# Contributor: William Pitcock # Contributor: Roger Pau Monne # Maintainer: William Pitcock pkgname=xen pkgver=4.11.3 pkgrel=1 pkgdesc="Xen hypervisor" url="https://www.xenproject.org/" arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8 license="GPL" depends="bash iproute2 logrotate" depends_dev="openssl-dev python2-dev e2fsprogs-dev gettext zlib-dev ncurses-dev dev86 texinfo perl pciutils-dev glib-dev yajl-dev libnl3-dev spice-dev gnutls-dev curl-dev libaio-dev lzo-dev xz-dev util-linux-dev e2fsprogs-dev linux-headers argp-standalone perl-dev flex bison" makedepends="$depends_dev autoconf automake libtool dnsmasq" options="!strip" # secfixes: # 4.7.0-r0: # - CVE-2016-6258 XSA-182 # - CVE-2016-6259 XSA-183 # - CVE-2016-5403 XSA-184 # 4.7.0-r1: # - CVE-2016-7092 XSA-185 # - CVE-2016-7093 XSA-186 # - CVE-2016-7094 XSA-187 # 4.7.0-r5: # - CVE-2016-7777 XSA-190 # 4.7.1-r1: # - CVE-2016-9386 XSA-191 # - CVE-2016-9382 XSA-192 # - CVE-2016-9385 XSA-193 # - CVE-2016-9384 XSA-194 # - CVE-2016-9383 XSA-195 # - CVE-2016-9377 XSA-196 # - CVE-2016-9378 XSA-196 # - CVE-2016-9381 XSA-197 # - CVE-2016-9379 XSA-198 # - CVE-2016-9380 XSA-198 # 4.7.1-r3: # - CVE-2016-9932 XSA-200 # - CVE-2016-9815 XSA-201 # - CVE-2016-9816 XSA-201 # - CVE-2016-9817 XSA-201 # - CVE-2016-9818 XSA-201 # 4.7.1-r4: # - CVE-2016-10024 XSA-202 # - CVE-2016-10025 XSA-203 # - CVE-2016-10013 XSA-204 # 4.7.1-r5: # - XSA-207 # - CVE-2017-2615 XSA-208 # - CVE-2017-2620 XSA-209 # - XSA-210 # 4.7.2-r0: # - CVE-2016-9603 XSA-211 # - CVE-2017-7228 XSA-212 # 4.8.1-r2: # - CVE-2017-8903 XSA-213 # - CVE-2017-8904 XSA-214 # 4.9.0-r0: # - CVE-2017-10911 XSA-216 # - CVE-2017-10912 XSA-217 # - CVE-2017-10913 XSA-218 # - CVE-2017-10914 XSA-218 # - CVE-2017-10915 XSA-219 # - CVE-2017-10916 XSA-220 # - CVE-2017-10917 XSA-221 # - CVE-2017-10918 XSA-222 # - CVE-2017-10919 XSA-223 # - CVE-2017-10920 XSA-224 # - CVE-2017-10921 XSA-224 # - CVE-2017-10922 XSA-224 # - CVE-2017-10923 XSA-225 # 4.9.0-r1: # - CVE-2017-12135 XSA-226 # - CVE-2017-12137 XSA-227 # - CVE-2017-12136 XSA-228 # - CVE-2017-12855 XSA-230 # 4.9.0-r2: # - XSA-235 # 4.9.0-r4: # - CVE-2017-14316 XSA-231 # - CVE-2017-14318 XSA-232 # - CVE-2017-14317 XSA-233 # - CVE-2017-14319 XSA-234 # 4.9.0-r5: # - XSA-245 # 4.9.0-r6: # - CVE-2017-15590 XSA-237 # - XSA-238 # - CVE-2017-15589 XSA-239 # - CVE-2017-15595 XSA-240 # - CVE-2017-15588 XSA-241 # - CVE-2017-15593 XSA-242 # - CVE-2017-15592 XSA-243 # - CVE-2017-15594 XSA-244 # 4.9.0-r7: # - CVE-2017-15597 XSA-236 # 4.9.1-r1: # - XSA-246 # - XSA-247 # 4.10.0-r1: # - XSA-248 # - XSA-249 # - XSA-250 # - XSA-251 # - XSA-253 # - XSA-254 # 4.10.0-r2: # - CVE-2018-7540 XSA-252 # - CVE-2018-7541 XSA-255 # - CVE-2018-7542 XSA-256 # 4.10.1-r0: # - CVE-2018-10472 XSA-258 # - CVE-2018-10471 XSA-259 # 4.10-1-r1: # - CVE-2018-8897 XSA-260 # - CVE-2018-10982 XSA-261 # - CVE-2018-10981 XSA-262 # 4.11.0-r0: # - CVE-2018-3639 XSA-263 # - CVE-2018-128911 XSA-264 # - CVE-2018-12893 XSA-265 # - CVE-2018-12892 XSA-266 # - CVE-2018-3665 XSA-267 # 4.11.1-r0: # - CVE-2018-15469 XSA-268 # - CVE-2018-15468 XSA-269 # - CVE-2018-15470 XSA-272 # - CVE-2018-3620 XSA-273 # - CVE-2018-3646 XSA-273 # - CVE-2018-19961 XSA-275 # - CVE-2018-19962 XSA-275 # - CVE-2018-19963 XSA-276 # - CVE-2018-19964 XSA-277 # - CVE-2018-18883 XSA-278 # - CVE-2018-19965 XSA-279 # - CVE-2018-19966 XSA-280 # - CVE-2018-19967 XSA-282 # 4.11.1-r2: # - CVE-2018-12126 XSA-297 # - CVE-2018-12127 XSA-297 # - CVE-2018-12130 XSA-297 # - CVE-2019-11091 XSA-297 # 4.11.2-r0: # - CVE-????-????? XSA-284 # - CVE-????-????? XSA-285 # - CVE-????-????? XSA-286 # - CVE-????-????? XSA-287 # - CVE-????-????? XSA-288 # - CVE-????-????? XSA-290 # - CVE-????-????? XSA-291 # - CVE-????-????? XSA-292 # - CVE-????-????? XSA-293 # - CVE-????-????? XSA-294 # - CVE-????-????? XSA-295 # - CVE-????-????? XSA-296 # 4.11.2-r1: # - CVE-2019-18425 XSA-298 # - CVE-2019-18421 XSA-299 # - CVE-2019-18423 XSA-301 # - CVE-2019-18424 XSA-302 # - CVE-2019-18422 XSA-303 # - CVE-2018-12207 XSA-304 # - CVE-2019-11135 XSA-305 # 4.11.3-r0: # - CVE-2019-19579 XSA-306 # 4.11.3-r1: # - CVE-2019-19579 XSA-306 # - CVE-2019-19582 XSA-307 # - CVE-2019-19583 XSA-308 # - CVE-2019-19578 XSA-309 # - CVE-2019-19580 XSA-310 # - CVE-2019-19577 XSA-311 case "$CARCH" in x86*) depends="$depends syslinux" makedepends="$makedepends iasl seabios-bin" ;; arm*) makedepends="$makedepends dtc-dev" ;; aarch64) makedepends="$makedepends dtc-dev iasl" ;; esac install="" #if [ "$CARCH" != "armhf" ]; then # subpackages="$pkgname-dbg" #fi subpackages="$subpackages $pkgname-doc $pkgname-dev $pkgname-libs $pkgname-hypervisor $pkgname-bridge" # grep _VERSION= stubdom/configure _ZLIB_VERSION="1.2.3" _LIBPCI_VERSION="2.2.9" _NEWLIB_VERSION="1.16.0" _LWIP_VERSION="1.3.0" _GRUB_VERSION="0.97" _OCAML_VERSION="4.02.0" _GMP_VERSION="4.3.2" _POLARSSL_VERSION="1.1.4" _TPMEMU_VERSION="0.7.4" # grep ^IPXE_GIT_TAG tools/firmware/etherboot/Makefile _IPXE_GIT_TAG=356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz https://xenbits.xen.org/xen-extfiles/gmp-$_GMP_VERSION.tar.bz2 https://xenbits.xen.org/xen-extfiles/grub-$_GRUB_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/lwip-$_LWIP_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/newlib-$_NEWLIB_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/pciutils-$_LIBPCI_VERSION.tar.bz2 https://xenbits.xen.org/xen-extfiles/polarssl-$_POLARSSL_VERSION-gpl.tgz https://xenbits.xen.org/xen-extfiles/tpm_emulator-$_TPMEMU_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz fuzz-test-x86_emulator_disable_sse_before_including_always_inline.patch tools-update-ipxe-changeset.patch mini-os-__divmoddi4.patch qemu-xen_paths.patch hotplug-vif-vtrill.patch musl-hvmloader-fix-stdint.patch stdint_local.h elf_local.h xen-hotplug-lockfd.patch xen-fd-is-file.c xenstore_client_transaction_fix.patch xenqemu-xattr-size-max.patch hotplug-Linux-iscsi-block-handle-lun-1.patch xsa307.patch xsa308.patch xsa309.patch xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch xsa311-4.11.patch xenstored.initd xenstored.confd xenconsoled.initd xenconsoled.confd xendomains.initd xendomains.confd xen-consoles.logrotate xenqemu.confd xenqemu.initd xendriverdomain.initd xen-pci.initd xen-pci.confd " builddir="$srcdir"/$pkgname-$pkgver _seabios=/usr/share/seabios/bios-256k.bin # Override wrong arch detection from xen-$pkgver/Config.mk. case "$CARCH" in armhf) export XEN_TARGET_ARCH="arm32";; aarch64) export XEN_TARGET_ARCH="arm64";; esac prepare() { local i _failed= _series= cd "$builddir" for i in $source; do case $i in *-etherboot-*) p=${i%%::*} p=${p##*/} msg "adding to ipxe: $p" cp "$srcdir"/$p tools/firmware/etherboot/patches/ echo "$p" >> tools/firmware/etherboot/patches/series ;; *.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \ || _failed="$_failed $i" ;; */ipxe-git-*) ln -s "$srcdir"/${i##*/} \ tools/firmware/etherboot/ipxe.tar.gz || return 1 ;; */xen-extfiles/*) ln -s "$srcdir"/${i##*/} stubdom/ || return 1 ;; esac done if [ -n "$_failed" ]; then error "Patches failed:" for i in $_failed; do echo $i done return 1 fi # install our stdint_local.h and elf_local.h install "$srcdir"/stdint_local.h "$srcdir"/elf_local.h \ "$builddir"/tools/firmware/ || return 1 ln -s ../firmware/stdint_local.h "$builddir"/tools/libxl/ # remove all -Werror msg "Eradicating -Werror..." find . -name '*.mk' -o -name 'Make*' | xargs sed -i -e 's/-Werror//g' \ || return 1 msg "Updating config.sub..." update_config_sub || return 1 msg "Autoreconf..." autoreconf || return 1 unset CFLAGS unset LDFLAGS } # Unset CFLAGS and LDFLAGS because the xen build system # doesn't support them. Instead use .config in xen root # folder if necessary. munge_cflags() { msg "Munging CFLAGS..." unset CFLAGS unset LDFLAGS unset LANG unset LC_ALL case "$CARCH" in armhf) export CFLAGS="-mcpu=cortex-a15";; aarch64) export CFLAGS="-mcpu=cortex-a53";; esac } # These tasks are added as separate tasks to enable a packager # to invoke specific tasks like building the hypervisor. i.e. # $ abuild configure build_tools configure() { cd "$builddir" msg "Running configure..." ./configure --prefix=/usr \ --build=$CBUILD \ --host=$CHOST \ --with-system-seabios=$_seabios \ || return 1 } build_hypervisor() { munge_cflags msg "Building hypervisor..." make xen || return 1 } build_tools() { munge_cflags msg "Building tools..." make tools || return 1 } build_docs() { munge_cflags msg "Building documentation..." make docs } build_stubdom() { munge_cflags msg "Building stub domains..." make stubdom || return 1 } build() { cd "$builddir" configure || return 1 build_hypervisor || return 1 build_tools || return 1 build_docs || return 1 case "$CARCH" in x86*) build_stubdom || return 1;; esac ${CC:-gcc} -o xen-fd-is-file "$srcdir"/xen-fd-is-file.c } package() { cd "$builddir" unset CFLAGS unset LDFLAGS make -j1 DESTDIR="$pkgdir" install-xen install-tools install-docs \ || return 1 case "$CARCH" in x86*) make -j1 DESTDIR="$pkgdir" install-stubdom || return 1;; esac # remove default xencommons rm -rf "$pkgdir"/etc/init.d/xencommons # remove default xendriverdomain rm -rf "$pkgdir"/etc/init.d/xendriverdomain for i in $source; do case $i in *.initd) install -Dm755 "$srcdir"/$i \ "$pkgdir"/etc/init.d/${i%.*};; *.confd) install -Dm644 "$srcdir"/$i \ "$pkgdir"/etc/conf.d/${i%.*};; esac done install -Dm644 "$srcdir"/xen-consoles.logrotate \ "$pkgdir"/etc/xen/xen-consoles.logrotate install -m755 xen-fd-is-file "$pkgdir"/usr/lib/xen/bin/xen-fd-is-file # we need to exclude /usr/share when stripping msg "Stripping binaries" scanelf --recursive --nobanner --etype "ET_DYN,ET_EXEC" "$pkgdir"/usr/lib \ "$pkgdir"/usr/bin \ "$pkgdir"/usr/sbin \ | sed -e 's:^ET_DYN ::' -e 's:^ET_EXEC ::' \ | xargs strip } check() { cd "$builddir" make test } libs() { pkgdesc="Libraries for Xen tools" replaces="xen" depends= mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/*.so.* \ "$pkgdir"/usr/lib/fs \ "$subpkgdir"/usr/lib/ } hypervisor() { pkgdesc="Xen hypervisor" depends= mkdir -p "$subpkgdir" mv "$pkgdir"/boot "$subpkgdir"/ } bridge() { depends="dnsmasq" pkgdesc="Bridge interface for XEN with dhcp" mkdir -p "$subpkgdir"/etc/conf.d \ "$subpkgdir"/etc/init.d \ "$subpkgdir"/etc/xen ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.xenbr0 cat ->>"$subpkgdir"/etc/conf.d/dnsmasq.xenbr0 <>"$subpkgdir"/etc/xen/dnsmasq.conf <