From 7a1bb990a57534759265f37fc1c688057201ed9c Mon Sep 17 00:00:00 2001 From: bill-auger Date: Sun, 3 Apr 2022 02:45:01 -0400 Subject: [xen]: upgrade to v4.16.0 --- pcr/xen/21_linux_xen_multiboot_arch | 302 -------------- pcr/xen/ChangeLog | 365 +++++++++++++++-- pcr/xen/PKGBUILD | 763 ++++++++++++++--------------------- pcr/xen/ati-passthrough.patch | 415 ------------------- pcr/xen/efi-xen.cfg | 5 +- pcr/xen/patch-ovmf-use-python2.patch | 22 - pcr/xen/tmpfiles.conf | 2 + pcr/xen/tmpfiles.d-xen.conf | 2 - pcr/xen/xen-amd-ucode.hook | 12 + pcr/xen/xen-intel-ucode.hook | 12 + pcr/xen/xen-ucode-extract.sh | 37 ++ pcr/xen/xen.conf | 19 + pcr/xen/xen.install | 135 ++----- 13 files changed, 744 insertions(+), 1347 deletions(-) delete mode 100755 pcr/xen/21_linux_xen_multiboot_arch delete mode 100644 pcr/xen/ati-passthrough.patch delete mode 100644 pcr/xen/patch-ovmf-use-python2.patch create mode 100644 pcr/xen/tmpfiles.conf delete mode 100644 pcr/xen/tmpfiles.d-xen.conf create mode 100644 pcr/xen/xen-amd-ucode.hook create mode 100644 pcr/xen/xen-intel-ucode.hook create mode 100644 pcr/xen/xen-ucode-extract.sh create mode 100644 pcr/xen/xen.conf diff --git a/pcr/xen/21_linux_xen_multiboot_arch b/pcr/xen/21_linux_xen_multiboot_arch deleted file mode 100755 index 877bf2233..000000000 --- a/pcr/xen/21_linux_xen_multiboot_arch +++ /dev/null @@ -1,302 +0,0 @@ -#! /bin/sh -set -e - -# grub-mkconfig helper script. -# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. -# -# GRUB is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# GRUB is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GRUB. If not, see . - -prefix="/usr" -exec_prefix="/usr" -datarootdir="/usr/share" - -. "$pkgdatadir/grub-mkconfig_lib" - -export TEXTDOMAIN=grub -export TEXTDOMAINDIR="${datarootdir}/locale" - -CLASS="--class gnu-linux --class gnu --class os --class xen" - -if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then - OS=GNU/Linux-libre -else - OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre" - CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" -fi - -# loop-AES arranges things so that /dev/loop/X can be our root device, but -# the initrds that Linux-libre uses don't like that. -case ${GRUB_DEVICE} in - /dev/loop/*|/dev/loop[0-9]) - GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` - ;; -esac - -# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter -# and mounting btrfs requires user space scanning, so force UUID in this case. -if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ - || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ - || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then - LINUX_ROOT_DEVICE=${GRUB_DEVICE} -else - LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} -fi - -# Allow overriding GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT. -if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE}" ]; then - GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX_XEN_REPLACE}" -fi -if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" ]; then - GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" -fi - -case x"$GRUB_FS" in - xbtrfs) - rootsubvol="`make_system_path_relative_to_its_root /`" - rootsubvol="${rootsubvol#/}" - if [ "x${rootsubvol}" != x ]; then - GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" - fi;; - xzfs) - rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` - bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" - LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" - ;; -esac - -title_correction_code= - -linux_entry () -{ - os="$1" - version="$2" - xen_version="$3" - type="$4" - args="$5" - xen_args="$6" - if [ -z "$boot_device_id" ]; then - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" - fi - if [ x$type != xsimple ] ; then - if [ x$type = xrecovery ] ; then - title="$(gettext_printf "%s, with Xen %s and Linux %s (recovery mode)" "${os}" "${xen_version}" "${version}")" - else - title="$(gettext_printf "%s, with Xen %s and Linux %s" "${os}" "${xen_version}" "${version}")" - fi - replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" - if [ x"Xen ${xen_version}>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then - quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" - title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" - grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" - fi - echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" - else - title="$(gettext_printf "%s, with Xen hypervisor" "${os}")" - echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" - fi - if [ x$type != xrecovery ] ; then - save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/" - fi - - if [ -z "${prepare_boot_cache}" ]; then - prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" - fi - printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" - xmessage="$(gettext_printf "Loading Xen %s ..." ${xen_version})" - lmessage="$(gettext_printf "Loading Linux-libre %s ..." ${version})" - sed "s/^/$submenu_indentation/" << EOF - echo '$(echo "$xmessage" | grub_quote)' - if [ "\$grub_platform" = "pc" -o "\$grub_platform" = "" ]; then - xen_rm_opts= - else - xen_rm_opts="no-real-mode edd=off" - fi - ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} - echo '$(echo "$lmessage" | grub_quote)' - ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} -EOF - if test -n "${initrd}" ; then - # TRANSLATORS: ramdisk isn't identifier. Should be translated. - message="$(gettext_printf "Loading initial ramdisk ...")" - sed "s/^/$submenu_indentation/" << EOF - echo '$(echo "$message" | grub_quote)' - ${module_loader} --nounzip ${rel_dirname}/${initrd} -EOF - fi - sed "s/^/$submenu_indentation/" << EOF -} -EOF -} - -linux_list= -for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do - if grub_file_is_not_garbage "$i"; then - basename=$(basename $i) - version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") - dirname=$(dirname $i) - config= - for j in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do - if test -e "${j}" ; then - config="${j}" - break - fi - done - if (grep -qx "CONFIG_XEN_DOM0=y" "${config}" 2> /dev/null || grep -qx "CONFIG_XEN_PRIVILEGED_GUEST=y" "${config}" 2> /dev/null || [ -z ${config} ]); then linux_list="$linux_list $i" ; fi - fi -done -if [ "x${linux_list}" = "x" ] ; then - exit 0 -fi - -file_is_not_sym () { - case "$1" in - */xen-syms-*) - return 1;; - *) - return 0;; - esac -} - -file_is_not_xen_config () { - case "$1" in - */xen*\.*config) - return 1;; - */xen*\.*cfg) - return 1;; - */xen*\.*efi) - return 1;; - *) - return 0;; - esac -} - - -xen_list= -for i in /boot/xen*; do - if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" && file_is_not_xen_config "$i"; then xen_list="$xen_list $i" ; fi -done -prepare_boot_cache= -boot_device_id= - -title_correction_code= - -machine=`uname -m` - -case "$machine" in - i?86) GENKERNEL_ARCH="x86" ;; - mips|mips64) GENKERNEL_ARCH="mips" ;; - mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; - arm*) GENKERNEL_ARCH="arm" ;; - *) GENKERNEL_ARCH="$machine" ;; -esac - -# Extra indentation to add to menu entries in a submenu. We're not in a submenu -# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). -submenu_indentation="" - -is_top_level=true - -while [ "x${xen_list}" != "x" ] ; do - list="${linux_list}" - current_xen=`version_find_latest $xen_list` - xen_basename=`basename ${current_xen}` - xen_dirname=`dirname ${current_xen}` - rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname` - xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"` - if [ -z "$boot_device_id" ]; then - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" - fi - if [ "x$is_top_level" != xtrue ]; then - echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" - fi - if ($grub_file --is-arm64-efi $current_xen); then - xen_loader="xen_hypervisor" - module_loader="xen_module" - else - if ($grub_file --is-x86-multiboot2 $current_xen); then - xen_loader="multiboot2" - module_loader="module2" - else - xen_loader="multiboot" - module_loader="module" - fi - fi - while [ "x$list" != "x" ] ; do - linux=`version_find_latest $list` - gettext_printf "Found linux-libre image: %s\n" "$linux" >&2 - basename=`basename $linux` - dirname=`dirname $linux` - rel_dirname=`make_system_path_relative_to_its_root $dirname` - version=`echo $basename | sed -e "s,vmlinuz-,,g"` - alt_version=`echo $version | sed -e "s,\.old$,,g"` - linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" - - initrd= - for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ - "initrd-${version}" "initramfs-${version}.img" \ - "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ - "initrd-${alt_version}" "initramfs-${alt_version}.img" \ - "initramfs-genkernel-${version}" \ - "initramfs-genkernel-${alt_version}" \ - "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ - "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" ; do - if test -e "${dirname}/${i}" ; then - initrd="$i" - break - fi - done - if test -n "${initrd}" ; then - gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 - else - # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here. - linux_root_device_thisversion=${GRUB_DEVICE} - fi - - if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then - linux_entry "${OS}" "${version}" "${xen_version}" simple \ - "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" - - submenu_indentation="$grub_tab$grub_tab" - - if [ -z "$boot_device_id" ]; then - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" - fi - # TRANSLATORS: %s is replaced with an OS name - echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" - echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" - is_top_level=false - fi - - linux_entry "${OS}" "${version}" "${xen_version}" advanced \ - "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" - if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then - linux_entry "${OS}" "${version}" "${xen_version}" recovery \ - "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" - fi - - list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` - done - if [ x"$is_top_level" != xtrue ]; then - echo ' }' - fi - xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '` -done - -# If at least one kernel was found, then we need to -# add a closing '}' for the submenu command. -if [ x"$is_top_level" != xtrue ]; then - echo '}' -fi - -echo "$title_correction_code" diff --git a/pcr/xen/ChangeLog b/pcr/xen/ChangeLog index ced200187..e028522ce 100644 --- a/pcr/xen/ChangeLog +++ b/pcr/xen/ChangeLog @@ -1,40 +1,325 @@ -2018-01-04 John Thomson - * 4.10.0-2 - XSA-253 x86: memory leak with MSR emulation - -2017-12-13 John Thomson - * 4.10.0-1 - Xen 4.10 release - -2017-12-04 John Thomson - * 4.10.0rc8 - Xen 4.10 release candidate 8 - -2017-12-01 John Thomson - * 4.10.0rc7 - Xen 4.10 release candidate 7 - -2017-11-23 John Thomson - * 4.10.0rc6 - Xen 4.10 release candidate 6 - -2017-11-18 John Thomson - * 4.10.0rc5 - Xen 4.10 release candidate 5 - grub multiboot2 config generator updated - -2017-11-13 John Thomson - * 4.10.0rc4 - Xen 4.10 release candidate 4 - -2017-11-02 John Thomson - * 4.10.0rc3 - Xen 4.10 release candidate 3 - -2017-10-23 John Thomson - * 4.10.0rc2 - Xen 4.10 release candidate 2 - -2017-10-18 John Thomson - * 4.10.0rc1 - Xen 4.10 release candidate 1 +2022-02-15 + * 4.16.0-3 + * forgot to wrap qemu subpackage in an if + +2022-02-06 + * 4.16.0-2 + * security patches + * qemu and stubdom now generate split packages + +2021-12-28 Sam Mulvey + * 4.16.0-1 + * simple bump + +2021-09-28 Sam Mulvey + * 4.15.1-1 + * no patches at all, compiles cleanly + +2021-09-09 Sam Mulvey + * 4.15.0-4 + * adds a PVH security patch + +2021-08-28 Sam Mulvey + * 4.15.0-3 + * EFI fixes + * continued GCC11 changes + * XSA: 379 380 382 383 + +2021-04-15 Sam Mulvey + * 4.15.0-1 + * stubdom build now defaults false + +2021-01-12 Sam Mulvey + * 4.14.1-1 + +2020-11-10 Sam Mulvey + * 4.14.0-4 + re-added XSA patch file handling + +2020-08-10 Sam Mulvey + * 4.14.0-1 + option to build own QEMU is added, and default + +2020-08-20 Sam Mulvey + * 4.13.1-4 + +2019-08-15 Maik Broemme + * 4.12.1-1 + Xen 4.12.1 + +2019-04-29 Maik Broemme + * 4.12.0-1 + Xen 4.12.0 + +2018-07-24 Maik Broemme + * 4.11.0-2 + Updated version in 'xen.install' file + +2018-07-12 Maik Broemme + * 4.11.0-1 + Xen 4.11.0 + +2018-05-15 Maik Broemme + * 4.10.1-3 + Apply XSA patches: 260 261 262 + +2018-05-15 Maik Broemme + * 4.10.1-2 + Fix compilation issue with gcc-8 + +2018-05-08 Maik Broemme + * 4.10.1-1 + Xen 4.10.1 + +2018-05-03 Maik Broemme + * 4.10.0-6 + Replace 'mingw-w64-binutils' with 'binutils' + +2018-05-03 Maik Broemme + * 4.10.0-5 + Fix missing path of '--with-system-ovmf' parameter + Fix compilation issue with glibc-2.27 + Apply XSA patches: 258 + +2018-04-11 Maik Broemme + * 4.10.0-4 + PKGBUILD cleanup + Update ipxe to latest version + Align dependencies between qemu-xen and qemu-xen-traditional + Remove no longer needed '-Werror' fixes + +2018-04-09 Maik Broemme + * 4.10.0-3 + Fix '(XEN) parameter "/boot/xen-4.10.0.gz" unknown!' issue + +2018-04-09 Maik Broemme + * 4.10.0-2 + Make dependencies independent from build system + Apply XSA patches: 253 254 255 256 + +2018-02-20 Maik Broemme + * 4.10.0-1 + Xen 4.10.0 + +2017-09-30 Janne Heß + * 4.9.0-2 + Add spice-glib dependency + Fix build with PIC + Apply XSA patches: 226 227 228 229 230 231 232 233 234 235 + +2017-07-20 Janne Heß + * 4.9.0 + Xen 4.9.0 + Completely patch out Werror + Remove all obsolete patches + +2017-05-06 Janne Heß + * 4.8.0-7 + Apply XSA patches: 213 214 + +2017-04-07 Janne Heß + * 4.8.0-6 + Remove last pieces of OVMF and SeaBIOS + Specify location of SeaBIOS + Apply XSA patch: 212 + +2017-03-28 Janne Heß + * 4.8.0-5 + Split out SeaBIOS and OVMF + Disable Werror + Apply XSA patch: 211 + +2017-03-09 Janne Heß + * 4.8.0-4 + Merge with xen-docs + Fix lzo dependency + Add mingw-w64-binutils as dependency + +2017-02-27 Janne Heß + * 4.8.0-3 + Apply XSA patches: 207 208 209 210 + +2017-01-12 Janne Heß + * 4.8.0-2 + Xen 4.8.0 + Update all downloaded packages + Remove all obsolete patches + Apply XSA patch: 203, 204 + +2016-09-18 John Thomson + * 4.7.0-3 + Apply XSA patch: 185, 186, 187 + +2016-09-03 John Thomson + * 4.7.0-2 + Apply XSA patch: 182, 183, 184 + +2016-06-24 John Thomson + * 4.7.0-1 + Xen 4.7.0 + +2016-06-11 John Thomson + * 4.6.1-7 + Apply XSA patch: 175, 178, 181 + +2016-05-23 John Thomson + * 4.6.1-6 + Apply XSA patch: 180 + +2016-05-19 John Thomson + * 4.6.1-5 + Apply XSA patch: 176 + +2016-05-12 John Thomson + * 4.6.1-4 + Apply XSA patch: 179 + Patches for GCC6 + +2016-04-19 John Thomson + * 4.6.1-3 + Apply XSA patch: 173 + +2016-03-31 John Thomson + * 4.6.1-2 + Apply XSA patch: 172 + +2016-02-19 John Thomson + * 4.6.1-1 + Xen source package updated to 4.6.1 + Apply XSA patch: 170 + +2016-02-19 John Thomson + * 4.5.2-1 + Xen source package updated to 4.5.2 + Build xen.efi with mingw-w64-binutils + Build ovmf + Apply XSA patches: 154, 156, 158 to 160, 162 to 168, and 170 + +2015-07-04 David Sutton + * 4.5.1-1 + New major release from upstream + Added -fno-caller-saves CFLAG to PKGBUILD to work around GCC5 issues + Added in some compile fixes for GCC 5 + Disabled OVMF for now until patched for GCC 5 + +2015-05-13 David Sutton + * 4.5.0-3 + Added Security patches + +2015-04-08 David Sutton + * 4.5.0-2 + Updated PKGBUILD to use absolute instead of relative paths for install + Updated efi-xen.cfg with syntax fix + Added gnuttls-3.4.0 patch + Added security patches + +2015-03-01 David Sutton + * 4.5.0-1 + New major release from upstream + Cleaned up old XSA patches + Removed old systemd support patches and realigned with the new upstream methods + +2014-10-26 David Sutton + * 4.4.1-3 + Enabled OVMF support and added patches to fix compile + Enabled spice support and added patch to enable qemu support in qemu-xen + Added figlet as an make dependancy for the ascii art version number + Including an example xen.cfg package for people who will be using EFI + Additional cleanup (explictly disabling some unnecessary libraries) + +2014-10-12 David Sutton + * 4.4.1-2: + Added XSA 104, 105, 106, 107 and 108 security patches + Added .config to resolve compile issues where /etc/sysconfig exists + +2014-09-04 David Sutton + * 4.4.1-1: + New Upstream release + Cleared out unnecessary patches (security, gcc compile and pit) + +2014-06-22 David Sutton + * 4.4.0-6: + Added additional patch to support XSA 100 on AMD platform + +2014-06-17 David Sutton + * 4.4.0-5: + Added XSA 96 and 100 security patches + Added patch to explictly disable searching for bluez libs + Cleaned up PKGBUILD + +2014-05-17 David Sutton + * 4.4.0-4: + Added patch to fix shutdown issues with pvh domains + +2014-05-01 David Sutton + * 4.4.0-3: + Added XSA 92 Security patch + Added fix for compiling under GCC 4.9.0 (From Fedora Rawhide SRPM) + Added updates to 09_xen to closer match system 10_linux + +2014-03-11 David Sutton + * 4.4.0-2: + Moved xen-syms file so 09_xen won't pick it up as a potential kernel. + Added XSA 89 Security patch + Minor PKGBUILD cleanup/changes + +2014-03-10 David Sutton + * 4.4.0-1: + New upstream release + Cleaned up old unnecessary patches + +2014-02-19 David Sutton + * 4.3.2-1: + New upstream release + Removed unnecessary security patches (since now integrated into source) + Attempts to pull down additional required source file to ensure not corrupted + Added missing dependancy libseccomp + +2013-11-25 David Sutton + * 4.3.1-2: + Changed bluez dependancy from bluez4 to bluez + Added recent security patches + +2013-10-31 David Sutton + * 4.3.1-1: + New upstream release + Removed unnecessary security patches (already merged) + Fixed BIOS Workaround patch to apply to the new source files + Fixed ATI Passthrough patch to apply to the new source files + Updated paths in all patches + +2013-09-29 David Sutton + * 4.3.0-7: + Fixed optdepends in PKGBUILD + Added in a pre_remove function in xen.install to disable services + Minor text formating changes in xen.install + Added XSA 62,63,64 and 66 patches (Xen Security Advisories) + +2013-09-29 David Sutton + * 4.3.0-6: + Fixed 09_xen so it can detect lts kernels + +2013-09-28 David Sutton + * 4.3.0-5: + Fixed mount option in 09_xen from ro to rw + Added in dummy /etc/xen/grub.conf to control settings in 09_xen + Fix library sanitize so that it returns to the base directory + Move the syms file to /usr/share/xen so that it is out of the way of boot but still accessible + Added optional dependancy for openvswitch + +2013-08-13 David Sutton + * 4.3.0-4 : + Added patch for qemu-xen to add a TOM register for PCI Hole mapping + Protected /etc/conf.d/xendomains from being overwritten + Included ATI Passthrough patch (not enabled by default, compile tested only) + +2013-07-23 David Sutton + + * 4.3.0-3 : + added ChangeLog. + Cleaned up PKGBUILD to match Arch Package Standards + Fixed some path references - /var/run to /run + Removed some unnecessary empty directories + Updated xenconsoled and xenstored so they use /run for pid file + Updated auto-created /run directories to include xenstored + diff --git a/pcr/xen/PKGBUILD b/pcr/xen/PKGBUILD index 2e0dd94d8..80b0f5022 100644 --- a/pcr/xen/PKGBUILD +++ b/pcr/xen/PKGBUILD @@ -1,497 +1,346 @@ -# current version adapted from https://gitlab.com/archlinux-packages-johnth/xen/tree/xen-4.10 - -# Maintainer (AUR): John Thomson -# Contributor (Arch): David Sutton -# Contributor (Arch): Shanmu Thiagaraja -# Contributor (Arch): Limao Luo -# Contributor (Arch): Luceo -# Contributor (Arch): Revellion -# Contributor: André Silva -# Contributor: Márcio Silva -# Contributor: Isaac David - -#linux-4.7 EFI boot panic issue (patch linux) -#http://lkml.iu.edu/hypermail/linux/kernel/1608.2/03448.html - -_build_stubdom="${build_stubdom:-false}" -_system_seabios="${system_seabios:-false}" -_build_debug="${build_debug:-false}" -_build_livepatch="${build_livepatch:-false}" - -## use _build_stubdom=true to build xen with stubdom -## use _system_seabios=true to use system seabios -## this bios file is slightly different to the xen seabios -## /usr/share/qemu/bios-256k.bin uses CONFIG_ROM_SIZE=256, and newer seabios -## can force use this file through vm.cfg bios_path_override='/usr/share/qemu/bios-256k.bin' -## use _build_debug=true to compile Xen with debug options -## use _build_livepatch=true to compile Xen with livepatch support - -#_build_stubdom=true -#_system_seabios=true -#_build_debug=true -#_build_livepatch=true +# Maintainer (aur): Sam Mulvey (Refutationalist) +# Contributor: Filipe Laíns (FFY00) +# Contributor: Chris Chapman (cman) + +# Build Options +_build_stubdom=${build_stubdom:-false} +_build_qemu=${build_qemu:-true} +_boot_dir=${boot_dir:-/boot} +_efi_dir=${efi_dir:-/boot} +_efi_mountpoint=${efi_mountpoint:-/boot} + +# Check http://xenbits.xen.org/xen-extfiles/ for updates +_gmp=4.3.2 +_grub=0.97 +_lwip=1.3.0 +_newlib=1.16.0 +_pciutils=2.2.9 +_polarssl=1.1.4 +_tpm_emulator=0.7.4 +_zlib=1.2.3 pkgbase=xen -pkgname=(xen{,-docs,-syms}) -_pkgname=xen -pkgver=4.10.0 -_pkgver=${pkgver/rc/-rc} -pkgrel=1 -pkgdesc='Virtual Machine Hypervisor & Tools (Parabola rebranded)' -arch=(x86_64 armv7h) -depends=( - bridge-utils - curl - gnutls - iproute2 - libaio - libcacard - libcap-ng - libiscsi - libnl - libpng - lzo - pciutils - python2 - sdl - spice - systemd - usbredir - yajl - # seabios ovmf qemu -) -[[ "$CARCH" == 'x86_64' ]] && depends+=( - lib32-glibc -) -[[ "$CARCH" == *'arm'* ]] && depends+=( - dtc-overlay -) -[[ "$_system_seabios" == true ]] && depends+=( - seabios -) -url='http://www.xenproject.org/' +pkgname=("xen" "xen-docs") +pkgver=4.16.0 +pkgrel=3 +pkgdesc='Open-source type-1 or baremetal hypervisor' +arch=('x86_64') +url='https://xenproject.org/' license=('GPL2') +options=(!buildflags) + makedepends=( - cmake - figlet - git - markdown - nasm - ocaml-findlib - spice-protocol - wget + 'zlib' 'python' 'ncurses' 'openssl' 'libx11' 'libuuid.so' 'yajl' 'libaio' 'glib2' 'pkgconf' + 'bridge-utils' 'iproute2' 'inetutils' 'acpica' 'lib32-glibc' 'gnutls' + 'vde2' 'lzo' 'pciutils' 'sdl2' 'systemd-libs' + 'systemd' 'wget' 'pandoc' 'valgrind' 'git' 'bin86' 'dev86' 'bison' 'gettext' 'flex' 'pixman' 'ocaml' 'ocaml-findlib' 'fig2dev' +) # last line from namcap, these depends are the xen depends +_stubdom_makedepends=('cmake') +_qemu_makedepends=('ninja') + +_source=( + "https://downloads.xenproject.org/release/xen/$pkgver/$pkgname-$pkgver.tar.gz"{,.sig} + "efi-xen.cfg" + "xen.conf" + "tmpfiles.conf" + "xen-ucode-extract.sh" + "xen-intel-ucode.hook" + "xen-amd-ucode.hook" ) -[[ "$CARCH" == 'x86_64' ]] && makedepends+=( - bin86 - dev86 - gcc-multilib - iasl + +validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree code signing (signatures on the xen hypervisor and tools) + + +# Follow the Xen securite mailing lists, and if a patch is applicable to our package +# add the URL here. +_patches=( + "https://xenbits.xen.org/xsa/xsa393.patch" + "https://xenbits.xen.org/xsa/xsa394.patch" + "https://xenbits.xen.org/xsa/xsa395.patch" + ) -[[ "$CARCH" == 'i686' ]] && makedepends+=( - bin86 - dev86 - iasl + + +# Sources required for building stubdom +_stubdom_source=( + "http://xenbits.xen.org/xen-extfiles/gmp-$_gmp.tar.bz2" + "http://xenbits.xen.org/xen-extfiles/grub-$_grub.tar.gz" + "http://xenbits.xen.org/xen-extfiles/lwip-$_lwip.tar.gz" + "http://xenbits.xen.org/xen-extfiles/newlib-$_newlib.tar.gz" + "http://xenbits.xen.org/xen-extfiles/pciutils-$_pciutils.tar.bz2" + "http://xenbits.xen.org/xen-extfiles/polarssl-$_polarssl-gpl.tgz" + "http://xenbits.xen.org/xen-extfiles/tpm_emulator-$_tpm_emulator.tar.gz" + "http://xenbits.xen.org/xen-extfiles/zlib-$_zlib.tar.gz" ) -## For building Xen EFI boot file. -## mingw-w64-binutils only needed if -## binutils not built with --enable-targets=x86_64-pep -_binutils_efi=false - -if [[ "$CARCH" == 'x86_64' ]]; then - if which ld 2>&1 > /dev/null; then - _binutils_emulations="$(ld -V)" - if [[ "$_binutils_emulations" == *'i386pep'* ]]; then - _binutils_efi=true - msg '#ld has efi support' - else - makedepends+=( - mingw-w64-binutils - ) - msg '#ld does not have efi support, using mingw' - fi - else - true - fi -fi +# from cheap hack known as break_out_sums.sh +_sha512sums=( + "2869ed90d1779c9754d7f2397f5fc67a655304d9c32953ac20655ef96cb154521d8fce9f23915ac0c91f984dc54f72c67e5e619e2da318b5997748f44cf21b87" # xen-4.16.0.tar.gz + "SKIP" # xen-4.16.0.tar.gz.sig + "1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420" # efi-xen.cfg + "ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b" # xen.conf + "53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef" # tmpfiles.conf + "a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6" # xen-ucode-extract.sh + "7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd" # xen-intel-ucode.hook + "99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9" # xen-amd-ucode.hook +) -options=(!buildflags !strip) -changelog=ChangeLog -##SeaBIOS & OVMF tags are in src/xen-*/tools/Config.mk -##grep -rE '_(REVISION|VERSION|TAG)( \?| :){0,1}=' src/xen**/{Config.mk,stubdom/configure,tools/firmware/etherboot/Makefile} -_git_tag_seabios='#tag=rel-1.10.2' -_git_tag_ovmf='#tag=947f3737abf65fda63f3ffd97fddfa6986986868' -_git_tag_ipxe='356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d' +_patch_sums=( + "32efed25f988579be8266a6bc80ed7c09c408519c6b6c5264b7e032849e3accc7ddea19c5879c06d7e7b27308d06e114f6e3ca4f814d53b9be9d239fb09c71f1" # xsa393.patch + "a0afa766e492a4dc921cd5c4c43c9ecbe87f79c07986504c8626ab7f06736147bdfa4637ea4c4abf17b9f1df31056bbcbb6c51a52e244e57467564c8ea06a52e" # xsa394.patch + "0aafb55b88a7feefeb0162b2722efc8ad43edcdfc7926492e1d49945eafb8dda900f7da37b2d49fd4dbc2d0c9a068ad6e47674a6df108a58842275695ed73540" # xsa395.patch +) -if [[ "$_build_stubdom" == true ]]; then - if [[ "$CARCH" == *'arm'* ]]; then - echo '####Compile settings error:' - echo "#cannot build stubdom for $CARCH" - _build_stubdom=false - fi -fi -source=( - "https://downloads.xenproject.org/release/$_pkgname/$_pkgver/$_pkgname-$_pkgver.tar.gz"{,.sig} - "http://xenbits.xen.org/xen-extfiles/ipxe-git-$_git_tag_ipxe.tar.gz" +_stub_sums=( + "2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf" # gmp-4.3.2.tar.bz2 + "c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb" # grub-0.97.tar.gz + "1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d" # lwip-1.3.0.tar.gz + "40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3" # newlib-1.16.0.tar.gz + "2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5" # pciutils-2.2.9.tar.bz2 + "88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad" # polarssl-1.1.4-gpl.tgz + "4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35" # tpm_emulator-0.7.4.tar.gz + "021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e" # zlib-1.2.3.tar.gz +) - 'seabios'::"git://xenbits.xen.org/seabios.git$_git_tag_seabios" - 'ovmf'::"git://xenbits.xen.org/ovmf.git$_git_tag_ovmf" - ##HTTP access - #'seabios'::"git+http://xenbits.xen.org/git-http/seabios.git$_git_tag_seabios" +# Simplify things for makepkg +source=( "${_source[@]}" "${_patches[@]}" ) +sha512sums=( "${_sha512sums[@]}" "${_patch_sums[@]}" ) - ## Compile patches - ati-passthrough.patch - patch-ovmf-use-python2.patch +for file in "${_patches[@]}"; do + noextract+=( $(basename ${file}) ) +done - ## Files - xen.install - 21_linux_xen_multiboot_arch - efi-xen.cfg - "tmpfiles.d-$_pkgname.conf" - ## XSA patches - https://xenbits.xen.org/xsa/xsa253.patch -) -if [[ "$_build_stubdom" == true ]]; then - msg '#building with stubdom' - source+=( - http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz - http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz - http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz - http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 - http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz - http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz - http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz - http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 - http://caml.inria.fr/pub/distrib/ocaml-3.11/ocaml-3.11.0.tar.gz - ) -fi +# stubdom handling +if [ "${_build_stubdom}" == "true" ]; then + source=("${source[@]}" "${_stubdom_source[@]}") + sha512sums=("${sha512sums[@]}" "${_stub_sums[@]}") + # Add in automagic dependency in order to build vtpm and vtpmmgr stubdoms + makedepends=( "${makedepends[@]}" "${_stubdom_makedepends[@]}" ) -noextract=( - "ipxe-git-$_git_tag_ipxe.tar.gz" -) + for file in "${_stubdom_source[@]}"; do + noextract+=( $(basename ${file}) ) + done -if [[ "$_build_stubdom" == true ]]; then - noextract+=( - lwip-1.3.0.tar.gz - zlib-1.2.3.tar.gz - newlib-1.16.0.tar.gz - pciutils-2.2.9.tar.bz2 - polarssl-1.1.4-gpl.tgz - grub-0.97.tar.gz - tpm_emulator-0.7.4.tar.gz - gmp-4.3.2.tar.bz2 - ocaml-3.11.0.tar.gz - ) + _config_stubdom='--enable-stubdom' + + # make sure to build the stubdom package + pkgname+=("xen-stubdom") + +else + _config_stubdom='--disable-stubdom' fi -validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') -#gpg --keyserver pgp.mit.edu --recv-key 23E3222C145F4475FA8060A783FE14C957E82BD9 -sha256sums=('0262a7023f8b12bcacfb0b25e69b2a63291f944f7683d54d8f33d4b2ca556844' - 'SKIP' - '251e5516d7de470c434ae5c393aacca2b61fb24d93770592a4a20add60b785c4' - 'SKIP' - 'SKIP' - 'd93c2d5bcdf0c3e4c6e8efb357cb4b9d618209025361f5ccd9d03651a8acd7a3' - '5fb65130f96d1728368a09042e55f622c14117572030ce2141bff4ae150e4a01' - '55145ff9c1570257478842e4001b0dafe007d90f5b06db17231bc5bf20f3b23d' - '8101316cfdf4b59e9c39b7372d4240a4552971c0fa53a4719bbb7a22f5622f4e' - 'efb3c5713d556aa4890136ebf61502060cf90234fbd2e85701ad7a7ed2524fb1' - '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf' - 'bba1abb5e4368421de29385e37f8477bf3534d3ba3ff7e2aae9c9d3da53f1393') - - -if [[ "$_build_stubdom" == true ]]; then - sha256sums+=( - #stubdom bits - '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f' - '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e' - 'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07' - 'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24' - '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6' - '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b' - '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459' - '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775' - 'ecdd4f8473ab0dee5d3acb5c0a31a4c1dd6aa12179895cf1903dd0f455c43a4f' - - #stubdom patches - ) +if [ "${_build_qemu}" == "true" ]; then + _config_qemu="" + # qemu needs ninja to build as of 4.16.0 + makedepends=( "${makedepends[@]}" "${_qemu_makedepends[@]}" ) + pkgname+=("xen-qemu-builtin") +else + _config_qemu="--with-system-qemu=/usr/bin/qemu-system-x86_64" fi -_xen_kconfig_debug=$(cat </dev/null 2>&1); then - sed -i.bak '/ EFI_LD/s/LD/LD_EFI/' xen/arch/x86/Makefile - sed -i.bak 's/LD/LD_EFI/' xen/arch/x86/efi/Makefile - sed -i.bak '/EFI_MOUNTPOINT .*/aLD_EFI ?= $(LD)' xen/Makefile - else - echo '#Not capable of building xen.efi. Need either:' - echo '#(preferred) binutils compiled with --enable-targets=x86_64-pep' - echo '#or install mingw-w64-binutils' - fi - fi - - # OVMF Compile support (Pulls from GIT repo, so patching to patch after pull request) - patch -Np1 -i "$srcdir/patch-ovmf-use-python2.patch" - #mkdir -p tools/firmware/ovmf-patches - #cp "$srcdir"/patch-inbuild-ovmf*.patch tools/firmware/ovmf-patches/ - - # Uncomment line below if you want to enable ATI Passthrough support (some reported successes, untested with 4.4) - #patch -Np1 -i "$srcdir/ati-passthrough.patch" - - ## Fix fixed rundir paths - ## grep -Rl '\/var\/run\/xen' * 2> /dev/null - _var_run_fixed_paths=( - tools/hotplug/Linux/locking.sh - tools/xenmon/xenbaked.c - tools/xenmon/xenmon.py - tools/pygrub/src/pygrub - ) - sed -i 's:/var/run:/run:' ${_var_run_fixed_paths[@]} - - ## Fix python version in shebang - msg 'Fix python shebang to python2' - _python_files=( $(grep -Rlse '^#!/usr/bin/.*python$' || : ) ) - sed -Ei 's|(^#!.*/usr/bin/(env ){0,1})python$|\1python2|' ${_python_files[@]} - - ## Fix systemd-modules-load.d/xen.conf - ## remove nonexistent modules - find tools -iname 'configure*' -exec sed -i -E -e ' - /^LINUX_BACKEND_MODULES="$/,/^"$/ { - #Address range where this variable is set - /"/b; #Do noting if the line contains " - /^xen-/!d; #Delete if does not start with xen - s/scsibk/scsiback/; #Change scsibk to scsiback - };' {} \; - - if [[ "$_build_stubdom" == true ]]; then - # Copy supporting tarballs into place - ln -s "$srcdir/lwip-1.3.0.tar.gz" stubdom/ - ln -s "$srcdir/zlib-1.2.3.tar.gz" stubdom/ - ln -s "$srcdir/newlib-1.16.0.tar.gz" stubdom/ - ln -s "$srcdir/pciutils-2.2.9.tar.bz2" stubdom/ - ln -s "$srcdir/polarssl-1.1.4-gpl.tgz" stubdom/ - ln -s "$srcdir/grub-0.97.tar.gz" stubdom/ - ln -s "$srcdir/tpm_emulator-0.7.4.tar.gz" stubdom/ - ln -s "$srcdir/gmp-4.3.2.tar.bz2" stubdom/ - ln -s "$srcdir/ocaml-3.11.0.tar.gz" stubdom/ - - ## Stubdom patches - cd 'extras/mini-os' - cd '../../' - - #vtpm - fi - - #etherboot - ln -s "$srcdir/ipxe-git-$_git_tag_ipxe.tar.gz" tools/firmware/etherboot/ipxe.tar.gz - #cp "$srcdir"/patch-inbuild-ipxe*.patch tools/firmware/etherboot/patches/ + + cd "${pkgbase}-${pkgver}" + + if [ "${_build_stubdom}" == "true" ]; then + + for file in "${_stubdom_source[@]}"; do + cp ../$(basename ${file}) stubdom/ + done + + fi + + + for patchurl in "${_patches[@]}"; do + patch=$(basename $patchurl) + echo "==> Applying security patch '${patch}'..." + patch -p1 < "../${patch}" + done + + # Fix Install Paths. + sed 's,/var/run,/run,g' -i tools/hotplug/Linux/locking.sh + sed 's,/var/run,/run,g' -i tools/misc/xenpvnetboot + sed 's,/var/run,/run,g' -i tools/xenmon/xenbaked.c + sed 's,/var/run,/run,g' -i tools/xenmon/xenmon.py + sed 's,/var/run,/run,g' -i tools/pygrub/src/pygrub } build() { - cd "$_pkgname-$_pkgver/" - export LD_EFI='/usr/x86_64-w64-mingw32/bin/ld' - ./autogen.sh - if [[ "$_build_stubdom" == true ]]; then - _config_stubdom=(--enable-stubdom) - _config_stubdom+=( - #--enable-ioemu-stubdom=no - #--enable-c-stubdom=no - #--enable-caml-stubdom=no - #--enable-pv-grub=no - #--enable-xenstore-stubdom=no - #--enable-vtpm-stubdom=no - #--enable-vtpmmgr-stubdom=no - ) - else - _config_stubdom=(--disable-stubdom) - fi - _config_seabios=() - if [[ "$_system_seabios" == true ]]; then - _config_seabios=(--with-system-seabios=/usr/share/qemu/bios-256k.bin) - fi - _config_xen_kconfig='' - _config_debug=() - if [[ "$_build_debug" == true ]]; then - _config_debug=(--enable-debug --enable-debug-tcg --enable-debug-info) - _config_xen_kconfig+="\n$_xen_kconfig_debug" - _makevars+=(debug=y CONFIG_DEBUG=y) - fi - if [[ "$_build_livepatch" == true ]]; then - _config_xen_kconfig+="\n$_xen_kconfig_livepatch" - fi - if [[ -n "$_config_xen_kconfig" ]]; then - cd xen - echo -e "$_config_xen_kconfig" > .config - make "${_makevars[@]}" olddefconfig V=1 - cd ../ - fi - ./configure PYTHON=/usr/bin/python2 --prefix=/usr --sbindir=/usr/bin --with-sysconfig-leaf-dir=conf.d --with-rundir=/run \ - --enable-systemd --enable-ovmf \ - "${_config_seabios[@]}" \ - "${_config_stubdom[@]}" \ - "${_config_debug[@]}" \ - --with-extra-qemuu-configure-args='--disable-bluez --disable-gtk --enable-spice --enable-usb-redir' - #--with-system-qemu --with-system-seabios --with-system-ovmf - #defaults --enable-qemu-traditional --enable-rombios \ - make "${_makevars[@]}" dist - if [[ "$_build_livepatch" == true ]]; then - make "${_makevars[@]}" build-tests - fi + cd "${pkgbase}-${pkgver}" + + if [ "${_build_stubdom}" == "true" ]; then + echo "NOTE: Xen build with stubdom support." + fi + + if [ "${_build_qemu}" == "true" ]; then + echo "NOTE: Xen build with integrated QEMU." + fi + + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --libdir=/usr/lib \ + --with-rundir=/run \ + --enable-systemd \ + --disable-qemu-traditional \ + ${_config_stubdom} \ + ${_config_qemu} \ + --with-sysconfig-leaf-dir=conf.d \ + --with-system-ovmf=/usr/share/ovmf/x64/OVMF.fd \ + --with-system-seabios=/usr/share/qemu/bios-256k.bin + + make "${_common_make_flags[@]}" } package_xen() { - _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir") - optdepends=( - 'xen-docs: Official Xen documentation' - 'openvswitch: Optional advanced networking support' - 'urlgrabber: Required for xenpvnetboot' - ) - conflicts=(xen-{git,rc,igvtg,4.{8,9}} xenstore) - provides=(xenstore) - replaces=(xen-{git,rc,4.{8,9}}) - backup=( - etc/conf.d/xen{domains,commons} - "etc/$_pkgname/grub.conf" - "etc/$_pkgname/oxenstored.conf" - "etc/$_pkgname/xl.conf" - ) - install="$_pkgname.install" - - cd "$_pkgname-$_pkgver/" - - make "${_makevars_package[@]}" install-xen - make "${_makevars_package[@]}" install-tools - if [[ "$_build_stubdom" == true ]]; then - make "${_makevars_package[@]}" install-stubdom - fi - if [[ "$_build_livepatch" == true ]]; then - make "${_makevars_package[@]}" install-tests - fi - - cd "$pkgdir" - - # Install files from Parabola package - install -Dm644 "$srcdir/tmpfiles.d-$_pkgname.conf" "usr/lib/tmpfiles.d/$_pkgname.conf" - install -Dm755 "$srcdir/21_linux_xen_multiboot_arch" etc/grub.d/21_linux_xen_multiboot_arch - install -Dm644 "$srcdir/efi-xen.cfg" etc/xen/efi-xen.cfg - - mkdir -p var/log/xen/console - - # Sanitize library path (if lib64 exists) - if [[ -d usr/lib64 ]]; then - cd usr/ - mv lib64/* lib/ - rmdir lib64 - cd ../ - fi - - # If EFI binaries built, move to /boot - if [[ -f usr/lib/efi/xen.efi ]]; then - mv usr/lib/efi/*.efi boot/ - rmdir usr/lib/efi - fi - - # Remove syms - find usr/lib/debug -type f \( -name '*-syms*' -or -name '*\.map' \) -delete - rmdir --ignore-fail-on-non-empty usr/lib/debug - - # Remove hypervisor boot symlinks - rm -f boot/xen{,-4{,.8,.9}}{,.{gz,efi}} - - # Documentation cleanup ( see xen-docs package ) - #rm -rf usr/share/doc - #rm -rf usr/share/man - - # Remove tempdirs - rmdir run/xen{,stored} - rmdir run - - # Remove unnecessary qemu ELF support files - # qemuu - rm -f usr/share/qemu-xen/qemu/{palcode,openbios,s390}-* - rm -f usr/share/qemu-xen/qemu/u-boot.e500 - # qemut - if [[ "$CARCH" == *'x86'* ]]; then - rm -f usr/share/xen/qemu/openbios-* - fi - - # adhere to Static Library Packaging Guidelines - rm -rf usr/lib/*.a - - # Remove unneeded init.d files - rm -rf etc/init.d + pkgdesc='Open-source type-1 or baremetal hypervisor' + + depends=( + 'zlib' 'python' 'ncurses' 'openssl' 'libx11' 'libuuid.so' 'yajl' 'libaio' 'glib2' 'pkgconf' + 'bridge-utils' 'iproute2' 'inetutils' 'acpica' 'lib32-glibc' 'gnutls' + 'vde2' 'lzo' 'pciutils' 'sdl2' + 'pixman' 'libseccomp' 'libpng' 'libjpeg-turbo' # inhereted depends because of build environment + ) + + optdepends=( + 'edk2-ovmf: UEFI support' + 'seabios: SeaBIOS payload support' + 'xen-docs: HTML documentation and man pages' + 'grub-xen-git: GRUB and pvgrub2 bootloader support' + 'linux-headers: extract bootable non-zstd kernel for recent kernels' + ) + + if [ "${_build_qemu}" == "false" ]; then + optdepends+=("qemu: HVM and PV support") + fi + + install="xen.install" + + + backup=( + "etc/conf.d/xencommons" + "etc/conf.d/xendomains" + "etc/xen/efi-xen.cfg" + "etc/xen/cpupool" + "etc/xen/xl.conf" + ) + + + cd "${pkgbase}-${pkgver}" + + make "${_common_make_flags[@]}" DESTDIR="$pkgdir" install + + rm -rf "$pkgdir"/var/run + + # Symlinks to prior installed versions are not The Arch Way, leave only the bare EFI binary + (cd "${pkgdir}/${_efi_dir}" && mv "$(realpath xen.efi)" xen.efi) + + [ -d "$pkgdir"/etc/xen/scripts ] && backup+=($(find "$pkgdir"/etc/xen/scripts/ -type f | sed "s|^$pkgdir/||g")) + + mkdir -p "${pkgdir}/var/log/xen/console" + + # Continued: Trim hypervisor symlinks. + (cd "${pkgdir}/${_boot_dir}" && mv "$(realpath xen.gz)" xen.gz) + + # Do all symlink removals after the directories have had the real + # binaries moved overtop any symlinks. Note that dependening on + # configuratation _efi_dir and _boot_dir may be the same directory, so + # don't clean any of them until they've all been processed. + find "${pkgdir}/${_efi_dir}" -type l -delete + find "${pkgdir}/${_boot_dir}" -type l -delete + + # Remove syms. + find "${pkgdir}/usr/lib/debug" -type f \( -name '*-syms*' -or -name '*\.map' \) -delete + rmdir "${pkgdir}/usr/lib/debug/usr/lib/xen/boot" + rmdir "${pkgdir}/usr/lib/debug/usr/lib/xen" + rmdir "${pkgdir}/usr/lib/debug/usr/lib" + rmdir "${pkgdir}/usr/lib/debug/usr" + rmdir "${pkgdir}/usr/lib/debug" + + # Remove SysVinit files. + rm -r "${pkgdir}/etc/init.d" + + # Install files for Arch Linux. + install -D -m 0644 "${srcdir}/efi-xen.cfg" "${pkgdir}/etc/xen/efi-xen.cfg" + install -D -m 0644 "${srcdir}/xen.conf" "${pkgdir}/usr/lib/modules-load.d/xen.conf" + install -D -m 0644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/${pkgbase}.conf" + + # microcode hooks + mkdir -p "${pkgdir}/usr/share/libalpm/scripts" "${pkgdir}/usr/share/libalpm/hooks" + install -m755 "${srcdir}/xen-ucode-extract.sh" "${pkgdir}/usr/share/libalpm/scripts" + install -m644 "${srcdir}/xen-intel-ucode.hook" "${pkgdir}/usr/share/libalpm/hooks" + install -m644 "${srcdir}/xen-amd-ucode.hook" "${pkgdir}/usr/share/libalpm/hooks" + + # Remove documentation (included in separate xen-docs package). + rm -r "${pkgdir}/usr/share/doc" + rm -r "${pkgdir}/usr/share/man" + + # remove potential stubdom files + rm -r "${pkgdir}/usr/lib/xen/boot" + + # remove qemu + if [ "${_build_qemu}" == "true" ]; then + + rm -r "${pkgdir}/usr/share/qemu-xen" + rm -r \ + "${pkgdir}/usr/lib/xen/include/qemu-plugin.h" \ + "${pkgdir}/usr/lib/xen/bin/qemu-pr-helper" \ + "${pkgdir}/usr/lib/xen/bin/qemu-edid" \ + "${pkgdir}/usr/lib/xen/bin/elf2dmp" \ + "${pkgdir}/usr/lib/xen/bin/qemu-storage-daemon" \ + "${pkgdir}/usr/lib/xen/bin/qemu-nbd" \ + "${pkgdir}/usr/lib/xen/bin/qemu-io" \ + "${pkgdir}/usr/lib/xen/bin/qemu-img" \ + "${pkgdir}/usr/lib/xen/bin/qemu-system-i386" \ + "${pkgdir}/usr/lib/xen/libexec/virtiofsd" \ + "${pkgdir}/usr/lib/xen/libexec/qemu-bridge-helper" \ + "${pkgdir}/usr/lib/xen/libexec/virtfs-proxy-helper" + + fi + + } -package_xen-docs(){ - _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir") - pkgdesc='Xen virtual machine hypervisor documentation' - arch=('any') - depends=() - cd "$_pkgname-$_pkgver/" - make "${_makevars_package[@]}" install-docs +package_xen-docs() { + pkgdesc="Xen hypervisor documentation and man pages" + arch=("any") + cd "${pkgbase}-${pkgver}" + make "${_common_make_flags[@]}" DESTDIR="$pkgdir" install-docs } -package_xen-syms(){ - _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir") - pkgdesc='Xen virtual machine hypervisor debugging symbols' - arch=('any') - depends=() - _installdir="${pkgdir}/usr/lib/debug" - cd "$_pkgname-$_pkgver/" - install -d -m0755 "$_installdir" - for _path in $(find xen -type f \( -name '*-syms' -or -name '*\.map' \)); do - _file=$(basename "$_path") - _installfile=$(echo "$_file" | - sed "s/\([^.]*\)\(\.*\)/\1-${_pkgver}\2/" ) - install -D -m0644 -p "$_path" "$_installdir/$_installfile" - done + +package_xen-stubdom() { + pkgdesc="Xen hypervisor stubdom files" + arch=("x86_64") + depends=("xen") + + cd "${srcdir}/${pkgbase}-${pkgver}/stubdom" + make DESTDIR="${pkgdir}" install } + +package_xen-qemu-builtin() { + pkgdesc="Xen hypervisor QEMU components" + arch=("x86_64") + depends=("xen") + + cd "${srcdir}/${pkgbase}-${pkgver}/tools/qemu-xen-build" + make DESTDIR="${pkgdir}" install +} + diff --git a/pcr/xen/ati-passthrough.patch b/pcr/xen/ati-passthrough.patch deleted file mode 100644 index 7c20b1ecd..000000000 --- a/pcr/xen/ati-passthrough.patch +++ /dev/null @@ -1,415 +0,0 @@ ---- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.c Thu Sep 6 11:05:30 2012 -+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.c Sat Nov 24 08:27:07 2012 -@@ -1438,9 +1438,17 @@ static void pt_ioport_map(PCIDevice *d, - if (e_phys != -1) - { - /* Create new mapping */ -- ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys, -- assigned_device->bases[i].access.pio_base, e_size, -- DPCI_ADD_MAPPING); -+ if ( vga_skip_ioport_map(d) ) -+ { -+ assigned_device->bases[i].e_physbase = -1; -+ } -+ else -+ { -+ ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys, -+ assigned_device->bases[i].access.pio_base, e_size, -+ DPCI_ADD_MAPPING); -+ } -+ - if ( ret != 0 ) - { - PT_LOG("Error: create new mapping failed!\n"); ---- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.h Thu Sep 6 11:05:30 2012 -+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.h Sat Nov 24 08:27:07 2012 -@@ -419,6 +419,11 @@ int pt_pci_host_write(struct pci_dev *pc - void intel_pch_init(PCIBus *bus); - int register_vga_regions(struct pt_dev *real_device); - int unregister_vga_regions(struct pt_dev *real_device); -+int vga_skip_ioport_map(PCIDevice *d); -+int igd_register_vga_regions(struct pt_dev *real_device); -+int igd_unregister_vga_regions(struct pt_dev *real_device); -+int ati_register_vga_regions(struct pt_dev *real_device); -+int ati_unregister_vga_regions(struct pt_dev *real_device); - int setup_vga_pt(struct pt_dev *real_device); - PCIBus *intel_pci_bridge_init(PCIBus *bus, int devfn, uint16_t vid, - uint16_t did, const char *name, uint16_t revision); ---- xen-4.3.1/tools/qemu-xen-traditional/hw/pci.h Thu Sep 6 11:05:30 2012 -+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pci.h Sat Nov 24 08:27:07 2012 -@@ -54,6 +54,8 @@ extern target_phys_addr_t pci_mem_base; - - #define PCI_VENDOR_ID_CIRRUS 0x1013 - -+#define PCI_VENDOR_ID_ATI 0x1002 -+ - #define PCI_VENDOR_ID_IBM 0x1014 - #define PCI_DEVICE_ID_IBM_OPENPIC2 0xffff - ---- xen-4.3.1/tools/qemu-xen-traditional/hw/pt-graphics.c Thu Sep 6 11:05:30 2012 -+++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pt-graphics.c Sat Nov 24 08:28:10 2012 -@@ -13,6 +13,207 @@ - - extern int gfx_passthru; - extern int igd_passthru; -+/*********************************/ -+/* Code for ATI GFX Passthru */ -+/*********************************/ -+/* ATI VBIOS Working Mechanism -+ * -+ * Generally there are three memory resources (two MMIO and one PIO) -+ * associated with modern ATI gfx. VBIOS uses special tricks to figure out -+ * BARs, instead of using regular PCI config space read. -+ * -+ * (1) VBIOS relies on I/O port 0x3C3 to retrieve PIO BAR -+ * (2) VBIOS maintains a shadow copy of PCI configure space. It retries the -+ * MMIO BARs from this shadow copy via sending I/O requests to first two -+ * registers of PIO (MMINDEX and MMDATA). The workflow is like this: -+ * MMINDEX (register 0) is written with an index value, specifying the -+ * register VBIOS wanting to access. Then the shadowed data can be -+ * read/written from MMDATA (register 1). For two MMIO BARs, the index -+ * values are 0x4010 and 0x4014 respectively. -+ * -+ */ -+ -+#define ATI_BAR1_INDEX 0 //MMIO BAR1 -+#define ATI_BAR2_INDEX 1 //MMIO BAR2 -+#define ATI_BAR5_INDEX 4 //PIO BAR == BAR5 -+ -+#define ATI_BAR1_MMINDEX 0x4010 //data written to MMINDEX for MMIO BAR1 -+#define ATI_BAR2_MMINDEX 0x4014 //data written to MMINDEX FOR MMIO BAR2 -+ -+struct ati_gfx_info { -+ int initialized; /* initialized already? */ -+ -+ /* PIO */ -+ uint32_t host_pio_base; /* host base addr of PIO */ -+ uint32_t guest_pio_base; /* guest base addr of PIO */ -+ uint32_t pio_size; /* PIO size */ -+ -+ /* MMIO */ -+ uint32_t guest_mmio_base1; /* guest base addr of MMIO 1 */ -+ uint32_t guest_mmio_base2; /* guest base addr of MMIO 2 */ -+ -+ /* PIO MMINDEX access recording */ -+ uint32_t pre_mmindex_data; /* previous data written to MMINDEX */ -+}; -+ -+static struct ati_gfx_info gfx_info; -+ -+/* Convert guest PIO port to host PIO port */ -+static uint16_t gport_to_hport(uint16_t gport) -+{ -+ return (gport - gfx_info.guest_pio_base) + gfx_info.host_pio_base; -+} -+ -+/* Read host PIO port */ -+static uint32_t ati_hw_in(uint16_t hport) -+{ -+ unsigned val; -+ -+ //iopl(3); -+ asm volatile ("in %1,%0":"=a"(val):"Nd"(hport)); -+ //iopl(0); -+ -+ return val; -+} -+ -+/* Write data to host PIO */ -+static void ati_hw_out(uint16_t hport, uint32_t data) -+{ -+ //iopl(3); -+ asm volatile ("out %1, %0"::"Nd"(hport),"a"(data)); -+ //iopl(0); -+} -+ -+static uint32_t ati_io_regs_read(void *opaque, uint32_t addr) -+{ -+ uint32_t val; -+ -+ val = ati_hw_in(gport_to_hport(addr)); -+ -+ /* tweak the value if VBIOS is reading MMIO BAR1 and BAR2 */ -+ if ( addr == (gfx_info.guest_pio_base + 4) ) -+ { -+ switch ( gfx_info.pre_mmindex_data ) -+ { -+ case ATI_BAR1_MMINDEX: -+ val = gfx_info.guest_mmio_base1 | (val & 0x0000000f); -+ break; -+ case ATI_BAR2_MMINDEX: -+ val = gfx_info.guest_mmio_base2 | (val & 0x0000000f); -+ break; -+ default: -+ break; -+ } -+ } -+ -+ return val; -+} -+ -+static void ati_io_regs_write(void *opaque, uint32_t addr, uint32_t val) -+{ -+ ati_hw_out(gport_to_hport(addr), val); -+ -+ /* book keeping */ -+ if ( addr == gfx_info.guest_pio_base ) -+ gfx_info.pre_mmindex_data = val; -+} -+ -+static void ati_gfx_init(struct pt_dev *assigned) -+{ -+ PCIDevice *dev = (PCIDevice *)&assigned->dev; -+ -+ register_ioport_read(dev->io_regions[ATI_BAR5_INDEX].addr, -+ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_read, assigned); -+ -+ register_ioport_write(dev->io_regions[ATI_BAR5_INDEX].addr, -+ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_write, assigned); -+ -+ /* initialize IO registers */ -+ gfx_info.guest_pio_base = dev->io_regions[ATI_BAR5_INDEX].addr; -+ gfx_info.pio_size = dev->io_regions[ATI_BAR5_INDEX].size; -+ gfx_info.host_pio_base = assigned->bases[ATI_BAR5_INDEX].access.pio_base; -+ -+ gfx_info.guest_mmio_base1 = dev->io_regions[ATI_BAR1_INDEX].addr; -+ gfx_info.guest_mmio_base2 = dev->io_regions[ATI_BAR2_INDEX].addr; -+ gfx_info.initialized = 1; -+ -+ PT_LOG("guest_pio_bar = 0x%x, host_pio_bar = 0x%x, pio_size=0x%x " -+ "guest_mmio_bar1=0x%x, guest_mmio_bar2=0x%x\n", -+ gfx_info.guest_pio_base, gfx_info.host_pio_base, gfx_info.pio_size, -+ gfx_info.guest_mmio_base1, gfx_info.guest_mmio_base2); -+} -+ -+static uint32_t ati_legacy_io_read(void *opaque, uint32_t addr) -+{ -+ struct pt_dev *assigned_device = opaque; -+ PCIDevice *dev = (PCIDevice *)&assigned_device->dev; -+ uint32_t val = 0xFF; -+ -+ switch( addr ) -+ { -+ case 0x3c3: -+ val = dev->io_regions[ATI_BAR5_INDEX].addr >> 8; -+ /* Intercept GFX IO registers. This supposes to happen in -+ * ati_register_vga_regions(). But we cannot get guest phys IO BAR -+ * over there. */ -+ if ( !gfx_info.initialized ) -+ ati_gfx_init(assigned_device); -+ break; -+ default: -+ PT_LOG("ERROR: port 0x%x I/O read not handled\n", addr); -+ break; -+ } -+ -+ return val; -+} -+ -+static void ati_legacy_io_write(void *opaque, uint32_t addr, uint32_t val) -+{ -+ PT_LOG("ERROR: port 0x%x I/O write not handled\n", addr); -+} -+ -+int ati_register_vga_regions(struct pt_dev *real_device) -+{ -+ PCIDevice *dev = (PCIDevice *)&real_device->dev; -+ int ret = 0; -+ -+ /* We need to intercept VBIOS accesses to port 0x3C3, which returns -+ * device port I/O BAR. For the rest of legacy I/O ports, we allow direct -+ * accesses. -+ */ -+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, -+ 0x3C0, 0x3, DPCI_ADD_MAPPING); -+ -+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4, -+ 0x3C4, 0x1C, DPCI_ADD_MAPPING); -+ -+ register_ioport_read(0x3c3, 1, 1, ati_legacy_io_read, real_device); -+ register_ioport_write(0x3c3, 1, 1, ati_legacy_io_write, real_device); -+ -+ /* initialized on the first port 0x3C3 access in ati_gfx_init */ -+ gfx_info.initialized = 0; -+ -+ return ret; -+} -+ -+int ati_unregister_vga_regions(struct pt_dev *real_device) -+{ -+ int ret = 0; -+ -+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, -+ 0x3C0, 0x3, DPCI_REMOVE_MAPPING); -+ -+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4, -+ 0x3C4, 0x1C, DPCI_REMOVE_MAPPING); -+ -+ gfx_info.initialized = 0; -+ -+ return ret; -+} -+ -+/*********************************/ -+/* Code for Intel IGD Passthru */ -+/*********************************/ - - static uint32_t igd_guest_opregion = 0; - -@@ -176,6 +377,77 @@ read_default: - return pci_default_read_config(pci_dev, config_addr, len); - } - -+int igd_register_vga_regions(struct pt_dev *real_device) -+{ -+ u32 vendor_id, igd_opregion; -+ int ret = 0; -+ -+ /* legacy I/O ports 0x3C0 -- 0x3E0 */ -+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, -+ 0x3C0, 0x20, DPCI_ADD_MAPPING); -+ -+ /* 1:1 map ASL Storage register value */ -+ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); -+ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4); -+ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion ) -+ { -+ ret |= xc_domain_memory_mapping(xc_handle, domid, -+ igd_opregion >> XC_PAGE_SHIFT, -+ igd_opregion >> XC_PAGE_SHIFT, -+ 2, -+ DPCI_ADD_MAPPING); -+ PT_LOG("register_vga: igd_opregion = %x\n", igd_opregion); -+ } -+ -+ return ret; -+} -+ -+int igd_unregister_vga_regions(struct pt_dev *real_device) -+{ -+ u32 vendor_id, igd_opregion; -+ int ret = 0; -+ -+ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, -+ 0x3C0, 0x20, DPCI_REMOVE_MAPPING); -+ -+ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); -+ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4); -+ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion ) -+ { -+ ret |= xc_domain_memory_mapping(xc_handle, domid, -+ igd_opregion >> XC_PAGE_SHIFT, -+ igd_opregion >> XC_PAGE_SHIFT, -+ 2, -+ DPCI_REMOVE_MAPPING); -+ } -+ -+ return ret; -+} -+/*********************************/ -+/* Generic Code for GFX Passthru */ -+/*********************************/ -+/* This function decides whether I/O port map should be skipped */ -+int vga_skip_ioport_map(PCIDevice *d) -+{ -+ struct pt_dev *dev = (struct pt_dev *)d; -+ int skip = 0; -+ -+ if ( !gfx_passthru || dev->pci_dev->device_class != 0x0300 ) -+ return 0; -+ -+ switch( dev->pci_dev->vendor_id ) -+ { -+ case PCI_VENDOR_ID_ATI: -+ case PCI_VENDOR_ID_AMD: -+ skip = 1; -+ break; -+ default: -+ skip = 0; -+ break; -+ } -+ -+ return skip; -+} - /* - * register VGA resources for the domain with assigned gfx - */ -@@ -187,18 +459,33 @@ int register_vga_regions(struct pt_dev * - if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 ) - return ret; - -+ /* legacy I/O ports 0x3B0 - 0x3BC */ - ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0, - 0x3B0, 0xC, DPCI_ADD_MAPPING); - -- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, -- 0x3C0, 0x20, DPCI_ADD_MAPPING); -- -+ /* legacy video MMIO range 0xA0000 - 0xBFFFF */ - ret |= xc_domain_memory_mapping(xc_handle, domid, - 0xa0000 >> XC_PAGE_SHIFT, - 0xa0000 >> XC_PAGE_SHIFT, - 0x20, - DPCI_ADD_MAPPING); - -+ /* Other VGA regions are vendor specific */ -+ switch( real_device->pci_dev->vendor_id ) -+ { -+ case PCI_VENDOR_ID_INTEL: -+ ret = igd_register_vga_regions(real_device); -+ break; -+ case PCI_VENDOR_ID_ATI: -+ case PCI_VENDOR_ID_AMD: -+ ret = ati_register_vga_regions(real_device); -+ break; -+ default: -+ PT_LOG("gfx card wasn't supported by Xen passthru!\n"); -+ ret = 1; -+ break; -+ } -+ - if ( ret != 0 ) - PT_LOG("VGA region mapping failed\n"); - -@@ -216,26 +503,31 @@ int unregister_vga_regions(struct pt_dev - if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 ) - return ret; - -+ /* legacy I/O ports 0x3B0 - 0x3BC */ - ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0, - 0x3B0, 0xC, DPCI_REMOVE_MAPPING); - -- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, -- 0x3C0, 0x20, DPCI_REMOVE_MAPPING); -- -+ /* legacy video MMIO range 0xA0000 - 0xBFFFF */ - ret |= xc_domain_memory_mapping(xc_handle, domid, - 0xa0000 >> XC_PAGE_SHIFT, - 0xa0000 >> XC_PAGE_SHIFT, - 20, - DPCI_REMOVE_MAPPING); - -- vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); -- if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_guest_opregion ) -+ /* Other VGA regions are vendor specific */ -+ switch( real_device->pci_dev->vendor_id ) - { -- ret |= xc_domain_memory_mapping(xc_handle, domid, -- igd_guest_opregion >> XC_PAGE_SHIFT, -- igd_guest_opregion >> XC_PAGE_SHIFT, -- 2, -- DPCI_REMOVE_MAPPING); -+ case PCI_VENDOR_ID_INTEL: -+ ret = igd_unregister_vga_regions(real_device); -+ break; -+ case PCI_VENDOR_ID_ATI: -+ case PCI_VENDOR_ID_AMD: -+ ret = ati_unregister_vga_regions(real_device); -+ break; -+ default: -+ PT_LOG("gfx card wasn't supported by Xen passthru!\n"); -+ ret = 1; -+ break; - } - - if ( ret != 0 ) diff --git a/pcr/xen/efi-xen.cfg b/pcr/xen/efi-xen.cfg index d9f61958a..16b0b5bd5 100644 --- a/pcr/xen/efi-xen.cfg +++ b/pcr/xen/efi-xen.cfg @@ -3,5 +3,6 @@ default=xen [xen] options=console=vga dom0_mem=1024M,max:1024M dom0_max_vcpus=4 loglvl=all noreboot -kernel=vmlinuz-linux-libre root= rw -ramdisk=initramfs-linux-libre.img +kernel=vmlinuz-linux root= rw +ramdisk=initramfs-linux.img +ucode= diff --git a/pcr/xen/patch-ovmf-use-python2.patch b/pcr/xen/patch-ovmf-use-python2.patch deleted file mode 100644 index b52b9230c..000000000 --- a/pcr/xen/patch-ovmf-use-python2.patch +++ /dev/null @@ -1,22 +0,0 @@ -Subject: [PATCH] Fix ovmf, use python2 - ---- - tools/firmware/Makefile | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile -index b840c6a..a5a6802 100644 ---- a/tools/firmware/Makefile -+++ b/tools/firmware/Makefile -@@ -17,6 +17,8 @@ LD32BIT-$(CONFIG_FreeBSD) := LD32BIT_FLAG=-melf_i386_fbsd - - ovmf-dir: - GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(OVMF_UPSTREAM_URL) $(OVMF_UPSTREAM_REVISION) ovmf-dir -+ sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/BinWrappers/PosixLike"/* || true -+ sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/Tests/GNUmakefile" - cp ovmf-makefile ovmf-dir/Makefile; - - seabios-dir: --- -2.13.0 - diff --git a/pcr/xen/tmpfiles.conf b/pcr/xen/tmpfiles.conf new file mode 100644 index 000000000..a55258b0f --- /dev/null +++ b/pcr/xen/tmpfiles.conf @@ -0,0 +1,2 @@ +d /run/xen 0755 root root - +d /run/xenstored 0755 root root - diff --git a/pcr/xen/tmpfiles.d-xen.conf b/pcr/xen/tmpfiles.d-xen.conf deleted file mode 100644 index a55258b0f..000000000 --- a/pcr/xen/tmpfiles.d-xen.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /run/xen 0755 root root - -d /run/xenstored 0755 root root - diff --git a/pcr/xen/xen-amd-ucode.hook b/pcr/xen/xen-amd-ucode.hook new file mode 100644 index 000000000..8e56e98dc --- /dev/null +++ b/pcr/xen/xen-amd-ucode.hook @@ -0,0 +1,12 @@ +[Trigger] +Type = Path +Operation = Install +Operation = Upgrade +Operation = Remove +Target = boot/amd-ucode.img + +[Action] +Description = Extracting AMD microcode for Xen EFI... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/xen-ucode-extract.sh + diff --git a/pcr/xen/xen-intel-ucode.hook b/pcr/xen/xen-intel-ucode.hook new file mode 100644 index 000000000..c7013ff5c --- /dev/null +++ b/pcr/xen/xen-intel-ucode.hook @@ -0,0 +1,12 @@ +[Trigger] +Type = Path +Operation = Install +Operation = Upgrade +Operation = Remove +Target = boot/intel-ucode.img + +[Action] +Description = Extracting Intel microcode for Xen EFI... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/xen-ucode-extract.sh + diff --git a/pcr/xen/xen-ucode-extract.sh b/pcr/xen/xen-ucode-extract.sh new file mode 100644 index 000000000..7f8379d67 --- /dev/null +++ b/pcr/xen/xen-ucode-extract.sh @@ -0,0 +1,37 @@ +#!/bin/bash -e + + +do_firmware() { + + if [ "$1" == "intel" ]; then + UCODE_RD="/boot/intel-ucode.img" + XEN_EFI_UCODE="/boot/xen-efi-intel-ucode.bin" + UCODE_ORIG_BIN="kernel/x86/microcode/GenuineIntel.bin" + elif [ "$1" == "amd" ]; then + UCODE_RD="/boot/amd-ucode.img" + XEN_EFI_UCODE="/boot/xen-efi-amd-ucode.bin" + UCODE_ORIG_BIN="kernel/x86/microcode/AuthenticAMD.bin" + fi + + # remove old file + if [ -f $XEN_EFI_UCODE ]; then + rm $XEN_EFI_UCODE + fi + + # create new file + if [ -f $UCODE_RD ]; then + bsdtar -Oxf $UCODE_RD $UCODE_ORIG_BIN > $XEN_EFI_UCODE || exit 1 + fi + + +} + +if [ -f "/boot/intel-ucode.img" ]; then + do_firmware "intel" +fi + +if [ -f "/boot/amd-ucode.img" ]; then + do_firmware "amd" +fi + +exit 0 diff --git a/pcr/xen/xen.conf b/pcr/xen/xen.conf new file mode 100644 index 000000000..37a5b59f7 --- /dev/null +++ b/pcr/xen/xen.conf @@ -0,0 +1,19 @@ +xen-evtchn +xen-gntdev +xen-gntalloc +xen-blkback +xen-netback +xen-pciback +xen-acpi-processor +## xen-acpi-processor: This module may not work on all machines; try removing this first if it causes issues. + +## The following were included in xencommons, but were not inserted by systemd: +# evtchn +# gntdev +# netbk +# blkbk +# xen-scsibk +# usbbk +# pciback +# blktap2 +# blktap diff --git a/pcr/xen/xen.install b/pcr/xen/xen.install index 2c03573e7..2a053c9f7 100644 --- a/pcr/xen/xen.install +++ b/pcr/xen/xen.install @@ -1,140 +1,61 @@ -xen_boot() { - cat << __EOF__ -You are not running xen unless you boot xen. -Possible Xen boot paths: -EFI boot -> grubx64.efi -> multiboot2 -> [xen.gz, vmlinuz, ramdisk] -BIOS boot -> grub -> multiboot(2) -> [xen.gz, vmlinuz, ramdisk] - -EFI boot -> xen.efi - -########## -grub multiboot2 preparation: -Install grub: https://wiki.parabola.nu/index.php/GRUB - -At this time, some modifications are needed to 20_linux_xen. -These are included in this package as 21_linux_xen - -Set the values needed for your configuration in /etc/default/grub -Detailed here: https://www.gnu.org/software/grub/manual/html_node/Simple-configuration.html -Needed: -GRUB_CMDLINE_XEN -GRUB_CMDLINE_LINUX_XEN_REPLACE -These values are not required but can be used; they are appended to the previous values, then this is used for the non-recovery (default) entry: -GRUB_CMDLINE_XEN_DEFAULT -GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT - -run grub-mkconfig - -To boot xen as default: -suggested: inspect and use this config to boot with. Check if the xen entry works as expected -find the id of the xen entry and set this as DEFAULT in /etc/default/grub. -This may look something like: -GRUB_DEFAULT="xen-gnulinux-simple-a-unique-id-from-your-grub-goes-here" - -run grub-mkconfig - -########## -Direct EFI boot preperation: -Create a xen.cfg file in the same directory as xen.efi. -These need to be in ESP, or in a directory accessible from you EFI bootloader. -Put settings relevant to your system into xen.cfg -Detailed here: https://xenbits.xen.org/docs/4.9-testing/misc/efi.html -Needed: -kernel -ramdisk -Add the xen.efi file to your EFI bootloader (such as Refind). -And / or add the xen.efi file to you EFI boot options (efibootmgr). -__EOF__ -} - install_msg() { - cat << __EOF__ -===> IMPORTANT NOTICES: + cat << __EOF__ + Bunch of Xen Notes: https://wiki.archlinux.org/index.php/Xen -In order to complete the installation, and enable Xen, -at the very least you must: + If booting via efi, copy the example /etc/xen/efi-xen.cfg to /boot/xen.cfg + and edit the contents to match the settings you need. -1. Configure your bootloader to boot Xen: -__EOF__ - xen_boot - cat << __EOF__ -2. Issue the following commands to allow you to create and start VMs: + To make dom0 go: systemctl enable xen-qemu-dom0-disk-backend.service systemctl enable xen-init-dom0.service systemctl enable xenconsoled.service - Other optional services are: + Optional services are: systemctl enable xen-watchdog.service -3. If you want some domains to automatically start up/shutdown, run the following: + To start domains on boot: systemctl enable xendomains.service -For more information refer to the Wiki: - https://wiki.parabola.nu/index.php/Xen __EOF__ -} -upgrade_msg() { - cat << __EOF__ -Xen 4.9 -Release notes -http://wiki.xen.org/wiki/Xen_Project_4.9_Release_Notes -Feature list -http://wiki.xen.org/wiki/Xen_Project_4.9_Feature_List -__EOF__ -} -upgrade_msg_grub_multiboot2() { - cat << __EOF__ -########## -Xen 4.9 can now use grub>=2.02 multiboot2. -If you previously booted using xen.efi, you have an alternative. -If you previously relied on the packaged 09_xen for grub-mkconfig: -It is now removed. -You will need to do the following under grub multiboot2 preparation: -########## -__EOF__ - xen_boot } + post_install() { - install_msg - upgrade_msg - systemd-tmpfiles --create + install_msg + systemd-tmpfiles --create + /usr/share/libalpm/scripts/xen-ucode-extract.sh } post_upgrade() { - if [[ "$2" < 4.9.0 || "$2" == *'4.9.0rc'* ]]; then - upgrade_msg - fi - if [[ "$2" < 4.9.0 || "$2" == *'4.9.0rc'* ]]; then - upgrade_msg_grub_multiboot2 - fi - systemd-tmpfiles --create + systemd-tmpfiles --create + /usr/share/libalpm/scripts/xen-ucode-extract.sh } pre_remove() { - systemctl stop xendomains.service - systemctl stop xen-watchdog.service - systemctl stop xenconsoled.service - systemctl stop xen-init-dom0.service - systemctl stop xen-qemu-dom0-disk-backend.service - - systemctl disable xendomains.service - systemctl disable xen-watchdog.service - systemctl disable xenconsoled.service - systemctl disable xen-init-dom0.service - systemctl disable xen-qemu-dom0-disk-backend.service + systemctl stop xendomains.service + systemctl stop xen-watchdog.service + systemctl stop xenconsoled.service + systemctl stop xen-init-dom0.service + systemctl stop xen-qemu-dom0-disk-backend.service + + systemctl disable xendomains.service + systemctl disable xen-watchdog.service + systemctl disable xenconsoled.service + systemctl disable xen-init-dom0.service + systemctl disable xen-qemu-dom0-disk-backend.service + + echo "Be sure to check boot for auto-generated microcode files." } post_remove() { - cat << __EOF__ -===> IMPORTANT NOTICE: + cat << __EOF__ In order to finish removing Xen, you will need to modify -your bootloader configuration files to load your Linux-libre +your bootloader configuration files to load your Linux kernel instead of Xen kernel. __EOF__ } -- cgit v1.2.3