summaryrefslogtreecommitdiff
path: root/pcr
diff options
context:
space:
mode:
authorbill-auger <mr.j.spam.me@gmail.com>2022-04-03 02:45:01 -0400
committerbill-auger <mr.j.spam.me@gmail.com>2022-04-03 13:44:13 -0400
commit7a1bb990a57534759265f37fc1c688057201ed9c (patch)
tree8f80936d53db0bb2088332ec29a7cb94a72223b5 /pcr
parentab90d04754c3edeae87de94c29cb993b6b312b43 (diff)
downloadabslibre-7a1bb990a57534759265f37fc1c688057201ed9c.tar.gz
abslibre-7a1bb990a57534759265f37fc1c688057201ed9c.tar.bz2
abslibre-7a1bb990a57534759265f37fc1c688057201ed9c.zip
[xen]: upgrade to v4.16.0
Diffstat (limited to 'pcr')
-rwxr-xr-xpcr/xen/21_linux_xen_multiboot_arch302
-rw-r--r--pcr/xen/ChangeLog365
-rw-r--r--pcr/xen/PKGBUILD763
-rw-r--r--pcr/xen/ati-passthrough.patch415
-rw-r--r--pcr/xen/efi-xen.cfg5
-rw-r--r--pcr/xen/patch-ovmf-use-python2.patch22
-rw-r--r--pcr/xen/tmpfiles.conf (renamed from pcr/xen/tmpfiles.d-xen.conf)0
-rw-r--r--pcr/xen/xen-amd-ucode.hook12
-rw-r--r--pcr/xen/xen-intel-ucode.hook12
-rw-r--r--pcr/xen/xen-ucode-extract.sh37
-rw-r--r--pcr/xen/xen.conf19
-rw-r--r--pcr/xen/xen.install135
12 files changed, 742 insertions, 1345 deletions
diff --git a/pcr/xen/21_linux_xen_multiboot_arch b/pcr/xen/21_linux_xen_multiboot_arch
deleted file mode 100755
index 877bf2233..000000000
--- a/pcr/xen/21_linux_xen_multiboot_arch
+++ /dev/null
@@ -1,302 +0,0 @@
-#! /bin/sh
-set -e
-
-# grub-mkconfig helper script.
-# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
-#
-# GRUB is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# GRUB is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
-
-prefix="/usr"
-exec_prefix="/usr"
-datarootdir="/usr/share"
-
-. "$pkgdatadir/grub-mkconfig_lib"
-
-export TEXTDOMAIN=grub
-export TEXTDOMAINDIR="${datarootdir}/locale"
-
-CLASS="--class gnu-linux --class gnu --class os --class xen"
-
-if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
- OS=GNU/Linux-libre
-else
- OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre"
- CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
-fi
-
-# loop-AES arranges things so that /dev/loop/X can be our root device, but
-# the initrds that Linux-libre uses don't like that.
-case ${GRUB_DEVICE} in
- /dev/loop/*|/dev/loop[0-9])
- GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
- ;;
-esac
-
-# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
-# and mounting btrfs requires user space scanning, so force UUID in this case.
-if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
- || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
- || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
- LINUX_ROOT_DEVICE=${GRUB_DEVICE}
-else
- LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
-fi
-
-# Allow overriding GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT.
-if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE}" ]; then
- GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX_XEN_REPLACE}"
-fi
-if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" ]; then
- GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}"
-fi
-
-case x"$GRUB_FS" in
- xbtrfs)
- rootsubvol="`make_system_path_relative_to_its_root /`"
- rootsubvol="${rootsubvol#/}"
- if [ "x${rootsubvol}" != x ]; then
- GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
- fi;;
- xzfs)
- rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
- bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
- LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}"
- ;;
-esac
-
-title_correction_code=
-
-linux_entry ()
-{
- os="$1"
- version="$2"
- xen_version="$3"
- type="$4"
- args="$5"
- xen_args="$6"
- if [ -z "$boot_device_id" ]; then
- boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
- fi
- if [ x$type != xsimple ] ; then
- if [ x$type = xrecovery ] ; then
- title="$(gettext_printf "%s, with Xen %s and Linux %s (recovery mode)" "${os}" "${xen_version}" "${version}")"
- else
- title="$(gettext_printf "%s, with Xen %s and Linux %s" "${os}" "${xen_version}" "${version}")"
- fi
- replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
- if [ x"Xen ${xen_version}>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
- quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
- title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
- grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")"
- fi
- echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
- else
- title="$(gettext_printf "%s, with Xen hypervisor" "${os}")"
- echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
- fi
- if [ x$type != xrecovery ] ; then
- save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/"
- fi
-
- if [ -z "${prepare_boot_cache}" ]; then
- prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)"
- fi
- printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
- xmessage="$(gettext_printf "Loading Xen %s ..." ${xen_version})"
- lmessage="$(gettext_printf "Loading Linux-libre %s ..." ${version})"
- sed "s/^/$submenu_indentation/" << EOF
- echo '$(echo "$xmessage" | grub_quote)'
- if [ "\$grub_platform" = "pc" -o "\$grub_platform" = "" ]; then
- xen_rm_opts=
- else
- xen_rm_opts="no-real-mode edd=off"
- fi
- ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
- echo '$(echo "$lmessage" | grub_quote)'
- ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
-EOF
- if test -n "${initrd}" ; then
- # TRANSLATORS: ramdisk isn't identifier. Should be translated.
- message="$(gettext_printf "Loading initial ramdisk ...")"
- sed "s/^/$submenu_indentation/" << EOF
- echo '$(echo "$message" | grub_quote)'
- ${module_loader} --nounzip ${rel_dirname}/${initrd}
-EOF
- fi
- sed "s/^/$submenu_indentation/" << EOF
-}
-EOF
-}
-
-linux_list=
-for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do
- if grub_file_is_not_garbage "$i"; then
- basename=$(basename $i)
- version=$(echo $basename | sed -e "s,^[^0-9]*-,,g")
- dirname=$(dirname $i)
- config=
- for j in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
- if test -e "${j}" ; then
- config="${j}"
- break
- fi
- done
- if (grep -qx "CONFIG_XEN_DOM0=y" "${config}" 2> /dev/null || grep -qx "CONFIG_XEN_PRIVILEGED_GUEST=y" "${config}" 2> /dev/null || [ -z ${config} ]); then linux_list="$linux_list $i" ; fi
- fi
-done
-if [ "x${linux_list}" = "x" ] ; then
- exit 0
-fi
-
-file_is_not_sym () {
- case "$1" in
- */xen-syms-*)
- return 1;;
- *)
- return 0;;
- esac
-}
-
-file_is_not_xen_config () {
- case "$1" in
- */xen*\.*config)
- return 1;;
- */xen*\.*cfg)
- return 1;;
- */xen*\.*efi)
- return 1;;
- *)
- return 0;;
- esac
-}
-
-
-xen_list=
-for i in /boot/xen*; do
- if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" && file_is_not_xen_config "$i"; then xen_list="$xen_list $i" ; fi
-done
-prepare_boot_cache=
-boot_device_id=
-
-title_correction_code=
-
-machine=`uname -m`
-
-case "$machine" in
- i?86) GENKERNEL_ARCH="x86" ;;
- mips|mips64) GENKERNEL_ARCH="mips" ;;
- mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
- arm*) GENKERNEL_ARCH="arm" ;;
- *) GENKERNEL_ARCH="$machine" ;;
-esac
-
-# Extra indentation to add to menu entries in a submenu. We're not in a submenu
-# yet, so it's empty. In a submenu it will be equal to '\t' (one tab).
-submenu_indentation=""
-
-is_top_level=true
-
-while [ "x${xen_list}" != "x" ] ; do
- list="${linux_list}"
- current_xen=`version_find_latest $xen_list`
- xen_basename=`basename ${current_xen}`
- xen_dirname=`dirname ${current_xen}`
- rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname`
- xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"`
- if [ -z "$boot_device_id" ]; then
- boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
- fi
- if [ "x$is_top_level" != xtrue ]; then
- echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
- fi
- if ($grub_file --is-arm64-efi $current_xen); then
- xen_loader="xen_hypervisor"
- module_loader="xen_module"
- else
- if ($grub_file --is-x86-multiboot2 $current_xen); then
- xen_loader="multiboot2"
- module_loader="module2"
- else
- xen_loader="multiboot"
- module_loader="module"
- fi
- fi
- while [ "x$list" != "x" ] ; do
- linux=`version_find_latest $list`
- gettext_printf "Found linux-libre image: %s\n" "$linux" >&2
- basename=`basename $linux`
- dirname=`dirname $linux`
- rel_dirname=`make_system_path_relative_to_its_root $dirname`
- version=`echo $basename | sed -e "s,vmlinuz-,,g"`
- alt_version=`echo $version | sed -e "s,\.old$,,g"`
- linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
-
- initrd=
- for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
- "initrd-${version}" "initramfs-${version}.img" \
- "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
- "initrd-${alt_version}" "initramfs-${alt_version}.img" \
- "initramfs-genkernel-${version}" \
- "initramfs-genkernel-${alt_version}" \
- "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
- "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" ; do
- if test -e "${dirname}/${i}" ; then
- initrd="$i"
- break
- fi
- done
- if test -n "${initrd}" ; then
- gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2
- else
- # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here.
- linux_root_device_thisversion=${GRUB_DEVICE}
- fi
-
- if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then
- linux_entry "${OS}" "${version}" "${xen_version}" simple \
- "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}"
-
- submenu_indentation="$grub_tab$grub_tab"
-
- if [ -z "$boot_device_id" ]; then
- boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
- fi
- # TRANSLATORS: %s is replaced with an OS name
- echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
- echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
- is_top_level=false
- fi
-
- linux_entry "${OS}" "${version}" "${xen_version}" advanced \
- "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}"
- if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
- linux_entry "${OS}" "${version}" "${xen_version}" recovery \
- "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}"
- fi
-
- list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
- done
- if [ x"$is_top_level" != xtrue ]; then
- echo ' }'
- fi
- xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '`
-done
-
-# If at least one kernel was found, then we need to
-# add a closing '}' for the submenu command.
-if [ x"$is_top_level" != xtrue ]; then
- echo '}'
-fi
-
-echo "$title_correction_code"
diff --git a/pcr/xen/ChangeLog b/pcr/xen/ChangeLog
index ced200187..e028522ce 100644
--- a/pcr/xen/ChangeLog
+++ b/pcr/xen/ChangeLog
@@ -1,40 +1,325 @@
-2018-01-04 John Thomson
- * 4.10.0-2
- XSA-253 x86: memory leak with MSR emulation
-
-2017-12-13 John Thomson
- * 4.10.0-1
- Xen 4.10 release
-
-2017-12-04 John Thomson
- * 4.10.0rc8
- Xen 4.10 release candidate 8
-
-2017-12-01 John Thomson
- * 4.10.0rc7
- Xen 4.10 release candidate 7
-
-2017-11-23 John Thomson
- * 4.10.0rc6
- Xen 4.10 release candidate 6
-
-2017-11-18 John Thomson
- * 4.10.0rc5
- Xen 4.10 release candidate 5
- grub multiboot2 config generator updated
-
-2017-11-13 John Thomson
- * 4.10.0rc4
- Xen 4.10 release candidate 4
-
-2017-11-02 John Thomson
- * 4.10.0rc3
- Xen 4.10 release candidate 3
-
-2017-10-23 John Thomson
- * 4.10.0rc2
- Xen 4.10 release candidate 2
-
-2017-10-18 John Thomson
- * 4.10.0rc1
- Xen 4.10 release candidate 1
+2022-02-15
+ * 4.16.0-3
+ * forgot to wrap qemu subpackage in an if
+
+2022-02-06
+ * 4.16.0-2
+ * security patches
+ * qemu and stubdom now generate split packages
+
+2021-12-28 Sam Mulvey
+ * 4.16.0-1
+ * simple bump
+
+2021-09-28 Sam Mulvey
+ * 4.15.1-1
+ * no patches at all, compiles cleanly
+
+2021-09-09 Sam Mulvey
+ * 4.15.0-4
+ * adds a PVH security patch
+
+2021-08-28 Sam Mulvey
+ * 4.15.0-3
+ * EFI fixes
+ * continued GCC11 changes
+ * XSA: 379 380 382 383
+
+2021-04-15 Sam Mulvey
+ * 4.15.0-1
+ * stubdom build now defaults false
+
+2021-01-12 Sam Mulvey
+ * 4.14.1-1
+
+2020-11-10 Sam Mulvey
+ * 4.14.0-4
+ re-added XSA patch file handling
+
+2020-08-10 Sam Mulvey
+ * 4.14.0-1
+ option to build own QEMU is added, and default
+
+2020-08-20 Sam Mulvey
+ * 4.13.1-4
+
+2019-08-15 Maik Broemme
+ * 4.12.1-1
+ Xen 4.12.1
+
+2019-04-29 Maik Broemme
+ * 4.12.0-1
+ Xen 4.12.0
+
+2018-07-24 Maik Broemme
+ * 4.11.0-2
+ Updated version in 'xen.install' file
+
+2018-07-12 Maik Broemme
+ * 4.11.0-1
+ Xen 4.11.0
+
+2018-05-15 Maik Broemme
+ * 4.10.1-3
+ Apply XSA patches: 260 261 262
+
+2018-05-15 Maik Broemme
+ * 4.10.1-2
+ Fix compilation issue with gcc-8
+
+2018-05-08 Maik Broemme
+ * 4.10.1-1
+ Xen 4.10.1
+
+2018-05-03 Maik Broemme
+ * 4.10.0-6
+ Replace 'mingw-w64-binutils' with 'binutils'
+
+2018-05-03 Maik Broemme
+ * 4.10.0-5
+ Fix missing path of '--with-system-ovmf' parameter
+ Fix compilation issue with glibc-2.27
+ Apply XSA patches: 258
+
+2018-04-11 Maik Broemme
+ * 4.10.0-4
+ PKGBUILD cleanup
+ Update ipxe to latest version
+ Align dependencies between qemu-xen and qemu-xen-traditional
+ Remove no longer needed '-Werror' fixes
+
+2018-04-09 Maik Broemme
+ * 4.10.0-3
+ Fix '(XEN) parameter "/boot/xen-4.10.0.gz" unknown!' issue
+
+2018-04-09 Maik Broemme
+ * 4.10.0-2
+ Make dependencies independent from build system
+ Apply XSA patches: 253 254 255 256
+
+2018-02-20 Maik Broemme
+ * 4.10.0-1
+ Xen 4.10.0
+
+2017-09-30 Janne Heß
+ * 4.9.0-2
+ Add spice-glib dependency
+ Fix build with PIC
+ Apply XSA patches: 226 227 228 229 230 231 232 233 234 235
+
+2017-07-20 Janne Heß
+ * 4.9.0
+ Xen 4.9.0
+ Completely patch out Werror
+ Remove all obsolete patches
+
+2017-05-06 Janne Heß
+ * 4.8.0-7
+ Apply XSA patches: 213 214
+
+2017-04-07 Janne Heß
+ * 4.8.0-6
+ Remove last pieces of OVMF and SeaBIOS
+ Specify location of SeaBIOS
+ Apply XSA patch: 212
+
+2017-03-28 Janne Heß
+ * 4.8.0-5
+ Split out SeaBIOS and OVMF
+ Disable Werror
+ Apply XSA patch: 211
+
+2017-03-09 Janne Heß
+ * 4.8.0-4
+ Merge with xen-docs
+ Fix lzo dependency
+ Add mingw-w64-binutils as dependency
+
+2017-02-27 Janne Heß
+ * 4.8.0-3
+ Apply XSA patches: 207 208 209 210
+
+2017-01-12 Janne Heß
+ * 4.8.0-2
+ Xen 4.8.0
+ Update all downloaded packages
+ Remove all obsolete patches
+ Apply XSA patch: 203, 204
+
+2016-09-18 John Thomson
+ * 4.7.0-3
+ Apply XSA patch: 185, 186, 187
+
+2016-09-03 John Thomson
+ * 4.7.0-2
+ Apply XSA patch: 182, 183, 184
+
+2016-06-24 John Thomson
+ * 4.7.0-1
+ Xen 4.7.0
+
+2016-06-11 John Thomson
+ * 4.6.1-7
+ Apply XSA patch: 175, 178, 181
+
+2016-05-23 John Thomson
+ * 4.6.1-6
+ Apply XSA patch: 180
+
+2016-05-19 John Thomson
+ * 4.6.1-5
+ Apply XSA patch: 176
+
+2016-05-12 John Thomson
+ * 4.6.1-4
+ Apply XSA patch: 179
+ Patches for GCC6
+
+2016-04-19 John Thomson
+ * 4.6.1-3
+ Apply XSA patch: 173
+
+2016-03-31 John Thomson
+ * 4.6.1-2
+ Apply XSA patch: 172
+
+2016-02-19 John Thomson
+ * 4.6.1-1
+ Xen source package updated to 4.6.1
+ Apply XSA patch: 170
+
+2016-02-19 John Thomson
+ * 4.5.2-1
+ Xen source package updated to 4.5.2
+ Build xen.efi with mingw-w64-binutils
+ Build ovmf
+ Apply XSA patches: 154, 156, 158 to 160, 162 to 168, and 170
+
+2015-07-04 David Sutton <kantras - gmail.com>
+ * 4.5.1-1
+ New major release from upstream
+ Added -fno-caller-saves CFLAG to PKGBUILD to work around GCC5 issues
+ Added in some compile fixes for GCC 5
+ Disabled OVMF for now until patched for GCC 5
+
+2015-05-13 David Sutton <kantras - gmail.com>
+ * 4.5.0-3
+ Added Security patches
+
+2015-04-08 David Sutton <kantras - gmail.com>
+ * 4.5.0-2
+ Updated PKGBUILD to use absolute instead of relative paths for install
+ Updated efi-xen.cfg with syntax fix
+ Added gnuttls-3.4.0 patch
+ Added security patches
+
+2015-03-01 David Sutton <kantras - gmail.com>
+ * 4.5.0-1
+ New major release from upstream
+ Cleaned up old XSA patches
+ Removed old systemd support patches and realigned with the new upstream methods
+
+2014-10-26 David Sutton <kantras - gmail.com>
+ * 4.4.1-3
+ Enabled OVMF support and added patches to fix compile
+ Enabled spice support and added patch to enable qemu support in qemu-xen
+ Added figlet as an make dependancy for the ascii art version number
+ Including an example xen.cfg package for people who will be using EFI
+ Additional cleanup (explictly disabling some unnecessary libraries)
+
+2014-10-12 David Sutton <kantras - gmail.com>
+ * 4.4.1-2:
+ Added XSA 104, 105, 106, 107 and 108 security patches
+ Added .config to resolve compile issues where /etc/sysconfig exists
+
+2014-09-04 David Sutton <kantras - gmail.com>
+ * 4.4.1-1:
+ New Upstream release
+ Cleared out unnecessary patches (security, gcc compile and pit)
+
+2014-06-22 David Sutton <kantras - gmail.com>
+ * 4.4.0-6:
+ Added additional patch to support XSA 100 on AMD platform
+
+2014-06-17 David Sutton <kantras - gmail.com>
+ * 4.4.0-5:
+ Added XSA 96 and 100 security patches
+ Added patch to explictly disable searching for bluez libs
+ Cleaned up PKGBUILD
+
+2014-05-17 David Sutton <kantras - gmail.com>
+ * 4.4.0-4:
+ Added patch to fix shutdown issues with pvh domains
+
+2014-05-01 David Sutton <kantras - gmail.com>
+ * 4.4.0-3:
+ Added XSA 92 Security patch
+ Added fix for compiling under GCC 4.9.0 (From Fedora Rawhide SRPM)
+ Added updates to 09_xen to closer match system 10_linux
+
+2014-03-11 David Sutton <kantras - gmail.com>
+ * 4.4.0-2:
+ Moved xen-syms file so 09_xen won't pick it up as a potential kernel.
+ Added XSA 89 Security patch
+ Minor PKGBUILD cleanup/changes
+
+2014-03-10 David Sutton <kantras - gmail.com>
+ * 4.4.0-1:
+ New upstream release
+ Cleaned up old unnecessary patches
+
+2014-02-19 David Sutton <kantras - gmail.com>
+ * 4.3.2-1:
+ New upstream release
+ Removed unnecessary security patches (since now integrated into source)
+ Attempts to pull down additional required source file to ensure not corrupted
+ Added missing dependancy libseccomp
+
+2013-11-25 David Sutton <kantras - gmail.com>
+ * 4.3.1-2:
+ Changed bluez dependancy from bluez4 to bluez
+ Added recent security patches
+
+2013-10-31 David Sutton <kantras - gmail.com>
+ * 4.3.1-1:
+ New upstream release
+ Removed unnecessary security patches (already merged)
+ Fixed BIOS Workaround patch to apply to the new source files
+ Fixed ATI Passthrough patch to apply to the new source files
+ Updated paths in all patches
+
+2013-09-29 David Sutton <kantras - gmail.com>
+ * 4.3.0-7:
+ Fixed optdepends in PKGBUILD
+ Added in a pre_remove function in xen.install to disable services
+ Minor text formating changes in xen.install
+ Added XSA 62,63,64 and 66 patches (Xen Security Advisories)
+
+2013-09-29 David Sutton <kantras - gmail.com>
+ * 4.3.0-6:
+ Fixed 09_xen so it can detect lts kernels
+
+2013-09-28 David Sutton <kantras - gmail.com>
+ * 4.3.0-5:
+ Fixed mount option in 09_xen from ro to rw
+ Added in dummy /etc/xen/grub.conf to control settings in 09_xen
+ Fix library sanitize so that it returns to the base directory
+ Move the syms file to /usr/share/xen so that it is out of the way of boot but still accessible
+ Added optional dependancy for openvswitch
+
+2013-08-13 David Sutton <kantras - gmail.com>
+ * 4.3.0-4 :
+ Added patch for qemu-xen to add a TOM register for PCI Hole mapping
+ Protected /etc/conf.d/xendomains from being overwritten
+ Included ATI Passthrough patch (not enabled by default, compile tested only)
+
+2013-07-23 David Sutton <kantras - gmail.com>
+
+ * 4.3.0-3 :
+ added ChangeLog.
+ Cleaned up PKGBUILD to match Arch Package Standards
+ Fixed some path references - /var/run to /run
+ Removed some unnecessary empty directories
+ Updated xenconsoled and xenstored so they use /run for pid file
+ Updated auto-created /run directories to include xenstored
+
diff --git a/pcr/xen/PKGBUILD b/pcr/xen/PKGBUILD
index 2e0dd94d8..80b0f5022 100644
--- a/pcr/xen/PKGBUILD
+++ b/pcr/xen/PKGBUILD
@@ -1,497 +1,346 @@
-# current version adapted from https://gitlab.com/archlinux-packages-johnth/xen/tree/xen-4.10
-
-# Maintainer (AUR): John Thomson <aur.xen at j0aur.mm.st>
-# Contributor (Arch): David Sutton <kantras - gmail.com>
-# Contributor (Arch): Shanmu Thiagaraja <sthiagaraja+AUR@prshanmu.com>
-# Contributor (Arch): Limao Luo
-# Contributor (Arch): Luceo
-# Contributor (Arch): Revellion
-# Contributor: André Silva <emulatorman@hyperbola.info>
-# Contributor: Márcio Silva <coadde@hyperbola.info>
-# Contributor: Isaac David <isacdaavid@at@isacdaavid@dot@info>
-
-#linux-4.7 EFI boot panic issue (patch linux)
-#http://lkml.iu.edu/hypermail/linux/kernel/1608.2/03448.html
-
-_build_stubdom="${build_stubdom:-false}"
-_system_seabios="${system_seabios:-false}"
-_build_debug="${build_debug:-false}"
-_build_livepatch="${build_livepatch:-false}"
-
-## use _build_stubdom=true to build xen with stubdom
-## use _system_seabios=true to use system seabios
-## this bios file is slightly different to the xen seabios
-## /usr/share/qemu/bios-256k.bin uses CONFIG_ROM_SIZE=256, and newer seabios
-## can force use this file through vm.cfg bios_path_override='/usr/share/qemu/bios-256k.bin'
-## use _build_debug=true to compile Xen with debug options
-## use _build_livepatch=true to compile Xen with livepatch support
-
-#_build_stubdom=true
-#_system_seabios=true
-#_build_debug=true
-#_build_livepatch=true
+# Maintainer (aur): Sam Mulvey (Refutationalist) <archlinux@sammulvey.com>
+# Contributor: Filipe Laíns (FFY00) <lains@archlinux.org>
+# Contributor: Chris Chapman (cman) <chris.chapman@aggiemail.usu.edu>
+
+# Build Options
+_build_stubdom=${build_stubdom:-false}
+_build_qemu=${build_qemu:-true}
+_boot_dir=${boot_dir:-/boot}
+_efi_dir=${efi_dir:-/boot}
+_efi_mountpoint=${efi_mountpoint:-/boot}
+
+# Check http://xenbits.xen.org/xen-extfiles/ for updates
+_gmp=4.3.2
+_grub=0.97
+_lwip=1.3.0
+_newlib=1.16.0
+_pciutils=2.2.9
+_polarssl=1.1.4
+_tpm_emulator=0.7.4
+_zlib=1.2.3
pkgbase=xen
-pkgname=(xen{,-docs,-syms})
-_pkgname=xen
-pkgver=4.10.0
-_pkgver=${pkgver/rc/-rc}
-pkgrel=1
-pkgdesc='Virtual Machine Hypervisor & Tools (Parabola rebranded)'
-arch=(x86_64 armv7h)
-depends=(
- bridge-utils
- curl
- gnutls
- iproute2
- libaio
- libcacard
- libcap-ng
- libiscsi
- libnl
- libpng
- lzo
- pciutils
- python2
- sdl
- spice
- systemd
- usbredir
- yajl
- # seabios ovmf qemu
-)
-[[ "$CARCH" == 'x86_64' ]] && depends+=(
- lib32-glibc
-)
-[[ "$CARCH" == *'arm'* ]] && depends+=(
- dtc-overlay
-)
-[[ "$_system_seabios" == true ]] && depends+=(
- seabios
-)
-url='http://www.xenproject.org/'
+pkgname=("xen" "xen-docs")
+pkgver=4.16.0
+pkgrel=3
+pkgdesc='Open-source type-1 or baremetal hypervisor'
+arch=('x86_64')
+url='https://xenproject.org/'
license=('GPL2')
+options=(!buildflags)
+
makedepends=(
- cmake
- figlet
- git
- markdown
- nasm
- ocaml-findlib
- spice-protocol
- wget
+ 'zlib' 'python' 'ncurses' 'openssl' 'libx11' 'libuuid.so' 'yajl' 'libaio' 'glib2' 'pkgconf'
+ 'bridge-utils' 'iproute2' 'inetutils' 'acpica' 'lib32-glibc' 'gnutls'
+ 'vde2' 'lzo' 'pciutils' 'sdl2' 'systemd-libs'
+ 'systemd' 'wget' 'pandoc' 'valgrind' 'git' 'bin86' 'dev86' 'bison' 'gettext' 'flex' 'pixman' 'ocaml' 'ocaml-findlib' 'fig2dev'
+) # last line from namcap, these depends are the xen depends
+_stubdom_makedepends=('cmake')
+_qemu_makedepends=('ninja')
+
+_source=(
+ "https://downloads.xenproject.org/release/xen/$pkgver/$pkgname-$pkgver.tar.gz"{,.sig}
+ "efi-xen.cfg"
+ "xen.conf"
+ "tmpfiles.conf"
+ "xen-ucode-extract.sh"
+ "xen-intel-ucode.hook"
+ "xen-amd-ucode.hook"
)
-[[ "$CARCH" == 'x86_64' ]] && makedepends+=(
- bin86
- dev86
- gcc-multilib
- iasl
+
+validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree code signing (signatures on the xen hypervisor and tools) <pgp@xen.org>
+
+
+# Follow the Xen securite mailing lists, and if a patch is applicable to our package
+# add the URL here.
+_patches=(
+ "https://xenbits.xen.org/xsa/xsa393.patch"
+ "https://xenbits.xen.org/xsa/xsa394.patch"
+ "https://xenbits.xen.org/xsa/xsa395.patch"
+
)
-[[ "$CARCH" == 'i686' ]] && makedepends+=(
- bin86
- dev86
- iasl
+
+
+# Sources required for building stubdom
+_stubdom_source=(
+ "http://xenbits.xen.org/xen-extfiles/gmp-$_gmp.tar.bz2"
+ "http://xenbits.xen.org/xen-extfiles/grub-$_grub.tar.gz"
+ "http://xenbits.xen.org/xen-extfiles/lwip-$_lwip.tar.gz"
+ "http://xenbits.xen.org/xen-extfiles/newlib-$_newlib.tar.gz"
+ "http://xenbits.xen.org/xen-extfiles/pciutils-$_pciutils.tar.bz2"
+ "http://xenbits.xen.org/xen-extfiles/polarssl-$_polarssl-gpl.tgz"
+ "http://xenbits.xen.org/xen-extfiles/tpm_emulator-$_tpm_emulator.tar.gz"
+ "http://xenbits.xen.org/xen-extfiles/zlib-$_zlib.tar.gz"
)
-## For building Xen EFI boot file.
-## mingw-w64-binutils only needed if
-## binutils not built with --enable-targets=x86_64-pep
-_binutils_efi=false
-
-if [[ "$CARCH" == 'x86_64' ]]; then
- if which ld 2>&1 > /dev/null; then
- _binutils_emulations="$(ld -V)"
- if [[ "$_binutils_emulations" == *'i386pep'* ]]; then
- _binutils_efi=true
- msg '#ld has efi support'
- else
- makedepends+=(
- mingw-w64-binutils
- )
- msg '#ld does not have efi support, using mingw'
- fi
- else
- true
- fi
-fi
+# from cheap hack known as break_out_sums.sh
+_sha512sums=(
+ "2869ed90d1779c9754d7f2397f5fc67a655304d9c32953ac20655ef96cb154521d8fce9f23915ac0c91f984dc54f72c67e5e619e2da318b5997748f44cf21b87" # xen-4.16.0.tar.gz
+ "SKIP" # xen-4.16.0.tar.gz.sig
+ "1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420" # efi-xen.cfg
+ "ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b" # xen.conf
+ "53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef" # tmpfiles.conf
+ "a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6" # xen-ucode-extract.sh
+ "7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd" # xen-intel-ucode.hook
+ "99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9" # xen-amd-ucode.hook
+)
-options=(!buildflags !strip)
-changelog=ChangeLog
-##SeaBIOS & OVMF tags are in src/xen-*/tools/Config.mk
-##grep -rE '_(REVISION|VERSION|TAG)( \?| :){0,1}=' src/xen**/{Config.mk,stubdom/configure,tools/firmware/etherboot/Makefile}
-_git_tag_seabios='#tag=rel-1.10.2'
-_git_tag_ovmf='#tag=947f3737abf65fda63f3ffd97fddfa6986986868'
-_git_tag_ipxe='356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d'
+_patch_sums=(
+ "32efed25f988579be8266a6bc80ed7c09c408519c6b6c5264b7e032849e3accc7ddea19c5879c06d7e7b27308d06e114f6e3ca4f814d53b9be9d239fb09c71f1" # xsa393.patch
+ "a0afa766e492a4dc921cd5c4c43c9ecbe87f79c07986504c8626ab7f06736147bdfa4637ea4c4abf17b9f1df31056bbcbb6c51a52e244e57467564c8ea06a52e" # xsa394.patch
+ "0aafb55b88a7feefeb0162b2722efc8ad43edcdfc7926492e1d49945eafb8dda900f7da37b2d49fd4dbc2d0c9a068ad6e47674a6df108a58842275695ed73540" # xsa395.patch
+)
-if [[ "$_build_stubdom" == true ]]; then
- if [[ "$CARCH" == *'arm'* ]]; then
- echo '####Compile settings error:'
- echo "#cannot build stubdom for $CARCH"
- _build_stubdom=false
- fi
-fi
-source=(
- "https://downloads.xenproject.org/release/$_pkgname/$_pkgver/$_pkgname-$_pkgver.tar.gz"{,.sig}
- "http://xenbits.xen.org/xen-extfiles/ipxe-git-$_git_tag_ipxe.tar.gz"
+_stub_sums=(
+ "2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf" # gmp-4.3.2.tar.bz2
+ "c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb" # grub-0.97.tar.gz
+ "1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d" # lwip-1.3.0.tar.gz
+ "40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3" # newlib-1.16.0.tar.gz
+ "2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5" # pciutils-2.2.9.tar.bz2
+ "88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad" # polarssl-1.1.4-gpl.tgz
+ "4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35" # tpm_emulator-0.7.4.tar.gz
+ "021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e" # zlib-1.2.3.tar.gz
+)
- 'seabios'::"git://xenbits.xen.org/seabios.git$_git_tag_seabios"
- 'ovmf'::"git://xenbits.xen.org/ovmf.git$_git_tag_ovmf"
- ##HTTP access
- #'seabios'::"git+http://xenbits.xen.org/git-http/seabios.git$_git_tag_seabios"
+# Simplify things for makepkg
+source=( "${_source[@]}" "${_patches[@]}" )
+sha512sums=( "${_sha512sums[@]}" "${_patch_sums[@]}" )
- ## Compile patches
- ati-passthrough.patch
- patch-ovmf-use-python2.patch
+for file in "${_patches[@]}"; do
+ noextract+=( $(basename ${file}) )
+done
- ## Files
- xen.install
- 21_linux_xen_multiboot_arch
- efi-xen.cfg
- "tmpfiles.d-$_pkgname.conf"
- ## XSA patches
- https://xenbits.xen.org/xsa/xsa253.patch
-)
-if [[ "$_build_stubdom" == true ]]; then
- msg '#building with stubdom'
- source+=(
- http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz
- http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz
- http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz
- http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2
- http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz
- http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz
- http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz
- http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2
- http://caml.inria.fr/pub/distrib/ocaml-3.11/ocaml-3.11.0.tar.gz
- )
-fi
+# stubdom handling
+if [ "${_build_stubdom}" == "true" ]; then
+ source=("${source[@]}" "${_stubdom_source[@]}")
+ sha512sums=("${sha512sums[@]}" "${_stub_sums[@]}")
+ # Add in automagic dependency in order to build vtpm and vtpmmgr stubdoms
+ makedepends=( "${makedepends[@]}" "${_stubdom_makedepends[@]}" )
-noextract=(
- "ipxe-git-$_git_tag_ipxe.tar.gz"
-)
+ for file in "${_stubdom_source[@]}"; do
+ noextract+=( $(basename ${file}) )
+ done
-if [[ "$_build_stubdom" == true ]]; then
- noextract+=(
- lwip-1.3.0.tar.gz
- zlib-1.2.3.tar.gz
- newlib-1.16.0.tar.gz
- pciutils-2.2.9.tar.bz2
- polarssl-1.1.4-gpl.tgz
- grub-0.97.tar.gz
- tpm_emulator-0.7.4.tar.gz
- gmp-4.3.2.tar.bz2
- ocaml-3.11.0.tar.gz
- )
+ _config_stubdom='--enable-stubdom'
+
+ # make sure to build the stubdom package
+ pkgname+=("xen-stubdom")
+
+else
+ _config_stubdom='--disable-stubdom'
fi
-validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9')
-#gpg --keyserver pgp.mit.edu --recv-key 23E3222C145F4475FA8060A783FE14C957E82BD9
-sha256sums=('0262a7023f8b12bcacfb0b25e69b2a63291f944f7683d54d8f33d4b2ca556844'
- 'SKIP'
- '251e5516d7de470c434ae5c393aacca2b61fb24d93770592a4a20add60b785c4'
- 'SKIP'
- 'SKIP'
- 'd93c2d5bcdf0c3e4c6e8efb357cb4b9d618209025361f5ccd9d03651a8acd7a3'
- '5fb65130f96d1728368a09042e55f622c14117572030ce2141bff4ae150e4a01'
- '55145ff9c1570257478842e4001b0dafe007d90f5b06db17231bc5bf20f3b23d'
- '8101316cfdf4b59e9c39b7372d4240a4552971c0fa53a4719bbb7a22f5622f4e'
- 'efb3c5713d556aa4890136ebf61502060cf90234fbd2e85701ad7a7ed2524fb1'
- '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf'
- 'bba1abb5e4368421de29385e37f8477bf3534d3ba3ff7e2aae9c9d3da53f1393')
-
-
-if [[ "$_build_stubdom" == true ]]; then
- sha256sums+=(
- #stubdom bits
- '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f'
- '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e'
- 'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07'
- 'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24'
- '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6'
- '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b'
- '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459'
- '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775'
- 'ecdd4f8473ab0dee5d3acb5c0a31a4c1dd6aa12179895cf1903dd0f455c43a4f'
-
- #stubdom patches
- )
+if [ "${_build_qemu}" == "true" ]; then
+ _config_qemu=""
+ # qemu needs ninja to build as of 4.16.0
+ makedepends=( "${makedepends[@]}" "${_qemu_makedepends[@]}" )
+ pkgname+=("xen-qemu-builtin")
+else
+ _config_qemu="--with-system-qemu=/usr/bin/qemu-system-x86_64"
fi
-_xen_kconfig_debug=$(cat <<EOF
-CONFIG_DEBUG=y
-CONFIG_CRASH_DEBUG=y
-EOF
-)
-_xen_kconfig_livepatch=$(cat <<EOF
-CONFIG_LIVEPATCH=y
-EOF
+_common_make_flags=(
+ "BOOT_DIR=${_boot_dir}"
+ "EFI_DIR=${_efi_dir}"
+ "EFI_MOUNTPOINT=${_efi_mountpoint}"
+ "XEN_VENDORVERSION=-${pkgrel}-arch"
)
-_makevars=(
- LANG=C
- PYTHON=python2
-)
+# TODO: Setup users, dirs, etc.
prepare() {
- cd "$_pkgname-$_pkgver/"
-
- ### Copy git sourced tools/firmware
- # move seabios into place
- mv --force "$srcdir/seabios" tools/firmware/seabios-dir-remote
- # move ovmf into place
- mv --force "$srcdir/ovmf" tools/firmware/ovmf-dir-remote
-
- ### Patching
-
- # XSA Patches
- msg 'XSA patches'
- # Security Patches - Base
- patch -Np1 -i "$srcdir/xsa253.patch"
-
- # Security Patches - qemu-xen-traditional
- cd 'tools/qemu-xen-traditional/'
- cd '../../'
-
- # Security Patches - qemu-xen (upstream)
- cd 'tools/qemu-xen/'
- cd '../../'
-
-
- # Compile Patches
- msg 'Compile patches'
-
- # Build EFI binary with mingw
- if [[ "$_binutils_efi" != true ]]; then
- if $(stat /usr/x86_64-w64-mingw32/bin/ld >/dev/null 2>&1); then
- sed -i.bak '/ EFI_LD/s/LD/LD_EFI/' xen/arch/x86/Makefile
- sed -i.bak 's/LD/LD_EFI/' xen/arch/x86/efi/Makefile
- sed -i.bak '/EFI_MOUNTPOINT .*/aLD_EFI ?= $(LD)' xen/Makefile
- else
- echo '#Not capable of building xen.efi. Need either:'
- echo '#(preferred) binutils compiled with --enable-targets=x86_64-pep'
- echo '#or install mingw-w64-binutils'
- fi
- fi
-
- # OVMF Compile support (Pulls from GIT repo, so patching to patch after pull request)
- patch -Np1 -i "$srcdir/patch-ovmf-use-python2.patch"
- #mkdir -p tools/firmware/ovmf-patches
- #cp "$srcdir"/patch-inbuild-ovmf*.patch tools/firmware/ovmf-patches/
-
- # Uncomment line below if you want to enable ATI Passthrough support (some reported successes, untested with 4.4)
- #patch -Np1 -i "$srcdir/ati-passthrough.patch"
-
- ## Fix fixed rundir paths
- ## grep -Rl '\/var\/run\/xen' * 2> /dev/null
- _var_run_fixed_paths=(
- tools/hotplug/Linux/locking.sh
- tools/xenmon/xenbaked.c
- tools/xenmon/xenmon.py
- tools/pygrub/src/pygrub
- )
- sed -i 's:/var/run:/run:' ${_var_run_fixed_paths[@]}
-
- ## Fix python version in shebang
- msg 'Fix python shebang to python2'
- _python_files=( $(grep -Rlse '^#!/usr/bin/.*python$' || : ) )
- sed -Ei 's|(^#!.*/usr/bin/(env ){0,1})python$|\1python2|' ${_python_files[@]}
-
- ## Fix systemd-modules-load.d/xen.conf
- ## remove nonexistent modules
- find tools -iname 'configure*' -exec sed -i -E -e '
- /^LINUX_BACKEND_MODULES="$/,/^"$/ {
- #Address range where this variable is set
- /"/b; #Do noting if the line contains "
- /^xen-/!d; #Delete if does not start with xen
- s/scsibk/scsiback/; #Change scsibk to scsiback
- };' {} \;
-
- if [[ "$_build_stubdom" == true ]]; then
- # Copy supporting tarballs into place
- ln -s "$srcdir/lwip-1.3.0.tar.gz" stubdom/
- ln -s "$srcdir/zlib-1.2.3.tar.gz" stubdom/
- ln -s "$srcdir/newlib-1.16.0.tar.gz" stubdom/
- ln -s "$srcdir/pciutils-2.2.9.tar.bz2" stubdom/
- ln -s "$srcdir/polarssl-1.1.4-gpl.tgz" stubdom/
- ln -s "$srcdir/grub-0.97.tar.gz" stubdom/
- ln -s "$srcdir/tpm_emulator-0.7.4.tar.gz" stubdom/
- ln -s "$srcdir/gmp-4.3.2.tar.bz2" stubdom/
- ln -s "$srcdir/ocaml-3.11.0.tar.gz" stubdom/
-
- ## Stubdom patches
- cd 'extras/mini-os'
- cd '../../'
-
- #vtpm
- fi
-
- #etherboot
- ln -s "$srcdir/ipxe-git-$_git_tag_ipxe.tar.gz" tools/firmware/etherboot/ipxe.tar.gz
- #cp "$srcdir"/patch-inbuild-ipxe*.patch tools/firmware/etherboot/patches/
+
+ cd "${pkgbase}-${pkgver}"
+
+ if [ "${_build_stubdom}" == "true" ]; then
+
+ for file in "${_stubdom_source[@]}"; do
+ cp ../$(basename ${file}) stubdom/
+ done
+
+ fi
+
+
+ for patchurl in "${_patches[@]}"; do
+ patch=$(basename $patchurl)
+ echo "==> Applying security patch '${patch}'..."
+ patch -p1 < "../${patch}"
+ done
+
+ # Fix Install Paths.
+ sed 's,/var/run,/run,g' -i tools/hotplug/Linux/locking.sh
+ sed 's,/var/run,/run,g' -i tools/misc/xenpvnetboot
+ sed 's,/var/run,/run,g' -i tools/xenmon/xenbaked.c
+ sed 's,/var/run,/run,g' -i tools/xenmon/xenmon.py
+ sed 's,/var/run,/run,g' -i tools/pygrub/src/pygrub
}
build() {
- cd "$_pkgname-$_pkgver/"
- export LD_EFI='/usr/x86_64-w64-mingw32/bin/ld'
- ./autogen.sh
- if [[ "$_build_stubdom" == true ]]; then
- _config_stubdom=(--enable-stubdom)
- _config_stubdom+=(
- #--enable-ioemu-stubdom=no
- #--enable-c-stubdom=no
- #--enable-caml-stubdom=no
- #--enable-pv-grub=no
- #--enable-xenstore-stubdom=no
- #--enable-vtpm-stubdom=no
- #--enable-vtpmmgr-stubdom=no
- )
- else
- _config_stubdom=(--disable-stubdom)
- fi
- _config_seabios=()
- if [[ "$_system_seabios" == true ]]; then
- _config_seabios=(--with-system-seabios=/usr/share/qemu/bios-256k.bin)
- fi
- _config_xen_kconfig=''
- _config_debug=()
- if [[ "$_build_debug" == true ]]; then
- _config_debug=(--enable-debug --enable-debug-tcg --enable-debug-info)
- _config_xen_kconfig+="\n$_xen_kconfig_debug"
- _makevars+=(debug=y CONFIG_DEBUG=y)
- fi
- if [[ "$_build_livepatch" == true ]]; then
- _config_xen_kconfig+="\n$_xen_kconfig_livepatch"
- fi
- if [[ -n "$_config_xen_kconfig" ]]; then
- cd xen
- echo -e "$_config_xen_kconfig" > .config
- make "${_makevars[@]}" olddefconfig V=1
- cd ../
- fi
- ./configure PYTHON=/usr/bin/python2 --prefix=/usr --sbindir=/usr/bin --with-sysconfig-leaf-dir=conf.d --with-rundir=/run \
- --enable-systemd --enable-ovmf \
- "${_config_seabios[@]}" \
- "${_config_stubdom[@]}" \
- "${_config_debug[@]}" \
- --with-extra-qemuu-configure-args='--disable-bluez --disable-gtk --enable-spice --enable-usb-redir'
- #--with-system-qemu --with-system-seabios --with-system-ovmf
- #defaults --enable-qemu-traditional --enable-rombios \
- make "${_makevars[@]}" dist
- if [[ "$_build_livepatch" == true ]]; then
- make "${_makevars[@]}" build-tests
- fi
+ cd "${pkgbase}-${pkgver}"
+
+ if [ "${_build_stubdom}" == "true" ]; then
+ echo "NOTE: Xen build with stubdom support."
+ fi
+
+ if [ "${_build_qemu}" == "true" ]; then
+ echo "NOTE: Xen build with integrated QEMU."
+ fi
+
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --libdir=/usr/lib \
+ --with-rundir=/run \
+ --enable-systemd \
+ --disable-qemu-traditional \
+ ${_config_stubdom} \
+ ${_config_qemu} \
+ --with-sysconfig-leaf-dir=conf.d \
+ --with-system-ovmf=/usr/share/ovmf/x64/OVMF.fd \
+ --with-system-seabios=/usr/share/qemu/bios-256k.bin
+
+ make "${_common_make_flags[@]}"
}
package_xen() {
- _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir")
- optdepends=(
- 'xen-docs: Official Xen documentation'
- 'openvswitch: Optional advanced networking support'
- 'urlgrabber: Required for xenpvnetboot'
- )
- conflicts=(xen-{git,rc,igvtg,4.{8,9}} xenstore)
- provides=(xenstore)
- replaces=(xen-{git,rc,4.{8,9}})
- backup=(
- etc/conf.d/xen{domains,commons}
- "etc/$_pkgname/grub.conf"
- "etc/$_pkgname/oxenstored.conf"
- "etc/$_pkgname/xl.conf"
- )
- install="$_pkgname.install"
-
- cd "$_pkgname-$_pkgver/"
-
- make "${_makevars_package[@]}" install-xen
- make "${_makevars_package[@]}" install-tools
- if [[ "$_build_stubdom" == true ]]; then
- make "${_makevars_package[@]}" install-stubdom
- fi
- if [[ "$_build_livepatch" == true ]]; then
- make "${_makevars_package[@]}" install-tests
- fi
-
- cd "$pkgdir"
-
- # Install files from Parabola package
- install -Dm644 "$srcdir/tmpfiles.d-$_pkgname.conf" "usr/lib/tmpfiles.d/$_pkgname.conf"
- install -Dm755 "$srcdir/21_linux_xen_multiboot_arch" etc/grub.d/21_linux_xen_multiboot_arch
- install -Dm644 "$srcdir/efi-xen.cfg" etc/xen/efi-xen.cfg
-
- mkdir -p var/log/xen/console
-
- # Sanitize library path (if lib64 exists)
- if [[ -d usr/lib64 ]]; then
- cd usr/
- mv lib64/* lib/
- rmdir lib64
- cd ../
- fi
-
- # If EFI binaries built, move to /boot
- if [[ -f usr/lib/efi/xen.efi ]]; then
- mv usr/lib/efi/*.efi boot/
- rmdir usr/lib/efi
- fi
-
- # Remove syms
- find usr/lib/debug -type f \( -name '*-syms*' -or -name '*\.map' \) -delete
- rmdir --ignore-fail-on-non-empty usr/lib/debug
-
- # Remove hypervisor boot symlinks
- rm -f boot/xen{,-4{,.8,.9}}{,.{gz,efi}}
-
- # Documentation cleanup ( see xen-docs package )
- #rm -rf usr/share/doc
- #rm -rf usr/share/man
-
- # Remove tempdirs
- rmdir run/xen{,stored}
- rmdir run
-
- # Remove unnecessary qemu ELF support files
- # qemuu
- rm -f usr/share/qemu-xen/qemu/{palcode,openbios,s390}-*
- rm -f usr/share/qemu-xen/qemu/u-boot.e500
- # qemut
- if [[ "$CARCH" == *'x86'* ]]; then
- rm -f usr/share/xen/qemu/openbios-*
- fi
-
- # adhere to Static Library Packaging Guidelines
- rm -rf usr/lib/*.a
-
- # Remove unneeded init.d files
- rm -rf etc/init.d
+ pkgdesc='Open-source type-1 or baremetal hypervisor'
+
+ depends=(
+ 'zlib' 'python' 'ncurses' 'openssl' 'libx11' 'libuuid.so' 'yajl' 'libaio' 'glib2' 'pkgconf'
+ 'bridge-utils' 'iproute2' 'inetutils' 'acpica' 'lib32-glibc' 'gnutls'
+ 'vde2' 'lzo' 'pciutils' 'sdl2'
+ 'pixman' 'libseccomp' 'libpng' 'libjpeg-turbo' # inhereted depends because of build environment
+ )
+
+ optdepends=(
+ 'edk2-ovmf: UEFI support'
+ 'seabios: SeaBIOS payload support'
+ 'xen-docs: HTML documentation and man pages'
+ 'grub-xen-git: GRUB and pvgrub2 bootloader support'
+ 'linux-headers: extract bootable non-zstd kernel for recent kernels'
+ )
+
+ if [ "${_build_qemu}" == "false" ]; then
+ optdepends+=("qemu: HVM and PV support")
+ fi
+
+ install="xen.install"
+
+
+ backup=(
+ "etc/conf.d/xencommons"
+ "etc/conf.d/xendomains"
+ "etc/xen/efi-xen.cfg"
+ "etc/xen/cpupool"
+ "etc/xen/xl.conf"
+ )
+
+
+ cd "${pkgbase}-${pkgver}"
+
+ make "${_common_make_flags[@]}" DESTDIR="$pkgdir" install
+
+ rm -rf "$pkgdir"/var/run
+
+ # Symlinks to prior installed versions are not The Arch Way, leave only the bare EFI binary
+ (cd "${pkgdir}/${_efi_dir}" && mv "$(realpath xen.efi)" xen.efi)
+
+ [ -d "$pkgdir"/etc/xen/scripts ] && backup+=($(find "$pkgdir"/etc/xen/scripts/ -type f | sed "s|^$pkgdir/||g"))
+
+ mkdir -p "${pkgdir}/var/log/xen/console"
+
+ # Continued: Trim hypervisor symlinks.
+ (cd "${pkgdir}/${_boot_dir}" && mv "$(realpath xen.gz)" xen.gz)
+
+ # Do all symlink removals after the directories have had the real
+ # binaries moved overtop any symlinks. Note that dependening on
+ # configuratation _efi_dir and _boot_dir may be the same directory, so
+ # don't clean any of them until they've all been processed.
+ find "${pkgdir}/${_efi_dir}" -type l -delete
+ find "${pkgdir}/${_boot_dir}" -type l -delete
+
+ # Remove syms.
+ find "${pkgdir}/usr/lib/debug" -type f \( -name '*-syms*' -or -name '*\.map' \) -delete
+ rmdir "${pkgdir}/usr/lib/debug/usr/lib/xen/boot"
+ rmdir "${pkgdir}/usr/lib/debug/usr/lib/xen"
+ rmdir "${pkgdir}/usr/lib/debug/usr/lib"
+ rmdir "${pkgdir}/usr/lib/debug/usr"
+ rmdir "${pkgdir}/usr/lib/debug"
+
+ # Remove SysVinit files.
+ rm -r "${pkgdir}/etc/init.d"
+
+ # Install files for Arch Linux.
+ install -D -m 0644 "${srcdir}/efi-xen.cfg" "${pkgdir}/etc/xen/efi-xen.cfg"
+ install -D -m 0644 "${srcdir}/xen.conf" "${pkgdir}/usr/lib/modules-load.d/xen.conf"
+ install -D -m 0644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/${pkgbase}.conf"
+
+ # microcode hooks
+ mkdir -p "${pkgdir}/usr/share/libalpm/scripts" "${pkgdir}/usr/share/libalpm/hooks"
+ install -m755 "${srcdir}/xen-ucode-extract.sh" "${pkgdir}/usr/share/libalpm/scripts"
+ install -m644 "${srcdir}/xen-intel-ucode.hook" "${pkgdir}/usr/share/libalpm/hooks"
+ install -m644 "${srcdir}/xen-amd-ucode.hook" "${pkgdir}/usr/share/libalpm/hooks"
+
+ # Remove documentation (included in separate xen-docs package).
+ rm -r "${pkgdir}/usr/share/doc"
+ rm -r "${pkgdir}/usr/share/man"
+
+ # remove potential stubdom files
+ rm -r "${pkgdir}/usr/lib/xen/boot"
+
+ # remove qemu
+ if [ "${_build_qemu}" == "true" ]; then
+
+ rm -r "${pkgdir}/usr/share/qemu-xen"
+ rm -r \
+ "${pkgdir}/usr/lib/xen/include/qemu-plugin.h" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-pr-helper" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-edid" \
+ "${pkgdir}/usr/lib/xen/bin/elf2dmp" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-storage-daemon" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-nbd" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-io" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-img" \
+ "${pkgdir}/usr/lib/xen/bin/qemu-system-i386" \
+ "${pkgdir}/usr/lib/xen/libexec/virtiofsd" \
+ "${pkgdir}/usr/lib/xen/libexec/qemu-bridge-helper" \
+ "${pkgdir}/usr/lib/xen/libexec/virtfs-proxy-helper"
+
+ fi
+
+
}
-package_xen-docs(){
- _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir")
- pkgdesc='Xen virtual machine hypervisor documentation'
- arch=('any')
- depends=()
- cd "$_pkgname-$_pkgver/"
- make "${_makevars_package[@]}" install-docs
+package_xen-docs() {
+ pkgdesc="Xen hypervisor documentation and man pages"
+ arch=("any")
+ cd "${pkgbase}-${pkgver}"
+ make "${_common_make_flags[@]}" DESTDIR="$pkgdir" install-docs
}
-package_xen-syms(){
- _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir")
- pkgdesc='Xen virtual machine hypervisor debugging symbols'
- arch=('any')
- depends=()
- _installdir="${pkgdir}/usr/lib/debug"
- cd "$_pkgname-$_pkgver/"
- install -d -m0755 "$_installdir"
- for _path in $(find xen -type f \( -name '*-syms' -or -name '*\.map' \)); do
- _file=$(basename "$_path")
- _installfile=$(echo "$_file" |
- sed "s/\([^.]*\)\(\.*\)/\1-${_pkgver}\2/" )
- install -D -m0644 -p "$_path" "$_installdir/$_installfile"
- done
+
+package_xen-stubdom() {
+ pkgdesc="Xen hypervisor stubdom files"
+ arch=("x86_64")
+ depends=("xen")
+
+ cd "${srcdir}/${pkgbase}-${pkgver}/stubdom"
+ make DESTDIR="${pkgdir}" install
}
+
+package_xen-qemu-builtin() {
+ pkgdesc="Xen hypervisor QEMU components"
+ arch=("x86_64")
+ depends=("xen")
+
+ cd "${srcdir}/${pkgbase}-${pkgver}/tools/qemu-xen-build"
+ make DESTDIR="${pkgdir}" install
+}
+
diff --git a/pcr/xen/ati-passthrough.patch b/pcr/xen/ati-passthrough.patch
deleted file mode 100644
index 7c20b1ecd..000000000
--- a/pcr/xen/ati-passthrough.patch
+++ /dev/null
@@ -1,415 +0,0 @@
---- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.c Thu Sep 6 11:05:30 2012
-+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.c Sat Nov 24 08:27:07 2012
-@@ -1438,9 +1438,17 @@ static void pt_ioport_map(PCIDevice *d,
- if (e_phys != -1)
- {
- /* Create new mapping */
-- ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys,
-- assigned_device->bases[i].access.pio_base, e_size,
-- DPCI_ADD_MAPPING);
-+ if ( vga_skip_ioport_map(d) )
-+ {
-+ assigned_device->bases[i].e_physbase = -1;
-+ }
-+ else
-+ {
-+ ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys,
-+ assigned_device->bases[i].access.pio_base, e_size,
-+ DPCI_ADD_MAPPING);
-+ }
-+
- if ( ret != 0 )
- {
- PT_LOG("Error: create new mapping failed!\n");
---- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.h Thu Sep 6 11:05:30 2012
-+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.h Sat Nov 24 08:27:07 2012
-@@ -419,6 +419,11 @@ int pt_pci_host_write(struct pci_dev *pc
- void intel_pch_init(PCIBus *bus);
- int register_vga_regions(struct pt_dev *real_device);
- int unregister_vga_regions(struct pt_dev *real_device);
-+int vga_skip_ioport_map(PCIDevice *d);
-+int igd_register_vga_regions(struct pt_dev *real_device);
-+int igd_unregister_vga_regions(struct pt_dev *real_device);
-+int ati_register_vga_regions(struct pt_dev *real_device);
-+int ati_unregister_vga_regions(struct pt_dev *real_device);
- int setup_vga_pt(struct pt_dev *real_device);
- PCIBus *intel_pci_bridge_init(PCIBus *bus, int devfn, uint16_t vid,
- uint16_t did, const char *name, uint16_t revision);
---- xen-4.3.1/tools/qemu-xen-traditional/hw/pci.h Thu Sep 6 11:05:30 2012
-+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pci.h Sat Nov 24 08:27:07 2012
-@@ -54,6 +54,8 @@ extern target_phys_addr_t pci_mem_base;
-
- #define PCI_VENDOR_ID_CIRRUS 0x1013
-
-+#define PCI_VENDOR_ID_ATI 0x1002
-+
- #define PCI_VENDOR_ID_IBM 0x1014
- #define PCI_DEVICE_ID_IBM_OPENPIC2 0xffff
-
---- xen-4.3.1/tools/qemu-xen-traditional/hw/pt-graphics.c Thu Sep 6 11:05:30 2012
-+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pt-graphics.c Sat Nov 24 08:28:10 2012
-@@ -13,6 +13,207 @@
-
- extern int gfx_passthru;
- extern int igd_passthru;
-+/*********************************/
-+/* Code for ATI GFX Passthru */
-+/*********************************/
-+/* ATI VBIOS Working Mechanism
-+ *
-+ * Generally there are three memory resources (two MMIO and one PIO)
-+ * associated with modern ATI gfx. VBIOS uses special tricks to figure out
-+ * BARs, instead of using regular PCI config space read.
-+ *
-+ * (1) VBIOS relies on I/O port 0x3C3 to retrieve PIO BAR
-+ * (2) VBIOS maintains a shadow copy of PCI configure space. It retries the
-+ * MMIO BARs from this shadow copy via sending I/O requests to first two
-+ * registers of PIO (MMINDEX and MMDATA). The workflow is like this:
-+ * MMINDEX (register 0) is written with an index value, specifying the
-+ * register VBIOS wanting to access. Then the shadowed data can be
-+ * read/written from MMDATA (register 1). For two MMIO BARs, the index
-+ * values are 0x4010 and 0x4014 respectively.
-+ *
-+ */
-+
-+#define ATI_BAR1_INDEX 0 //MMIO BAR1
-+#define ATI_BAR2_INDEX 1 //MMIO BAR2
-+#define ATI_BAR5_INDEX 4 //PIO BAR == BAR5
-+
-+#define ATI_BAR1_MMINDEX 0x4010 //data written to MMINDEX for MMIO BAR1
-+#define ATI_BAR2_MMINDEX 0x4014 //data written to MMINDEX FOR MMIO BAR2
-+
-+struct ati_gfx_info {
-+ int initialized; /* initialized already? */
-+
-+ /* PIO */
-+ uint32_t host_pio_base; /* host base addr of PIO */
-+ uint32_t guest_pio_base; /* guest base addr of PIO */
-+ uint32_t pio_size; /* PIO size */
-+
-+ /* MMIO */
-+ uint32_t guest_mmio_base1; /* guest base addr of MMIO 1 */
-+ uint32_t guest_mmio_base2; /* guest base addr of MMIO 2 */
-+
-+ /* PIO MMINDEX access recording */
-+ uint32_t pre_mmindex_data; /* previous data written to MMINDEX */
-+};
-+
-+static struct ati_gfx_info gfx_info;
-+
-+/* Convert guest PIO port to host PIO port */
-+static uint16_t gport_to_hport(uint16_t gport)
-+{
-+ return (gport - gfx_info.guest_pio_base) + gfx_info.host_pio_base;
-+}
-+
-+/* Read host PIO port */
-+static uint32_t ati_hw_in(uint16_t hport)
-+{
-+ unsigned val;
-+
-+ //iopl(3);
-+ asm volatile ("in %1,%0":"=a"(val):"Nd"(hport));
-+ //iopl(0);
-+
-+ return val;
-+}
-+
-+/* Write data to host PIO */
-+static void ati_hw_out(uint16_t hport, uint32_t data)
-+{
-+ //iopl(3);
-+ asm volatile ("out %1, %0"::"Nd"(hport),"a"(data));
-+ //iopl(0);
-+}
-+
-+static uint32_t ati_io_regs_read(void *opaque, uint32_t addr)
-+{
-+ uint32_t val;
-+
-+ val = ati_hw_in(gport_to_hport(addr));
-+
-+ /* tweak the value if VBIOS is reading MMIO BAR1 and BAR2 */
-+ if ( addr == (gfx_info.guest_pio_base + 4) )
-+ {
-+ switch ( gfx_info.pre_mmindex_data )
-+ {
-+ case ATI_BAR1_MMINDEX:
-+ val = gfx_info.guest_mmio_base1 | (val & 0x0000000f);
-+ break;
-+ case ATI_BAR2_MMINDEX:
-+ val = gfx_info.guest_mmio_base2 | (val & 0x0000000f);
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+
-+ return val;
-+}
-+
-+static void ati_io_regs_write(void *opaque, uint32_t addr, uint32_t val)
-+{
-+ ati_hw_out(gport_to_hport(addr), val);
-+
-+ /* book keeping */
-+ if ( addr == gfx_info.guest_pio_base )
-+ gfx_info.pre_mmindex_data = val;
-+}
-+
-+static void ati_gfx_init(struct pt_dev *assigned)
-+{
-+ PCIDevice *dev = (PCIDevice *)&assigned->dev;
-+
-+ register_ioport_read(dev->io_regions[ATI_BAR5_INDEX].addr,
-+ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_read, assigned);
-+
-+ register_ioport_write(dev->io_regions[ATI_BAR5_INDEX].addr,
-+ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_write, assigned);
-+
-+ /* initialize IO registers */
-+ gfx_info.guest_pio_base = dev->io_regions[ATI_BAR5_INDEX].addr;
-+ gfx_info.pio_size = dev->io_regions[ATI_BAR5_INDEX].size;
-+ gfx_info.host_pio_base = assigned->bases[ATI_BAR5_INDEX].access.pio_base;
-+
-+ gfx_info.guest_mmio_base1 = dev->io_regions[ATI_BAR1_INDEX].addr;
-+ gfx_info.guest_mmio_base2 = dev->io_regions[ATI_BAR2_INDEX].addr;
-+ gfx_info.initialized = 1;
-+
-+ PT_LOG("guest_pio_bar = 0x%x, host_pio_bar = 0x%x, pio_size=0x%x "
-+ "guest_mmio_bar1=0x%x, guest_mmio_bar2=0x%x\n",
-+ gfx_info.guest_pio_base, gfx_info.host_pio_base, gfx_info.pio_size,
-+ gfx_info.guest_mmio_base1, gfx_info.guest_mmio_base2);
-+}
-+
-+static uint32_t ati_legacy_io_read(void *opaque, uint32_t addr)
-+{
-+ struct pt_dev *assigned_device = opaque;
-+ PCIDevice *dev = (PCIDevice *)&assigned_device->dev;
-+ uint32_t val = 0xFF;
-+
-+ switch( addr )
-+ {
-+ case 0x3c3:
-+ val = dev->io_regions[ATI_BAR5_INDEX].addr >> 8;
-+ /* Intercept GFX IO registers. This supposes to happen in
-+ * ati_register_vga_regions(). But we cannot get guest phys IO BAR
-+ * over there. */
-+ if ( !gfx_info.initialized )
-+ ati_gfx_init(assigned_device);
-+ break;
-+ default:
-+ PT_LOG("ERROR: port 0x%x I/O read not handled\n", addr);
-+ break;
-+ }
-+
-+ return val;
-+}
-+
-+static void ati_legacy_io_write(void *opaque, uint32_t addr, uint32_t val)
-+{
-+ PT_LOG("ERROR: port 0x%x I/O write not handled\n", addr);
-+}
-+
-+int ati_register_vga_regions(struct pt_dev *real_device)
-+{
-+ PCIDevice *dev = (PCIDevice *)&real_device->dev;
-+ int ret = 0;
-+
-+ /* We need to intercept VBIOS accesses to port 0x3C3, which returns
-+ * device port I/O BAR. For the rest of legacy I/O ports, we allow direct
-+ * accesses.
-+ */
-+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0,
-+ 0x3C0, 0x3, DPCI_ADD_MAPPING);
-+
-+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4,
-+ 0x3C4, 0x1C, DPCI_ADD_MAPPING);
-+
-+ register_ioport_read(0x3c3, 1, 1, ati_legacy_io_read, real_device);
-+ register_ioport_write(0x3c3, 1, 1, ati_legacy_io_write, real_device);
-+
-+ /* initialized on the first port 0x3C3 access in ati_gfx_init */
-+ gfx_info.initialized = 0;
-+
-+ return ret;
-+}
-+
-+int ati_unregister_vga_regions(struct pt_dev *real_device)
-+{
-+ int ret = 0;
-+
-+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0,
-+ 0x3C0, 0x3, DPCI_REMOVE_MAPPING);
-+
-+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4,
-+ 0x3C4, 0x1C, DPCI_REMOVE_MAPPING);
-+
-+ gfx_info.initialized = 0;
-+
-+ return ret;
-+}
-+
-+/*********************************/
-+/* Code for Intel IGD Passthru */
-+/*********************************/
-
- static uint32_t igd_guest_opregion = 0;
-
-@@ -176,6 +377,77 @@ read_default:
- return pci_default_read_config(pci_dev, config_addr, len);
- }
-
-+int igd_register_vga_regions(struct pt_dev *real_device)
-+{
-+ u32 vendor_id, igd_opregion;
-+ int ret = 0;
-+
-+ /* legacy I/O ports 0x3C0 -- 0x3E0 */
-+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0,
-+ 0x3C0, 0x20, DPCI_ADD_MAPPING);
-+
-+ /* 1:1 map ASL Storage register value */
-+ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2);
-+ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4);
-+ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion )
-+ {
-+ ret |= xc_domain_memory_mapping(xc_handle, domid,
-+ igd_opregion >> XC_PAGE_SHIFT,
-+ igd_opregion >> XC_PAGE_SHIFT,
-+ 2,
-+ DPCI_ADD_MAPPING);
-+ PT_LOG("register_vga: igd_opregion = %x\n", igd_opregion);
-+ }
-+
-+ return ret;
-+}
-+
-+int igd_unregister_vga_regions(struct pt_dev *real_device)
-+{
-+ u32 vendor_id, igd_opregion;
-+ int ret = 0;
-+
-+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0,
-+ 0x3C0, 0x20, DPCI_REMOVE_MAPPING);
-+
-+ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2);
-+ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4);
-+ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion )
-+ {
-+ ret |= xc_domain_memory_mapping(xc_handle, domid,
-+ igd_opregion >> XC_PAGE_SHIFT,
-+ igd_opregion >> XC_PAGE_SHIFT,
-+ 2,
-+ DPCI_REMOVE_MAPPING);
-+ }
-+
-+ return ret;
-+}
-+/*********************************/
-+/* Generic Code for GFX Passthru */
-+/*********************************/
-+/* This function decides whether I/O port map should be skipped */
-+int vga_skip_ioport_map(PCIDevice *d)
-+{
-+ struct pt_dev *dev = (struct pt_dev *)d;
-+ int skip = 0;
-+
-+ if ( !gfx_passthru || dev->pci_dev->device_class != 0x0300 )
-+ return 0;
-+
-+ switch( dev->pci_dev->vendor_id )
-+ {
-+ case PCI_VENDOR_ID_ATI:
-+ case PCI_VENDOR_ID_AMD:
-+ skip = 1;
-+ break;
-+ default:
-+ skip = 0;
-+ break;
-+ }
-+
-+ return skip;
-+}
- /*
- * register VGA resources for the domain with assigned gfx
- */
-@@ -187,18 +459,33 @@ int register_vga_regions(struct pt_dev *
- if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 )
- return ret;
-
-+ /* legacy I/O ports 0x3B0 - 0x3BC */
- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0,
- 0x3B0, 0xC, DPCI_ADD_MAPPING);
-
-- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0,
-- 0x3C0, 0x20, DPCI_ADD_MAPPING);
--
-+ /* legacy video MMIO range 0xA0000 - 0xBFFFF */
- ret |= xc_domain_memory_mapping(xc_handle, domid,
- 0xa0000 >> XC_PAGE_SHIFT,
- 0xa0000 >> XC_PAGE_SHIFT,
- 0x20,
- DPCI_ADD_MAPPING);
-
-+ /* Other VGA regions are vendor specific */
-+ switch( real_device->pci_dev->vendor_id )
-+ {
-+ case PCI_VENDOR_ID_INTEL:
-+ ret = igd_register_vga_regions(real_device);
-+ break;
-+ case PCI_VENDOR_ID_ATI:
-+ case PCI_VENDOR_ID_AMD:
-+ ret = ati_register_vga_regions(real_device);
-+ break;
-+ default:
-+ PT_LOG("gfx card wasn't supported by Xen passthru!\n");
-+ ret = 1;
-+ break;
-+ }
-+
- if ( ret != 0 )
- PT_LOG("VGA region mapping failed\n");
-
-@@ -216,26 +503,31 @@ int unregister_vga_regions(struct pt_dev
- if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 )
- return ret;
-
-+ /* legacy I/O ports 0x3B0 - 0x3BC */
- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0,
- 0x3B0, 0xC, DPCI_REMOVE_MAPPING);
-
-- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0,
-- 0x3C0, 0x20, DPCI_REMOVE_MAPPING);
--
-+ /* legacy video MMIO range 0xA0000 - 0xBFFFF */
- ret |= xc_domain_memory_mapping(xc_handle, domid,
- 0xa0000 >> XC_PAGE_SHIFT,
- 0xa0000 >> XC_PAGE_SHIFT,
- 20,
- DPCI_REMOVE_MAPPING);
-
-- vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2);
-- if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_guest_opregion )
-+ /* Other VGA regions are vendor specific */
-+ switch( real_device->pci_dev->vendor_id )
- {
-- ret |= xc_domain_memory_mapping(xc_handle, domid,
-- igd_guest_opregion >> XC_PAGE_SHIFT,
-- igd_guest_opregion >> XC_PAGE_SHIFT,
-- 2,
-- DPCI_REMOVE_MAPPING);
-+ case PCI_VENDOR_ID_INTEL:
-+ ret = igd_unregister_vga_regions(real_device);
-+ break;
-+ case PCI_VENDOR_ID_ATI:
-+ case PCI_VENDOR_ID_AMD:
-+ ret = ati_unregister_vga_regions(real_device);
-+ break;
-+ default:
-+ PT_LOG("gfx card wasn't supported by Xen passthru!\n");
-+ ret = 1;
-+ break;
- }
-
- if ( ret != 0 )
diff --git a/pcr/xen/efi-xen.cfg b/pcr/xen/efi-xen.cfg
index d9f61958a..16b0b5bd5 100644
--- a/pcr/xen/efi-xen.cfg
+++ b/pcr/xen/efi-xen.cfg
@@ -3,5 +3,6 @@ default=xen
[xen]
options=console=vga dom0_mem=1024M,max:1024M dom0_max_vcpus=4 loglvl=all noreboot
-kernel=vmlinuz-linux-libre root=<Root Device> rw
-ramdisk=initramfs-linux-libre.img
+kernel=vmlinuz-linux root=<Root Device> rw
+ramdisk=initramfs-linux.img
+ucode=<extracted microcode file>
diff --git a/pcr/xen/patch-ovmf-use-python2.patch b/pcr/xen/patch-ovmf-use-python2.patch
deleted file mode 100644
index b52b9230c..000000000
--- a/pcr/xen/patch-ovmf-use-python2.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Subject: [PATCH] Fix ovmf, use python2
-
----
- tools/firmware/Makefile | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile
-index b840c6a..a5a6802 100644
---- a/tools/firmware/Makefile
-+++ b/tools/firmware/Makefile
-@@ -17,6 +17,8 @@ LD32BIT-$(CONFIG_FreeBSD) := LD32BIT_FLAG=-melf_i386_fbsd
-
- ovmf-dir:
- GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(OVMF_UPSTREAM_URL) $(OVMF_UPSTREAM_REVISION) ovmf-dir
-+ sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/BinWrappers/PosixLike"/* || true
-+ sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/Tests/GNUmakefile"
- cp ovmf-makefile ovmf-dir/Makefile;
-
- seabios-dir:
---
-2.13.0
-
diff --git a/pcr/xen/tmpfiles.d-xen.conf b/pcr/xen/tmpfiles.conf
index a55258b0f..a55258b0f 100644
--- a/pcr/xen/tmpfiles.d-xen.conf
+++ b/pcr/xen/tmpfiles.conf
diff --git a/pcr/xen/xen-amd-ucode.hook b/pcr/xen/xen-amd-ucode.hook
new file mode 100644
index 000000000..8e56e98dc
--- /dev/null
+++ b/pcr/xen/xen-amd-ucode.hook
@@ -0,0 +1,12 @@
+[Trigger]
+Type = Path
+Operation = Install
+Operation = Upgrade
+Operation = Remove
+Target = boot/amd-ucode.img
+
+[Action]
+Description = Extracting AMD microcode for Xen EFI...
+When = PostTransaction
+Exec = /usr/share/libalpm/scripts/xen-ucode-extract.sh
+
diff --git a/pcr/xen/xen-intel-ucode.hook b/pcr/xen/xen-intel-ucode.hook
new file mode 100644
index 000000000..c7013ff5c
--- /dev/null
+++ b/pcr/xen/xen-intel-ucode.hook
@@ -0,0 +1,12 @@
+[Trigger]
+Type = Path
+Operation = Install
+Operation = Upgrade
+Operation = Remove
+Target = boot/intel-ucode.img
+
+[Action]
+Description = Extracting Intel microcode for Xen EFI...
+When = PostTransaction
+Exec = /usr/share/libalpm/scripts/xen-ucode-extract.sh
+
diff --git a/pcr/xen/xen-ucode-extract.sh b/pcr/xen/xen-ucode-extract.sh
new file mode 100644
index 000000000..7f8379d67
--- /dev/null
+++ b/pcr/xen/xen-ucode-extract.sh
@@ -0,0 +1,37 @@
+#!/bin/bash -e
+
+
+do_firmware() {
+
+ if [ "$1" == "intel" ]; then
+ UCODE_RD="/boot/intel-ucode.img"
+ XEN_EFI_UCODE="/boot/xen-efi-intel-ucode.bin"
+ UCODE_ORIG_BIN="kernel/x86/microcode/GenuineIntel.bin"
+ elif [ "$1" == "amd" ]; then
+ UCODE_RD="/boot/amd-ucode.img"
+ XEN_EFI_UCODE="/boot/xen-efi-amd-ucode.bin"
+ UCODE_ORIG_BIN="kernel/x86/microcode/AuthenticAMD.bin"
+ fi
+
+ # remove old file
+ if [ -f $XEN_EFI_UCODE ]; then
+ rm $XEN_EFI_UCODE
+ fi
+
+ # create new file
+ if [ -f $UCODE_RD ]; then
+ bsdtar -Oxf $UCODE_RD $UCODE_ORIG_BIN > $XEN_EFI_UCODE || exit 1
+ fi
+
+
+}
+
+if [ -f "/boot/intel-ucode.img" ]; then
+ do_firmware "intel"
+fi
+
+if [ -f "/boot/amd-ucode.img" ]; then
+ do_firmware "amd"
+fi
+
+exit 0
diff --git a/pcr/xen/xen.conf b/pcr/xen/xen.conf
new file mode 100644
index 000000000..37a5b59f7
--- /dev/null
+++ b/pcr/xen/xen.conf
@@ -0,0 +1,19 @@
+xen-evtchn
+xen-gntdev
+xen-gntalloc
+xen-blkback
+xen-netback
+xen-pciback
+xen-acpi-processor
+## xen-acpi-processor: This module may not work on all machines; try removing this first if it causes issues.
+
+## The following were included in xencommons, but were not inserted by systemd:
+# evtchn
+# gntdev
+# netbk
+# blkbk
+# xen-scsibk
+# usbbk
+# pciback
+# blktap2
+# blktap
diff --git a/pcr/xen/xen.install b/pcr/xen/xen.install
index 2c03573e7..2a053c9f7 100644
--- a/pcr/xen/xen.install
+++ b/pcr/xen/xen.install
@@ -1,140 +1,61 @@
-xen_boot() {
- cat << __EOF__
-You are not running xen unless you boot xen.
-Possible Xen boot paths:
-EFI boot -> grubx64.efi -> multiboot2 -> [xen.gz, vmlinuz, ramdisk]
-BIOS boot -> grub -> multiboot(2) -> [xen.gz, vmlinuz, ramdisk]
-
-EFI boot -> xen.efi
-
-##########
-grub multiboot2 preparation:
-Install grub: https://wiki.parabola.nu/index.php/GRUB
-
-At this time, some modifications are needed to 20_linux_xen.
-These are included in this package as 21_linux_xen
-
-Set the values needed for your configuration in /etc/default/grub
-Detailed here: https://www.gnu.org/software/grub/manual/html_node/Simple-configuration.html
-Needed:
-GRUB_CMDLINE_XEN
-GRUB_CMDLINE_LINUX_XEN_REPLACE
-These values are not required but can be used; they are appended to the previous values, then this is used for the non-recovery (default) entry:
-GRUB_CMDLINE_XEN_DEFAULT
-GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT
-
-run grub-mkconfig
-
-To boot xen as default:
-suggested: inspect and use this config to boot with. Check if the xen entry works as expected
-find the id of the xen entry and set this as DEFAULT in /etc/default/grub.
-This may look something like:
-GRUB_DEFAULT="xen-gnulinux-simple-a-unique-id-from-your-grub-goes-here"
-
-run grub-mkconfig
-
-##########
-Direct EFI boot preperation:
-Create a xen.cfg file in the same directory as xen.efi.
-These need to be in ESP, or in a directory accessible from you EFI bootloader.
-Put settings relevant to your system into xen.cfg
-Detailed here: https://xenbits.xen.org/docs/4.9-testing/misc/efi.html
-Needed:
-kernel
-ramdisk
-Add the xen.efi file to your EFI bootloader (such as Refind).
-And / or add the xen.efi file to you EFI boot options (efibootmgr).
-__EOF__
-}
-
install_msg() {
- cat << __EOF__
-===> IMPORTANT NOTICES:
+ cat << __EOF__
+ Bunch of Xen Notes: https://wiki.archlinux.org/index.php/Xen
-In order to complete the installation, and enable Xen,
-at the very least you must:
+ If booting via efi, copy the example /etc/xen/efi-xen.cfg to /boot/xen.cfg
+ and edit the contents to match the settings you need.
-1. Configure your bootloader to boot Xen:
-__EOF__
- xen_boot
- cat << __EOF__
-2. Issue the following commands to allow you to create and start VMs:
+ To make dom0 go:
systemctl enable xen-qemu-dom0-disk-backend.service
systemctl enable xen-init-dom0.service
systemctl enable xenconsoled.service
- Other optional services are:
+ Optional services are:
systemctl enable xen-watchdog.service
-3. If you want some domains to automatically start up/shutdown, run the following:
+ To start domains on boot:
systemctl enable xendomains.service
-For more information refer to the Wiki:
- https://wiki.parabola.nu/index.php/Xen
__EOF__
-}
-upgrade_msg() {
- cat << __EOF__
-Xen 4.9
-Release notes
-http://wiki.xen.org/wiki/Xen_Project_4.9_Release_Notes
-Feature list
-http://wiki.xen.org/wiki/Xen_Project_4.9_Feature_List
-__EOF__
-}
-upgrade_msg_grub_multiboot2() {
- cat << __EOF__
-##########
-Xen 4.9 can now use grub>=2.02 multiboot2.
-If you previously booted using xen.efi, you have an alternative.
-If you previously relied on the packaged 09_xen for grub-mkconfig:
-It is now removed.
-You will need to do the following under grub multiboot2 preparation:
-##########
-__EOF__
- xen_boot
}
+
post_install() {
- install_msg
- upgrade_msg
- systemd-tmpfiles --create
+ install_msg
+ systemd-tmpfiles --create
+ /usr/share/libalpm/scripts/xen-ucode-extract.sh
}
post_upgrade() {
- if [[ "$2" < 4.9.0 || "$2" == *'4.9.0rc'* ]]; then
- upgrade_msg
- fi
- if [[ "$2" < 4.9.0 || "$2" == *'4.9.0rc'* ]]; then
- upgrade_msg_grub_multiboot2
- fi
- systemd-tmpfiles --create
+ systemd-tmpfiles --create
+ /usr/share/libalpm/scripts/xen-ucode-extract.sh
}
pre_remove() {
- systemctl stop xendomains.service
- systemctl stop xen-watchdog.service
- systemctl stop xenconsoled.service
- systemctl stop xen-init-dom0.service
- systemctl stop xen-qemu-dom0-disk-backend.service
-
- systemctl disable xendomains.service
- systemctl disable xen-watchdog.service
- systemctl disable xenconsoled.service
- systemctl disable xen-init-dom0.service
- systemctl disable xen-qemu-dom0-disk-backend.service
+ systemctl stop xendomains.service
+ systemctl stop xen-watchdog.service
+ systemctl stop xenconsoled.service
+ systemctl stop xen-init-dom0.service
+ systemctl stop xen-qemu-dom0-disk-backend.service
+
+ systemctl disable xendomains.service
+ systemctl disable xen-watchdog.service
+ systemctl disable xenconsoled.service
+ systemctl disable xen-init-dom0.service
+ systemctl disable xen-qemu-dom0-disk-backend.service
+
+ echo "Be sure to check boot for auto-generated microcode files."
}
post_remove() {
- cat << __EOF__
-===> IMPORTANT NOTICE:
+ cat << __EOF__
In order to finish removing Xen, you will need to modify
-your bootloader configuration files to load your Linux-libre
+your bootloader configuration files to load your Linux
kernel instead of Xen kernel.
__EOF__
}