SHA256
1
0
forked from pool/qemu

Accepting request 124357 from home:a_faerber:branches:Virtualization

- Set up bridge helper as a setuid executable

- Add patch for specifying --libexecdir
* Fixes having to specify the path to qemu-bridge-helper manually
- Drop superfluous `make qemu-img`
- Move qemu-bridge-helper to its own subpackage, to share with KVM

OBS-URL: https://build.opensuse.org/request/show/124357
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=78
This commit is contained in:
Andreas Färber 2012-06-10 12:13:56 +00:00 committed by Git OBS Bridge
parent 21ae6cff90
commit 771ce6e1b1
8 changed files with 231 additions and 12 deletions

View File

@ -0,0 +1,83 @@
From 57fd4d50146ef90693d569ee799f7e9e9d606e05 Mon Sep 17 00:00:00 2001
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Thu, 7 Jun 2012 01:11:00 +0400
Subject: [PATCH] use --libexecdir instead of ignoring it first and
reinventing it later
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 7b93fadf3a38d1ed65ea5536a52efc2772c6e3b8 "Add basic version
of bridge helper" put the bridge helper executable into a fixed
${prefix}/libexec/ location, instead of using ${libexecdir} for
this. At the same time, --libexecdir is being happily ignored
by ./configure. Even more, the same patch sets unused $libexecdir
variable in the generated config-host.mak, and uses fixed string
(\${prefix}/libexecdir) for the bridge helper binary.
Fix this braindamage by introducing $libexecdir variable, using
it for the bridge helper binary, and recognizing --libexecdir.
This patch is applicable to stable-1.1.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
configure | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/configure b/configure
index de92ac2..850821b 100755
--- a/configure
+++ b/configure
@@ -159,6 +159,7 @@ datadir="\${prefix}/share"
qemu_docdir="\${prefix}/share/doc/qemu"
bindir="\${prefix}/bin"
libdir="\${prefix}/lib"
+libexecdir="\${prefix}/libexec"
includedir="\${prefix}/include"
sysconfdir="\${prefix}/etc"
confsuffix="/qemu"
@@ -587,6 +588,8 @@ for opt do
;;
--libdir=*) libdir="$optarg"
;;
+ --libexecdir=*) libexecdir="$optarg"
+ ;;
--includedir=*) includedir="$optarg"
;;
--datadir=*) datadir="$optarg"
@@ -597,7 +600,7 @@ for opt do
;;
--sysconfdir=*) sysconfdir="$optarg"
;;
- --sbindir=*|--libexecdir=*|--sharedstatedir=*|--localstatedir=*|\
+ --sbindir=*|--sharedstatedir=*|--localstatedir=*|\
--oldincludedir=*|--datarootdir=*|--infodir=*|--localedir=*|\
--htmldir=*|--dvidir=*|--pdfdir=*|--psdir=*)
# These switches are silently ignored, for compatibility with
@@ -2945,6 +2948,7 @@ echo "Install prefix $prefix"
echo "BIOS directory `eval echo $qemu_datadir`"
echo "binary directory `eval echo $bindir`"
echo "library directory `eval echo $libdir`"
+echo "libexec directory `eval echo $libexecdir`"
echo "include directory `eval echo $includedir`"
echo "config directory `eval echo $sysconfdir`"
if test "$mingw32" = "no" ; then
@@ -3048,14 +3052,14 @@ echo all: >> $config_host_mak
echo "prefix=$prefix" >> $config_host_mak
echo "bindir=$bindir" >> $config_host_mak
echo "libdir=$libdir" >> $config_host_mak
+echo "libexecdir=$libexecdir" >> $config_host_mak
echo "includedir=$includedir" >> $config_host_mak
echo "mandir=$mandir" >> $config_host_mak
echo "sysconfdir=$sysconfdir" >> $config_host_mak
echo "qemu_confdir=$qemu_confdir" >> $config_host_mak
echo "qemu_datadir=$qemu_datadir" >> $config_host_mak
echo "qemu_docdir=$qemu_docdir" >> $config_host_mak
-echo "libexecdir=\${prefix}/libexec" >> $config_host_mak
-echo "CONFIG_QEMU_HELPERDIR=\"$prefix/libexec\"" >> $config_host_mak
+echo "CONFIG_QEMU_HELPERDIR=\"$libexecdir\"" >> $config_host_mak
echo "ARCH=$ARCH" >> $config_host_mak
if test "$debug_tcg" = "yes" ; then

11
bridge.conf Normal file
View File

@ -0,0 +1,11 @@
# Access control file for qemu bridge helper
# Syntax consists of:
# # comment (ignored)
# allow all
# allow <bridge_name>
# deny all
# deny <bridge_name>
# include /path/to/additional/ACL/file
# Users are blacklisted by default and 'deny' takes precedence over 'allow'.
# Including additional ACL files allows file access permissions to be used as
# a component of the policy to allow access or deny access to specific bridges.

5
qemu Normal file
View File

@ -0,0 +1,5 @@
# /etc/permissions.d/qemu
# qemu / kvm (bnc#765948)
/usr/lib/qemu-bridge-helper root:root 4755
/usr/lib64/qemu-bridge-helper root:root 4755

4
qemu-tools-rpmlintrc Normal file
View File

@ -0,0 +1,4 @@
# This line is mandatory to access the configuration functions
from Config import *
setBadness('permissions-unauthorized-file', 0)

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Sat Jun 9 19:09:39 UTC 2012 - brogers@suse.com
- Set up bridge helper as a setuid executable
-------------------------------------------------------------------
Sat Jun 9 12:17:45 UTC 2012 - afaerber@suse.de
- Add patch for specifying --libexecdir
* Fixes having to specify the path to qemu-bridge-helper manually
- Drop superfluous `make qemu-img`
- Move qemu-bridge-helper to its own subpackage, to share with KVM
-------------------------------------------------------------------
Tue Jun 5 13:25:43 UTC 2012 - afaerber@suse.de

5
qemu.paranoid Normal file
View File

@ -0,0 +1,5 @@
# /etc/permissions.d/qemu.paranoid
# qemu / kvm (bnc#765948)
/usr/lib/qemu-bridge-helper root:root 0755
/usr/lib64/qemu-bridge-helper root:root 0755

View File

@ -45,8 +45,13 @@ Patch0018: 0018-linux-user-binfmt-support-host-bina.patch
Patch0019: 0019-linux-user-ARM-Ignore-immediate-val.patch
Patch0020: 0020-linux-user-arm-no-tb_flush-on-reset.patch
Patch0021: 0021-linux-user-fix-multi-threaded-proc-.patch
Patch0022: 0022-use-libexecdir-instead-of-ignoring-.patch
# this is to make lint happy
Source300: rpmlintrc
Source301: qemu-tools-rpmlintrc
Source302: bridge.conf
Source303: qemu
Source304: qemu.paranoid
Source400: update_git.sh
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: SDL-devel
@ -86,7 +91,11 @@ BuildRequires: spice-protocol-devel
BuildRequires: fdupes
BuildRequires: glib2-devel
BuildRequires: libvdeplug3-devel
BuildRequires: pwdutils
BuildRequires: python
Requires: /usr/sbin/groupadd
Requires: pwdutils
Requires: qemu-tools
Requires: timezone
Requires: virt-utils
@ -97,6 +106,21 @@ binaries for different architectures under your native operating
system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well
as PC and PowerMac systems.
%package tools
Summary: Universal CPU emulator -- Tools
Group: System/Emulators/PC
Provides: qemu:%_libexecdir/qemu-bridge-helper
Requires: permissions
%description tools
QEMU is an extremely well-performing CPU emulator that allows you to
choose between simulating an entire system and running userspace
binaries for different architectures under your native operating
system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well
as PC and PowerMac systems.
This sub-package contains various tools, including a bridge helper.
%package linux-user
Summary: Universal CPU emulator -- Linux User binaries
Group: System/Emulators/PC
@ -109,9 +133,9 @@ binaries for different architectures under your native operating
system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well
as PC and PowerMac systems.
This sub package contains static linked binaries for runnign linux-user
This sub-package contains statically linked binaries for running linux-user
emulations. This can be used together with the OBS build script to
run cross architectures builds
run cross-architecture builds.
%prep
%setup -q
@ -136,12 +160,14 @@ run cross architectures builds
%patch0019 -p1
%patch0020 -p1
%patch0021 -p1
%patch0022 -p1
%build
# build QEMU
mkdir -p dynamic
# build qemu-system
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
--libexecdir=%_libexecdir \
--audio-card-list="ac97 es1370 sb16 cs4231a adlib gus" \
--audio-drv-list="alsa sdl" --enable-mixemu --enable-vde \
--enable-curl \
@ -156,11 +182,11 @@ mkdir -p dynamic
--disable-spice
%endif
make %{?jobs:-j%jobs} V=1
make qemu-img V=1
mv *-softmmu/qemu-system-* qemu-io qemu-bridge-helper dynamic || true
make clean
# build userland emus
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
--libexecdir=%_libexecdir \
--enable-linux-user \
--disable-system \
--static --disable-linux-aio \
@ -172,7 +198,7 @@ sed -i "s/-lglib-2.0/-lglib-2.0 -lrt/" config-host.mak
make %{?jobs:-j%jobs} V=1
%install
make install DESTDIR=$RPM_BUILD_ROOT libexecdir=%_libexecdir
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT/%_mandir/man1/qemu-img.1
rm -f $RPM_BUILD_ROOT/%_mandir/man8/qemu-nbd.8
rm -fr $RPM_BUILD_ROOT/%_datadir/doc
@ -182,6 +208,9 @@ install -d -m 755 $RPM_BUILD_ROOT/%_sbindir
install -m 755 scripts/qemu-binfmt-conf.sh $RPM_BUILD_ROOT/%_sbindir
install -d -m 755 $RPM_BUILD_ROOT/%_libexecdir
install -m 755 dynamic/qemu-bridge-helper $RPM_BUILD_ROOT/%_libexecdir
install -D -m 644 %{SOURCE302} $RPM_BUILD_ROOT/%{_sysconfdir}/qemu/bridge.conf
install -D -m 644 %{SOURCE303} %{buildroot}%{_sysconfdir}/permissions.d/qemu
install -D -m 644 %{SOURCE304} %{buildroot}%{_sysconfdir}/permissions.d/qemu.paranoid
%ifnarch %ix86 x86_64
ln -sf ../../../emul/ia32-linux $RPM_BUILD_ROOT/usr/share/qemu/qemu-i386
%endif
@ -193,12 +222,25 @@ mkdir -p $RPM_BUILD_ROOT/emul/ia32-linux
%clean
rm -rf ${RPM_BUILD_ROOT}
%pre
%{_bindir}/getent group kvm >/dev/null || %{_sbindir}/groupadd -r kvm 2>/dev/null
%{_bindir}/getent group qemu >/dev/null || %{_sbindir}/groupadd -r qemu 2>/dev/null
%{_bindir}/getent passwd qemu >/dev/null || \
%{_sbindir}/useradd -r -g qemu -G kvm -d / -s /sbin/nologin \
-c "qemu user" qemu
%if 0%{?suse_version} >= 1130
%post tools
%set_permissions %_libexecdir/qemu-bridge-helper
%verifyscript tools
%verify_permissions %_libexecdir/qemu-bridge-helper
%endif
%files
%defattr(-, root, root)
%doc COPYING COPYING.LIB Changelog README TODO VERSION qemu-doc.html qemu-tech.html
%_bindir/qemu-io
%_bindir/qemu-system-*
%_libexecdir/qemu-bridge-helper
%doc %_mandir/man[18]/qemu*.[18].gz
%_datadir/%name
%ifnarch %ix86 x86_64 ia64
@ -207,6 +249,14 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %_sysconfdir/%name
%config %_sysconfdir/%name/target-x86_64.conf
%files tools
%defattr(-, root, root)
%_bindir/qemu-io
%verify(not mode) %attr(4755, root, root) %_libexecdir/qemu-bridge-helper
%config %_sysconfdir/%name/bridge.conf
%config %attr(644,root,root) %_sysconfdir/permissions.d/qemu
%config %attr(644,root,root) %_sysconfdir/permissions.d/qemu.paranoid
%files linux-user
%defattr(-, root, root)
%_bindir/qemu-alpha

View File

@ -27,6 +27,10 @@ Source: %name-%version-1.tar.bz2
PATCH_FILES
# this is to make lint happy
Source300: rpmlintrc
Source301: qemu-tools-rpmlintrc
Source302: bridge.conf
Source303: qemu
Source304: qemu.paranoid
Source400: update_git.sh
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: SDL-devel
@ -66,9 +70,13 @@ BuildRequires: spice-protocol-devel
BuildRequires: fdupes
BuildRequires: glib2-devel
BuildRequires: libvdeplug3-devel
BuildRequires: pwdutils
BuildRequires: python
Requires: pwdutils
Requires: qemu-tools
Requires: timezone
Requires: virt-utils
Requires: /usr/sbin/groupadd
%description
QEMU is an extremely well-performing CPU emulator that allows you to
@ -77,6 +85,21 @@ binaries for different architectures under your native operating
system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well
as PC and PowerMac systems.
%package tools
Summary: Universal CPU emulator -- Tools
Group: System/Emulators/PC
Provides: qemu:%_libexecdir/qemu-bridge-helper
Requires: permissions
%description tools
QEMU is an extremely well-performing CPU emulator that allows you to
choose between simulating an entire system and running userspace
binaries for different architectures under your native operating
system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well
as PC and PowerMac systems.
This sub-package contains various tools, including a bridge helper.
%package linux-user
Summary: Universal CPU emulator -- Linux User binaries
Group: System/Emulators/PC
@ -89,9 +112,9 @@ binaries for different architectures under your native operating
system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well
as PC and PowerMac systems.
This sub package contains static linked binaries for runnign linux-user
This sub-package contains statically linked binaries for running linux-user
emulations. This can be used together with the OBS build script to
run cross architectures builds
run cross-architecture builds.
%prep
%setup -q
@ -102,6 +125,7 @@ PATCH_EXEC
mkdir -p dynamic
# build qemu-system
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
--libexecdir=%_libexecdir \
--audio-card-list="ac97 es1370 sb16 cs4231a adlib gus" \
--audio-drv-list="alsa sdl" --enable-mixemu --enable-vde \
--enable-curl \
@ -116,11 +140,11 @@ mkdir -p dynamic
--disable-spice
%endif
make %{?jobs:-j%jobs} V=1
make qemu-img V=1
mv *-softmmu/qemu-system-* qemu-io qemu-bridge-helper dynamic || true
make clean
# build userland emus
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
--libexecdir=%_libexecdir \
--enable-linux-user \
--disable-system \
--static --disable-linux-aio \
@ -132,7 +156,7 @@ sed -i "s/-lglib-2.0/-lglib-2.0 -lrt/" config-host.mak
make %{?jobs:-j%jobs} V=1
%install
make install DESTDIR=$RPM_BUILD_ROOT libexecdir=%_libexecdir
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT/%_mandir/man1/qemu-img.1
rm -f $RPM_BUILD_ROOT/%_mandir/man8/qemu-nbd.8
rm -fr $RPM_BUILD_ROOT/%_datadir/doc
@ -142,6 +166,9 @@ install -d -m 755 $RPM_BUILD_ROOT/%_sbindir
install -m 755 scripts/qemu-binfmt-conf.sh $RPM_BUILD_ROOT/%_sbindir
install -d -m 755 $RPM_BUILD_ROOT/%_libexecdir
install -m 755 dynamic/qemu-bridge-helper $RPM_BUILD_ROOT/%_libexecdir
install -D -m 644 %{SOURCE302} $RPM_BUILD_ROOT/%{_sysconfdir}/qemu/bridge.conf
install -D -m 644 %{SOURCE303} %{buildroot}%{_sysconfdir}/permissions.d/qemu
install -D -m 644 %{SOURCE304} %{buildroot}%{_sysconfdir}/permissions.d/qemu.paranoid
%ifnarch %ix86 x86_64
ln -sf ../../../emul/ia32-linux $RPM_BUILD_ROOT/usr/share/qemu/qemu-i386
%endif
@ -153,12 +180,25 @@ mkdir -p $RPM_BUILD_ROOT/emul/ia32-linux
%clean
rm -rf ${RPM_BUILD_ROOT}
%pre
%{_bindir}/getent group kvm >/dev/null || %{_sbindir}/groupadd -r kvm 2>/dev/null
%{_bindir}/getent group qemu >/dev/null || %{_sbindir}/groupadd -r qemu 2>/dev/null
%{_bindir}/getent passwd qemu >/dev/null || \
%{_sbindir}/useradd -r -g qemu -G kvm -d / -s /sbin/nologin \
-c "qemu user" qemu
%if 0%{?suse_version} >= 1130
%post tools
%set_permissions %_libexecdir/qemu-bridge-helper
%verifyscript tools
%verify_permissions %_libexecdir/qemu-bridge-helper
%endif
%files
%defattr(-, root, root)
%doc COPYING COPYING.LIB Changelog README TODO VERSION qemu-doc.html qemu-tech.html
%_bindir/qemu-io
%_bindir/qemu-system-*
%_libexecdir/qemu-bridge-helper
%doc %_mandir/man[18]/qemu*.[18].gz
%_datadir/%name
%ifnarch %ix86 x86_64 ia64
@ -167,6 +207,14 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %_sysconfdir/%name
%config %_sysconfdir/%name/target-x86_64.conf
%files tools
%defattr(-, root, root)
%_bindir/qemu-io
%verify(not mode) %attr(4755, root, root) %_libexecdir/qemu-bridge-helper
%config %_sysconfdir/%name/bridge.conf
%config %attr(644,root,root) %_sysconfdir/permissions.d/qemu
%config %attr(644,root,root) %_sysconfdir/permissions.d/qemu.paranoid
%files linux-user
%defattr(-, root, root)
%_bindir/qemu-alpha