diff options
author | Sam James <sam@gentoo.org> | 2020-07-17 21:05:15 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2020-07-17 23:59:49 +0000 |
commit | c0944c6b2fc4279276065eebe18bef416d42781a (patch) | |
tree | 7baa3a93613d9c5d47dffd8e0d7f4fa0c6579b7d /app-emulation/xen | |
parent | net-analyzer/ossec-hids: security cleanup (diff) | |
download | gentoo-c0944c6b2fc4279276065eebe18bef416d42781a.tar.gz gentoo-c0944c6b2fc4279276065eebe18bef416d42781a.tar.bz2 gentoo-c0944c6b2fc4279276065eebe18bef416d42781a.zip |
app-emulation/xen: security cleanup
Bug: https://bugs.gentoo.org/731658
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-emulation/xen')
-rw-r--r-- | app-emulation/xen/Manifest | 1 | ||||
-rw-r--r-- | app-emulation/xen/xen-4.12.3-r1.ebuild | 165 |
2 files changed, 0 insertions, 166 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest index 909e30deae1c..80b70dd92518 100644 --- a/app-emulation/xen/Manifest +++ b/app-emulation/xen/Manifest @@ -1,4 +1,3 @@ -DIST xen-4.12.3-upstream-patches-0.tar.xz 7236 BLAKE2B d795e2be6f1edb31f1d794912328c4d3673eb800464d99c5ae867d189d0ea2b4cbac0c8bcda7790ae40742f6bf79308eb624b4f67d1c7f12cc64be6d8c920b84 SHA512 de5723d4fd547845ca9a876f8535e720f7bd790e48dbf1d92397d60a285ef88a31cad276b1a01a4fa8946cefb15d69c8a3a00da5113b6e5e2655b871be076adf DIST xen-4.12.3-upstream-patches-1.tar.xz 39052 BLAKE2B dbe18a8d67009be9597ea8f0cd45850ed0e437119095c414796efff2810e884a3d7c062a7e5e12e93d8991cbbab50c0095d7ae1c937129f8f9490aa5f31ca6f8 SHA512 1383b1c0e3d4918b6b43c9cdff5284e259385136aad479814ea1d50b25017a0466a6a0044321585f38f4c8fb30f5af91a45f666a6d7fce6e60a4dfdb346a421b DIST xen-4.12.3.tar.gz 26985230 BLAKE2B 403de519a552f1cd49e5a85b63f48df1b7a47ff8381385860b67df32af0b33be1c13c92ca2234e4479b7f415e711e0f46c396c3f62dfb5b2465d2991723cf6ef SHA512 7bbf4e752477f18143ac9a62fb633b1fbe115a1a9b03d0132f33dfca025bc9b76d9c2e9b66a3e407d14aff161b940b1a82e3e3ca43213798e9dd38b6970194e0 DIST xen-4.13.1-upstream-patches-1.tar.xz 46892 BLAKE2B 8ccfe1d6b3589e262fa04526d5238694e324fef3b514daebdffcb74cecfc2700e37f810faf868ec198c99ed3a9af2c351656c31798c5791bfd6816552d78fd7a SHA512 2d9708c4b558c5986afd1caea56f69ac8b11d69371fd4afae0e9c3480a0b863c99ebe2d3b857d623d41924437db7f7e44fefc7bae892cd05d7605243ae8140d5 diff --git a/app-emulation/xen/xen-4.12.3-r1.ebuild b/app-emulation/xen/xen-4.12.3-r1.ebuild deleted file mode 100644 index a265f1c31492..000000000000 --- a/app-emulation/xen/xen-4.12.3-r1.ebuild +++ /dev/null @@ -1,165 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python2_7 ) - -inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs - -MY_PV=${PV/_/-} -MY_P=${PN}-${MY_PV} - -if [[ $PV == *9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="git://xenbits.xen.org/xen.git" - SRC_URI="" -else - KEYWORDS="amd64 ~arm -x86" - UPSTREAM_VER=0 - SECURITY_VER= - GENTOO_VER= - - [[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz - https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz" - [[ -n ${SECURITY_VER} ]] && \ - SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz" - [[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz" - SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${SECURITY_PATCHSET_URI} - ${GENTOO_PATCHSET_URI}" -fi - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="https://www.xenproject.org" -LICENSE="GPL-2" -SLOT="0" -IUSE="debug efi flask" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22 )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -# no tests are available for the hypervisor -# prevent the silliness of /usr/lib/debug/usr/lib/debug files -# prevent stripping of the debug info from the /usr/lib/debug/xen-syms -RESTRICT="test splitdebug strip" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="arm? ( debug )" - -S="${WORKDIR}/${MY_P}" - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use amd64; then - export XEN_TARGET_ARCH="x86_64" - elif use arm; then - export XEN_TARGET_ARCH="arm32" - elif use arm64; then - export XEN_TARGET_ARCH="arm64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - fi -} - -src_prepare() { - # Upstream's patchset - [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream - - # Security patchset - if [[ -n ${SECURITY_VER} ]]; then - einfo "Try to apply Xen Security patch set" - # apply main xen patches - # Two parallel systems, both work side by side - # Over time they may concdense into one. This will suffice for now - source "${WORKDIR}"/patches-security/${PV}.conf - - local i - for i in ${XEN_SECURITY_MAIN}; do - eapply "${WORKDIR}"/patches-security/xen/$i - done - fi - - # Gentoo's patchset - [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo - - eapply "${FILESDIR}"/${PN}-4.11-efi.patch - - # Drop .config - sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" - - if use efi; then - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="/boot" - fi - - default -} - -src_configure() { - use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i" - - use debug && myopt="${myopt} debug=y" - - # remove flags - unset CFLAGS - unset LDFLAGS - unset ASFLAGS - - tc-ld-disable-gold # Bug 700374 -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install - - # make install likes to throw in some extra EFI bits if it built - use efi || rm -rf "${D}/usr/$(get_libdir)/efi" -} - -pkg_postinst() { - elog "Official Xen Guide:" - elog " https://wiki.gentoo.org/wiki/Xen" - - use efi && einfo "The efi executable is installed in /boot/efi/gentoo" - - elog "You can optionally block the installation of /boot/xen-syms by an entry" - elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK" - elog "e.g. echo ${msg} > /etc/portage/env/xen.conf" - - ewarn - ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause" - ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems" - ewarn "to work fine." - ewarn - ewarn "Add sched=credit to xen command line options to use the legacy scheduler." - ewarn - ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B" -} |