# Contributor: William Pitcock # Contributor: Roger Pau Monne # Maintainer: William Pitcock pkgname=xen pkgver=4.9.0 pkgrel=1 pkgdesc="Xen hypervisor" url="http://www.xen.org/" arch="x86_64 armhf" license="GPL" depends="bash iproute2 logrotate" depends_dev="libressl-dev python2-dev e2fsprogs-dev gettext zlib-dev ncurses-dev dev86 texinfo perl pciutils-dev glib-dev yajl-dev libnl3-dev spice-dev gnutls-dev curl-dev libaio-dev lzo-dev xz-dev util-linux-dev e2fsprogs-dev linux-headers argp-standalone perl-dev" makedepends="$depends_dev autoconf automake libtool dnsmasq" options="!strip" # secfixes: # 4.7.0-r0: # - CVE-2016-6258 XSA-182 # - CVE-2016-6259 XSA-183 # - CVE-2016-5403 XSA-184 # 4.7.0-r1: # - CVE-2016-7092 XSA-185 # - CVE-2016-7093 XSA-186 # - CVE-2016-7094 XSA-187 # 4.7.0-r5: # - CVE-2016-7777 XSA-190 # 4.7.1-r1: # - CVE-2016-9386 XSA-191 # - CVE-2016-9382 XSA-192 # - CVE-2016-9385 XSA-193 # - CVE-2016-9384 XSA-194 # - CVE-2016-9383 XSA-195 # - CVE-2016-9377 XSA-196 # - CVE-2016-9378 XSA-196 # - CVE-2016-9381 XSA-197 # - CVE-2016-9379 XSA-198 # - CVE-2016-9380 XSA-198 # 4.7.1-r3: # - CVE-2016-9932 XSA-200 # - CVE-2016-9815 XSA-201 # - CVE-2016-9816 XSA-201 # - CVE-2016-9817 XSA-201 # - CVE-2016-9818 XSA-201 # 4.7.1-r4: # - CVE-2016-10024 XSA-202 # - CVE-2016-10025 XSA-203 # - CVE-2016-10013 XSA-204 # 4.7.1-r5: # - XSA-207 # - CVE-2017-2615 XSA-208 # - CVE-2017-2620 XSA-209 # - XSA-210 # 4.7.2-r0: # - CVE-2016-9603 XSA-211 # - CVE-2017-7228 XSA-212 # 4.8.1-r2: # - CVE-2017-8903 XSA-213 # - CVE-2017-8904 XSA-214 # 4.9.0-r0: # - CVE-2017-10911 XSA-216 # - CVE-2017-10912 XSA-217 # - CVE-2017-10913 XSA-218 # - CVE-2017-10914 XSA-218 # - CVE-2017-10915 XSA-219 # - CVE-2017-10916 XSA-220 # - CVE-2017-10917 XSA-221 # - CVE-2017-10918 XSA-222 # - CVE-2017-10919 XSA-223 # - CVE-2017-10920 XSA-224 # - CVE-2017-10921 XSA-224 # - CVE-2017-10922 XSA-224 # - CVE-2017-10923 XSA-225 # 4.9.0-r1: # - CVE-2017-12135 XSA-226 # - CVE-2017-12137 XSA-227 # - CVE-2017-12136 XSA-228 # - CVE-2017-12855 XSA-230 case "$CARCH" in x86*) depends="$depends syslinux" makedepends="$makedepends iasl seabios-bin" ;; arm*) makedepends="$makedepends dtc-dev" ;; esac install="" #if [ "$CARCH" != "armhf" ]; then # subpackages="$pkgname-dbg" #fi subpackages="$subpackages $pkgname-doc $pkgname-dev $pkgname-libs $pkgname-hypervisor $pkgname-bridge" # grep _VERSION= stubdom/configure _ZLIB_VERSION="1.2.3" _LIBPCI_VERSION="2.2.9" _NEWLIB_VERSION="1.16.0" _LWIP_VERSION="1.3.0" _GRUB_VERSION="0.97" _OCAML_VERSION="3.11.0" _GMP_VERSION="4.3.2" _POLARSSL_VERSION="1.1.4" _TPMEMU_VERSION="0.7.4" # grep ^IPXE_GIT_TAG tools/firmware/etherboot/Makefile _IPXE_GIT_TAG=827dd1bfee67daa683935ce65316f7e0f057fe1c source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz http://xenbits.xen.org/xen-extfiles/gmp-$_GMP_VERSION.tar.bz2 http://xenbits.xen.org/xen-extfiles/grub-$_GRUB_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/lwip-$_LWIP_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/newlib-$_NEWLIB_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/pciutils-$_LIBPCI_VERSION.tar.bz2 http://xenbits.xen.org/xen-extfiles/polarssl-$_POLARSSL_VERSION-gpl.tgz http://xenbits.xen.org/xen-extfiles/tpm_emulator-$_TPMEMU_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz xsa226-1.patch xsa226-2.patch xsa227.patch xsa228.patch xsa230.patch qemu-coroutine-gthread.patch qemu-xen_paths.patch hotplug-vif-vtrill.patch rombios-no-pie.patch musl-support.patch musl-hvmloader-fix-stdint.patch stdint_local.h elf_local.h xen-hotplug-lockfd.patch xen-fd-is-file.c xenstore_client_transaction_fix.patch xenqemu-xattr-size-max.patch xenstored.initd xenstored.confd xenconsoled.initd xenconsoled.confd xendomains.initd xendomains.confd xen-consoles.logrotate xenqemu.confd xenqemu.initd " builddir="$srcdir"/$pkgname-$pkgver _seabios=/usr/share/seabios/bios-256k.bin # Override wrong arch detection from xen-$pkgver/Config.mk. case "$CARCH" in armhf) export XEN_TARGET_ARCH="arm32";; esac prepare() { local i _failed= _series= cd "$builddir" for i in $source; do case $i in *-etherboot-*) p=${i%%::*} p=${p##*/} msg "adding to ipxe: $p" cp "$srcdir"/$p tools/firmware/etherboot/patches/ echo "$p" >> tools/firmware/etherboot/patches/series ;; *.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \ || _failed="$_failed $i" ;; */ipxe-git-*) ln -s "$srcdir"/${i##*/} \ tools/firmware/etherboot/ipxe.tar.gz || return 1 ;; */xen-extfiles/*) ln -s "$srcdir"/${i##*/} stubdom/ || return 1 ;; esac done if [ -n "$_failed" ]; then error "Patches failed:" for i in $_failed; do echo $i done return 1 fi # install our stdint_local.h and elf_local.h install "$srcdir"/stdint_local.h "$srcdir"/elf_local.h \ "$builddir"/tools/firmware/ || return 1 ln -s ../firmware/stdint_local.h "$builddir"/tools/libxl/ # remove all -Werror msg "Eradicating -Werror..." find . -name '*.mk' -o -name 'Make*' | xargs sed -i -e 's/-Werror//g' \ || return 1 msg "Updating config.sub..." update_config_sub || return 1 msg "Autoreconf..." autoreconf || return 1 unset CFLAGS unset LDFLAGS } # Unset CFLAGS and LDFLAGS because the xen build system # doesn't support them. Instead use .config in xen root # folder if necessary. munge_cflags() { msg "Munging CFLAGS..." unset CFLAGS unset LDFLAGS unset LANG unset LC_ALL case "$CARCH" in armhf) export CFLAGS="-mcpu=cortex-a15";; esac } # These tasks are added as separate tasks to enable a packager # to invoke specific tasks like building the hypervisor. i.e. # $ abuild configure build_tools configure() { cd "$builddir" msg "Running configure..." ./configure --prefix=/usr \ --build=$CBUILD \ --host=$CHOST \ --with-system-seabios=$_seabios \ || return 1 } build_hypervisor() { munge_cflags msg "Building hypervisor..." make xen || return 1 } build_tools() { munge_cflags msg "Building tools..." make tools || return 1 } build_docs() { munge_cflags msg "Building documentation..." make docs || return 1 } build_stubdom() { munge_cflags msg "Building stub domains..." make stubdom || return 1 } build() { cd "$builddir" configure || return 1 build_hypervisor || return 1 build_tools || return 1 build_docs || return 1 case "$CARCH" in x86*) build_stubdom || return 1;; esac ${CC:-gcc} -o xen-fd-is-file "$srcdir"/xen-fd-is-file.c } package() { cd "$builddir" unset CFLAGS unset LDFLAGS make -j1 DESTDIR="$pkgdir" install-xen install-tools install-docs \ || return 1 case "$CARCH" in x86*) make -j1 DESTDIR="$pkgdir" install-stubdom || return 1;; esac # remove default xencommons rm -rf "$pkgdir"/etc/init.d/xencommons for i in $source; do case $i in *.initd) install -Dm755 "$srcdir"/$i \ "$pkgdir"/etc/init.d/${i%.*};; *.confd) install -Dm644 "$srcdir"/$i \ "$pkgdir"/etc/conf.d/${i%.*};; esac done install -Dm644 "$srcdir"/xen-consoles.logrotate \ "$pkgdir"/etc/xen/xen-consoles.logrotate install -m755 xen-fd-is-file "$pkgdir"/usr/lib/xen/bin/xen-fd-is-file # we need to exclude /usr/share when stripping msg "Stripping binaries" scanelf --recursive --nobanner --etype "ET_DYN,ET_EXEC" "$pkgdir"/usr/lib \ "$pkgdir"/usr/bin \ "$pkgdir"/usr/sbin \ | sed -e 's:^ET_DYN ::' -e 's:^ET_EXEC ::' \ | xargs strip } libs() { pkgdesc="Libraries for Xen tools" replaces="xen" depends= mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/*.so.* \ "$pkgdir"/usr/lib/fs \ "$subpkgdir"/usr/lib/ } hypervisor() { pkgdesc="Xen hypervisor" depends= mkdir -p "$subpkgdir" mv "$pkgdir"/boot "$subpkgdir"/ } bridge() { depends="dnsmasq" pkgdesc="Bridge interface for XEN with dhcp" mkdir -p "$subpkgdir"/etc/conf.d \ "$subpkgdir"/etc/init.d \ "$subpkgdir"/etc/xen ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.xenbr0 cat ->>"$subpkgdir"/etc/conf.d/dnsmasq.xenbr0 <>"$subpkgdir"/etc/xen/dnsmasq.conf <