# Contributor: Roger Pau Monne # Maintainer: Natanael Copa pkgname=xen pkgver=4.14.1 pkgrel=3 pkgdesc="Xen hypervisor" url="https://www.xenproject.org/" arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8 license="GPL-2.0-only" depends="bash iproute2 logrotate" depends_dev=" argp-standalone attr-dev bison curl-dev dev86 e2fsprogs-dev flex gettext glib-dev gnutls-dev libaio-dev libcap-ng-dev libnl3-dev linux-headers lzo-dev ncurses-dev openssl-dev pciutils-dev perl perl-dev python3-dev spice-dev texinfo util-linux-dev xz-dev yajl-dev zlib-dev " makedepends="$depends_dev autoconf automake libtool dnsmasq" options="!strip" # Follow security issues on: https://xenbits.xen.org/xsa/ # secfixes: # 4.7.0-r0: # - CVE-2016-6258 XSA-182 # - CVE-2016-6259 XSA-183 # - CVE-2016-5403 XSA-184 # 4.7.0-r1: # - CVE-2016-7092 XSA-185 # - CVE-2016-7093 XSA-186 # - CVE-2016-7094 XSA-187 # 4.7.0-r5: # - CVE-2016-7777 XSA-190 # 4.7.1-r1: # - CVE-2016-9386 XSA-191 # - CVE-2016-9382 XSA-192 # - CVE-2016-9385 XSA-193 # - CVE-2016-9384 XSA-194 # - CVE-2016-9383 XSA-195 # - CVE-2016-9377 XSA-196 # - CVE-2016-9378 XSA-196 # - CVE-2016-9381 XSA-197 # - CVE-2016-9379 XSA-198 # - CVE-2016-9380 XSA-198 # 4.7.1-r3: # - CVE-2016-9932 XSA-200 # - CVE-2016-9815 XSA-201 # - CVE-2016-9816 XSA-201 # - CVE-2016-9817 XSA-201 # - CVE-2016-9818 XSA-201 # 4.7.1-r4: # - CVE-2016-10024 XSA-202 # - CVE-2016-10025 XSA-203 # - CVE-2016-10013 XSA-204 # 4.7.1-r5: # - XSA-207 # - CVE-2017-2615 XSA-208 # - CVE-2017-2620 XSA-209 # - XSA-210 # 4.7.2-r0: # - CVE-2016-9603 XSA-211 # - CVE-2017-7228 XSA-212 # 4.8.1-r2: # - CVE-2017-8903 XSA-213 # - CVE-2017-8904 XSA-214 # 4.9.0-r0: # - CVE-2017-10911 XSA-216 # - CVE-2017-10912 XSA-217 # - CVE-2017-10913 XSA-218 # - CVE-2017-10914 XSA-218 # - CVE-2017-10915 XSA-219 # - CVE-2017-10916 XSA-220 # - CVE-2017-10917 XSA-221 # - CVE-2017-10918 XSA-222 # - CVE-2017-10919 XSA-223 # - CVE-2017-10920 XSA-224 # - CVE-2017-10921 XSA-224 # - CVE-2017-10922 XSA-224 # - CVE-2017-10923 XSA-225 # 4.9.0-r1: # - CVE-2017-12135 XSA-226 # - CVE-2017-12137 XSA-227 # - CVE-2017-12136 XSA-228 # - CVE-2017-12855 XSA-230 # 4.9.0-r2: # - XSA-235 # 4.9.0-r4: # - CVE-2017-14316 XSA-231 # - CVE-2017-14318 XSA-232 # - CVE-2017-14317 XSA-233 # - CVE-2017-14319 XSA-234 # 4.9.0-r5: # - XSA-245 # 4.9.0-r6: # - CVE-2017-15590 XSA-237 # - XSA-238 # - CVE-2017-15589 XSA-239 # - CVE-2017-15595 XSA-240 # - CVE-2017-15588 XSA-241 # - CVE-2017-15593 XSA-242 # - CVE-2017-15592 XSA-243 # - CVE-2017-15594 XSA-244 # 4.9.0-r7: # - CVE-2017-15597 XSA-236 # 4.9.1-r1: # - XSA-246 # - XSA-247 # 4.10.0-r1: # - XSA-248 # - XSA-249 # - XSA-250 # - XSA-251 # - XSA-253 # - XSA-254 # 4.10.0-r2: # - CVE-2018-7540 XSA-252 # - CVE-2018-7541 XSA-255 # - CVE-2018-7542 XSA-256 # 4.10.1-r0: # - CVE-2018-10472 XSA-258 # - CVE-2018-10471 XSA-259 # 4.10-1-r1: # - CVE-2018-8897 XSA-260 # - CVE-2018-10982 XSA-261 # - CVE-2018-10981 XSA-262 # 4.11.0-r0: # - CVE-2018-3639 XSA-263 # - CVE-2018-128911 XSA-264 # - CVE-2018-12893 XSA-265 # - CVE-2018-12892 XSA-266 # - CVE-2018-3665 XSA-267 # 4.11.1-r0: # - CVE-2018-15469 XSA-268 # - CVE-2018-15468 XSA-269 # - CVE-2018-15470 XSA-272 # - CVE-2018-3620 XSA-273 # - CVE-2018-3646 XSA-273 # - CVE-2018-19961 XSA-275 # - CVE-2018-19962 XSA-275 # - CVE-2018-19963 XSA-276 # - CVE-2018-19964 XSA-277 # - CVE-2018-18883 XSA-278 # - CVE-2018-19965 XSA-279 # - CVE-2018-19966 XSA-280 # - CVE-2018-19967 XSA-282 # 4.12.0-r2: # - CVE-2018-12126 XSA-297 # - CVE-2018-12127 XSA-297 # - CVE-2018-12130 XSA-297 # - CVE-2019-11091 XSA-297 # 4.12.1-r0: # - CVE-2019-17349 CVE-2019-17350 XSA-295 # 4.13.0-r0: # - CVE-2019-18425 XSA-298 # - CVE-2019-18421 XSA-299 # - CVE-2019-18423 XSA-301 # - CVE-2019-18424 XSA-302 # - CVE-2019-18422 XSA-303 # - CVE-2018-12207 XSA-304 # - CVE-2019-11135 XSA-305 # - CVE-2019-19579 XSA-306 # - CVE-2019-19582 XSA-307 # - CVE-2019-19583 XSA-308 # - CVE-2019-19578 XSA-309 # - CVE-2019-19580 XSA-310 # - CVE-2019-19577 XSA-311 # 4.13.0-r3: # - CVE-2020-11740 CVE-2020-11741 XSA-313 # - CVE-2020-11739 XSA-314 # - CVE-2020-11743 XSA-316 # - CVE-2020-11742 XSA-318 # 4.13.1-r0: # - CVE-????-????? XSA-312 # 4.13.1-r3: # - CVE-2020-0543 XSA-320 # 4.13.1-r4: # - CVE-2020-15566 XSA-317 # - CVE-2020-15563 XSA-319 # - CVE-2020-15565 XSA-321 # - CVE-2020-15564 XSA-327 # - CVE-2020-15567 XSA-328 # 4.13.1-r5: # - CVE-2020-14364 XSA-335 # 4.14.0-r1: # - CVE-2020-25602 XSA-333 # - CVE-2020-25598 XSA-334 # - CVE-2020-25604 XSA-336 # - CVE-2020-25595 XSA-337 # - CVE-2020-25597 XSA-338 # - CVE-2020-25596 XSA-339 # - CVE-2020-25603 XSA-340 # - CVE-2020-25600 XSA-342 # - CVE-2020-25599 XSA-343 # - CVE-2020-25601 XSA-344 # 4.14.0-r2: # - CVE-2020-27674 XSA-286 # - CVE-2020-27672 XSA-345 # - CVE-2020-27671 XSA-346 # - CVE-2020-27670 XSA-347 # - CVE-2020-28368 XSA-351 # 4.14.0-r3: # - CVE-2020-29040 XSA-355 # 4.14.1-r0: # - CVE-2020-29480 XSA-115 # - CVE-2020-29481 XSA-322 # - CVE-2020-29482 XSA-323 # - CVE-2020-29484 XSA-324 # - CVE-2020-29483 XSA-325 # - CVE-2020-29485 XSA-330 # - CVE-2020-29566 XSA-348 # - CVE-2020-29486 XSA-352 # - CVE-2020-29479 XSA-353 # - CVE-2020-29567 XSA-356 # - CVE-2020-29570 XSA-358 # - CVE-2020-29571 XSA-359 # 4.14.1-r2: # - CVE-2021-3308 XSA-360 # 4.14.1-r3: # - CVE-2021-26933 XSA-364 case "$CARCH" in x86*) depends="$depends seabios-bin" makedepends="$makedepends iasl" ;; arm*) makedepends="$makedepends dtc-dev" ;; aarch64) makedepends="$makedepends dtc-dev iasl" ;; esac #if [ "$CARCH" != "armhf" ]; then # subpackages="$pkgname-dbg" #fi subpackages="$subpackages $pkgname-doc $pkgname-dev $pkgname-libs $pkgname-hypervisor $pkgname-bridge" # grep _VERSION= stubdom/configure _ZLIB_VERSION="1.2.3" _LIBPCI_VERSION="2.2.9" _NEWLIB_VERSION="1.16.0" _LWIP_VERSION="1.3.0" _GRUB_VERSION="0.97" _GMP_VERSION="4.3.2" _POLARSSL_VERSION="1.1.4" _TPMEMU_VERSION="0.7.4" # grep ^IPXE_GIT_TAG tools/firmware/etherboot/Makefile _IPXE_GIT_TAG=1dd56dbd11082fb622c2ed21cfaced4f47d798a6 source="https://downloads.xenproject.org/release/xen/$pkgver/xen-$pkgver.tar.gz https://xenbits.xen.org/xen-extfiles/gmp-$_GMP_VERSION.tar.bz2 https://xenbits.xen.org/xen-extfiles/grub-$_GRUB_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/lwip-$_LWIP_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/newlib-$_NEWLIB_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/pciutils-$_LIBPCI_VERSION.tar.bz2 https://xenbits.xen.org/xen-extfiles/polarssl-$_POLARSSL_VERSION-gpl.tgz https://xenbits.xen.org/xen-extfiles/tpm_emulator-$_TPMEMU_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz https://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz mini-os-__divmoddi4.patch qemu-xen_paths.patch hotplug-vif-vtrill.patch musl-hvmloader-fix-stdint.patch stdint_local.h elf_local.h xenqemu-xattr-size-max.patch hotplug-Linux-iscsi-block-handle-lun-1.patch xsa360-4.14.patch xsa364.patch qemu-xen-time64.patch gcc10-etherboot-enum.patch xenstored.initd xenstored.confd xenconsoled.initd xenconsoled.confd xendomains.initd xendomains.confd xen-consoles.logrotate xenqemu.confd xenqemu.initd xendriverdomain.initd xen-pci.initd xen-pci.confd " _seabios=/usr/share/seabios/bios-256k.bin # Override wrong arch detection from xen-$pkgver/Config.mk. case "$CARCH" in armhf) export XEN_TARGET_ARCH="arm32";; aarch64) export XEN_TARGET_ARCH="arm64";; esac prepare() { local i _failed='' for i in $source; do case $i in *-etherboot-*) p=${i%%::*} p=${p##*/} msg "adding to ipxe: $p" cp "$srcdir"/$p tools/firmware/etherboot/patches/ echo "$p" >> tools/firmware/etherboot/patches/series ;; *.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \ || _failed="$_failed $i" ;; */ipxe-git-*) ln -s "$srcdir"/${i##*/} \ tools/firmware/etherboot/ipxe.tar.gz ;; */xen-extfiles/*) ln -s "$srcdir"/${i##*/} stubdom/ ;; esac done if [ -n "$_failed" ]; then error "Patches failed:" for i in $_failed; do echo $i done return 1 fi # install our stdint_local.h and elf_local.h install "$srcdir"/stdint_local.h "$srcdir"/elf_local.h \ "$builddir"/tools/firmware/ ln -s ../firmware/stdint_local.h "$builddir"/tools/libxl/ # remove all -Werror msg "Eradicating -Werror..." find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} + msg "Updating config.sub..." update_config_sub msg "Autoreconf..." autoreconf unset CFLAGS unset LDFLAGS } # Unset CFLAGS and LDFLAGS because the xen build system # doesn't support them. Instead use .config in xen root # folder if necessary. munge_cflags() { msg "Munging CFLAGS..." unset CFLAGS unset LDFLAGS unset LANG unset LC_ALL case "$CARCH" in armhf) export CFLAGS="-mcpu=cortex-a15";; aarch64) export CFLAGS="-mcpu=cortex-a53";; esac } # These tasks are added as separate tasks to enable a packager # to invoke specific tasks like building the hypervisor. i.e. # $ abuild configure build_tools configure() { msg "Running configure..." ./configure --prefix=/usr \ --build=$CBUILD \ --host=$CHOST \ --with-system-seabios=$_seabios \ --enable-9pfs \ --disable-golang } build_hypervisor() { munge_cflags msg "Building hypervisor..." make xen } build_tools() { munge_cflags msg "Building tools..." make tools } build_docs() { munge_cflags msg "Building documentation..." make docs } build_stubdom() { munge_cflags msg "Building stub domains..." make stubdom } build() { configure build_hypervisor build_tools build_docs case "$CARCH" in x86*) build_stubdom;; esac } package() { unset CFLAGS unset LDFLAGS make -j1 DESTDIR="$pkgdir" EFI_DIR=/usr/lib/efi install-xen install-tools install-docs case "$CARCH" in x86*) make -j1 DESTDIR="$pkgdir" install-stubdom;; esac # remove default xencommons rm -rf "$pkgdir"/etc/init.d/xencommons # remove default xendriverdomain rm -rf "$pkgdir"/etc/init.d/xendriverdomain for i in $source; do case $i in *.initd) install -Dm755 "$srcdir"/$i \ "$pkgdir"/etc/init.d/${i%.*};; *.confd) install -Dm644 "$srcdir"/$i \ "$pkgdir"/etc/conf.d/${i%.*};; esac done install -Dm644 "$srcdir"/xen-consoles.logrotate \ "$pkgdir"/etc/xen/xen-consoles.logrotate # we need to exclude /usr/share when stripping msg "Stripping binaries" scanelf --recursive --nobanner --etype "ET_DYN,ET_EXEC" "$pkgdir"/usr/lib \ "$pkgdir"/usr/bin \ "$pkgdir"/usr/sbin \ | sed -e 's:^ET_DYN ::' -e 's:^ET_EXEC ::' \ | xargs strip } check() { make test } libs() { pkgdesc="Libraries for Xen tools" replaces="xen" depends= mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/*.so.* \ "$pkgdir"/usr/lib/xenfsimage \ "$subpkgdir"/usr/lib/ } hypervisor() { pkgdesc="Xen hypervisor" depends= mkdir -p "$subpkgdir" mv "$pkgdir"/boot "$subpkgdir"/ if [ -d "$pkgdir"/usr/lib/efi ]; then mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/efi "$subpkgdir"/usr/lib/ fi } bridge() { depends="dnsmasq" pkgdesc="Bridge interface for XEN with dhcp" mkdir -p "$subpkgdir"/etc/conf.d \ "$subpkgdir"/etc/init.d \ "$subpkgdir"/etc/xen ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.xenbr0 cat ->>"$subpkgdir"/etc/conf.d/dnsmasq.xenbr0 <>"$subpkgdir"/etc/xen/dnsmasq.conf <