summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Granberg <zorry@gentoo.org>2011-10-22 23:25:50 +0000
committerMagnus Granberg <zorry@gentoo.org>2011-10-22 23:25:50 +0000
commitaa87479ab871ff469d5585f3e20e8cc7b1afdc46 (patch)
treed42776569f98274abb8b4220e0f6dbf15d4e1225 /app-emulation
parentOnly depend on sys-apps/seabios on x86 & amd64 since it will only compile the... (diff)
downloadgentoo-2-aa87479ab871ff469d5585f3e20e8cc7b1afdc46.tar.gz
gentoo-2-aa87479ab871ff469d5585f3e20e8cc7b1afdc46.tar.bz2
gentoo-2-aa87479ab871ff469d5585f3e20e8cc7b1afdc46.zip
Fix compile failure for hardened #360805
(Portage version: 2.1.10.30/cvs/Linux x86_64)
Diffstat (limited to 'app-emulation')
-rw-r--r--app-emulation/xen-tools/ChangeLog9
-rw-r--r--app-emulation/xen-tools/files/ipxe-nopie.patch27
-rw-r--r--app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild332
3 files changed, 367 insertions, 1 deletions
diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog
index f430dae41fbb..4de5d17bd15c 100644
--- a/app-emulation/xen-tools/ChangeLog
+++ b/app-emulation/xen-tools/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for app-emulation/xen-tools
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.99 2011/10/13 19:30:37 alexxy Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.100 2011/10/22 23:25:50 zorry Exp $
+
+*xen-tools-4.1.1-r6 (22 Oct 2011)
+
+ 22 Oct 2011; Magnus Granberg <zorry@gentoo.org> +xen-tools-4.1.1-r6.ebuild,
+ +files/ipxe-nopie.patch:
+ Fix hardened compile failure #360805 don't compile ipxe with pie.
+ Thanks Ian Delaney and Ralf Glauberman
13 Oct 2011; Alexey Shvetsov <alexxy@gentoo.org> -xen-tools-3.4.2.ebuild,
xen-tools-4.1.1-r5.ebuild, files/xendomains.initd-r1:
diff --git a/app-emulation/xen-tools/files/ipxe-nopie.patch b/app-emulation/xen-tools/files/ipxe-nopie.patch
new file mode 100644
index 000000000000..0663eaacf7f0
--- /dev/null
+++ b/app-emulation/xen-tools/files/ipxe-nopie.patch
@@ -0,0 +1,27 @@
+2011-10-22 Ralf Glauberman <ralfglauberman@gmx.de>
+
+ #360805 Don't compile ipxe with pie on hardened.
+ * /tools/firmware/etherboot/patches/ipxe-nopie.patche New patch
+ * /tools/firmware/etherboot/patches/series Add ipxe-nopie.patch
+
+--- a/tools/firmware/etherboot/patches/ipxe-nopie.patch 1970-01-01 01:00:00.000000000 +0100
++++ b/tools/firmware/etherboot/patches/ipxe-nopie.patch 2011-03-27 17:45:13.929697782 +0200
+@@ -0,0 +1,11 @@
++--- ipxe/src/Makefile~ 2011-03-27 17:41:52.000000000 +0200
+++++ ipxe/src/Makefile 2011-03-27 17:43:20.869446433 +0200
++@@ -4,7 +4,7 @@
++ #
++
++ CLEANUP :=
++-CFLAGS :=
+++CFLAGS := -nopie
++ ASFLAGS :=
++ LDFLAGS :=
++ MAKEDEPS := Makefile
+--- a/tools/firmware/etherboot/patches/series 2011-03-25 11:42:50.000000000 +0100
++++ b/tools/firmware/etherboot/patches/series 2011-03-27 17:45:45.140446216 +0200
+@@ -1,3 +1,4 @@
+ boot_prompt_option.patch
+ gpxe-git-0edf2405b457
+ gpxe-git-a803ef3dfeac
++ipxe-nopie.patch
diff --git a/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild b/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild
new file mode 100644
index 000000000000..2470c69f59b9
--- /dev/null
+++ b/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild
@@ -0,0 +1,332 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild,v 1.1 2011/10/22 23:25:50 zorry Exp $
+
+EAPI="3"
+
+if [[ $PV == *9999 ]]; then
+ KEYWORDS=""
+ REPO="xen-unstable.hg"
+ EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+ S="${WORKDIR}/${REPO}"
+ live_eclass="mercurial"
+else
+ KEYWORDS="~amd64 ~x86"
+ XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles"
+ SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz \
+ $XEN_EXTFILES_URL/ipxe-git-v1.0.0.tar.gz"
+ S="${WORKDIR}/xen-${PV}"
+fi
+
+inherit flag-o-matic eutils multilib python toolchain-funcs ${live_eclass}
+
+DESCRIPTION="Xend daemon and tools"
+HOMEPAGE="http://xen.org/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen xend"
+
+CDEPEND="dev-lang/python
+ dev-python/lxml
+ sys-libs/zlib
+ hvm? ( media-libs/libsdl
+ sys-power/iasl )
+ api? ( dev-libs/libxml2 net-misc/curl )"
+
+DEPEND="${CDEPEND}
+ sys-devel/gcc
+ dev-lang/perl
+ app-misc/pax-utils
+ dev-ml/findlib
+ doc? (
+ app-doc/doxygen
+ dev-tex/latex2html
+ media-gfx/transfig
+ media-gfx/graphviz
+ dev-tex/xcolor
+ dev-texlive/texlive-latexextra
+ virtual/latex-base
+ dev-tex/latexmk
+ dev-texlive/texlive-latex
+ dev-texlive/texlive-pictures
+ dev-texlive/texlive-latexrecommended
+ )
+ hvm? (
+ x11-proto/xproto
+ sys-devel/dev86
+ )"
+
+RDEPEND="${CDEPEND}
+ sys-apps/iproute2
+ net-misc/bridge-utils
+ dev-python/pyxml
+ >=dev-lang/ocaml-3.12.0
+ screen? (
+ app-misc/screen
+ app-admin/logrotate
+ )
+ || ( sys-fs/udev sys-apps/hotplug )"
+
+# hvmloader is used to bootstrap a fully virtualized kernel
+# Approved by QA team in bug #144032
+QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
+QA_EXECSTACK="usr/share/xen/qemu/openbios-sparc32
+ usr/share/xen/qemu/openbios-sparc64"
+
+pkg_setup() {
+ export "CONFIG_LOMOUNT=y"
+
+ if use qemu; then
+ export "CONFIG_IOEMU=y"
+ else
+ export "CONFIG_IOEMU=n"
+ fi
+
+ if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
+ eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
+ eerror "an amd64 multilib profile is required. Remove the hvm use flag"
+ eerror "to build xen-tools on your current profile."
+ die "USE=hvm is unsupported on this system."
+ fi
+
+ if [[ -z ${XEN_TARGET_ARCH} ]] ; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64 ; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use doc && ! has_version "dev-tex/latex2html[png,gif]"; then
+ # die early instead of later
+ eerror "USE=doc requires latex2html with image support. Please add"
+ eerror "'png' and/or 'gif' to your use flags and re-emerge latex2html"
+ die "latex2html missing both png and gif flags"
+ fi
+
+ if use pygrub && ! has_version "dev-lang/python[ncurses]"; then
+ eerror "USE=pygrub requires python to be built with ncurses support. Please add"
+ eerror "'ncurses' to your use flags and re-emerge python"
+ die "python is missing ncurses flags"
+ fi
+
+ if ! has_version "dev-lang/python[threads]"; then
+ eerror "Python is required to be built with threading support. Please add"
+ eerror "'threads' to your use flags and re-emerge python"
+ die "python is missing threads flags"
+ fi
+
+ use api && export "LIBXENAPI_BINDINGS=y"
+ use flask && export "FLASK_ENABLE=y"
+
+ if use hvm && ! use qemu; then
+ elog "With qemu disabled, it is not possible to use HVM machines " \
+ "or PVM machines with a framebuffer attached in the kernel config" \
+ "The addition of use flag qemu is required when use flag hvm ise selected"
+ fi
+}
+
+src_prepare() {
+ cp "$DISTDIR/ipxe-git-v1.0.0.tar.gz" tools/firmware/etherboot/ipxe.tar.gz
+ sed -e 's/-Wall//' -i Config.mk || die "Couldn't sanitize CFLAGS"
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+ # Xend
+ if ! use xend; then
+ sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
+ -i tools/misc/Makefile || die "Disabling xend failed"
+ sed -e 's:^XEND_INITD:#XEND_INITD:' \
+ -i tools/examples/Makefile || "Disabling xend failed"
+ fi
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \;
+ fi
+
+ # Disable hvm support on systems that don't support x86_32 binaries.
+ if ! use hvm; then
+ chmod 644 tools/check/check_x11_devel
+ sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk
+ sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile
+ fi
+
+ if ! use pygrub; then
+ sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile
+ fi
+ # Don't bother with qemu, only needed for fully virtualised guests
+ if ! use qemu; then
+ sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk
+ sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" \
+ -i Makefile
+ fi
+
+ # Fix build for gcc-4.6
+ sed -e "s:-Werror::g" -i tools/xenstat/xentop/Makefile
+ # Fix network broadcast on bridged networks
+ epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
+
+ # Do not strip binaries
+ epatch "${FILESDIR}/${PN}-3.3.0-nostrip.patch"
+
+ # Patch to libxl bug #380343
+ epatch "${FILESDIR}/${PN}-4.1.1-libxl-tap.patch"
+
+ # Patch from bug #382329 for hvmloader
+ epatch "${FILESDIR}/${PN}-4.1.1-upstream-23104-1976adbf2b80.patch"
+
+ # Prevent the downloading of ipxe
+ sed -e 's:^\tif ! wget -O _$T:#\tif ! wget -O _$T:' \
+ -e 's:^\tfi:#\tfi:' -i \
+ -e 's:^\tmv _$T $T:#\tmv _$T $T:' \
+ -i tools/firmware/etherboot/Makefile || die
+
+ # Don't build ipxe with pie on hardened, Bug #360805
+ if gcc-specs-pie ; then
+ epatch "${FILESDIR}/ipxe-nopie.patch" || die "Could not apply ipxe-nopie patch"
+ fi
+}
+
+src_compile() {
+ export VARTEXFONTS="${T}/fonts"
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+
+ use custom-cflags || unset CFLAGS
+ if test-flag-CC -fno-strict-overflow; then
+ append-flags -fno-strict-overflow
+ fi
+
+ unset LDFLAGS
+ emake CC=$(tc-getCC) LD=$(tc-getLD) -C tools ${myopt} || die "compile failed"
+
+ if use doc; then
+ sh ./docs/check_pkgs || die "package check failed"
+ emake docs || die "compiling docs failed"
+ emake dev-docs || die "make dev-docs failed"
+ fi
+
+ emake -C docs man-pages || die "make man-pages failed"
+}
+
+src_install() {
+ # Override auto-detection in the build system, bug #382573
+ export INITD_DIR=/etc/init.d
+ export CONFIG_LEAF_DIR=default
+
+ make DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" XEN_PYTHON_NATIVE_INSTALL=y install-tools \
+ || die "install failed"
+
+ # Remove RedHat-specific stuff
+ rm -r "${D}"/etc/init.d/xen* "${D}"/etc/default || die
+
+ # uncomment lines in xl.conf
+ sed -e 's:^#autoballoon=1:autoballoon=1:' \
+ -e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
+ -e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
+ -i tools/examples/xl.conf || die
+
+ dodoc README docs/README.xen-bugtool docs/ChangeLog
+ if use doc; then
+ emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" install-docs \
+ || die "install docs failed"
+
+ dohtml -r docs/api/
+ docinto pdf
+ dodoc docs/api/tools/python/latex/refman.pdf
+
+ [ -d "${D}"/usr/share/doc/xen ] && mv "${D}"/usr/share/doc/xen/* "${D}"/usr/share/doc/${PF}/html
+ fi
+ rm -rf "${D}"/usr/share/doc/xen/
+
+ doman docs/man?/*
+
+ if use xend; then
+ newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
+ fi
+ newconfd "${FILESDIR}"/xendomains.confd xendomains \
+ || die "Couldn't install xendomains.confd"
+ newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains \
+ || die "Couldn't install xendomains.initd"
+ newinitd "${FILESDIR}"/xenstored.initd xenstored \
+ || die "Couldn't install xenstored.initd"
+ newconfd "${FILESDIR}"/xenstored.confd xenstored \
+ || die "Couldn't install xenstored.confd"
+ newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled \
+ || die "Couldn't install xenconsoled.initd"
+ newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled \
+ || die "Couldn't install xenconsoled.confd"
+
+ if use screen; then
+ cat "${FILESDIR}"/xendomains-screen.confd >> "${D}"/etc/conf.d/xendomains
+ cp "${FILESDIR}"/xen-consoles.logrotate "${D}"/etc/xen/
+ keepdir /var/log/xen-consoles
+ fi
+
+ # xend expects these to exist
+ keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
+
+ # for xendomains
+ keepdir /etc/xen/auto
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo"
+
+ if [[ "$(scanelf -s __guard -q $(type -P python))" ]] ; then
+ echo
+ ewarn "xend may not work when python is built with stack smashing protection (ssp)."
+ ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
+ ewarn "This probablem may be resolved as of Xen 3.0.4, if not post in the bug."
+ fi
+
+ if ! has_version "dev-lang/python[ncurses]"; then
+ echo
+ ewarn "NB: Your dev-lang/python is built without USE=ncurses."
+ ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
+ fi
+
+ if has_version "sys-apps/iproute2[minimal]"; then
+ echo
+ ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
+ ewarn "will not work until you rebuild iproute2 without USE=minimal."
+ fi
+
+ if ! use hvm; then
+ echo
+ elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
+ elog "support enable the hvm use flag."
+ elog "An x86 or amd64 multilib system is required to build HVM support."
+ echo
+ elog "The qemu use flag has been removed and replaced with hvm."
+ fi
+ if use xend; then
+ echo
+ elog "xend capability has been enabled and installed"
+ fi
+ if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
+ echo
+ elog "xensv is broken upstream (Gentoo bug #142011)."
+ elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
+ fi
+
+ python_mod_optimize $(use pygrub && echo grub) xen
+}
+
+pkg_postrm() {
+ python_mod_cleanup $(use pygrub && echo grub) xen
+}