1 |
commit: c5d70adc0520a858f4da5cd0d1161e91140f5347 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Feb 19 00:16:24 2019 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Feb 19 00:19:03 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d70adc |
7 |
|
8 |
app-emulation/qemu: fix vulnerability, bug #678302 |
9 |
|
10 |
Take over commit |
11 |
|
12 |
From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001 |
13 |
From: Gerd Hoffmann <kraxel <AT> redhat.com> |
14 |
Date: Tue, 8 Jan 2019 11:23:01 +0100 |
15 |
Subject: [PATCH] i2c-ddc: fix oob read |
16 |
|
17 |
Bug: https://bugs.gentoo.org/678302 |
18 |
Package-Manager: Portage-2.3.60, Repoman-2.3.12 |
19 |
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org> |
20 |
|
21 |
.../qemu/files/qemu-3.1.0-CVE-2019-3812.patch | 33 + |
22 |
app-emulation/qemu/qemu-3.1.0-r1.ebuild | 810 +++++++++++++++++++++ |
23 |
2 files changed, 843 insertions(+) |
24 |
|
25 |
diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch |
26 |
new file mode 100644 |
27 |
index 00000000000..03db9e0a1f2 |
28 |
--- /dev/null |
29 |
+++ b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch |
30 |
@@ -0,0 +1,33 @@ |
31 |
+From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001 |
32 |
+From: Gerd Hoffmann <kraxel@××××××.com> |
33 |
+Date: Tue, 8 Jan 2019 11:23:01 +0100 |
34 |
+Subject: [PATCH] i2c-ddc: fix oob read |
35 |
+MIME-Version: 1.0 |
36 |
+Content-Type: text/plain; charset=UTF-8 |
37 |
+Content-Transfer-Encoding: 8bit |
38 |
+ |
39 |
+Suggested-by: Michael Hanselmann <public@××××××.ch> |
40 |
+Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
41 |
+Reviewed-by: Michael Hanselmann <public@××××××.ch> |
42 |
+Reviewed-by: Philippe Mathieu-Daudé <philmd@××××××.com> |
43 |
+Message-id: 20190108102301.1957-1-kraxel@××××××.com |
44 |
+--- |
45 |
+ hw/i2c/i2c-ddc.c | 2 +- |
46 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
47 |
+ |
48 |
+diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c |
49 |
+index be34fe072c..0a0367ff38 100644 |
50 |
+--- a/hw/i2c/i2c-ddc.c |
51 |
++++ b/hw/i2c/i2c-ddc.c |
52 |
+@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c) |
53 |
+ I2CDDCState *s = I2CDDC(i2c); |
54 |
+ |
55 |
+ int value; |
56 |
+- value = s->edid_blob[s->reg]; |
57 |
++ value = s->edid_blob[s->reg % sizeof(s->edid_blob)]; |
58 |
+ s->reg++; |
59 |
+ return value; |
60 |
+ } |
61 |
+-- |
62 |
+2.19.2 |
63 |
+ |
64 |
|
65 |
diff --git a/app-emulation/qemu/qemu-3.1.0-r1.ebuild b/app-emulation/qemu/qemu-3.1.0-r1.ebuild |
66 |
new file mode 100644 |
67 |
index 00000000000..1a51e555b08 |
68 |
--- /dev/null |
69 |
+++ b/app-emulation/qemu/qemu-3.1.0-r1.ebuild |
70 |
@@ -0,0 +1,810 @@ |
71 |
+# Copyright 1999-2019 Gentoo Authors |
72 |
+# Distributed under the terms of the GNU General Public License v2 |
73 |
+ |
74 |
+EAPI="7" |
75 |
+ |
76 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} ) |
77 |
+PYTHON_REQ_USE="ncurses,readline" |
78 |
+ |
79 |
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN" |
80 |
+ |
81 |
+FIRMWARE_ABI_VERSION="2.11.1-r50" |
82 |
+ |
83 |
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ |
84 |
+ user udev fcaps readme.gentoo-r1 pax-utils l10n |
85 |
+ |
86 |
+if [[ ${PV} = *9999* ]]; then |
87 |
+ EGIT_REPO_URI="git://git.qemu.org/qemu.git" |
88 |
+ inherit git-r3 |
89 |
+ SRC_URI="" |
90 |
+else |
91 |
+ SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz" |
92 |
+ KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" |
93 |
+ |
94 |
+ # Gentoo specific patchsets: |
95 |
+ #SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz" |
96 |
+fi |
97 |
+ |
98 |
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
99 |
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" |
100 |
+ |
101 |
+LICENSE="GPL-2 LGPL-2 BSD-2" |
102 |
+SLOT="0" |
103 |
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug |
104 |
+ +fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux |
105 |
+ kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png |
106 |
+ pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy |
107 |
+ spice ssh static static-user systemtap tci test usb usbredir vde |
108 |
+ +vhost-net virgl virtfs +vnc vte xattr xen xfs" |
109 |
+ |
110 |
+RESTRICT=strip |
111 |
+ |
112 |
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel |
113 |
+ mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x |
114 |
+ sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb" |
115 |
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} |
116 |
+ lm32 moxie tricore unicore32" |
117 |
+IUSE_USER_TARGETS="${COMMON_TARGETS} |
118 |
+ aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus |
119 |
+ tilegx" |
120 |
+ |
121 |
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) |
122 |
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) |
123 |
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}" |
124 |
+ |
125 |
+# Allow no targets to be built so that people can get a tools-only build. |
126 |
+# Block USE flag configurations known to not work. |
127 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE} |
128 |
+ qemu_softmmu_targets_arm? ( fdt ) |
129 |
+ qemu_softmmu_targets_microblaze? ( fdt ) |
130 |
+ qemu_softmmu_targets_mips64el? ( fdt ) |
131 |
+ qemu_softmmu_targets_ppc64? ( fdt ) |
132 |
+ qemu_softmmu_targets_ppc? ( fdt ) |
133 |
+ qemu_softmmu_targets_riscv32? ( fdt ) |
134 |
+ qemu_softmmu_targets_riscv64? ( fdt ) |
135 |
+ static? ( static-user !alsa !gtk !opengl !pulseaudio !snappy ) |
136 |
+ virtfs? ( xattr ) |
137 |
+ vte? ( gtk )" |
138 |
+ |
139 |
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) |
140 |
+# and user/softmmu targets (qemu-*, qemu-system-*). |
141 |
+# |
142 |
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. |
143 |
+# |
144 |
+# The attr lib isn't always linked in (although the USE flag is always |
145 |
+# respected). This is because qemu supports using the C library's API |
146 |
+# when available rather than always using the external library. |
147 |
+ALL_DEPEND=" |
148 |
+ >=dev-libs/glib-2.0[static-libs(+)] |
149 |
+ sys-libs/zlib[static-libs(+)] |
150 |
+ python? ( ${PYTHON_DEPS} ) |
151 |
+ systemtap? ( dev-util/systemtap ) |
152 |
+ xattr? ( sys-apps/attr[static-libs(+)] )" |
153 |
+ |
154 |
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) |
155 |
+# softmmu targets (qemu-system-*). |
156 |
+SOFTMMU_TOOLS_DEPEND=" |
157 |
+ dev-libs/libxml2[static-libs(+)] |
158 |
+ x11-libs/libxkbcommon[static-libs(+)] |
159 |
+ >=x11-libs/pixman-0.28.0[static-libs(+)] |
160 |
+ accessibility? ( |
161 |
+ app-accessibility/brltty[api] |
162 |
+ app-accessibility/brltty[static-libs(+)] |
163 |
+ ) |
164 |
+ aio? ( dev-libs/libaio[static-libs(+)] ) |
165 |
+ alsa? ( >=media-libs/alsa-lib-1.0.13 ) |
166 |
+ bzip2? ( app-arch/bzip2[static-libs(+)] ) |
167 |
+ capstone? ( dev-libs/capstone:= ) |
168 |
+ caps? ( sys-libs/libcap-ng[static-libs(+)] ) |
169 |
+ curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) |
170 |
+ fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] ) |
171 |
+ glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) |
172 |
+ gnutls? ( |
173 |
+ dev-libs/nettle:=[static-libs(+)] |
174 |
+ >=net-libs/gnutls-3.0:=[static-libs(+)] |
175 |
+ ) |
176 |
+ gtk? ( |
177 |
+ x11-libs/gtk+:3 |
178 |
+ vte? ( x11-libs/vte:2.91 ) |
179 |
+ ) |
180 |
+ infiniband? ( |
181 |
+ sys-fabric/libibumad:=[static-libs(+)] |
182 |
+ sys-fabric/libibverbs:=[static-libs(+)] |
183 |
+ sys-fabric/librdmacm:=[static-libs(+)] |
184 |
+ ) |
185 |
+ iscsi? ( net-libs/libiscsi ) |
186 |
+ jpeg? ( virtual/jpeg:0=[static-libs(+)] ) |
187 |
+ lzo? ( dev-libs/lzo:2[static-libs(+)] ) |
188 |
+ ncurses? ( |
189 |
+ sys-libs/ncurses:0=[unicode] |
190 |
+ sys-libs/ncurses:0=[static-libs(+)] |
191 |
+ ) |
192 |
+ nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] ) |
193 |
+ numa? ( sys-process/numactl[static-libs(+)] ) |
194 |
+ opengl? ( |
195 |
+ virtual/opengl |
196 |
+ media-libs/libepoxy[static-libs(+)] |
197 |
+ media-libs/mesa[static-libs(+)] |
198 |
+ media-libs/mesa[egl,gbm] |
199 |
+ ) |
200 |
+ png? ( media-libs/libpng:0=[static-libs(+)] ) |
201 |
+ pulseaudio? ( media-sound/pulseaudio ) |
202 |
+ rbd? ( sys-cluster/ceph[static-libs(+)] ) |
203 |
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) |
204 |
+ sdl? ( |
205 |
+ media-libs/libsdl2[X] |
206 |
+ media-libs/libsdl2[static-libs(+)] |
207 |
+ ) |
208 |
+ seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) |
209 |
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) |
210 |
+ snappy? ( app-arch/snappy:= ) |
211 |
+ spice? ( |
212 |
+ >=app-emulation/spice-protocol-0.12.3 |
213 |
+ >=app-emulation/spice-0.12.0[static-libs(+)] |
214 |
+ ) |
215 |
+ ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) |
216 |
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) |
217 |
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) |
218 |
+ vde? ( net-misc/vde[static-libs(+)] ) |
219 |
+ virgl? ( media-libs/virglrenderer[static-libs(+)] ) |
220 |
+ virtfs? ( sys-libs/libcap ) |
221 |
+ xen? ( app-emulation/xen-tools:= ) |
222 |
+ xfs? ( sys-fs/xfsprogs[static-libs(+)] )" |
223 |
+ |
224 |
+X86_FIRMWARE_DEPEND=" |
225 |
+ pin-upstream-blobs? ( |
226 |
+ ~sys-firmware/edk2-ovmf-2017_p20180211[binary] |
227 |
+ ~sys-firmware/ipxe-1.0.0_p20180211[binary] |
228 |
+ ~sys-firmware/seabios-1.11.0[binary,seavgabios] |
229 |
+ ~sys-firmware/sgabios-0.1_pre8[binary] |
230 |
+ ) |
231 |
+ !pin-upstream-blobs? ( |
232 |
+ sys-firmware/edk2-ovmf |
233 |
+ sys-firmware/ipxe |
234 |
+ >=sys-firmware/seabios-1.10.2[seavgabios] |
235 |
+ sys-firmware/sgabios |
236 |
+ )" |
237 |
+PPC64_FIRMWARE_DEPEND=" |
238 |
+ pin-upstream-blobs? ( |
239 |
+ ~sys-firmware/seabios-1.11.0[binary,seavgabios] |
240 |
+ ) |
241 |
+ !pin-upstream-blobs? ( |
242 |
+ >=sys-firmware/seabios-1.10.2[seavgabios] |
243 |
+ ) |
244 |
+" |
245 |
+ |
246 |
+CDEPEND=" |
247 |
+ !static? ( |
248 |
+ ${ALL_DEPEND//\[static-libs(+)]} |
249 |
+ ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} |
250 |
+ ) |
251 |
+ qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) |
252 |
+ qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) |
253 |
+ qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} ) |
254 |
+" |
255 |
+DEPEND="${CDEPEND} |
256 |
+ ${PYTHON_DEPS} |
257 |
+ dev-lang/perl |
258 |
+ sys-apps/texinfo |
259 |
+ virtual/pkgconfig |
260 |
+ kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) |
261 |
+ gtk? ( nls? ( sys-devel/gettext ) ) |
262 |
+ static? ( |
263 |
+ ${ALL_DEPEND} |
264 |
+ ${SOFTMMU_TOOLS_DEPEND} |
265 |
+ ) |
266 |
+ static-user? ( ${ALL_DEPEND} ) |
267 |
+ test? ( |
268 |
+ dev-libs/glib[utils] |
269 |
+ sys-devel/bc |
270 |
+ )" |
271 |
+RDEPEND="${CDEPEND} |
272 |
+ selinux? ( sec-policy/selinux-qemu )" |
273 |
+ |
274 |
+PATCHES=( |
275 |
+ "${FILESDIR}"/${PN}-2.5.0-cflags.patch |
276 |
+ "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch |
277 |
+ "${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch |
278 |
+ "${FILESDIR}"/${PN}-3.1.0-CVE-2018-20123.patch |
279 |
+ "${FILESDIR}"/${PN}-3.1.0-CVE-2019-3812.patch |
280 |
+ #"${WORKDIR}"/patches |
281 |
+) |
282 |
+ |
283 |
+QA_PREBUILT=" |
284 |
+ usr/share/qemu/hppa-firmware.img |
285 |
+ usr/share/qemu/openbios-ppc |
286 |
+ usr/share/qemu/openbios-sparc64 |
287 |
+ usr/share/qemu/openbios-sparc32 |
288 |
+ usr/share/qemu/palcode-clipper |
289 |
+ usr/share/qemu/s390-ccw.img |
290 |
+ usr/share/qemu/s390-netboot.img |
291 |
+ usr/share/qemu/u-boot.e500" |
292 |
+ |
293 |
+QA_WX_LOAD="usr/bin/qemu-i386 |
294 |
+ usr/bin/qemu-x86_64 |
295 |
+ usr/bin/qemu-alpha |
296 |
+ usr/bin/qemu-arm |
297 |
+ usr/bin/qemu-cris |
298 |
+ usr/bin/qemu-m68k |
299 |
+ usr/bin/qemu-microblaze |
300 |
+ usr/bin/qemu-microblazeel |
301 |
+ usr/bin/qemu-mips |
302 |
+ usr/bin/qemu-mipsel |
303 |
+ usr/bin/qemu-or1k |
304 |
+ usr/bin/qemu-ppc |
305 |
+ usr/bin/qemu-ppc64 |
306 |
+ usr/bin/qemu-ppc64abi32 |
307 |
+ usr/bin/qemu-sh4 |
308 |
+ usr/bin/qemu-sh4eb |
309 |
+ usr/bin/qemu-sparc |
310 |
+ usr/bin/qemu-sparc64 |
311 |
+ usr/bin/qemu-armeb |
312 |
+ usr/bin/qemu-sparc32plus |
313 |
+ usr/bin/qemu-s390x |
314 |
+ usr/bin/qemu-unicore32" |
315 |
+ |
316 |
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the |
317 |
+kernel module loaded before running kvm. The easiest way to ensure that the |
318 |
+kernel module is loaded is to load it on boot. |
319 |
+ For AMD CPUs the module is called 'kvm-amd'. |
320 |
+ For Intel CPUs the module is called 'kvm-intel'. |
321 |
+Please review /etc/conf.d/modules for how to load these. |
322 |
+ |
323 |
+Make sure your user is in the 'kvm' group. Just run |
324 |
+ $ gpasswd -a <USER> kvm |
325 |
+then have <USER> re-login. |
326 |
+ |
327 |
+For brand new installs, the default permissions on /dev/kvm might not let |
328 |
+you access it. You can tell udev to reset ownership/perms: |
329 |
+ $ udevadm trigger -c add /dev/kvm |
330 |
+ |
331 |
+If you want to register binfmt handlers for qemu user targets: |
332 |
+For openrc: |
333 |
+ # rc-update add qemu-binfmt |
334 |
+For systemd: |
335 |
+ # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" |
336 |
+ |
337 |
+pkg_pretend() { |
338 |
+ if use kernel_linux && kernel_is lt 2 6 25; then |
339 |
+ eerror "This version of KVM requres a host kernel of 2.6.25 or higher." |
340 |
+ elif use kernel_linux; then |
341 |
+ if ! linux_config_exists; then |
342 |
+ eerror "Unable to check your kernel for KVM support" |
343 |
+ else |
344 |
+ CONFIG_CHECK="~KVM ~TUN ~BRIDGE" |
345 |
+ ERROR_KVM="You must enable KVM in your kernel to continue" |
346 |
+ ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" |
347 |
+ ERROR_KVM_AMD+=" your kernel configuration." |
348 |
+ ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" |
349 |
+ ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." |
350 |
+ ERROR_TUN="You will need the Universal TUN/TAP driver compiled" |
351 |
+ ERROR_TUN+=" into your kernel or loaded as a module to use the" |
352 |
+ ERROR_TUN+=" virtual network device if using -net tap." |
353 |
+ ERROR_BRIDGE="You will also need support for 802.1d" |
354 |
+ ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." |
355 |
+ use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" |
356 |
+ ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" |
357 |
+ ERROR_VHOST_NET+=" support" |
358 |
+ |
359 |
+ if use amd64 || use x86 || use amd64-linux || use x86-linux; then |
360 |
+ if grep -q AuthenticAMD /proc/cpuinfo; then |
361 |
+ CONFIG_CHECK+=" ~KVM_AMD" |
362 |
+ elif grep -q GenuineIntel /proc/cpuinfo; then |
363 |
+ CONFIG_CHECK+=" ~KVM_INTEL" |
364 |
+ fi |
365 |
+ fi |
366 |
+ |
367 |
+ use python && CONFIG_CHECK+=" ~DEBUG_FS" |
368 |
+ ERROR_DEBUG_FS="debugFS support required for kvm_stat" |
369 |
+ |
370 |
+ # Now do the actual checks setup above |
371 |
+ check_extra_config |
372 |
+ fi |
373 |
+ fi |
374 |
+ |
375 |
+ if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then |
376 |
+ eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" |
377 |
+ eerror "instances are still pointing to it. Please update your" |
378 |
+ eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" |
379 |
+ eerror "and the right system binary (e.g. qemu-system-x86_64)." |
380 |
+ die "update your virt configs to not use qemu-kvm" |
381 |
+ fi |
382 |
+} |
383 |
+ |
384 |
+pkg_setup() { |
385 |
+ enewgroup kvm 78 |
386 |
+} |
387 |
+ |
388 |
+# Sanity check to make sure target lists are kept up-to-date. |
389 |
+check_targets() { |
390 |
+ local var=$1 mak=$2 |
391 |
+ local detected sorted |
392 |
+ |
393 |
+ pushd "${S}"/default-configs >/dev/null || die |
394 |
+ |
395 |
+ # Force C locale until glibc is updated. #564936 |
396 |
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) |
397 |
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) |
398 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
399 |
+ eerror "The ebuild needs to be kept in sync." |
400 |
+ eerror "${var}: ${sorted}" |
401 |
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}" |
402 |
+ die "sync ${var} to the list of targets" |
403 |
+ fi |
404 |
+ |
405 |
+ popd >/dev/null |
406 |
+} |
407 |
+ |
408 |
+handle_locales() { |
409 |
+ # Make sure locale list is kept up-to-date. |
410 |
+ local detected sorted |
411 |
+ detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) |
412 |
+ sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) |
413 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
414 |
+ eerror "The ebuild needs to be kept in sync." |
415 |
+ eerror "PLOCALES: ${sorted}" |
416 |
+ eerror " po/*.po: ${detected}" |
417 |
+ die "sync PLOCALES" |
418 |
+ fi |
419 |
+ |
420 |
+ # Deal with selective install of locales. |
421 |
+ if use nls ; then |
422 |
+ # Delete locales the user does not want. #577814 |
423 |
+ rm_loc() { rm po/$1.po || die; } |
424 |
+ l10n_for_each_disabled_locale_do rm_loc |
425 |
+ else |
426 |
+ # Cheap hack to disable gettext .mo generation. |
427 |
+ rm -f po/*.po |
428 |
+ fi |
429 |
+} |
430 |
+ |
431 |
+src_prepare() { |
432 |
+ check_targets IUSE_SOFTMMU_TARGETS softmmu |
433 |
+ check_targets IUSE_USER_TARGETS linux-user |
434 |
+ |
435 |
+ # Alter target makefiles to accept CFLAGS set via flag-o |
436 |
+ sed -i -r \ |
437 |
+ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ |
438 |
+ Makefile Makefile.target || die |
439 |
+ |
440 |
+ default |
441 |
+ |
442 |
+ # Fix ld and objcopy being called directly |
443 |
+ tc-export AR LD OBJCOPY |
444 |
+ |
445 |
+ # Verbose builds |
446 |
+ MAKEOPTS+=" V=1" |
447 |
+ |
448 |
+ # Run after we've applied all patches. |
449 |
+ handle_locales |
450 |
+ |
451 |
+ # Remove bundled copy of libfdt |
452 |
+ rm -r dtc || die |
453 |
+} |
454 |
+ |
455 |
+## |
456 |
+# configures qemu based on the build directory and the build type |
457 |
+# we are using. |
458 |
+# |
459 |
+qemu_src_configure() { |
460 |
+ debug-print-function ${FUNCNAME} "$@" |
461 |
+ |
462 |
+ local buildtype=$1 |
463 |
+ local builddir="${S}/${buildtype}-build" |
464 |
+ |
465 |
+ mkdir "${builddir}" |
466 |
+ |
467 |
+ local conf_opts=( |
468 |
+ --prefix=/usr |
469 |
+ --sysconfdir=/etc |
470 |
+ --libdir=/usr/$(get_libdir) |
471 |
+ --docdir=/usr/share/doc/${PF}/html |
472 |
+ --disable-bsd-user |
473 |
+ --disable-guest-agent |
474 |
+ --disable-strip |
475 |
+ --disable-werror |
476 |
+ # We support gnutls/nettle for crypto operations. It is possible |
477 |
+ # to use gcrypt when gnutls/nettle are disabled (but not when they |
478 |
+ # are enabled), but it's not really worth the hassle. Disable it |
479 |
+ # all the time to avoid automatically detecting it. #568856 |
480 |
+ --disable-gcrypt |
481 |
+ --python="${PYTHON}" |
482 |
+ --cc="$(tc-getCC)" |
483 |
+ --cxx="$(tc-getCXX)" |
484 |
+ --host-cc="$(tc-getBUILD_CC)" |
485 |
+ $(use_enable debug debug-info) |
486 |
+ $(use_enable debug debug-tcg) |
487 |
+ --enable-docs |
488 |
+ $(use_enable tci tcg-interpreter) |
489 |
+ $(use_enable xattr attr) |
490 |
+ ) |
491 |
+ |
492 |
+ # Disable options not used by user targets. This simplifies building |
493 |
+ # static user targets (USE=static-user) considerably. |
494 |
+ conf_notuser() { |
495 |
+ if [[ ${buildtype} == "user" ]] ; then |
496 |
+ echo "--disable-${2:-$1}" |
497 |
+ else |
498 |
+ use_enable "$@" |
499 |
+ fi |
500 |
+ } |
501 |
+ conf_opts+=( |
502 |
+ --disable-bluez |
503 |
+ $(conf_notuser accessibility brlapi) |
504 |
+ $(conf_notuser aio linux-aio) |
505 |
+ $(conf_notuser bzip2) |
506 |
+ $(conf_notuser capstone) |
507 |
+ $(conf_notuser caps cap-ng) |
508 |
+ $(conf_notuser curl) |
509 |
+ $(conf_notuser fdt) |
510 |
+ $(conf_notuser glusterfs) |
511 |
+ $(conf_notuser gnutls) |
512 |
+ $(conf_notuser gnutls nettle) |
513 |
+ $(conf_notuser gtk) |
514 |
+ $(conf_notuser infiniband rdma) |
515 |
+ $(conf_notuser iscsi libiscsi) |
516 |
+ $(conf_notuser jpeg vnc-jpeg) |
517 |
+ $(conf_notuser kernel_linux kvm) |
518 |
+ $(conf_notuser lzo) |
519 |
+ $(conf_notuser ncurses curses) |
520 |
+ $(conf_notuser nfs libnfs) |
521 |
+ $(conf_notuser numa) |
522 |
+ $(conf_notuser opengl) |
523 |
+ $(conf_notuser png vnc-png) |
524 |
+ $(conf_notuser rbd) |
525 |
+ $(conf_notuser sasl vnc-sasl) |
526 |
+ $(conf_notuser sdl) |
527 |
+ $(conf_notuser seccomp) |
528 |
+ $(conf_notuser smartcard) |
529 |
+ $(conf_notuser snappy) |
530 |
+ $(conf_notuser spice) |
531 |
+ $(conf_notuser ssh libssh2) |
532 |
+ $(conf_notuser usb libusb) |
533 |
+ $(conf_notuser usbredir usb-redir) |
534 |
+ $(conf_notuser vde) |
535 |
+ $(conf_notuser vhost-net) |
536 |
+ $(conf_notuser virgl virglrenderer) |
537 |
+ $(conf_notuser virtfs) |
538 |
+ $(conf_notuser vnc) |
539 |
+ $(conf_notuser vte) |
540 |
+ $(conf_notuser xen) |
541 |
+ $(conf_notuser xen xen-pci-passthrough) |
542 |
+ $(conf_notuser xfs xfsctl) |
543 |
+ ) |
544 |
+ |
545 |
+ if [[ ${buildtype} == "user" ]] ; then |
546 |
+ conf_opts+=( --disable-libxml2 ) |
547 |
+ else |
548 |
+ conf_opts+=( --enable-libxml2 ) |
549 |
+ fi |
550 |
+ |
551 |
+ if [[ ! ${buildtype} == "user" ]] ; then |
552 |
+ # audio options |
553 |
+ local audio_opts="oss" |
554 |
+ use alsa && audio_opts="alsa,${audio_opts}" |
555 |
+ use sdl && audio_opts="sdl,${audio_opts}" |
556 |
+ use pulseaudio && audio_opts="pa,${audio_opts}" |
557 |
+ conf_opts+=( |
558 |
+ --audio-drv-list="${audio_opts}" |
559 |
+ ) |
560 |
+ use sdl && conf_opts+=( --with-sdlabi=2.0 ) |
561 |
+ fi |
562 |
+ |
563 |
+ case ${buildtype} in |
564 |
+ user) |
565 |
+ conf_opts+=( |
566 |
+ --enable-linux-user |
567 |
+ --disable-system |
568 |
+ --disable-blobs |
569 |
+ --disable-tools |
570 |
+ ) |
571 |
+ local static_flag="static-user" |
572 |
+ ;; |
573 |
+ softmmu) |
574 |
+ conf_opts+=( |
575 |
+ --disable-linux-user |
576 |
+ --enable-system |
577 |
+ --disable-tools |
578 |
+ ) |
579 |
+ local static_flag="static" |
580 |
+ ;; |
581 |
+ tools) |
582 |
+ conf_opts+=( |
583 |
+ --disable-linux-user |
584 |
+ --disable-system |
585 |
+ --disable-blobs |
586 |
+ --enable-tools |
587 |
+ ) |
588 |
+ local static_flag="static" |
589 |
+ ;; |
590 |
+ esac |
591 |
+ |
592 |
+ local targets="${buildtype}_targets" |
593 |
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) |
594 |
+ |
595 |
+ # Add support for SystemTAP |
596 |
+ use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) |
597 |
+ |
598 |
+ # We always want to attempt to build with PIE support as it results |
599 |
+ # in a more secure binary. But it doesn't work with static or if |
600 |
+ # the current GCC doesn't have PIE support. |
601 |
+ if use ${static_flag}; then |
602 |
+ conf_opts+=( --static --disable-pie ) |
603 |
+ else |
604 |
+ tc-enables-pie && conf_opts+=( --enable-pie ) |
605 |
+ fi |
606 |
+ |
607 |
+ echo "../configure ${conf_opts[*]}" |
608 |
+ cd "${builddir}" |
609 |
+ ../configure "${conf_opts[@]}" || die "configure failed" |
610 |
+ |
611 |
+ # FreeBSD's kernel does not support QEMU assigning/grabbing |
612 |
+ # host USB devices yet |
613 |
+ use kernel_FreeBSD && \ |
614 |
+ sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak |
615 |
+} |
616 |
+ |
617 |
+src_configure() { |
618 |
+ local target |
619 |
+ |
620 |
+ python_setup |
621 |
+ |
622 |
+ softmmu_targets= softmmu_bins=() |
623 |
+ user_targets= user_bins=() |
624 |
+ |
625 |
+ for target in ${IUSE_SOFTMMU_TARGETS} ; do |
626 |
+ if use "qemu_softmmu_targets_${target}"; then |
627 |
+ softmmu_targets+=",${target}-softmmu" |
628 |
+ softmmu_bins+=( "qemu-system-${target}" ) |
629 |
+ fi |
630 |
+ done |
631 |
+ |
632 |
+ for target in ${IUSE_USER_TARGETS} ; do |
633 |
+ if use "qemu_user_targets_${target}"; then |
634 |
+ user_targets+=",${target}-linux-user" |
635 |
+ user_bins+=( "qemu-${target}" ) |
636 |
+ fi |
637 |
+ done |
638 |
+ |
639 |
+ softmmu_targets=${softmmu_targets#,} |
640 |
+ user_targets=${user_targets#,} |
641 |
+ |
642 |
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" |
643 |
+ [[ -n ${user_targets} ]] && qemu_src_configure "user" |
644 |
+ qemu_src_configure "tools" |
645 |
+} |
646 |
+ |
647 |
+src_compile() { |
648 |
+ if [[ -n ${user_targets} ]]; then |
649 |
+ cd "${S}/user-build" |
650 |
+ default |
651 |
+ fi |
652 |
+ |
653 |
+ if [[ -n ${softmmu_targets} ]]; then |
654 |
+ cd "${S}/softmmu-build" |
655 |
+ default |
656 |
+ fi |
657 |
+ |
658 |
+ cd "${S}/tools-build" |
659 |
+ default |
660 |
+} |
661 |
+ |
662 |
+src_test() { |
663 |
+ if [[ -n ${softmmu_targets} ]]; then |
664 |
+ cd "${S}/softmmu-build" |
665 |
+ pax-mark m */qemu-system-* #515550 |
666 |
+ emake -j1 check |
667 |
+ emake -j1 check-report.html |
668 |
+ fi |
669 |
+} |
670 |
+ |
671 |
+qemu_python_install() { |
672 |
+ python_domodule "${S}/scripts/qmp/qmp.py" |
673 |
+ |
674 |
+ python_doscript "${S}/scripts/kvm/vmxcap" |
675 |
+ python_doscript "${S}/scripts/qmp/qmp-shell" |
676 |
+ python_doscript "${S}/scripts/qmp/qemu-ga-client" |
677 |
+} |
678 |
+ |
679 |
+# Generate binfmt support files. |
680 |
+# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) |
681 |
+# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) |
682 |
+generate_initd() { |
683 |
+ local out="${T}/qemu-binfmt" |
684 |
+ local out_systemd="${T}/qemu.conf" |
685 |
+ local d="${T}/binfmt.d" |
686 |
+ |
687 |
+ einfo "Generating qemu binfmt scripts and configuration files" |
688 |
+ |
689 |
+ # Generate the debian fragments first. |
690 |
+ mkdir -p "${d}" |
691 |
+ "${S}"/scripts/qemu-binfmt-conf.sh \ |
692 |
+ --debian \ |
693 |
+ --exportdir "${d}" \ |
694 |
+ --qemu-path "${EPREFIX}/usr/bin" \ |
695 |
+ || die |
696 |
+ # Then turn the fragments into a shell script we can source. |
697 |
+ sed -E -i \ |
698 |
+ -e 's:^([^ ]+) (.*)$:\1="\2":' \ |
699 |
+ "${d}"/* || die |
700 |
+ |
701 |
+ # Generate the init.d script by assembling the fragments from above. |
702 |
+ local f qcpu package interpreter magic mask |
703 |
+ cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die |
704 |
+ for f in "${d}"/qemu-* ; do |
705 |
+ source "${f}" |
706 |
+ |
707 |
+ # Normalize the cpu logic like we do in the init.d for the native cpu. |
708 |
+ qcpu=${package#qemu-} |
709 |
+ case ${qcpu} in |
710 |
+ arm*) qcpu="arm";; |
711 |
+ mips*) qcpu="mips";; |
712 |
+ ppc*) qcpu="ppc";; |
713 |
+ s390*) qcpu="s390";; |
714 |
+ sh*) qcpu="sh";; |
715 |
+ sparc*) qcpu="sparc";; |
716 |
+ esac |
717 |
+ |
718 |
+ cat <<EOF >>"${out}" |
719 |
+ if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then |
720 |
+ echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register |
721 |
+ fi |
722 |
+EOF |
723 |
+ |
724 |
+ echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" |
725 |
+ |
726 |
+ done |
727 |
+ cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die |
728 |
+} |
729 |
+ |
730 |
+src_install() { |
731 |
+ if [[ -n ${user_targets} ]]; then |
732 |
+ cd "${S}/user-build" |
733 |
+ emake DESTDIR="${ED}" install |
734 |
+ |
735 |
+ # Install binfmt handler init script for user targets. |
736 |
+ generate_initd |
737 |
+ doinitd "${T}/qemu-binfmt" |
738 |
+ |
739 |
+ # Install binfmt/qemu.conf. |
740 |
+ insinto "/usr/share/qemu/binfmt.d" |
741 |
+ doins "${T}/qemu.conf" |
742 |
+ fi |
743 |
+ |
744 |
+ if [[ -n ${softmmu_targets} ]]; then |
745 |
+ cd "${S}/softmmu-build" |
746 |
+ emake DESTDIR="${ED}" install |
747 |
+ |
748 |
+ # This might not exist if the test failed. #512010 |
749 |
+ if [[ -e check-report.html ]]; then |
750 |
+ docinto html |
751 |
+ dodoc check-report.html |
752 |
+ fi |
753 |
+ |
754 |
+ if use kernel_linux; then |
755 |
+ udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules |
756 |
+ fi |
757 |
+ |
758 |
+ if use python; then |
759 |
+ python_foreach_impl qemu_python_install |
760 |
+ fi |
761 |
+ fi |
762 |
+ |
763 |
+ cd "${S}/tools-build" |
764 |
+ emake DESTDIR="${ED}" install |
765 |
+ |
766 |
+ # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 |
767 |
+ pushd "${ED}"/usr/bin >/dev/null |
768 |
+ pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 |
769 |
+ popd >/dev/null |
770 |
+ |
771 |
+ # Install config file example for qemu-bridge-helper |
772 |
+ insinto "/etc/qemu" |
773 |
+ doins "${FILESDIR}/bridge.conf" |
774 |
+ |
775 |
+ cd "${S}" |
776 |
+ dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt |
777 |
+ newdoc pc-bios/README README.pc-bios |
778 |
+ |
779 |
+ if [[ -n ${softmmu_targets} ]]; then |
780 |
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one |
781 |
+ rm "${ED}/usr/share/qemu/bios.bin" |
782 |
+ rm "${ED}/usr/share/qemu/bios-256k.bin" |
783 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
784 |
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin |
785 |
+ dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin |
786 |
+ fi |
787 |
+ |
788 |
+ # Remove vgabios since we're using the seavgabios packaged one |
789 |
+ rm "${ED}/usr/share/qemu/vgabios.bin" |
790 |
+ rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" |
791 |
+ rm "${ED}/usr/share/qemu/vgabios-qxl.bin" |
792 |
+ rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" |
793 |
+ rm "${ED}/usr/share/qemu/vgabios-virtio.bin" |
794 |
+ rm "${ED}/usr/share/qemu/vgabios-vmware.bin" |
795 |
+ # PPC64 loads vgabios-stdvga |
796 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then |
797 |
+ dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin |
798 |
+ dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin |
799 |
+ dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin |
800 |
+ dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin |
801 |
+ dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin |
802 |
+ dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin |
803 |
+ fi |
804 |
+ |
805 |
+ # Remove sgabios since we're using the sgabios packaged one |
806 |
+ rm "${ED}/usr/share/qemu/sgabios.bin" |
807 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
808 |
+ dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin |
809 |
+ fi |
810 |
+ |
811 |
+ # Remove iPXE since we're using the iPXE packaged one |
812 |
+ rm "${ED}"/usr/share/qemu/pxe-*.rom |
813 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
814 |
+ dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom |
815 |
+ dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom |
816 |
+ dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom |
817 |
+ dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom |
818 |
+ dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom |
819 |
+ dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom |
820 |
+ fi |
821 |
+ fi |
822 |
+ |
823 |
+ DISABLE_AUTOFORMATTING=true |
824 |
+ readme.gentoo_create_doc |
825 |
+} |
826 |
+ |
827 |
+firmware_abi_change() { |
828 |
+ local pv |
829 |
+ for pv in ${REPLACING_VERSIONS}; do |
830 |
+ if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then |
831 |
+ return 0 |
832 |
+ fi |
833 |
+ done |
834 |
+ return 1 |
835 |
+} |
836 |
+ |
837 |
+pkg_postinst() { |
838 |
+ if [[ -n ${softmmu_targets} ]] && use kernel_linux; then |
839 |
+ udev_reload |
840 |
+ fi |
841 |
+ |
842 |
+ [[ -f ${D}/usr/libexec/qemu-bridge-helper ]] && \ |
843 |
+ fcaps cap_net_admin /usr/libexec/qemu-bridge-helper |
844 |
+ |
845 |
+ DISABLE_AUTOFORMATTING=true |
846 |
+ readme.gentoo_print_elog |
847 |
+ |
848 |
+ if use pin-upstream-blobs && firmware_abi_change; then |
849 |
+ ewarn "This version of qemu pins new versions of firmware blobs:" |
850 |
+ ewarn " $(best_version sys-firmware/edk2-ovmf)" |
851 |
+ ewarn " $(best_version sys-firmware/ipxe)" |
852 |
+ ewarn " $(best_version sys-firmware/seabios)" |
853 |
+ ewarn " $(best_version sys-firmware/sgabios)" |
854 |
+ ewarn "This might break resume of hibernated guests (started with a different" |
855 |
+ ewarn "firmware version) and live migration to/from qemu versions with different" |
856 |
+ ewarn "firmware. Please (cold) restart all running guests. For functional" |
857 |
+ ewarn "guest migration ensure that all" |
858 |
+ ewarn "hosts run at least" |
859 |
+ ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." |
860 |
+ fi |
861 |
+} |
862 |
+ |
863 |
+pkg_info() { |
864 |
+ echo "Using:" |
865 |
+ echo " $(best_version app-emulation/spice-protocol)" |
866 |
+ echo " $(best_version sys-firmware/edk2-ovmf)" |
867 |
+ if has_version 'sys-firmware/edk2-ovmf[binary]'; then |
868 |
+ echo " USE=binary" |
869 |
+ else |
870 |
+ echo " USE=''" |
871 |
+ fi |
872 |
+ echo " $(best_version sys-firmware/ipxe)" |
873 |
+ echo " $(best_version sys-firmware/seabios)" |
874 |
+ if has_version 'sys-firmware/seabios[binary]'; then |
875 |
+ echo " USE=binary" |
876 |
+ else |
877 |
+ echo " USE=''" |
878 |
+ fi |
879 |
+ echo " $(best_version sys-firmware/sgabios)" |
880 |
+} |