Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Yixun Lan <dlan@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/xen/
Date: Wed, 03 May 2017 01:42:04
Message-Id: 1493775717.2b588317631794ae65bd1eb7580c4c1741cdf3da.dlan@gentoo
1 commit: 2b588317631794ae65bd1eb7580c4c1741cdf3da
2 Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 3 01:40:40 2017 +0000
4 Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
5 CommitDate: Wed May 3 01:41:57 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b588317
7
8 app-emulation/xen: security bump
9
10 Fix XSA-213, 214, 215
11
12 Gentoo-Bug: 615980
13 Package-Manager: Portage-2.3.5, Repoman-2.3.2
14
15 app-emulation/xen/Manifest | 1 +
16 app-emulation/xen/xen-4.7.2-r1.ebuild | 192 ++++++++++++++++++++++++++++++++++
17 app-emulation/xen/xen-4.8.1-r1.ebuild | 192 ++++++++++++++++++++++++++++++++++
18 3 files changed, 385 insertions(+)
19
20 diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
21 index 23f14229412..308b690f4dd 100644
22 --- a/app-emulation/xen/Manifest
23 +++ b/app-emulation/xen/Manifest
24 @@ -8,3 +8,4 @@ DIST xen-4.8.1.tar.gz 22516631 SHA256 1d69153b94561429293015f66463ee17c26404d1c0
25 DIST xen-security-patches-21.tar.xz 6888 SHA256 76e43fb4c41a606cb1a5e56045dedff0ed3c94b535d89a736664965ee4a44699 SHA512 eb889d90630b6a7c4b9785bf8c2db1d83c7878cec3aa125601b38f75f70a965e52aa5003024feec40d35ee940975dfd766eeb806cdcff717991876d50ce0839b WHIRLPOOL 9039cc7410fbb0e36e1ab74d597c7b1075f92e43b9d22bcb198c0594a0802fca50f86a9fa4343cea83a68eacd6acb6fa0ef73fbd20c19a27f5e92c3f32711af8
26 DIST xen-security-patches-24.tar.xz 8848 SHA256 1aa2be3a15771473d3b043ccd703f7893618473a77193feb1703bf552aa777fa SHA512 d9ccee8ad3ffe2e035de9e95bf7ef850f31cf368dd228e62acf867ff6a8948e8c2882e64f341ff3458349f8317185241a40178f30f804edfa51b2b7cf6c6cda0 WHIRLPOOL cd632b7bf95e929f5037be6a16a59d3fcde50e47cc034cc0d44c29bc16c42a9a01c720a4401804fa9df8fa908f4fc8e75f2fcbef3d56381b7dca81d45618e773
27 DIST xen-security-patches-25.tar.xz 9208 SHA256 ceaa520d4d98ab7b6ce5b58c380499372cb513dda0c8236106cdf878385d4458 SHA512 18539c1f42bc95a06f7b06855614fafb4ed7c07a145d9ab90e02954ba405d21fc4c379908e3233ddfb85ccaa04515b261ac4bbf3987ce00e4479158f03edd917 WHIRLPOOL 4cff34c29a5c38e6a5bd0d4f4fe89d8daf944740934b05cd61f4b8a345ddb4d8a8b2de6db27a723154169e3f28d5b34a43eddd08c909cfa3d6d5aee26fcae693
28 +DIST xen-security-patches-26.tar.xz 8276 SHA256 2a21ec429f8952875f7d95f24697600e606326f1a16d5622cee73628cd0401c1 SHA512 f54fc7e720a70258263d29cc482b8269386818ad75792de87b0d0357fdb6af81f2102e5983100db47563435fa28f875a84e8c6d73d44797aadaf0c469d9fb0ec WHIRLPOOL b31667d8415dc1fbcd60160fdbc2fe0ad4de9bd2171fda875f5585b8d7821c4c035b029dbf382abacf4b6be745aeeb708f419fdcabdd86f78ff1c13703802e3f
29
30 diff --git a/app-emulation/xen/xen-4.7.2-r1.ebuild b/app-emulation/xen/xen-4.7.2-r1.ebuild
31 new file mode 100644
32 index 00000000000..b209a889e33
33 --- /dev/null
34 +++ b/app-emulation/xen/xen-4.7.2-r1.ebuild
35 @@ -0,0 +1,192 @@
36 +# Copyright 1999-2017 Gentoo Foundation
37 +# Distributed under the terms of the GNU General Public License v2
38 +
39 +EAPI=5
40 +
41 +PYTHON_COMPAT=( python2_7 )
42 +
43 +inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
44 +
45 +MY_PV=${PV/_/-}
46 +MY_P=${PN}-${PV/_/-}
47 +
48 +if [[ $PV == *9999 ]]; then
49 + inherit git-r3
50 + KEYWORDS="amd64"
51 + EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
52 + SRC_URI=""
53 +else
54 + KEYWORDS="~amd64 ~arm -x86"
55 + UPSTREAM_VER=0
56 + SECURITY_VER=26
57 + GENTOO_VER=
58 +
59 + [[ -n ${UPSTREAM_VER} ]] && \
60 + UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
61 + [[ -n ${SECURITY_VER} ]] && \
62 + SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
63 + [[ -n ${GENTOO_VER} ]] && \
64 + GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
65 + SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
66 + ${UPSTREAM_PATCHSET_URI}
67 + ${SECURITY_PATCHSET_URI}
68 + ${GENTOO_PATCHSET_URI}"
69 +fi
70 +
71 +DESCRIPTION="The Xen virtual machine monitor"
72 +HOMEPAGE="http://xen.org/"
73 +LICENSE="GPL-2"
74 +SLOT="0"
75 +IUSE="custom-cflags debug efi flask"
76 +
77 +DEPEND="${PYTHON_DEPS}
78 + efi? ( >=sys-devel/binutils-2.22[multitarget] )
79 + !efi? ( >=sys-devel/binutils-2.22 )"
80 +RDEPEND=""
81 +PDEPEND="~app-emulation/xen-tools-${PV}"
82 +
83 +# no tests are available for the hypervisor
84 +# prevent the silliness of /usr/lib/debug/usr/lib/debug files
85 +# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
86 +RESTRICT="test splitdebug strip"
87 +
88 +# Approved by QA team in bug #144032
89 +QA_WX_LOAD="boot/xen-syms-${PV}"
90 +
91 +REQUIRED_USE="arm? ( debug )"
92 +
93 +S="${WORKDIR}/${MY_P}"
94 +
95 +pkg_setup() {
96 + python-any-r1_pkg_setup
97 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
98 + if use amd64; then
99 + export XEN_TARGET_ARCH="x86_64"
100 + elif use arm; then
101 + export XEN_TARGET_ARCH="arm32"
102 + elif use arm64; then
103 + export XEN_TARGET_ARCH="arm64"
104 + else
105 + die "Unsupported architecture!"
106 + fi
107 + fi
108 +
109 + if use flask ; then
110 + export "XSM_ENABLE=y"
111 + export "FLASK_ENABLE=y"
112 + fi
113 +}
114 +
115 +src_prepare() {
116 + # Upstream's patchset
117 + if [[ -n ${UPSTREAM_VER} ]]; then
118 + EPATCH_SUFFIX="patch" \
119 + EPATCH_FORCE="yes" \
120 + EPATCH_OPTS="-p1" \
121 + epatch "${WORKDIR}"/patches-upstream
122 + fi
123 +
124 + # Security patchset
125 + if [[ -n ${SECURITY_VER} ]]; then
126 + einfo "Try to apply Xen Security patch set"
127 + # apply main xen patches
128 + # Two parallel systems, both work side by side
129 + # Over time they may concdense into one. This will suffice for now
130 + EPATCH_SUFFIX="patch"
131 + EPATCH_FORCE="yes"
132 +
133 + source "${WORKDIR}"/patches-security/${PV}.conf
134 +
135 + for i in ${XEN_SECURITY_MAIN}; do
136 + epatch "${WORKDIR}"/patches-security/xen/$i
137 + done
138 + fi
139 +
140 + # Gentoo's patchset
141 + if [[ -n ${GENTOO_VER} ]]; then
142 + EPATCH_SUFFIX="patch" \
143 + EPATCH_FORCE="yes" \
144 + epatch "${WORKDIR}"/patches-gentoo
145 + fi
146 +
147 + epatch "${FILESDIR}"/${PN}-4.6-efi.patch
148 +
149 + # Drop .config
150 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
151 +
152 + if use efi; then
153 + export EFI_VENDOR="gentoo"
154 + export EFI_MOUNTPOINT="boot"
155 + fi
156 +
157 + # if the user *really* wants to use their own custom-cflags, let them
158 + if use custom-cflags; then
159 + einfo "User wants their own CFLAGS - removing defaults"
160 + # try and remove all the default custom-cflags
161 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
162 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
163 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
164 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
165 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
166 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
167 + -i {} \; || die "failed to re-set custom-cflags"
168 + fi
169 +
170 + # remove -Werror for gcc-4.6's sake
171 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
172 + xargs sed -i 's/ *-Werror */ /'
173 + # not strictly necessary to fix this
174 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
175 +
176 + # Bug #575868 converted to a sed statement, typo of one char
177 + sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h || die
178 +
179 + epatch_user
180 +}
181 +
182 +src_configure() {
183 + use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
184 +
185 + use debug && myopt="${myopt} debug=y"
186 +
187 + if use custom-cflags; then
188 + filter-flags -fPIE -fstack-protector
189 + replace-flags -O3 -O2
190 + else
191 + unset CFLAGS
192 + unset LDFLAGS
193 + unset ASFLAGS
194 + fi
195 +}
196 +
197 +src_compile() {
198 + # Send raw LDFLAGS so that --as-needed works
199 + emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
200 +}
201 +
202 +src_install() {
203 + local myopt
204 + use debug && myopt="${myopt} debug=y"
205 +
206 + # The 'make install' doesn't 'mkdir -p' the subdirs
207 + if use efi; then
208 + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
209 + fi
210 +
211 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
212 +
213 + # make install likes to throw in some extra EFI bits if it built
214 + use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
215 +}
216 +
217 +pkg_postinst() {
218 + elog "Official Xen Guide and the unoffical wiki page:"
219 + elog " https://wiki.gentoo.org/wiki/Xen"
220 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
221 +
222 + use efi && einfo "The efi executable is installed in boot/efi/gentoo"
223 +
224 + elog "You can optionally block the installation of /boot/xen-syms by an entry"
225 + elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
226 + elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
227 +}
228
229 diff --git a/app-emulation/xen/xen-4.8.1-r1.ebuild b/app-emulation/xen/xen-4.8.1-r1.ebuild
230 new file mode 100644
231 index 00000000000..777573731be
232 --- /dev/null
233 +++ b/app-emulation/xen/xen-4.8.1-r1.ebuild
234 @@ -0,0 +1,192 @@
235 +# Copyright 1999-2017 Gentoo Foundation
236 +# Distributed under the terms of the GNU General Public License v2
237 +
238 +EAPI=5
239 +
240 +PYTHON_COMPAT=( python2_7 )
241 +
242 +inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
243 +
244 +MY_PV=${PV/_/-}
245 +MY_P=${PN}-${PV/_/-}
246 +
247 +if [[ $PV == *9999 ]]; then
248 + inherit git-r3
249 + KEYWORDS=""
250 + EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
251 + SRC_URI=""
252 +else
253 + KEYWORDS="~amd64 ~arm -x86"
254 + UPSTREAM_VER=
255 + SECURITY_VER=26
256 + GENTOO_VER=
257 +
258 + [[ -n ${UPSTREAM_VER} ]] && \
259 + UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
260 + [[ -n ${SECURITY_VER} ]] && \
261 + SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
262 + [[ -n ${GENTOO_VER} ]] && \
263 + GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
264 + SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
265 + ${UPSTREAM_PATCHSET_URI}
266 + ${SECURITY_PATCHSET_URI}
267 + ${GENTOO_PATCHSET_URI}"
268 +fi
269 +
270 +DESCRIPTION="The Xen virtual machine monitor"
271 +HOMEPAGE="http://xen.org/"
272 +LICENSE="GPL-2"
273 +SLOT="0"
274 +IUSE="custom-cflags debug efi flask"
275 +
276 +DEPEND="${PYTHON_DEPS}
277 + efi? ( >=sys-devel/binutils-2.22[multitarget] )
278 + !efi? ( >=sys-devel/binutils-2.22 )"
279 +RDEPEND=""
280 +PDEPEND="~app-emulation/xen-tools-${PV}"
281 +
282 +# no tests are available for the hypervisor
283 +# prevent the silliness of /usr/lib/debug/usr/lib/debug files
284 +# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
285 +RESTRICT="test splitdebug strip"
286 +
287 +# Approved by QA team in bug #144032
288 +QA_WX_LOAD="boot/xen-syms-${PV}"
289 +
290 +REQUIRED_USE="arm? ( debug )"
291 +
292 +S="${WORKDIR}/${MY_P}"
293 +
294 +pkg_setup() {
295 + python-any-r1_pkg_setup
296 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
297 + if use amd64; then
298 + export XEN_TARGET_ARCH="x86_64"
299 + elif use arm; then
300 + export XEN_TARGET_ARCH="arm32"
301 + elif use arm64; then
302 + export XEN_TARGET_ARCH="arm64"
303 + else
304 + die "Unsupported architecture!"
305 + fi
306 + fi
307 +
308 + if use flask ; then
309 + export "XSM_ENABLE=y"
310 + export "FLASK_ENABLE=y"
311 + fi
312 +}
313 +
314 +src_prepare() {
315 + # Upstream's patchset
316 + if [[ -n ${UPSTREAM_VER} ]]; then
317 + EPATCH_SUFFIX="patch" \
318 + EPATCH_FORCE="yes" \
319 + EPATCH_OPTS="-p1" \
320 + epatch "${WORKDIR}"/patches-upstream
321 + fi
322 +
323 + # Security patchset
324 + if [[ -n ${SECURITY_VER} ]]; then
325 + einfo "Try to apply Xen Security patch set"
326 + # apply main xen patches
327 + # Two parallel systems, both work side by side
328 + # Over time they may concdense into one. This will suffice for now
329 + EPATCH_SUFFIX="patch"
330 + EPATCH_FORCE="yes"
331 +
332 + source "${WORKDIR}"/patches-security/${PV}.conf
333 +
334 + for i in ${XEN_SECURITY_MAIN}; do
335 + epatch "${WORKDIR}"/patches-security/xen/$i
336 + done
337 + fi
338 +
339 + # Gentoo's patchset
340 + if [[ -n ${GENTOO_VER} ]]; then
341 + EPATCH_SUFFIX="patch" \
342 + EPATCH_FORCE="yes" \
343 + epatch "${WORKDIR}"/patches-gentoo
344 + fi
345 +
346 + epatch "${FILESDIR}"/${PN}-4.6-efi.patch
347 +
348 + # Drop .config
349 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
350 +
351 + if use efi; then
352 + export EFI_VENDOR="gentoo"
353 + export EFI_MOUNTPOINT="boot"
354 + fi
355 +
356 + # if the user *really* wants to use their own custom-cflags, let them
357 + if use custom-cflags; then
358 + einfo "User wants their own CFLAGS - removing defaults"
359 + # try and remove all the default custom-cflags
360 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
361 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
362 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
363 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
364 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
365 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
366 + -i {} \; || die "failed to re-set custom-cflags"
367 + fi
368 +
369 + # remove -Werror for gcc-4.6's sake
370 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
371 + xargs sed -i 's/ *-Werror */ /'
372 + # not strictly necessary to fix this
373 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
374 +
375 + # Bug #575868 converted to a sed statement, typo of one char
376 + sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h || die
377 +
378 + epatch_user
379 +}
380 +
381 +src_configure() {
382 + use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
383 +
384 + use debug && myopt="${myopt} debug=y"
385 +
386 + if use custom-cflags; then
387 + filter-flags -fPIE -fstack-protector
388 + replace-flags -O3 -O2
389 + else
390 + unset CFLAGS
391 + unset LDFLAGS
392 + unset ASFLAGS
393 + fi
394 +}
395 +
396 +src_compile() {
397 + # Send raw LDFLAGS so that --as-needed works
398 + emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
399 +}
400 +
401 +src_install() {
402 + local myopt
403 + use debug && myopt="${myopt} debug=y"
404 +
405 + # The 'make install' doesn't 'mkdir -p' the subdirs
406 + if use efi; then
407 + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
408 + fi
409 +
410 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
411 +
412 + # make install likes to throw in some extra EFI bits if it built
413 + use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
414 +}
415 +
416 +pkg_postinst() {
417 + elog "Official Xen Guide and the unoffical wiki page:"
418 + elog " https://wiki.gentoo.org/wiki/Xen"
419 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
420 +
421 + use efi && einfo "The efi executable is installed in boot/efi/gentoo"
422 +
423 + elog "You can optionally block the installation of /boot/xen-syms by an entry"
424 + elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
425 + elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
426 +}
Report Message
Find on MARC Find on Google Groups