summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2020-07-17 21:05:15 +0000
committerSam James <sam@gentoo.org>2020-07-17 23:59:49 +0000
commitc0944c6b2fc4279276065eebe18bef416d42781a (patch)
tree7baa3a93613d9c5d47dffd8e0d7f4fa0c6579b7d /app-emulation/xen
parentnet-analyzer/ossec-hids: security cleanup (diff)
downloadgentoo-c0944c6b2fc4279276065eebe18bef416d42781a.tar.gz
gentoo-c0944c6b2fc4279276065eebe18bef416d42781a.tar.bz2
gentoo-c0944c6b2fc4279276065eebe18bef416d42781a.zip
app-emulation/xen: security cleanup
Bug: https://bugs.gentoo.org/731658 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-emulation/xen')
-rw-r--r--app-emulation/xen/Manifest1
-rw-r--r--app-emulation/xen/xen-4.12.3-r1.ebuild165
2 files changed, 0 insertions, 166 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index 909e30deae1c..80b70dd92518 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -1,4 +1,3 @@
-DIST xen-4.12.3-upstream-patches-0.tar.xz 7236 BLAKE2B d795e2be6f1edb31f1d794912328c4d3673eb800464d99c5ae867d189d0ea2b4cbac0c8bcda7790ae40742f6bf79308eb624b4f67d1c7f12cc64be6d8c920b84 SHA512 de5723d4fd547845ca9a876f8535e720f7bd790e48dbf1d92397d60a285ef88a31cad276b1a01a4fa8946cefb15d69c8a3a00da5113b6e5e2655b871be076adf
DIST xen-4.12.3-upstream-patches-1.tar.xz 39052 BLAKE2B dbe18a8d67009be9597ea8f0cd45850ed0e437119095c414796efff2810e884a3d7c062a7e5e12e93d8991cbbab50c0095d7ae1c937129f8f9490aa5f31ca6f8 SHA512 1383b1c0e3d4918b6b43c9cdff5284e259385136aad479814ea1d50b25017a0466a6a0044321585f38f4c8fb30f5af91a45f666a6d7fce6e60a4dfdb346a421b
DIST xen-4.12.3.tar.gz 26985230 BLAKE2B 403de519a552f1cd49e5a85b63f48df1b7a47ff8381385860b67df32af0b33be1c13c92ca2234e4479b7f415e711e0f46c396c3f62dfb5b2465d2991723cf6ef SHA512 7bbf4e752477f18143ac9a62fb633b1fbe115a1a9b03d0132f33dfca025bc9b76d9c2e9b66a3e407d14aff161b940b1a82e3e3ca43213798e9dd38b6970194e0
DIST xen-4.13.1-upstream-patches-1.tar.xz 46892 BLAKE2B 8ccfe1d6b3589e262fa04526d5238694e324fef3b514daebdffcb74cecfc2700e37f810faf868ec198c99ed3a9af2c351656c31798c5791bfd6816552d78fd7a SHA512 2d9708c4b558c5986afd1caea56f69ac8b11d69371fd4afae0e9c3480a0b863c99ebe2d3b857d623d41924437db7f7e44fefc7bae892cd05d7605243ae8140d5
diff --git a/app-emulation/xen/xen-4.12.3-r1.ebuild b/app-emulation/xen/xen-4.12.3-r1.ebuild
deleted file mode 100644
index a265f1c31492..000000000000
--- a/app-emulation/xen/xen-4.12.3-r1.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${MY_PV}
-
-if [[ $PV == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
- SRC_URI=""
-else
- KEYWORDS="amd64 ~arm -x86"
- UPSTREAM_VER=0
- SECURITY_VER=
- GENTOO_VER=
-
- [[ -n ${UPSTREAM_VER} ]] && \
- UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
- https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
- [[ -n ${SECURITY_VER} ]] && \
- SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
- [[ -n ${GENTOO_VER} ]] && \
- GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
- SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz
- ${UPSTREAM_PATCHSET_URI}
- ${SECURITY_PATCHSET_URI}
- ${GENTOO_PATCHSET_URI}"
-fi
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="https://www.xenproject.org"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="debug efi flask"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22 )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-# no tests are available for the hypervisor
-# prevent the silliness of /usr/lib/debug/usr/lib/debug files
-# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
-RESTRICT="test splitdebug strip"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- elif use arm; then
- export XEN_TARGET_ARCH="arm32"
- elif use arm64; then
- export XEN_TARGET_ARCH="arm64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Upstream's patchset
- [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream
-
- # Security patchset
- if [[ -n ${SECURITY_VER} ]]; then
- einfo "Try to apply Xen Security patch set"
- # apply main xen patches
- # Two parallel systems, both work side by side
- # Over time they may concdense into one. This will suffice for now
- source "${WORKDIR}"/patches-security/${PV}.conf
-
- local i
- for i in ${XEN_SECURITY_MAIN}; do
- eapply "${WORKDIR}"/patches-security/xen/$i
- done
- fi
-
- # Gentoo's patchset
- [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo
-
- eapply "${FILESDIR}"/${PN}-4.11-efi.patch
-
- # Drop .config
- sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
-
- if use efi; then
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="/boot"
- fi
-
- default
-}
-
-src_configure() {
- use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
- use debug && myopt="${myopt} debug=y"
-
- # remove flags
- unset CFLAGS
- unset LDFLAGS
- unset ASFLAGS
-
- tc-ld-disable-gold # Bug 700374
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-
- # make install likes to throw in some extra EFI bits if it built
- use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
-}
-
-pkg_postinst() {
- elog "Official Xen Guide:"
- elog " https://wiki.gentoo.org/wiki/Xen"
-
- use efi && einfo "The efi executable is installed in /boot/efi/gentoo"
-
- elog "You can optionally block the installation of /boot/xen-syms by an entry"
- elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
- elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
-
- ewarn
- ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause"
- ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems"
- ewarn "to work fine."
- ewarn
- ewarn "Add sched=credit to xen command line options to use the legacy scheduler."
- ewarn
- ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B"
-}