From 18869d85f9f6f98df14dda0b7a21375634a3468d Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Wed, 8 Aug 2018 23:21:18 +0900 Subject: [PATCH 1/6] Add the virtualbox-puel license to the licenses file. --- lib/licenses.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/licenses.nix b/lib/licenses.nix index 79124855f7f..1ec0e5149c9 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -613,6 +613,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec { fullName = "Vim License"; }; + virtualbox-puel = { + fullName = "Oracle VM VirtualBox Extension Pack Personal Use and Evaluation License (PUEL)"; + url = "https://www.virtualbox.org/wiki/VirtualBox_PUEL"; + free = false; + }; + vsl10 = spdx { spdxId = "VSL-1.0"; fullName = "Vovida Software License v1.0"; From 8ccfb99ac07476a7d73518944c983d0fdc30643f Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Wed, 8 Aug 2018 23:22:02 +0900 Subject: [PATCH 2/6] Add a derivation that downloads the virtualbox extension pack. --- .../virtualization/virtualbox/extpack.nix | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 pkgs/applications/virtualization/virtualbox/extpack.nix diff --git a/pkgs/applications/virtualization/virtualbox/extpack.nix b/pkgs/applications/virtualization/virtualbox/extpack.nix new file mode 100644 index 00000000000..f7a44d37e31 --- /dev/null +++ b/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -0,0 +1,25 @@ +{stdenv, fetchurl, lib}: + +with lib; + +let extpackRev = "123301"; + version = "5.2.14"; +in +stdenv.mkDerivation rec { + name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${toString extpackRev}.vbox-extpack"; + src = fetchurl { + url = "http://download.virtualbox.org/virtualbox/${version}/${name}"; + sha256 = "d90c1b0c89de19010f7c7fe7a675ac744067baf29a9966b034e97b5b2053b37e"; + }; + + installPhase = "cp -r . $out"; + phases = ["installPhase"]; + + meta = { + description = "Oracle Extension pack for VirtualBox"; + license = licenses.virtualbox-puel; + homepage = https://www.virtualbox.org/; + maintainers = with maintainers; [ flokli sander cdepillabout ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} From 60f2b476e4f72e8782a14a6ad2382d6eea46b46a Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Wed, 8 Aug 2018 23:23:01 +0900 Subject: [PATCH 3/6] Add the virtualbox-extpack as a top-level package. --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8cd0eb706ae..e18ae895e92 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18864,6 +18864,8 @@ with pkgs; headless = true; }); + virtualbox-extpack = callPackage ../applications/virtualization/virtualbox/extpack.nix { }; + virtualglLib = callPackage ../tools/X11/virtualgl/lib.nix { fltk = fltk13; }; From d2b5e6eafe4ee59d89a8233a599fafb83bc35169 Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Fri, 10 Aug 2018 14:28:57 +0900 Subject: [PATCH 4/6] Start trying to actually use the extpack in the virtualbox derivation. --- .../virtualization/virtualbox/default.nix | 27 +++---------------- .../virtualization/virtualbox/extpack.nix | 11 +++----- pkgs/top-level/all-packages.nix | 7 +++-- 3 files changed, 11 insertions(+), 34 deletions(-) diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index f9770435aaf..94fc9697e54 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -6,7 +6,7 @@ , xorriso, makeself, perl , javaBindings ? false, jdk ? null , pythonBindings ? false, python2 ? null -, enableExtensionPack ? false, requireFile ? null, fakeroot ? null +, extensionPack ? null, fakeroot ? null , pulseSupport ? false, libpulseaudio ? null , enableHardening ? false , headless ? false @@ -19,30 +19,9 @@ with stdenv.lib; let python = python2; buildType = "release"; - # Manually sha256sum the extensionPack file, must be hex! - # Do not forget to update the hash in ./guest-additions/default.nix! - extpack = "d90c1b0c89de19010f7c7fe7a675ac744067baf29a9966b034e97b5b2053b37e"; - extpackRev = "123301"; + # Remember to change the extpackRev and version in extpack.nix as well. main = "ee3af129a581ec4c1a3e777e98247f8943e976ce6edd24962bcaa5c53ed1f644"; version = "5.2.14"; - - # See https://github.com/NixOS/nixpkgs/issues/672 for details - extensionPack = requireFile rec { - name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${toString extpackRev}.vbox-extpack"; - sha256 = extpack; - message = '' - In order to use the extension pack, you need to comply with the VirtualBox Personal Use - and Evaluation License (PUEL) available at: - - https://www.virtualbox.org/wiki/VirtualBox_PUEL - - Once you have read and if you agree with the license, please use the - following command and re-run the installation: - - nix-prefetch-url http://download.virtualbox.org/virtualbox/${version}/${name} - ''; - }; - in stdenv.mkDerivation { name = "virtualbox-${version}"; @@ -174,7 +153,7 @@ in stdenv.mkDerivation { ln -s "$libexec/$file" $out/bin/$file done - ${optionalString enableExtensionPack '' + ${optionalString (extensionPack != null) '' mkdir -p "$share" "${fakeroot}/bin/fakeroot" "${stdenv.shell}" < Date: Sat, 11 Aug 2018 02:48:29 +0900 Subject: [PATCH 5/6] virtualization: update the virtualbox-host module to use the extension pack if enabled. --- nixos/modules/virtualisation/virtualbox-host.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index 8adf3aa919d..af0a27b0ad8 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -6,7 +6,8 @@ let cfg = config.virtualisation.virtualbox.host; virtualbox = pkgs.virtualbox.override { - inherit (cfg) enableExtensionPack enableHardening headless; + inherit (cfg) enableHardening headless; + extensionPack = if cfg.enableExtensionPack then pkgs.virtualboxExtpack else null; }; kernelModules = config.boot.kernelPackages.virtualbox.override { @@ -28,7 +29,16 @@ in ''; }; - enableExtensionPack = mkEnableOption "VirtualBox extension pack"; + enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { + description = '' + Whether to install the Oracle Extension Pack for VirtualBox. + + + You must set nixpkgs.config.allowUnfree = true in + order to use this. This requires you accept the VirtualBox PUEL. + + ''; + }; addNetworkInterface = mkOption { type = types.bool; From 2ae9907cc495e1f900ae76e5e42bfbffb91766d6 Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Mon, 13 Aug 2018 09:25:43 +0900 Subject: [PATCH 6/6] virtualbox: Add tests for the VirtualBox Extension Pack. --- nixos/tests/virtualbox.nix | 39 +++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 008dab8459c..4207112cf16 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -293,6 +293,11 @@ let "--hostonlyadapter2 vboxnet0" ]; + # The VirtualBox Oracle Extension Pack lets you use USB 3.0 (xHCI). + enableExtensionPackVMFlags = [ + "--usbxhci on" + ]; + dhcpScript = pkgs: '' ${pkgs.dhcp}/bin/dhclient \ -lf /run/dhcp.leases \ @@ -323,13 +328,17 @@ let headless.services.xserver.enable = false; }; - mkVBoxTest = name: testScript: makeTest { + vboxVMsWithExtpack = mapAttrs createVM { + testExtensionPack.vmFlags = enableExtensionPackVMFlags; + }; + + mkVBoxTest = useExtensionPack: vms: name: testScript: makeTest { name = "virtualbox-${name}"; machine = { lib, config, ... }: { imports = let mkVMConf = name: val: val.machine // { key = "${name}-config"; }; - vmConfigs = mapAttrsToList mkVMConf vboxVMs; + vmConfigs = mapAttrsToList mkVMConf vms; in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs; virtualisation.memorySize = 2048; virtualisation.virtualbox.host.enable = true; @@ -337,6 +346,8 @@ let users.users.alice.extraGroups = let inherit (config.virtualisation.virtualbox.host) enableHardening; in lib.mkIf enableHardening (lib.singleton "vboxusers"); + virtualisation.virtualbox.host.enableExtensionPack = useExtensionPack; + nixpkgs.config.allowUnfree = useExtensionPack; }; testScript = '' @@ -353,7 +364,7 @@ let return join("\n", grep { $_ !~ /^UUID:/ } split(/\n/, $_[0]))."\n"; } - ${concatStrings (mapAttrsToList (_: getAttr "testSubs") vboxVMs)} + ${concatStrings (mapAttrsToList (_: getAttr "testSubs") vms)} $machine->waitForX; @@ -363,11 +374,11 @@ let ''; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ aszlig wkennington ]; + maintainers = [ aszlig wkennington cdepillabout ]; }; }; -in mapAttrs mkVBoxTest { +in mapAttrs (mkVBoxTest false vboxVMs) { simple-gui = '' createVM_simple; $machine->succeed(ru "VirtualBox &"); @@ -473,4 +484,22 @@ in mapAttrs mkVBoxTest { destroyVM_test1; destroyVM_test2; ''; +} // mapAttrs (mkVBoxTest true vboxVMsWithExtpack) { + enable-extension-pack = '' + createVM_testExtensionPack; + vbm("startvm testExtensionPack"); + waitForStartup_testExtensionPack; + $machine->screenshot("cli_started"); + waitForVMBoot_testExtensionPack; + $machine->screenshot("cli_booted"); + + $machine->nest("Checking for privilege escalation", sub { + $machine->fail("test -e '/root/VirtualBox VMs'"); + $machine->fail("test -e '/root/.config/VirtualBox'"); + $machine->succeed("test -e '/home/alice/VirtualBox VMs'"); + }); + + shutdownVM_testExtensionPack; + destroyVM_testExtensionPack; + ''; }