: version bump (0.2.6 -> 0.2.7) (close #1782) 2014-02-19 20:51:50 +01:00
Sergey Mironov a629aaee72 viewnior: version bump (1.4) (close #1781) 2014-02-19 20:44:30 +01:00
Vladimír Čunát 048a85f952 gnutls: add platforms for the default version 2014-02-19 20:42:51 +01:00
Badi' Abdul-Wahid 68f9e60435 gnutls: fix linking on Darwin (close #1779) 2014-02-19 20:40:04 +01:00
Cillian de Róiste 845f30aa6a sonic-visualiser: upgrade from 1.9 to 2.3
remove obsolete patch, add new inputs
2014-02-19 20:14:15 +01:00
Cillian de Róiste 058ed07fb8 vamp-sdk: update from 2.2.1 to 2.5
Tested with mixxx, qtractor, rubberband and sonic-visualiser
2014-02-19 20:14:15 +01:00
Jaka Hudoklin 5caaa5e0ba pythonPackages: fix and upate graphite, carbon and whisper
Twisted needed downgrade for carbon to start
2014-02-19 16:42:12 +01:00
Domen Kožar 189273af38 add gnome3.vino 2014-02-19 16:38:41 +01:00
Peter Simons 2a1f4c82b2 haskell-cabal2nix: update to version 1.60 2014-02-19 16:07:35 +01:00
Peter Simons 731e3c186e haskell-skein: update to version 1.0.9 2014-02-19 16:07:35 +01:00
Peter Simons baffeb2b66 haskell-shakespeare-css: update to version 1.0.7.1 2014-02-19 16:07:35 +01:00
Peter Simons 9f7aa5e224 haskell-shake: update to version 0.11.2 2014-02-19 16:07:35 +01:00
Peter Simons fe92d6bbed haskell-multiarg: update to version 0.24.0.2 2014-02-19 16:07:35 +01:00
Peter Simons 8a81d2c200 haskell-http-conduit: update to version 2.0.0.6 2014-02-19 16:07:35 +01:00
Peter Simons 65972a5724 haskell-css-text: update to version 0.1.2.0.1 2014-02-19 16:07:34 +01:00
Peter Simons 0c008eb857 haskell-bert: update to version 1.2.2.1 2014-02-19 16:07:34 +01:00
Peter Simons 40debd63ca nc-indicators: re-generate with cabal2nix 2014-02-19 16:07:34 +01:00
Domen Kožar 66a353c9b9 Merge pull request #1786 from lethalman/icons
gnome-icon-theme-symbolic and yelp update
2014-02-19 15:19:56 +01:00
Evgeny Egorochkin a52f17e4e1 youtubeDL: update from 2014.02.17 to 2014.02.19.1 2014-02-19 15:56:13 +02:00
Luca Bruno df2661953e yelp: Show icons in the application 2014-02-19 14:29:07 +01:00
Luca Bruno 6aef8266f0 gnome-icon-theme-symbolic: new package 2014-02-19 14:25:27 +01:00
Eelco Dolstra 83ca2c272a fetchurl: Ensure that ‘urls’ is a list 2014-02-19 13:58:42 +01:00