commit: dc44fdfb57631d91873825fd0a3412bd813b6780 Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com> AuthorDate: Fri Apr 5 07:57:33 2024 +0000 Commit: Florian Schmaus <flow <AT> gentoo <DOT> org> CommitDate: Fri Apr 5 15:59:39 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc44fdfb
app-emulation/xen: add 4.17.4_pre2 Fixes XSA-451, XSA-452, XSA-453 Bug: https://bugs.gentoo.org/928620 Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com> Signed-off-by: Florian Schmaus <flow <AT> gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.17.4_pre2.ebuild | 179 +++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+) diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest index 3361cba76370..dd72e728ff73 100644 --- a/app-emulation/xen/Manifest +++ b/app-emulation/xen/Manifest @@ -4,3 +4,4 @@ DIST xen-gentoo-patches-4.16.1-gentoo-patchset-2.tar.bz2 5403 BLAKE2B 7fa3b4aa12 DIST xen-gentoo-patches-4.17.0-gentoo-patchset-2.tar.bz2 4001 BLAKE2B 7afce426759952e202a1dd819fe0a23108072bf9552ba14a0bd787a96ffe5e7a36f37e03dad8db9c46f5731acbc122c258eef6d517816aad9c8db1ca64700d19 SHA512 bcb1479f9ff5e194a4e452da9d0479febc2bcd465b4be69bb8f30e2e6b858fb77a71216dcb3e74dfb65e7ca6513742c294cd6b5eaa5ce82d0b122a00f1cbc450 DIST xen-upstream-patches-4.16.6-pre-patchset-1.tar.bz2 44167 BLAKE2B 6a11faf689b2875fe6845646cbc71541ff0ce02fed00f2fd0ccabdee4b71be96a5bfaa66a0a6de068a9b6534d5c0df2751f78ccd0755f1bcaef333d8337135dc SHA512 40721e0f4e11408c3687e8e77d850f6f0a02d0af0abe422d11478fe080c158ffee5408ed273d82c8c39a33dd0a97ab962f133a927e3a205fa84e9fe3911a57f1 DIST xen-upstream-patches-4.17.4-pre-patchset-0.tar.bz2 17570 BLAKE2B 5ae7ceb1feef758166dc6d569da30cfa8867b3755d41a4d2834ad73630ee3beea5696b79a175a7c2680db59e50b802ef2a9ee5a3cedff74f3d9cbfac064b25f1 SHA512 6001c4889ae5bdb592f8d7801762e43db13223e6552e916978b8ce85eb78c3fcd885c24d58f3db688244ccf50646c8d41a2e20c47d3b85fefb29d1c0ed37dd99 +DIST xen-upstream-patches-4.17.4-pre-patchset-1.tar.bz2 77410 BLAKE2B 1c00d613f9d12d81a284455d9099c031ba3ea7066508c75ad6f7e13330a09e2eb4e74bf5bc54fed9c4f90e18856cc01ff0e4ab4721d36388519eb40f99be42d8 SHA512 7a56cb0ac9b59043ffbc891819cbe54c9efe411e2e67eebc212a3b519ca60a37a377dd21b0ba851d6828cf268781983b082c6fecee0f0156501b5c447050789a diff --git a/app-emulation/xen/xen-4.17.4_pre2.ebuild b/app-emulation/xen/xen-4.17.4_pre2.ebuild new file mode 100644 index 000000000000..503000ca671c --- /dev/null +++ b/app-emulation/xen/xen-4.17.4_pre2.ebuild @@ -0,0 +1,179 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) + +inherit flag-o-matic mount-boot python-any-r1 secureboot toolchain-funcs + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://xenbits.xen.org/git-http/xen.git"; + SRC_URI="" +else + KEYWORDS="~amd64 ~arm -x86" + + XEN_GENTOO_PATCHSET_NUM=2 + XEN_GENTOO_PATCHSET_BASE=4.17.0 + XEN_PRE_PATCHSET_NUM=1 + XEN_PRE_VERSION_BASE=4.17.3 + + XEN_BASE_PV="${PV}" + if [[ -n "${XEN_PRE_VERSION_BASE}" ]]; then + XEN_BASE_PV="${XEN_PRE_VERSION_BASE}" + fi + + SRC_URI="https://downloads.xenproject.org/release/xen/${XEN_BASE_PV}/xen-${XEN_BASE_PV}.tar.gz"; + + if [[ -n "${XEN_PRE_PATCHSET_NUM}" ]]; then + XEN_UPSTREAM_PATCHES_TAG="$(ver_cut 1-3)-pre-patchset-${XEN_PRE_PATCHSET_NUM}" + XEN_UPSTREAM_PATCHES_NAME="xen-upstream-patches-${XEN_UPSTREAM_PATCHES_TAG}" + SRC_URI+=" https://gitweb.gentoo.org/proj/xen-upstream-patches.git/snapshot/${XEN_UPSTREAM_PATCHES_NAME}.tar.bz2"; + XEN_UPSTREAM_PATCHES_DIR="${WORKDIR}/${XEN_UPSTREAM_PATCHES_NAME}" + fi + if [[ -n "${XEN_GENTOO_PATCHSET_NUM}" ]]; then + XEN_GENTOO_PATCHES_TAG="$(ver_cut 1-3 ${XEN_GENTOO_PATCHSET_BASE})-gentoo-patchset-${XEN_GENTOO_PATCHSET_NUM}" + XEN_GENTOO_PATCHES_NAME="xen-gentoo-patches-${XEN_GENTOO_PATCHES_TAG}" + SRC_URI+=" https://gitweb.gentoo.org/proj/xen-gentoo-patches.git/snapshot/${XEN_GENTOO_PATCHES_NAME}.tar.bz2"; + XEN_GENTOO_PATCHES_DIR="${WORKDIR}/${XEN_GENTOO_PATCHES_NAME}" + fi +fi + +DESCRIPTION="The Xen virtual machine monitor" +HOMEPAGE="https://xenproject.org"; + +S="${WORKDIR}/xen-$(ver_cut 1-3 ${XEN_BASE_PV})" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+boot-symlinks debug uefi flask" +REQUIRED_USE="arm? ( debug )" + +DEPEND="${PYTHON_DEPS} + uefi? ( >=sys-devel/binutils-2.22[multitarget] ) + !uefi? ( >=sys-devel/binutils-2.22 ) + flask? ( sys-apps/checkpolicy )" +RDEPEND="" +PDEPEND="~app-emulation/xen-tools-${PV}" + +# no tests are available for the hypervisor +# prevent the silliness of /usr/lib/debug/usr/lib/debug files +# prevent stripping of the debug info from the /usr/lib/debug/xen-syms +RESTRICT="test splitdebug strip" + +# Approved by QA team in bug #144032 +QA_WX_LOAD="boot/xen-syms-${PV}" + +pkg_setup() { + python-any-r1_pkg_setup + if [[ -z ${XEN_TARGET_ARCH} ]]; then + if use amd64; then + export XEN_TARGET_ARCH="x86_64" + elif use arm; then + export XEN_TARGET_ARCH="arm32" + elif use arm64; then + export XEN_TARGET_ARCH="arm64" + else + die "Unsupported architecture!" + fi + fi + use uefi && secureboot_pkg_setup +} + +src_prepare() { + if [[ -v XEN_UPSTREAM_PATCHES_DIR ]]; then + eapply "${XEN_UPSTREAM_PATCHES_DIR}" + fi + + if [[ -v XEN_GENTOO_PATCHES_DIR ]]; then + eapply "${XEN_GENTOO_PATCHES_DIR}" + fi + + # Symlinks do not work on fat32 volumes # 829765 + if ! use boot-symlinks || use uefi; then + eapply "${XEN_GENTOO_PATCHES_DIR}"/no-boot-symlinks/${PN}-4.16-no-symlinks.patch + fi + + # Workaround new gcc-11 options + sed -e '/^CFLAGS/s/-Werror//g' -i xen/Makefile || die + + # Drop .config + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" + + if use uefi; then + export EFI_VENDOR="gentoo" + export EFI_MOUNTPOINT="/boot" + fi + + default +} + +xen_make() { + # Setting clang to either 'y' or 'n' tells Xen's build system + # whether or not clang is used. + local clang=n + if tc-is-clang; then + clang=y + fi + + # Send raw LDFLAGS so that --as-needed works + emake \ + V=1 \ + LDFLAGS="$(raw-ldflags)" \ + HOSTCC="$(tc-getBUILD_CC)" \ + HOSTCXX="$(tc-getBUILD_CXX)" \ + CC="$(tc-getCC)" \ + CXX="$(tc-getCXX)" \ + LD="$(tc-getLD)" \ + AR="$(tc-getAR)" \ + OBJDUMP="$(tc-getOBJDUMP)" \ + RANLIB="$(tc-getRANLIB)" \ + clang="${clang}" \ + "$@" +} + +src_configure() { + cd xen || die + + touch gentoo-config || die + if use arm; then + echo "CONFIG_EARLY_PRINTK=sun7i" >> gentoo-config || die + fi + if use debug; then + cat <<-EOF >> gentoo-config || die + CONFIG_DEBUG=y + CONFIG_CRASH_DEBUG=y +EOF + fi + if use flask; then + echo "CONFIG_XSM=y" >> gentoo-config || die + fi + + # remove flags + unset CFLAGS + + tc-ld-disable-gold # Bug 700374 + + xen_make KCONFIG_ALLCONFIG=gentoo-config alldefconfig +} + +src_compile() { + xen_make -C xen +} + +src_install() { + # The 'make install' doesn't 'mkdir -p' the subdirs + if use uefi; then + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die + fi + + xen_make DESTDIR="${D}" -C xen install + + if use uefi; then + secureboot_auto_sign --in-place + else + # make install likes to throw in some extra EFI bits if it built + rm -rf "${D}/usr/$(get_libdir)/efi" + fi +}
