TEST: add files for qubes-builder

Signed-off-by: Krystian Hebel <[email protected]>
TrenchBoot · Oct 29, 2024 · 410bdc8 · 410bdc8
1 parent 6a50fd9
commit 410bdc8
Show file tree

Hide file tree

Showing 5 changed files with 1,146 additions and 0 deletions.
diff --git a/qubesos_0203-xen.efi.build.patch b/qubesos_0203-xen.efi.build.patch
@@ -0,0 +1,27 @@
+From 22a0881b94f0b17d369ce090cbf3cced6366fae5 Mon Sep 17 00:00:00 2001
+From: Fedora developers <[email protected]>
+Date: Mon, 8 Jul 2024 13:35:51 +0200
+Subject: [PATCH] xen.efi.build
+
+---
+ xen/arch/x86/arch.mk | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
+index 4f6c086988dd..0efc664bc919 100644
+--- a/xen/arch/x86/arch.mk
++++ b/xen/arch/x86/arch.mk
+@@ -91,7 +91,9 @@ XEN_BUILD_EFI := $(call if-success,$(CC) $(filter-out -include %/include/xen/con
+                                          -c $(srctree)/$(efi-check).c -o $(efi-check).o,y)
+
+ # Check if the linker supports PE.
+-EFI_LDFLAGS := $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 --enable-long-section-names
++#EFI_LDFLAGS := $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 --enable-long-section-names
++# use a reduced set of options from LDFLAGS
++EFI_LDFLAGS = --as-needed --build-id=sha1 -mi386pep --subsystem=10 --enable-long-section-names
+ LD_PE_check_cmd = $(call ld-option,$(EFI_LDFLAGS) --image-base=0x100000000 -o $(efi-check).efi $(efi-check).o)
+ XEN_BUILD_PE := $(LD_PE_check_cmd)
+
+-- 
+2.44.0
+
diff --git a/qubesos_xen.logrotate b/qubesos_xen.logrotate
@@ -0,0 +1,9 @@
+/var/log/xen/xen-hotplug.log
+/var/log/xen/domain-builder-ng.log
+/var/log/xen/console/*.log{
+    notifempty
+    missingok
+    compress
+    copytruncate
+    su root qubes
+}
diff --git a/qubesos_xen.modules-load.conf b/qubesos_xen.modules-load.conf
@@ -0,0 +1,9 @@
+xen-evtchn
+xen-gntdev
+xen-gntalloc
+xen-blkback
+xen-pciback
+xen-privcmd
+xen-acpi-processor
+# Not used in Qubes dom0
+#xen-netback
diff --git a/qubesos_xen_config b/qubesos_xen_config
@@ -0,0 +1,154 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Xen/x86 4.17.3 Configuration
+#
+CONFIG_CC_IS_GCC=y
+CONFIG_GCC_VERSION=120301
+CONFIG_CLANG_VERSION=0
+CONFIG_LD_IS_GNU=y
+CONFIG_CC_HAS_VISIBILITY_ATTRIBUTE=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_CC_HAS_INDIRECT_THUNK=y
+CONFIG_HAS_AS_CET_SS=y
+CONFIG_HAS_CC_CET_IBT=y
+
+#
+# Architecture Features
+#
+CONFIG_64BIT=y
+CONFIG_NR_CPUS=256
+CONFIG_PV=y
+# CONFIG_PV32 is not set
+# CONFIG_PV_LINEAR_PT is not set
+CONFIG_HVM=y
+CONFIG_XEN_SHSTK=y
+CONFIG_XEN_IBT=y
+# CONFIG_SHADOW_PAGING is not set
+# CONFIG_BIGMEM is not set
+# CONFIG_HVM_FEP is not set
+CONFIG_TBOOT=y
+CONFIG_XEN_ALIGN_DEFAULT=y
+# CONFIG_XEN_ALIGN_2M is not set
+# CONFIG_X2APIC_PHYSICAL is not set
+# CONFIG_X2APIC_CLUSTER is not set
+CONFIG_X2APIC_MIXED=y
+# CONFIG_XEN_GUEST is not set
+# CONFIG_HYPERV_GUEST is not set
+# CONFIG_MEM_PAGING is not set
+# CONFIG_MEM_SHARING is not set
+# end of Architecture Features
+
+#
+# Common Features
+#
+CONFIG_COMPAT=y
+CONFIG_CORE_PARKING=y
+CONFIG_GRANT_TABLE=y
+CONFIG_ALTERNATIVE_CALL=y
+CONFIG_ARCH_MAP_DOMAIN_PAGE=y
+CONFIG_HAS_ALTERNATIVE=y
+CONFIG_HAS_COMPAT=y
+CONFIG_HAS_DIT=y
+CONFIG_HAS_EX_TABLE=y
+CONFIG_HAS_FAST_MULTIPLY=y
+CONFIG_HAS_IOPORTS=y
+CONFIG_HAS_KEXEC=y
+CONFIG_HAS_PDX=y
+CONFIG_HAS_SCHED_GRANULARITY=y
+CONFIG_HAS_UBSAN=y
+CONFIG_MEM_ACCESS_ALWAYS_ON=y
+CONFIG_MEM_ACCESS=y
+CONFIG_NEEDS_LIBELF=y
+CONFIG_NUMA=y
+
+#
+# Speculative hardening
+#
+CONFIG_INDIRECT_THUNK=y
+CONFIG_SPECULATIVE_HARDEN_ARRAY=y
+CONFIG_SPECULATIVE_HARDEN_BRANCH=y
+CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS=y
+CONFIG_SPECULATIVE_HARDEN_LOCK=y
+# end of Speculative hardening
+
+CONFIG_DIT_DEFAULT=y
+CONFIG_HYPFS=y
+CONFIG_HYPFS_CONFIG=y
+CONFIG_IOREQ_SERVER=y
+# CONFIG_KEXEC is not set
+CONFIG_EFI_SET_VIRTUAL_ADDRESS_MAP=y
+CONFIG_XENOPROF=y
+# CONFIG_XSM is not set
+# CONFIG_ARGO is not set
+
+#
+# Schedulers
+#
+CONFIG_SCHED_CREDIT=y
+CONFIG_SCHED_CREDIT2=y
+CONFIG_SCHED_RTDS=y
+# CONFIG_SCHED_ARINC653 is not set
+CONFIG_SCHED_NULL=y
+# CONFIG_SCHED_CREDIT_DEFAULT is not set
+CONFIG_SCHED_CREDIT2_DEFAULT=y
+# CONFIG_SCHED_RTDS_DEFAULT is not set
+# CONFIG_SCHED_NULL_DEFAULT is not set
+CONFIG_SCHED_DEFAULT="credit2"
+# end of Schedulers
+
+CONFIG_CRYPTO=y
+# CONFIG_LIVEPATCH is not set
+# CONFIG_ENFORCE_UNIQUE_SYMBOLS is not set
+CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS=y
+CONFIG_CMDLINE="ept=exec-sp spec-ctrl=unpriv-mmio"
+# CONFIG_CMDLINE_OVERRIDE is not set
+CONFIG_DOM0_MEM="min:1024M,max:4096M"
+# CONFIG_TRACEBUFFER is not set
+# end of Common Features
+
+#
+# Device Drivers
+#
+CONFIG_ACPI=y
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
+CONFIG_ACPI_NUMA=y
+CONFIG_HAS_NS16550=y
+CONFIG_HAS_EHCI=y
+CONFIG_SERIAL_TX_BUFSIZE=16384
+CONFIG_XHCI=y
+CONFIG_HAS_CPUFREQ=y
+CONFIG_HAS_PASSTHROUGH=y
+# CONFIG_IOMMU_QUARANTINE_NONE is not set
+CONFIG_IOMMU_QUARANTINE_BASIC=y
+# CONFIG_IOMMU_QUARANTINE_SCRATCH_PAGE is not set
+CONFIG_HAS_PCI=y
+CONFIG_HAS_PCI_MSI=y
+CONFIG_VIDEO=y
+CONFIG_VGA=y
+CONFIG_HAS_VPCI=y
+# end of Device Drivers
+
+CONFIG_EXPERT=y
+CONFIG_UNSUPPORTED=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+
+#
+# Debugging Options
+#
+# CONFIG_DEBUG is not set
+# CONFIG_CRASH_DEBUG is not set
+CONFIG_GDBSX=y
+CONFIG_DEBUG_INFO=y
+# CONFIG_FRAME_POINTER is not set
+# CONFIG_COVERAGE is not set
+# CONFIG_DEBUG_LOCK_PROFILE is not set
+# CONFIG_DEBUG_LOCKS is not set
+# CONFIG_PERF_COUNTERS is not set
+# CONFIG_VERBOSE_DEBUG is not set
+CONFIG_SCRUB_DEBUG=y
+# CONFIG_UBSAN is not set
+# CONFIG_DEBUG_TRACE is not set
+# CONFIG_XMEM_POOL_POISON is not set
+# end of Debugging Options