diff options
author | Tomáš Mózes <hydrapolic@gmail.com> | 2021-06-09 07:18:46 +0000 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2021-06-11 14:49:01 +0200 |
commit | cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5 (patch) | |
tree | b7be969fe615bba61b7491bf2454736910dfacd4 /app-emulation | |
parent | app-emulation/xen: add upstream security patches (diff) | |
download | gentoo-cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5.tar.gz gentoo-cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5.tar.bz2 gentoo-cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5.zip |
app-emulation/xen: drop vulnerable
Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'app-emulation')
-rw-r--r-- | app-emulation/xen/Manifest | 1 | ||||
-rw-r--r-- | app-emulation/xen/xen-4.14.2.ebuild | 169 | ||||
-rw-r--r-- | app-emulation/xen/xen-4.15.0.ebuild | 169 |
3 files changed, 0 insertions, 339 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest index 9576a401e2b1..e8907dcf6630 100644 --- a/app-emulation/xen/Manifest +++ b/app-emulation/xen/Manifest @@ -1,6 +1,5 @@ DIST xen-4.13.3.tar.gz 39044539 BLAKE2B 5d0e57c76e12e1b86b78bbf561e947d70b9569a24412617a640346d2358b141a2741e7a3be454df52d198ad63e58b1519288de62330417c70e72445703f3fac2 SHA512 622127d824b9c49b57282a887fb404e0bad05ff60bccade82e4e0e9b5ad975ff9aa1fba83392e6d8379e9a15340e8ae9785c0913eb11027816e4600432eea6b6 DIST xen-4.14.2-upstream-patches-0.tar.xz 23304 BLAKE2B 954e0a49e5c3ec122aefe52afe328f440b8a4c8db966e0fa91e0b6d6cb3c0462b75fb99b3e7392811bd2e680cd7945e8a4d68317245fd42fdf0ad6cab33fbc68 SHA512 64d243f0c8acfec87812e4d78e3d8b24a86315824853f4f3b17122b7119425d180650695bc12e1a30f5b30c6ef684be7c08b2bc677ca2f0668d0335d92e2bf78 DIST xen-4.14.2.tar.gz 39973157 BLAKE2B db5d3570f79e0fd97872f5e5dd57a4eb39e005728387bfef3b51fabe1c693cfd8108d09b1026f5a5a7eb79de71be6f4af36d252f7e0b35a65a1567b7949e3e29 SHA512 83c9333b70dbee3e29c6bf08e5ad030676e6c4a32b976f3f5e6a8f8d0dd9e4898bac88dd8e1c9d2ad3509cebb5d212e1745f9392a469d7afeb841d79801ccf39 -DIST xen-4.15.0-upstream-patches-0.tar.xz 15744 BLAKE2B e2abb68524a7c190db8d91beb79731aea5290e82f54fb21218739dab666f6f5ea85c203575ec248b46830f1862408d50d3ceea1104fcd9325babfccf3574c515 SHA512 f1a2800d15a61f08eda4d6bafaead95a9d72cc9e4d90a19278d89c696b7e2d5d6353b28dba7ed0eb0c9aeb8604d3697db6a8f4ac38047e2510279d88181752f9 DIST xen-4.15.0-upstream-patches-1.tar.xz 35180 BLAKE2B eb3b2a44b717a04daa4a2f158040cce78b42cba5a72c437d7b2f8f1237b808f6f13c2140d82e95056818db6c0eb706ebd7dead822a6a4e689e5d5e7c83523fdb SHA512 a7cfe2dbc82b15c48fa781a77b3ca1622fc2feac3874bf17cf56e82be46e9817913f94992e0e1a1cd2be2e719d4abb9a15744c8a1017e30c0d5c01d7db64dbb5 DIST xen-4.15.0.tar.gz 40785399 BLAKE2B 8b0530f5516c39656506f4bb705952da0555a8ab7f47323473b171caeb7692f3107e9d94f13171d40576600064589eed35f4d210af02db4cc4706dd4fc202100 SHA512 93683b8a97387ca5f003c635a11d163e61c87dbdc9a03081f9155fe87b49f1dfa74ce243fcd5e04dc009353a36e2375b786f1ebde828b5951a094cd64197b4c7 diff --git a/app-emulation/xen/xen-4.14.2.ebuild b/app-emulation/xen/xen-4.14.2.ebuild deleted file mode 100644 index 93ea93f278af..000000000000 --- a/app-emulation/xen/xen-4.14.2.ebuild +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..9} ) - -inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs - -MY_PV=${PV/_/-} -MY_P=${PN}-${MY_PV} - -if [[ ${PV} == *9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="git://xenbits.xen.org/xen.git" - SRC_URI="" -else - KEYWORDS="~amd64 ~arm -x86" - UPSTREAM_VER= - SECURITY_VER= - GENTOO_VER= - - [[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz - https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz" - [[ -n ${SECURITY_VER} ]] && \ - SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz" - [[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz" - SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${SECURITY_PATCHSET_URI} - ${GENTOO_PATCHSET_URI}" -fi - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="https://www.xenproject.org" -LICENSE="GPL-2" -SLOT="0" -IUSE="debug efi flask" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22 )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -# no tests are available for the hypervisor -# prevent the silliness of /usr/lib/debug/usr/lib/debug files -# prevent stripping of the debug info from the /usr/lib/debug/xen-syms -RESTRICT="test splitdebug strip" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="arm? ( debug )" - -S="${WORKDIR}/${MY_P}" - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use amd64; then - export XEN_TARGET_ARCH="x86_64" - elif use arm; then - export XEN_TARGET_ARCH="arm32" - elif use arm64; then - export XEN_TARGET_ARCH="arm64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - fi -} - -src_prepare() { - # Upstream's patchset - [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream - - # Security patchset - if [[ -n ${SECURITY_VER} ]]; then - einfo "Try to apply Xen Security patch set" - # apply main xen patches - # Two parallel systems, both work side by side - # Over time they may concdense into one. This will suffice for now - source "${WORKDIR}"/patches-security/${PV}.conf - - local i - for i in ${XEN_SECURITY_MAIN}; do - eapply "${WORKDIR}"/patches-security/xen/$i - done - fi - - # Gentoo's patchset - [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo - - # Symlinks do not work on fat32 volumes - eapply "${FILESDIR}"/${PN}-4.14-efi.patch - - # Workaround new gcc-11 options - sed -e '/^CFLAGS/s/-Werror//g' -i xen/Makefile || die - - # Drop .config - sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" - - if use efi; then - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="/boot" - fi - - default -} - -src_configure() { - use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i" - - use debug && myopt="${myopt} debug=y" - - # remove flags - unset CFLAGS - unset LDFLAGS - unset ASFLAGS - - tc-ld-disable-gold # Bug 700374 -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" DESTDIR="${D}" -C xen ${myopt} install - - # make install likes to throw in some extra EFI bits if it built - use efi || rm -rf "${D}/usr/$(get_libdir)/efi" -} - -pkg_postinst() { - elog "Official Xen Guide:" - elog " https://wiki.gentoo.org/wiki/Xen" - - use efi && einfo "The efi executable is installed in /boot/efi/gentoo" - - elog "You can optionally block the installation of /boot/xen-syms by an entry" - elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK" - elog "e.g. echo ${msg} > /etc/portage/env/xen.conf" - - ewarn - ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause" - ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems" - ewarn "to work fine." - ewarn - ewarn "Add sched=credit to xen command line options to use the legacy scheduler." - ewarn - ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B" -} diff --git a/app-emulation/xen/xen-4.15.0.ebuild b/app-emulation/xen/xen-4.15.0.ebuild deleted file mode 100644 index eaf463b8786b..000000000000 --- a/app-emulation/xen/xen-4.15.0.ebuild +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..9} ) - -inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs - -MY_PV=${PV/_/-} -MY_P=${PN}-${MY_PV} - -if [[ ${PV} == *9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="git://xenbits.xen.org/xen.git" - SRC_URI="" -else - KEYWORDS="~amd64 ~arm -x86" - UPSTREAM_VER=0 - SECURITY_VER= - GENTOO_VER= - - [[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz - https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz" - [[ -n ${SECURITY_VER} ]] && \ - SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz" - [[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz" - SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${SECURITY_PATCHSET_URI} - ${GENTOO_PATCHSET_URI}" -fi - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="https://www.xenproject.org" -LICENSE="GPL-2" -SLOT="0" -IUSE="debug efi flask" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22 )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -# no tests are available for the hypervisor -# prevent the silliness of /usr/lib/debug/usr/lib/debug files -# prevent stripping of the debug info from the /usr/lib/debug/xen-syms -RESTRICT="test splitdebug strip" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="arm? ( debug )" - -S="${WORKDIR}/${MY_P}" - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use amd64; then - export XEN_TARGET_ARCH="x86_64" - elif use arm; then - export XEN_TARGET_ARCH="arm32" - elif use arm64; then - export XEN_TARGET_ARCH="arm64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - fi -} - -src_prepare() { - # Upstream's patchset - [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream - - # Security patchset - if [[ -n ${SECURITY_VER} ]]; then - einfo "Try to apply Xen Security patch set" - # apply main xen patches - # Two parallel systems, both work side by side - # Over time they may concdense into one. This will suffice for now - source "${WORKDIR}"/patches-security/${PV}.conf - - local i - for i in ${XEN_SECURITY_MAIN}; do - eapply "${WORKDIR}"/patches-security/xen/$i - done - fi - - # Gentoo's patchset - [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo - - # Symlinks do not work on fat32 volumes - eapply "${FILESDIR}"/${PN}-4.15-efi.patch - - # Workaround new gcc-11 options - sed -e '/^CFLAGS/s/-Werror//g' -i xen/Makefile || die - - # Drop .config - sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" - - if use efi; then - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="/boot" - fi - - default -} - -src_configure() { - use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i" - - use debug && myopt="${myopt} debug=y" - - # remove flags - unset CFLAGS - unset LDFLAGS - unset ASFLAGS - - tc-ld-disable-gold # Bug 700374 -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" DESTDIR="${D}" -C xen ${myopt} install - - # make install likes to throw in some extra EFI bits if it built - use efi || rm -rf "${D}/usr/$(get_libdir)/efi" -} - -pkg_postinst() { - elog "Official Xen Guide:" - elog " https://wiki.gentoo.org/wiki/Xen" - - use efi && einfo "The efi executable is installed in /boot/efi/gentoo" - - elog "You can optionally block the installation of /boot/xen-syms by an entry" - elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK" - elog "e.g. echo ${msg} > /etc/portage/env/xen.conf" - - ewarn - ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause" - ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems" - ewarn "to work fine." - ewarn - ewarn "Add sched=credit to xen command line options to use the legacy scheduler." - ewarn - ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B" -} |