nixpkgs/nixos/modules/system/boot/binfmt.nix

{ config, lib, pkgs, ... }:
let
  inherit (lib) mkOption types optionalString stringAfter;

  cfg = config.boot.binfmt;

  makeBinfmtLine = name: { recognitionType, offset, magicOrExtension
                         , mask, preserveArgvZero, openBinary
                         , matchCredentials, fixBinary, ...
                         }: let
    type = if recognitionType == "magic" then "M" else "E";
    offset' = toString offset;
    mask' = toString mask;
    interpreter = "/run/binfmt/${name}";
    flags = if !(matchCredentials -> openBinary)
              then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."
            else optionalString preserveArgvZero "P" +
                 optionalString (openBinary && !matchCredentials) "O" +
                 optionalString matchCredentials "C" +
                 optionalString fixBinary "F";
  in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";

  activationSnippet = name: { interpreter, ... }: ''
    rm -f /run/binfmt/${name}
    cat > /run/binfmt/${name} << 'EOF'
    #!${pkgs.bash}/bin/sh
    exec -- ${interpreter} "$@"
    EOF
    chmod +x /run/binfmt/${name}
  '';

  getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;

  # Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
  # - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
  # and
  # - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
  # TODO: maybe put these in a JSON file?
  magics = {
    armv6l-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
    };
    armv7l-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
    };
    aarch64-linux = {
      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
    };
    aarch64_be-linux = {
      magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    i386-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';
      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    i486-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    i586-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    i686-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    x86_64-linux = {
      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    alpha-linux = {
      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';
      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    sparc64-linux = {
      magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    sparc-linux = {
      magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    powerpc-linux = {
      magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    powerpc64-linux = {
      magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    powerpc64le-linux = {
      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';
    };
    mips-linux = {
      magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    mipsel-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    mips64-linux = {
      magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
    };
    mips64el-linux = {
      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    riscv32-linux = {
      magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    riscv64-linux = {
      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
    };
    wasm32-wasi = {
      magicOrExtension = ''\x00asm'';
      mask = ''\xff\xff\xff\xff'';
    };
    wasm64-wasi = {
      magicOrExtension = ''\x00asm'';
      mask = ''\xff\xff\xff\xff'';
    };
    x86_64-windows = {
      magicOrExtension = ".exe";
      recognitionType = "extension";
    };
    i686-windows = {
      magicOrExtension = ".exe";
      recognitionType = "extension";
    };
  };

in {
  imports = [
    (lib.mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
  ];

  options = {
    boot.binfmt = {
      registrations = mkOption {
        default = {};

        description = ''
          Extra binary formats to register with the kernel.
          See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
        '';

        type = types.attrsOf (types.submodule ({ config, ... }: {
          options = {
            recognitionType = mkOption {
              default = "magic";
              description = "Whether to recognize executables by magic number or extension.";
              type = types.enum [ "magic" "extension" ];
            };

            offset = mkOption {
              default = null;
              description = "The byte offset of the magic number used for recognition.";
              type = types.nullOr types.int;
            };

            magicOrExtension = mkOption {
              description = "The magic number or extension to match on.";
              type = types.str;
            };

            mask = mkOption {
              default = null;
              description =
                "A mask to be ANDed with the byte sequence of the file before matching";
              type = types.nullOr types.str;
            };

            interpreter = mkOption {
              description = ''
                The interpreter to invoke to run the program.

                Note that the actual registration will point to
                /run/binfmt/''${name}, so the kernel interpreter length
                limit doesn't apply.
              '';
              type = types.path;
            };

            preserveArgvZero = mkOption {
              default = false;
              description = ''
                Whether to pass the original argv[0] to the interpreter.

                See the description of the 'P' flag in the kernel docs
                for more details;
              '';
              type = types.bool;
            };

            openBinary = mkOption {
              default = config.matchCredentials;
              description = ''
                Whether to pass the binary to the interpreter as an open
                file descriptor, instead of a path.
              '';
              type = types.bool;
            };

            matchCredentials = mkOption {
              default = false;
              description = ''
                Whether to launch with the credentials and security
                token of the binary, not the interpreter (e.g. setuid
                bit).

                See the description of the 'C' flag in the kernel docs
                for more details.

                Implies/requires openBinary = true.
              '';
              type = types.bool;
            };

            fixBinary = mkOption {
              default = false;
              description = ''
                Whether to open the interpreter file as soon as the
                registration is loaded, rather than waiting for a
                relevant file to be invoked.

                See the description of the 'F' flag in the kernel docs
                for more details.
              '';
              type = types.bool;
            };
          };
        }));
      };

      emulatedSystems = mkOption {
        default = [];
        example = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];
        description = ''
          List of systems to emulate. Will also configure Nix to
          support your new systems.
        '';
        type = types.listOf types.str;
      };
    };
  };

  config = {
    boot.binfmt.registrations = builtins.listToAttrs (map (system: {
      name = system;
      value = {
        interpreter = getEmulator system;
      } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
    }) cfg.emulatedSystems);
    # TODO: add a nix.extraPlatforms option to NixOS!
    nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
      extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
    '';
    nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
      ([ "/run/binfmt" "${pkgs.bash}" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));

    environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
      (lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
    system.activationScripts.binfmt = stringAfter [ "specialfs" ] ''
      mkdir -p -m 0755 /run/binfmt
      ${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
    '';
    systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {}) [
      "proc-sys-fs-binfmt_misc.automount"
      "proc-sys-fs-binfmt_misc.mount"
      "systemd-binfmt.service"
    ];
  };
}
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`{ config, lib, pkgs, ... }:`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00			`let`
nixos/binfmt: run binfmt activation script after mounting /run binfmt activation script creates /run/binfmt before mounting /run when system activation. To fix it I added dependency to specialfs to binfmt activation script. (cherry picked from commit bf227785854c9fd4a14c20db12dd6d3ebaf02981) 2021-07-06 17:12:28 +09:00			`inherit (lib) mkOption types optionalString stringAfter;`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`cfg = config.boot.binfmt;`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00
			`makeBinfmtLine = name: { recognitionType, offset, magicOrExtension`
			`, mask, preserveArgvZero, openBinary`
			`, matchCredentials, fixBinary, ...`
			`}: let`
			`type = if recognitionType == "magic" then "M" else "E";`
			`offset' = toString offset;`
			`mask' = toString mask;`
			`interpreter = "/run/binfmt/${name}";`
			`flags = if !(matchCredentials -> openBinary)`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00			`else optionalString preserveArgvZero "P" +`
			`optionalString (openBinary && !matchCredentials) "O" +`
			`optionalString matchCredentials "C" +`
			`optionalString fixBinary "F";`
			`in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";`

nixos/binfmt.nix: fix running commands in binfmt To allow arguments in binfmt, we need to put the command in a shell script. This uses exec to run the binfmt interpreter. Fixes #90683 2020-12-31 13:28:01 -06:00			`activationSnippet = name: { interpreter, ... }: ''`
			`rm -f /run/binfmt/${name}`
			`cat > /run/binfmt/${name} << 'EOF'`
nixos/binfmt: add bash to sandboxPaths bash is needed to run the new binfmt shell script. Fixes #110540 2021-01-24 22:47:59 -06:00			`#!${pkgs.bash}/bin/sh`
nixos/binfmt.nix: fix running commands in binfmt To allow arguments in binfmt, we need to put the command in a shell script. This uses exec to run the binfmt interpreter. Fixes #90683 2020-12-31 13:28:01 -06:00			`exec -- ${interpreter} "$@"`
			`EOF`
			`chmod +x /run/binfmt/${name}`
			`'';`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00
binfmt: add more magics and masks New ones taken from this script: https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh 2019-05-10 21:00:21 -04:00			`# Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:`
			`# - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix`
			`# and`
			`# - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh`
			`# TODO: maybe put these in a JSON file?`
			`magics = {`
			`armv6l-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';`
			`};`
			`armv7l-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';`
			`};`
			`aarch64-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';`
			`};`
			`aarch64_be-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`i386-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`i486-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`i586-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`i686-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`x86_64-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`alpha-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';`
			`mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`sparc64-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`sparc-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`powerpc-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`powerpc64-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`powerpc64le-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';`
			`};`
			`mips-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`mipsel-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`mips64-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';`
			`};`
			`mips64el-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`riscv32-linux = {`
			`magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
			`riscv64-linux = {`
			`magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';`
			`mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';`
			`};`
nixos/binfmt: handle wasm binaries This adds handling for WASM binaries to binfmt’s emulatedSystems. To enable, add this to your configuration: boot.binfmt.emulatedSystems = [ "wasm32-wasi" ]; After rebuilding with nixos-rebuild switch, you can run wasm binaries directly. 2019-07-17 17:00:46 -04:00			`wasm32-wasi = {`
			`magicOrExtension = ''\x00asm'';`
			`mask = ''\xff\xff\xff\xff'';`
			`};`
			`wasm64-wasi = {`
			`magicOrExtension = ''\x00asm'';`
			`mask = ''\xff\xff\xff\xff'';`
			`};`
binfmt: add more magics and masks New ones taken from this script: https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh 2019-05-10 21:00:21 -04:00			`x86_64-windows = {`
			`magicOrExtension = ".exe";`
			`recognitionType = "extension";`
			`};`
			`i686-windows = {`
			`magicOrExtension = ".exe";`
			`recognitionType = "extension";`
			`};`
			`};`

nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`in {`
nixos/treewide: Move rename.nix imports to their respective modules A centralized list for these renames is not good because: - It breaks disabledModules for modules that have a rename defined - Adding/removing renames for a module means having to find them in the central file - Merge conflicts due to multiple people editing the central file 2019-12-10 02:51:19 +01:00			`imports = [`
			`(lib.mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])`
			`];`

nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`options = {`
			`boot.binfmt = {`
			`registrations = mkOption {`
			`default = {};`

			`description = ''`
			`Extra binary formats to register with the kernel.`
			`See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.`
			`'';`

			`type = types.attrsOf (types.submodule ({ config, ... }: {`
			`options = {`
			`recognitionType = mkOption {`
			`default = "magic";`
			`description = "Whether to recognize executables by magic number or extension.";`
			`type = types.enum [ "magic" "extension" ];`
			`};`

			`offset = mkOption {`
			`default = null;`
			`description = "The byte offset of the magic number used for recognition.";`
			`type = types.nullOr types.int;`
			`};`

			`magicOrExtension = mkOption {`
			`description = "The magic number or extension to match on.";`
			`type = types.str;`
			`};`

			`mask = mkOption {`
			`default = null;`
			`description =`
			`"A mask to be ANDed with the byte sequence of the file before matching";`
			`type = types.nullOr types.str;`
			`};`

			`interpreter = mkOption {`
			`description = ''`
			`The interpreter to invoke to run the program.`

			`Note that the actual registration will point to`
			`/run/binfmt/''${name}, so the kernel interpreter length`
			`limit doesn't apply.`
			`'';`
			`type = types.path;`
			`};`

			`preserveArgvZero = mkOption {`
			`default = false;`
			`description = ''`
			`Whether to pass the original argv[0] to the interpreter.`

			`See the description of the 'P' flag in the kernel docs`
			`for more details;`
			`'';`
			`type = types.bool;`
			`};`

			`openBinary = mkOption {`
			`default = config.matchCredentials;`
			`description = ''`
			`Whether to pass the binary to the interpreter as an open`
			`file descriptor, instead of a path.`
			`'';`
			`type = types.bool;`
			`};`

			`matchCredentials = mkOption {`
			`default = false;`
			`description = ''`
			`Whether to launch with the credentials and security`
			`token of the binary, not the interpreter (e.g. setuid`
			`bit).`

			`See the description of the 'C' flag in the kernel docs`
			`for more details.`

			`Implies/requires openBinary = true.`
			`'';`
			`type = types.bool;`
			`};`

			`fixBinary = mkOption {`
			`default = false;`
			`description = ''`
			`Whether to open the interpreter file as soon as the`
			`registration is loaded, rather than waiting for a`
			`relevant file to be invoked.`

			`See the description of the 'F' flag in the kernel docs`
			`for more details.`
			`'';`
			`type = types.bool;`
			`};`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00			`};`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`}));`
			`};`

			`emulatedSystems = mkOption {`
			`default = [];`
nixos/binfmt: update release notes and provide examples 2019-07-17 17:09:20 -04:00			`example = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`description = ''`
			`List of systems to emulate. Will also configure Nix to`
			`support your new systems.`
			`'';`
nixos/modules: Remove all usages of types.string And replace them with a more appropriate type Also fix up some minor module problems along the way 2019-08-08 22:48:27 +02:00			`type = types.listOf types.str;`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`};`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00			`};`
			`};`

nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`config = {`
			`boot.binfmt.registrations = builtins.listToAttrs (map (system: {`
			`name = system;`
			`value = {`
			`interpreter = getEmulator system;`
binfmt: add more magics and masks New ones taken from this script: https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh 2019-05-10 21:00:21 -04:00			`} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`}) cfg.emulatedSystems);`
			`# TODO: add a nix.extraPlatforms option to NixOS!`
			`nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''`
			`extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}`
			`'';`
nixos/binfmt: fixup 2019-05-10 22:53:14 -04:00			`nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])`
nixos/binfmt: add bash to sandboxPaths bash is needed to run the new binfmt shell script. Fixes #110540 2021-01-24 22:47:59 -06:00			`([ "/run/binfmt" "${pkgs.bash}" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00
			`environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"`
nixos/binfmt: fixup 2019-05-10 22:53:14 -04:00			`(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));`
nixos/binfmt: run binfmt activation script after mounting /run binfmt activation script creates /run/binfmt before mounting /run when system activation. To fix it I added dependency to specialfs to binfmt activation script. (cherry picked from commit bf227785854c9fd4a14c20db12dd6d3ebaf02981) 2021-07-06 17:12:28 +09:00			`system.activationScripts.binfmt = stringAfter [ "specialfs" ] ''`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`mkdir -p -m 0755 /run/binfmt`
nixos/binfmt: fixup 2019-05-10 22:53:14 -04:00			`${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}`
nixos/binfmt: handle emulatedSystems Fixes #61248 2019-05-10 18:03:24 -04:00			`'';`
nixos/binfmt: move systemd-binfmt.service to binfmt module Also, remove the dangling systemd.services.systemd-binfmt.wants = [ "proc-sys-fs-binfmt_misc.mount" ]; in systemd.nix. If boot.binfmt.registrations != {}, systemd will install proc-sys-fs-binfmt_misc.automount, which will auto-mount `/proc/sys/fs/binfmt_misc` as soon as systemd-binfmt tries to access it. Fixes https://github.com/NixOS/nixpkgs/issues/87687 Fixes https://github.com/NixOS/nixops/issues/574 2020-05-13 16:29:34 +02:00			`systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {}) [`
			`"proc-sys-fs-binfmt_misc.automount"`
			`"proc-sys-fs-binfmt_misc.mount"`
			`"systemd-binfmt.service"`
			`];`
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00			`};`
			`}`