Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qemu: enable smartcard support #48282

Merged
merged 3 commits into from Oct 16, 2018
Merged

qemu: enable smartcard support #48282

merged 3 commits into from Oct 16, 2018

Conversation

lukateras
Copy link
Member

@lukateras lukateras commented Oct 12, 2018
edited

Motivation for this change

As of GNOME/gnome-boxes@6bf871c, GNOME Boxes only works with QEMU built with smartcard support.

For similar bug elsewhere, see: https://github.com/voidlinux/void-packages/issues/6336

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@lukateras
Copy link
Member Author

cc @bluescreen303 @dtzWill

@GrahamcOfBorg
Copy link

Success on x86_64-darwin (full log)

Attempted: libcacard, qemu

The following builds were skipped because they don't evaluate on x86_64-darwin: spice

Partial log (click to expand)

make[3]: Leaving directory '/private/tmp/nix-build-libcacard-2.6.1.drv-0/libcacard-2.6.1'
make[2]: Leaving directory '/private/tmp/nix-build-libcacard-2.6.1.drv-0/libcacard-2.6.1'
make[1]: Leaving directory '/private/tmp/nix-build-libcacard-2.6.1.drv-0/libcacard-2.6.1'
glibPreFixupPhase
post-installation fixup
strip is /nix/store/9xjkb4xz0b5lmizij9ppxy7lkxdxhx6b-cctools-binutils-darwin/bin/strip
stripping (with command strip and flags -S) in /nix/store/l5ik7fba3ham9zvmy97llxyjjr57fg7m-libcacard-2.6.1/lib
patching script interpreter paths in /nix/store/l5ik7fba3ham9zvmy97llxyjjr57fg7m-libcacard-2.6.1
/nix/store/l5ik7fba3ham9zvmy97llxyjjr57fg7m-libcacard-2.6.1
/nix/store/q576vmx9am9nvcynxcfvpfbzif5bnggn-qemu-3.0.0

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: libcacard, qemu, spice

Partial log (click to expand)

cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
strip is /nix/store/428gs2z4b8f9byvghzlpbjwjb3a7jwxx-binutils-2.30/bin/strip
/nix/store/332wfy6mnk5j1krzj7177j4f2pvdyx70-libcacard-2.6.1
/nix/store/cgbf57m9yjxmcqcw8l5a9lp1gma6mrnw-qemu-3.0.0
/nix/store/qnsy9hjdn4i0viaizlfb8jy00cla3p6v-spice-0.14.0

@xeji
Copy link
Contributor

xeji commented Oct 12, 2018

I'm fine with this change, but just out of curiosity: I use smartcard readers with qemu guests a lot, works well just with spice usb redirection. No need for extra smartcard support in qemu or spice. What additional use cases does this enable?

@lukateras
Copy link
Member Author

lukateras commented Oct 12, 2018
edited

Here are docs:

This seems to be able to store keys on the host (instead of smartcard) while only exposing virtual smartcard interface to the guest, thus not leaking any secrets to it.

Also, I imagine this will work with both guest and host using the same physical smartcard at the same time, unlike USB redirection.

But then, primary reason I'm sending this pull request is because GNOME Boxes expects smartcard support.

@GrahamcOfBorg
Copy link

Timed out, unknown build status on x86_64-linux (full log)

Attempted: libcacard, qemu, spice

Partial log (click to expand)

  CC      mips64el-softmmu/hw/9pfs/virtio-9p-device.o
  CC      mips64el-softmmu/hw/block/virtio-blk.o
  CC      mips64el-softmmu/hw/block/vhost-user-blk.o
  CC      mips64el-softmmu/hw/block/dataplane/virtio-blk.o
  CC      mips64el-softmmu/hw/char/virtio-serial-bus.o
  CC      mips64el-softmmu/hw/core/generic-loader.o
  CC      mips64el-softmmu/hw/core/null-machine.o
  CC      mips64el-softmmu/hw/display/vga.o
building of '/nix/store/ivvyrwikjv234h9c8hwaxg7i1k8irx5y-qemu-3.0.0.drv' timed out after 3600 seconds
error: build of '/nix/store/ivvyrwikjv234h9c8hwaxg7i1k8irx5y-qemu-3.0.0.drv' failed

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: libcacard, qemu, spice

Partial log (click to expand)

/nix/store/332wfy6mnk5j1krzj7177j4f2pvdyx70-libcacard-2.6.1
/nix/store/cgbf57m9yjxmcqcw8l5a9lp1gma6mrnw-qemu-3.0.0
/nix/store/qnsy9hjdn4i0viaizlfb8jy00cla3p6v-spice-0.14.0

@GrahamcOfBorg
Copy link

Success on x86_64-darwin (full log)

Attempted: libcacard, qemu

The following builds were skipped because they don't evaluate on x86_64-darwin: spice

Partial log (click to expand)

find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
find: '/nix/store/5aasavx97vzaisd8c98pavnzmfl5c4yp-qemu-3.0.0-ga': No such file or directory
/nix/store/l5ik7fba3ham9zvmy97llxyjjr57fg7m-libcacard-2.6.1
/nix/store/lm2px70v1hx4x2v0xzbgfaymw8jg83q1-qemu-3.0.0

@GrahamcOfBorg
Copy link

Timed out, unknown build status on x86_64-linux (full log)

Attempted: libcacard, qemu, spice

Partial log (click to expand)

  CC      sparc64-softmmu/hw/vfio/spapr.o
  CC      tricore-softmmu/memory_mapping.o
  CC      sparc64-softmmu/hw/virtio/virtio.o
  CC      tricore-softmmu/dump.o
  CC      tricore-softmmu/migration/ram.o
  CC      sparc64-softmmu/hw/virtio/virtio-balloon.o
  CC      sparc64-softmmu/hw/virtio/virtio-crypto.o
  CC      tricore-softmmu/accel/accel.o
building of '/nix/store/ivvyrwikjv234h9c8hwaxg7i1k8irx5y-qemu-3.0.0.drv' timed out after 1800 seconds
error: build of '/nix/store/ivvyrwikjv234h9c8hwaxg7i1k8irx5y-qemu-3.0.0.drv' failed

@dtzWill
Copy link
Member

dtzWill commented Oct 13, 2018

Awesome! Maybe we could use this for writing NixOS tests of smartcard functionality?

Looks good to me, but haven't tried it yet. Will probably try soon :).

@lukateras lukateras merged commit e31942c into NixOS:master Oct 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xeji xeji xeji approved these changes

Assignees
No one assigned
Labels
8.has: package (new) 10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@lukateras @GrahamcOfBorg @xeji @dtzWill