Accepting request 959502 from home:dfaggioli:experimental:Virtualization
- Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch - Include vmxcap in the qemu-tools package (is being very useful for debugging bsc#1193364) - The qemu package should require qemu-x86, qemu-arm, etc, as there's no point installing it without _any_ of them. Additionally, right now, the user does not get a working qemu, if recommended packages are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087 - Give clearer instructions on how to modify the package patches from the output of update_git.sh (docs change only, no functional change) - qemu,kvm: potential privilege escalation via virtiofsd (bsc#1195161, CVE-2022-0358) * Patches added: virtiofsd-Drop-membership-of-all-supplem.patch OBS-URL: https://build.opensuse.org/request/show/959502 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=691
This commit is contained in:
parent
5435e8a804
commit
0251d2a2c0
28
Makefile-define-endianess-for-cross-buil.patch
Normal file
28
Makefile-define-endianess-for-cross-buil.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From: Dario Faggioli <dfaggioli@suse.com>
|
||||
Date: Wed, 16 Feb 2022 19:22:01 +0100
|
||||
Subject: Makefile: define endianess for cross-building on aarch64
|
||||
|
||||
Git-commit: 0000000000000000000000000000000000000000
|
||||
References: bsc#1193545
|
||||
|
||||
Include aarch64 in the endianess check, so we can cross-build from
|
||||
there too.
|
||||
|
||||
Signed-of-by: Dario Faggioli <dfaggioli@suse.com>
|
||||
---
|
||||
Makefile.main | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/roms/skiboot/Makefile.main b/roms/skiboot/Makefile.main
|
||||
index c8a63e8b110f3c6bf115314da7bf..98790ec5c3b0f35272f032798353 100644
|
||||
--- a/roms/skiboot/Makefile.main
|
||||
+++ b/roms/skiboot/Makefile.main
|
||||
@@ -50,7 +50,7 @@ endif
|
||||
|
||||
# Host tools and options
|
||||
HOSTCC=gcc
|
||||
-HOSTEND=$(shell uname -m | sed -e 's/^i.*86$$/LITTLE/' -e 's/^x86.*/LITTLE/' -e 's/^ppc64le/LITTLE/' -e 's/^ppc.*/BIG/')
|
||||
+HOSTEND=$(shell uname -m | sed -e 's/^i.*86$$/LITTLE/' -e 's/^x86.*/LITTLE/' -e 's/^ppc64le/LITTLE/' -e 's/^aarch64/LITTLE/' -e 's/^ppc.*/BIG/')
|
||||
HOSTCFLAGS:=-O1 $(CWARNS) -DHAVE_$(HOSTEND)_ENDIAN -MMD
|
||||
HOSTCFLAGS += $(call try-cflag,$(HOSTCC),-std=gnu11)
|
||||
HOSTCFLAGS += $(call try-cflag,$(HOSTCC),-m64)
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c193bc35a37fe2cdcac868f1c4be435022839ea65dab738da7ad58ae0e173c9f
|
||||
size 74216
|
||||
oid sha256:0dcea7c34fdbef6dc0537f15260f037d6c3e3513315749018555dfbf45745691
|
||||
size 76160
|
||||
|
40
qemu.changes
40
qemu.changes
@ -1,3 +1,43 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 1 16:58:31 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
|
||||
|
||||
- Build PPC firmwares from sources on non-PPC builds as well
|
||||
(bsc#1193545)
|
||||
- Build RiscV firmwares on non-RiscV builds as well
|
||||
- While there, refactor (and simplify!) the firmware building
|
||||
logic and code
|
||||
* Patches added:
|
||||
Makefile-define-endianess-for-cross-buil.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 18 18:39:54 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
|
||||
|
||||
- Include vmxcap in the qemu-tools package (is being very useful
|
||||
for debugging bsc#1193364)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 18 18:26:26 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
|
||||
|
||||
- The qemu package should require qemu-x86, qemu-arm, etc, as there's
|
||||
no point installing it without _any_ of them. Additionally, right
|
||||
now, the user does not get a working qemu, if recommended packages
|
||||
are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 18 15:31:48 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
|
||||
|
||||
- Give clearer instructions on how to modify the package patches
|
||||
from the output of update_git.sh (docs change only, no functional
|
||||
change)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 18 12:25:15 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
|
||||
|
||||
- qemu,kvm: potential privilege escalation via virtiofsd
|
||||
(bsc#1195161, CVE-2022-0358)
|
||||
* Patches added:
|
||||
virtiofsd-Drop-membership-of-all-supplem.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 18 11:47:54 UTC 2022 - Li Zhang <li.zhang@suse.com>
|
||||
|
||||
|
378
qemu.spec
378
qemu.spec
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package qemu
|
||||
# spec file
|
||||
#
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
@ -22,39 +22,50 @@
|
||||
|
||||
%define _buildshell /bin/bash
|
||||
|
||||
%define build_x86_firmware_from_source 0
|
||||
%define build_skiboot_from_source 0
|
||||
%define build_slof_from_source 0
|
||||
%define build_opensbi_from_source 0
|
||||
%define build_x86_firmware 0
|
||||
%define build_ppc_firmware 0
|
||||
%define build_opensbi_firmware 0
|
||||
%define kvm_available 0
|
||||
%define legacy_qemu_kvm 0
|
||||
%define force_fit_virtio_pxe_rom 1
|
||||
|
||||
%define build_rom_arch %ix86 x86_64 aarch64
|
||||
|
||||
%if "%{?distribution}" == ""
|
||||
%define distro private-build
|
||||
%else
|
||||
%define distro %{distribution}
|
||||
%endif
|
||||
|
||||
%ifarch %{build_rom_arch}
|
||||
# choice of building all from source or using provided binary x86 blobs
|
||||
%define build_x86_firmware_from_source 1
|
||||
%endif
|
||||
# So, we have openSUSE:Factory, and we have "ports". In openSUSE:Factory, we
|
||||
# have i586 and x86_64. In the :ARM port, we have aarch64, armv6l and armv7l.
|
||||
# In the :PowerPC port, we have ppc64, ppc and ppc64le. In the :zSystems port
|
||||
# we have s390x. And in the :RISCV we have riscv.
|
||||
#
|
||||
# Ideally, we'd want to build the firmwares at least once per port, and then
|
||||
# share the resulting packages among the arch-es within each port (check the
|
||||
# `ExportFilter` directives in the project config).
|
||||
#
|
||||
# Of course, we always build the "native fimrwares" (e.g., x86 firmwares on
|
||||
# x86_64, PPC firmwares on ppc64le, etc). But we also cross compile as much
|
||||
# firmwares as we can (e.g., both x86 and PPC firmwares on aarch64) so they'll
|
||||
# be available in as many ports as possible (as noarch packages).
|
||||
|
||||
%ifarch ppc64
|
||||
%define build_skiboot_from_source 0
|
||||
%define build_slof_from_source 1
|
||||
%ifarch x86_64 aarch64
|
||||
%define build_ppc_firmware 1
|
||||
# Currently, opensbi does not cross build cleanly on 15.3 and 15.4
|
||||
%if ! 0%{?sle_version}
|
||||
%define build_opensbi_firmware 1
|
||||
%endif
|
||||
|
||||
%ifarch ppc64le
|
||||
%define build_skiboot_from_source 0
|
||||
%define build_slof_from_source 1
|
||||
%define build_x86_firmware 1
|
||||
%endif
|
||||
%ifarch ppc64 ppc64le
|
||||
%define build_ppc_firmware 1
|
||||
%if ! 0%{?sle_version}
|
||||
%define build_opensbi_firmware 1
|
||||
%endif
|
||||
# FIXME: Try to enable cross building of x86 firmwares here on PPC
|
||||
%endif
|
||||
|
||||
%ifarch riscv64
|
||||
%define build_opensbi_from_source 1
|
||||
%define build_opensbi_firmware 1
|
||||
%endif
|
||||
|
||||
%ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
|
||||
@ -202,6 +213,7 @@ Patch00066: iotests-60-more-accurate-set-dirty-bit-i.patch
|
||||
Patch00067: iotest-214-explicit-compression-type.patch
|
||||
Patch00068: iotests-declare-lack-of-support-for-comp.patch
|
||||
Patch00069: block-backend-Retain-permissions-after-m.patch
|
||||
Patch00070: virtiofsd-Drop-membership-of-all-supplem.patch
|
||||
# Patches applied in roms/seabios/:
|
||||
Patch01000: seabios-use-python2-explicitly-as-needed.patch
|
||||
Patch01001: seabios-switch-to-python3-as-needed.patch
|
||||
@ -215,6 +227,8 @@ Patch02003: help-compiler-out-by-initializing-array.patch
|
||||
# Patches applied in roms/sgabios/:
|
||||
Patch03000: sgabios-Makefile-fix-issues-of-build-rep.patch
|
||||
Patch03001: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
|
||||
# Patches applied in roms/skiboot/:
|
||||
Patch05000: Makefile-define-endianess-for-cross-buil.patch
|
||||
# Patches applied in roms/qboot/:
|
||||
Patch11000: qboot-add-cross.ini-file-to-handle-aarch.patch
|
||||
# Patches applied in roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/:
|
||||
@ -250,47 +264,52 @@ syscall layer occurs on the native hardware and operating system.
|
||||
# above section is for qemu-linux-user
|
||||
# ------------------------------------------------------------------------
|
||||
%else
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%if %{build_x86_firmware}
|
||||
BuildRequires: acpica
|
||||
%endif
|
||||
BuildRequires: pkgconfig(alsa)
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: binutils-devel
|
||||
%endif
|
||||
BuildRequires: bison
|
||||
BuildRequires: brlapi-devel
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%ifnarch %{ix86} x86_64
|
||||
BuildRequires: dos2unix
|
||||
BuildRequires: glibc-devel-32bit
|
||||
BuildRequires: pkgconfig(liblzma)
|
||||
%ifnarch %ix86 x86_64
|
||||
# We must cross-compile on non-x86*
|
||||
BuildRequires: cross-x86_64-binutils
|
||||
BuildRequires: cross-x86_64-gcc%gcc_version
|
||||
%endif
|
||||
%endif
|
||||
BuildRequires: pkgconfig(libcurl) >= 7.29
|
||||
BuildRequires: pkgconfig(libsasl2)
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: dos2unix
|
||||
%if %{build_opensbi_firmware}
|
||||
%ifnarch riscv64
|
||||
BuildRequires: cross-riscv64-binutils
|
||||
BuildRequires: cross-riscv64-gcc%gcc_version
|
||||
%endif
|
||||
%endif
|
||||
%if %{build_ppc_firmware}
|
||||
%ifnarch ppc64 ppc64le
|
||||
BuildRequires: cross-ppc64-binutils
|
||||
BuildRequires: cross-ppc64-gcc%gcc_version
|
||||
%endif
|
||||
%endif
|
||||
BuildRequires: bison
|
||||
BuildRequires: brlapi-devel
|
||||
BuildRequires: flex
|
||||
BuildRequires: pkgconfig(glib-2.0) >= 2.56
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: glibc-devel-32bit
|
||||
%endif
|
||||
BuildRequires: libaio-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libbz2-devel
|
||||
BuildRequires: libfdt-devel >= 1.4.2
|
||||
BuildRequires: libgcrypt-devel >= 1.8.0
|
||||
BuildRequires: pkgconfig(alsa)
|
||||
BuildRequires: pkgconfig(epoxy)
|
||||
BuildRequires: pkgconfig(gbm)
|
||||
BuildRequires: pkgconfig(glib-2.0) >= 2.56
|
||||
BuildRequires: pkgconfig(glusterfs-api) >= 3
|
||||
BuildRequires: pkgconfig(gnutls) >= 3.5.18
|
||||
BuildRequires: pkgconfig(gtk+-3.0) >= 3.22
|
||||
BuildRequires: pkgconfig(libcacard) >= 2.5.1
|
||||
BuildRequires: pkgconfig(libcap-ng)
|
||||
BuildRequires: pkgconfig(libcurl) >= 7.29
|
||||
BuildRequires: pkgconfig(libdrm)
|
||||
BuildRequires: pkgconfig(libiscsi) >= 1.9.0
|
||||
BuildRequires: pkgconfig(libjpeg)
|
||||
BuildRequires: pkgconfig(libsasl2)
|
||||
%if 0%{?with_daxctl}
|
||||
BuildRequires: pkgconfig(libndctl)
|
||||
%endif
|
||||
@ -342,9 +361,6 @@ BuildRequires: pkgconfig(vte-2.91)
|
||||
BuildRequires: xen-devel >= 4.2
|
||||
%endif
|
||||
BuildRequires: xfsprogs-devel
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: pkgconfig(liblzma)
|
||||
%endif
|
||||
BuildRequires: pkgconfig(libzstd)
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
%if "%{name}" == "qemu"
|
||||
@ -358,6 +374,26 @@ Requires(post): udev
|
||||
%ifarch s390x
|
||||
Requires(post): procps
|
||||
%endif
|
||||
%ifarch %ix86 x86_64
|
||||
Requires: qemu-x86
|
||||
%else
|
||||
Suggests: qemu-x86
|
||||
%endif
|
||||
%ifarch ppc ppc64 ppc64le
|
||||
Requires: qemu-ppc
|
||||
%else
|
||||
Suggests: qemu-ppc
|
||||
%endif
|
||||
%ifarch s390x
|
||||
Requires: qemu-s390x
|
||||
%else
|
||||
Suggests: qemu-s390x
|
||||
%endif
|
||||
%ifarch %arm aarch64
|
||||
Requires: qemu-arm
|
||||
%else
|
||||
Suggests: qemu-arm
|
||||
%endif
|
||||
Recommends: kvm_stat
|
||||
%endif
|
||||
Recommends: qemu-block-curl
|
||||
@ -377,26 +413,6 @@ Recommends: qemu-hw-usb-smartcard
|
||||
Recommends: qemu-ui-gtk
|
||||
Recommends: qemu-ui-spice-app
|
||||
%endif
|
||||
%ifarch %{ix86} x86_64
|
||||
Recommends: qemu-x86
|
||||
%else
|
||||
Suggests: qemu-x86
|
||||
%endif
|
||||
%ifarch ppc ppc64 ppc64le
|
||||
Recommends: qemu-ppc
|
||||
%else
|
||||
Suggests: qemu-ppc
|
||||
%endif
|
||||
%ifarch s390x
|
||||
Recommends: qemu-s390x
|
||||
%else
|
||||
Suggests: qemu-s390x
|
||||
%endif
|
||||
%ifarch %arm aarch64
|
||||
Recommends: qemu-arm
|
||||
%else
|
||||
Suggests: qemu-arm
|
||||
%endif
|
||||
Suggests: qemu-block-dmg
|
||||
Suggests: qemu-block-gluster
|
||||
Suggests: qemu-block-iscsi
|
||||
@ -453,6 +469,7 @@ Group: System/Emulators/PC
|
||||
Version: %{qemuver}
|
||||
Release: 0
|
||||
Requires: %name = %{qemuver}
|
||||
Requires: qemu-SLOF
|
||||
Recommends: qemu-ipxe
|
||||
Recommends: qemu-vgabios
|
||||
|
||||
@ -915,7 +932,7 @@ Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*)
|
||||
This package contains the QEMU guest agent. It is installed in the linux guest
|
||||
to provide information and control at the guest OS level.
|
||||
|
||||
%ifarch %{build_rom_arch}
|
||||
%if %{build_x86_firmware}
|
||||
%package microvm
|
||||
Summary: x86 MicroVM firmware for QEMU
|
||||
Group: System/Emulators/PC
|
||||
@ -980,6 +997,7 @@ Provides Preboot Execution Environment (PXE) ROM support for various emulated
|
||||
network adapters available with QEMU.
|
||||
%endif
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
%package skiboot
|
||||
Summary: OPAL firmware (aka skiboot), used in booting OpenPOWER systems
|
||||
Group: System/Emulators/PC
|
||||
@ -994,6 +1012,18 @@ Provides: %name:%_datadir/%name/forsplits/06
|
||||
Provides OPAL (OpenPower Abstraction Layer) firmware, aka skiboot, as
|
||||
traditionally packaged with QEMU.
|
||||
|
||||
%package SLOF
|
||||
Summary: Slimline Open Firmware - SLOF
|
||||
Group: System/Emulators/PC
|
||||
Version: %{qemuver}
|
||||
Release: 0
|
||||
BuildArch: noarch
|
||||
|
||||
%description SLOF
|
||||
Slimline Open Firmware (SLOF) is an implementation of the IEEE 1275 standard.
|
||||
It can be used as partition firmware for pSeries machines running on QEMU or KVM.
|
||||
%endif
|
||||
|
||||
%package ksm
|
||||
Summary: Kernel Samepage Merging services
|
||||
Group: System/Emulators/PC
|
||||
@ -1171,6 +1201,7 @@ This package records qemu testsuite results and represents successful testing.
|
||||
%patch00067 -p1
|
||||
%patch00068 -p1
|
||||
%patch00069 -p1
|
||||
%patch00070 -p1
|
||||
%patch01000 -p1
|
||||
%patch01001 -p1
|
||||
%patch01002 -p1
|
||||
@ -1183,6 +1214,7 @@ This package records qemu testsuite results and represents successful testing.
|
||||
%patch02003 -p1
|
||||
%patch03000 -p1
|
||||
%patch03001 -p1
|
||||
%patch05000 -p1
|
||||
%patch11000 -p1
|
||||
%patch27000 -p1
|
||||
|
||||
@ -1194,85 +1226,69 @@ This package records qemu testsuite results and represents successful testing.
|
||||
# u-boot.e500 u-boot-sam460-20100605.bin opensbi-riscv32-generic-fw_dynamic.bin
|
||||
# opensbi-riscv32-generic-fw_dynamic.elfnpcm7xx_bootrom.bin
|
||||
|
||||
# This first list group isn't specific to what this instance builds
|
||||
%define ppc_default_firmware {%nil}
|
||||
# Note that:
|
||||
# - default firmwares are built "by default", i.e., they're built automatically
|
||||
# during the process of building QEMU (on each specific arch)
|
||||
# - extra firmwares are built "manually" (see below) from their own sources
|
||||
# (which, typically, are submodules checked out in the {srcdi}r/roms directory)
|
||||
%define ppc_default_firmware %{nil}
|
||||
%define ppc_extra_firmware {skiboot.lid slof.bin}
|
||||
%define ppc64_only_default_firmware {%nil}
|
||||
%define ppc64_only_extra_firmware {%nil}
|
||||
%define riscv64_default_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
|
||||
%define riscv64_default_firmware %{nil}
|
||||
%define riscv64_extra_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
|
||||
opensbi-riscv64-generic-fw_dynamic.elf}
|
||||
%define riscv64_extra_firmware {%nil}
|
||||
%define s390x_default_firmware {s390-ccw.img s390-netboot.img}
|
||||
%define s390x_extra_firmware {%nil}
|
||||
%define s390x_extra_firmware %{nil}
|
||||
%define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \
|
||||
multiboot_dma.bin kvmvapic.bin pvh.bin}
|
||||
%define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \
|
||||
pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \
|
||||
pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \
|
||||
vgabios.bin vgabios-cirrus.bin vgabios-qxl.bin vgabios-ramfb.bin \
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin}
|
||||
%define x86_64_only_default_firmware {%nil}
|
||||
%define x86_64_only_extra_firmware {efi-e1000.rom efi-e1000e.rom \
|
||||
efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom efi-rtl8139.rom efi-virtio.rom \
|
||||
efi-vmxnet3.rom}
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
|
||||
efi-e1000.rom efi-e1000e.rom efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom \
|
||||
efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom}
|
||||
|
||||
# Complete list of all the firmwares that we build, if we consider
|
||||
# all the builds, on all the arches.
|
||||
%define firmware { \
|
||||
%{?ppc_default_firmware} %{?ppc_extra_firmware} \
|
||||
%{?ppc64_only_default_firmware} %{?ppc64_only_extra_firmware} \
|
||||
%{?riscv64_default_firmware} %{?riscv64_extra_firmware} \
|
||||
%{?s390x_default_firmware} %{?s390x_extra_firmware} \
|
||||
%{?x86_default_firmware} %{?x86_extra_firmware} \
|
||||
%{?x86_64_only_default_firmware} %{?x86_64_only_extra_firmware} }
|
||||
%{ppc_default_firmware} %{ppc_extra_firmware} \
|
||||
%{riscv64_default_firmware} %{riscv64_extra_firmware} \
|
||||
%{s390x_default_firmware} %{s390x_extra_firmware} \
|
||||
%{x86_default_firmware} %{x86_extra_firmware} }
|
||||
|
||||
# This second list group is specific to what this instance builds
|
||||
# Note that:
|
||||
# - {arch}_default_built_firmware are the firmwares that we will be built by
|
||||
# default in this particular build, on the arch where we currently are on
|
||||
# - {arch}_extra_built_fimrware, likewise, but for extra firmwares, built manually
|
||||
%ifarch ppc64 ppc64le
|
||||
%define ppc_default_built_firmware %{ppc_default_firmware}
|
||||
%if %{build_skiboot_from_source} && %{build_slof_from_source}
|
||||
%define ppc_extra_built_firmware %{ppc_extra_firmware}
|
||||
%else
|
||||
%if %{build_skiboot_from_source}
|
||||
%define ppc_extra_built_firmware {skiboot.lid}
|
||||
%endif
|
||||
%if %{build_slof_from_source}
|
||||
%define ppc_extra_built_firmware {slof.bin}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%ifarch ppc64
|
||||
%define ppc64_only_default_built_firmware %{ppc64_only_default_firmware}
|
||||
%define ppc64_only_extra_built_firmware %{ppc64_only_extra_firmware}
|
||||
%endif
|
||||
|
||||
%ifarch riscv64
|
||||
%define riscv64_default_built_firmware %{riscv64_default_firmware}
|
||||
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
|
||||
%endif
|
||||
|
||||
%ifarch s390x
|
||||
%define s390x_default_built_firmware %{s390x_default_firmware}
|
||||
%define s390x_extra_built_firmware %{s390x_extra_firmware}
|
||||
%endif
|
||||
|
||||
%ifarch %ix86 x86_64
|
||||
%define x86_default_built_firmware %{x86_default_firmware}
|
||||
%ifarch x86_64
|
||||
%define x86_64_only_default_built_firmware %{x86_64_only_default_firmware}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%if %{build_opensbi_firmware}
|
||||
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
|
||||
%endif
|
||||
%if %{build_ppc_firmware}
|
||||
%define ppc_extra_built_firmware %{ppc_extra_firmware}
|
||||
%endif
|
||||
%if %{build_x86_firmware}
|
||||
%define x86_extra_built_firmware %{x86_extra_firmware}
|
||||
%ifarch x86_64
|
||||
%define x86_64_only_extra_built_firmware %{x86_64_only_extra_firmware}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# List of only firmwares that will actually be built, in this instance
|
||||
%define built_firmware { \
|
||||
%{?ppc_default_built_firmware} %{?ppc_extra_built_firmware} \
|
||||
%{?ppc64_only_default_built_firmware} %{?ppc64_only_extra_built_firmware} \
|
||||
%{?riscv64_default_built_firmware} %{?riscv64_extra_built_firmware} \
|
||||
%{?s390x_default_built_firmware} %{?s390x_extra_built_firmware} \
|
||||
%{?x86_default_built_firmware} %{?x86_extra_built_firmware} \
|
||||
%{?x86_64_only_default_built_firmware} %{?x86_64_only_extra_built_firmware} }
|
||||
%{?x86_default_built_firmware} %{?x86_extra_built_firmware} }
|
||||
|
||||
# above section is for qemu and qemu-testsuite
|
||||
%endif
|
||||
@ -1503,7 +1519,9 @@ cd %blddir
|
||||
|
||||
%if "%{name}" == "qemu"
|
||||
|
||||
# delete the firmware files that we intend to build
|
||||
# Let's build QEMU (and all the "default" firmwares, for each arch)
|
||||
|
||||
# First, delete the firmware files that we intend to build...
|
||||
for i in %built_firmware
|
||||
do
|
||||
unlink %srcdir/pc-bios/$i
|
||||
@ -1511,68 +1529,57 @@ done
|
||||
|
||||
make %{?_smp_mflags} V=1
|
||||
|
||||
# Firmware
|
||||
|
||||
%ifarch s390x
|
||||
for i in %s390x_default_built_firmware
|
||||
# ... And then, reinstate the firmwares that have been built already
|
||||
for i in %{?s390x_default_built_firmware}
|
||||
do
|
||||
cp pc-bios/s390-ccw/$i %srcdir/pc-bios/
|
||||
done
|
||||
%endif
|
||||
|
||||
%ifarch ppc64
|
||||
for i in %ppc64_only_default_built_firmware
|
||||
do
|
||||
cp pc-bios/spapr-rtas/$i %srcdir/pc-bios/
|
||||
done
|
||||
%endif
|
||||
|
||||
%ifarch %ix86 x86_64
|
||||
for i in %x86_default_built_firmware
|
||||
for i in %{?x86_default_built_firmware}
|
||||
do
|
||||
cp pc-bios/optionrom/$i %srcdir/pc-bios/
|
||||
done
|
||||
%ifarch x86_64
|
||||
for i in %x86_64_only_default_built_firmware
|
||||
do
|
||||
cp pc-bios/optionrom/$i %srcdir/pc-bios/
|
||||
done
|
||||
%endif
|
||||
|
||||
# Build the "extra" firmwares. Note that the QEMU Makefile in {srcdir}/roms
|
||||
# does some cross-compiler auto detection. So we often don't need to define
|
||||
# or pass CROSS= and CROSS_COMPILE ourselves.
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
# FIXME: check if we can upstream: Makefile-define-endianess-for-cross-buil.patch
|
||||
make %{?_smp_mflags} -C %srcdir/roms skiboot
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms slof
|
||||
%endif
|
||||
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%ifnarch %{ix86} x86_64
|
||||
export CC=x86_64-suse-linux-gcc
|
||||
export LD=x86_64-suse-linux-ld
|
||||
%if %{build_opensbi_firmware}
|
||||
make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic
|
||||
%endif
|
||||
|
||||
%if %{build_x86_firmware}
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms bios \
|
||||
SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \
|
||||
%ifnarch %ix86 x86_64
|
||||
HOSTCC=cc \
|
||||
%endif
|
||||
|
||||
# FIXME: check if we can upstream: roms-Makefile-add-cross-file-to-qboot-me.patch
|
||||
# and qboot-add-cross.ini-file-to-handle-aarch.patch
|
||||
make %{?_smp_mflags} -C %srcdir/roms qboot
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms seavgabios \
|
||||
%ifnarch %ix86 x86_64
|
||||
HOSTCC=cc \
|
||||
%endif
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms seavgabios-ati \
|
||||
%ifnarch %ix86 x86_64
|
||||
HOSTCC=cc \
|
||||
%endif
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms pxerom
|
||||
|
||||
%ifnarch %ix86
|
||||
make %{?_smp_mflags} -C %srcdir/roms efirom \
|
||||
EDK2_BASETOOLS_OPTFLAGS='-fPIE'
|
||||
%endif
|
||||
|
||||
make -C %srcdir/roms sgabios \
|
||||
HOSTCC=cc
|
||||
# We're currently not building firmware on ix86, but let's make sure this works
|
||||
# fine if one enables it, e.g., locally (for debugging or something).
|
||||
# FIXME: check if we can get rid or upstream: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
|
||||
make -C %srcdir/roms sgabios HOSTCC=cc \
|
||||
%ifnarch %ix86 x86_64
|
||||
CC=x86_64-suse-linux-gcc LD=x86_64-suse-linux-ld \
|
||||
%endif
|
||||
|
||||
%if %{force_fit_virtio_pxe_rom}
|
||||
pushd %srcdir
|
||||
@ -1607,26 +1614,13 @@ for i in %supported_nics_small
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
%ifnarch %{ix86} x86_64
|
||||
unset CC
|
||||
unset LD
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if %{build_skiboot_from_source}
|
||||
make %{?_smp_mflags} -C %srcdir/roms skiboot CROSS=
|
||||
%endif
|
||||
# End of {build_x86_firmware}
|
||||
|
||||
%if %{build_slof_from_source}
|
||||
make %{?_smp_mflags} -C %srcdir/roms slof
|
||||
%endif
|
||||
# End of "{name}" == "qemu"
|
||||
|
||||
%if %{build_opensbi_from_source}
|
||||
make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic CROSS_COMPILE=
|
||||
%endif
|
||||
|
||||
# above section is for qemu
|
||||
%endif
|
||||
# ------------------------------------------------------------------------
|
||||
%if "%{name}" == "qemu-testsuite"
|
||||
|
||||
@ -1778,15 +1772,7 @@ ln -s qemu-binfmt %{buildroot}%_bindir/qemu-xtensaeb-binfmt
|
||||
%if "%{name}" == "qemu"
|
||||
|
||||
make %{?_smp_mflags} install DESTDIR=%{buildroot}
|
||||
%ifarch %{build_rom_arch}
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
|
||||
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
|
||||
%else
|
||||
for f in %{x86_extra_firmware} \
|
||||
%{x86_64_only_extra_firmware}; do
|
||||
unlink %{buildroot}%_datadir/%name/$f
|
||||
done
|
||||
%endif
|
||||
|
||||
%find_lang %name
|
||||
install -d -m 0755 %{buildroot}%_datadir/%name/firmware
|
||||
install -d -m 0755 %{buildroot}/usr/lib/supportconfig/plugins
|
||||
@ -1796,6 +1782,7 @@ install -D -m 0755 %{SOURCE3} %{buildroot}%_datadir/%name/qemu-ifup
|
||||
install -D -p -m 0644 %{SOURCE8} %{buildroot}/usr/lib/udev/rules.d/80-qemu-ga.rules
|
||||
install -D -m 0755 scripts/analyze-migration.py %{buildroot}%_bindir/analyze-migration.py
|
||||
install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmstate-static-checker.py
|
||||
install -D -m 0755 scripts/kvm/vmxcap %{buildroot}%_bindir/vmxcap
|
||||
install -D -m 0755 %{SOURCE9} %{buildroot}/usr/lib/supportconfig/plugins/%name
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
|
||||
@ -1843,17 +1830,43 @@ unlink %{buildroot}%_datadir/%name/edk2-x86_64-secure-code.fd
|
||||
# this was never meant for customer consumption - delete even though installed
|
||||
unlink %{buildroot}%_bindir/elf2dmp
|
||||
|
||||
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
|
||||
for X in 00 01 02 03 04 05 07 08 09 10 11 12 13 14 15 16 17 18 19
|
||||
do
|
||||
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
|
||||
done
|
||||
|
||||
# For PPC and x86 firmwares, there are a few extra install steps necessary.
|
||||
# In general, if we know that we have not built a firmware, remove it from the
|
||||
# install base, as the one that we have there is the upstream binary, that got
|
||||
# copied there during `make install`.
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
# in support of update-alternatives
|
||||
mv %{buildroot}%_datadir/%name/skiboot.lid %{buildroot}%_datadir/%name/skiboot.lid.qemu
|
||||
# create a dummy target for /etc/alternatives/skiboot.lid
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
|
||||
ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid
|
||||
|
||||
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
|
||||
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19
|
||||
do
|
||||
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
|
||||
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/06
|
||||
%else
|
||||
for f in %{ppc_extra_firmware} ; do
|
||||
unlink %{buildroot}%_datadir/%name/$f
|
||||
done
|
||||
%endif
|
||||
|
||||
# For riscv64 firmwares (currently, only opensbi), we leave them there in
|
||||
# any case, because they're part of the qemu-extra package, and riscv is
|
||||
# a bit special in many ways already.
|
||||
|
||||
%if %{build_x86_firmware}
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
|
||||
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
|
||||
%else
|
||||
for f in %{x86_extra_firmware} ; do
|
||||
unlink %{buildroot}%_datadir/%name/$f
|
||||
done
|
||||
%endif
|
||||
|
||||
%suse_update_desktop_file qemu
|
||||
%fdupes -s %{buildroot}
|
||||
|
||||
@ -1918,6 +1931,7 @@ fi
|
||||
%postun ksm
|
||||
%service_del_postun ksm.service
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
%post skiboot
|
||||
update-alternatives --install \
|
||||
%{_datadir}/%name/skiboot.lid skiboot.lid %{_datadir}/%name/skiboot.lid.qemu 15
|
||||
@ -1926,6 +1940,7 @@ update-alternatives --install \
|
||||
if [ ! -f %{_datadir}/%name/skiboot.lid.qemu ] ; then
|
||||
update-alternatives --remove skiboot.lid %{_datadir}/%name/skiboot.lid.qemu
|
||||
fi
|
||||
%endif
|
||||
|
||||
# above section is for qemu
|
||||
%endif
|
||||
@ -2212,7 +2227,6 @@ fi
|
||||
%_datadir/%name/canyonlands.dtb
|
||||
%_datadir/%name/openbios-ppc
|
||||
%_datadir/%name/qemu_vga.ndrv
|
||||
%_datadir/%name/slof.bin
|
||||
%_datadir/%name/u-boot.e500
|
||||
%_datadir/%name/u-boot-sam460-20100605.bin
|
||||
%dir %_docdir/qemu-ppc
|
||||
@ -2464,7 +2478,7 @@ fi
|
||||
%files lang -f %blddir/%name.lang
|
||||
%defattr(-, root, root)
|
||||
|
||||
%ifarch %{build_rom_arch}
|
||||
%if %{build_x86_firmware}
|
||||
%files seabios
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name
|
||||
@ -2516,6 +2530,7 @@ fi
|
||||
%_datadir/%name/pxe-virtio.rom
|
||||
%endif
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
%files skiboot
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name
|
||||
@ -2525,6 +2540,12 @@ fi
|
||||
%_datadir/%name/skiboot.lid.qemu
|
||||
%ghost %_sysconfdir/alternatives/skiboot.lid
|
||||
|
||||
%files SLOF
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name
|
||||
%_datadir/%name/slof.bin
|
||||
%endif
|
||||
|
||||
%files vhost-user-gpu
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name/vhost-user
|
||||
@ -2542,6 +2563,7 @@ fi
|
||||
%_bindir/qemu-pr-helper
|
||||
%_bindir/qemu-storage-daemon
|
||||
%_bindir/vmstate-static-checker.py
|
||||
%_bindir/vmxcap
|
||||
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
|
||||
%_libexecdir/virtfs-proxy-helper
|
||||
%_libexecdir/virtiofsd
|
||||
|
367
qemu.spec.in
367
qemu.spec.in
@ -22,39 +22,50 @@
|
||||
|
||||
%define _buildshell /bin/bash
|
||||
|
||||
%define build_x86_firmware_from_source 0
|
||||
%define build_skiboot_from_source 0
|
||||
%define build_slof_from_source 0
|
||||
%define build_opensbi_from_source 0
|
||||
%define build_x86_firmware 0
|
||||
%define build_ppc_firmware 0
|
||||
%define build_opensbi_firmware 0
|
||||
%define kvm_available 0
|
||||
%define legacy_qemu_kvm 0
|
||||
%define force_fit_virtio_pxe_rom 1
|
||||
|
||||
%define build_rom_arch %ix86 x86_64 aarch64
|
||||
|
||||
%if "%{?distribution}" == ""
|
||||
%define distro private-build
|
||||
%else
|
||||
%define distro %{distribution}
|
||||
%endif
|
||||
|
||||
%ifarch %{build_rom_arch}
|
||||
# choice of building all from source or using provided binary x86 blobs
|
||||
%define build_x86_firmware_from_source 1
|
||||
%endif
|
||||
# So, we have openSUSE:Factory, and we have "ports". In openSUSE:Factory, we
|
||||
# have i586 and x86_64. In the :ARM port, we have aarch64, armv6l and armv7l.
|
||||
# In the :PowerPC port, we have ppc64, ppc and ppc64le. In the :zSystems port
|
||||
# we have s390x. And in the :RISCV we have riscv.
|
||||
#
|
||||
# Ideally, we'd want to build the firmwares at least once per port, and then
|
||||
# share the resulting packages among the arch-es within each port (check the
|
||||
# `ExportFilter` directives in the project config).
|
||||
#
|
||||
# Of course, we always build the "native fimrwares" (e.g., x86 firmwares on
|
||||
# x86_64, PPC firmwares on ppc64le, etc). But we also cross compile as much
|
||||
# firmwares as we can (e.g., both x86 and PPC firmwares on aarch64) so they'll
|
||||
# be available in as many ports as possible (as noarch packages).
|
||||
|
||||
%ifarch ppc64
|
||||
%define build_skiboot_from_source 0
|
||||
%define build_slof_from_source 1
|
||||
%ifarch x86_64 aarch64
|
||||
%define build_ppc_firmware 1
|
||||
# Currently, opensbi does not cross build cleanly on 15.3 and 15.4
|
||||
%if ! 0%{?sle_version}
|
||||
%define build_opensbi_firmware 1
|
||||
%endif
|
||||
|
||||
%ifarch ppc64le
|
||||
%define build_skiboot_from_source 0
|
||||
%define build_slof_from_source 1
|
||||
%define build_x86_firmware 1
|
||||
%endif
|
||||
%ifarch ppc64 ppc64le
|
||||
%define build_ppc_firmware 1
|
||||
%if ! 0%{?sle_version}
|
||||
%define build_opensbi_firmware 1
|
||||
%endif
|
||||
# FIXME: Try to enable cross building of x86 firmwares here on PPC
|
||||
%endif
|
||||
|
||||
%ifarch riscv64
|
||||
%define build_opensbi_from_source 1
|
||||
%define build_opensbi_firmware 1
|
||||
%endif
|
||||
|
||||
%ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
|
||||
@ -160,32 +171,37 @@ syscall layer occurs on the native hardware and operating system.
|
||||
# above section is for qemu-linux-user
|
||||
# ------------------------------------------------------------------------
|
||||
%else
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%if %{build_x86_firmware}
|
||||
BuildRequires: acpica
|
||||
%endif
|
||||
BuildRequires: pkgconfig(alsa)
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: binutils-devel
|
||||
%endif
|
||||
BuildRequires: bison
|
||||
BuildRequires: brlapi-devel
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%ifnarch %{ix86} x86_64
|
||||
BuildRequires: dos2unix
|
||||
BuildRequires: glibc-devel-32bit
|
||||
BuildRequires: pkgconfig(liblzma)
|
||||
%ifnarch %ix86 x86_64
|
||||
# We must cross-compile on non-x86*
|
||||
BuildRequires: cross-x86_64-binutils
|
||||
BuildRequires: cross-x86_64-gcc%gcc_version
|
||||
%endif
|
||||
%endif
|
||||
%if %{build_opensbi_firmware}
|
||||
%ifnarch riscv64
|
||||
BuildRequires: cross-riscv64-binutils
|
||||
BuildRequires: cross-riscv64-gcc%gcc_version
|
||||
%endif
|
||||
%endif
|
||||
%if %{build_ppc_firmware}
|
||||
%ifnarch ppc64 ppc64le
|
||||
BuildRequires: cross-ppc64-binutils
|
||||
BuildRequires: cross-ppc64-gcc%gcc_version
|
||||
%endif
|
||||
%endif
|
||||
BuildRequires: pkgconfig(alsa)
|
||||
BuildRequires: bison
|
||||
BuildRequires: brlapi-devel
|
||||
BuildRequires: pkgconfig(libcurl) >= 7.29
|
||||
BuildRequires: pkgconfig(libsasl2)
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: dos2unix
|
||||
%endif
|
||||
BuildRequires: flex
|
||||
BuildRequires: pkgconfig(glib-2.0) >= 2.56
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: glibc-devel-32bit
|
||||
%endif
|
||||
BuildRequires: libaio-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libbz2-devel
|
||||
@ -252,9 +268,6 @@ BuildRequires: pkgconfig(vte-2.91)
|
||||
BuildRequires: xen-devel >= 4.2
|
||||
%endif
|
||||
BuildRequires: xfsprogs-devel
|
||||
%if %{build_x86_firmware_from_source}
|
||||
BuildRequires: pkgconfig(liblzma)
|
||||
%endif
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
BuildRequires: pkgconfig(libzstd)
|
||||
%if "%{name}" == "qemu"
|
||||
@ -268,6 +281,26 @@ Requires(post): udev
|
||||
%ifarch s390x
|
||||
Requires(post): procps
|
||||
%endif
|
||||
%ifarch %ix86 x86_64
|
||||
Requires: qemu-x86
|
||||
%else
|
||||
Suggests: qemu-x86
|
||||
%endif
|
||||
%ifarch ppc ppc64 ppc64le
|
||||
Requires: qemu-ppc
|
||||
%else
|
||||
Suggests: qemu-ppc
|
||||
%endif
|
||||
%ifarch s390x
|
||||
Requires: qemu-s390x
|
||||
%else
|
||||
Suggests: qemu-s390x
|
||||
%endif
|
||||
%ifarch %arm aarch64
|
||||
Requires: qemu-arm
|
||||
%else
|
||||
Suggests: qemu-arm
|
||||
%endif
|
||||
Recommends: kvm_stat
|
||||
%endif
|
||||
Recommends: qemu-block-curl
|
||||
@ -287,26 +320,6 @@ Recommends: qemu-hw-usb-smartcard
|
||||
Recommends: qemu-ui-gtk
|
||||
Recommends: qemu-ui-spice-app
|
||||
%endif
|
||||
%ifarch %{ix86} x86_64
|
||||
Recommends: qemu-x86
|
||||
%else
|
||||
Suggests: qemu-x86
|
||||
%endif
|
||||
%ifarch ppc ppc64 ppc64le
|
||||
Recommends: qemu-ppc
|
||||
%else
|
||||
Suggests: qemu-ppc
|
||||
%endif
|
||||
%ifarch s390x
|
||||
Recommends: qemu-s390x
|
||||
%else
|
||||
Suggests: qemu-s390x
|
||||
%endif
|
||||
%ifarch %arm aarch64
|
||||
Recommends: qemu-arm
|
||||
%else
|
||||
Suggests: qemu-arm
|
||||
%endif
|
||||
Suggests: qemu-block-dmg
|
||||
Suggests: qemu-block-gluster
|
||||
Suggests: qemu-block-iscsi
|
||||
@ -363,6 +376,7 @@ Group: System/Emulators/PC
|
||||
Version: %{qemuver}
|
||||
Release: 0
|
||||
Requires: %name = %{qemuver}
|
||||
Requires: qemu-SLOF
|
||||
Recommends: qemu-ipxe
|
||||
Recommends: qemu-vgabios
|
||||
|
||||
@ -825,7 +839,7 @@ Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*)
|
||||
This package contains the QEMU guest agent. It is installed in the linux guest
|
||||
to provide information and control at the guest OS level.
|
||||
|
||||
%ifarch %{build_rom_arch}
|
||||
%if %{build_x86_firmware}
|
||||
%package microvm
|
||||
Summary: x86 MicroVM firmware for QEMU
|
||||
Group: System/Emulators/PC
|
||||
@ -890,6 +904,7 @@ Provides Preboot Execution Environment (PXE) ROM support for various emulated
|
||||
network adapters available with QEMU.
|
||||
%endif
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
%package skiboot
|
||||
Summary: OPAL firmware (aka skiboot), used in booting OpenPOWER systems
|
||||
Group: System/Emulators/PC
|
||||
@ -904,6 +919,18 @@ Provides: %name:%_datadir/%name/forsplits/06
|
||||
Provides OPAL (OpenPower Abstraction Layer) firmware, aka skiboot, as
|
||||
traditionally packaged with QEMU.
|
||||
|
||||
%package SLOF
|
||||
Summary: Slimline Open Firmware - SLOF
|
||||
Group: System/Emulators/PC
|
||||
Version: %{qemuver}
|
||||
Release: 0
|
||||
BuildArch: noarch
|
||||
|
||||
%description SLOF
|
||||
Slimline Open Firmware (SLOF) is an implementation of the IEEE 1275 standard.
|
||||
It can be used as partition firmware for pSeries machines running on QEMU or KVM.
|
||||
%endif
|
||||
|
||||
%package ksm
|
||||
Summary: Kernel Samepage Merging services
|
||||
Group: System/Emulators/PC
|
||||
@ -1015,85 +1042,69 @@ PATCH_EXEC
|
||||
# u-boot.e500 u-boot-sam460-20100605.bin opensbi-riscv32-generic-fw_dynamic.bin
|
||||
# opensbi-riscv32-generic-fw_dynamic.elfnpcm7xx_bootrom.bin
|
||||
|
||||
# This first list group isn't specific to what this instance builds
|
||||
%define ppc_default_firmware {%nil}
|
||||
# Note that:
|
||||
# - default firmwares are built "by default", i.e., they're built automatically
|
||||
# during the process of building QEMU (on each specific arch)
|
||||
# - extra firmwares are built "manually" (see below) from their own sources
|
||||
# (which, typically, are submodules checked out in the {srcdi}r/roms directory)
|
||||
%define ppc_default_firmware %{nil}
|
||||
%define ppc_extra_firmware {skiboot.lid slof.bin}
|
||||
%define ppc64_only_default_firmware {%nil}
|
||||
%define ppc64_only_extra_firmware {%nil}
|
||||
%define riscv64_default_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
|
||||
%define riscv64_default_firmware %{nil}
|
||||
%define riscv64_extra_firmware {opensbi-riscv64-generic-fw_dynamic.bin \
|
||||
opensbi-riscv64-generic-fw_dynamic.elf}
|
||||
%define riscv64_extra_firmware {%nil}
|
||||
%define s390x_default_firmware {s390-ccw.img s390-netboot.img}
|
||||
%define s390x_extra_firmware {%nil}
|
||||
%define s390x_extra_firmware %{nil}
|
||||
%define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \
|
||||
multiboot_dma.bin kvmvapic.bin pvh.bin}
|
||||
%define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \
|
||||
pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \
|
||||
pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \
|
||||
vgabios.bin vgabios-cirrus.bin vgabios-qxl.bin vgabios-ramfb.bin \
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin}
|
||||
%define x86_64_only_default_firmware {%nil}
|
||||
%define x86_64_only_extra_firmware {efi-e1000.rom efi-e1000e.rom \
|
||||
efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom efi-rtl8139.rom efi-virtio.rom \
|
||||
efi-vmxnet3.rom}
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
|
||||
efi-e1000.rom efi-e1000e.rom efi-eepro100.rom efi-ne2k_pci.rom efi-pcnet.rom \
|
||||
efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom}
|
||||
|
||||
# Complete list of all the firmwares that we build, if we consider
|
||||
# all the builds, on all the arches.
|
||||
%define firmware { \
|
||||
%{?ppc_default_firmware} %{?ppc_extra_firmware} \
|
||||
%{?ppc64_only_default_firmware} %{?ppc64_only_extra_firmware} \
|
||||
%{?riscv64_default_firmware} %{?riscv64_extra_firmware} \
|
||||
%{?s390x_default_firmware} %{?s390x_extra_firmware} \
|
||||
%{?x86_default_firmware} %{?x86_extra_firmware} \
|
||||
%{?x86_64_only_default_firmware} %{?x86_64_only_extra_firmware} }
|
||||
%{ppc_default_firmware} %{ppc_extra_firmware} \
|
||||
%{riscv64_default_firmware} %{riscv64_extra_firmware} \
|
||||
%{s390x_default_firmware} %{s390x_extra_firmware} \
|
||||
%{x86_default_firmware} %{x86_extra_firmware} }
|
||||
|
||||
# This second list group is specific to what this instance builds
|
||||
# Note that:
|
||||
# - {arch}_default_built_firmware are the firmwares that we will be built by
|
||||
# default in this particular build, on the arch where we currently are on
|
||||
# - {arch}_extra_built_fimrware, likewise, but for extra firmwares, built manually
|
||||
%ifarch ppc64 ppc64le
|
||||
%define ppc_default_built_firmware %{ppc_default_firmware}
|
||||
%if %{build_skiboot_from_source} && %{build_slof_from_source}
|
||||
%define ppc_extra_built_firmware %{ppc_extra_firmware}
|
||||
%else
|
||||
%if %{build_skiboot_from_source}
|
||||
%define ppc_extra_built_firmware {skiboot.lid}
|
||||
%endif
|
||||
%if %{build_slof_from_source}
|
||||
%define ppc_extra_built_firmware {slof.bin}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%ifarch ppc64
|
||||
%define ppc64_only_default_built_firmware %{ppc64_only_default_firmware}
|
||||
%define ppc64_only_extra_built_firmware %{ppc64_only_extra_firmware}
|
||||
%endif
|
||||
|
||||
%ifarch riscv64
|
||||
%define riscv64_default_built_firmware %{riscv64_default_firmware}
|
||||
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
|
||||
%endif
|
||||
|
||||
%ifarch s390x
|
||||
%define s390x_default_built_firmware %{s390x_default_firmware}
|
||||
%define s390x_extra_built_firmware %{s390x_extra_firmware}
|
||||
%endif
|
||||
|
||||
%ifarch %ix86 x86_64
|
||||
%define x86_default_built_firmware %{x86_default_firmware}
|
||||
%ifarch x86_64
|
||||
%define x86_64_only_default_built_firmware %{x86_64_only_default_firmware}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%if %{build_opensbi_firmware}
|
||||
%define riscv64_extra_built_firmware %{riscv64_extra_firmware}
|
||||
%endif
|
||||
%if %{build_ppc_firmware}
|
||||
%define ppc_extra_built_firmware %{ppc_extra_firmware}
|
||||
%endif
|
||||
%if %{build_x86_firmware}
|
||||
%define x86_extra_built_firmware %{x86_extra_firmware}
|
||||
%ifarch x86_64
|
||||
%define x86_64_only_extra_built_firmware %{x86_64_only_extra_firmware}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# List of only firmwares that will actually be built, in this instance
|
||||
%define built_firmware { \
|
||||
%{?ppc_default_built_firmware} %{?ppc_extra_built_firmware} \
|
||||
%{?ppc64_only_default_built_firmware} %{?ppc64_only_extra_built_firmware} \
|
||||
%{?riscv64_default_built_firmware} %{?riscv64_extra_built_firmware} \
|
||||
%{?s390x_default_built_firmware} %{?s390x_extra_built_firmware} \
|
||||
%{?x86_default_built_firmware} %{?x86_extra_built_firmware} \
|
||||
%{?x86_64_only_default_built_firmware} %{?x86_64_only_extra_built_firmware} }
|
||||
%{?x86_default_built_firmware} %{?x86_extra_built_firmware} }
|
||||
|
||||
# above section is for qemu and qemu-testsuite
|
||||
%endif
|
||||
@ -1324,7 +1335,9 @@ cd %blddir
|
||||
|
||||
%if "%{name}" == "qemu"
|
||||
|
||||
# delete the firmware files that we intend to build
|
||||
# Let's build QEMU (and all the "default" firmwares, for each arch)
|
||||
|
||||
# First, delete the firmware files that we intend to build...
|
||||
for i in %built_firmware
|
||||
do
|
||||
unlink %srcdir/pc-bios/$i
|
||||
@ -1332,68 +1345,57 @@ done
|
||||
|
||||
make %{?_smp_mflags} V=1
|
||||
|
||||
# Firmware
|
||||
|
||||
%ifarch s390x
|
||||
for i in %s390x_default_built_firmware
|
||||
# ... And then, reinstate the firmwares that have been built already
|
||||
for i in %{?s390x_default_built_firmware}
|
||||
do
|
||||
cp pc-bios/s390-ccw/$i %srcdir/pc-bios/
|
||||
done
|
||||
%endif
|
||||
|
||||
%ifarch ppc64
|
||||
for i in %ppc64_only_default_built_firmware
|
||||
do
|
||||
cp pc-bios/spapr-rtas/$i %srcdir/pc-bios/
|
||||
done
|
||||
%endif
|
||||
|
||||
%ifarch %ix86 x86_64
|
||||
for i in %x86_default_built_firmware
|
||||
for i in %{?x86_default_built_firmware}
|
||||
do
|
||||
cp pc-bios/optionrom/$i %srcdir/pc-bios/
|
||||
done
|
||||
%ifarch x86_64
|
||||
for i in %x86_64_only_default_built_firmware
|
||||
do
|
||||
cp pc-bios/optionrom/$i %srcdir/pc-bios/
|
||||
done
|
||||
%endif
|
||||
|
||||
# Build the "extra" firmwares. Note that the QEMU Makefile in {srcdir}/roms
|
||||
# does some cross-compiler auto detection. So we often don't need to define
|
||||
# or pass CROSS= and CROSS_COMPILE ourselves.
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
# FIXME: check if we can upstream: Makefile-define-endianess-for-cross-buil.patch
|
||||
make %{?_smp_mflags} -C %srcdir/roms skiboot
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms slof
|
||||
%endif
|
||||
|
||||
%if %{build_x86_firmware_from_source}
|
||||
%ifnarch %{ix86} x86_64
|
||||
export CC=x86_64-suse-linux-gcc
|
||||
export LD=x86_64-suse-linux-ld
|
||||
%if %{build_opensbi_firmware}
|
||||
make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic
|
||||
%endif
|
||||
|
||||
%if %{build_x86_firmware}
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms bios \
|
||||
SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \
|
||||
%ifnarch %ix86 x86_64
|
||||
HOSTCC=cc \
|
||||
%endif
|
||||
|
||||
# FIXME: check if we can upstream: roms-Makefile-add-cross-file-to-qboot-me.patch
|
||||
# and qboot-add-cross.ini-file-to-handle-aarch.patch
|
||||
make %{?_smp_mflags} -C %srcdir/roms qboot
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms seavgabios \
|
||||
%ifnarch %ix86 x86_64
|
||||
HOSTCC=cc \
|
||||
%endif
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms seavgabios-ati \
|
||||
%ifnarch %ix86 x86_64
|
||||
HOSTCC=cc \
|
||||
%endif
|
||||
|
||||
make %{?_smp_mflags} -C %srcdir/roms pxerom
|
||||
|
||||
%ifnarch %ix86
|
||||
make %{?_smp_mflags} -C %srcdir/roms efirom \
|
||||
EDK2_BASETOOLS_OPTFLAGS='-fPIE'
|
||||
%endif
|
||||
|
||||
make -C %srcdir/roms sgabios \
|
||||
HOSTCC=cc
|
||||
# We're currently not building firmware on ix86, but let's make sure this works
|
||||
# fine if one enables it, e.g., locally (for debugging or something).
|
||||
# FIXME: check if we can get rid or upstream: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
|
||||
make -C %srcdir/roms sgabios HOSTCC=cc \
|
||||
%ifnarch %ix86 x86_64
|
||||
CC=x86_64-suse-linux-gcc LD=x86_64-suse-linux-ld \
|
||||
%endif
|
||||
|
||||
%if %{force_fit_virtio_pxe_rom}
|
||||
pushd %srcdir
|
||||
@ -1428,26 +1430,13 @@ for i in %supported_nics_small
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
%ifnarch %{ix86} x86_64
|
||||
unset CC
|
||||
unset LD
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if %{build_skiboot_from_source}
|
||||
make %{?_smp_mflags} -C %srcdir/roms skiboot CROSS=
|
||||
%endif
|
||||
# End of {build_x86_firmware}
|
||||
|
||||
%if %{build_slof_from_source}
|
||||
make %{?_smp_mflags} -C %srcdir/roms slof
|
||||
%endif
|
||||
# End of "{name}" == "qemu"
|
||||
|
||||
%if %{build_opensbi_from_source}
|
||||
make %{?_smp_mflags} -C %srcdir/roms opensbi64-generic CROSS_COMPILE=
|
||||
%endif
|
||||
|
||||
# above section is for qemu
|
||||
%endif
|
||||
# ------------------------------------------------------------------------
|
||||
%if "%{name}" == "qemu-testsuite"
|
||||
|
||||
@ -1599,15 +1588,7 @@ ln -s qemu-binfmt %{buildroot}%_bindir/qemu-xtensaeb-binfmt
|
||||
%if "%{name}" == "qemu"
|
||||
|
||||
make %{?_smp_mflags} install DESTDIR=%{buildroot}
|
||||
%ifarch %{build_rom_arch}
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
|
||||
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
|
||||
%else
|
||||
for f in %{x86_extra_firmware} \
|
||||
%{x86_64_only_extra_firmware}; do
|
||||
unlink %{buildroot}%_datadir/%name/$f
|
||||
done
|
||||
%endif
|
||||
|
||||
%find_lang %name
|
||||
install -d -m 0755 %{buildroot}%_datadir/%name/firmware
|
||||
install -d -m 0755 %{buildroot}/usr/lib/supportconfig/plugins
|
||||
@ -1617,6 +1598,7 @@ install -D -m 0755 %{SOURCE3} %{buildroot}%_datadir/%name/qemu-ifup
|
||||
install -D -p -m 0644 %{SOURCE8} %{buildroot}/usr/lib/udev/rules.d/80-qemu-ga.rules
|
||||
install -D -m 0755 scripts/analyze-migration.py %{buildroot}%_bindir/analyze-migration.py
|
||||
install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmstate-static-checker.py
|
||||
install -D -m 0755 scripts/kvm/vmxcap %{buildroot}%_bindir/vmxcap
|
||||
install -D -m 0755 %{SOURCE9} %{buildroot}/usr/lib/supportconfig/plugins/%name
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
|
||||
@ -1664,17 +1646,43 @@ unlink %{buildroot}%_datadir/%name/edk2-x86_64-secure-code.fd
|
||||
# this was never meant for customer consumption - delete even though installed
|
||||
unlink %{buildroot}%_bindir/elf2dmp
|
||||
|
||||
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
|
||||
for X in 00 01 02 03 04 05 07 08 09 10 11 12 13 14 15 16 17 18 19
|
||||
do
|
||||
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
|
||||
done
|
||||
|
||||
# For PPC and x86 firmwares, there are a few extra install steps necessary.
|
||||
# In general, if we know that we have not built a firmware, remove it from the
|
||||
# install base, as the one that we have there is the upstream binary, that got
|
||||
# copied there during `make install`.
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
# in support of update-alternatives
|
||||
mv %{buildroot}%_datadir/%name/skiboot.lid %{buildroot}%_datadir/%name/skiboot.lid.qemu
|
||||
# create a dummy target for /etc/alternatives/skiboot.lid
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
|
||||
ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid
|
||||
|
||||
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
|
||||
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19
|
||||
do
|
||||
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
|
||||
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/06
|
||||
%else
|
||||
for f in %{ppc_extra_firmware} ; do
|
||||
unlink %{buildroot}%_datadir/%name/$f
|
||||
done
|
||||
%endif
|
||||
|
||||
# For riscv64 firmwares (currently, only opensbi), we leave them there in
|
||||
# any case, because they're part of the qemu-extra package, and riscv is
|
||||
# a bit special in many ways already.
|
||||
|
||||
%if %{build_x86_firmware}
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_datadir/%name/firmware/50-seabios-256k.json
|
||||
install -D -m 0644 %{SOURCE15} %{buildroot}%_datadir/%name/firmware/60-seabios-128k.json
|
||||
%else
|
||||
for f in %{x86_extra_firmware} ; do
|
||||
unlink %{buildroot}%_datadir/%name/$f
|
||||
done
|
||||
%endif
|
||||
|
||||
%suse_update_desktop_file qemu
|
||||
%fdupes -s %{buildroot}
|
||||
|
||||
@ -1739,6 +1747,7 @@ fi
|
||||
%postun ksm
|
||||
%service_del_postun ksm.service
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
%post skiboot
|
||||
update-alternatives --install \
|
||||
%{_datadir}/%name/skiboot.lid skiboot.lid %{_datadir}/%name/skiboot.lid.qemu 15
|
||||
@ -1747,6 +1756,7 @@ update-alternatives --install \
|
||||
if [ ! -f %{_datadir}/%name/skiboot.lid.qemu ] ; then
|
||||
update-alternatives --remove skiboot.lid %{_datadir}/%name/skiboot.lid.qemu
|
||||
fi
|
||||
%endif
|
||||
|
||||
# above section is for qemu
|
||||
%endif
|
||||
@ -2033,7 +2043,6 @@ fi
|
||||
%_datadir/%name/canyonlands.dtb
|
||||
%_datadir/%name/openbios-ppc
|
||||
%_datadir/%name/qemu_vga.ndrv
|
||||
%_datadir/%name/slof.bin
|
||||
%_datadir/%name/u-boot.e500
|
||||
%_datadir/%name/u-boot-sam460-20100605.bin
|
||||
%dir %_docdir/qemu-ppc
|
||||
@ -2285,7 +2294,7 @@ fi
|
||||
%files lang -f %blddir/%name.lang
|
||||
%defattr(-, root, root)
|
||||
|
||||
%ifarch %{build_rom_arch}
|
||||
%if %{build_x86_firmware}
|
||||
%files seabios
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name
|
||||
@ -2337,6 +2346,7 @@ fi
|
||||
%_datadir/%name/pxe-virtio.rom
|
||||
%endif
|
||||
|
||||
%if %{build_ppc_firmware}
|
||||
%files skiboot
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name
|
||||
@ -2346,6 +2356,12 @@ fi
|
||||
%_datadir/%name/skiboot.lid.qemu
|
||||
%ghost %_sysconfdir/alternatives/skiboot.lid
|
||||
|
||||
%files SLOF
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name
|
||||
%_datadir/%name/slof.bin
|
||||
%endif
|
||||
|
||||
%files vhost-user-gpu
|
||||
%defattr(-, root, root)
|
||||
%dir %_datadir/%name/vhost-user
|
||||
@ -2363,6 +2379,7 @@ fi
|
||||
%_bindir/qemu-pr-helper
|
||||
%_bindir/qemu-storage-daemon
|
||||
%_bindir/vmstate-static-checker.py
|
||||
%_bindir/vmxcap
|
||||
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
|
||||
%_libexecdir/virtfs-proxy-helper
|
||||
%_libexecdir/virtiofsd
|
||||
|
@ -1049,8 +1049,10 @@ else # not LATEST
|
||||
bundle2local &> ~/pkg2git.log
|
||||
echo "SUCCESS"
|
||||
echo "To modify package patches, use the frombundle branch as the basis for updating"
|
||||
echo "the $GIT_BRANCH branch with the new patch queue."
|
||||
echo "Then export the changes back to the package using update_git.sh git2pkg"
|
||||
echo "the $GIT_BRANCH branch with the new patch queue, e.g., like this:"
|
||||
echo " git checkout -f --recurse-submodules -B $GIT_BRANCH frombundle"
|
||||
echo "Then make your changes and, when done, export them back to the package with:"
|
||||
echo " bash ./update_git.sh git2pkg"
|
||||
;;
|
||||
refresh )
|
||||
echo "Updating the spec file and patches from the spec file template and the bundle"
|
||||
|
101
virtiofsd-Drop-membership-of-all-supplem.patch
Normal file
101
virtiofsd-Drop-membership-of-all-supplem.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From: Vivek Goyal <vgoyal@redhat.com>
|
||||
Date: Tue, 25 Jan 2022 13:51:14 -0500
|
||||
Subject: virtiofsd: Drop membership of all supplementary groups
|
||||
(CVE-2022-0358)
|
||||
|
||||
Git-commit: 449e8171f96a6a944d1f3b7d3627ae059eae21ca
|
||||
References: bsc#1195161
|
||||
|
||||
At the start, drop membership of all supplementary groups. This is
|
||||
not required.
|
||||
|
||||
If we have membership of "root" supplementary group and when we switch
|
||||
uid/gid using setresuid/setsgid, we still retain membership of existing
|
||||
supplemntary groups. And that can allow some operations which are not
|
||||
normally allowed.
|
||||
|
||||
For example, if root in guest creates a dir as follows.
|
||||
|
||||
$ mkdir -m 03777 test_dir
|
||||
|
||||
This sets SGID on dir as well as allows unprivileged users to write into
|
||||
this dir.
|
||||
|
||||
And now as unprivileged user open file as follows.
|
||||
|
||||
$ su test
|
||||
$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);
|
||||
|
||||
This will create SGID set executable in test_dir/.
|
||||
|
||||
And that's a problem because now an unpriviliged user can execute it,
|
||||
get egid=0 and get access to resources owned by "root" group. This is
|
||||
privilege escalation.
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
|
||||
Fixes: CVE-2022-0358
|
||||
Reported-by: JIETAO XIAO <shawtao1125@gmail.com>
|
||||
Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
|
||||
Message-Id: <YfBGoriS38eBQrAb@redhat.com>
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
dgilbert: Fixed missing {}'s style nit
|
||||
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
|
||||
---
|
||||
tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++
|
||||
1 file changed, 27 insertions(+)
|
||||
|
||||
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
|
||||
index 64b5b4fbb18670075eedd1f3d158..b3d0674f6d2f267664d1c4558856 100644
|
||||
--- a/tools/virtiofsd/passthrough_ll.c
|
||||
+++ b/tools/virtiofsd/passthrough_ll.c
|
||||
@@ -54,6 +54,7 @@
|
||||
#include <sys/wait.h>
|
||||
#include <sys/xattr.h>
|
||||
#include <syslog.h>
|
||||
+#include <grp.h>
|
||||
|
||||
#include "qemu/cutils.h"
|
||||
#include "passthrough_helpers.h"
|
||||
@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
|
||||
#define OURSYS_setresuid SYS_setresuid
|
||||
#endif
|
||||
|
||||
+static void drop_supplementary_groups(void)
|
||||
+{
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = getgroups(0, NULL);
|
||||
+ if (ret == -1) {
|
||||
+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n",
|
||||
+ errno, strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ if (!ret) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* Drop all supplementary groups. We should not need it */
|
||||
+ ret = setgroups(0, NULL);
|
||||
+ if (ret == -1) {
|
||||
+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n",
|
||||
+ errno, strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Change to uid/gid of caller so that file is created with
|
||||
* ownership of caller.
|
||||
@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[])
|
||||
|
||||
qemu_init_exec_dir(argv[0]);
|
||||
|
||||
+ drop_supplementary_groups();
|
||||
+
|
||||
pthread_mutex_init(&lo.mutex, NULL);
|
||||
lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
|
||||
lo.root.fd = -1;
|
Loading…
Reference in New Issue
Block a user