[PATCH 1/2] Enables forwarding Wayland from appVM to host with waypipe
Signed-off-by: vadim likholetov <vadim.likholetov@unikie.com> --- host/initramfs/extfs.nix | 4 +++- host/rootfs/Makefile | 1 + host/rootfs/default.nix | 4 ++-- host/rootfs/usr/bin/vm-start-way | 10 ++++++++++ img/app/default.nix | 3 +++ vm/app/hello-waypipe.nix | 23 +++++++++++++++++++++++ 6 files changed, 42 insertions(+), 3 deletions(-) create mode 100755 host/rootfs/usr/bin/vm-start-way create mode 100644 vm/app/hello-waypipe.nix diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix index 5c5850f..f49e519 100644 --- a/host/initramfs/extfs.nix +++ b/host/initramfs/extfs.nix @@ -11,12 +11,13 @@ let appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; }; appvm-lynx = import ../../vm/app/lynx.nix { inherit config; }; + appvm-hello-waypipe = import ../../vm/app/hello-waypipe.nix { inherit config; }; in runCommand "ext.ext4" { nativeBuildInputs = [ e2fsprogs ]; } '' - mkdir -p root/svc/data/appvm-{catgirl,lynx} + mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe} cd root tar -C ${netvm} -c data | tar -C svc -x @@ -24,6 +25,7 @@ runCommand "ext.ext4" { tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x + tar -C ${appvm-hello-waypipe} -c . | tar -C svc/data/appvm-hello-waypipe -x mkfs.ext4 -d . $out 16T resize2fs -M $out diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index 9559c06..06e3e8e 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -39,6 +39,7 @@ FILES = \ usr/bin/lsvm \ usr/bin/vm-console \ usr/bin/vm-start \ + usr/bin/vm-start-way \ usr/bin/vm-stop DIRS = dev etc/s6-linux-init/env ext run proc sys diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index 0a84f55..de4a6b6 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -7,7 +7,7 @@ pkgs.pkgsStatic.callPackage ( { lib, stdenvNoCC, nixos, runCommand, writeReferencesToFile, s6-rc, tar2ext4 , busybox, cloud-hypervisor, cryptsetup, execline, e2fsprogs, jq, kmod -, mdevd, s6, s6-linux-init, socat, util-linuxMinimal, xorg +, mdevd, s6, s6-linux-init, socat, util-linuxMinimal, xorg, waypipe }: let @@ -49,7 +49,7 @@ let packages = [ cloud-hypervisor e2fsprogs execline jq kmod mdevd s6 s6-linux-init s6-rc - socat start-vm + socat start-vm waypipe (cryptsetup.override { programs = { diff --git a/host/rootfs/usr/bin/vm-start-way b/host/rootfs/usr/bin/vm-start-way new file mode 100755 index 0000000..bda9934 --- /dev/null +++ b/host/rootfs/usr/bin/vm-start-way @@ -0,0 +1,10 @@ +#!/bin/sh +# SPDX-License-Identifier: EUPL-1.2+ + +s6-rc -bu change ext-rc +s6-rc -l /run/s6-rc.ext -u change $1 +ch-remote --api-socket /run/service/ext-${1}/env/cloud-hypervisor.sock add-vsock cid=4,socket=/run/u.${1}.socket +cd /run +nohup waypipe --socket /run/waypipe.sock client & +nohup socat unix-listen:/run/u.${1}.socket_5000,reuseaddr,fork unix-connect:/run/waypipe.sock & + diff --git a/img/app/default.nix b/img/app/default.nix index e7d5366..80f23c2 100644 --- a/img/app/default.nix +++ b/img/app/default.nix @@ -59,6 +59,9 @@ let DRM_BOCHS = yes; DRM = yes; AGP = yes; + VSOCKETS = yes; + VIRTIO_VSOCKETS = yes; + VIRTIO_VSOCKETS_COMMON = yes; }; }; in diff --git a/vm/app/hello-waypipe.nix b/vm/app/hello-waypipe.nix new file mode 100644 index 0000000..601b638 --- /dev/null +++ b/vm/app/hello-waypipe.nix @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: 2021-2022 Alyssa Ross <hi@alyssa.is> + +{ config ? import ../../../nix/eval-config.nix {} }: + +import ../make-vm.nix { inherit config; } { + providers.net = [ "netvm" ]; + run = config.pkgs.callPackage ( + { writeScript, waypipe, havoc, foot, hello-wayland, socat}: + writeScript "run-waypipe-app" '' + #!/bin/sh + mkdir /run/0 + export XDG_RUNTIME_DIR=/run/0 + ${socat}/bin/socat unix-listen:/run/waypipe.sock,reuseaddr,fork vsock-connect:2:5000 & + sleep 1 + ${waypipe}/bin/waypipe --display wayland-local --socket /run/waypipe.sock server -- sleep inf & + export WAYLAND_DISPLAY=wayland-local + ${havoc}/bin/havoc + ${hello-wayland}/bin/hello-wayland + ${foot}/bin/foot + '' + ) { }; +} -- 2.36.2
Signed-off-by: vadim likholetov <vadim.likholetov@unikie.com> --- host/initramfs/extfs.nix | 4 ++- host/rootfs/Makefile | 2 +- host/start-vm/lib.rs | 2 +- img/app/Makefile | 3 +++ img/app/default.nix | 4 +-- img/app/etc/group | 3 +++ img/app/etc/mdev/iface | 5 +++- img/app/etc/passwd | 1 + img/app/etc/s6-linux-init/scripts/rc.init | 2 ++ img/app/etc/s6-rc/app/run | 5 ++-- img/app/etc/s6-rc/user-app/run | 19 ++++++++++++++ img/app/etc/s6-rc/user-app/type | 1 + img/app/etc/s6-rc/user-app/type.license | 2 ++ vm-lib/make-vm.nix | 7 ++--- vm/app/catgirl.nix | 11 +++++++- vm/app/firefox.nix | 31 +++++++++++++++++++++++ vm/app/hello-waypipe.nix | 12 ++++++--- vm/app/lynx.nix | 10 ++++++++ 18 files changed, 109 insertions(+), 15 deletions(-) create mode 100644 img/app/etc/group create mode 100755 img/app/etc/s6-rc/user-app/run create mode 100644 img/app/etc/s6-rc/user-app/type create mode 100644 img/app/etc/s6-rc/user-app/type.license create mode 100644 vm/app/firefox.nix diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix index f49e519..917abe2 100644 --- a/host/initramfs/extfs.nix +++ b/host/initramfs/extfs.nix @@ -12,12 +12,13 @@ let appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; }; appvm-lynx = import ../../vm/app/lynx.nix { inherit config; }; appvm-hello-waypipe = import ../../vm/app/hello-waypipe.nix { inherit config; }; + appvm-firefox = import ../../vm/app/firefox.nix { inherit config; }; in runCommand "ext.ext4" { nativeBuildInputs = [ e2fsprogs ]; } '' - mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe} + mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe,firefox} cd root tar -C ${netvm} -c data | tar -C svc -x @@ -26,6 +27,7 @@ runCommand "ext.ext4" { tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x tar -C ${appvm-hello-waypipe} -c . | tar -C svc/data/appvm-hello-waypipe -x + tar -C ${appvm-firefox} -c . | tar -C svc/data/appvm-firefox -x mkfs.ext4 -d . $out 16T resize2fs -M $out diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index 06e3e8e..a228d5e 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -148,7 +148,7 @@ run: build/live.img $(EXT_FS) build/rootfs.verity.roothash exec 3<>"$$ext" && \ rm -f "$$ext" && \ truncate -s +10G /proc/self/fd/3 && \ - exec $(QEMU_KVM) -cpu host -m 2G \ + exec $(QEMU_KVM) -cpu host -m 4G \ -machine q35,kernel=$(KERNEL),kernel-irqchip=split,initrd=$(INITRAMFS) \ -display gtk,gl=on \ -qmp unix:vmm.sock,server,nowait \ diff --git a/host/start-vm/lib.rs b/host/start-vm/lib.rs index ef79091..7a89506 100644 --- a/host/start-vm/lib.rs +++ b/host/start-vm/lib.rs @@ -44,7 +44,7 @@ pub fn vm_command(dir: PathBuf, config_root: &Path) -> Result<Command, String> { command.arg("cloud-hypervisor"); command.args(&["--api-socket", "env/cloud-hypervisor.sock"]); command.args(&["--cmdline", "console=ttyS0 root=PARTLABEL=root"]); - command.args(&["--memory", "size=128M"]); + command.args(&["--memory", "size=512M"]); command.args(&["--console", "pty"]); command.arg("--kernel"); command.arg(config_dir.join("vmlinux")); diff --git a/img/app/Makefile b/img/app/Makefile index c5a4684..0a15aaa 100644 --- a/img/app/Makefile +++ b/img/app/Makefile @@ -48,6 +48,7 @@ VM_FILES = \ etc/mdev.conf \ etc/mdev/iface \ etc/passwd \ + etc/group \ etc/resolv.conf \ etc/s6-linux-init/scripts/rc.init VM_DIRS = dev run proc sys \ @@ -76,6 +77,8 @@ build/rootfs.tar: build/empty $(PACKAGES_TAR) $(VM_FILES) $(VM_BUILD_FILES) VM_S6_RC_FILES = \ etc/s6-rc/app/run \ etc/s6-rc/app/type \ + etc/s6-rc/user-app/run \ + etc/s6-rc/user-app/type \ etc/s6-rc/mdevd-coldplug/dependencies \ etc/s6-rc/mdevd-coldplug/type \ etc/s6-rc/mdevd-coldplug/up \ diff --git a/img/app/default.nix b/img/app/default.nix index 80f23c2..29abf93 100644 --- a/img/app/default.nix +++ b/img/app/default.nix @@ -9,7 +9,7 @@ config.pkgs.pkgsStatic.callPackage ( { lib, stdenvNoCC, runCommand, writeReferencesToFile, buildPackages , jq, s6-rc, tar2ext4, util-linux -, busybox, cacert, execline, kmod, mdevd, s6, s6-linux-init +, busybox, cacert, execline, kmod, mdevd, s6, s6-linux-init, tmux }: let @@ -18,7 +18,7 @@ let scripts = import ../../scripts { inherit config; }; packages = [ - execline kmod mdevd s6 s6-linux-init s6-rc + execline kmod mdevd s6 s6-linux-init s6-rc tmux (busybox.override { extraConfig = '' diff --git a/img/app/etc/group b/img/app/etc/group new file mode 100644 index 0000000..5a5c9a5 --- /dev/null +++ b/img/app/etc/group @@ -0,0 +1,3 @@ +root:x:0: +tty:x:4:user +user:x:1000:user diff --git a/img/app/etc/mdev/iface b/img/app/etc/mdev/iface index d8ceda5..1aac8a8 100755 --- a/img/app/etc/mdev/iface +++ b/img/app/etc/mdev/iface @@ -33,4 +33,7 @@ foreground { } } -s6-rc -u change app +# fix permissions +foreground { chmod a+rw /dev/null } + +s6-rc -u change app user-app diff --git a/img/app/etc/passwd b/img/app/etc/passwd index 29f3b25..1bec4cd 100644 --- a/img/app/etc/passwd +++ b/img/app/etc/passwd @@ -1 +1,2 @@ root:x:0:0:System administrator:/:/bin/sh +user:x:1000:1000:Usual user:/run/home/user/:/bin/sh diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s6-linux-init/scripts/rc.init index b46afb7..05e4bb3 100755 --- a/img/app/etc/s6-linux-init/scripts/rc.init +++ b/img/app/etc/s6-linux-init/scripts/rc.init @@ -7,5 +7,7 @@ if { s6-rc-init -c /etc/s6-rc /run/service } if { mkdir -p /dev/pts /dev/shm } if { modprobe overlay } if { mount -a } +if { mkdir -p /run/home/user } +if { chown 1000:1000 /run/home/user } s6-rc change ok-all diff --git a/img/app/etc/s6-rc/app/run b/img/app/etc/s6-rc/app/run index 2a628b7..8166111 100755 --- a/img/app/etc/s6-rc/app/run +++ b/img/app/etc/s6-rc/app/run @@ -5,6 +5,7 @@ export TERM foot export TERMINFO_DIRS /usr/share/terminfo export TMPDIR /run +export TMUX_TMPDIR /run backtick USER { id -un } backtick HOME { @@ -22,5 +23,5 @@ fdmove -c 2 0 foreground { clear } unexport ? -foreground { /run/ext/run } -exec -l sh +foreground { tmux new sh -c "/run/ext/run" } +tmux new /bin/sh diff --git a/img/app/etc/s6-rc/user-app/run b/img/app/etc/s6-rc/user-app/run new file mode 100755 index 0000000..e0b124c --- /dev/null +++ b/img/app/etc/s6-rc/user-app/run @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: EUPL-1.2+ + +export TERM=foot +export TERMINFO_DIRS=/usr/share/terminfo +export TMPDIR=/run +export USER=user +export TMUX_TMPDIR=/run +export HOME=/run/home/${USER} + +cd $HOME + +while ! test -S '/run/tmux-0/default'; do sleep 1; echo waiting for tmux ; done +sleep 5 + +echo "starting user service" +tmux neww su user sh -c "/run/ext/run-as-user" +tmux neww su user /bin/sh +sleep inf diff --git a/img/app/etc/s6-rc/user-app/type b/img/app/etc/s6-rc/user-app/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/img/app/etc/s6-rc/user-app/type @@ -0,0 +1 @@ +longrun diff --git a/img/app/etc/s6-rc/user-app/type.license b/img/app/etc/s6-rc/user-app/type.license new file mode 100644 index 0000000..c49c11b --- /dev/null +++ b/img/app/etc/s6-rc/user-app/type.license @@ -0,0 +1,2 @@ +SPDX-License-Identifier: CC0-1.0 +SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> diff --git a/vm-lib/make-vm.nix b/vm-lib/make-vm.nix index 2c50ca5..7aff6ed 100644 --- a/vm-lib/make-vm.nix +++ b/vm-lib/make-vm.nix @@ -13,7 +13,7 @@ pkgs.pkgsStatic.callPackage ( { lib, runCommand, writeReferencesToFile, e2fsprogs, tar2ext4 }: -{ run, providers ? {} }: +{ run, run-as-user, providers ? {} }: let inherit (lib) @@ -34,9 +34,10 @@ runCommand "spectrum-vm" { mkdir root cd root ln -s ${run} run - comm -23 <(sort ${writeReferencesToFile run}) \ + ln -s ${run-as-user} run-as-user + comm -23 <(sort ${writeReferencesToFile run} ${writeReferencesToFile run-as-user}) \ <(sort ${writeReferencesToFile basePaths}) | - tar -cf ../run.tar --verbatim-files-from -T - run + tar -cf ../run.tar --verbatim-files-from -T - run run-as-user tar2ext4 -i ../run.tar -o "$out/blk/run.img" e2label "$out/blk/run.img" ext diff --git a/vm/app/catgirl.nix b/vm/app/catgirl.nix index a4c05e3..3a1ef48 100644 --- a/vm/app/catgirl.nix +++ b/vm/app/catgirl.nix @@ -5,7 +5,8 @@ import ../make-vm.nix { inherit config; } { providers.net = [ "netvm" ]; - run = config.pkgs.pkgsStatic.callPackage ( + + run-as-user = config.pkgs.pkgsStatic.callPackage ( { writeScript, catgirl }: writeScript "run-catgirl" '' #!/bin/execlineb -P @@ -14,4 +15,12 @@ import ../make-vm.nix { inherit config; } { ${catgirl}/bin/catgirl -h irc.libera.chat -j "#spectrum" -n $nick '' ) { }; + + run = config.pkgs.pkgsStatic.callPackage ( + { writeScript }: + writeScript "run-as-root" '' + #!/bin/execlineb -P + /bin/true + '' + ) { }; } diff --git a/vm/app/firefox.nix b/vm/app/firefox.nix new file mode 100644 index 0000000..9744164 --- /dev/null +++ b/vm/app/firefox.nix @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: 2021-2022 Alyssa Ross <hi@alyssa.is> + +{ config ? import ../../../nix/eval-config.nix {} }: + +import ../make-vm.nix { inherit config; } { + providers.net = [ "netvm" ]; + run = config.pkgs.callPackage ( + { writeScript }: + writeScript "run-as-root" '' + #!/bin/sh + /bin/sh + '' + ) { }; + + run-as-user = config.pkgs.callPackage ( + { writeScript, socat, waypipe, havoc, firefox-wayland}: + writeScript "run-firefox" '' + #!/bin/sh + mkdir /run/home/user/0 + export XDG_RUNTIME_DIR=/run/home/user/0 + ${socat}/bin/socat unix-listen:/run/home/user/waypipe.sock,reuseaddr,fork vsock-connect:2:5000 & + sleep 1 + ${waypipe}/bin/waypipe --display wayland-local-user --socket /run/home/user/waypipe.sock server -- sleep inf & + export WAYLAND_DISPLAY=wayland-local-user + + ${firefox-wayland}/bin/firefox https://spectrum-os.org/ + /bin/sh + '' + ) { }; +} diff --git a/vm/app/hello-waypipe.nix b/vm/app/hello-waypipe.nix index 601b638..6ff216c 100644 --- a/vm/app/hello-waypipe.nix +++ b/vm/app/hello-waypipe.nix @@ -6,7 +6,7 @@ import ../make-vm.nix { inherit config; } { providers.net = [ "netvm" ]; run = config.pkgs.callPackage ( - { writeScript, waypipe, havoc, foot, hello-wayland, socat}: + { writeScript, waypipe, socat, weston, havoc }: writeScript "run-waypipe-app" '' #!/bin/sh mkdir /run/0 @@ -16,8 +16,14 @@ import ../make-vm.nix { inherit config; } { ${waypipe}/bin/waypipe --display wayland-local --socket /run/waypipe.sock server -- sleep inf & export WAYLAND_DISPLAY=wayland-local ${havoc}/bin/havoc - ${hello-wayland}/bin/hello-wayland - ${foot}/bin/foot + '' + ) { }; + + run-as-user = config.pkgs.pkgsStatic.callPackage ( + { writeScript, socat, waypipe, havoc, firefox-wayland}: + writeScript "run-as-user" '' + #!/bin/sh + /bin/sh '' ) { }; } diff --git a/vm/app/lynx.nix b/vm/app/lynx.nix index 00d449e..0ecc3f0 100644 --- a/vm/app/lynx.nix +++ b/vm/app/lynx.nix @@ -5,11 +5,21 @@ import ../make-vm.nix { inherit config; } { providers.net = [ "netvm" ]; + run = config.pkgs.pkgsStatic.callPackage ( + { writeScript }: + writeScript "run-root-shell" '' + #!/bin/execlineb -P + /bin/sh + '' + ) { }; + + run-as-user = config.pkgs.pkgsStatic.callPackage ( { writeScript, lynx }: writeScript "run-lynx" '' #!/bin/execlineb -P ${lynx}/bin/lynx https://spectrum-os.org '' ) { }; + } -- 2.36.2
participants (1)
-
vadim likholetov