mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-23 13:48:21 +03:00
Revert "ovftool: init at 4.6.2 for x86_64-darwin"
This commit is contained in:
parent
5bfe2b6964
commit
9b45c0c659
@ -1,267 +1,150 @@
|
|||||||
{ autoPatchelfHook
|
{ lib, stdenv, fetchurl, system ? builtins.currentSystem, ovftoolBundles ? {}
|
||||||
, c-ares
|
, autoPatchelfHook, makeWrapper, unzip
|
||||||
, darwin
|
, glibc, c-ares, libxcrypt-legacy, expat, icu60, xercesc, zlib
|
||||||
, expat
|
|
||||||
, fetchurl
|
|
||||||
, glibc
|
|
||||||
, icu60
|
|
||||||
, lib
|
|
||||||
, libiconv
|
|
||||||
, libredirect
|
|
||||||
, libxcrypt-legacy
|
|
||||||
, libxml2
|
|
||||||
, makeWrapper
|
|
||||||
, stdenv
|
|
||||||
, unzip
|
|
||||||
, xercesc
|
|
||||||
, zlib
|
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
version = "4.6.2-22220919";
|
||||||
|
version_i686 = "4.6.0-21452615";
|
||||||
|
|
||||||
ovftoolSystems =
|
ovftoolZipUnpackPhase = ''
|
||||||
let
|
runHook preUnpack
|
||||||
baseUrl = "https://vdc-download.vmware.com/vmwb-repository/dcr-public";
|
unzip ${ovftoolSource}
|
||||||
in
|
extracted=ovftool/
|
||||||
{
|
if [ -d "$extracted" ]; then
|
||||||
"i686-linux" = rec {
|
echo "ovftool extracted successfully" >&2
|
||||||
name = "VMware-ovftool-${version}-lin.i386.zip";
|
else
|
||||||
# As of 2024-02-20 the "Zip of OVF Tool for 32-bit Linux" download link
|
echo "Could not find $extracted - are you sure this is ovftool?" >&2
|
||||||
# on the v4.6.2 page links to v4.6.0.
|
exit 1
|
||||||
version = "4.6.0-21452615";
|
fi
|
||||||
url = "${baseUrl}/7254abb2-434d-4f5d-83e2-9311ced9752e/57e666a2-874c-48fe-b1d2-4b6381f7fe97/${name}";
|
runHook postUnpack
|
||||||
hash = "sha256-qEOr/3SW643G5ZQQNJTelZbUxB8HmxPd5uD+Gqsoxz0=";
|
'';
|
||||||
};
|
|
||||||
"x86_64-linux" = rec {
|
ovftoolSystems = let
|
||||||
name = "VMware-ovftool-${version}-lin.x86_64.zip";
|
baseUrl = "https://vdc-download.vmware.com/vmwb-repository/dcr-public";
|
||||||
version = "4.6.2-22220919";
|
in {
|
||||||
url = "${baseUrl}/8a93ce23-4f88-4ae8-b067-ae174291e98f/c609234d-59f2-4758-a113-0ec5bbe4b120/${name}";
|
"i686-linux" = rec {
|
||||||
hash = "sha256-3B1cUDldoTqLsbSARj2abM65nv+Ot0z/Fa35/klJXEY=";
|
name = "VMware-ovftool-${version_i686}-lin.i386.zip";
|
||||||
};
|
url = "${baseUrl}/7254abb2-434d-4f5d-83e2-9311ced9752e/57e666a2-874c-48fe-b1d2-4b6381f7fe97/${name}";
|
||||||
"x86_64-darwin" = rec {
|
hash = "sha256-qEOr/3SW643G5ZQQNJTelZbUxB8HmxPd5uD+Gqsoxz0=";
|
||||||
name = "VMware-ovftool-${version}-mac.x64.zip";
|
unpackPhase = ovftoolZipUnpackPhase;
|
||||||
version = "4.6.2-22220919";
|
};
|
||||||
url = "${baseUrl}/91091b23-280a-487a-a048-0c2594303c92/dc666e23-104f-4b9b-be11-6d88dcf3ab98/${name}";
|
"x86_64-linux" = rec {
|
||||||
hash = "sha256-AZufZ0wxt5DYjnpahDfy36W8i7kjIfEkW6MoELSx11k=";
|
name = "VMware-ovftool-${version}-lin.x86_64.zip";
|
||||||
};
|
url = "${baseUrl}/8a93ce23-4f88-4ae8-b067-ae174291e98f/c609234d-59f2-4758-a113-0ec5bbe4b120/${name}";
|
||||||
|
hash = "sha256-3B1cUDldoTqLsbSARj2abM65nv+Ot0z/Fa35/klJXEY=";
|
||||||
|
unpackPhase = ovftoolZipUnpackPhase;
|
||||||
};
|
};
|
||||||
|
|
||||||
ovftoolSystem = ovftoolSystems.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
|
|
||||||
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
pname = "ovftool";
|
|
||||||
inherit (ovftoolSystem) version;
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
inherit (ovftoolSystem) name url hash;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ovftoolSystem = if builtins.hasAttr system ovftoolSystems then
|
||||||
|
ovftoolSystems.${system}
|
||||||
|
else throw "System '${system}' is unsupported by ovftool";
|
||||||
|
|
||||||
|
ovftoolSource = if builtins.hasAttr system ovftoolBundles then
|
||||||
|
ovftoolBundles.${system}
|
||||||
|
else
|
||||||
|
fetchurl {
|
||||||
|
inherit (ovftoolSystem) name url hash;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "ovftool";
|
||||||
|
inherit version;
|
||||||
|
|
||||||
|
src = ovftoolSource;
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
|
glibc
|
||||||
|
libxcrypt-legacy
|
||||||
c-ares
|
c-ares
|
||||||
expat
|
expat
|
||||||
icu60
|
icu60
|
||||||
libiconv
|
|
||||||
libxcrypt-legacy
|
|
||||||
xercesc
|
xercesc
|
||||||
zlib
|
zlib
|
||||||
] ++ lib.optionals stdenv.isLinux [
|
|
||||||
glibc
|
|
||||||
] ++ lib.optionals stdenv.isDarwin [
|
|
||||||
darwin.Libsystem
|
|
||||||
libxml2
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nativeBuildInputs = [ unzip makeWrapper ]
|
nativeBuildInputs = [ autoPatchelfHook makeWrapper unzip ];
|
||||||
++ lib.optionals stdenv.isLinux [ autoPatchelfHook ];
|
|
||||||
|
|
||||||
postUnpack = ''
|
preferLocalBuild = true;
|
||||||
# The linux package wraps ofvtool.bin with ovftool. Wrapping
|
|
||||||
# below in installPhase.
|
|
||||||
# Rename to ovftool on install for all systems to ovftool
|
|
||||||
if [[ -f ovftool.bin ]]; then
|
|
||||||
mv -v ovftool.bin ovftool
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
|
sourceRoot = ".";
|
||||||
|
|
||||||
|
unpackPhase = ovftoolSystem.unpackPhase;
|
||||||
|
|
||||||
|
# Expects a directory named 'ovftool' containing the ovftool install.
|
||||||
|
# Based on https://aur.archlinux.org/packages/vmware-ovftool/
|
||||||
|
# with the addition of a libexec directory and a Nix-style binary wrapper.
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
runHook preInstall
|
runHook preInstall
|
||||||
|
if [ -d ovftool ]; then
|
||||||
# Based on https://aur.archlinux.org/packages/vmware-ovftool/
|
# Ensure we're in the staging directory
|
||||||
# with the addition of a libexec directory and a Nix-style binary wrapper.
|
cd ovftool
|
||||||
|
fi
|
||||||
# Almost all libs in the package appear to be VMware proprietary except for
|
# libraries
|
||||||
# libgoogleurl and libcurl. The rest of the libraries that the installer
|
install -m 755 -d "$out/lib/${pname}"
|
||||||
# extracts are omitted here, and provided in buildInputs. Since libcurl
|
# These all appear to be VMWare proprietary except for libgoogleurl and libcurl.
|
||||||
# depends on VMware's OpenSSL, both libs are still used.
|
# The rest of the libraries that the installer extracts are omitted here,
|
||||||
# FIXME: Replace libgoogleurl? Possibly from Chromium?
|
# and provided in buildInputs. Since libcurl depends on VMWare's OpenSSL,
|
||||||
# FIXME: Tell VMware to use a modern version of OpenSSL. As of ovftool
|
# we have to use both here too.
|
||||||
# v4.6.2 ovftool uses openssl-1.0.2zh which in seems to be the extended
|
#
|
||||||
# support LTS release: https://www.openssl.org/support/contracts.html
|
# FIXME: can we replace libgoogleurl? Possibly from Chromium?
|
||||||
|
# FIXME: tell VMware to use a modern version of OpenSSL.
|
||||||
# Install all libs that are not patched in preFixup.
|
#
|
||||||
# Darwin dylibs are under `lib` in the zip.
|
install -m 644 -t "$out/lib/${pname}" \
|
||||||
install -m 755 -d "$out/lib"
|
|
||||||
install -m 644 -t "$out/lib" \
|
|
||||||
'' + lib.optionalString stdenv.isLinux ''
|
|
||||||
libcrypto.so.1.0.2 \
|
|
||||||
libcurl.so.4 \
|
|
||||||
libgoogleurl.so.59 \
|
libgoogleurl.so.59 \
|
||||||
libssl.so.1.0.2 \
|
|
||||||
libssoclient.so \
|
libssoclient.so \
|
||||||
libvim-types.so \
|
libvim-types.so libvmacore.so libvmomi.so \
|
||||||
libvmacore.so \
|
libcurl.so.4 libcrypto.so.1.0.2 libssl.so.1.0.2
|
||||||
libvmomi.so
|
# libexec binaries
|
||||||
'' + lib.optionalString stdenv.isDarwin ''
|
install -m 755 -d "$out/libexec/${pname}"
|
||||||
lib/libcrypto.1.0.2.dylib \
|
install -m 755 -t "$out/libexec/${pname}" ovftool.bin
|
||||||
lib/libcurl.4.dylib \
|
install -m 644 -t "$out/libexec/${pname}" icudt44l.dat
|
||||||
lib/libgoogleurl.59.0.30.45.2.dylib \
|
# libexec resources
|
||||||
lib/libssl.1.0.2.dylib \
|
|
||||||
lib/libssoclient.dylib \
|
|
||||||
lib/libvim-types.dylib \
|
|
||||||
lib/libvmacore.dylib \
|
|
||||||
lib/libvmomi.dylib
|
|
||||||
'' + ''
|
|
||||||
# Install libexec binaries
|
|
||||||
# ovftool expects to be run relative to certain directories, namely `env`.
|
|
||||||
# Place the binary and those dirs in libexec.
|
|
||||||
install -m 755 -d "$out/libexec"
|
|
||||||
install -m 755 -t "$out/libexec" ovftool
|
|
||||||
install -m 644 -t "$out/libexec" icudt44l.dat
|
|
||||||
|
|
||||||
# Install other libexec resources that need to be relative to the `ovftool`
|
|
||||||
# binary.
|
|
||||||
for subdir in "certs" "env" "env/en" "schemas/DMTF" "schemas/vmware"; do
|
for subdir in "certs" "env" "env/en" "schemas/DMTF" "schemas/vmware"; do
|
||||||
install -m 755 -d "$out/libexec/$subdir"
|
install -m 755 -d "$out/libexec/${pname}/$subdir"
|
||||||
install -m 644 -t "$out/libexec/$subdir" "$subdir"/*.*
|
install -m 644 -t "$out/libexec/${pname}/$subdir" "$subdir"/*.*
|
||||||
done
|
done
|
||||||
|
# EULA/OSS files
|
||||||
# Install EULA/OSS files
|
install -m 755 -d "$out/share/licenses/${pname}"
|
||||||
install -m 755 -d "$out/share/licenses"
|
install -m 644 -t "$out/share/licenses/${pname}" \
|
||||||
install -m 644 -t "$out/share/licenses" \
|
"vmware.eula" "vmware-eula.rtf" "open_source_licenses.txt"
|
||||||
"vmware.eula" \
|
# documentation files
|
||||||
"vmware-eula.rtf" \
|
install -m 755 -d "$out/share/doc/${pname}"
|
||||||
"open_source_licenses.txt"
|
install -m 644 -t "$out/share/doc/${pname}" "README.txt"
|
||||||
|
# binary wrapper; note that LC_CTYPE is defaulted to en_US.UTF-8 by
|
||||||
# Install Docs
|
# VMWare's wrapper script. We use C.UTF-8 instead.
|
||||||
install -m 755 -d "$out/share/doc"
|
|
||||||
install -m 644 -t "$out/share/doc" "README.txt"
|
|
||||||
|
|
||||||
# Install final executable
|
|
||||||
install -m 755 -d "$out/bin"
|
install -m 755 -d "$out/bin"
|
||||||
makeWrapper "$out/libexec/ovftool" "$out/bin/ovftool" \
|
makeWrapper "$out/libexec/${pname}/ovftool.bin" "$out/bin/ovftool" \
|
||||||
'' + lib.optionalString stdenv.isLinux ''
|
--set-default LC_CTYPE C.UTF-8 \
|
||||||
--prefix LD_LIBRARY_PATH : "$out/lib"
|
--prefix LD_LIBRARY_PATH : "$out/lib"
|
||||||
'' + lib.optionalString stdenv.isDarwin ''
|
|
||||||
--prefix DYLD_LIBRARY_PATH : "$out/lib"
|
|
||||||
'' + ''
|
|
||||||
runHook postInstall
|
runHook postInstall
|
||||||
'';
|
'';
|
||||||
|
|
||||||
preFixup = lib.optionalString stdenv.isLinux ''
|
preFixup = ''
|
||||||
addAutoPatchelfSearchPath "$out/lib"
|
addAutoPatchelfSearchPath "$out/lib"
|
||||||
'' + lib.optionalString stdenv.isDarwin ''
|
|
||||||
change_args=()
|
|
||||||
|
|
||||||
# Change relative @loader_path dylibs to absolute paths.
|
|
||||||
for lib in $out/lib/*.dylib; do
|
|
||||||
libname=$(basename $lib)
|
|
||||||
change_args+=(-change "@loader_path/lib/$libname" "$out/lib/$libname")
|
|
||||||
done
|
|
||||||
|
|
||||||
# Patches for ovftool binary
|
|
||||||
change_args+=(-change /usr/lib/libSystem.B.dylib ${darwin.Libsystem}/lib/libSystem.B.dylib)
|
|
||||||
change_args+=(-change /usr/lib/libc++.1.dylib ${stdenv.cc.libcxx.cxxabi}/lib/libc++.1.dylib)
|
|
||||||
change_args+=(-change /usr/lib/libiconv.2.dylib ${libiconv}/lib/libiconv.2.dylib)
|
|
||||||
change_args+=(-change /usr/lib/libxml2.2.dylib ${libxml2}/lib/libxml2.2.dylib)
|
|
||||||
change_args+=(-change /usr/lib/libz.1.dylib ${zlib}/lib/libz.1.dylib)
|
|
||||||
change_args+=(-change @loader_path/lib/libcares.2.dylib ${c-ares}/lib/libcares.2.dylib)
|
|
||||||
change_args+=(-change @loader_path/lib/libexpat.dylib ${expat}/lib/libexpat.dylib)
|
|
||||||
change_args+=(-change @loader_path/lib/libicudata.60.2.dylib ${icu60}/lib/libicudata.60.2.dylib)
|
|
||||||
change_args+=(-change @loader_path/lib/libicuuc.60.2.dylib ${icu60}/lib/libicuuc.60.2.dylib)
|
|
||||||
change_args+=(-change @loader_path/lib/libxerces-c-3.2.dylib ${xercesc}/lib/libxerces-c-3.2.dylib)
|
|
||||||
|
|
||||||
# Patch binary
|
|
||||||
install_name_tool "''${change_args[@]}" "$out/libexec/ovftool"
|
|
||||||
|
|
||||||
# Additional patches for ovftool dylibs
|
|
||||||
change_args+=(-change /usr/lib/libresolv.9.dylib ${darwin.Libsystem}/lib/libresolv.9.dylib)
|
|
||||||
change_args+=(-change @loader_path/libcares.2.dylib ${c-ares}/lib/libcares.2.dylib)
|
|
||||||
change_args+=(-change @loader_path/libexpat.dylib ${expat}/lib/libexpat.dylib)
|
|
||||||
change_args+=(-change @loader_path/libicudata.60.2.dylib ${icu60}/lib/libicudata.60.2.dylib)
|
|
||||||
change_args+=(-change @loader_path/libicuuc.60.2.dylib ${icu60}/lib/libicuuc.60.2.dylib)
|
|
||||||
change_args+=(-change @loader_path/libxerces-c-3.2.dylib ${xercesc}/lib/libxerces-c-3.2.dylib)
|
|
||||||
|
|
||||||
# Add new abolute paths for other libs to all libs
|
|
||||||
for lib in $out/lib/*.dylib; do
|
|
||||||
libname=$(basename $lib)
|
|
||||||
change_args+=(-change "@loader_path/$libname" "$out/lib/$libname")
|
|
||||||
done
|
|
||||||
|
|
||||||
# Patch all libs
|
|
||||||
for lib in $out/lib/*.dylib; do
|
|
||||||
libname=$(basename $lib)
|
|
||||||
install_name_tool -id "$libname" "$lib"
|
|
||||||
install_name_tool "''${change_args[@]}" "$lib"
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
|
|
||||||
# These paths are need for install check tests
|
|
||||||
propagatedSandboxProfile = lib.optionalString stdenv.isDarwin ''
|
|
||||||
(allow file-read* (subpath "/usr/share/locale"))
|
|
||||||
(allow file-read* (subpath "/var/db/timezone"))
|
|
||||||
(allow file-read* (subpath "/System/Library/TextEncodings"))
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
doInstallCheck = true;
|
doInstallCheck = true;
|
||||||
|
|
||||||
postInstallCheck = lib.optionalString stdenv.isDarwin ''
|
installCheckPhase = ''
|
||||||
export HOME=$TMPDIR
|
# This is a NixOS 22.11 image (doesn't actually matter) with a 1 MiB root disk that's all zero.
|
||||||
# Construct a dummy /etc/passwd file - ovftool attempts to determine the
|
# Make sure that it converts properly.
|
||||||
# user's "real" home using this
|
mkdir -p ovftool-check
|
||||||
DUMMY_PASSWD="$(realpath $HOME/dummy-passwd)"
|
cd ovftool-check
|
||||||
cat > $DUMMY_PASSWD <<EOF
|
|
||||||
$(whoami)::$(id -u):$(id -g)::$HOME:$SHELL
|
|
||||||
EOF
|
|
||||||
export DYLD_INSERT_LIBRARIES="${libredirect}/lib/libredirect.dylib"
|
|
||||||
export NIX_REDIRECTS="/etc/passwd=$DUMMY_PASSWD"
|
|
||||||
'' + ''
|
|
||||||
mkdir -p ovftool-check && cd ovftool-check
|
|
||||||
|
|
||||||
ovftool_with_args="$out/bin/ovftool --X:logToConsole"
|
$out/bin/ovftool ${./installCheckPhase.ova} nixos.ovf
|
||||||
|
if [ ! -f nixos.ovf ] || [ ! -f nixos.mf ] || [ ! -f nixos-disk1.vmdk ]; then
|
||||||
# `installCheckPhase.ova` is a NixOS 22.11 image (doesn't actually matter)
|
exit 1
|
||||||
# with a 1 MiB root disk that's all zero. Make sure that it converts
|
fi
|
||||||
# properly.
|
|
||||||
|
|
||||||
$ovftool_with_args --schemaValidate ${./installCheckPhase.ova}
|
|
||||||
$ovftool_with_args --sourceType=OVA --targetType=OVF ${./installCheckPhase.ova} nixos.ovf
|
|
||||||
|
|
||||||
# Test that the output files are there
|
|
||||||
test -f nixos.ovf
|
|
||||||
test -f nixos.mf
|
|
||||||
test -f nixos-disk1.vmdk
|
|
||||||
|
|
||||||
$ovftool_with_args --schemaValidate nixos.ovf
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "VMware tools for working with OVF, OVA, and VMX images";
|
description = "VMWare tools for working with OVF, OVA, and VMX images";
|
||||||
homepage = "https://developer.vmware.com/web/tool/ovf-tool/";
|
|
||||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||||
license = licenses.unfree;
|
license = licenses.unfree;
|
||||||
maintainers = with maintainers; [ numinit wolfangaukang thanegill ];
|
maintainers = with maintainers; [ numinit wolfangaukang ];
|
||||||
platforms = builtins.attrNames ovftoolSystems;
|
platforms = builtins.attrNames ovftoolSystems;
|
||||||
mainProgram = "ovftool";
|
mainProgram = "ovftool";
|
||||||
knownVulnerabilities = [
|
|
||||||
"The bundled version of openssl 1.0.2zh in ovftool has open vulnerabilities."
|
|
||||||
"CVE-2024-0727"
|
|
||||||
"CVE-2023-5678"
|
|
||||||
"CVE-2023-3817"
|
|
||||||
"CVE-2009-3767"
|
|
||||||
"CVE-2009-3766"
|
|
||||||
"CVE-2009-3765"
|
|
||||||
"CVE-2009-1390"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user