Enable NixOS cross-compiling from aarch64-linux to x86_64-linux and vice versa

nixos/lib/make-disk-image.nix

@@ -383,9 +383,10 @@ let
       nixos-enter
       nix
       systemdMinimal
+      coreutils
+      findutils
     ]
     ++ lib.optional deterministic gptfdisk
-    ++ stdenv.initialPath
   );
 
   # I'm preserving the line below because I'm going to search for it across nixpkgs to consolidate
@@ -602,6 +603,7 @@ let
     }
 
     echo "copying staging root to image..."
+    shopt -s dotglob
     cptofs -p ${lib.optionalString (partitionTableType != "none") "-P ${rootPartition}"} \
            -t ${fsType} \
            -i $diskImage \
@@ -634,8 +636,18 @@ let
     echo "file ${format}-image $out/${filename}" >> $out/nix-support/hydra-build-products
   '';
 
+  buildSystem = pkgs.stdenv.buildPlatform.system;
+  hostSystem = pkgs.stdenv.hostPlatform.system;
+  crossPkgs =
+    if (hostSystem != buildSystem) then
+      import ../.. # nixpkgs
+        { system = hostSystem; }
+    else
+      pkgs;
+
   buildImage = pkgs.vmTools.runInLinuxVM (
-    pkgs.runCommand name
+
+    crossPkgs.runCommand name
       {
         preVM = prepareImage + lib.optionalString touchEFIVars createEFIVars;
         buildInputs = with pkgs; [
@@ -661,6 +673,7 @@ let
       ''
         export PATH=${binPath}:$PATH
 
+
         rootDisk=${if partitionTableType != "none" then "/dev/vda${rootPartition}" else "/dev/vda"}
 
         # It is necessary to set root filesystem unique identifier in advance, otherwise
@@ -680,26 +693,26 @@ let
         # Create the ESP and mount it. Unlike e2fsprogs, mkfs.vfat doesn't support an
         # '-E offset=X' option, so we can't do this outside the VM.
         ${lib.optionalString (partitionTableType == "efi" || partitionTableType == "hybrid") ''
-          mkdir -p /mnt/boot
-          mkfs.vfat -n ESP /dev/vda1
-          mount /dev/vda1 /mnt/boot
+          mkdir -p $mountPoint/boot
+          mkfs.vfat -F 32 -n ESP /dev/vda1
+          mount /dev/vda1 $mountPoint/boot
 
           ${lib.optionalString touchEFIVars "mount -t efivarfs efivarfs /sys/firmware/efi/efivars"}
         ''}
         ${lib.optionalString (partitionTableType == "efixbootldr") ''
-          mkdir -p /mnt/{boot,efi}
-          mkfs.vfat -n ESP /dev/vda1
-          mkfs.vfat -n BOOT /dev/vda2
-          mount /dev/vda1 /mnt/efi
-          mount /dev/vda2 /mnt/boot
+          mkdir -p $mountPoint/{boot,efi}
+          mkfs.vfat -F 32 -n ESP /dev/vda1
+          mkfs.vfat -F 32 -n BOOT /dev/vda2
+          mount /dev/vda1 $mountPoint/efi
+          mount /dev/vda2 $mountPoint/boot
 
           ${lib.optionalString touchEFIVars "mount -t efivarfs efivarfs /sys/firmware/efi/efivars"}
         ''}
 
         # Install a configuration.nix
-        mkdir -p /mnt/etc/nixos
+        mkdir -p $mountPoint/etc/nixos
         ${lib.optionalString (configFile != null) ''
-          cp ${configFile} /mnt/etc/nixos/configuration.nix
+          cp ${configFile} $mountPoint/etc/nixos/configuration.nix
         ''}
 
         ${lib.optionalString installBootLoader ''
@@ -741,7 +754,7 @@ let
           fi
         done
 
-        umount -R /mnt
+        umount -R $mountPoint
 
         # Make sure resize2fs works. Note that resize2fs has stricter criteria for resizing than a normal
         # mount, so the `-c 0` and `-i 0` don't affect it. Setting it to `now` doesn't produce deterministic

pkgs/build-support/rust/hooks/default.nix

@@ -9,13 +9,17 @@
 , rust
 , rustc
 , stdenv
+, python3
 
 # This confusingly-named parameter indicates the *subdirectory of
 # `target/` from which to copy the build artifacts.  It is derived
 # from a stdenv platform (or a JSON file).
 , target ? stdenv.hostPlatform.rust.cargoShortTarget
 }:
-
+let
+ inherit (python3) pythonOnBuildForHost;
+ pythonInterpreter = pythonOnBuildForHost.interpreter;
+in
 {
   cargoBuildHook = callPackage ({ }:
     makeSetupHook {
@@ -76,6 +80,7 @@
       };
     } ./cargo-setup-hook.sh) {};
 
+
   maturinBuildHook = callPackage ({ pkgsHostTarget }:
     makeSetupHook {
       name = "maturin-build-hook.sh";
@@ -86,6 +91,7 @@
       ];
       substitutions = {
         inherit (rust.envVars) rustTargetPlatformSpec setEnv;
+        pythonInterpreter = lib.versions.majorMinor pythonOnBuildForHost.version;
       };
     } ./maturin-build-hook.sh) {};
 

pkgs/build-support/rust/hooks/maturin-build-hook.sh

@@ -19,6 +19,7 @@ maturinBuildHook() {
 
     local flagsArray=(
         "--jobs=$NIX_BUILD_CORES"
+        "--interpreter=@pythonInterpreter@"
         "--offline"
         "--target" "@rustTargetPlatformSpec@"
         "--manylinux" "off"

pkgs/build-support/vm/default.nix

@@ -5,7 +5,7 @@
 , img ? pkgs.stdenv.hostPlatform.linux-kernel.target
 , storeDir ? builtins.storeDir
 , rootModules ?
-    [ "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_balloon" "virtio_rng" "ext4" "unix" "virtiofs" "crc32c_generic" ]
+    [ "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_balloon" "virtio_rng" "ext4" "unix" "virtiofs" "crc32c_generic" "iso9660" "loop"]
 }:
 
 let
@@ -16,7 +16,7 @@ in
 rec {
   qemu-common = import ../../../nixos/lib/qemu-common.nix { inherit lib pkgs; };
 
-  qemu = buildPackages.qemu_kvm;
+  qemu = buildPackages.qemu;
 
   modulesClosure = pkgs.makeModulesClosure {
     inherit kernel rootModules;
@@ -161,6 +161,27 @@ rec {
     ];
   };
 
+  # Switch standard build environment to target host platform
+  stage2Stdenv =
+    let
+      buildSystem = pkgs.stdenv.buildPlatform.system;
+      hostSystem = pkgs.stdenv.hostPlatform.system;
+    in  if (buildSystem == hostSystem) then stdenv else
+      let
+        targetArch = if ( hostSystem == "x86_64-linux") then
+        "gnu64" else
+        "aarch64-multiplatform";
+      in
+      pkgs.stdenv.override {
+         buildPlatform = pkgs.stdenv.hostPlatform;
+         cc = null;
+         preHook = "";
+         allowedRequisites = null;
+         initialPath = [pkgs.pkgsCross.${targetArch}.busybox];
+         shell = "${pkgs.pkgsCross.${targetArch}.bash}/bin/bash";
+         extraNativeBuildInputs = [];
+        }
+     ;
 
   stage2Init = writeScript "vm-run-stage2" ''
     #! ${bash}/bin/sh
@@ -178,7 +199,8 @@ rec {
     export PATH=/empty
     cd "$NIX_BUILD_TOP"
 
-    source $stdenv/setup
+    source ${stage2Stdenv}/setup
+    export stdenv=${stage2Stdenv}
 
     if ! test -e /bin/sh; then
       ${coreutils}/bin/mkdir -p /bin
@@ -217,7 +239,6 @@ rec {
     fi
   '';
 
-
   qemuCommandLinux = ''
     ${if (customQemu != null) then customQemu else (qemu-common.qemuBinary qemu)} \
       -nographic -no-reboot \
@@ -233,7 +254,6 @@ rec {
       $QEMU_OPTS
   '';
 
-
   vmRunCommand = qemuCommand: writeText "vm-run" ''
     ${coreutils}/bin/mkdir xchg
     export > xchg/saved-env
@@ -260,9 +280,11 @@ rec {
     # the -K option to preserve the temporary build directory).
     cat > ./run-vm <<EOF
     #! ${bash}/bin/sh
+
     ''${diskImage:+diskImage=$diskImage}
-    ${pkgs.virtiofsd}/bin/virtiofsd --xattr --socket-path virtio-store.sock --sandbox none --shared-dir "${storeDir}" &
-    ${pkgs.virtiofsd}/bin/virtiofsd --xattr --socket-path virtio-xchg.sock --sandbox none --shared-dir xchg &
+    ${buildPackages.virtiofsd}/bin/virtiofsd --xattr --socket-path virtio-store.sock --sandbox none --shared-dir "${storeDir}" &
+    ${buildPackages.virtiofsd}/bin/virtiofsd --xattr --socket-path virtio-xchg.sock --sandbox none --shared-dir xchg &
+
     ${qemuCommand}
     EOF
 

pkgs/by-name/ma/maturin/package.nix

@@ -24,10 +24,12 @@ rustPlatform.buildRustPackage rec {
 
   cargoHash = "sha256-xC0zCDGE0AynMUc5qSkgOYB3JqOWDlc8oz4yi6cGCJs=";
 
-  buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
-    darwin.apple_sdk.frameworks.Security
-    libiconv
-  ];
+  buildInputs =
+    [ python3 ]
+    ++ lib.optionals stdenv.hostPlatform.isDarwin [
+      darwin.apple_sdk.frameworks.Security
+      libiconv
+    ];
 
   # Requires network access, fails in sandbox.
   doCheck = false;

pkgs/by-name/ne/networkmanager-iodine/package.nix

@@ -53,6 +53,9 @@ stdenv.mkDerivation {
       libnma
     ];
 
+  # configure.ac:53: warning: macro 'AM_GLIB_GNU_GETTEXT' not found in library
+  strictDeps = false;
+
   configureFlags = [
     "--with-gnome=${if withGnome then "yes" else "no"}"
     "--localstatedir=/" # needed for the management socket under /run/NetworkManager

pkgs/by-name/op/openfortivpn/package.nix

@@ -6,6 +6,7 @@
 , openssl
 , ppp
 , systemd
+, glib
 , withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd
 , withPpp ? stdenv.hostPlatform.isLinux
 }:
@@ -27,7 +28,7 @@ stdenv.mkDerivation rec {
       --replace '$(DESTDIR)$(confdir)' /tmp
   '';
 
-  nativeBuildInputs = [ autoreconfHook pkg-config ];
+  nativeBuildInputs = [ autoreconfHook pkg-config glib ];
 
   buildInputs = [
     openssl

pkgs/development/python-modules/rpds-py/default.nix

@@ -32,6 +32,7 @@ buildPythonPackage rec {
     rustPlatform.maturinBuildHook
     cargo
     rustc
+    #python3
   ];
 
   buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ libiconv ];

pkgs/tools/security/gnupg/24.nix

@@ -34,11 +34,11 @@ assert guiSupport -> !enableMinimal;
 
 stdenv.mkDerivation rec {
   pname = "gnupg";
-  version = "2.4.7";
+  version = "2.4.5";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
-    hash = "sha256-eyRwbk2n4OOwbKBoIxAnQB8jgQLEHJCWMTSdzDuF60Y=";
+    hash = "sha256-9o99ddBssWNcM2002ESvl0NsP2TqFLy3yGl4L5b0Qnc=";
   };
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];