diff --git a/qubesos_0203-xen.efi.build.patch b/qubesos_0203-xen.efi.build.patch new file mode 100644 index 0000000000..76cc3980e8 --- /dev/null +++ b/qubesos_0203-xen.efi.build.patch @@ -0,0 +1,27 @@ +From 22a0881b94f0b17d369ce090cbf3cced6366fae5 Mon Sep 17 00:00:00 2001 +From: Fedora developers +Date: Mon, 8 Jul 2024 13:35:51 +0200 +Subject: [PATCH] xen.efi.build + +--- + xen/arch/x86/arch.mk | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk +index 4f6c086988dd..0efc664bc919 100644 +--- a/xen/arch/x86/arch.mk ++++ b/xen/arch/x86/arch.mk +@@ -91,7 +91,9 @@ XEN_BUILD_EFI := $(call if-success,$(CC) $(filter-out -include %/include/xen/con + -c $(srctree)/$(efi-check).c -o $(efi-check).o,y) + + # Check if the linker supports PE. +-EFI_LDFLAGS := $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 --enable-long-section-names ++#EFI_LDFLAGS := $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 --enable-long-section-names ++# use a reduced set of options from LDFLAGS ++EFI_LDFLAGS = --as-needed --build-id=sha1 -mi386pep --subsystem=10 --enable-long-section-names + LD_PE_check_cmd = $(call ld-option,$(EFI_LDFLAGS) --image-base=0x100000000 -o $(efi-check).efi $(efi-check).o) + XEN_BUILD_PE := $(LD_PE_check_cmd) + +-- +2.44.0 + diff --git a/qubesos_xen.logrotate b/qubesos_xen.logrotate new file mode 100644 index 0000000000..6bf2ae091a --- /dev/null +++ b/qubesos_xen.logrotate @@ -0,0 +1,9 @@ +/var/log/xen/xen-hotplug.log +/var/log/xen/domain-builder-ng.log +/var/log/xen/console/*.log{ + notifempty + missingok + compress + copytruncate + su root qubes +} diff --git a/qubesos_xen.modules-load.conf b/qubesos_xen.modules-load.conf new file mode 100644 index 0000000000..2585265bff --- /dev/null +++ b/qubesos_xen.modules-load.conf @@ -0,0 +1,9 @@ +xen-evtchn +xen-gntdev +xen-gntalloc +xen-blkback +xen-pciback +xen-privcmd +xen-acpi-processor +# Not used in Qubes dom0 +#xen-netback diff --git a/qubesos_xen_config b/qubesos_xen_config new file mode 100644 index 0000000000..4bebb459df --- /dev/null +++ b/qubesos_xen_config @@ -0,0 +1,154 @@ +# +# Automatically generated file; DO NOT EDIT. +# Xen/x86 4.17.3 Configuration +# +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=120301 +CONFIG_CLANG_VERSION=0 +CONFIG_LD_IS_GNU=y +CONFIG_CC_HAS_VISIBILITY_ATTRIBUTE=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_CC_HAS_INDIRECT_THUNK=y +CONFIG_HAS_AS_CET_SS=y +CONFIG_HAS_CC_CET_IBT=y + +# +# Architecture Features +# +CONFIG_64BIT=y +CONFIG_NR_CPUS=256 +CONFIG_PV=y +# CONFIG_PV32 is not set +# CONFIG_PV_LINEAR_PT is not set +CONFIG_HVM=y +CONFIG_XEN_SHSTK=y +CONFIG_XEN_IBT=y +# CONFIG_SHADOW_PAGING is not set +# CONFIG_BIGMEM is not set +# CONFIG_HVM_FEP is not set +CONFIG_TBOOT=y +CONFIG_XEN_ALIGN_DEFAULT=y +# CONFIG_XEN_ALIGN_2M is not set +# CONFIG_X2APIC_PHYSICAL is not set +# CONFIG_X2APIC_CLUSTER is not set +CONFIG_X2APIC_MIXED=y +# CONFIG_XEN_GUEST is not set +# CONFIG_HYPERV_GUEST is not set +# CONFIG_MEM_PAGING is not set +# CONFIG_MEM_SHARING is not set +# end of Architecture Features + +# +# Common Features +# +CONFIG_COMPAT=y +CONFIG_CORE_PARKING=y +CONFIG_GRANT_TABLE=y +CONFIG_ALTERNATIVE_CALL=y +CONFIG_ARCH_MAP_DOMAIN_PAGE=y +CONFIG_HAS_ALTERNATIVE=y +CONFIG_HAS_COMPAT=y +CONFIG_HAS_DIT=y +CONFIG_HAS_EX_TABLE=y +CONFIG_HAS_FAST_MULTIPLY=y +CONFIG_HAS_IOPORTS=y +CONFIG_HAS_KEXEC=y +CONFIG_HAS_PDX=y +CONFIG_HAS_SCHED_GRANULARITY=y +CONFIG_HAS_UBSAN=y +CONFIG_MEM_ACCESS_ALWAYS_ON=y +CONFIG_MEM_ACCESS=y +CONFIG_NEEDS_LIBELF=y +CONFIG_NUMA=y + +# +# Speculative hardening +# +CONFIG_INDIRECT_THUNK=y +CONFIG_SPECULATIVE_HARDEN_ARRAY=y +CONFIG_SPECULATIVE_HARDEN_BRANCH=y +CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS=y +CONFIG_SPECULATIVE_HARDEN_LOCK=y +# end of Speculative hardening + +CONFIG_DIT_DEFAULT=y +CONFIG_HYPFS=y +CONFIG_HYPFS_CONFIG=y +CONFIG_IOREQ_SERVER=y +# CONFIG_KEXEC is not set +CONFIG_EFI_SET_VIRTUAL_ADDRESS_MAP=y +CONFIG_XENOPROF=y +# CONFIG_XSM is not set +# CONFIG_ARGO is not set + +# +# Schedulers +# +CONFIG_SCHED_CREDIT=y +CONFIG_SCHED_CREDIT2=y +CONFIG_SCHED_RTDS=y +# CONFIG_SCHED_ARINC653 is not set +CONFIG_SCHED_NULL=y +# CONFIG_SCHED_CREDIT_DEFAULT is not set +CONFIG_SCHED_CREDIT2_DEFAULT=y +# CONFIG_SCHED_RTDS_DEFAULT is not set +# CONFIG_SCHED_NULL_DEFAULT is not set +CONFIG_SCHED_DEFAULT="credit2" +# end of Schedulers + +CONFIG_CRYPTO=y +# CONFIG_LIVEPATCH is not set +# CONFIG_ENFORCE_UNIQUE_SYMBOLS is not set +CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS=y +CONFIG_CMDLINE="ept=exec-sp spec-ctrl=unpriv-mmio" +# CONFIG_CMDLINE_OVERRIDE is not set +CONFIG_DOM0_MEM="min:1024M,max:4096M" +# CONFIG_TRACEBUFFER is not set +# end of Common Features + +# +# Device Drivers +# +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ACPI_NUMA=y +CONFIG_HAS_NS16550=y +CONFIG_HAS_EHCI=y +CONFIG_SERIAL_TX_BUFSIZE=16384 +CONFIG_XHCI=y +CONFIG_HAS_CPUFREQ=y +CONFIG_HAS_PASSTHROUGH=y +# CONFIG_IOMMU_QUARANTINE_NONE is not set +CONFIG_IOMMU_QUARANTINE_BASIC=y +# CONFIG_IOMMU_QUARANTINE_SCRATCH_PAGE is not set +CONFIG_HAS_PCI=y +CONFIG_HAS_PCI_MSI=y +CONFIG_VIDEO=y +CONFIG_VGA=y +CONFIG_HAS_VPCI=y +# end of Device Drivers + +CONFIG_EXPERT=y +CONFIG_UNSUPPORTED=y +CONFIG_ARCH_SUPPORTS_INT128=y + +# +# Debugging Options +# +# CONFIG_DEBUG is not set +# CONFIG_CRASH_DEBUG is not set +CONFIG_GDBSX=y +CONFIG_DEBUG_INFO=y +# CONFIG_FRAME_POINTER is not set +# CONFIG_COVERAGE is not set +# CONFIG_DEBUG_LOCK_PROFILE is not set +# CONFIG_DEBUG_LOCKS is not set +# CONFIG_PERF_COUNTERS is not set +# CONFIG_VERBOSE_DEBUG is not set +CONFIG_SCRUB_DEBUG=y +# CONFIG_UBSAN is not set +# CONFIG_DEBUG_TRACE is not set +# CONFIG_XMEM_POOL_POISON is not set +# end of Debugging Options diff --git a/vmm-xen.spec.in b/vmm-xen.spec.in new file mode 100644 index 0000000000..7b8f6a777d --- /dev/null +++ b/vmm-xen.spec.in @@ -0,0 +1,947 @@ +# Build ocaml bits unless rpmbuild was run with --without ocaml +# or ocamlopt is missing (the xen makefile doesn't build ocaml bits if it isn't there) +%define with_ocaml 0 +%define build_ocaml 0 +# Build with docs unless rpmbuild was run with --without docs +%define build_docs %{?_without_docs: 0} %{?!_without_docs: 1} +# Build without stubdom unless rpmbuild was run with --with stubdom +%define build_stubdom %{?_with_stubdom: 1} %{?!_with_stubdom: 0} +# Build without qemu-traditional unless rpmbuild was run with --with qemutrad +%define build_qemutrad %{?_with_qemutrad: 1} %{?!_with_qemutrad: 0} +# build with ovmf from edk2-ovmf unless rpmbuild was run with --without ovmf +%define build_ovmf %{?_without_ovmf: 0} %{?!_without_ovmf: 1} +# set to 0 for archs that don't use qemu or ovmf (reduces build dependencies) +%ifnarch x86_64 %{ix86} +%define build_qemutrad 0 +%define build_ovmf 0 +%endif +%if ! %build_qemutrad +%define build_stubdom 0 +%endif +# Build with xen hypervisor unless rpmbuild was run with --without hyp +%define build_hyp %{?_without_hyp: 0} %{?!_without_hyp: 1} +# build xsm support unless rpmbuild was run with --without xsm +# or required packages are missing +%define with_xsm 0 +%define build_xsm 0 +# cross compile 64-bit hypervisor on ix86 unless rpmbuild was run +# with --without crosshyp +%define build_crosshyp %{?_without_crosshyp: 0} %{?!_without_crosshyp: 1} +%ifnarch %{ix86} +%define build_crosshyp 0 +%else +%if ! %build_crosshyp +%define build_hyp 0 +%endif +%endif +# no point in trying to build xsm on ix86 without a hypervisor +%if ! %build_hyp +%define build_xsm 0 +%endif +# build an efi boot image (where supported) unless rpmbuild was run with +# --without efi +%define build_efi 1 +# xen only supports efi boot images on x86_64 or aarch64 +# i686 builds a x86_64 hypervisor so add that as well +%ifnarch x86_64 aarch64 %{ix86} +%define build_efi 0 +%endif +%if "%dist" >= ".fc20" +%define with_systemd_presets 1 +%else +%define with_systemd_presets 0 +%endif + +# workaround for https://bugzilla.redhat.com/1671883 (dwz leaving temp files of +# hardlinked sources) +%define _unpackaged_files_terminate_build 0 + +# xen.efi.elf doesn't have proper build-id +%define _missing_build_ids_terminate_build 0 + +# Hypervisor ABI +%define hv_abi 4.19 + +%define upstream_version @VERSION@ +%define rctag %(echo @VERSION@ | sed -n -e 's/.*-\\(rc[0-9]*\\).*/0.\\1./;/rc/p') + +Summary: Xen is a virtual machine monitor +Name: xen +Version: %(echo @VERSION@ | sed 's/-rc.*//') +Release: %{?rctag}@REL@%{?dist} +Epoch: 2001 +License: GPLv2+ and LGPLv2+ and BSD +URL: http://xen.org/ +Source0: %{name}-%{version}.tar.gz +Source4: qubesos_xen_config +Source2: qubesos_xen.logrotate +Source3: qubesos_xen.modules-load.conf +Provides: xen-gvt + +# This fixes building .efi file. While it isn't used (even on UEFI) in the final +# system, keep it to create RPMs similar to the original ones. +Patch0203: qubesos_0203-xen.efi.build.patch + +%if %build_qemutrad +BuildRequires: libidn-devel zlib-devel SDL-devel curl-devel +BuildRequires: libX11-devel gtk2-devel libaio-devel +%endif +# build using Fedora seabios and ipxe packages for roms +BuildRequires: seabios-bin ipxe-roms-qemu +%ifarch %{ix86} x86_64 +# for the VMX "bios" +BuildRequires: dev86 +%endif +BuildRequires: python%{python3_pkgversion}-devel ncurses-devel python%{python3_pkgversion}-setuptools +BuildRequires: perl-interpreter perl-generators +# BEGIN QUBES SPECIFIC PART +BuildRequires: autoconf +BuildRequires: automake +# END QUBES SPECIFIC PART +BuildRequires: gettext +BuildRequires: zlib-devel +# Several tools now use uuid +BuildRequires: libuuid-devel +# iasl needed to build hvmloader +BuildRequires: acpica-tools +# modern compressed kernels +BuildRequires: bzip2-devel xz-devel libzstd-devel +# BEGIN QUBES SPECIFIC PART +## libfsimage +#BuildRequires: e2fsprogs-devel +# tools now require yajl and wget +BuildRequires: yajl-devel +# END QUBES SPECIFIC PART +# remus support now needs libnl3 +BuildRequires: libnl3-devel +%if %with_xsm +# xsm policy file needs needs checkpolicy and m4 +BuildRequires: checkpolicy m4 +%endif +%if %build_crosshyp +# cross compiler for building 64-bit hypervisor on ix86 +BuildRequires: gcc-x86_64-linux-gnu +%endif +BuildRequires: gcc make +Requires: iproute +Requires: python%{python3_pkgversion}-lxml +Requires: xen-runtime = %{epoch}:%{version}-%{release} +# Not strictly a dependency, but kpartx is by far the most useful tool right +# now for accessing domU data from within a dom0 so bring it in when the user +# installs xen. +Requires: kpartx +ExclusiveArch: x86_64 aarch64 +#ExclusiveArch: %#{ix86} x86_64 ia64 noarch +%if %with_ocaml +BuildRequires: ocaml, ocaml-findlib +BuildRequires: perl(Data::Dumper) +%endif +%if %with_systemd_presets +Requires(post): systemd +Requires(preun): systemd +BuildRequires: systemd +%endif +BuildRequires: systemd-devel +%ifarch armv7hl aarch64 +BuildRequires: libfdt-devel +%endif +%if %build_ovmf +BuildRequires: edk2-ovmf +%endif +%if %build_hyp +BuildRequires: bison flex +%endif + +%description +This package contains the XenD daemon and xm command line +tools, needed to manage virtual machines running under the +Xen hypervisor + +# BEGIN QUBES SPECIFIC PART +%package -n python%{python3_pkgversion}-%{name} +Summary: python%{python3_pkgversion} bindings for Xen tools +Group: Development/Libraries +Requires: xen-libs = %{epoch}:%{version}-%{release} +Requires: python%{python3_pkgversion} +%{?python_provide:%python_provide python%{python3_pkgversion}-%{name}} + +%description -n python%{python3_pkgversion}-%{name} +This package contains python%{python3_pkgversion} bindings to Xen tools. Especially xen.lowlevel.xs +and xen.lowlevel.xc modules. +# END QUBES SPECIFIC PART + +%package libs +Summary: Libraries for Xen tools +Requires: xen-licenses +# BEGIN QUBES SPECIFIC PART +Provides: xen-gvt-libs +# toolstack <-> stubdomain API change +Conflicts: xen-hvm-stubdom-linux < 1.2.5 +Conflicts: xen-hvm-stubdom-linux-full < 1.2.5 +# libxl ABI change +Conflicts: libvirt-daemon-driver-libxl < 1000:6.6.0-7 +# END QUBES SPECIFIC PART + +%description libs +This package contains the libraries needed to run applications +which manage Xen virtual machines. + + +%package runtime +Summary: Core Xen runtime environment +Requires: xen-libs = %{epoch}:%{version}-%{release} +#Requires: /usr/bin/qemu-img /usr/bin/qemu-nbd +Requires: /usr/bin/qemu-img +# Ensure we at least have a suitable kernel installed, though we can't +# force user to actually boot it. +Requires: xen-hypervisor-abi = %{hv_abi} +# BEGIN QUBES SPECIFIC PART +# perl is used in /etc/xen/scripts/locking.sh +# Recommends: perl +%ifnarch armv7hl aarch64 +# use /usr/bin/qemu-system-i386 in Fedora instead of qemu-xen +#Recommends: qemu-system-x86-core +# rom file for qemu-xen-traditional +Recommends: ipxe-roms-qemu +%endif +Requires: seabios-bin +# END QUBES SPECIFIC PART + +%description runtime +This package contains the runtime programs and daemons which +form the core Xen userspace environment. + + +%package hypervisor +Summary: Libraries for Xen tools +Provides: xen-hypervisor-abi = %{hv_abi} +Requires: xen-licenses +%if %build_hyp +%ifarch %{ix86} +Recommends: grub2-pc-modules +%endif +%ifarch x86_64 +# BEGIN QUBES SPECIFIC PART +#Recommends: grub2-pc-modules grub2-efi-x64-modules +# END QUBES SPECIFIC PART +%endif +%endif + +%description hypervisor +This package contains the Xen hypervisor + + +%if %build_docs +%package doc +Summary: Xen documentation +BuildArch: noarch +Requires: xen-licenses +# for the docs +BuildRequires: perl(Pod::Man) perl(Pod::Text) perl(File::Find) +BuildRequires: transfig pandoc perl(Pod::Html) + +%description doc +This package contains the Xen documentation. +%endif + + +%package devel +Summary: Development libraries for Xen tools +Requires: xen-libs = %{epoch}:%{version}-%{release} +Requires: libuuid-devel + +%description devel +This package contains what's needed to develop applications +which manage Xen virtual machines. + + +%package licenses +Summary: License files from Xen source + +%description licenses +This package contains the license files from the source used +to build the xen packages. + + +%if %build_ocaml +%package ocaml +Summary: Ocaml libraries for Xen tools +Requires: ocaml-runtime, xen-libs = %{epoch}:%{version}-%{release} + +%description ocaml +This package contains libraries for ocaml tools to manage Xen +virtual machines. + + +%package ocaml-devel +Summary: Ocaml development libraries for Xen tools +Requires: xen-ocaml = %{epoch}:%{version}-%{release} + +%description ocaml-devel +This package contains libraries for developing ocaml tools to +manage Xen virtual machines. +%endif + +%prep +%autosetup -p1 -n %{name}-%{upstream_version} + +# copy xen hypervisor .config file to change settings +cp -v %{SOURCE4} xen/.config + + +%build +# This package calls binutils components directly and would need to pass +# in flags to enable the LTO plugins +# Disable LTO +%define _lto_cflags %{nil} + +%if !%build_ocaml +%define ocaml_flags OCAML_TOOLS=n +%endif +%if %build_efi +%define efi_flags EFI_VENDOR=qubes +mkdir -p dist/install/boot/efi/efi/qubes +%endif +%if %build_ocaml +mkdir -p dist/install%{_libdir}/ocaml/stublibs +%endif +# BEGIN QUBES SPECIFIC PART +EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS $LDFLAGS" +%if 0%{?fedora} >= 37 +EXTRA_CFLAGS_XEN_TOOLS="$EXTRA_CFLAGS_XEN_TOOLS -Wno-error=use-after-free" +%endif +export EXTRA_CFLAGS_XEN_TOOLS +# END QUBES SPECIFIC PART +export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" +export PYTHON="%{__python3}" +export LDFLAGS_SAVE=`echo $LDFLAGS | sed -e 's/-Wl,//g' -e 's/,/ /g' -e 's? -specs=[-a-z/0-9]*??g'` +export CFLAGS_SAVE="$CFLAGS" +%if %build_qemutrad +CONFIG_EXTRA="--enable-qemu-traditional" +%else +CONFIG_EXTRA="" +%endif +%if %build_ovmf +CONFIG_EXTRA="$CONFIG_EXTRA --with-system-ovmf=%{_libexecdir}/%{name}/boot/ovmf.bin" +%endif +%ifnarch armv7hl aarch64 +CONFIG_EXTRA="$CONFIG_EXTRA --with-system-ipxe=/usr/share/ipxe/10ec8139.rom" +%endif +%if %(test -f /usr/share/seabios/bios-256k.bin && echo 1|| echo 0) +CONFIG_EXTRA="$CONFIG_EXTRA --with-system-seabios=/usr/share/seabios/bios-256k.bin" +%else +CONFIG_EXTRA="$CONFIG_EXTRA --disable-seabios" +%endif +./configure --prefix=%{_prefix} --libdir=%{_libdir} --libexecdir=%{_libexecdir} --with-system-qemu=/usr/bin/qemu-system-i386 --with-linux-backend-modules="xen-evtchn xen-gntdev xen-gntalloc xen-blkback xen-netback xen-pciback xen-scsiback xen-acpi-processor" --enable-systemd --disable-pygrub $CONFIG_EXTRA +unset CFLAGS CXXFLAGS FFLAGS LDFLAGS +export LDFLAGS="$LDFLAGS_SAVE" +export CFLAGS="$CFLAGS_SAVE -Wno-error=address" + +%if %build_hyp +# QUBES SPECIFIC LINE +export CFLAGS=`echo $CFLAGS | sed -e 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g'` +%if %build_crosshyp +export CFLAGS=`echo $CFLAGS | sed -e 's/-m32//g' -e 's/-march=i686//g' 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g'` +XEN_TARGET_ARCH=x86_64 %make_build %{?efi_flags} prefix=/usr xen CC="/usr/bin/x86_64-linux-gnu-gcc" +%else +%ifarch armv7hl +export CFLAGS=`echo $CFLAGS | sed -e 's/-mfloat-abi=hard//g' -e 's/-march=armv7-a//g'` +%endif +# armv7hl aarch64 or x86_64 +%make_build %{?efi_flags} prefix=/usr xen +%endif +%endif +unset CFLAGS CXXFLAGS FFLAGS LDFLAGS + +# BEGIN QUBES SPECIFIC PART +%ifnarch armv7hl aarch64 +#CONFIG_EXTRA="$CONFIG_EXTRA --with-system-ipxe=/usr/share/ipxe" +CONFIG_EXTRA="$CONFIG_EXTRA --disable-ipxe --disable-rombios" +CONFIG_EXTRA="$CONFIG_EXTRA --disable-pvshim" +%endif +CONFIG_EXTRA="$CONFIG_EXTRA --with-system-qemu=/usr/bin/qemu-system-x86_64" +export PATH="/usr/bin:$PATH" +autoreconf -i +# END QUBES SPECIFIC PART + +%make_build %{?ocaml_flags} prefix=/usr tools +%if %build_docs +make prefix=/usr docs +%endif +export RPM_OPT_FLAGS_RED=`echo $RPM_OPT_FLAGS | sed -e 's/-m64//g' -e 's/--param=ssp-buffer-size=4//g' -e's/-fstack-protector-strong//'` +%ifarch %{ix86} +export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS_RED" +%endif +%if %build_stubdom +%ifnarch armv7hl aarch64 +make mini-os-dir +make -C stubdom build +%endif +%ifarch x86_64 +export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS_RED" +XEN_TARGET_ARCH=x86_32 make -C stubdom pv-grub-if-enabled +%endif +%endif + + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot} +cp -prlP dist/install/* %{buildroot} +%if %build_stubdom +%ifnarch armv7hl aarch64 +make DESTDIR=%{buildroot} %{?ocaml_flags} prefix=/usr install-stubdom +%endif +%endif +%if %build_efi +# BEGIN QUBES SPECIFIC PART +mkdir -p %{buildroot}/boot/efi/efi/qubes +# END QUBES SPECIFIC PART +mv %{buildroot}/boot/efi/efi %{buildroot}/boot/efi/EFI +%endif +%if %build_xsm +# policy file should be in /boot/flask +mkdir %{buildroot}/boot/flask +mv %{buildroot}/boot/xenpolicy* %{buildroot}/boot/flask +%else +rm -f %{buildroot}/boot/xenpolicy* +# BEGIN QUBES SPECIFIC PART +rm -f %{buildroot}/usr/sbin/flask-* +# END QUBES SPECIFIC PART +%endif + +############ debug packaging: list files ############ + +find %{buildroot} -print | xargs ls -ld | sed -e 's|.*%{buildroot}||' > f1.list + +############ kill unwanted stuff ############ + +# stubdom: newlib +rm -rf %{buildroot}/usr/*-xen-elf + +# hypervisor symlinks +rm -rf %{buildroot}/boot/xen-%{hv_abi}.gz +rm -rf %{buildroot}/boot/xen-4.gz +rm -rf %{buildroot}/boot/xen.gz +%if !%build_hyp +rm -rf %{buildroot}/boot +%endif + +# silly doc dir fun +rm -fr %{buildroot}%{_datadir}/doc/xen +# BEGIN QUBES SPECIFIC PART +rm -rf %{buildroot}%{_datadir}/doc/qemu +# END QUBES SPECIFIC PART + +# Pointless helper +rm -f %{buildroot}%{_sbindir}/xen-python-path + +# qemu stuff (unused or available from upstream) +rm -rf %{buildroot}/usr/share/xen/man +rm -rf %{buildroot}/usr/bin/qemu-*-xen +# BEGIN QUBES SPECIFIC PART +# ln -s qemu-img %{buildroot}/%{_bindir}/qemu-img-xen +# ln -s qemu-img %{buildroot}/%{_bindir}/qemu-nbd-xen +# END QUBES SPECIFIC PART +for file in bios.bin openbios-sparc32 openbios-sparc64 ppc_rom.bin \ + pxe-e1000.bin pxe-ne2k_pci.bin pxe-pcnet.bin pxe-rtl8139.bin \ + vgabios.bin vgabios-cirrus.bin video.x openbios-ppc bamboo.dtb +do + rm -f %{buildroot}/%{_datadir}/xen/qemu/$file +done + +# README's not intended for end users +rm -f %{buildroot}/%{_sysconfdir}/xen/README* + +# standard gnu info files +rm -rf %{buildroot}/usr/info + +# adhere to Static Library Packaging Guidelines +rm -rf %{buildroot}/%{_libdir}/*.a + +%if %build_efi +# clean up extra efi files +%ifarch %{ix86} +rm -f %{buildroot}/usr/lib64/efi/xen-%{hv_abi}.efi +rm -f %{buildroot}/usr/lib64/efi/xen-4.efi +rm -f %{buildroot}/usr/lib64/efi/xen.efi +# cp -p %{buildroot}/usr/lib64/efi/xen-%{version}{,.notstripped}.efi +# strip -s %{buildroot}/usr/lib64/efi/xen-%{version}.efi +%else +rm -f %{buildroot}/%{_libdir}/efi/xen-%{hv_abi}.efi +rm -f %{buildroot}/%{_libdir}/efi/xen-4.efi +rm -f %{buildroot}/%{_libdir}/efi/xen.efi +# cp -p %{buildroot}/%{_libdir}/efi/xen-%{version}{,.notstripped}.efi +# strip -s %{buildroot}/%{_libdir}/efi/xen-%{version}.efi +%endif +%endif + +%if ! %build_ocaml +rm -rf %{buildroot}/%{_unitdir}/oxenstored.service +%endif + +%if %build_ovmf +cat /usr/share/OVMF/OVMF_{VARS,CODE}.fd >%{buildroot}%{_libexecdir}/%{name}/boot/ovmf.bin +%endif + +############ fixup files in /etc ############ + +# logrotate +mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ +install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + +# init scripts +%define initdloc %(test -d /etc/rc.d/init.d/ && echo rc.d/init.d || echo init.d ) + +rm %{buildroot}%{_sysconfdir}/%{initdloc}/xen-watchdog +rm %{buildroot}%{_sysconfdir}/%{initdloc}/xencommons +rm %{buildroot}%{_sysconfdir}/%{initdloc}/xendomains +rm %{buildroot}%{_sysconfdir}/%{initdloc}/xendriverdomain + +# BEGIN QUBES SPECIFIC PART +rm %{buildroot}%{_sysconfdir}/sysconfig/xendomains +mkdir -p %{buildroot}/usr/lib/modules-load.d +cp %{SOURCE3} %{buildroot}/usr/lib/modules-load.d/xen.conf + +# get rid of standard domain starting scripts +rm %{buildroot}%{_unitdir}/xen-qemu-dom0-disk-backend.service +rm %{buildroot}%{_unitdir}/xendomains.service +# END QUBES SPECIFIC PART + +############ create dirs in /var ############ + +mkdir -p %{buildroot}%{_localstatedir}/lib/xen/images +mkdir -p %{buildroot}%{_localstatedir}/log/xen/console + +############ create symlink for x86_64 for compatibility with 4.4 ############ + +%if "%{_libdir}" != "/usr/lib" +ln -s %{_libexecdir}/%{name} %{buildroot}/%{_libdir}/%{name} +%endif + +# BEGIN QUBES SPECIFIC PART +# don't create symlink to qemu-system-i386 +ln -s ../sbin/xl %{buildroot}/%{_bindir}/xl +# END QUBES SPECIFIC PART + +############ debug packaging: list files ############ + +find %{buildroot} -print | xargs ls -ld | sed -e 's|.*%{buildroot}||' > f2.list +diff -u f1.list f2.list || true + +############ assemble license files ############ + +mkdir licensedir +# avoid licensedir to avoid recursion, also stubdom/ioemu and dist +# which are copies of files elsewhere +find . -path licensedir -prune -o -path stubdom/ioemu -prune -o \ + -path dist -prune -o -name COPYING -o -name LICENSE | while read file; do + mkdir -p licensedir/`dirname $file` + install -m 644 $file licensedir/$file +done + +############ all done now ############ + +# BEGIN QUBES SPECIFIC PART +# %post +# %if %with_systemd_presets +# %systemd_post xendomains.service +# %else +# if [ $1 == 1 ]; then +# /bin/systemctl enable xendomains.service +# fi +# %endif + +# %preun +# %if %with_systemd_presets +# %systemd_preun xendomains.service +# %else +# if [ $1 == 0 ]; then +# /bin/systemctl disable xendomains.service +# fi +# %endif +# END QUBES SPECIFIC PART + +%post runtime +%if %with_systemd_presets +# BEGIN QUBES SPECIFIC PART +%systemd_post xenstored.service xenconsoled.service xen-init-dom0.service +# END QUBES SPECIFIC PART +%else +if [ $1 == 1 ]; then + /bin/systemctl enable xenstored.service + /bin/systemctl enable xenconsoled.service +# BEGIN QUBES SPECIFIC PART + /bin/systemctl enable xen-init-dom0.service +# END QUBES SPECIFIC PART +fi +%endif + +%preun runtime +%if %with_systemd_presets +# BEGIN QUBES SPECIFIC PART +%systemd_preun xenstored.service xenconsoled.service xen-init-dom0.service +# END QUBES SPECIFIC PART +%else +if [ $1 == 0 ]; then + /bin/systemctl disable xenstored.service + /bin/systemctl disable xenconsoled.service +# BEGIN QUBES SPECIFIC PART + /bin/systemctl disable xen-init-dom0.service +# END QUBES SPECIFIC PART +fi +%endif + +%posttrans runtime +if [ ! -L /usr/lib/xen -a -d /usr/lib/xen -a -z "$(ls -A /usr/lib/xen)" ]; then + rmdir /usr/lib/xen +fi +if [ ! -e /usr/lib/xen ]; then + ln -s /usr/libexec/xen /usr/lib/xen +fi + +# QUBES SPECIFIC PART: next 2 lines (do not put comment before next section) +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + +%if %build_hyp +%post hypervisor +%if %build_efi +XEN_EFI_VERSION=$(echo %{upstream_version} | sed -e 's/rc./rc/') +EFI_DIR=$(efibootmgr -v 2>/dev/null | awk ' + /^BootCurrent:/ { current=$2; } + /^Boot....\* / { + if ("Boot" current "*" == $1) { + sub(".*File\\(", ""); + sub("\\\\xen.efi\\).*", ""); + gsub("\\\\", "/"); + print; + } + }') +# FAT (on ESP) does not support symlinks +# override the file on purpose +if [ -n "${EFI_DIR}" -a -d "/boot/efi${EFI_DIR}" ]; then + cp -pf /boot/efi/EFI/qubes/xen-$XEN_EFI_VERSION.efi /boot/efi${EFI_DIR}/xen.efi +else + cp -pf /boot/efi/EFI/qubes/xen-$XEN_EFI_VERSION.efi /boot/efi/EFI/qubes/xen.efi +fi +%endif + +if [ -f /boot/efi/EFI/qubes/xen.cfg ]; then + if ! grep -q smt=off /boot/efi/EFI/qubes/xen.cfg; then + sed -i -e 's:^options=.*:\0 smt=off:' /boot/efi/EFI/qubes/xen.cfg + fi + if ! grep -q gnttab_max_frames /boot/efi/EFI/qubes/xen.cfg; then + sed -i -e 's:^options=.*:\0 gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096:' /boot/efi/EFI/qubes/xen.cfg + fi +fi + +if [ -f /etc/default/grub ]; then + if ! grep -q smt=off /etc/default/grub; then + echo 'GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT smt=off"' >> /etc/default/grub + grub2-mkconfig -o /boot/grub2/grub.cfg + fi + if ! grep -q gnttab_max_frames /etc/default/grub; then + echo 'GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096"' >> /etc/default/grub + grub2-mkconfig -o /boot/grub2/grub.cfg + fi +fi + +if [ $1 == 1 -a -f /sbin/grub2-mkconfig ]; then + if [ -f /boot/grub2/grub.cfg ]; then + /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg + fi + if [ -f /boot/efi/EFI/qubes/grub.cfg ] && \ + ! grep -q "configfile" /boot/efi/EFI/qubes/grub.cfg; then + /sbin/grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg + fi +fi + +%postun hypervisor +if [ -f /sbin/grub2-mkconfig ]; then + if [ -f /boot/grub2/grub.cfg ]; then + /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg + fi + if [ -f /boot/efi/EFI/qubes/grub.cfg ] && \ + ! grep -q "configfile" /boot/efi/EFI/qubes/grub.cfg; then + /sbin/grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg + fi +fi +%endif + +%if %build_ocaml +%post ocaml +%if %with_systemd_presets +%systemd_post oxenstored.service +%else +if [ $1 == 1 ]; then + /bin/systemctl enable oxenstored.service +fi +%endif + +%preun ocaml +%if %with_systemd_presets +%systemd_preun oxenstored.service +%else +if [ $1 == 0 ]; then + /bin/systemctl disable oxenstored.service +fi +%endif +%endif + +# Base package only contains XenD/xm python stuff +#files -f xen-xm.lang +%files +%doc COPYING README + +# BEGIN QUBES SPECIFIC PART +%files -n python%{python3_pkgversion}-%{name} +%{python3_sitearch}/%{name} +%{python3_sitearch}/xen-*.egg-info +# END QUBES SPECIFIC PART + +%files libs +%{_libdir}/libxencall.so.1 +%{_libdir}/libxencall.so.1.3 +%{_libdir}/libxenctrl.so.4.* +%{_libdir}/libxendevicemodel.so.1 +%{_libdir}/libxendevicemodel.so.1.4 +%{_libdir}/libxenevtchn.so.1 +%{_libdir}/libxenevtchn.so.1.2 +%{_libdir}/libxenforeignmemory.so.1 +%{_libdir}/libxenforeignmemory.so.1.4 +%{_libdir}/libxengnttab.so.1 +%{_libdir}/libxengnttab.so.1.2 +%{_libdir}/libxenguest.so.4.* +%{_libdir}/libxenlight.so.4.* +%{_libdir}/libxenstat.so.4.* +%{_libdir}/libxenstore.so.4 +%{_libdir}/libxenstore.so.4.0 +%{_libdir}/libxentoolcore.so.1 +%{_libdir}/libxentoolcore.so.1.0 +%{_libdir}/libxentoollog.so.1 +%{_libdir}/libxentoollog.so.1.0 +%{_libdir}/libxenvchan.so.4.* +%{_libdir}/libxlutil.so.4.* +%{_libdir}/libxenhypfs.so.1 +%{_libdir}/libxenhypfs.so.1.0 + +# All runtime stuff except for XenD/xm python stuff +%files runtime +# Hotplug rules + +%dir %attr(0700,root,root) %{_sysconfdir}/%{name} +%dir %attr(0700,root,root) %{_sysconfdir}/%{name}/scripts/ +%config %attr(0700,root,root) %{_sysconfdir}/%{name}/scripts/* + +%{_sysconfdir}/bash_completion.d/xl + +%{_unitdir}/proc-xen.mount +%{_unitdir}/xenstored.service +%{_unitdir}/xenconsoled.service +%{_unitdir}/xen-watchdog.service +# BEGIN QUBES SPECIFIC PART +%{_unitdir}/xen-init-dom0.service +%exclude %{_unitdir}/xendriverdomain.service +# END QUBES SPECIFIC PART +/usr/lib/modules-load.d/xen.conf + +%config(noreplace) %{_sysconfdir}/sysconfig/xencommons +%config(noreplace) %{_sysconfdir}/xen/xl.conf +%config(noreplace) %{_sysconfdir}/xen/cpupool +%config(noreplace) %{_sysconfdir}/xen/xlexample* + +# Rotate console log files +%config(noreplace) %{_sysconfdir}/logrotate.d/xen + +# Programs run by other programs +%dir %{_libexecdir}/%{name} +%dir %{_libexecdir}/%{name}/bin +%attr(0700,root,root) %{_libexecdir}/%{name}/bin/* +# QEMU runtime files +%if %build_qemutrad +%ifnarch armv7hl aarch64 +%dir %{_datadir}/%{name}/qemu +%dir %{_datadir}/%{name}/qemu/keymaps +%{_datadir}/%{name}/qemu/keymaps/* +%endif +%endif + +# man pages +%if %build_docs +%{_mandir}/man1/xentop.1* +%{_mandir}/man8/xentrace.8* +%{_mandir}/man1/xl.1* +%{_mandir}/man5/xl.cfg.5* +%{_mandir}/man5/xl.conf.5* +%{_mandir}/man5/xlcpupool.cfg.5* +%{_mandir}/man1/xenstore* +%{_mandir}/man5/xl-disk-configuration.5.gz +%{_mandir}/man7/xen-pci-device-reservations.7.gz +%{_mandir}/man7/xen-tscmode.7.gz +%{_mandir}/man7/xen-vtpm.7.gz +%{_mandir}/man7/xen-vtpmmgr.7.gz +%{_mandir}/man5/xl-network-configuration.5.gz +%{_mandir}/man7/xen-pv-channel.7.gz +%{_mandir}/man7/xl-numa-placement.7.gz +%{_mandir}/man1/xenhypfs.1.gz +%{_mandir}/man7/xen-vbd-interface.7.gz +%{_mandir}/man5/xl-pci-configuration.5.gz +%endif + +# The firmware +%ifarch %{ix86} x86_64 +%dir %{_libexecdir}/%{name}/boot +%{_libexecdir}/xen/boot/hvmloader +%ifnarch %{ix86} +%{_libexecdir}/%{name}/boot/xen-shim +/usr/lib/debug%{_libexecdir}/xen/boot/xen-shim-syms +%endif +%if %build_ovmf +%{_libexecdir}/xen/boot/ovmf.bin +%endif +%if %build_stubdom +%if %build_qemutrad +%{_libexecdir}/xen/boot/ioemu-stubdom.gz +%endif +%{_libexecdir}/xen/boot/xenstore-stubdom.gz +%{_libexecdir}/xen/boot/xenstorepvh-stubdom.gz +%endif +%endif +%if "%{_libdir}" != "/usr/lib" +%{_libdir}/%{name} +%endif +%ghost /usr/lib/%{name} +# General Xen state +%dir %{_localstatedir}/lib/%{name} +%dir %{_localstatedir}/lib/%{name}/dump +%dir %{_localstatedir}/lib/%{name}/images +# Xenstore runtime state +%ghost %{_localstatedir}/run/xenstored + +# All xenstore CLI tools +%{_bindir}/xenstore +%{_bindir}/xenstore-* +#%#{_bindir}/remus +# Misc stuff +%ifnarch armv7hl aarch64 +%{_bindir}/xen-detect +%endif +%{_bindir}/xencov_split +%ifnarch armv7hl aarch64 +%{_sbindir}/gdbsx +%{_sbindir}/xen-kdd +%endif +%ifnarch armv7hl aarch64 +%{_sbindir}/xen-hptool +%{_sbindir}/xen-hvmcrash +%{_sbindir}/xen-hvmctx +%endif +%{_sbindir}/xenconsoled +%{_sbindir}/xenlockprof +%{_sbindir}/xenmon +%{_sbindir}/xentop +%{_sbindir}/xentrace_setmask +%{_sbindir}/xenbaked +%{_sbindir}/xenstored +%{_sbindir}/xenpm +%{_sbindir}/xenpmd +%{_sbindir}/xenperf +%{_sbindir}/xenwatchdogd +%{_sbindir}/xl +%ifnarch armv7hl aarch64 +%{_sbindir}/xen-lowmemd +%endif +%{_sbindir}/xencov +%ifnarch armv7hl aarch64 +%{_sbindir}/xen-mfndump +%endif +%{_bindir}/xenalyze +%{_sbindir}/xentrace +%{_sbindir}/xentrace_setsize +%ifnarch armv7hl aarch64 +%{_bindir}/xen-cpuid +%endif +%{_sbindir}/xen-livepatch +%{_sbindir}/xen-diag +%ifnarch armv7hl aarch64 +%{_sbindir}/xen-ucode +%{_sbindir}/xen-memshare +%{_sbindir}/xen-mceinj +%{_sbindir}/xen-vmtrace +%endif +%{_bindir}/vchan-socket-proxy +%{_sbindir}/xenhypfs +%{_sbindir}/xen-access + +# BEGIN QUBES SPECIFIC PART +%{_bindir}/xl +# END QUBES SPECIFIC PART + +# Xen logfiles +%dir %attr(0700,root,root) %{_localstatedir}/log/xen +# Guest/HV console logs +%dir %attr(0700,root,root) %{_localstatedir}/log/xen/console + +%files hypervisor +%if %build_hyp +%defattr(-,root,root) +%ifnarch armv7hl aarch64 +/boot/xen-*.gz +# BEGIN QUBES SPECIFIC PART +# /boot/xen.gz +# END QUBES SPECIFIC PART +/boot/xen*.config +%else +/boot/xen* +%endif +%if %build_xsm +%dir %attr(0755,root,root) /boot/flask +/boot/flask/xenpolicy* +%endif +%if %build_efi +/boot/efi/EFI/qubes/*.efi +%endif +/usr/lib/debug/xen* +%endif + +%if %build_docs +%files doc +%doc docs/misc/ +%doc dist/install/usr/share/doc/xen/html +%endif + +%files devel +%{_includedir}/*.h +%dir %{_includedir}/xen +%{_includedir}/xen/* +%dir %{_includedir}/xenstore-compat +%{_includedir}/xenstore-compat/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/* + +%files licenses +%doc licensedir/* + +%if %build_ocaml +%files ocaml +%{_libdir}/ocaml/xen* +%exclude %{_libdir}/ocaml/xen*/*.a +%exclude %{_libdir}/ocaml/xen*/*.cmxa +%exclude %{_libdir}/ocaml/xen*/*.cmx +%{_libdir}/ocaml/stublibs/*.so +%{_libdir}/ocaml/stublibs/*.so.owner +%{_sbindir}/oxenstored +%config(noreplace) %{_sysconfdir}/xen/oxenstored.conf +%{_unitdir}/oxenstored.service + +%files ocaml-devel +%{_libdir}/ocaml/xen*/*.a +%{_libdir}/ocaml/xen*/*.cmxa +%{_libdir}/ocaml/xen*/*.cmx +%endif + +%changelog +@CHANGELOG@ +