Accepting request 674747 from home:bfrogers:branches:Virtualization
AMD SEV related fix: bsc#1124842 and bsc#1102604 OBS-URL: https://build.opensuse.org/request/show/674747 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=454
This commit is contained in:
parent
0e4704d430
commit
367159087c
@ -1 +0,0 @@
|
||||
KERNEL=="sev", MODE="0660", GROUP="kvm"
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 11 15:41:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
- Remove 71-sev.rules, which modifies the default permissions of
|
||||
/dev/sev by adding the kvm group as reader/writer. Upstream
|
||||
decided to take a different approach for libvirt to manage SEV
|
||||
due to security concerns which I agree overrides the convenience
|
||||
of providing /dev/sev access to all the kvm group (bsc#1124842
|
||||
bsc#1102604)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 1 23:34:52 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
|
@ -118,7 +118,7 @@ Source: https://wiki.qemu.org/download/%{srcname}-%{srcver}.tar.xz
|
||||
Source99: https://wiki.qemu.org/download/%{srcname}-%{srcver}.tar.xz.sig
|
||||
Source100: %{srcname}.keyring
|
||||
Source1: 80-kvm.rules
|
||||
Source2: 71-sev.rules
|
||||
Source2: kvm.conf
|
||||
Source3: qemu-ifup
|
||||
Source4: bridge.conf
|
||||
Source5: qemu-kvm.1.gz
|
||||
@ -126,11 +126,10 @@ Source6: ksm.service
|
||||
Source7: qemu-ga@.service
|
||||
Source8: 80-qemu-ga.rules
|
||||
Source9: qemu-supportconfig
|
||||
Source10: kvm.conf
|
||||
Source10: supported.arm.txt
|
||||
Source11: supported.ppc.txt
|
||||
Source12: supported.x86.txt
|
||||
Source13: supported.s390.txt
|
||||
Source14: supported.arm.txt
|
||||
# this is to make lint happy
|
||||
Source300: qemu-rpmlintrc
|
||||
Source301: ipxe-stub-out-the-SAN-req-s-in-int13.patch
|
||||
@ -1360,10 +1359,10 @@ install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmsta
|
||||
mkdir -p %{buildroot}%_libexecdir/supportconfig/plugins
|
||||
install -D -m 0755 %{SOURCE9} %{buildroot}%_libexecdir/supportconfig/plugins/%name
|
||||
%if 0%{?is_opensuse} == 0
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
|
||||
install -D -m 0644 %{SOURCE12} %{buildroot}%_docdir/qemu-x86/supported.txt
|
||||
install -D -m 0644 %{SOURCE13} %{buildroot}%_docdir/qemu-s390/supported.txt
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
%endif
|
||||
%if %{legacy_qemu_kvm}
|
||||
cat > %{buildroot}%_bindir/qemu-kvm << 'EOF'
|
||||
@ -1387,9 +1386,6 @@ ln -s ../qemu-x86/supported.txt %{buildroot}%_docdir/qemu-kvm/kvm-supported.txt
|
||||
%endif
|
||||
%endif
|
||||
%if %{kvm_available}
|
||||
%ifarch %ix86 x86_64
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_udevrulesdir}/71-sev.rules
|
||||
%endif
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules
|
||||
%endif
|
||||
install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
|
||||
@ -1397,7 +1393,7 @@ install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
|
||||
install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service
|
||||
%endif
|
||||
%ifarch s390x
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_libexecdir/modules-load.d/kvm.conf
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%_libexecdir/modules-load.d/kvm.conf
|
||||
%endif
|
||||
%fdupes -s %{buildroot}
|
||||
|
||||
@ -1429,9 +1425,6 @@ if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then
|
||||
fi
|
||||
%endif
|
||||
%udev_rules_update
|
||||
%ifarch %ix86 x86_64
|
||||
%_bindir/udevadm trigger -y sev || :
|
||||
%endif
|
||||
%_bindir/udevadm trigger -y kvm || :
|
||||
%ifarch s390x
|
||||
sysctl vm.allocate_pgste=1 || :
|
||||
@ -1508,9 +1501,6 @@ fi
|
||||
%dir %_libexecdir/supportconfig/plugins
|
||||
%_libexecdir/supportconfig/plugins/%name
|
||||
%if %{kvm_available}
|
||||
%ifarch %ix86 x86_64
|
||||
%{_udevrulesdir}/71-sev.rules
|
||||
%endif
|
||||
%{_udevrulesdir}/80-kvm.rules
|
||||
%ifarch s390x
|
||||
%_libexecdir/modules-load.d/kvm.conf
|
||||
|
10
qemu.changes
10
qemu.changes
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 11 15:41:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
- Remove 71-sev.rules, which modifies the default permissions of
|
||||
/dev/sev by adding the kvm group as reader/writer. Upstream
|
||||
decided to take a different approach for libvirt to manage SEV
|
||||
due to security concerns which I agree overrides the convenience
|
||||
of providing /dev/sev access to all the kvm group (bsc#1124842
|
||||
bsc#1102604)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 1 23:34:52 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
|
18
qemu.spec
18
qemu.spec
@ -118,7 +118,7 @@ Source: https://wiki.qemu.org/download/%{srcname}-%{srcver}.tar.xz
|
||||
Source99: https://wiki.qemu.org/download/%{srcname}-%{srcver}.tar.xz.sig
|
||||
Source100: %{srcname}.keyring
|
||||
Source1: 80-kvm.rules
|
||||
Source2: 71-sev.rules
|
||||
Source2: kvm.conf
|
||||
Source3: qemu-ifup
|
||||
Source4: bridge.conf
|
||||
Source5: qemu-kvm.1.gz
|
||||
@ -126,11 +126,10 @@ Source6: ksm.service
|
||||
Source7: qemu-ga@.service
|
||||
Source8: 80-qemu-ga.rules
|
||||
Source9: qemu-supportconfig
|
||||
Source10: kvm.conf
|
||||
Source10: supported.arm.txt
|
||||
Source11: supported.ppc.txt
|
||||
Source12: supported.x86.txt
|
||||
Source13: supported.s390.txt
|
||||
Source14: supported.arm.txt
|
||||
# this is to make lint happy
|
||||
Source300: qemu-rpmlintrc
|
||||
Source301: ipxe-stub-out-the-SAN-req-s-in-int13.patch
|
||||
@ -1360,10 +1359,10 @@ install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmsta
|
||||
mkdir -p %{buildroot}%_libexecdir/supportconfig/plugins
|
||||
install -D -m 0755 %{SOURCE9} %{buildroot}%_libexecdir/supportconfig/plugins/%name
|
||||
%if 0%{?is_opensuse} == 0
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
|
||||
install -D -m 0644 %{SOURCE12} %{buildroot}%_docdir/qemu-x86/supported.txt
|
||||
install -D -m 0644 %{SOURCE13} %{buildroot}%_docdir/qemu-s390/supported.txt
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
%endif
|
||||
%if %{legacy_qemu_kvm}
|
||||
cat > %{buildroot}%_bindir/qemu-kvm << 'EOF'
|
||||
@ -1387,9 +1386,6 @@ ln -s ../qemu-x86/supported.txt %{buildroot}%_docdir/qemu-kvm/kvm-supported.txt
|
||||
%endif
|
||||
%endif
|
||||
%if %{kvm_available}
|
||||
%ifarch %ix86 x86_64
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_udevrulesdir}/71-sev.rules
|
||||
%endif
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules
|
||||
%endif
|
||||
install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
|
||||
@ -1397,7 +1393,7 @@ install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
|
||||
install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service
|
||||
%endif
|
||||
%ifarch s390x
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_libexecdir/modules-load.d/kvm.conf
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%_libexecdir/modules-load.d/kvm.conf
|
||||
%endif
|
||||
%fdupes -s %{buildroot}
|
||||
|
||||
@ -1429,9 +1425,6 @@ if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then
|
||||
fi
|
||||
%endif
|
||||
%udev_rules_update
|
||||
%ifarch %ix86 x86_64
|
||||
%_bindir/udevadm trigger -y sev || :
|
||||
%endif
|
||||
%_bindir/udevadm trigger -y kvm || :
|
||||
%ifarch s390x
|
||||
sysctl vm.allocate_pgste=1 || :
|
||||
@ -1508,9 +1501,6 @@ fi
|
||||
%dir %_libexecdir/supportconfig/plugins
|
||||
%_libexecdir/supportconfig/plugins/%name
|
||||
%if %{kvm_available}
|
||||
%ifarch %ix86 x86_64
|
||||
%{_udevrulesdir}/71-sev.rules
|
||||
%endif
|
||||
%{_udevrulesdir}/80-kvm.rules
|
||||
%ifarch s390x
|
||||
%_libexecdir/modules-load.d/kvm.conf
|
||||
|
18
qemu.spec.in
18
qemu.spec.in
@ -115,7 +115,7 @@ Release: 0
|
||||
Source: https://wiki.qemu.org/download/%{srcname}-%{srcver}.tar.xz
|
||||
Source100: %{srcname}.keyring
|
||||
Source1: 80-kvm.rules
|
||||
Source2: 71-sev.rules
|
||||
Source2: kvm.conf
|
||||
Source3: qemu-ifup
|
||||
Source4: bridge.conf
|
||||
Source5: qemu-kvm.1.gz
|
||||
@ -123,11 +123,10 @@ Source6: ksm.service
|
||||
Source7: qemu-ga@.service
|
||||
Source8: 80-qemu-ga.rules
|
||||
Source9: qemu-supportconfig
|
||||
Source10: kvm.conf
|
||||
Source10: supported.arm.txt
|
||||
Source11: supported.ppc.txt
|
||||
Source12: supported.x86.txt
|
||||
Source13: supported.s390.txt
|
||||
Source14: supported.arm.txt
|
||||
# this is to make lint happy
|
||||
Source300: qemu-rpmlintrc
|
||||
Source301: ipxe-stub-out-the-SAN-req-s-in-int13.patch
|
||||
@ -1245,10 +1244,10 @@ install -D -m 0755 scripts/vmstate-static-checker.py %{buildroot}%_bindir/vmsta
|
||||
mkdir -p %{buildroot}%_libexecdir/supportconfig/plugins
|
||||
install -D -m 0755 %{SOURCE9} %{buildroot}%_libexecdir/supportconfig/plugins/%name
|
||||
%if 0%{?is_opensuse} == 0
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
install -D -m 0644 %{SOURCE11} %{buildroot}%_docdir/qemu-ppc/supported.txt
|
||||
install -D -m 0644 %{SOURCE12} %{buildroot}%_docdir/qemu-x86/supported.txt
|
||||
install -D -m 0644 %{SOURCE13} %{buildroot}%_docdir/qemu-s390/supported.txt
|
||||
install -D -m 0644 %{SOURCE14} %{buildroot}%_docdir/qemu-arm/supported.txt
|
||||
%endif
|
||||
%if %{legacy_qemu_kvm}
|
||||
cat > %{buildroot}%_bindir/qemu-kvm << 'EOF'
|
||||
@ -1272,9 +1271,6 @@ ln -s ../qemu-x86/supported.txt %{buildroot}%_docdir/qemu-kvm/kvm-supported.txt
|
||||
%endif
|
||||
%endif
|
||||
%if %{kvm_available}
|
||||
%ifarch %ix86 x86_64
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_udevrulesdir}/71-sev.rules
|
||||
%endif
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules
|
||||
%endif
|
||||
install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
|
||||
@ -1282,7 +1278,7 @@ install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
|
||||
install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service
|
||||
%endif
|
||||
%ifarch s390x
|
||||
install -D -m 0644 %{SOURCE10} %{buildroot}%_libexecdir/modules-load.d/kvm.conf
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%_libexecdir/modules-load.d/kvm.conf
|
||||
%endif
|
||||
%fdupes -s %{buildroot}
|
||||
|
||||
@ -1314,9 +1310,6 @@ if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then
|
||||
fi
|
||||
%endif
|
||||
%udev_rules_update
|
||||
%ifarch %ix86 x86_64
|
||||
%_bindir/udevadm trigger -y sev || :
|
||||
%endif
|
||||
%_bindir/udevadm trigger -y kvm || :
|
||||
%ifarch s390x
|
||||
sysctl vm.allocate_pgste=1 || :
|
||||
@ -1393,9 +1386,6 @@ fi
|
||||
%dir %_libexecdir/supportconfig/plugins
|
||||
%_libexecdir/supportconfig/plugins/%name
|
||||
%if %{kvm_available}
|
||||
%ifarch %ix86 x86_64
|
||||
%{_udevrulesdir}/71-sev.rules
|
||||
%endif
|
||||
%{_udevrulesdir}/80-kvm.rules
|
||||
%ifarch s390x
|
||||
%_libexecdir/modules-load.d/kvm.conf
|
||||
|
Loading…
Reference in New Issue
Block a user