app-emulation/xen: add upstream and security patches, drop old

Signed-off-by: Tomáš Mózes <[email protected]> Closes: gentoo#17638 Signed-off-by: Sam James <[email protected]>
johu · Sep 29, 2020 · 3a434d9 · 3a434d9
1 parent 624e729
commit 3a434d9
Show file tree

Hide file tree

Showing 3 changed files with 168 additions and 2 deletions.
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
@@ -1,4 +1,5 @@
 DIST xen-4.13.1-upstream-patches-2.tar.xz 53744 BLAKE2B 769b5b8022f7db66f677d8107c6473606376718bffeac7eba09c4270f4005811f472fb9ed2a2804260e0486228edbadfcf8f81bf1dae6d68df37da213d281390 SHA512 b07c865b96c6f48b9d0b4e4c2f3ec19f4dc44884f4024e440a3e537f594f9f5edd6edf805bdefc82e5f1f2520f35f940b64c158972cbf5bfdc8fb2ca7a1b0ac1
+DIST xen-4.13.1-upstream-patches-3.tar.xz 87056 BLAKE2B 01d7133b8f7e3c9a42b9771dcb7739777f79f229941114cce70ba2897dd52bf53f08de35602a0b40a120fc155c274dbf91e107856f4afdae2c4f7b4bc0a67cdd SHA512 d67e9ddfbf27dc5a23a77679b1b2524a49c2aec3ff9eb3472f9e075893d87401f8e99707b0652744eb4af7a3ed9a815c3925de49995bcd7c82d97c13a69b5309
 DIST xen-4.13.1.tar.gz 39024612 BLAKE2B efff138699fac2c14fad2e0dfd4535ebd744577df3dddccc2a589b81a76f24fc81c75e295f4cd33ca2e820929417b22d714504b576cb0737a563037bd56b6a95 SHA512 b56d20704155d98d803496cba83eb928e0f986a750831cd5600fc88d0ae772fe1456571654375054043d2da8daca255cc98385ebf08b1b1a75ecf7f4b7a0ee90
-DIST xen-4.14.0-upstream-patches-0.tar.xz 6872 BLAKE2B 958ad668362c9c02af39f2a02cde2baa9b9fc8853116c390f43a77bb17c649bfc6a4b51db5cbe564a8c3c440ce736603e44b97f45c50a7836c9a43bfb0d2255a SHA512 a30d9708e64e1405f837b14c1e5a0e28fcb9e7a177c822570e25d0ed118a9c58c380f4ed64a40bf970a9389baf9848e52f7d161efe922b883ee990c8029e7e1f
+DIST xen-4.14.0-upstream-patches-1.tar.xz 45360 BLAKE2B 0f72a2cc3d18557b86a2a83f97e4141be46a20e3ba59ccc881a34a4408988eba9827e3b927bc07aba9678123d783303e7d47d789e57323a7f6691d718c019dc8 SHA512 3d5093e4367d27e7f6e8d4cc31841a5c80cc3fb870d6cb32131d064e16cbb559e9a783c70eec1ce13c960b3e2a8d5e23e18d26b936bc418b434df3bb801d3e4f
 DIST xen-4.14.0.tar.gz 39950576 BLAKE2B db4c3e79cfdfb10260d0d14d9d28e8c8bd9bf23f42aee743acf8f560bf4cdb96a425c0df887c70f9755f62680be24bfbe0149e52a4cb843ae83090cd9d6afc71 SHA512 ebce47a2f754955d8517123d69f62006634d97620fbbe3784869a0667466e586a249f57ffaf7846d5bcb45d69377cde43354c82c233fbb5407e55653b9a33ac0
diff --git a/app-emulation/xen/xen-4.13.1-r4.ebuild b/app-emulation/xen/xen-4.13.1-r4.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+
+inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${MY_PV}
+
+if [[ $PV == *9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
+	SRC_URI=""
+else
+	KEYWORDS="~amd64 ~arm -x86"
+	UPSTREAM_VER=3
+	SECURITY_VER=
+	GENTOO_VER=
+
+	[[ -n ${UPSTREAM_VER} ]] && \
+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
+		https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+	[[ -n ${SECURITY_VER} ]] && \
+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
+	[[ -n ${GENTOO_VER} ]] && \
+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
+	SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz
+		${UPSTREAM_PATCHSET_URI}
+		${SECURITY_PATCHSET_URI}
+		${GENTOO_PATCHSET_URI}"
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="https://www.xenproject.org"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug efi flask"
+
+DEPEND="${PYTHON_DEPS}
+	efi? ( >=sys-devel/binutils-2.22[multitarget] )
+	!efi? ( >=sys-devel/binutils-2.22 )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	if [[ -z ${XEN_TARGET_ARCH} ]]; then
+		if use amd64; then
+			export XEN_TARGET_ARCH="x86_64"
+		elif use arm; then
+			export XEN_TARGET_ARCH="arm32"
+		elif use arm64; then
+			export XEN_TARGET_ARCH="arm64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	if use flask ; then
+		export "XSM_ENABLE=y"
+		export "FLASK_ENABLE=y"
+	fi
+}
+
+src_prepare() {
+	# Upstream's patchset
+	[[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream
+
+	# Security patchset
+	if [[ -n ${SECURITY_VER} ]]; then
+	einfo "Try to apply Xen Security patch set"
+		# apply main xen patches
+		# Two parallel systems, both work side by side
+		# Over time they may concdense into one. This will suffice for now
+		source "${WORKDIR}"/patches-security/${PV}.conf
+
+		local i
+		for i in ${XEN_SECURITY_MAIN}; do
+			eapply "${WORKDIR}"/patches-security/xen/$i
+		done
+	fi
+
+	# Gentoo's patchset
+	[[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo
+
+	eapply "${FILESDIR}"/${PN}-4.11-efi.patch
+
+	# Drop .config
+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
+
+	if use efi; then
+		export EFI_VENDOR="gentoo"
+		export EFI_MOUNTPOINT="/boot"
+	fi
+
+	default
+}
+
+src_configure() {
+	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+	use debug && myopt="${myopt} debug=y"
+
+	# remove flags
+	unset CFLAGS
+	unset LDFLAGS
+	unset ASFLAGS
+
+	tc-ld-disable-gold # Bug 700374
+}
+
+src_compile() {
+	# Send raw LDFLAGS so that --as-needed works
+	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	# The 'make install' doesn't 'mkdir -p' the subdirs
+	if use efi; then
+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+	fi
+
+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+
+	# make install likes to throw in some extra EFI bits if it built
+	use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide:"
+	elog " https://wiki.gentoo.org/wiki/Xen"
+
+	use efi && einfo "The efi executable is installed in /boot/efi/gentoo"
+
+	elog "You can optionally block the installation of /boot/xen-syms by an entry"
+	elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
+	elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
+
+	ewarn
+	ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause"
+	ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems"
+	ewarn "to work fine."
+	ewarn
+	ewarn "Add sched=credit to xen command line options to use the legacy scheduler."
+	ewarn
+	ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B"
+}
diff --git a/app-emulation/xen/xen-4.14.0-r1.ebuild → app-emulation/xen/xen-4.14.0-r2.ebuild b/app-emulation/xen/xen-4.14.0-r1.ebuild → app-emulation/xen/xen-4.14.0-r2.ebuild
@@ -16,7 +16,7 @@ if [[ $PV == *9999 ]]; then
 	SRC_URI=""
 else
 	KEYWORDS="~amd64 ~arm -x86"
-	UPSTREAM_VER=0
+	UPSTREAM_VER=1
 	SECURITY_VER=
 	GENTOO_VER=