TrenchBoot · SergiiDmytruk · Nov 28, 2024 · Nov 15, 2024 · Nov 19, 2024 · Nov 19, 2024
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,15 @@
+name: Test build and package QubesOS RPMs
+
+on:
+  push:
+    branches:
+      - 'aem*'
+    tags:
+      - '*'
+
+jobs:
+  qubes-dom0-package:
+    uses: TrenchBoot/.github/.github/workflows/qubes-dom0-packagev2.yml@master
+    with:
+      qubes-component: 'vmm-xen'
+      qubes-pkg-src-dir: '.'
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,15 +1,28 @@
+variables:
+  XEN_REGISTRY: registry.gitlab.com/xen-project/xen
+
 workflow:
   rules:
     - if: $CI_COMMIT_BRANCH =~ /^(master|smoke|^coverity-tested\/.*|stable-.*)$/
       when: never
     - when: always
 
 stages:
+  - containers
   - analyze
   - build
   - test
 
 include:
-  - 'automation/gitlab-ci/analyze.yaml'
-  - 'automation/gitlab-ci/build.yaml'
-  - 'automation/gitlab-ci/test.yaml'
+  - local: 'automation/gitlab-ci/containers.yaml'
+    rules:
+      - if: $XEN_CI_REBUILD_CONTAINERS
+  - local: 'automation/gitlab-ci/analyze.yaml'
+    rules:
+      - if: $XEN_CI_REBUILD_CONTAINERS == null
+  - local: 'automation/gitlab-ci/build.yaml'
+    rules:
+      - if: $XEN_CI_REBUILD_CONTAINERS == null
+  - local: 'automation/gitlab-ci/test.yaml'
+    rules:
+      - if: $XEN_CI_REBUILD_CONTAINERS == null
diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/automation/eclair_analysis/ECLAIR/tagging.ecl
@@ -115,7 +115,7 @@ if(string_equal(target,"x86_64"),
 )
 
 if(string_equal(target,"arm64"),
-    service_selector({"additional_clean_guidelines","MC3R1.R2.1||MC3R1.R5.3||MC3.R11.2||MC3R1.R16.6||MC3R1.R20.7"})
+    service_selector({"additional_clean_guidelines","MC3R1.R2.1||MC3R1.R5.3||MC3R1.R8.4||MC3.R11.2||MC3R1.R16.6||MC3R1.R20.7"})
 )
 
 -reports+={clean:added,"service(clean_guidelines_common||additional_clean_guidelines)"}

diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
@@ -1,6 +1,6 @@
 .build-tmpl: &build
   stage: build
-  image: registry.gitlab.com/xen-project/xen/${CONTAINER}
+  image: ${XEN_REGISTRY}/${CONTAINER}
   script:
     - ./automation/scripts/build 2>&1 | tee build.log
   artifacts:
@@ -208,7 +208,7 @@
 
 .yocto-test:
   stage: build
-  image: registry.gitlab.com/xen-project/xen/${CONTAINER}
+  image: ${XEN_REGISTRY}/${CONTAINER}
   script:
     - ./automation/build/yocto/build-yocto.sh -v --log-dir=./logs --xen-dir=`pwd` ${YOCTO_BOARD} ${YOCTO_OUTPUT}
   variables:

diff --git a/automation/gitlab-ci/containers.yaml b/automation/gitlab-ci/containers.yaml
@@ -0,0 +1,29 @@
+.container-build-tmpl:
+  stage: containers
+  image: docker:stable
+  tags:
+    - container-builder
+  rules:
+    - if: $XEN_CI_REBUILD_CONTAINERS
+  services:
+    - docker:dind
+  before_script:
+    - apk add make
+    - docker info
+    - docker login -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD $CI_REGISTRY
+  script:
+    - make -C automation/build PUSH=1 REGISTRY=${XEN_REGISTRY} ${CONTAINER/:/\/}
+  after_script:
+    - docker logout
+
+container-archlinux-current:
+  extends:
+    - .container-build-tmpl
+  variables:
+    CONTAINER: "archlinux:current"
+
+container-opensuse-tumbleweed-x86_64:
+  extends:
+    - .container-build-tmpl
+  variables:
+    CONTAINER: "opensuse:tumbleweed-x86_64"
diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml
@@ -1,6 +1,6 @@
 .test-jobs-common:
   stage: test
-  image: registry.gitlab.com/xen-project/xen/${CONTAINER}
+  image: ${XEN_REGISTRY}/${CONTAINER}
 
 .arm64-test-needs: &arm64-test-needs
   - alpine-3.18-arm64-rootfs-export
@@ -98,9 +98,8 @@
       - '*.log'
       - '*.dtb'
     when: always
-  only:
-    variables:
-      - $XILINX_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true"
+  rules:
+    - if: $XILINX_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true"
   tags:
     - xilinx
 
@@ -117,9 +116,8 @@
       - smoke.serial
       - '*.log'
     when: always
-  only:
-    variables:
-      - $XILINX_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true"
+  rules:
+    - if: $XILINX_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true"
   tags:
     - xilinx
 
@@ -137,9 +135,8 @@
       - smoke.serial
       - '*.log'
     when: always
-  only:
-    variables:
-      - $QUBES_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true"
+  rules:
+    - if: $QUBES_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true"
   tags:
     - qubes-hw2
 

diff --git a/docs/hypervisor-guide/x86/how-xen-boots.rst b/docs/hypervisor-guide/x86/how-xen-boots.rst
@@ -55,6 +55,11 @@ If ``CONFIG_PVH_GUEST`` was selected at build time, an Elf note is included
 which indicates the ability to use the PVH boot protocol, and registers
 ``__pvh_start`` as the entrypoint, entered in 32bit mode.
 
+MLE header is used with Intel TXT, together with MB2 headers. Entrypoint is
+different, but it is used just to differentiate from other entries by moving
+a magic number to EAX. Execution environment is similar to that of Multiboot 2
+and code falls through to ``start``.
+
 
 xen.gz
 ~~~~~~

diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
@@ -154,15 +154,15 @@ maintainers if you want to suggest a change.
    * - `Rule 5.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_01_2.c>`_
      - Required
      - External identifiers shall be distinct
-     - The Xen characters limit for identifiers is 40. Public headers
+     - The Xen characters limit for identifiers is 63. Public headers
        (xen/include/public/) are allowed to retain longer identifiers
        for backward compatibility.
 
    * - `Rule 5.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_02.c>`_
      - Required
      - Identifiers declared in the same scope and name space shall be
        distinct
-     - The Xen characters limit for identifiers is 40. Public headers
+     - The Xen characters limit for identifiers is 63. Public headers
        (xen/include/public/) are allowed to retain longer identifiers
        for backward compatibility.
 
@@ -177,7 +177,7 @@ maintainers if you want to suggest a change.
    * - `Rule 5.4 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_04.c>`_
      - Required
      - Macro identifiers shall be distinct
-     - The Xen characters limit for macro identifiers is 40. Public
+     - The Xen characters limit for macro identifiers is 63. Public
        headers (xen/include/public/) are allowed to retain longer
        identifiers for backward compatibility.
 

diff --git a/qubesos_xen.logrotate b/qubesos_xen.logrotate
@@ -0,0 +1,9 @@
+/var/log/xen/xen-hotplug.log
+/var/log/xen/domain-builder-ng.log
+/var/log/xen/console/*.log{
+    notifempty
+    missingok
+    compress
+    copytruncate
+    su root qubes
+}
diff --git a/qubesos_xen.modules-load.conf b/qubesos_xen.modules-load.conf
@@ -0,0 +1,9 @@
+xen-evtchn
+xen-gntdev
+xen-gntalloc
+xen-blkback
+xen-pciback
+xen-privcmd
+xen-acpi-processor
+# Not used in Qubes dom0
+#xen-netback