Unverified Commit 73d9eac7 authored by zowoq's avatar zowoq Committed by GitHub
Browse files

staging-nixos merge for 2026-04-18 (#511133)

parents c35e4603 7fadce2f

nixos/doc/manual/development/running-nixos-tests-interactively.section.md

+15 −33
Original line number Diff line number Diff line
@@ -88,52 +88,34 @@ An SSH-based backdoor to log into machines can be enabled with 
}

```



::: {.warning}

Make sure to only enable the backdoor for interactive tests

(i.e. by using `interactive.sshBackdoor.enable`)! This is the only

supported configuration.



Running a test in a sandbox with this will fail because `/dev/vhost-vsock` isn't available

in the sandbox.

:::



This creates a [vsock socket](https://man7.org/linux/man-pages/man7/vsock.7.html)

for each VM to log in with SSH. This configures root login with an empty password.



When the VMs get started interactively with the test-driver, it's possible to

connect to `machine` with

On the host-side a UNIX domain-socket is used with

[vhost-device-vsock](https://github.com/rust-vmm/vhost-device/blob/main/vhost-device-vsock/README.md).

That way, it's not necessary to assign system-wide unique vsock numbers.



```

$ ssh vsock/3 -o User=root

$ ssh vsock-mux//tmp/path/to/host -o User=root

```



The socket numbers correspond to the node number of the test VM, but start

at three instead of one because that's the lowest possible

vsock number. The exact SSH commands are also printed out when starting

`nixos-test-driver`.



On non-NixOS systems you'll probably need to enable

the SSH config from {manpage}`systemd-ssh-proxy(1)` yourself.



If starting VM fails with an error like

The socket paths are printed when starting the test driver:



```

qemu-system-x86_64: -device vhost-vsock-pci,guest-cid=3: vhost-vsock: unable to set guest cid: Address already in use

Note: this requires systemd-ssh-proxy(1) to be enabled (default on NixOS 25.05 and newer).

    machine:  ssh -o User=root vsock-mux//tmp/tmpg1rp9nti/machine_host.socket

```



it means that the vsock numbers for the VMs are already in use. This can happen

if another interactive test with SSH backdoor enabled is running on the machine.

On non-NixOS systems you'll probably need to enable

the SSH config from {manpage}`systemd-ssh-proxy(1)` yourself.



In that case, you need to assign another range of vsock numbers. You can pick another

offset with

During a test-run, it's possible to print the SSH commands again by running



```nix

{

  sshBackdoor = {

    enable = true;

    vsockOffset = 23542;

  };

}

```

In [2]: dump_machine_ssh()

SSH backdoor enabled, the machines can be accessed like this:

Note: this requires systemd-ssh-proxy(1) to be enabled (default on NixOS 25.05 and newer).

    machine:  ssh -o User=root vsock-mux//tmp/tmpg1rp9nti/machine_host.socket

```



## Port forwarding to NixOS test VMs {#sec-nixos-test-port-forwarding}

nixos/doc/manual/development/writing-nixos-tests.section.md

+3 −11
Original line number Diff line number Diff line
@@ -512,19 +512,11 @@ Once you are in the sandbox shell, you can access the VMs (for example, `machine 
with SSH over vsock:



```

bash# ssh -F ./ssh_config vsock/3

bash# ssh -F ./ssh_config -o User=root vsock-mux//tmp/.../machine_host.socket

```



For the AF_VSOCK feature to work, `/dev/vhost-vsock` is needed in the sandbox

which can be done with e.g.



```

nix-build -A nixosTests.foo --option sandbox-paths /dev/vhost-vsock

```



As described in [](#sec-nixos-test-ssh-access), the numbers for vsock start at

`3` instead of `1`. So the first VM in the network (sorted alphabetically) can

be accessed with `vsock/3`.

The socket paths are printed at the beginning of the test. See

[](#sec-nixos-test-ssh-access) for more context.



### SSH access to test containers {#sec-test-container-ssh-access}

nixos/doc/manual/redirects.json

+6 −3
Original line number Diff line number Diff line
@@ -2189,9 +2189,6 @@ 
  "test-opt-sshBackdoor.enable": [

    "index.html#test-opt-sshBackdoor.enable"

  ],

  "test-opt-sshBackdoor.vsockOffset": [

    "index.html#test-opt-sshBackdoor.vsockOffset"

  ],

  "test-opt-enableDebugHook": [

    "index.html#test-opt-enableDebugHook"

  ],
@@ -2222,6 +2219,9 @@ 
  "test-opt-interactive": [

    "index.html#test-opt-interactive"

  ],

  "test-opt-logLevel": [

    "index.html#test-opt-logLevel"

  ],

  "test-opt-meta": [

    "index.html#test-opt-meta"

  ],
@@ -2258,6 +2258,9 @@ 
  "test-opt-passthru": [

    "index.html#test-opt-passthru"

  ],

  "test-opt-qemu.forceAccel": [

    "index.html#test-opt-qemu.forceAccel"

  ],

  "test-opt-qemu.package": [

    "index.html#test-opt-qemu.package"

  ],

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -336,6 +336,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>. 


- Budgie has been updated to 10.10, please check the [upstream announcement](https://buddiesofbudgie.org/blog/budgie-10-10-released) for more details.



- `fonts.fontconfig.useEmbeddedBitmaps` is now set to `true` by default.



- `stestrCheckHook` was added: This test hook runs `stestr run`. You can disable tests with `disabledTests` and `disabledTestsRegex`.



- `services.frp` now supports multiple instances through `services.frp.instances` to make it possible to run multiple frp clients or servers at the same time.

nixos/lib/qemu-common.nix

+15 −8
Original line number Diff line number Diff line
@@ -24,30 +24,37 @@ rec { 
    else

      throw "Unknown QEMU serial device for system '${stdenv.hostPlatform.system}'";



  qemuBinary =

    qemuPkg:

  qemuBinary = qemuPkg: qemuBinaryWith { inherit qemuPkg; };



  qemuBinaryWith =

    {

      qemuPkg,

      forceAccel ? false,

    }:

    let

      hostStdenv = qemuPkg.stdenv;

      hostSystem = hostStdenv.system;

      guestSystem = stdenv.hostPlatform.system;



      accel = accelName: if forceAccel then accelName else "${accelName}:tcg";



      linuxHostGuestMatrix = {

        x86_64-linux = "${qemuPkg}/bin/qemu-system-x86_64 -machine accel=kvm:tcg -cpu max";

        armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -machine virt,accel=kvm:tcg -cpu max";

        aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=max,accel=kvm:tcg -cpu max";

        x86_64-linux = "${qemuPkg}/bin/qemu-system-x86_64 -machine accel=${accel "kvm"} -cpu max";

        armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -machine virt,accel=${accel "kvm"} -cpu max";

        aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=max,accel=${accel "kvm"} -cpu max";

        powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv";

        powerpc64-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv";

        riscv32-linux = "${qemuPkg}/bin/qemu-system-riscv32 -machine virt";

        riscv64-linux = "${qemuPkg}/bin/qemu-system-riscv64 -machine virt";

        x86_64-darwin = "${qemuPkg}/bin/qemu-system-x86_64 -machine accel=kvm:tcg -cpu max";

        x86_64-darwin = "${qemuPkg}/bin/qemu-system-x86_64 -machine accel=${accel "kvm"} -cpu max";

      };

      otherHostGuestMatrix = {

        aarch64-darwin = {

          aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=2,accel=hvf:tcg -cpu max";

          aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=2,accel=${accel "hvf"} -cpu max";

          inherit (otherHostGuestMatrix.x86_64-darwin) x86_64-linux;

        };

        x86_64-darwin = {

          x86_64-linux = "${qemuPkg}/bin/qemu-system-x86_64 -machine type=q35,accel=hvf:tcg -cpu max";

          x86_64-linux = "${qemuPkg}/bin/qemu-system-x86_64 -machine type=q35,accel=${accel "hvf"} -cpu max";

        };

      };