nixos/xen: refactor dom0 configuration #324911
Conversation
github-actions
bot
added
6.topic: nixos
ofborg
bot
added
10.rebuild-darwin: 0
SigmaSquadron
force-pushed
the
xen-module
branch
2 times, most recently
from
5983d41 to
2a8bdec
Compare
There was a problem hiding this comment.
This feels very intrusive to the systemd-boot-builder codebase to me, which will create maintenance burden. I've never worked with Xen, could you explain why this is necessary? Is it not possible to do the modification to the xen.cfg file at build time, like on the file passed to extraFiles?
This comment was marked as outdated.
This comment was marked as outdated.
SigmaSquadron
force-pushed
the
xen-module
branch
2 times, most recently
from
1327508 to
b7b29a5
Compare
|
Removed instances of |
SigmaSquadron
force-pushed
the
xen-module
branch
from
b7b29a5 to
6e9b9b8
Compare
ofborg
bot
added
the
2.status: merge conflict
SigmaSquadron
force-pushed
the
xen-module
branch
from
6e9b9b8 to
a5f3491
Compare
ofborg
bot
removed
the
2.status: merge conflict
SigmaSquadron
force-pushed
the
xen-module
branch
from
a5f3491 to
c6ae504
Compare
|
I had some time, so I added more options to configure oxenstored.conf. The options haven't changed in a decade, so I think it's alright to skip building a new config generator for oxenstored.conf's custom syntax, and just use
|
SigmaSquadron
force-pushed
the
xen-module
branch
from
c6ae504 to
eba7bc4
Compare
This comment was marked as outdated.
This comment was marked as outdated.
SigmaSquadron
force-pushed
the
xen-module
branch
2 times, most recently
from
95ecd4e to
a03f9f6
Compare
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/4564 |
SigmaSquadron
added
the
12.approvals: 1
|
@emilazy I'm sorry to report that it has indeed been might I place this burden unto you? |
|
Yeah, I’ll take up the burden :) I am sick right now so my capacity is not at its best but I’ll try to do it tomorrow. I notice that the module has gone through |
SigmaSquadron
force-pushed
the
xen-module
branch
from
b7a8b06 to
980aedf
Compare
I formatted the old version in a separate commit as requested. That said, the diff is still really hard to read because many |
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
SigmaSquadron
removed
the
12.approvals: 1
SigmaSquadron
force-pushed
the
xen-module
branch
from
980aedf to
ad37ca0
Compare
SigmaSquadron
added
the
12.approvals: 1
There was a problem hiding this comment.
This looks broadly good to me. I don’t know much about Xen, so my review here is mostly human linting and asking about things that stood out to me, but this shouldn’t interfere with setups that don’t use Xen and seems to be better quality code than what it’s replacing, which is good enough for me. A few things I’d like to see changed, but I’m deferring to @CertainLach’s approval as far as Xen matters go.
| Path to the Xen Store Daemon. This option is useful to | ||
| switch between the legacy C-based Xen Store Daemon, and | ||
| the newer OCaml-based Xen Store Daemon, `oxenstored`. |
There was a problem hiding this comment.
If the C implementation is legacy and adds complexity to the implementation here, should we only support the OCaml one? Is there anything the OCaml one can’t do that the C one can?
There was a problem hiding this comment.
We can't, unfortunately. oxenstored does not support untrusted device domains, which is the main reason why Qubes OS (#341215) doesn't use it.
| { | ||
| assertion = cfg.debug -> cfg.trace; | ||
| message = "Xen's debugging features are enabled, but logging is disabled. This is most likely not what you want."; | ||
| } | ||
| { | ||
| assertion = cfg.store.settings.quota.maxWatchEvents >= cfg.store.settings.quota.maxOutstanding; | ||
| message = '' | ||
| Upstream Xen recommends that maxWatchEvents be equal to or greater than maxOutstanding, | ||
| in order to mitigate denial of service attacks from malicious frontends. | ||
| ''; |
There was a problem hiding this comment.
Are these sufficiently bad configurations that we want them to be assertions, rather than warnings? (I’m perfectly fine with ruling out footguns like this; just want to check.)
There was a problem hiding this comment.
The quota stuff should certainly be kept, otherwise users might unknowingly open themselves to a known security vulnerability. The tracing stuff is more of a footgun, but could be replaced with a lib.warn with no issues. I don't see why someone would want to debug Xen without logs though.
- Cleans up downstream systemd units in favour of using upstream units. - Xen 4.18 on Nixpkgs now supports EFI booting, so we have an EFI boot builder here that runs after systemd-boot-builder.py. - Add more options for setting up dom0 resource limits. - Adds options for the declarative configuration of oxenstored. - Disables the automatic bridge configuration, as it was broken. - Drops legacy BIOS boot - Adds an EFI boot entry builder script. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net> Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
SigmaSquadron
force-pushed
the
xen-module
branch
from
ad37ca0 to
9e5f77a
Compare
|
Changes addressed, except for the removal of the footgun assertions. |
SigmaSquadron
added
12.approvals: 2
|
The simple test has passed! |
|
A sincere thank you to everyone who has helped in this Xen endeavour! @CertainLach, @hehongbo, @digitalrayne, @radhus and @matdibu, I've sent everyone who has been involved in these Xen PRs an email which may be of interest to you. Let me know what you think! (If you haven't received it, then I did a terrible job finding your address. Please do tell me if that's the case.) |
As defined in NixOS/nixpkgs#324911
Description of changes
Refactors the Xen module for Domain 0.
Things done
NixOS/xenyet.Closes #129780, closes #127404.
Add a 👍 reaction to pull requests you find important.