HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: qemu: Fix CVE-2017-5525, CVE-2017-5526.
[jackhill/guix/guix.git] / gnu / packages / qemu.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
6 ;;;
7 ;;; This file is part of GNU Guix.
8 ;;;
9 ;;; GNU Guix is free software; you can redistribute it and/or modify it
10 ;;; under the terms of the GNU General Public License as published by
11 ;;; the Free Software Foundation; either version 3 of the License, or (at
12 ;;; your option) any later version.
13 ;;;
14 ;;; GNU Guix is distributed in the hope that it will be useful, but
15 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;;; GNU General Public License for more details.
18 ;;;
19 ;;; You should have received a copy of the GNU General Public License
20 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
21
22 (define-module (gnu packages qemu)
23 #:use-module (gnu packages)
24 #:use-module (gnu packages admin)
25 #:use-module (gnu packages attr)
26 #:use-module (gnu packages autotools)
27 #:use-module (gnu packages check)
28 #:use-module (gnu packages compression)
29 #:use-module (gnu packages curl)
30 #:use-module (gnu packages cyrus-sasl)
31 #:use-module (gnu packages disk)
32 #:use-module (gnu packages gl)
33 #:use-module (gnu packages glib)
34 #:use-module (gnu packages gnome)
35 #:use-module (gnu packages gtk)
36 #:use-module (gnu packages image)
37 #:use-module (gnu packages libusb)
38 #:use-module (gnu packages linux)
39 #:use-module (gnu packages ncurses)
40 #:use-module (gnu packages perl)
41 #:use-module (gnu packages pkg-config)
42 #:use-module (gnu packages polkit)
43 #:use-module (gnu packages python)
44 #:use-module (gnu packages sdl)
45 #:use-module (gnu packages spice)
46 #:use-module (gnu packages texinfo)
47 #:use-module (gnu packages tls)
48 #:use-module (gnu packages web)
49 #:use-module (gnu packages xdisorg)
50 #:use-module (gnu packages xml)
51 #:use-module (guix build-system gnu)
52 #:use-module (guix build-system python)
53 #:use-module (guix download)
54 #:use-module ((guix licenses) #:select (gpl2 gpl2+ lgpl2.1+))
55 #:use-module (guix packages)
56 #:use-module (guix utils)
57 #:use-module (srfi srfi-1))
58
59 (define (qemu-patch commit file-name sha256)
60 "Return an origin for COMMIT."
61 (origin
62 (method url-fetch)
63 (uri (string-append
64 "http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h="
65 commit))
66 (sha256 sha256)
67 (file-name file-name)))
68
69 (define-public qemu
70 (package
71 (name "qemu")
72 (version "2.8.0")
73 (source (origin
74 (method url-fetch)
75 (uri (string-append "http://wiki.qemu-project.org/download/qemu-"
76 version ".tar.bz2"))
77 (sha256
78 (base32
79 "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
80 (patches (search-patches "qemu-CVE-2017-5525.patch"
81 "qemu-CVE-2017-5526.patch"))))
82 (build-system gnu-build-system)
83 (arguments
84 '(;; Running tests in parallel can occasionally lead to failures, like:
85 ;; boot_sector_test: assertion failed (signature == SIGNATURE): (0x00000000 == 0x0000dead)
86 #:parallel-tests? #f
87
88 #:phases
89 (modify-phases %standard-phases
90 (replace 'configure
91 (lambda* (#:key inputs outputs (configure-flags '())
92 #:allow-other-keys)
93 ;; The `configure' script doesn't understand some of the
94 ;; GNU options. Thus, add a new phase that's compatible.
95 (let ((out (assoc-ref outputs "out")))
96 (setenv "SHELL" (which "bash"))
97
98 ;; While we're at it, patch for tests.
99 (substitute* "tests/libqtest.c"
100 (("/bin/sh") (which "sh")))
101
102 ;; The binaries need to be linked against -lrt.
103 (setenv "LDFLAGS" "-lrt")
104 (zero?
105 (apply system*
106 `("./configure"
107 ,(string-append "--cc=" (which "gcc"))
108 ;; Some architectures insist on using HOST_CC
109 ,(string-append "--host-cc=" (which "gcc"))
110 "--disable-debug-info" ; save build space
111 "--enable-virtfs" ; just to be sure
112 ,(string-append "--prefix=" out)
113 ,@configure-flags))))))
114 (add-after 'install 'install-info
115 (lambda* (#:key inputs outputs #:allow-other-keys)
116 ;; Install the Info manual, unless Texinfo is missing.
117 (or (not (assoc-ref inputs "texinfo"))
118 (let ((out (assoc-ref outputs "out")))
119 (and (zero? (system* "make" "info"))
120 (let ((infodir (string-append out "/share/info")))
121 (for-each (lambda (info)
122 (install-file info infodir))
123 (find-files "." "\\.info"))
124 #t))))))
125 (add-before 'check 'make-gtester-verbose
126 (lambda _
127 ;; Make GTester verbose to facilitate investigation upon failure.
128 (setenv "V" "1") #t))
129 (add-before 'check 'disable-test-qga
130 (lambda _
131 (substitute* "tests/Makefile.include"
132 ;; Comment out the test-qga test, which needs /sys and
133 ;; fails within the build environment.
134 (("check-unit-.* tests/test-qga" all)
135 (string-append "# " all)))
136 #t)))))
137 (inputs ; TODO: Add optional inputs.
138 `(("alsa-lib" ,alsa-lib)
139 ("attr" ,attr)
140 ("glib" ,glib)
141 ;; ("libaio" ,libaio)
142 ("libattr" ,attr)
143 ("libcap" ,libcap) ; virtfs support requires libcap & libattr
144 ("libjpeg" ,libjpeg-8)
145 ("libpng" ,libpng)
146 ("libusb" ,libusb) ;USB pass-through support
147 ("mesa" ,mesa)
148 ("ncurses" ,ncurses)
149 ;; ("pciutils" ,pciutils)
150 ("pixman" ,pixman)
151 ("sdl" ,sdl)
152 ("spice" ,spice)
153 ("util-linux" ,util-linux)
154 ;; ("vde2" ,vde2)
155 ("virglrenderer" ,virglrenderer)
156 ("zlib" ,zlib)))
157 (native-inputs `(("glib:bin" ,glib "bin") ; gtester, etc.
158 ("perl" ,perl)
159 ("pkg-config" ,pkg-config)
160 ("python" ,python-2) ; incompatible with Python 3 according to error message
161 ("texinfo" ,texinfo)))
162 (home-page "http://www.qemu-project.org")
163 (synopsis "Machine emulator and virtualizer")
164 (description
165 "QEMU is a generic machine emulator and virtualizer.
166
167 When used as a machine emulator, QEMU can run OSes and programs made for one
168 machine (e.g. an ARM board) on a different machine---e.g., your own PC. By
169 using dynamic translation, it achieves very good performance.
170
171 When used as a virtualizer, QEMU achieves near native performances by
172 executing the guest code directly on the host CPU. QEMU supports
173 virtualization when executing under the Xen hypervisor or using
174 the KVM kernel module in Linux. When using KVM, QEMU can virtualize x86,
175 server and embedded PowerPC, and S390 guests.")
176
177 ;; Many files are GPLv2+, but some are GPLv2-only---e.g., `memory.c'.
178 (license gpl2)
179
180 ;; Several tests fail on MIPS; see <http://hydra.gnu.org/build/117914>.
181 (supported-systems (delete "mips64el-linux" %supported-systems))))
182
183 (define-public qemu-minimal
184 ;; QEMU without GUI support.
185 (package (inherit qemu)
186 (name "qemu-minimal")
187 (synopsis "Machine emulator and virtualizer (without GUI)")
188 (arguments
189 `(#:configure-flags
190 ;; Restrict to the targets supported by Guix.
191 '("--target-list=i386-softmmu,x86_64-softmmu,mips64el-softmmu,arm-softmmu")
192 ,@(package-arguments qemu)))
193
194 ;; Remove dependencies on optional libraries, notably GUI libraries.
195 (inputs (fold alist-delete (package-inputs qemu)
196 '("libusb" "mesa" "sdl" "spice" "virglrenderer")))))
197
198 (define-public libosinfo
199 (package
200 (name "libosinfo")
201 (version "0.3.1")
202 (source
203 (origin
204 (method url-fetch)
205 (uri (string-append "https://fedorahosted.org/releases/l/i/libosinfo/libosinfo-"
206 version ".tar.gz"))
207 (sha256
208 (base32
209 "151qrzmafxww5yfamrr7phk8217xmihfhazpb597vdv87na75cjh"))))
210 (build-system gnu-build-system)
211 (arguments
212 `(#:phases
213 (modify-phases %standard-phases
214 (add-after 'unpack 'copy-ids
215 (lambda* (#:key inputs #:allow-other-keys)
216 (copy-file (assoc-ref inputs "pci.ids") "data/pci.ids")
217 (copy-file (assoc-ref inputs "usb.ids") "data/usb.ids")
218 #t)))))
219 (inputs
220 `(("libsoup" ,libsoup)
221 ("libxml2" ,libxml2)
222 ("libxslt" ,libxslt)
223 ("gobject-introspection" ,gobject-introspection)))
224 (native-inputs
225 `(("check" ,check)
226 ("glib" ,glib "bin") ; glib-mkenums, etc.
227 ("gtk-doc" ,gtk-doc)
228 ("vala" ,vala)
229 ("intltool" ,intltool)
230 ("pkg-config" ,pkg-config)
231 ("pci.ids"
232 ,(origin
233 (method url-fetch)
234 (uri "https://raw.githubusercontent.com/pciutils/pciids/f9477789526f9d380bc57aa92e357c521738d5dd/pci.ids")
235 (sha256
236 (base32
237 "0g6dbwlamagxqxvng67xng3w2x56c0np4md1v1p1jn32qw518az0"))))
238 ("usb.ids"
239 ,(origin
240 (method url-fetch)
241 (uri "http://linux-usb.cvs.sourceforge.net/viewvc/linux-usb/htdocs/usb.ids?revision=1.539")
242 (file-name "usb.ids")
243 (sha256
244 (base32
245 "0w9ila7662lzpx416lqy69zx6gfwq2xiigwd5fdyqcrg3dj07m80"))))))
246 (home-page "https://libosinfo.org/")
247 (synopsis "Operating system information database")
248 (description "libosinfo is a GObject based library API for managing
249 information about operating systems, hypervisors and the (virtual) hardware
250 devices they can support. It includes a database containing device metadata
251 and provides APIs to match/identify optimal devices for deploying an operating
252 system on a hypervisor. Via GObject Introspection, the API is available in
253 all common programming languages. Vala bindings are also provided.")
254 ;; The library files are released under LGPLv2.1 or later; the source
255 ;; files in the "tools" directory are released under GPLv2+.
256 (license (list lgpl2.1+ gpl2+))))
257
258 (define-public libvirt
259 (package
260 (name "libvirt")
261 (version "2.1.0")
262 (source (origin
263 (method url-fetch)
264 (uri (string-append "http://libvirt.org/sources/libvirt-"
265 version ".tar.xz"))
266 (sha256
267 (base32
268 "0sriasjc573c519yqw1hcfb3qqjcsm9hm8vayw0anwkl6di9ay8s"))))
269 (build-system gnu-build-system)
270 (arguments
271 `(;; FAIL: virshtest
272 ;; FAIL: virfirewalltest
273 ;; FAIL: virkmodtest
274 ;; FAIL: virnetsockettest
275 ;; FAIL: networkxml2firewalltest
276 ;; FAIL: nwfilterebiptablestest
277 ;; FAIL: nwfilterxml2firewalltest
278 ;; Times out after PASS: virsh-vcpupin
279 #:tests? #f
280 #:configure-flags
281 (list "--with-polkit"
282 "--localstatedir=/var")
283 #:phases
284 (modify-phases %standard-phases
285 (add-after 'unpack 'fix-tests
286 (lambda _
287 (substitute* '("tests/commandtest.c"
288 "gnulib/tests/test-posix_spawn1.c"
289 "gnulib/tests/test-posix_spawn2.c")
290 (("/bin/sh") (which "sh")))
291 #t))
292 (add-after 'unpack 'do-not-mkdir-in-/var
293 ;; Since the localstatedir should be /var at runtime, we must
294 ;; prevent writing to /var at installation time.
295 (lambda* (#:key outputs #:allow-other-keys)
296 (let* ((out (assoc-ref outputs "out"))
297 (localstatedir (string-append out "/var")))
298 (substitute* '("src/Makefile.in"
299 "daemon/Makefile.in")
300 (("\\$\\(DESTDIR\\)\\$\\(localstatedir)") localstatedir)))
301 #t)))))
302 (inputs
303 `(("libxml2" ,libxml2)
304 ("gnutls" ,gnutls)
305 ("dbus" ,dbus)
306 ("qemu" ,qemu)
307 ("polkit" ,polkit)
308 ("libpcap" ,libpcap)
309 ("libnl" ,libnl)
310 ("libuuid" ,util-linux)
311 ("lvm2" ,lvm2) ; for libdevmapper
312 ("curl" ,curl)
313 ("openssl" ,openssl)
314 ("cyrus-sasl" ,cyrus-sasl)
315 ("perl" ,perl)
316 ("python" ,python-2)
317 ("libyajl" ,libyajl)
318 ("audit" ,audit)))
319 (native-inputs
320 `(("pkg-config" ,pkg-config)))
321 (home-page "http://libvirt.org")
322 (synopsis "Simple API for virtualization")
323 (description "Libvirt is a C toolkit to interact with the virtualization
324 capabilities of recent versions of Linux. The library aims at providing long
325 term stable C API initially for the Xen paravirtualization but should be able
326 to integrate other virtualization mechanisms if needed.")
327 (license lgpl2.1+)))
328
329 (define-public libvirt-glib
330 (package
331 (name "libvirt-glib")
332 (version "0.2.3")
333 (source (origin
334 (method url-fetch)
335 (uri (string-append "ftp://libvirt.org/libvirt/glib/"
336 "libvirt-glib-" version ".tar.gz"))
337 (sha256
338 (base32
339 "1pahj8qa7k2307sd57rwqwq1hijya02v0sxk91hl3cw48niimcf3"))))
340 (build-system gnu-build-system)
341 (arguments
342 `(#:phases
343 (modify-phases %standard-phases
344 (add-after 'unpack 'fix-tests
345 (lambda _
346 (substitute* "tests/test-events.c"
347 (("/bin/true") (which "true")))
348 #t)))))
349 (inputs
350 `(("libxml2" ,libxml2)
351 ("libvirt" ,libvirt)
352 ("gobject-introspection" ,gobject-introspection)
353 ("glib" ,glib)
354 ("openssl" ,openssl)
355 ("cyrus-sasl" ,cyrus-sasl)
356 ("lvm2" ,lvm2) ; for libdevmapper
357 ("libyajl" ,libyajl)))
358 (native-inputs
359 `(("pkg-config" ,pkg-config)
360 ("intltool" ,intltool)
361 ("glib" ,glib "bin")
362 ("vala" ,vala)))
363 (home-page "http://libvirt.org")
364 (synopsis "GLib wrapper around libvirt")
365 (description "libvirt-glib wraps the libvirt library to provide a
366 high-level object-oriented API better suited for glib-based applications, via
367 three libraries:
368
369 @enumerate
370 @item libvirt-glib - GLib main loop integration & misc helper APIs
371 @item libvirt-gconfig - GObjects for manipulating libvirt XML documents
372 @item libvirt-gobject - GObjects for managing libvirt objects
373 @end enumerate
374 ")
375 (license lgpl2.1+)))
376
377 (define-public python-libvirt
378 (package
379 (name "python-libvirt")
380 (version "2.0.0")
381 (source (origin
382 (method url-fetch)
383 (uri (pypi-uri "libvirt-python" version))
384 (sha256
385 (base32
386 "0h0x5lpsx97bvw20pzfcsdmmivximddq4qmn8fk0n55dqv0wn5kq"))))
387 (build-system python-build-system)
388 (arguments
389 `(#:phases
390 (modify-phases %standard-phases
391 (add-after 'unpack 'patch-nosetests-path
392 (lambda* (#:key inputs #:allow-other-keys)
393 (substitute* "setup.py"
394 (("sys.executable, \"/usr/bin/nosetests\"")
395 (string-append "\"" (which "bash") "\", \""
396 (which "nosetests") "\"")))
397 #t)))))
398 (inputs
399 `(("libvirt" ,libvirt)))
400 (propagated-inputs
401 `(("python-lxml" ,python-lxml)))
402 (native-inputs
403 `(("pkg-config" ,pkg-config)
404 ("python-nose" ,python-nose)))
405 (home-page "http://libvirt.org")
406 (synopsis "Python bindings to libvirt")
407 (description "This package provides Python bindings to the libvirt
408 virtualization library.")
409 (license lgpl2.1+)))
410
411 (define-public python2-libvirt
412 (package-with-python2 python-libvirt))
413
414 (define-public virt-manager
415 (package
416 (name "virt-manager")
417 (version "1.4.0")
418 (source (origin
419 (method url-fetch)
420 (uri (string-append "https://virt-manager.org/download/sources"
421 "/virt-manager/virt-manager-"
422 version ".tar.gz"))
423 (sha256
424 (base32
425 "1jnawqjmcqd2db78ngx05x7cxxn3iy1sb4qfgbwcn045qh6a8cdz"))))
426 (build-system python-build-system)
427 (arguments
428 `(#:python ,python-2
429 #:use-setuptools? #f ; Uses custom distutils 'install' command.
430 ;; Some of the tests seem to require network access to install virtual
431 ;; machines.
432 #:tests? #f
433 #:modules ((ice-9 match)
434 (srfi srfi-26)
435 (guix build python-build-system)
436 (guix build utils))
437 #:phases
438 (modify-phases %standard-phases
439 (add-after 'unpack 'fix-setup
440 (lambda* (#:key outputs #:allow-other-keys)
441 (substitute* "virtcli/cliconfig.py"
442 (("/usr") (assoc-ref outputs "out")))
443 #t))
444 (add-before 'wrap 'wrap-with-GI_TYPELIB_PATH
445 (lambda* (#:key inputs outputs #:allow-other-keys)
446 (let* ((bin (string-append (assoc-ref outputs "out") "/bin"))
447 (bin-files (find-files bin ".*"))
448 (paths (map (match-lambda
449 ((output . directory)
450 (let* ((girepodir (string-append
451 directory
452 "/lib/girepository-1.0")))
453 (if (file-exists? girepodir)
454 girepodir #f))))
455 inputs)))
456 (for-each (lambda (file)
457 (format #t "wrapping ~a\n" file)
458 (wrap-program file
459 `("GI_TYPELIB_PATH" ":" prefix
460 ,(filter identity paths))))
461 bin-files))
462 #t)))))
463 (inputs
464 `(("gtk+" ,gtk+)
465 ("libvirt" ,libvirt)
466 ("libvirt-glib" ,libvirt-glib)
467 ("libosinfo" ,libosinfo)
468 ("gobject-introspection" ,gobject-introspection)
469 ("python2-libvirt" ,python2-libvirt)
470 ("python2-requests" ,python2-requests)
471 ("python2-ipaddr" ,python2-ipaddr)
472 ("python2-pygobject" ,python2-pygobject)
473 ("python2-libxml2" ,python2-libxml2)))
474 ;; virt-manager searches for qemu-img or kvm-img in the PATH.
475 (propagated-inputs
476 `(("qemu" ,qemu)))
477 (native-inputs
478 `(("glib" ,glib "bin") ; glib-compile-schemas.
479 ("gtk+" ,gtk+ "bin") ; gtk-update-icon-cache
480 ("perl" ,perl) ; pod2man
481 ("intltool" ,intltool)))
482 (home-page "https://virt-manager.org/")
483 (synopsis "Manage virtual machines")
484 (description
485 "The virt-manager application is a desktop user interface for managing
486 virtual machines through libvirt. It primarily targets KVM VMs, but also
487 manages Xen and LXC (Linux containers). It presents a summary view of running
488 domains, their live performance and resource utilization statistics.")
489 (license gpl2+)))
jackhill's copy of GNU Guix: https://guix.gnu.org/