Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xen: 4.15 -> {4.16,4.17,4.18,4.19} #324693

Merged
merged 5 commits into from
Aug 1, 2024
Merged

xen: 4.15 -> {4.16,4.17,4.18,4.19} #324693

merged 5 commits into from
Aug 1, 2024

Conversation

SigmaSquadron
Copy link
Contributor

@SigmaSquadron SigmaSquadron commented Jul 4, 2024
edited
Loading

Description of changes

Required by #324911.

  • Updates Xen to 4.16.6, 4.17.4, 4.18.2 and 4.19.0 on nixpkgs/master.
  • Marks a couple of packages as broken, as they are outdated, and their older versions do not seem to support Xen 4.19.

Things done

  • Built on platform(s)
    • x86_64-linux
  • Built with sandboxing enabled.
    • sandbox = true
  • Tested, as applicable:
    • pkg-config test passes successfully.
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD".
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Closes #320335, closes #26899.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation This PR adds or changes documentation 8.has: changelog 8.has: module (update) This PR changes an existing module in `nixos/` 6.topic: ocaml 8.has: maintainer-list (update) This PR changes `maintainers/maintainer-list.nix` labels Jul 4, 2024
@NixOSInfra NixOSInfra added the 12. first-time contribution This PR is the author's first one; please be gentle! label Jul 4, 2024
@SigmaSquadron

This comment was marked as outdated.

Sign in to view
@SigmaSquadron SigmaSquadron force-pushed the xen-4.18 branch 2 times, most recently from 8dbcbe0 to 80dcdc6 Compare July 5, 2024 00:34
@SigmaSquadron SigmaSquadron marked this pull request as ready for review July 5, 2024 00:34
@SigmaSquadron
Copy link
Contributor Author

Fixed the unpatched binaries.

Keep in mind XKCD 1513 as you review.

@SigmaSquadron

This comment was marked as outdated.

Sign in to view
This was referenced Jul 5, 2024
Closed
Open
Closed
Closed
@ofborg ofborg bot requested review from 0x4A6F and matdibu July 5, 2024 01:43
@ulrikstrid
Copy link
Member

Would you be willing to cherry-pick the maintainers and ocamlPackages.xenstore commits to a separate PR and add me as reviewer?

Then we can try to merge bits and pieces of this so that only the gnarly stuff that I'm not comfortable with is left 😄

@github-actions github-actions bot removed the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Jul 5, 2024
@andyhhp
Copy link

andyhhp commented Jul 30, 2024

@andyhhp Considering your reply in #324693 (comment) are you planing to co-maintain this package to address thomas's concern to make the package more reliable?

Sorry, I'm an upstream Xen developer, and can advise on that side of things, but I don't have time (or indeed the expertise) to advise on the NixOS side of things.

@Kreyren
Copy link
Contributor

Kreyren commented Jul 30, 2024

Yea, the lack of automated tests is kinda a problem too for a production environment, but in terms of management it's probably better to merge in the current state and add them later

In my opinion, it's next to impossible to add more tests, at least without rewriting the Nixpkgs test infrastructure. Xen requires a bare-metal host to be a dom0 in, which isn't the case with NixOS tests, much less package tests -- @SigmaSquadron (#324693 (comment))

That sounds like an over-reaction, the infra should have the tools needed, but it needs to b researched to figure out how to implement them else RFC

Sorry, I'm an upstream Xen developer, and can advise on that side of things, but I don't have time (or indeed the expertise) to advise on the NixOS side of things. -- @andyhhp (#324693 (comment))

My apologies i confused you with nix developer and realized my mistake shortly after.

@SigmaSquadron
Copy link
Contributor Author

That sounds like an over-reaction, the infra should have the tools needed, but it needs to b researched to figure out how to implement them else RFC

Xen requires a bare-metal host to run. It's not a question of tooling, it's a question of not running tests inside containers/VMs, which isn't supported by Nixpkgs, and would require a tremendous amount of resources to effectively implement.

@SigmaSquadron
Copy link
Contributor Author

  • Dropped the dependency that wasn't compiling. I doubt anyone would actually use it.
  • Dropped unused dependencies per an upstream review.
  • Now passes nixpkgs-hammering xen -e missing-patch-comment -e explicit-phases.

Hopefully the final nixpkgs-review.

Result of nixpkgs-review pr 324693 run on x86_64-linux 1

2 packages marked as broken and skipped:
  • libvmi
  • qubes-core-vchan-xen
45 packages built:
  • qemu_xen (qemu_xen_4_19)
  • qemu_xen.debug (qemu_xen_4_19.debug)
  • qemu_xen.ga (qemu_xen_4_19.ga)
  • qemu_xen_4_16
  • qemu_xen_4_16.debug
  • qemu_xen_4_16.ga
  • qemu_xen_4_17
  • qemu_xen_4_17.debug
  • qemu_xen_4_17.ga
  • qemu_xen_4_18
  • qemu_xen_4_18.debug
  • qemu_xen_4_18.ga
  • xen
  • xen-guest-agent
  • xen-slim
  • xen-slim.boot
  • xen-slim.dev
  • xen-slim.man
  • xen.boot
  • xen.dev
  • xen.man
  • xenPackages.xen_4_16
  • xenPackages.xen_4_16-slim
  • xenPackages.xen_4_16-slim.boot
  • xenPackages.xen_4_16-slim.dev
  • xenPackages.xen_4_16-slim.man
  • xenPackages.xen_4_16.boot
  • xenPackages.xen_4_16.dev
  • xenPackages.xen_4_16.man
  • xenPackages.xen_4_17
  • xenPackages.xen_4_17-slim
  • xenPackages.xen_4_17-slim.boot
  • xenPackages.xen_4_17-slim.dev
  • xenPackages.xen_4_17-slim.man
  • xenPackages.xen_4_17.boot
  • xenPackages.xen_4_17.dev
  • xenPackages.xen_4_17.man
  • xenPackages.xen_4_18
  • xenPackages.xen_4_18-slim
  • xenPackages.xen_4_18-slim.boot
  • xenPackages.xen_4_18-slim.dev
  • xenPackages.xen_4_18-slim.man
  • xenPackages.xen_4_18.boot
  • xenPackages.xen_4_18.dev
  • xenPackages.xen_4_18.man

Kreyren
Kreyren approved these changes Jul 31, 2024
View reviewed changes
Copy link
Contributor

@Kreyren Kreyren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed in nixos devel chat and with nixos security team representative for the approach to get this implemented and maintained.

Refer to the linked discussion for usage notes in production/mission critical environment.

@ofborg ofborg bot requested a review from matdibu July 31, 2024 02:34
@SigmaSquadron SigmaSquadron removed the request for review from matdibu July 31, 2024 08:24
@SigmaSquadron SigmaSquadron added 12.approvals: 2 This PR was reviewed and approved by two reputable people 12.approvals: 3+ This PR was reviewed and approved by three or more reputable people 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in the package and removed 12.approvals: 2 This PR was reviewed and approved by two reputable people labels Jul 31, 2024
@SigmaSquadron
xen: 4.15 -> {4.16,4.17,4.18,4.19}
1fc79d2 
There are too many changes to list between these versions,
but here's what's important for Nixpkgs:

- Enabled xen.efi building, allowing the nixos/xen module to
  support EFI booting.

- Renamed xen-light to xen-slim, and removed the old xen-slim
  package, as qemu-traditional has been removed per an upstream
  recommendation.

- xen-slim (formerly xen-light) no longer builds iPXE.

- You can now use the OVMF from Xen's repos.

- Further generalised generic.nix. Maintaining three versions
  at once is finally doable.

- Removed as many recursions as possible.

- Split the package output.

Signed-off-by: Fernando Rodrigues <[email protected]>
@SigmaSquadron
xen: add README and update script
9458dd0 
The update script is interactive, not automated, and is meant to run
with human intervention in order to verify Xen's code signature. It
produces default.nix files for all security-supported branches.

Signed-off-by: Fernando Rodrigues <[email protected]>
@SigmaSquadron
xen: rename xen-light to xen-slim
3e1ca12 
xen-light was dropped in favour of xen and xen-slim

Signed-off-by: Fernando Rodrigues <[email protected]>
Reviewed-by: Matei Dibu <[email protected]>
@SigmaSquadron
qubes-core-vchan-xen: mark broken
af205ce 
In function 'libvchan__check_domain_alive':
  error: unknown type name 'xc_dominfo_t'; did you mean 'xc_meminfo_t'?
  error: implicit declaration of function 'xc_domain_getinfo'; did you mean 'xc_domain_getvnuma'? [-Werror=implicit-function-declaration]
  error: request for member 'domid' in something not a structure or union
  error: request for member 'dying' in something not a structure or union

Signed-off-by: Fernando Rodrigues <[email protected]>
Reviewed-by: Joachim Ernst <[email protected]>
@SigmaSquadron
libvmi: mark broken
8d4151a 
In file included from ./driver/xen/xen_private.h:42,
  error: unknown type name 'xc_dominfo_t'; did you mean 'xc_meminfo_t'?

PR NixOS#328873 reverts this commit and updates LibVMI.

Signed-off-by: Fernando Rodrigues <[email protected]>
@ofborg ofborg bot requested a review from matdibu July 31, 2024 09:29
@SigmaSquadron SigmaSquadron removed the request for review from matdibu July 31, 2024 09:35
@Mindavi Mindavi merged commit 05c5a73 into NixOS:master Aug 1, 2024
26 of 27 checks passed
@emilazy
Copy link
Member

emilazy commented Aug 1, 2024

Congrats on this huge achievement!

@SigmaSquadron SigmaSquadron deleted the xen-4.18 branch August 1, 2024 17:38
This was referenced Aug 2, 2024
Merged
Open
@SigmaSquadron SigmaSquadron added the 6.topic: xen-project The Xen Project hypervisor label Sep 25, 2024
@SigmaSquadron SigmaSquadron mentioned this pull request Dec 2, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyhhp andyhhp andyhhp left review comments

@superherointj superherointj superherointj left review comments

@0x4A6F 0x4A6F 0x4A6F left review comments

@emilazy emilazy emilazy left review comments

@radhus radhus radhus approved these changes

@Kreyren Kreyren Kreyren approved these changes

Assignees
No one assigned
Labels
6.topic: xen-project The Xen Project hypervisor 8.has: clean-up 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100 12.approvals: 3+ This PR was reviewed and approved by three or more reputable people 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in the package 12. first-time contribution This PR is the author's first one; please be gentle!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update request: xen 4.15.1 → 4.18.1 xen: use system ipxe instead of internal one