# Contributor: Sergei Lukin # Contributor: Valery Kartel # Contributor: Jakub Jirutka # Maintainer: Natanael Copa pkgname=qemu pkgver=2.8.1 pkgrel=1 pkgdesc="QEMU is a generic machine emulator and virtualizer" url="http://qemu.org/" arch="all" license="GPL2 LGPL-2" makedepends=" alsa-lib-dev bison curl-dev flex glib-dev glib-static gnutls-dev gtk+3.0-dev libaio-dev libcap-dev libcap-ng-dev libjpeg-turbo-dev libnfs-dev libpng-dev libssh2-dev libusb-dev linux-headers lzo-dev ncurses-dev paxmark snappy-dev spice-dev texinfo usbredir-dev util-linux-dev vde2-dev xfsprogs-dev zlib-dev " depends="" pkggroups="qemu" install="$pkgname.pre-install $pkgname.post-install" options="suid !strip" # needed for qemu-bridge-helper subpackages="$pkgname-doc $pkgname-guest-agent:guest" _subsystems=" aarch64 alpha arm armeb cris i386 m68k microblaze microblazeel mips mips64 mips64el mipsel mipsn32 mipsn32el or32 ppc ppc64 ppc64abi32 ppc64le s390x sh4 sh4eb sparc sparc32plus sparc64 system-aarch64 system-alpha system-arm system-cris system-i386 system-lm32 system-m68k system-microblaze system-microblazeel system-mips system-mips64 system-mips64el system-mipsel system-moxie system-or32 system-ppc system-ppc64 system-ppcemb system-s390x system-sh4 system-sh4eb system-sparc system-sparc64 system-tricore system-unicore32 system-x86_64 system-xtensa system-xtensaeb x86_64 " for _sub in $_subsystems; do subpackages="$subpackages $pkgname-$_sub:_subsys" done case "$CARCH" in x86) _arch=i386 ;; x86_64) _arch=x86_64 ;; *) _arch="" ;; esac if [ -n "$_arch" ]; then subpackages="$subpackages $pkgname-gtk" gtk() { _subsys system-$_arch-gtk; } fi subpackages="$subpackages $pkgname-img" # -img must be declared the last source="http://wiki.qemu-project.org/download/$pkgname-$pkgver.tar.bz2 0001-elfload-load-PIE-executables-to-right-address.patch 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 0001-linux-user-fix-build-with-musl-on-aarch64.patch musl-F_SHLCK-and-F_EXLCK.patch fix-sigevent-and-sigval_t.patch xattr_size_max.patch ncurses.patch ignore-signals-33-and-64-to-allow-golang-emulation.patch 0001-linux-user-fix-build-with-musl-on-ppc64le.patch $pkgname-guest-agent.confd $pkgname-guest-agent.initd 80-kvm.rules bridge.conf CVE-2016-9102.patch CVE-2017-5525.patch CVE-2017-5552.patch CVE-2017-5578.patch CVE-2017-5579.patch CVE-2017-5856.patch CVE-2017-5857.patch CVE-2017-5898.patch " # secfixes: # 2.8.1-r1: # - CVE-2016-7994 # - CVE-2016-7995 # - CVE-2016-8576 # - CVE-2016-8577 # - CVE-2016-8578 # - CVE-2016-8668 # - CVE-2016-8909 # - CVE-2016-8910 # - CVE-2016-9101 # - CVE-2016-9102 # - CVE-2016-9103 # - CVE-2016-9104 # - CVE-2016-9105 # - CVE-2016-9106 # - CVE-2017-2615 # - CVE-2017-2620 # - CVE-2017-5525 # - CVE-2017-5552 # - CVE-2017-5578 # - CVE-2017-5579 # - CVE-2017-5667 # - CVE-2017-5856 # - CVE-2017-5857 # - CVE-2017-5898 # - CVE-2017-5931 builddir="$srcdir"/$pkgname-$pkgver prepare() { default_prepare || return 1 # apply patches sed -i 's/^VL_LDFLAGS=$/VL_LDFLAGS=-Wl,-z,execheap/' \ Makefile.target } _compile_common() { "$builddir"/configure \ --prefix=/usr \ --localstatedir=/var \ --sysconfdir=/etc \ --libexecdir=/usr/lib/qemu \ --disable-glusterfs \ --disable-debug-info \ --disable-bsd-user \ --disable-werror \ --disable-sdl \ --disable-xen \ --cc="${CC:-gcc}" \ "$@" \ || return 1 make ARFLAGS="rc" || return 1 } _compile_system() { _compile_common \ --audio-drv-list=oss,alsa \ --enable-kvm \ --enable-vde \ --enable-virtfs \ --enable-curl \ --enable-cap-ng \ --enable-linux-aio \ --enable-usb-redir \ --enable-libssh2 \ --enable-vhost-net \ --enable-snappy \ --enable-tpm \ --enable-libnfs \ --enable-lzo \ --enable-docs \ --enable-curses \ --enable-pie \ --disable-linux-user \ "$@" } build() { mkdir -p "$builddir"/build \ "$builddir"/build-user \ "$builddir"/build-gtk cd "$builddir"/build-user _compile_common \ --enable-linux-user \ --disable-system \ --static \ || return 1 cd "$builddir"/build _compile_system \ --enable-vnc \ --enable-vnc-png \ --enable-vnc-jpeg \ --enable-spice \ --enable-guest-agent \ --disable-gtk \ || return 1 # tests fails on x86 # http://lists.gnu.org/archive/html/qemu-devel/2012-11/msg01429.html # http://web.archiveorange.com/archive/v/21oVv8wOfpQGkyy8EK0N # make check || return 1 if [ -n "$_arch" ]; then cd "$builddir"/build-gtk _compile_system \ --enable-gtk \ --with-gtkabi=3.0 \ --disable-vnc \ --disable-spice \ --disable-guest-agent \ --target-list="$_arch-softmmu" \ || return 1 fi } package() { cd "$builddir"/build-user make DESTDIR="$pkgdir" install || return 1 cd "$builddir"/build make DESTDIR="$pkgdir" install || return 1 paxmark -m "$pkgdir"/usr/bin/qemu-system-* || return 1 install -Dm640 -g qemu "$srcdir"/bridge.conf \ "$pkgdir"/etc/qemu/bridge.conf || return 1 install -Dm644 "$srcdir"/80-kvm.rules \ "$pkgdir"/lib/udev/rules.d/80-kvm.rules || return 1 # qemu-bridge-helper needs suid to create tunX devices; # allow only users in the qemu group to run it. chmod 04710 "$pkgdir"/usr/lib/qemu/qemu-bridge-helper || return 1 chgrp qemu "$pkgdir"/usr/lib/qemu/qemu-bridge-helper || return 1 if [ -n "$_arch" ]; then cd "$builddir"/build-gtk install $_arch-softmmu/qemu-system-$_arch \ "$pkgdir"/usr/bin/qemu-system-$_arch-gtk || return 1 fi # Do not install HTML docs. rm "$pkgdir"/usr/share/doc/qemu/*.html } _subsys() { local name=${1:-"${subpkgname#$pkgname-}"} pkgdesc="Qemu ${name/-/ } emulator" options="" depends="" case "$name" in system*) depends="qemu";; esac mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-$name "$subpkgdir"/usr/bin/ } img() { pkgdesc="QEMU command line tool for manipulating disk images" depends="" options="" mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-img \ "$pkgdir"/usr/bin/qemu-io \ "$subpkgdir"/usr/bin/ || return 1 # We exploit the fact that -img subpackage are created last # and check that we done have new systems that belongs in # subpackage. local path= retval=0 for path in "$pkgdir"/usr/bin/qemu-system-*; do if [ -r "$path" ]; then error "Please create a subpackage for ${path##*/}" retval=1 fi done return $retval } guest() { pkgdesc="QEMU guest agent" depends="" options="" mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-ga "$subpkgdir"/usr/bin/ || return 1 install -Dm755 "$srcdir"/$pkgname-guest-agent.initd \ "$subpkgdir"/etc/init.d/$pkgname-guest-agent || return 1 install -Dm644 "$srcdir"/$pkgname-guest-agent.confd \ "$subpkgdir"/etc/conf.d/$pkgname-guest-agent || return 1 } sha512sums="0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda qemu-2.8.1.tar.bz2 405008589cad1c8b609eca004d520bf944366e8525f85a19fc6e283c95b84b6c2429822ba064675823ab69f1406a57377266a65021623d1cd581e7db000134fd 0001-elfload-load-PIE-executables-to-right-address.patch ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 4431dad803156d424a6c9fc74783762590b27fcb3bfadb6b23b149bc9e71c31f139991541aa4e0583c17ac531242dff02ebf4d5a8f9a9a77be757fb30cb65565 0001-linux-user-fix-build-with-musl-on-aarch64.patch 224f5b44da749921e8a821359478c5238d8b6e24a9c0b4c5738c34e82f3062ec4639d495b8b5883d304af4a0d567e38aa6623aac1aa3a7164a5757c036528ac0 musl-F_SHLCK-and-F_EXLCK.patch 5da8114b9bd2e62f0f1f0f73f393fdbd738c5dea827ea60cedffd6f6edd0f5a97489c7148d37a8ec5a148d4e65d75cbefe9353714ee6b6f51a600200133fc914 fix-sigevent-and-sigval_t.patch 4b1e26ba4d53f9f762cbd5cea8ef6f8062d827ae3ae07bc36c5b0c0be4e94fc1856ad2477e8e791b074b8a25d51ed6d0ddd75e605e54600e5dd0799143793ce4 xattr_size_max.patch b6ed02aaf95a9bb30a5f107d35371207967edca058f3ca11348b0b629ea7a9c4baa618db68a3df72199eea6d86d14ced74a5a229d17604cc3f0adedcfeae7a73 ncurses.patch fd178f2913639a0c33199b3880cb17536961f2b3ff171c12b27f4be6bca032d6b88fd16302d09c692bb34883346babef5c44407a6804b20a39a465bb2bc85136 ignore-signals-33-and-64-to-allow-golang-emulation.patch dd7a4616e22d9d6b04c6d81d95d17af0d638645c1aa306306fb0ed3a12b2de0fdd32d55c8142960cf22d3a705695a95f022b34ae18712678722c53cd163a5a32 0001-linux-user-fix-build-with-musl-on-ppc64le.patch d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd 316b40d97587fea717821852859d81039cfdcb276a658bb6e6fb554e321d5856a833ebb3778149c4732cea625bac320b1008d374c88a9aae35c0fb67977c01b7 qemu-guest-agent.initd 9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules 749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf c605c658f6a15467b9c21fb89995497a24ee8093f1c7eb68e17d89cc106dc7f3473195287ab349e822a5a287b08845f817ac9087bc4a8293707a2b9fa8264683 CVE-2016-9102.patch a633ffdbd6eb58b1f091553db7944b72f6c5ea412b82f8162b4ece4b3c98aa550246bb8ab865b24468455f92bbb4908d842e03e84b9fb1fb0f1084a4e6097288 CVE-2017-5525.patch 1a17a4c9c5c2bb724735dade20c196bf90f5ab419b0dc5ca3ce771ac68d493d1f831722fe1aac8636f2c22ebecaa4560693aad98a87bd4e45c9fa529a1549546 CVE-2017-5552.patch 5f104e05e904a1392ca31203f02b7b546aeb91f1a438631c8a5f0fb5c6c051b19d8d0219b2c71aadd5d5404222d5dbc8e80127d2afaea6ed2bf918007d613a8a CVE-2017-5578.patch 74415ea5e6f6bfa787a2515da86c3ead87b0a9694d6adbdd390cbb3be43e1c88b4be4a8891f46bc6af520d3d5582c9ebe70572e2bb78d13c29d5ca12695d33ed CVE-2017-5579.patch 2b051f9d9265f9039e2cfed0bbdc93360f1660ea5b4129ec01f6faa3c1b6b135f5c949ddc26fe05a91a95a3ac558e8844ec292558c1dd66552868cbbc6aa8744 CVE-2017-5856.patch d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 CVE-2017-5857.patch 80f89d75970345fbf6771cb16ed0d48c91c52b6b63ac967b3dbef56c16b654df432fa7ada0549c1b812d3d641f831fe20cb8b0eb52c46b8e73ade2801a563a8d CVE-2017-5898.patch"