From a2250b36c5135888360ce2a1253af61b61908825 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 19 Aug 2024 09:05:18 +0200 Subject: [PATCH 1/5] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/733453ac54a40997a6a690b60f3942d79560247c' (2024-07-26) → 'github:NixOS/nixpkgs/9aa35efbea27d320d0cdc5f922f0890812affb60' (2024-08-18) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/8db8970be1fb8be9c845af7ebec53b699fe7e009' (2024-07-23) → 'github:numtide/treefmt-nix/1d07739554fdc4f8481068f1b11d6ab4c1a4167a' (2024-08-16) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- flake.lock | 12 ++++++------ internal/meshapi/meshapi.pb.go | 2 +- internal/meshapi/meshapi_grpc.pb.go | 2 +- internal/userapi/userapi.pb.go | 2 +- internal/userapi/userapi_grpc.pb.go | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 7467e3a7a2..c161057c42 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721970117, - "narHash": "sha256-Hwm46lggqtihMaRuxbNaC1ACcU2a0jO/HXqrdjMatXk=", + "lastModified": 1724015816, + "narHash": "sha256-hVESnM7Eiz93+4DeiE0a1TwMeaeph1ytRJ5QtqxYRWg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "733453ac54a40997a6a690b60f3942d79560247c", + "rev": "9aa35efbea27d320d0cdc5f922f0890812affb60", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1721769617, - "narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=", + "lastModified": 1723808491, + "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009", + "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", "type": "github" }, "original": { diff --git a/internal/meshapi/meshapi.pb.go b/internal/meshapi/meshapi.pb.go index 9f8bbc4665..aeb33125ec 100644 --- a/internal/meshapi/meshapi.pb.go +++ b/internal/meshapi/meshapi.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.25.3 +// protoc v4.25.4 // source: meshapi.proto package meshapi diff --git a/internal/meshapi/meshapi_grpc.pb.go b/internal/meshapi/meshapi_grpc.pb.go index b64d60f3f3..b6ca1af229 100644 --- a/internal/meshapi/meshapi_grpc.pb.go +++ b/internal/meshapi/meshapi_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.25.3 +// - protoc v4.25.4 // source: meshapi.proto package meshapi diff --git a/internal/userapi/userapi.pb.go b/internal/userapi/userapi.pb.go index 0b34b51846..effd4750e8 100644 --- a/internal/userapi/userapi.pb.go +++ b/internal/userapi/userapi.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.25.3 +// protoc v4.25.4 // source: userapi.proto package userapi diff --git a/internal/userapi/userapi_grpc.pb.go b/internal/userapi/userapi_grpc.pb.go index 546e621b7e..01a22d9f1c 100644 --- a/internal/userapi/userapi_grpc.pb.go +++ b/internal/userapi/userapi_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.25.3 +// - protoc v4.25.4 // source: userapi.proto package userapi From 3d5d845020cad87428cadce7753d671d8687ee0e Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 19 Aug 2024 13:38:04 +0200 Subject: [PATCH 2/5] {microsoft,kata}.kata-agent: don't build with make Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- packages/by-name/kata/kata-agent/package.nix | 31 ++++++++++++------- .../by-name/microsoft/kata-agent/package.nix | 28 ++++++++++------- 2 files changed, 35 insertions(+), 24 deletions(-) diff --git a/packages/by-name/kata/kata-agent/package.nix b/packages/by-name/kata/kata-agent/package.nix index a5f5b5c815..ec7e44346e 100644 --- a/packages/by-name/kata/kata-agent/package.nix +++ b/packages/by-name/kata/kata-agent/package.nix @@ -14,6 +14,7 @@ openssl, withAgentPolicy ? true, withStandardOCIRuntime ? false, + withGuestPull ? true, fetchpatch, }: @@ -60,28 +61,34 @@ rustPlatform.buildRustPackage rec { libseccomp ]; + postPatch = '' + substitute src/version.rs.in src/version.rs \ + --replace @@AGENT_VERSION@@ ${version} \ + --replace @@API_VERSION@@ 0.0.1 \ + --replace @@VERSION_COMMIT@@ ${version} \ + --replace @@COMMIT@@ "" \ + --replace @@AGENT_NAME@@ kata-agent \ + --replace @@AGENT_DIR@@ /usr/bin \ + --replace @@AGENT_PATH@@ /usr/bin/kata-agent + ''; + # Build.rs writes to src postConfigure = '' chmod -R +w ../.. ''; + buildFeatures = + lib.optional withSeccomp "seccomp" + ++ lib.optional withAgentPolicy "agent-policy" + ++ lib.optional withStandardOCIRuntime "standard-oci-runtime" + ++ lib.optional withGuestPull "guest-pull" + ++ lib.optional (!withGuestPull) "default-pull"; + env = { LIBC = "gnu"; - SECCOMP = if withSeccomp then "yes" else "no"; - AGENT_POLICY = if withAgentPolicy then "yes" else "no"; - STANDARD_OCI_RUNTIME = if withStandardOCIRuntime then "yes" else "no"; OPENSSL_NO_VENDOR = 1; - RUST_BACKTRACE = 1; }; - buildPhase = '' - runHook preBuild - - make - - runHook postBuild - ''; - checkFlags = [ "--skip=mount::tests::test_already_baremounted" "--skip=netlink::tests::list_routes stdout" diff --git a/packages/by-name/microsoft/kata-agent/package.nix b/packages/by-name/microsoft/kata-agent/package.nix index d1141ab384..fdce08a23e 100644 --- a/packages/by-name/microsoft/kata-agent/package.nix +++ b/packages/by-name/microsoft/kata-agent/package.nix @@ -49,28 +49,32 @@ rustPlatform.buildRustPackage rec { libseccomp ]; + postPatch = '' + substitute src/version.rs.in src/version.rs \ + --replace @@AGENT_VERSION@@ ${version} \ + --replace @@API_VERSION@@ 0.0.1 \ + --replace @@VERSION_COMMIT@@ ${version} \ + --replace @@COMMIT@@ "" \ + --replace @@AGENT_NAME@@ kata-agent \ + --replace @@AGENT_DIR@@ /usr/bin \ + --replace @@AGENT_PATH@@ /usr/bin/kata-agent + ''; + # Build.rs writes to src postConfigure = '' chmod -R +w ../.. ''; + buildFeatures = + lib.optional withSeccomp "seccomp" + ++ lib.optional withAgentPolicy "agent-policy" + ++ lib.optional withStandardOCIRuntime "standard-oci-runtime"; + env = { LIBC = "gnu"; - SECCOMP = if withSeccomp then "yes" else "no"; - AGENT_POLICY = if withAgentPolicy then "yes" else "no"; - STANDARD_OCI_RUNTIME = if withStandardOCIRuntime then "yes" else "no"; OPENSSL_NO_VENDOR = 1; - RUST_BACKTRACE = 1; }; - buildPhase = '' - runHook preBuild - - make - - runHook postBuild - ''; - checkFlags = [ "--skip=mount::tests::test_already_baremounted" "--skip=netlink::tests::list_routes stdout" From 789f0ee87bb92f1c535e7f4d40d8394ad5ab0ab2 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 19 Aug 2024 13:38:30 +0200 Subject: [PATCH 3/5] igvmmeasure: 0.1.0-unstable-2024-03-25 -> 0.1.0-unstable-2024-08-19 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- packages/by-name/igvmmeasure/package.nix | 10 +++++----- packages/by-name/microsoft/kata-igvm/package.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/by-name/igvmmeasure/package.nix b/packages/by-name/igvmmeasure/package.nix index fc467cc56c..35457424c6 100644 --- a/packages/by-name/igvmmeasure/package.nix +++ b/packages/by-name/igvmmeasure/package.nix @@ -9,22 +9,22 @@ rustPlatform.buildRustPackage rec { pname = "igvmmeasure"; - version = "0.1.0-unstable-2024-03-25"; + version = "0.1.0-unstable-2024-08-19"; src = fetchFromGitHub { owner = "coconut-svsm"; repo = "svsm"; # TODO(malt3): Use a released version once available. - rev = "509bc7ca181af6981a1d50fb1cc46320553a4370"; - hash = "sha256-kA5ZI+8RpG2swApPLZsWJdcUu09sUBpdSAQf844XVuU="; + rev = "aa4936afbfae394a0b7404e5080863e5dae9473d"; + hash = "sha256-QHVdHVhQJhrmE8Vjg4Xw2HJmm2l9hMB0iL1KHVlh1iw="; }; - cargoBuildFlags = "-p igvmmeasure"; + buildAndTestSubdir = "igvmmeasure"; cargoLock = { lockFile = "${src}/Cargo.lock"; outputHashes = { - "packit-0.1.1" = "sha256-BLVpKYjrqTwEAPgL7V1xwMnmNn4B8bA38GSmrry0GIM="; + "packit-0.1.1" = "sha256-jrH0y1ebpUilV+nyv/kLQzcZP1lMW1fVCQo35tz5Vhs="; }; }; diff --git a/packages/by-name/microsoft/kata-igvm/package.nix b/packages/by-name/microsoft/kata-igvm/package.nix index 56d231d101..0f033a1847 100644 --- a/packages/by-name/microsoft/kata-igvm/package.nix +++ b/packages/by-name/microsoft/kata-igvm/package.nix @@ -53,7 +53,7 @@ let dontUnpack = true; buildInputs = [ igvmmeasure ]; buildPhase = '' - igvmmeasure -b ${igvm} | dd conv=lcase > $out + igvmmeasure ${igvm} measure -b | dd conv=lcase > $out ''; }; From 180c5be5a013493849787fb1910eeb1c77b05681 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 19 Aug 2024 15:01:47 +0200 Subject: [PATCH 4/5] qemu-static: update override after nixpkgs bump Adapting to changes made in https://github.com/NixOS/nixpkgs/pull/314998 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- packages/by-name/qemu-static/package.nix | 56 +++++------------------- 1 file changed, 10 insertions(+), 46 deletions(-) diff --git a/packages/by-name/qemu-static/package.nix b/packages/by-name/qemu-static/package.nix index b3486bca82..97f970b6f2 100644 --- a/packages/by-name/qemu-static/package.nix +++ b/packages/by-name/qemu-static/package.nix @@ -6,6 +6,7 @@ libaio, dtc, fetchurl, + python3Packages, }: let patchedDtc = dtc.overrideAttrs (previousAttrs: { @@ -20,36 +21,9 @@ let in (qemu.override (_previous: { dtc = patchedDtc; - - # Disable a bunch of features we don't need. - guestAgentSupport = false; - numaSupport = false; - seccompSupport = false; - alsaSupport = false; - pulseSupport = false; - pipewireSupport = false; - sdlSupport = false; - jackSupport = false; - gtkSupport = false; - vncSupport = false; - smartcardSupport = false; - spiceSupport = false; - ncursesSupport = false; - usbredirSupport = false; - xenSupport = false; - cephSupport = false; - glusterfsSupport = false; - openGLSupport = false; - rutabagaSupport = false; - virglSupport = false; - libiscsiSupport = false; - smbdSupport = false; - tpmSupport = false; + minimal = true; + enableBlobs = true; uringSupport = false; - canokeySupport = false; - capstoneSupport = false; - enableDocs = false; - # Only build for x86_64. hostCpuOnly = true; hostCpuTargets = [ "x86_64-softmmu" ]; @@ -62,23 +36,13 @@ in hash = "sha256-JDcnzpkwfzwa5ofMjS1HYy7BDJ79EunIdMqW5kdfauk="; }; - propagatedBuildInputs = builtins.filter ( - input: input.pname != "texinfo" - ) previousAttrs.propagatedBuildInputs; - configureFlags = - ( - # By the time overrideAttrs gets to see the attributes, it's too late - # for dontAddStaticConfigureFlags, so we need to manually filter out - # the flags. - builtins.filter ( - flag: flag != "--enable-static" && flag != "--disable-shared" - ) previousAttrs.configureFlags - ) - ++ [ - "--static" - "-Dlinux_aio_path=${libaio}/lib" - "-Dlinux_fdt_path=${patchedDtc}/lib" - ]; + configureFlags = previousAttrs.configureFlags ++ [ + "-Dlinux_aio_path=${libaio}/lib" + "-Dlinux_fdt_path=${patchedDtc}/lib" + ]; + + nativeBuildInputs = previousAttrs.nativeBuildInputs ++ [ python3Packages.packaging ]; + patches = [ ./0001-avoid-duplicate-definitions.patch # Based on https://github.com/NixOS/nixpkgs/pull/300070/commits/96054ca98020df125bb91e5cf49bec107bea051b#diff-7246126ac058898e6da6aadc1e831bb26afe07fa145958e55c5e112dc2c578fd. From 9f0824d8ab5b24258f865b183bc65e3ea8b7bb29 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 19 Aug 2024 15:20:36 +0200 Subject: [PATCH 5/5] azure-cli: temporary fix for msal version mismatch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- overlays/nixpkgs.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/overlays/nixpkgs.nix b/overlays/nixpkgs.nix index 838624acb1..08e8785de5 100644 --- a/overlays/nixpkgs.nix +++ b/overlays/nixpkgs.nix @@ -15,4 +15,30 @@ final: prev: { azure-cli = prev.azure-cli.override { withExtensions = with final.azure-cli.extensions; [ aks-preview ]; }; + + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + (_pythonFinal: pythonPrev: { + # Temporary fix for azure-cli https://github.com/NixOS/nixpkgs/issues/335750 + # Remove after pulling in https://github.com/NixOS/nixpkgs/pull/335225 + msal = pythonPrev.msal.overrideAttrs (oldAttrs: rec { + version = "1.30.0"; + src = final.fetchPypi { + inherit version; + inherit (oldAttrs) pname; + hash = "sha256-tL8AhQCS5GUVfYFO+iShj3iChMmkeUkQJNYpAwheovs="; + }; + }); + # Temporary fix for azure-cli https://github.com/NixOS/nixpkgs/issues/335750 + # Remove after pulling in https://github.com/NixOS/nixpkgs/pull/335225 + msal-extensions = pythonPrev.msal-extensions.overrideAttrs (_oldAttrs: rec { + version = "1.2.0"; + src = final.fetchFromGitHub { + owner = "AzureAD"; + repo = "microsoft-authentication-extensions-for-python"; + rev = "refs/tags/${version}"; + hash = "sha256-javYE1XDW1yrMZ/BLqIu/pUXChlBZlACctbD2RfWuis="; + }; + }); + }) + ]; }