runInLinuxVM: add hostPkgs

[felixscheinost]

This change is a possible fix for #73470.
Similar to NixOS change virtualisation.host.pkgs (#180222).

Why hostPkgs over buildPackages

I would've preferred to use the cross-compilation targets but that didn't work.

For example, ideally the following would work on Darwin:

with (import <nixpkgs> { }).pkgsCross.aarch64-multiplatform;
vmTools.runInLinuxVM hello

That would make sense to me: I want to run aarch64-multiplatform hello in an aarch64-linux VM but build, i.e. run the VM on a Darwin build-system.

But this fails very early.
Evaluating the following:

(import <nixpkgs> { }).pkgsCross.aarch64-multiplatform.buildPackages.qemu_kvm'

fails with this error:

error: Don't know how to run aarch64-unknown-linux-gnu executables.

Could someone more knowledgeable about the cross-compilation system explain why this is the case?

How to use

let
  pkgs = import <nixpkgs> { system = "aarch64-linux"; };
  vmTools = pkgs.vmTools.override { hostPkgs = import <nixpkgs> { }; };
in vmTools.runInLinuxVM pkgs.hello

TODO

• I am not sure if this approach with hostPkgs really makese sense. I'd rather use buildPackages and fix the evaluation error for qemu_kvm above.
• Not sure if changing the system of the derivation is the right thing to do here. I think this would also go away when using pkgsCross?

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[felixscheinost]

Overall there are 4 packages which need to comre from hostPkgs:

• qemu_kvm
• bash for builder
• coreutils for run-vm
• writeText for run-vm

[felixscheinost]

Changing system here is a hack. This would probably go away when using pkgsCross properly which currently doesn't work due to qemu_kvm (see error in PR).

[Artturin]

That would make sense to me: I want to run aarch64-multiplatform hello in an aarch64-linux VM but build, i.e. run the VM on a Darwin build-system.

But this fails very early. Evaluating the following:

(import <nixpkgs> { }).pkgsCross.aarch64-multiplatform.buildPackages.qemu_kvm'

There's no qemu-user for darwin

nixpkgs/lib/systems/default.nix

Lines 289 to 290 in 068b0aa

	else if final.isLinux && pkgs.stdenv.hostPlatform.isLinux && final.qemuArch != null
	then "${pkgs.qemu-user}/bin/qemu-${final.qemuArch}"

Package ‘qemu-user-9.1.1’ in ./pkgs/applications/virtualization/qemu/default.nix:318 is not available on the requested hostPlatform
which we need for cross-compiling gobject-introspection

Maybe a conditional wrong somewhere

nix-repl> pkgsCross.aarch64-multiplatform.buildPackages.graphene
error:
       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:9:12:
            8|
            9|   strict = derivationStrict drvAttrs;
             |            ^
           10|

       … while evaluating derivation 'graphene-1.10.8'
         whose name attribute is located at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:336:7

       … while evaluating attribute 'postPatch' of derivation 'graphene-1.10.8'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/development/libraries/graphene/default.nix:95:3:
           94|
           95|   postPatch = ''
             |   ^
           96|     patchShebangs tests/gen-installed-test.py

       … from call site
         at /home/artturin/nixgits/my-nixpkgs/pkgs/development/libraries/graphene/default.nix:97:8:
           96|     patchShebangs tests/gen-installed-test.py
           97|   '' + lib.optionalString withIntrospection ''
             |        ^
           98|     PATH=${python3.withPackages (pp: [ pp.pygobject3 pp.tappy ])}/bin:$PATH patchShebangs tests/introspection.py

       … while calling 'optionalString'
         at /home/artturin/nixgits/my-nixpkgs/lib/strings.nix:678:5:
          677|     cond:
          678|     string: if cond then string else "";
             |     ^
          679|

       … while calling the 'getAttr' builtin
         at <nix/derivation-internal.nix>:19:19:
           18|       value = commonAttrs // {
           19|         outPath = builtins.getAttr outputName strict;
             |                   ^
           20|         drvPath = strict.drvPath;

       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:9:12:
            8|
            9|   strict = derivationStrict drvAttrs;
             |            ^
           10|

       … while evaluating derivation 'python3-3.12.7-env'
         whose name attribute is located at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:336:7

       … while evaluating attribute 'passAsFile' of derivation 'python3-3.12.7-env'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/trivial-builders/default.nix:60:9:
           59|         inherit buildCommand name;
           60|         passAsFile = [ "buildCommand" ]
             |         ^
           61|           ++ (derivationArgs.passAsFile or [ ]);

       … while evaluating the attribute 'passAsFile'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:87:5:
           86|     # XXX: The size is somewhat arbitrary
           87|     passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
             |     ^
           88|   }

       … while evaluating a branch condition
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:87:18:
           86|     # XXX: The size is somewhat arbitrary
           87|     passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
             |                  ^
           88|   }

       … in the argument of the not operator
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:87:48:
           86|     # XXX: The size is somewhat arbitrary
           87|     passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
             |                                                ^
           88|   }

       … while calling the 'lessThan' builtin
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:87:48:
           86|     # XXX: The size is somewhat arbitrary
           87|     passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
             |                                                ^
           88|   }

       … while calling the 'stringLength' builtin
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:87:21:
           86|     # XXX: The size is somewhat arbitrary
           87|     passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
             |                     ^
           88|   }

       … while calling the 'toJSON' builtin
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:82:12:
           81|             nativeBuildInputs buildInputs;
           82|     pkgs = builtins.toJSON chosenOutputs;
             |            ^
           83|     extraPathsFrom = lib.optional includeClosures (writeClosure pathsForClosure);

       … while calling the 'map' builtin
         at /home/artturin/nixgits/my-nixpkgs/pkgs/build-support/buildenv/default.nix:56:19:
           55| let
           56|   chosenOutputs = map (drv: {
             |                   ^
           57|     paths =

       … from call site
         at /home/artturin/nixgits/my-nixpkgs/pkgs/development/interpreters/python/wrapper.nix:20:13:
           19|   env = let
           20|     paths = requiredPythonModules (extraLibs ++ [ python ] ) ;
             |             ^
           21|     pythonPath = "${placeholder "out"}/${python.sitePackages}";

       … while calling 'requiredPythonModules'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/development/interpreters/python/python-packages-base.nix:54:27:
           53|   # Get list of required Python modules given a list of derivations.
           54|   requiredPythonModules = drvs: let
             |                           ^
           55|     modules = lib.filter hasPythonModule drvs;

       … while calling the 'foldl'' builtin
         at /home/artturin/nixgits/my-nixpkgs/pkgs/development/interpreters/python/python-packages-base.nix:56:6:
           55|     modules = lib.filter hasPythonModule drvs;
           56|   in lib.unique ([python] ++ modules ++ lib.concatLists (lib.catAttrs "requiredPythonModules" modules));
             |      ^
           57|

       … while calling anonymous lambda
         at /home/artturin/nixgits/my-nixpkgs/lib/lists.nix:1793:25:
         1792|   */
         1793|   unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
             |                         ^
         1794|

       … while evaluating a branch condition
         at /home/artturin/nixgits/my-nixpkgs/lib/lists.nix:1793:28:
         1792|   */
         1793|   unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
             |                            ^
         1794|

       … while calling the 'elem' builtin
         at /home/artturin/nixgits/my-nixpkgs/lib/lists.nix:1793:31:
         1792|   */
         1793|   unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
             |                               ^
         1794|

       … while evaluating the attribute 'outPath'
         at /home/artturin/nixgits/my-nixpkgs/lib/customisation.nix:366:7:
          365|       drvPath = assert condition; drv.drvPath;
          366|       outPath = assert condition; drv.outPath;
             |       ^
          367|     };

       … while evaluating the attribute 'outPath'
         at /home/artturin/nixgits/my-nixpkgs/lib/customisation.nix:366:7:
          365|       drvPath = assert condition; drv.drvPath;
          366|       outPath = assert condition; drv.outPath;
             |       ^
          367|     };

       … while calling the 'getAttr' builtin
         at <nix/derivation-internal.nix>:19:19:
           18|       value = commonAttrs // {
           19|         outPath = builtins.getAttr outputName strict;
             |                   ^
           20|         drvPath = strict.drvPath;

       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:9:12:
            8|
            9|   strict = derivationStrict drvAttrs;
             |            ^
           10|

       … while evaluating derivation 'python3.12-pygobject-3.50.0'
         whose name attribute is located at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:336:7

       … while evaluating attribute 'propagatedBuildInputs' of derivation 'python3.12-pygobject-3.50.0'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:390:7:
          389|       depsHostHostPropagated      = elemAt (elemAt propagatedDependencies 1) 0;
          390|       propagatedBuildInputs       = elemAt (elemAt propagatedDependencies 1) 1;
             |       ^
          391|       depsTargetTargetPropagated  = elemAt (elemAt propagatedDependencies 2) 0;

       … while calling the 'getAttr' builtin
         at <nix/derivation-internal.nix>:19:19:
           18|       value = commonAttrs // {
           19|         outPath = builtins.getAttr outputName strict;
             |                   ^
           20|         drvPath = strict.drvPath;

       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:9:12:
            8|
            9|   strict = derivationStrict drvAttrs;
             |            ^
           10|

       … while evaluating derivation 'gobject-introspection-wrapped-1.82.0'
         whose name attribute is located at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:336:7

       … while evaluating attribute 'depsTargetTargetPropagated' of derivation 'gobject-introspection-wrapped-1.82.0'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:391:7:
          390|       propagatedBuildInputs       = elemAt (elemAt propagatedDependencies 1) 1;
          391|       depsTargetTargetPropagated  = elemAt (elemAt propagatedDependencies 2) 0;
             |       ^
          392|

       … while calling the 'getAttr' builtin
         at <nix/derivation-internal.nix>:19:19:
           18|       value = commonAttrs // {
           19|         outPath = builtins.getAttr outputName strict;
             |                   ^
           20|         drvPath = strict.drvPath;

       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:9:12:
            8|
            9|   strict = derivationStrict drvAttrs;
             |            ^
           10|

       … while evaluating derivation 'gobject-introspection-aarch64-unknown-linux-gnu-1.82.0'
         whose name attribute is located at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:336:7

       … while evaluating attribute 'mesonFlags' of derivation 'gobject-introspection-aarch64-unknown-linux-gnu-1.82.0'
         at /home/artturin/nixgits/my-nixpkgs/pkgs/stdenv/generic/make-derivation.nix:562:7:
          561|       cmakeFlags = makeCMakeFlags attrs;
          562|       mesonFlags = makeMesonFlags attrs;
             |       ^
          563|     });

       … from call site
         at /home/artturin/nixgits/my-nixpkgs/pkgs/development/libraries/gobject-introspection/default.nix:114:34:
          113|     }}"
          114|     "-Dgi_cross_binary_wrapper=${stdenv.hostPlatform.emulator buildPackages}"
             |                                  ^
          115|     # can't use canExecute, we need prebuilt when cross

       … while calling 'emulator'
         at /home/artturin/nixgits/my-nixpkgs/lib/systems/default.nix:303:20:
          302|
          303|         emulator = pkgs:
             |                    ^
          304|           if (final.emulatorAvailable pkgs)

       … while calling the 'throw' builtin
         at /home/artturin/nixgits/my-nixpkgs/lib/systems/default.nix:306:16:
          305|           then selectEmulator pkgs
          306|           else throw "Don't know how to run ${final.config} executables.";
             |                ^
          307|

       error: Don't know how to run aarch64-unknown-linux-gnu executables.

I think we need to improve the conditional for this or shift offsets in the python withPackages tree (if they're wrong)

nixpkgs/pkgs/development/libraries/graphene/default.nix

Lines 97 to 98 in b084db8

	'' + lib.optionalString withIntrospection ''
	PATH=${python3.withPackages (pp: [ pp.pygobject3 pp.tappy ])}/bin:$PATH patchShebangs tests/introspection.py

There's ++ lib.optionals (stdenv.hostPlatform == stdenv.buildPlatform) [ "installedTests" ]; above so for the installed test stuff we probably need that conditional too

[Artturin]

#353237

[felixscheinost]

Oh wow, @Artturin thank you so much! What wizardry is that 😄 On your branch I can evaluate qemu_kvm but the build fails. I'm investigating that.

[felixscheinost]

Hi @Artturin

thanks again for the PR fixing (among other I presume) pkgsCross.aarch64-multiplatform.qemu_kvm.

I experimented a little bit with your branch but I am not sure if using pkgsCross is really the right fit for my usecase of running runInLinuxVM on Darwin.

I made similar changes to this PR on top of your branch, just replacing hostPkgs with buildPackages. My current problem is that linux and some stuff required for initrd fail evaluation when using pkgsCross as well:

error: Package ‘kmod-31’ in /Users/fesc/Development/nixpkgs/pkgs/os-specific/linux/kmod/default.nix:76 is not available on the requested hostPlatform

error: Package ‘pahole-1.27’ in /Users/fesc/Development/nixpkgs/pkgs/by-name/pa/pahole/package.nix:55 is not available on the requested hostPlatform:

I am sure those can be fixed but the underlying problem is that still all used derivations are different, right? So when using runInLinuxVM on Darwin the chance is very high that either 1) some packages don't support being cross-compiled or 2) you are required to recompile lots of packages as cache.nixos.org doesn't have them.

This doesn't just affect what's used for runInLinuxVM itself but also the derivation passed in, right? Because currently runInLInuxVM doesn't change the system of the derivation like I did in this PR. That means, that on Darwin runInLinuxVM will only work, if the input drv is also from pkgsCross.

My concern is that this also increases the chance of the result being different on Linux vs Darwin.

I think in reality it is a very pragramtic and useful solution to have two instances of pkgs like I propose in this PR, as it completely eliminates any possible bugs introduced by cross-compilation. I really just want the "regular" (native) QEMU, coreutils, bash on the host and the "regular" Linux, systemd, ... inside the VM.

Does that make sense?