SHA256
1
0
forked from pool/qemu

Accepting request 959502 from home:dfaggioli:experimental:Virtualization

- Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building logic and code
  * Patches added:
     Makefile-define-endianess-for-cross-buil.patch
- Include vmxcap in the qemu-tools package (is being very useful for debugging bsc#1193364)
- The qemu package should require qemu-x86, qemu-arm, etc, as there's no point installing it without _any_ of them. Additionally, right now, the user does not get a working qemu, if recommended packages are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087
- Give clearer instructions on how to modify the package patches from the output of update_git.sh (docs change only, no functional change)
- qemu,kvm: potential privilege escalation via virtiofsd (bsc#1195161, CVE-2022-0358)
  * Patches added:
     virtiofsd-Drop-membership-of-all-supplem.patch

OBS-URL: https://build.opensuse.org/request/show/959502
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=691
This commit is contained in:
Dario Faggioli 2022-03-04 18:04:00 +00:00 committed by Git OBS Bridge
parent 5435e8a804
commit 0251d2a2c0
7 changed files with 569 additions and 359 deletions

View File

@ -0,0 +1,28 @@
From: Dario Faggioli <dfaggioli@suse.com>
Date: Wed, 16 Feb 2022 19:22:01 +0100
Subject: Makefile: define endianess for cross-building on aarch64
Git-commit: 0000000000000000000000000000000000000000
References: bsc#1193545
Include aarch64 in the endianess check, so we can cross-build from
there too.
Signed-of-by: Dario Faggioli <dfaggioli@suse.com>
---
Makefile.main | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roms/skiboot/Makefile.main b/roms/skiboot/Makefile.main
index c8a63e8b110f3c6bf115314da7bf..98790ec5c3b0f35272f032798353 100644
--- a/roms/skiboot/Makefile.main
+++ b/roms/skiboot/Makefile.main
@@ -50,7 +50,7 @@ endif
# Host tools and options
HOSTCC=gcc
-HOSTEND=$(shell uname -m | sed -e 's/^i.*86$$/LITTLE/' -e 's/^x86.*/LITTLE/' -e 's/^ppc64le/LITTLE/' -e 's/^ppc.*/BIG/')
+HOSTEND=$(shell uname -m | sed -e 's/^i.*86$$/LITTLE/' -e 's/^x86.*/LITTLE/' -e 's/^ppc64le/LITTLE/' -e 's/^aarch64/LITTLE/' -e 's/^ppc.*/BIG/')
HOSTCFLAGS:=-O1 $(CWARNS) -DHAVE_$(HOSTEND)_ENDIAN -MMD
HOSTCFLAGS += $(call try-cflag,$(HOSTCC),-std=gnu11)
HOSTCFLAGS += $(call try-cflag,$(HOSTCC),-m64)

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:c193bc35a37fe2cdcac868f1c4be435022839ea65dab738da7ad58ae0e173c9f oid sha256:0dcea7c34fdbef6dc0537f15260f037d6c3e3513315749018555dfbf45745691
size 74216 size 76160

View File

@ -1,3 +1,43 @@
-------------------------------------------------------------------
Tue Mar 1 16:58:31 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
-------------------------------------------------------------------
Fri Feb 18 18:39:54 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- Include vmxcap in the qemu-tools package (is being very useful
for debugging bsc#1193364)
-------------------------------------------------------------------
Fri Feb 18 18:26:26 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- The qemu package should require qemu-x86, qemu-arm, etc, as there's
no point installing it without _any_ of them. Additionally, right
now, the user does not get a working qemu, if recommended packages
are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087
-------------------------------------------------------------------
Wed Feb 18 15:31:48 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- Give clearer instructions on how to modify the package patches
from the output of update_git.sh (docs change only, no functional
change)
-------------------------------------------------------------------
Wed Feb 18 12:25:15 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- qemu,kvm: potential privilege escalation via virtiofsd
(bsc#1195161, CVE-2022-0358)
* Patches added:
virtiofsd-Drop-membership-of-all-supplem.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Feb 18 11:47:54 UTC 2022 - Li Zhang <li.zhang@suse.com> Fri Feb 18 11:47:54 UTC 2022 - Li Zhang <li.zhang@suse.com>

380
qemu.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package qemu # spec file
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
@ -22,39 +22,50 @@
%define _buildshell /bin/bash %define _buildshell /bin/bash
%define build_x86_firmware_from_source 0 %define build_x86_firmware 0
%define build_skiboot_from_source 0 %define build_ppc_firmware 0
%define build_slof_from_source 0 %define build_opensbi_firmware 0
%define build_opensbi_from_source 0
%define kvm_available 0 %define kvm_available 0
%define legacy_qemu_kvm 0 %define legacy_qemu_kvm 0
%define force_fit_virtio_pxe_rom 1 %define force_fit_virtio_pxe_rom 1
%define build_rom_arch %ix86 x86_64 aarch64
%if "%{?distribution}" == "" %if "%{?distribution}" == ""
%define distro private-build %define distro private-build
%else %else
%define distro %{distribution} %define distro %{distribution}
%endif %endif
%ifarch %{build_rom_arch} # So, we have openSUSE:Factory, and we have "ports". In openSUSE:Factory, we
# choice of building all from source or using provided binary x86 blobs # have i586 and x86_64. In the :ARM port, we have aarch64, armv6l and armv7l.
%define build_x86_firmware_from_source 1 # In the :PowerPC port, we have ppc64, ppc and ppc64le. In the :zSystems port
%endif # we have s390x. And in the :RISCV we have riscv.
#
# Ideally, we'd want to build the firmwares at least once per port, and then
# share the resulting packages among the arch-es within each port (check the
# `ExportFilter` directives in the project config).
#
# Of course, we always build the "native fimrwares" (e.g., x86 firmwares on
# x86_64, PPC firmwares on ppc64le, etc). But we also cross compile as much
# firmwares as we can (e.g., both x86 and PPC firmwares on aarch64) so they'll
# be available in as many ports as possible (as noarch packages).
%ifarch ppc64 %ifarch x86_64 aarch64
%define build_skiboot_from_source 0 %define build_ppc_firmware 1
%define build_slof_from_source 1 # Currently, opensbi does not cross build cleanly on 15.3 and 15.4
%if ! 0%{?sle_version}
%define build_opensbi_firmware 1
%endif %endif
%define build_x86_firmware 1
%ifarch ppc64le %endif
%define build_skiboot_from_source 0 %ifarch ppc64 ppc64le
%define build_slof_from_source 1 %define build_ppc_firmware 1
%if ! 0%{?sle_version}
%define build_opensbi_firmware 1
%endif
# FIXME: Try to enable cross building of x86 firmwares here on PPC
%endif %endif
%ifarch riscv64 %ifarch riscv64
%define build_opensbi_from_source 1 %define build_opensbi_firmware 1
%endif %endif
%ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64 %ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
@ -202,6 +213,7 @@ Patch00066: iotests-60-more-accurate-set-dirty-bit-i.patch
Patch00067: iotest-214-explicit-compression-type.patch Patch00067: iotest-214-explicit-compression-type.patch
Patch00068: iotests-declare-lack-of-support-for-comp.patch Patch00068: iotests-declare-lack-of-support-for-comp.patch
Patch00069: block-backend-Retain-permissions-after-m.patch Patch00069: block-backend-Retain-permissions-after-m.patch
Patch00070: virtiofsd-Drop-membership-of-all-supplem.patch
# Patches applied in roms/seabios/: # Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch
@ -215,6 +227,8 @@ Patch02003: help-compiler-out-by-initializing-array.patch
# Patches applied in roms/sgabios/: # Patches applied in roms/sgabios/:
Patch03000: sgabios-Makefile-fix-issues-of-build-rep.patch Patch03000: sgabios-Makefile-fix-issues-of-build-rep.patch
Patch03001: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch Patch03001: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
# Patches applied in roms/skiboot/:
Patch05000: Makefile-define-endianess-for-cross-buil.patch
# Patches applied in roms/qboot/: # Patches applied in roms/qboot/:
Patch11000: qboot-add-cross.ini-file-to-handle-aarch.patch Patch11000: qboot-add-cross.ini-file-to-handle-aarch.patch
# Patches applied in roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/: # Patches applied in roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/:
@ -250,47 +264,52 @@ syscall layer occurs on the native hardware and operating system.
# above section is for qemu-linux-user # above section is for qemu-linux-user
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
%else %else
%if %{build_x86_firmware_from_source} %if %{build_x86_firmware}
BuildRequires: acpica BuildRequires: acpica
%endif
BuildRequires: pkgconfig(alsa)
%if %{build_x86_firmware_from_source}
BuildRequires: binutils-devel BuildRequires: binutils-devel
%endif BuildRequires: dos2unix
BuildRequires: bison BuildRequires: glibc-devel-32bit
BuildRequires: brlapi-devel BuildRequires: pkgconfig(liblzma)
%if %{build_x86_firmware_from_source} %ifnarch %ix86 x86_64
%ifnarch %{ix86} x86_64
# We must cross-compile on non-x86* # We must cross-compile on non-x86*
BuildRequires: cross-x86_64-binutils BuildRequires: cross-x86_64-binutils
BuildRequires: cross-x86_64-gcc%gcc_version BuildRequires: cross-x86_64-gcc%gcc_version
%endif %endif
%endif %endif
BuildRequires: pkgconfig(libcurl) >= 7.29 %if %{build_opensbi_firmware}
BuildRequires: pkgconfig(libsasl2) %ifnarch riscv64
%if %{build_x86_firmware_from_source} BuildRequires: cross-riscv64-binutils
BuildRequires: dos2unix BuildRequires: cross-riscv64-gcc%gcc_version
%endif %endif
%endif
%if %{build_ppc_firmware}
%ifnarch ppc64 ppc64le
BuildRequires: cross-ppc64-binutils
BuildRequires: cross-ppc64-gcc%gcc_version
%endif
%endif
BuildRequires: bison
BuildRequires: brlapi-devel
BuildRequires: flex BuildRequires: flex
BuildRequires: pkgconfig(glib-2.0) >= 2.56
%if %{build_x86_firmware_from_source}
BuildRequires: glibc-devel-32bit
%endif
BuildRequires: libaio-devel BuildRequires: libaio-devel
BuildRequires: libattr-devel BuildRequires: libattr-devel
BuildRequires: libbz2-devel BuildRequires: libbz2-devel
BuildRequires: libfdt-devel >= 1.4.2 BuildRequires: libfdt-devel >= 1.4.2
BuildRequires: libgcrypt-devel >= 1.8.0 BuildRequires: libgcrypt-devel >= 1.8.0
BuildRequires: pkgconfig(alsa)
BuildRequires: pkgconfig(epoxy) BuildRequires: pkgconfig(epoxy)
BuildRequires: pkgconfig(gbm) BuildRequires: pkgconfig(gbm)
BuildRequires: pkgconfig(glib-2.0) >= 2.56
BuildRequires: pkgconfig(glusterfs-api) >= 3 BuildRequires: pkgconfig(glusterfs-api) >= 3
BuildRequires: pkgconfig(gnutls) >= 3.5.18 BuildRequires: pkgconfig(gnutls) >= 3.5.18
BuildRequires: pkgconfig(gtk+-3.0) >= 3.22 BuildRequires: pkgconfig(gtk+-3.0) >= 3.22
BuildRequires: pkgconfig(libcacard) >= 2.5.1 BuildRequires: pkgconfig(libcacard) >= 2.5.1
BuildRequires: pkgconfig(libcap-ng) BuildRequires: pkgconfig(libcap-ng)
BuildRequires: pkgconfig(libcurl) >= 7.29
BuildRequires: pkgconfig(libdrm) BuildRequires: pkgconfig(libdrm)
BuildRequires: pkgconfig(libiscsi) >= 1.9.0 BuildRequires: pkgconfig(libiscsi) >= 1.9.0
BuildRequires: pkgconfig(libjpeg) BuildRequires: pkgconfig(libjpeg)
BuildRequires: pkgconfig(libsasl2)
%if 0%{?with_daxctl} %if 0%{?with_daxctl}
BuildRequires: pkgconfig(libndctl) BuildRequires: pkgconfig(libndctl)
%endif %endif
@ -342,9 +361,6 @@ BuildRequires: pkgconfig(vte-2.91)
BuildRequires: xen-devel >= 4.2 BuildRequires: xen-devel >= 4.2
%endif %endif
BuildRequires: xfsprogs-devel BuildRequires: xfsprogs-devel
%if %{build_x86_firmware_from_source}
BuildRequires: pkgconfig(liblzma)
%endif
BuildRequires: pkgconfig(libzstd) BuildRequires: pkgconfig(libzstd)
BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(zlib)
%if "%{name}" == "qemu" %if "%{name}" == "qemu"
@ -358,6 +374,26 @@ Requires(post): udev
%ifarch s390x %ifarch s390x
Requires(post): procps Requires(post): procps
%endif %endif
%ifarch %ix86 x86_64
Requires: qemu-x86
%else
Suggests: qemu-x86
%endif
%ifarch ppc ppc64 ppc64le
Requires: qemu-ppc
%else
Suggests: qemu-ppc
%endif
%ifarch s390x
Requires: qemu-s390x
%else
Suggests: qemu-s390x
%endif
%ifarch %arm aarch64
Requires: qemu-arm
%else
Suggests: qemu-arm
%endif
Recommends: kvm_stat Recommends: kvm_stat
%endif %endif
Recommends: qemu-block-curl Recommends: qemu-block-curl
@ -377,26 +413,6 @@ Recommends: qemu-hw-usb-smartcard
Recommends: qemu-ui-gtk Recommends: qemu-ui-gtk
Recommends: qemu-ui-spice-app Recommends: qemu-ui-spice-app
%endif %endif
%ifarch %{ix86} x86_64
Recommends: qemu-x86
%else
Suggests: qemu-x86
%endif
%ifarch ppc ppc64 ppc64le
Recommends: qemu-ppc
%else
Suggests: qemu-ppc
%endif
%ifarch s390x
Recommends: qemu-s390x
%else
Suggests: qemu-s390x
%endif
%ifarch %arm aarch64
Recommends: qemu-arm
%else
Suggests: qemu-arm
%endif
Suggests: qemu-block-dmg Suggests: qemu-block-dmg
Suggests: qemu-block-gluster Suggests: qemu-block-gluster
Suggests: qemu-block-iscsi Suggests: qemu-block-iscsi
@ -453,6 +469,7 @@ Group: System/Emulators/PC
Version: %{qemuver} Version: %{qemuver}
Release: 0 Release: 0
Requires: %name = %{qemuver} Requires: %name = %{qemuver}
Requires: qemu-SLOF
Recommends: qemu-ipxe Recommends: qemu-ipxe
Recommends: qemu-vgabios Recommends: qemu-vgabios
@ -915,7 +932,7 @@ Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*)
This package contains the QEMU guest agent. It is installed in the linux guest This package contains the QEMU guest agent. It is installed in the linux guest
to provide information and control at the guest OS level. to provide information and control at the guest OS level.
%ifarch %{build_rom_arch} %if %{build_x86_firmware}
%package microvm %package microvm
Summary: x86 MicroVM firmware for QEMU Summary: x86 MicroVM firmware for QEMU
Group: System/Emulators/PC Group: System/Emulators/PC
@ -980,6 +997,7 @@ Provides Preboot Execution Environment (PXE) ROM support for various emulated
network adapters available with QEMU. network adapters available with QEMU.
%endif %endif
%if %{build_ppc_firmware}
%package skiboot %package skiboot
Summary: OPAL firmware (aka skiboot), used in booting OpenPOWER systems Summary: OPAL firmware (aka skiboot), used in booting OpenPOWER systems
Group: System/Emulators/PC Group: System/Emulators/PC
@ -994,6 +1012,18 @@ Provides: %name:%_datadir/%name/forsplits/06
Provides OPAL (OpenPower Abstraction Layer) firmware, aka skiboot, as Provides OPAL (OpenPower Abstraction Layer) firmware, aka skiboot, as
traditionally packaged with QEMU. traditionally packaged with QEMU.
%package SLOF
Summary: Slimline Open Firmware - SLOF
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
BuildArch: noarch
%description SLOF
Slimline Open Firmware (SLOF) is an implementation of the IEEE 1275 standard.
It can be used as partition firmware for pSeries machines running on QEMU or KVM.
%endif
%package ksm %package ksm
Summary: Kernel Samepage Merging services Summary: Kernel Samepage Merging services
Group: System/Emulators/PC Group: System/Emulators/PC
@ -1171,6 +1201,7 @@ This package records qemu testsuite results and represents successful testing.
%patch00067 -p1 %patch00067 -p1
%patch00068 -p1 %patch00068 -p1
%patch00069 -p1 %patch00069 -p1
%patch00070 -p1
%patch01000 -p1 %patch01000 -p1
%patch01001 -p1 %patch01001 -p1
%patch01002 -p1 %patch01002 -p1
@ -1183,6 +1214,7 @@ This package records qemu testsuite results and represents successful testing.
%patch02003 -p1 %patch02003 -p1
%patch03000 -p1 %patch03000 -p1
%patch03001 -p1 %patch03001 -p1
%patch05000 -p1
%patch11000 -p1 %patch11000 -p1
%patch27000 -p1 %patch27000 -p1
@ -1192,87 +1224,71 @@ This package records qemu testsuite results and represents successful testing.
# openbios-sparc32 openbios-sparc64 palcode-clipper petalogix-ml605.dtb # openbios-sparc32 openbios-sparc64 palcode-clipper petalogix-ml605.dtb
# petalogix-s3adsp1800.dtb QEMU,cgthree.bin QEMU,tcx.bin qemu_vga.ndrv # petalogix-s3adsp1800.dtb QEMU,cgthree.bin QEMU,tcx.bin qemu_vga.ndrv
# u-boot.e500 u-boot-sam460-20100605.bin opensbi-riscv32-generic-fw_dynamic.bin # u-boot.e500 u-boot-sam460-20100605.bin opensbi-riscv32-generic-fw_dynamic.bin
# opensbi-riscv32-generic-fw_dynamic.elf npcm7xx_bootrom.bin # opensbi-riscv32-generic-fw_dynamic.elfnpcm7xx_bootrom.bin
# This first list group isn't specific to what this instance builds # Note that:
%define ppc_default_firmware {%nil} # - default firmwares are built "by default", i.e., they're built automatically
# during the process of building QEMU (on each specific arch)
# - extra firmwares are built "manually" (see below) from their own sources
# (which, typically, are submodules checked out in the {srcdi}r/roms directory)
%define ppc_default_firmware %{nil}
%define ppc_extra_firmware {skiboot.lid slof.bin} %define ppc_extra_firmware {skiboot.lid slof.bin}
%define ppc64_only_default_firmware {%nil} %define riscv64_default_firmware %{nil}
%define ppc64_only_extra_firmware {%nil} %define riscv64_extra_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
%define riscv64_default_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
opensbi-riscv64-generic-fw_dynamic.elf} opensbi-riscv64-generic-fw_dynamic.elf}
%define riscv64_extra_firmware {%nil}
%define s390x_default_firmware {s390-ccw.img s390-netboot.img} %define s390x_default_firmware {s390-ccw.img s390-netboot.img}
%define s390x_extra_firmware {%nil} %define s390x_extra_firmware %{nil}
%define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \ %define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \
multiboot_dma.bin kvmvapic.bin pvh.bin} multiboot_dma.bin kvmvapic.bin pvh.bin}
%define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \ %define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \
pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \ pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \
pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \ pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \
vgabios.bin vgabios-cirrus.bin vgabios-qxl.bin vgabios-ramfb.bin \ vgabios.bin vgabios-cirrus.bin vgabios-qxl.bin vgabios-ramfb.bin \
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin} vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
%define x86_64_only_default_firmware {%nil} efi-e1000.rom efi-e1000e.rom efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom \
%define x86_64_only_extra_firmware {efi-e1000.rom efi-e1000e.rom \ efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom}
efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom efi-rtl8139.rom efi-virtio.rom \
efi-vmxnet3.rom}
# Complete list of all the firmwares that we build, if we consider
# all the builds, on all the arches.
%define firmware { \ %define firmware { \
%{?ppc_default_firmware} %{?ppc_extra_firmware} \ %{ppc_default_firmware} %{ppc_extra_firmware} \
%{?ppc64_only_default_firmware} %{?ppc64_only_extra_firmware} \ %{riscv64_default_firmware} %{riscv64_extra_firmware} \
%{?riscv64_default_firmware} %{?riscv64_extra_firmware} \ %{s390x_default_firmware} %{s390x_extra_firmware} \
%{?s390x_default_firmware} %{?s390x_extra_firmware} \ %{x86_default_firmware} %{x86_extra_firmware} }
%{?x86_default_firmware} %{?x86_extra_firmware} \
%{?x86_64_only_default_firmware} %{?x86_64_only_extra_firmware} }
# This second list group is specific to what this instance builds # Note that:
# - {arch}_default_built_firmware are the firmwares that we will be built by
# default in this particular build, on the arch where we currently are on
# - {arch}_extra_built_fimrware, likewise, but for extra firmwares, built manually
%ifarch ppc64 ppc64le
%define ppc_default_built_firmware %{ppc_default_firmware} %define ppc_default_built_firmware %{ppc_default_firmware}
%if %{build_skiboot_from_source} && %{build_slof_from_source}
%define ppc_extra_built_firmware %{ppc_extra_firmware}
%else
%if %{build_skiboot_from_source}
%define ppc_extra_built_firmware {skiboot.lid}
%endif %endif
%if %{build_slof_from_source}
%define ppc_extra_built_firmware {slof.bin}
%endif
%endif
%ifarch ppc64
%define ppc64_only_default_built_firmware %{ppc64_only_default_firmware}
%define ppc64_only_extra_built_firmware %{ppc64_only_extra_firmware}
%endif
%ifarch riscv64 %ifarch riscv64
%define riscv64_default_built_firmware %{riscv64_default_firmware} %define riscv64_default_built_firmware %{riscv64_default_firmware}
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
%endif %endif
%ifarch s390x %ifarch s390x
%define s390x_default_built_firmware %{s390x_default_firmware} %define s390x_default_built_firmware %{s390x_default_firmware}
%define s390x_extra_built_firmware %{s390x_extra_firmware}
%endif %endif
%ifarch %ix86 x86_64 %ifarch %ix86 x86_64
%define x86_default_built_firmware %{x86_default_firmware} %define x86_default_built_firmware %{x86_default_firmware}
%ifarch x86_64
%define x86_64_only_default_built_firmware %{x86_64_only_default_firmware}
%endif
%endif %endif
%if %{build_x86_firmware_from_source} %if %{build_opensbi_firmware}
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
%endif
%if %{build_ppc_firmware}
%define ppc_extra_built_firmware %{ppc_extra_firmware}
%endif
%if %{build_x86_firmware}
%define x86_extra_built_firmware %{x86_extra_firmware} %define x86_extra_built_firmware %{x86_extra_firmware}
%ifarch x86_64
%define x86_64_only_extra_built_firmware %{x86_64_only_extra_firmware}
%endif
%endif %endif
# List of only firmwares that will actually be built, in this instance
%define built_firmware { \ %define built_firmware { \
%{?ppc_default_built_firmware} %{?ppc_extra_built_firmware} \ %{?ppc_default_built_firmware} %{?ppc_extra_built_firmware} \
%{?ppc64_only_default_built_firmware} %{?ppc64_only_extra_built_firmware} \
%{?riscv64_default_built_firmware} %{?riscv64_extra_built_firmware} \ %{?riscv64_default_built_firmware} %{?riscv64_extra_built_firmware} \
%{?s390x_default_built_firmware} %{?s390x_extra_built_firmware} \ %{?s390x_default_built_firmware} %{?s390x_extra_built_firmware} \
%{?x86_default_built_firmware} %{?x86_extra_built_firmware} \ %{?x86_default_built_firmware} %{?x86_extra_built_firmware} }
%{?x86_64_only_default_built_firmware} %{?x86_64_only_extra_built_firmware} }
# above section is for qemu and qemu-testsuite # above section is for qemu and qemu-testsuite
%endif %endif
@ -1503,7 +1519,9 @@ cd %blddir
%if "%{name}" == "qemu" %if "%{name}" == "qemu"
# delete the firmware files that we intend to build # Let's build QEMU (and all the "default" firmwares, for each arch)
# First, delete the firmware files that we intend to build...
for i in %built_firmware for i in %built_firmware
do do
unlink %srcdir/pc-bios/$i unlink %srcdir/pc-bios/$i
@ -1511,68 +1529,57 @@ done
make %{?_smp_mflags} V=1 make %{?_smp_mflags} V=1
# Firmware # ... And then, reinstate the firmwares that have been built already
for i in %{?s390x_default_built_firmware}
%ifarch s390x
for i in %s390x_default_built_firmware
do do
cp pc-bios/s390-ccw/$i %srcdir/pc-bios/ cp pc-bios/s390-ccw/$i %srcdir/pc-bios/
done done
%endif
%ifarch ppc64 for i in %{?x86_default_built_firmware}
for i in %ppc64_only_default_built_firmware
do
cp pc-bios/spapr-rtas/$i %srcdir/pc-bios/
done
%endif
%ifarch %ix86 x86_64
for i in %x86_default_built_firmware
do do
cp pc-bios/optionrom/$i %srcdir/pc-bios/ cp pc-bios/optionrom/$i %srcdir/pc-bios/
done done
%ifarch x86_64
for i in %x86_64_only_default_built_firmware # Build the "extra" firmwares. Note that the QEMU Makefile in {srcdir}/roms
do # does some cross-compiler auto detection. So we often don't need to define
cp pc-bios/optionrom/$i %srcdir/pc-bios/ # or pass CROSS= and CROSS_COMPILE ourselves.
done
%endif %if %{build_ppc_firmware}
# FIXME: check if we can upstream: Makefile-define-endianess-for-cross-buil.patch
make %{?_smp_mflags} -C %srcdir/roms skiboot
make %{?_smp_mflags} -C %srcdir/roms slof
%endif %endif
%if %{build_x86_firmware_from_source} %if %{build_opensbi_firmware}
%ifnarch %{ix86} x86_64 make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic
export CC=x86_64-suse-linux-gcc
export LD=x86_64-suse-linux-ld
%endif %endif
%if %{build_x86_firmware}
make %{?_smp_mflags} -C %srcdir/roms bios \ make %{?_smp_mflags} -C %srcdir/roms bios \
SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \ SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif
# FIXME: check if we can upstream: roms-Makefile-add-cross-file-to-qboot-me.patch
# and qboot-add-cross.ini-file-to-handle-aarch.patch
make %{?_smp_mflags} -C %srcdir/roms qboot make %{?_smp_mflags} -C %srcdir/roms qboot
make %{?_smp_mflags} -C %srcdir/roms seavgabios \ make %{?_smp_mflags} -C %srcdir/roms seavgabios \
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif
make %{?_smp_mflags} -C %srcdir/roms seavgabios-ati \ make %{?_smp_mflags} -C %srcdir/roms seavgabios-ati \
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif
make %{?_smp_mflags} -C %srcdir/roms pxerom make %{?_smp_mflags} -C %srcdir/roms pxerom
%ifnarch %ix86
make %{?_smp_mflags} -C %srcdir/roms efirom \ make %{?_smp_mflags} -C %srcdir/roms efirom \
EDK2_BASETOOLS_OPTFLAGS='-fPIE' EDK2_BASETOOLS_OPTFLAGS='-fPIE'
%endif
make -C %srcdir/roms sgabios \ # We're currently not building firmware on ix86, but let's make sure this works
HOSTCC=cc # fine if one enables it, e.g., locally (for debugging or something).
# FIXME: check if we can get rid or upstream: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
make -C %srcdir/roms sgabios HOSTCC=cc \
%ifnarch %ix86 x86_64
CC=x86_64-suse-linux-gcc LD=x86_64-suse-linux-ld \
%endif
%if %{force_fit_virtio_pxe_rom} %if %{force_fit_virtio_pxe_rom}
pushd %srcdir pushd %srcdir
@ -1607,26 +1614,13 @@ for i in %supported_nics_small
exit 1 exit 1
fi fi
done done
%ifnarch %{ix86} x86_64
unset CC
unset LD
%endif
%endif
%if %{build_skiboot_from_source}
make %{?_smp_mflags} -C %srcdir/roms skiboot CROSS=
%endif %endif
# End of {build_x86_firmware}
%if %{build_slof_from_source}
make %{?_smp_mflags} -C %srcdir/roms slof
%endif %endif
# End of "{name}" == "qemu"
%if %{build_opensbi_from_source}
make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic CROSS_COMPILE=
%endif
# above section is for qemu
%endif
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
%if "%{name}" == "qemu-testsuite" %if "%{name}" == "qemu-testsuite"
@ -1778,15 +1772,7 @@ ln -s qemu-binfmt %{buildroot}%_bindir/qemu-xtensaeb-binfmt
%if "%{name}" == "qemu" %if "%{name}" == "qemu"
make %{?_smp_mflags} install DESTDIR=%{buildroot} make %{?_smp_mflags} install DESTDIR=%{buildroot}
%ifarch %{build_rom_arch}
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
%else
for f in %{x86_extra_firmware} \
%{x86_64_only_extra_firmware}; do
unlink %{buildroot}%_datadir/%name/$f
done
%endif
%find_lang %name %find_lang %name
install -d -m 0755 %{buildroot}%_datadir/%name/firmware install -d -m 0755 %{buildroot}%_datadir/%name/firmware
install -d -m 0755 %{buildroot}/usr/lib/supportconfig/plugins install -d -m 0755 %{buildroot}/usr/lib/supportconfig/plugins
@ -1796,6 +1782,7 @@ install -D -m 0755 %{SOURCE3} %{buildroot}%_datadir/%name/qemu-ifup
install -D -p -m 0644 %{SOURCE8} %{buildroot}/usr/lib/udev/rules.d/80-qemu-ga.rules install -D -p -m 0644 %{SOURCE8} %{buildroot}/usr/lib/udev/rules.d/80-qemu-ga.rules
install -D -m 0755 scripts/analyze-migration.py %{buildroot}%_bindir/analyze-migration.py install -D -m 0755 scripts/analyze-migration.py %{buildroot}%_bindir/analyze-migration.py
install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmstate-static-checker.py install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmstate-static-checker.py
install -D -m 0755 scripts/kvm/vmxcap %{buildroot}%_bindir/vmxcap
install -D -m 0755 %{SOURCE9} %{buildroot}/usr/lib/supportconfig/plugins/%name install -D -m 0755 %{SOURCE9} %{buildroot}/usr/lib/supportconfig/plugins/%name
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
@ -1843,17 +1830,43 @@ unlink %{buildroot}%_datadir/%name/edk2-x86_64-secure-code.fd
# this was never meant for customer consumption - delete even though installed # this was never meant for customer consumption - delete even though installed
unlink %{buildroot}%_bindir/elf2dmp unlink %{buildroot}%_bindir/elf2dmp
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
for X in 00 01 02 03 04 05 07 08 09 10 11 12 13 14 15 16 17 18 19
do
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
done
# For PPC and x86 firmwares, there are a few extra install steps necessary.
# In general, if we know that we have not built a firmware, remove it from the
# install base, as the one that we have there is the upstream binary, that got
# copied there during `make install`.
%if %{build_ppc_firmware}
# in support of update-alternatives # in support of update-alternatives
mv %{buildroot}%_datadir/%name/skiboot.lid %{buildroot}%_datadir/%name/skiboot.lid.qemu mv %{buildroot}%_datadir/%name/skiboot.lid %{buildroot}%_datadir/%name/skiboot.lid.qemu
# create a dummy target for /etc/alternatives/skiboot.lid # create a dummy target for /etc/alternatives/skiboot.lid
mkdir -p %{buildroot}%{_sysconfdir}/alternatives mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/06
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt %else
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 for f in %{ppc_extra_firmware} ; do
do unlink %{buildroot}%_datadir/%name/$f
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
done done
%endif
# For riscv64 firmwares (currently, only opensbi), we leave them there in
# any case, because they're part of the qemu-extra package, and riscv is
# a bit special in many ways already.
%if %{build_x86_firmware}
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
%else
for f in %{x86_extra_firmware} ; do
unlink %{buildroot}%_datadir/%name/$f
done
%endif
%suse_update_desktop_file qemu %suse_update_desktop_file qemu
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
@ -1918,6 +1931,7 @@ fi
%postun ksm %postun ksm
%service_del_postun ksm.service %service_del_postun ksm.service
%if %{build_ppc_firmware}
%post skiboot %post skiboot
update-alternatives --install \ update-alternatives --install \
%{_datadir}/%name/skiboot.lid skiboot.lid %{_datadir}/%name/skiboot.lid.qemu 15 %{_datadir}/%name/skiboot.lid skiboot.lid %{_datadir}/%name/skiboot.lid.qemu 15
@ -1926,6 +1940,7 @@ update-alternatives --install \
if [ ! -f %{_datadir}/%name/skiboot.lid.qemu ] ; then if [ ! -f %{_datadir}/%name/skiboot.lid.qemu ] ; then
update-alternatives --remove skiboot.lid %{_datadir}/%name/skiboot.lid.qemu update-alternatives --remove skiboot.lid %{_datadir}/%name/skiboot.lid.qemu
fi fi
%endif
# above section is for qemu # above section is for qemu
%endif %endif
@ -2212,7 +2227,6 @@ fi
%_datadir/%name/canyonlands.dtb %_datadir/%name/canyonlands.dtb
%_datadir/%name/openbios-ppc %_datadir/%name/openbios-ppc
%_datadir/%name/qemu_vga.ndrv %_datadir/%name/qemu_vga.ndrv
%_datadir/%name/slof.bin
%_datadir/%name/u-boot.e500 %_datadir/%name/u-boot.e500
%_datadir/%name/u-boot-sam460-20100605.bin %_datadir/%name/u-boot-sam460-20100605.bin
%dir %_docdir/qemu-ppc %dir %_docdir/qemu-ppc
@ -2464,7 +2478,7 @@ fi
%files lang -f %blddir/%name.lang %files lang -f %blddir/%name.lang
%defattr(-, root, root) %defattr(-, root, root)
%ifarch %{build_rom_arch} %if %{build_x86_firmware}
%files seabios %files seabios
%defattr(-, root, root) %defattr(-, root, root)
%dir %_datadir/%name %dir %_datadir/%name
@ -2516,6 +2530,7 @@ fi
%_datadir/%name/pxe-virtio.rom %_datadir/%name/pxe-virtio.rom
%endif %endif
%if %{build_ppc_firmware}
%files skiboot %files skiboot
%defattr(-, root, root) %defattr(-, root, root)
%dir %_datadir/%name %dir %_datadir/%name
@ -2525,6 +2540,12 @@ fi
%_datadir/%name/skiboot.lid.qemu %_datadir/%name/skiboot.lid.qemu
%ghost %_sysconfdir/alternatives/skiboot.lid %ghost %_sysconfdir/alternatives/skiboot.lid
%files SLOF
%defattr(-, root, root)
%dir %_datadir/%name
%_datadir/%name/slof.bin
%endif
%files vhost-user-gpu %files vhost-user-gpu
%defattr(-, root, root) %defattr(-, root, root)
%dir %_datadir/%name/vhost-user %dir %_datadir/%name/vhost-user
@ -2542,6 +2563,7 @@ fi
%_bindir/qemu-pr-helper %_bindir/qemu-pr-helper
%_bindir/qemu-storage-daemon %_bindir/qemu-storage-daemon
%_bindir/vmstate-static-checker.py %_bindir/vmstate-static-checker.py
%_bindir/vmxcap
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper %verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
%_libexecdir/virtfs-proxy-helper %_libexecdir/virtfs-proxy-helper
%_libexecdir/virtiofsd %_libexecdir/virtiofsd

View File

@ -22,39 +22,50 @@
%define _buildshell /bin/bash %define _buildshell /bin/bash
%define build_x86_firmware_from_source 0 %define build_x86_firmware 0
%define build_skiboot_from_source 0 %define build_ppc_firmware 0
%define build_slof_from_source 0 %define build_opensbi_firmware 0
%define build_opensbi_from_source 0
%define kvm_available 0 %define kvm_available 0
%define legacy_qemu_kvm 0 %define legacy_qemu_kvm 0
%define force_fit_virtio_pxe_rom 1 %define force_fit_virtio_pxe_rom 1
%define build_rom_arch %ix86 x86_64 aarch64
%if "%{?distribution}" == "" %if "%{?distribution}" == ""
%define distro private-build %define distro private-build
%else %else
%define distro %{distribution} %define distro %{distribution}
%endif %endif
%ifarch %{build_rom_arch} # So, we have openSUSE:Factory, and we have "ports". In openSUSE:Factory, we
# choice of building all from source or using provided binary x86 blobs # have i586 and x86_64. In the :ARM port, we have aarch64, armv6l and armv7l.
%define build_x86_firmware_from_source 1 # In the :PowerPC port, we have ppc64, ppc and ppc64le. In the :zSystems port
%endif # we have s390x. And in the :RISCV we have riscv.
#
# Ideally, we'd want to build the firmwares at least once per port, and then
# share the resulting packages among the arch-es within each port (check the
# `ExportFilter` directives in the project config).
#
# Of course, we always build the "native fimrwares" (e.g., x86 firmwares on
# x86_64, PPC firmwares on ppc64le, etc). But we also cross compile as much
# firmwares as we can (e.g., both x86 and PPC firmwares on aarch64) so they'll
# be available in as many ports as possible (as noarch packages).
%ifarch ppc64 %ifarch x86_64 aarch64
%define build_skiboot_from_source 0 %define build_ppc_firmware 1
%define build_slof_from_source 1 # Currently, opensbi does not cross build cleanly on 15.3 and 15.4
%if ! 0%{?sle_version}
%define build_opensbi_firmware 1
%endif %endif
%define build_x86_firmware 1
%ifarch ppc64le %endif
%define build_skiboot_from_source 0 %ifarch ppc64 ppc64le
%define build_slof_from_source 1 %define build_ppc_firmware 1
%if ! 0%{?sle_version}
%define build_opensbi_firmware 1
%endif
# FIXME: Try to enable cross building of x86 firmwares here on PPC
%endif %endif
%ifarch riscv64 %ifarch riscv64
%define build_opensbi_from_source 1 %define build_opensbi_firmware 1
%endif %endif
%ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64 %ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
@ -160,32 +171,37 @@ syscall layer occurs on the native hardware and operating system.
# above section is for qemu-linux-user # above section is for qemu-linux-user
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
%else %else
%if %{build_x86_firmware_from_source} %if %{build_x86_firmware}
BuildRequires: acpica BuildRequires: acpica
%endif
BuildRequires: pkgconfig(alsa)
%if %{build_x86_firmware_from_source}
BuildRequires: binutils-devel BuildRequires: binutils-devel
%endif BuildRequires: dos2unix
BuildRequires: bison BuildRequires: glibc-devel-32bit
BuildRequires: brlapi-devel BuildRequires: pkgconfig(liblzma)
%if %{build_x86_firmware_from_source} %ifnarch %ix86 x86_64
%ifnarch %{ix86} x86_64
# We must cross-compile on non-x86* # We must cross-compile on non-x86*
BuildRequires: cross-x86_64-binutils BuildRequires: cross-x86_64-binutils
BuildRequires: cross-x86_64-gcc%gcc_version BuildRequires: cross-x86_64-gcc%gcc_version
%endif %endif
%endif %endif
%if %{build_opensbi_firmware}
%ifnarch riscv64
BuildRequires: cross-riscv64-binutils
BuildRequires: cross-riscv64-gcc%gcc_version
%endif
%endif
%if %{build_ppc_firmware}
%ifnarch ppc64 ppc64le
BuildRequires: cross-ppc64-binutils
BuildRequires: cross-ppc64-gcc%gcc_version
%endif
%endif
BuildRequires: pkgconfig(alsa)
BuildRequires: bison
BuildRequires: brlapi-devel
BuildRequires: pkgconfig(libcurl) >= 7.29 BuildRequires: pkgconfig(libcurl) >= 7.29
BuildRequires: pkgconfig(libsasl2) BuildRequires: pkgconfig(libsasl2)
%if %{build_x86_firmware_from_source}
BuildRequires: dos2unix
%endif
BuildRequires: flex BuildRequires: flex
BuildRequires: pkgconfig(glib-2.0) >= 2.56 BuildRequires: pkgconfig(glib-2.0) >= 2.56
%if %{build_x86_firmware_from_source}
BuildRequires: glibc-devel-32bit
%endif
BuildRequires: libaio-devel BuildRequires: libaio-devel
BuildRequires: libattr-devel BuildRequires: libattr-devel
BuildRequires: libbz2-devel BuildRequires: libbz2-devel
@ -252,9 +268,6 @@ BuildRequires: pkgconfig(vte-2.91)
BuildRequires: xen-devel >= 4.2 BuildRequires: xen-devel >= 4.2
%endif %endif
BuildRequires: xfsprogs-devel BuildRequires: xfsprogs-devel
%if %{build_x86_firmware_from_source}
BuildRequires: pkgconfig(liblzma)
%endif
BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(zlib)
BuildRequires: pkgconfig(libzstd) BuildRequires: pkgconfig(libzstd)
%if "%{name}" == "qemu" %if "%{name}" == "qemu"
@ -268,6 +281,26 @@ Requires(post): udev
%ifarch s390x %ifarch s390x
Requires(post): procps Requires(post): procps
%endif %endif
%ifarch %ix86 x86_64
Requires: qemu-x86
%else
Suggests: qemu-x86
%endif
%ifarch ppc ppc64 ppc64le
Requires: qemu-ppc
%else
Suggests: qemu-ppc
%endif
%ifarch s390x
Requires: qemu-s390x
%else
Suggests: qemu-s390x
%endif
%ifarch %arm aarch64
Requires: qemu-arm
%else
Suggests: qemu-arm
%endif
Recommends: kvm_stat Recommends: kvm_stat
%endif %endif
Recommends: qemu-block-curl Recommends: qemu-block-curl
@ -287,26 +320,6 @@ Recommends: qemu-hw-usb-smartcard
Recommends: qemu-ui-gtk Recommends: qemu-ui-gtk
Recommends: qemu-ui-spice-app Recommends: qemu-ui-spice-app
%endif %endif
%ifarch %{ix86} x86_64
Recommends: qemu-x86
%else
Suggests: qemu-x86
%endif
%ifarch ppc ppc64 ppc64le
Recommends: qemu-ppc
%else
Suggests: qemu-ppc
%endif
%ifarch s390x
Recommends: qemu-s390x
%else
Suggests: qemu-s390x
%endif
%ifarch %arm aarch64
Recommends: qemu-arm
%else
Suggests: qemu-arm
%endif
Suggests: qemu-block-dmg Suggests: qemu-block-dmg
Suggests: qemu-block-gluster Suggests: qemu-block-gluster
Suggests: qemu-block-iscsi Suggests: qemu-block-iscsi
@ -363,6 +376,7 @@ Group: System/Emulators/PC
Version: %{qemuver} Version: %{qemuver}
Release: 0 Release: 0
Requires: %name = %{qemuver} Requires: %name = %{qemuver}
Requires: qemu-SLOF
Recommends: qemu-ipxe Recommends: qemu-ipxe
Recommends: qemu-vgabios Recommends: qemu-vgabios
@ -825,7 +839,7 @@ Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*)
This package contains the QEMU guest agent. It is installed in the linux guest This package contains the QEMU guest agent. It is installed in the linux guest
to provide information and control at the guest OS level. to provide information and control at the guest OS level.
%ifarch %{build_rom_arch} %if %{build_x86_firmware}
%package microvm %package microvm
Summary: x86 MicroVM firmware for QEMU Summary: x86 MicroVM firmware for QEMU
Group: System/Emulators/PC Group: System/Emulators/PC
@ -890,6 +904,7 @@ Provides Preboot Execution Environment (PXE) ROM support for various emulated
network adapters available with QEMU. network adapters available with QEMU.
%endif %endif
%if %{build_ppc_firmware}
%package skiboot %package skiboot
Summary: OPAL firmware (aka skiboot), used in booting OpenPOWER systems Summary: OPAL firmware (aka skiboot), used in booting OpenPOWER systems
Group: System/Emulators/PC Group: System/Emulators/PC
@ -904,6 +919,18 @@ Provides: %name:%_datadir/%name/forsplits/06
Provides OPAL (OpenPower Abstraction Layer) firmware, aka skiboot, as Provides OPAL (OpenPower Abstraction Layer) firmware, aka skiboot, as
traditionally packaged with QEMU. traditionally packaged with QEMU.
%package SLOF
Summary: Slimline Open Firmware - SLOF
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
BuildArch: noarch
%description SLOF
Slimline Open Firmware (SLOF) is an implementation of the IEEE 1275 standard.
It can be used as partition firmware for pSeries machines running on QEMU or KVM.
%endif
%package ksm %package ksm
Summary: Kernel Samepage Merging services Summary: Kernel Samepage Merging services
Group: System/Emulators/PC Group: System/Emulators/PC
@ -1013,87 +1040,71 @@ PATCH_EXEC
# openbios-sparc32 openbios-sparc64 palcode-clipper petalogix-ml605.dtb # openbios-sparc32 openbios-sparc64 palcode-clipper petalogix-ml605.dtb
# petalogix-s3adsp1800.dtb QEMU,cgthree.bin QEMU,tcx.bin qemu_vga.ndrv # petalogix-s3adsp1800.dtb QEMU,cgthree.bin QEMU,tcx.bin qemu_vga.ndrv
# u-boot.e500 u-boot-sam460-20100605.bin opensbi-riscv32-generic-fw_dynamic.bin # u-boot.e500 u-boot-sam460-20100605.bin opensbi-riscv32-generic-fw_dynamic.bin
# opensbi-riscv32-generic-fw_dynamic.elf npcm7xx_bootrom.bin # opensbi-riscv32-generic-fw_dynamic.elfnpcm7xx_bootrom.bin
# This first list group isn't specific to what this instance builds # Note that:
%define ppc_default_firmware {%nil} # - default firmwares are built "by default", i.e., they're built automatically
# during the process of building QEMU (on each specific arch)
# - extra firmwares are built "manually" (see below) from their own sources
# (which, typically, are submodules checked out in the {srcdi}r/roms directory)
%define ppc_default_firmware %{nil}
%define ppc_extra_firmware {skiboot.lid slof.bin} %define ppc_extra_firmware {skiboot.lid slof.bin}
%define ppc64_only_default_firmware {%nil} %define riscv64_default_firmware %{nil}
%define ppc64_only_extra_firmware {%nil} %define riscv64_extra_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
%define riscv64_default_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
opensbi-riscv64-generic-fw_dynamic.elf} opensbi-riscv64-generic-fw_dynamic.elf}
%define riscv64_extra_firmware {%nil}
%define s390x_default_firmware {s390-ccw.img s390-netboot.img} %define s390x_default_firmware {s390-ccw.img s390-netboot.img}
%define s390x_extra_firmware {%nil} %define s390x_extra_firmware %{nil}
%define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \ %define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \
multiboot_dma.bin kvmvapic.bin pvh.bin} multiboot_dma.bin kvmvapic.bin pvh.bin}
%define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \ %define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \
pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \ pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \
pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \ pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \
vgabios.bin vgabios-cirrus.bin vgabios-qxl.bin vgabios-ramfb.bin \ vgabios.bin vgabios-cirrus.bin vgabios-qxl.bin vgabios-ramfb.bin \
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin} vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
%define x86_64_only_default_firmware {%nil} efi-e1000.rom efi-e1000e.rom efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom \
%define x86_64_only_extra_firmware {efi-e1000.rom efi-e1000e.rom \ efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom}
efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom efi-rtl8139.rom efi-virtio.rom \
efi-vmxnet3.rom}
# Complete list of all the firmwares that we build, if we consider
# all the builds, on all the arches.
%define firmware { \ %define firmware { \
%{?ppc_default_firmware} %{?ppc_extra_firmware} \ %{ppc_default_firmware} %{ppc_extra_firmware} \
%{?ppc64_only_default_firmware} %{?ppc64_only_extra_firmware} \ %{riscv64_default_firmware} %{riscv64_extra_firmware} \
%{?riscv64_default_firmware} %{?riscv64_extra_firmware} \ %{s390x_default_firmware} %{s390x_extra_firmware} \
%{?s390x_default_firmware} %{?s390x_extra_firmware} \ %{x86_default_firmware} %{x86_extra_firmware} }
%{?x86_default_firmware} %{?x86_extra_firmware} \
%{?x86_64_only_default_firmware} %{?x86_64_only_extra_firmware} }
# This second list group is specific to what this instance builds # Note that:
# - {arch}_default_built_firmware are the firmwares that we will be built by
# default in this particular build, on the arch where we currently are on
# - {arch}_extra_built_fimrware, likewise, but for extra firmwares, built manually
%ifarch ppc64 ppc64le
%define ppc_default_built_firmware %{ppc_default_firmware} %define ppc_default_built_firmware %{ppc_default_firmware}
%if %{build_skiboot_from_source} && %{build_slof_from_source}
%define ppc_extra_built_firmware %{ppc_extra_firmware}
%else
%if %{build_skiboot_from_source}
%define ppc_extra_built_firmware {skiboot.lid}
%endif %endif
%if %{build_slof_from_source}
%define ppc_extra_built_firmware {slof.bin}
%endif
%endif
%ifarch ppc64
%define ppc64_only_default_built_firmware %{ppc64_only_default_firmware}
%define ppc64_only_extra_built_firmware %{ppc64_only_extra_firmware}
%endif
%ifarch riscv64 %ifarch riscv64
%define riscv64_default_built_firmware %{riscv64_default_firmware} %define riscv64_default_built_firmware %{riscv64_default_firmware}
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
%endif %endif
%ifarch s390x %ifarch s390x
%define s390x_default_built_firmware %{s390x_default_firmware} %define s390x_default_built_firmware %{s390x_default_firmware}
%define s390x_extra_built_firmware %{s390x_extra_firmware}
%endif %endif
%ifarch %ix86 x86_64 %ifarch %ix86 x86_64
%define x86_default_built_firmware %{x86_default_firmware} %define x86_default_built_firmware %{x86_default_firmware}
%ifarch x86_64
%define x86_64_only_default_built_firmware %{x86_64_only_default_firmware}
%endif
%endif %endif
%if %{build_x86_firmware_from_source} %if %{build_opensbi_firmware}
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
%endif
%if %{build_ppc_firmware}
%define ppc_extra_built_firmware %{ppc_extra_firmware}
%endif
%if %{build_x86_firmware}
%define x86_extra_built_firmware %{x86_extra_firmware} %define x86_extra_built_firmware %{x86_extra_firmware}
%ifarch x86_64
%define x86_64_only_extra_built_firmware %{x86_64_only_extra_firmware}
%endif
%endif %endif
# List of only firmwares that will actually be built, in this instance
%define built_firmware { \ %define built_firmware { \
%{?ppc_default_built_firmware} %{?ppc_extra_built_firmware} \ %{?ppc_default_built_firmware} %{?ppc_extra_built_firmware} \
%{?ppc64_only_default_built_firmware} %{?ppc64_only_extra_built_firmware} \
%{?riscv64_default_built_firmware} %{?riscv64_extra_built_firmware} \ %{?riscv64_default_built_firmware} %{?riscv64_extra_built_firmware} \
%{?s390x_default_built_firmware} %{?s390x_extra_built_firmware} \ %{?s390x_default_built_firmware} %{?s390x_extra_built_firmware} \
%{?x86_default_built_firmware} %{?x86_extra_built_firmware} \ %{?x86_default_built_firmware} %{?x86_extra_built_firmware} }
%{?x86_64_only_default_built_firmware} %{?x86_64_only_extra_built_firmware} }
# above section is for qemu and qemu-testsuite # above section is for qemu and qemu-testsuite
%endif %endif
@ -1324,7 +1335,9 @@ cd %blddir
%if "%{name}" == "qemu" %if "%{name}" == "qemu"
# delete the firmware files that we intend to build # Let's build QEMU (and all the "default" firmwares, for each arch)
# First, delete the firmware files that we intend to build...
for i in %built_firmware for i in %built_firmware
do do
unlink %srcdir/pc-bios/$i unlink %srcdir/pc-bios/$i
@ -1332,68 +1345,57 @@ done
make %{?_smp_mflags} V=1 make %{?_smp_mflags} V=1
# Firmware # ... And then, reinstate the firmwares that have been built already
for i in %{?s390x_default_built_firmware}
%ifarch s390x
for i in %s390x_default_built_firmware
do do
cp pc-bios/s390-ccw/$i %srcdir/pc-bios/ cp pc-bios/s390-ccw/$i %srcdir/pc-bios/
done done
%endif
%ifarch ppc64 for i in %{?x86_default_built_firmware}
for i in %ppc64_only_default_built_firmware
do
cp pc-bios/spapr-rtas/$i %srcdir/pc-bios/
done
%endif
%ifarch %ix86 x86_64
for i in %x86_default_built_firmware
do do
cp pc-bios/optionrom/$i %srcdir/pc-bios/ cp pc-bios/optionrom/$i %srcdir/pc-bios/
done done
%ifarch x86_64
for i in %x86_64_only_default_built_firmware # Build the "extra" firmwares. Note that the QEMU Makefile in {srcdir}/roms
do # does some cross-compiler auto detection. So we often don't need to define
cp pc-bios/optionrom/$i %srcdir/pc-bios/ # or pass CROSS= and CROSS_COMPILE ourselves.
done
%endif %if %{build_ppc_firmware}
# FIXME: check if we can upstream: Makefile-define-endianess-for-cross-buil.patch
make %{?_smp_mflags} -C %srcdir/roms skiboot
make %{?_smp_mflags} -C %srcdir/roms slof
%endif %endif
%if %{build_x86_firmware_from_source} %if %{build_opensbi_firmware}
%ifnarch %{ix86} x86_64 make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic
export CC=x86_64-suse-linux-gcc
export LD=x86_64-suse-linux-ld
%endif %endif
%if %{build_x86_firmware}
make %{?_smp_mflags} -C %srcdir/roms bios \ make %{?_smp_mflags} -C %srcdir/roms bios \
SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \ SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif
# FIXME: check if we can upstream: roms-Makefile-add-cross-file-to-qboot-me.patch
# and qboot-add-cross.ini-file-to-handle-aarch.patch
make %{?_smp_mflags} -C %srcdir/roms qboot make %{?_smp_mflags} -C %srcdir/roms qboot
make %{?_smp_mflags} -C %srcdir/roms seavgabios \ make %{?_smp_mflags} -C %srcdir/roms seavgabios \
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif
make %{?_smp_mflags} -C %srcdir/roms seavgabios-ati \ make %{?_smp_mflags} -C %srcdir/roms seavgabios-ati \
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif
make %{?_smp_mflags} -C %srcdir/roms pxerom make %{?_smp_mflags} -C %srcdir/roms pxerom
%ifnarch %ix86
make %{?_smp_mflags} -C %srcdir/roms efirom \ make %{?_smp_mflags} -C %srcdir/roms efirom \
EDK2_BASETOOLS_OPTFLAGS='-fPIE' EDK2_BASETOOLS_OPTFLAGS='-fPIE'
%endif
make -C %srcdir/roms sgabios \ # We're currently not building firmware on ix86, but let's make sure this works
HOSTCC=cc # fine if one enables it, e.g., locally (for debugging or something).
# FIXME: check if we can get rid or upstream: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
make -C %srcdir/roms sgabios HOSTCC=cc \
%ifnarch %ix86 x86_64
CC=x86_64-suse-linux-gcc LD=x86_64-suse-linux-ld \
%endif
%if %{force_fit_virtio_pxe_rom} %if %{force_fit_virtio_pxe_rom}
pushd %srcdir pushd %srcdir
@ -1428,26 +1430,13 @@ for i in %supported_nics_small
exit 1 exit 1
fi fi
done done
%ifnarch %{ix86} x86_64
unset CC
unset LD
%endif
%endif
%if %{build_skiboot_from_source}
make %{?_smp_mflags} -C %srcdir/roms skiboot CROSS=
%endif %endif
# End of {build_x86_firmware}
%if %{build_slof_from_source}
make %{?_smp_mflags} -C %srcdir/roms slof
%endif %endif
# End of "{name}" == "qemu"
%if %{build_opensbi_from_source}
make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic CROSS_COMPILE=
%endif
# above section is for qemu
%endif
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
%if "%{name}" == "qemu-testsuite" %if "%{name}" == "qemu-testsuite"
@ -1599,15 +1588,7 @@ ln -s qemu-binfmt %{buildroot}%_bindir/qemu-xtensaeb-binfmt
%if "%{name}" == "qemu" %if "%{name}" == "qemu"
make %{?_smp_mflags} install DESTDIR=%{buildroot} make %{?_smp_mflags} install DESTDIR=%{buildroot}
%ifarch %{build_rom_arch}
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
%else
for f in %{x86_extra_firmware} \
%{x86_64_only_extra_firmware}; do
unlink %{buildroot}%_datadir/%name/$f
done
%endif
%find_lang %name %find_lang %name
install -d -m 0755 %{buildroot}%_datadir/%name/firmware install -d -m 0755 %{buildroot}%_datadir/%name/firmware
install -d -m 0755 %{buildroot}/usr/lib/supportconfig/plugins install -d -m 0755 %{buildroot}/usr/lib/supportconfig/plugins
@ -1617,6 +1598,7 @@ install -D -m 0755 %{SOURCE3} %{buildroot}%_datadir/%name/qemu-ifup
install -D -p -m 0644 %{SOURCE8} %{buildroot}/usr/lib/udev/rules.d/80-qemu-ga.rules install -D -p -m 0644 %{SOURCE8} %{buildroot}/usr/lib/udev/rules.d/80-qemu-ga.rules
install -D -m 0755 scripts/analyze-migration.py %{buildroot}%_bindir/analyze-migration.py install -D -m 0755 scripts/analyze-migration.py %{buildroot}%_bindir/analyze-migration.py
install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmstate-static-checker.py install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmstate-static-checker.py
install -D -m 0755 scripts/kvm/vmxcap %{buildroot}%_bindir/vmxcap
install -D -m 0755 %{SOURCE9} %{buildroot}/usr/lib/supportconfig/plugins/%name install -D -m 0755 %{SOURCE9} %{buildroot}/usr/lib/supportconfig/plugins/%name
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
@ -1664,17 +1646,43 @@ unlink %{buildroot}%_datadir/%name/edk2-x86_64-secure-code.fd
# this was never meant for customer consumption - delete even though installed # this was never meant for customer consumption - delete even though installed
unlink %{buildroot}%_bindir/elf2dmp unlink %{buildroot}%_bindir/elf2dmp
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
for X in 00 01 02 03 04 05 07 08 09 10 11 12 13 14 15 16 17 18 19
do
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
done
# For PPC and x86 firmwares, there are a few extra install steps necessary.
# In general, if we know that we have not built a firmware, remove it from the
# install base, as the one that we have there is the upstream binary, that got
# copied there during `make install`.
%if %{build_ppc_firmware}
# in support of update-alternatives # in support of update-alternatives
mv %{buildroot}%_datadir/%name/skiboot.lid %{buildroot}%_datadir/%name/skiboot.lid.qemu mv %{buildroot}%_datadir/%name/skiboot.lid %{buildroot}%_datadir/%name/skiboot.lid.qemu
# create a dummy target for /etc/alternatives/skiboot.lid # create a dummy target for /etc/alternatives/skiboot.lid
mkdir -p %{buildroot}%{_sysconfdir}/alternatives mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/06
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt %else
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 for f in %{ppc_extra_firmware} ; do
do unlink %{buildroot}%_datadir/%name/$f
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
done done
%endif
# For riscv64 firmwares (currently, only opensbi), we leave them there in
# any case, because they're part of the qemu-extra package, and riscv is
# a bit special in many ways already.
%if %{build_x86_firmware}
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
%else
for f in %{x86_extra_firmware} ; do
unlink %{buildroot}%_datadir/%name/$f
done
%endif
%suse_update_desktop_file qemu %suse_update_desktop_file qemu
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
@ -1739,6 +1747,7 @@ fi
%postun ksm %postun ksm
%service_del_postun ksm.service %service_del_postun ksm.service
%if %{build_ppc_firmware}
%post skiboot %post skiboot
update-alternatives --install \ update-alternatives --install \
%{_datadir}/%name/skiboot.lid skiboot.lid %{_datadir}/%name/skiboot.lid.qemu 15 %{_datadir}/%name/skiboot.lid skiboot.lid %{_datadir}/%name/skiboot.lid.qemu 15
@ -1747,6 +1756,7 @@ update-alternatives --install \
if [ ! -f %{_datadir}/%name/skiboot.lid.qemu ] ; then if [ ! -f %{_datadir}/%name/skiboot.lid.qemu ] ; then
update-alternatives --remove skiboot.lid %{_datadir}/%name/skiboot.lid.qemu update-alternatives --remove skiboot.lid %{_datadir}/%name/skiboot.lid.qemu
fi fi
%endif
# above section is for qemu # above section is for qemu
%endif %endif
@ -2033,7 +2043,6 @@ fi
%_datadir/%name/canyonlands.dtb %_datadir/%name/canyonlands.dtb
%_datadir/%name/openbios-ppc %_datadir/%name/openbios-ppc
%_datadir/%name/qemu_vga.ndrv %_datadir/%name/qemu_vga.ndrv
%_datadir/%name/slof.bin
%_datadir/%name/u-boot.e500 %_datadir/%name/u-boot.e500
%_datadir/%name/u-boot-sam460-20100605.bin %_datadir/%name/u-boot-sam460-20100605.bin
%dir %_docdir/qemu-ppc %dir %_docdir/qemu-ppc
@ -2285,7 +2294,7 @@ fi
%files lang -f %blddir/%name.lang %files lang -f %blddir/%name.lang
%defattr(-, root, root) %defattr(-, root, root)
%ifarch %{build_rom_arch} %if %{build_x86_firmware}
%files seabios %files seabios
%defattr(-, root, root) %defattr(-, root, root)
%dir %_datadir/%name %dir %_datadir/%name
@ -2337,6 +2346,7 @@ fi
%_datadir/%name/pxe-virtio.rom %_datadir/%name/pxe-virtio.rom
%endif %endif
%if %{build_ppc_firmware}
%files skiboot %files skiboot
%defattr(-, root, root) %defattr(-, root, root)
%dir %_datadir/%name %dir %_datadir/%name
@ -2346,6 +2356,12 @@ fi
%_datadir/%name/skiboot.lid.qemu %_datadir/%name/skiboot.lid.qemu
%ghost %_sysconfdir/alternatives/skiboot.lid %ghost %_sysconfdir/alternatives/skiboot.lid
%files SLOF
%defattr(-, root, root)
%dir %_datadir/%name
%_datadir/%name/slof.bin
%endif
%files vhost-user-gpu %files vhost-user-gpu
%defattr(-, root, root) %defattr(-, root, root)
%dir %_datadir/%name/vhost-user %dir %_datadir/%name/vhost-user
@ -2363,6 +2379,7 @@ fi
%_bindir/qemu-pr-helper %_bindir/qemu-pr-helper
%_bindir/qemu-storage-daemon %_bindir/qemu-storage-daemon
%_bindir/vmstate-static-checker.py %_bindir/vmstate-static-checker.py
%_bindir/vmxcap
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper %verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
%_libexecdir/virtfs-proxy-helper %_libexecdir/virtfs-proxy-helper
%_libexecdir/virtiofsd %_libexecdir/virtiofsd

View File

@ -1049,8 +1049,10 @@ else # not LATEST
bundle2local &> ~/pkg2git.log bundle2local &> ~/pkg2git.log
echo "SUCCESS" echo "SUCCESS"
echo "To modify package patches, use the frombundle branch as the basis for updating" echo "To modify package patches, use the frombundle branch as the basis for updating"
echo "the $GIT_BRANCH branch with the new patch queue." echo "the $GIT_BRANCH branch with the new patch queue, e.g., like this:"
echo "Then export the changes back to the package using update_git.sh git2pkg" echo " git checkout -f --recurse-submodules -B $GIT_BRANCH frombundle"
echo "Then make your changes and, when done, export them back to the package with:"
echo " bash ./update_git.sh git2pkg"
;; ;;
refresh ) refresh )
echo "Updating the spec file and patches from the spec file template and the bundle" echo "Updating the spec file and patches from the spec file template and the bundle"

View File

@ -0,0 +1,101 @@
From: Vivek Goyal <vgoyal@redhat.com>
Date: Tue, 25 Jan 2022 13:51:14 -0500
Subject: virtiofsd: Drop membership of all supplementary groups
(CVE-2022-0358)
Git-commit: 449e8171f96a6a944d1f3b7d3627ae059eae21ca
References: bsc#1195161
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operations which are not
normally allowed.
For example, if root in guest creates a dir as follows.
$ mkdir -m 03777 test_dir
This sets SGID on dir as well as allows unprivileged users to write into
this dir.
And now as unprivileged user open file as follows.
$ su test
$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);
This will create SGID set executable in test_dir/.
And that's a problem because now an unpriviliged user can execute it,
get egid=0 and get access to resources owned by "root" group. This is
privilege escalation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
Fixes: CVE-2022-0358
Reported-by: JIETAO XIAO <shawtao1125@gmail.com>
Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <YfBGoriS38eBQrAb@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
dgilbert: Fixed missing {}'s style nit
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 64b5b4fbb18670075eedd1f3d158..b3d0674f6d2f267664d1c4558856 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -54,6 +54,7 @@
#include <sys/wait.h>
#include <sys/xattr.h>
#include <syslog.h>
+#include <grp.h>
#include "qemu/cutils.h"
#include "passthrough_helpers.h"
@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
#define OURSYS_setresuid SYS_setresuid
#endif
+static void drop_supplementary_groups(void)
+{
+ int ret;
+
+ ret = getgroups(0, NULL);
+ if (ret == -1) {
+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n",
+ errno, strerror(errno));
+ exit(1);
+ }
+
+ if (!ret) {
+ return;
+ }
+
+ /* Drop all supplementary groups. We should not need it */
+ ret = setgroups(0, NULL);
+ if (ret == -1) {
+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n",
+ errno, strerror(errno));
+ exit(1);
+ }
+}
+
/*
* Change to uid/gid of caller so that file is created with
* ownership of caller.
@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[])
qemu_init_exec_dir(argv[0]);
+ drop_supplementary_groups();
+
pthread_mutex_init(&lo.mutex, NULL);
lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
lo.root.fd = -1;