diff options
| author | Sam Mulvey | 2022-02-06 06:10:33 -0800 |
|---|---|---|
| committer | Sam Mulvey | 2022-02-06 06:10:33 -0800 |
| commit | 7fc682c016914818a945d55b65a853495e9092b9 (patch) | |
| tree | 43e290f7d48e3fd75dfe2395cc56dbb74f38d2af | |
| parent | 6550c149e0cc1a7315d7b7f4db060b849e4912a8 (diff) | |
| download | aur-7fc682c016914818a945d55b65a853495e9092b9.tar.gz | |
security patches, stubdom and qemu now split packages
| -rw-r--r-- | .SRCINFO | 19 | ||||
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | PKGBUILD | 67 |
3 files changed, 80 insertions, 11 deletions
@@ -1,9 +1,7 @@ -# Generated by makepkg 6.0.1 -# Tue Dec 28 17:42:24 UTC 2021 pkgbase = xen pkgdesc = Open-source type-1 or baremetal hypervisor pkgver = 4.16.0 - pkgrel = 1 + pkgrel = 2 url = https://xenproject.org/ arch = x86_64 license = GPL2 @@ -40,8 +38,12 @@ pkgbase = xen makedepends = flex makedepends = pixman makedepends = ocaml + makedepends = ocaml-findlib makedepends = fig2dev makedepends = ninja + noextract = xsa393.patch + noextract = xsa394.patch + noextract = xsa395.patch options = !buildflags source = https://downloads.xenproject.org/release/xen/4.16.0/xen-4.16.0.tar.gz source = https://downloads.xenproject.org/release/xen/4.16.0/xen-4.16.0.tar.gz.sig @@ -51,6 +53,9 @@ pkgbase = xen source = xen-ucode-extract.sh source = xen-intel-ucode.hook source = xen-amd-ucode.hook + source = https://xenbits.xen.org/xsa/xsa393.patch + source = https://xenbits.xen.org/xsa/xsa394.patch + source = https://xenbits.xen.org/xsa/xsa395.patch validpgpkeys = 23E3222C145F4475FA8060A783FE14C957E82BD9 sha512sums = 2869ed90d1779c9754d7f2397f5fc67a655304d9c32953ac20655ef96cb154521d8fce9f23915ac0c91f984dc54f72c67e5e619e2da318b5997748f44cf21b87 sha512sums = SKIP @@ -60,6 +65,9 @@ pkgbase = xen sha512sums = a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6 sha512sums = 7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd sha512sums = 99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9 + sha512sums = 32efed25f988579be8266a6bc80ed7c09c408519c6b6c5264b7e032849e3accc7ddea19c5879c06d7e7b27308d06e114f6e3ca4f814d53b9be9d239fb09c71f1 + sha512sums = a0afa766e492a4dc921cd5c4c43c9ecbe87f79c07986504c8626ab7f06736147bdfa4637ea4c4abf17b9f1df31056bbcbb6c51a52e244e57467564c8ea06a52e + sha512sums = 0aafb55b88a7feefeb0162b2722efc8ad43edcdfc7926492e1d49945eafb8dda900f7da37b2d49fd4dbc2d0c9a068ad6e47674a6df108a58842275695ed73540 pkgname = xen pkgdesc = Open-source type-1 or baremetal hypervisor @@ -103,3 +111,8 @@ pkgname = xen pkgname = xen-docs pkgdesc = Xen hypervisor documentation and man pages arch = any + +pkgname = xen-qemu-builtin + pkgdesc = Xen hypervisor QEMU components + arch = x86_64 + depends = xen diff --git a/ChangeLog b/ChangeLog index f06469863499..a70d703d6137 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2022-02-06 + * 4.16.0-2 + * security patches + * qemu and stubdom now generate split packages + 2021-12-28 Sam Mulvey * 4.16.0-1 * simple bump @@ -22,21 +22,21 @@ _zlib=1.2.3 pkgbase=xen pkgname=("xen" "xen-docs") pkgver=4.16.0 -pkgrel=1 +pkgrel=2 pkgdesc='Open-source type-1 or baremetal hypervisor' arch=('x86_64') url='https://xenproject.org/' license=('GPL2') options=(!buildflags) -# Original depends line makedepends=( 'zlib' 'python' 'ncurses' 'openssl' 'libx11' 'libuuid.so' 'yajl' 'libaio' 'glib2' 'pkgconf' 'bridge-utils' 'iproute2' 'inetutils' 'acpica' 'lib32-glibc' 'gnutls' 'vde2' 'lzo' 'pciutils' 'sdl2' 'systemd-libs' + 'systemd' 'wget' 'pandoc' 'valgrind' 'git' 'bin86' 'dev86' 'bison' 'gettext' 'flex' 'pixman' 'ocaml' 'ocaml-findlib' 'fig2dev' ) # last line from namcap, these depends are the xen depends -# Actual makedepends. -makedepends+=('systemd' 'wget' 'pandoc' 'valgrind' 'git' 'bin86' 'dev86' 'bison' 'gettext' 'flex' 'pixman' 'ocaml' 'fig2dev') +_stubdom_makedepends=('cmake') +_qemu_makedepends=('ninja') _source=( "https://downloads.xenproject.org/release/xen/$pkgver/$pkgname-$pkgver.tar.gz"{,.sig} @@ -54,6 +54,10 @@ validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree cod # Follow the Xen securite mailing lists, and if a patch is applicable to our package # add the URL here. _patches=( + "https://xenbits.xen.org/xsa/xsa393.patch" + "https://xenbits.xen.org/xsa/xsa394.patch" + "https://xenbits.xen.org/xsa/xsa395.patch" + ) @@ -84,6 +88,9 @@ _sha512sums=( _patch_sums=( + "32efed25f988579be8266a6bc80ed7c09c408519c6b6c5264b7e032849e3accc7ddea19c5879c06d7e7b27308d06e114f6e3ca4f814d53b9be9d239fb09c71f1" # xsa393.patch + "a0afa766e492a4dc921cd5c4c43c9ecbe87f79c07986504c8626ab7f06736147bdfa4637ea4c4abf17b9f1df31056bbcbb6c51a52e244e57467564c8ea06a52e" # xsa394.patch + "0aafb55b88a7feefeb0162b2722efc8ad43edcdfc7926492e1d49945eafb8dda900f7da37b2d49fd4dbc2d0c9a068ad6e47674a6df108a58842275695ed73540" # xsa395.patch ) @@ -98,7 +105,6 @@ _stub_sums=( "021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e" # zlib-1.2.3.tar.gz ) - # Simplify things for makepkg source=( "${_source[@]}" "${_patches[@]}" ) sha512sums=( "${_sha512sums[@]}" "${_patch_sums[@]}" ) @@ -115,13 +121,17 @@ if [ "${_build_stubdom}" == "true" ]; then sha512sums=("${sha512sums[@]}" "${_stub_sums[@]}") # Add in automagic dependency in order to build vtpm and vtpmmgr stubdoms - makedepends+=('cmake') + makedepends=( "${makedepends[@]}" "${_stubdom_makedepends[@]}" ) for file in "${_stubdom_source[@]}"; do noextract+=( $(basename ${file}) ) done _config_stubdom='--enable-stubdom' + + # make sure to build the stubdom package + pkgname+=("xen-stubdom") + else _config_stubdom='--disable-stubdom' fi @@ -129,7 +139,8 @@ fi if [ "${_build_qemu}" == "true" ]; then _config_qemu="" # qemu needs ninja to build as of 4.16.0 - makedepends+=('ninja') + makedepends=( "${makedepends[@]}" "${_qemu_makedepends[@]}" ) + pkgname+=("xen-qemu-builtin") else _config_qemu="--with-system-qemu=/usr/bin/qemu-system-x86_64" fi @@ -138,7 +149,7 @@ _common_make_flags=( "BOOT_DIR=${_boot_dir}" "EFI_DIR=${_efi_dir}" "EFI_MOUNTPOINT=${_efi_mountpoint}" - 'XEN_VENDORVERSION=arch' + "XEN_VENDORVERSION=-${pkgrel}-arch" ) # TODO: Setup users, dirs, etc. @@ -281,6 +292,26 @@ package_xen() { rm -r "${pkgdir}/usr/share/doc" rm -r "${pkgdir}/usr/share/man" + # remove potential stubdom files + rm -r "${pkgdir}/usr/lib/xen/boot" + + # remove qemu + rm -r "${pkgdir}/usr/share/qemu-xen" + rm -r \ + "${pkgdir}/usr/lib/xen/include/qemu-plugin.h" \ + "${pkgdir}/usr/lib/xen/bin/qemu-pr-helper" \ + "${pkgdir}/usr/lib/xen/bin/qemu-edid" \ + "${pkgdir}/usr/lib/xen/bin/elf2dmp" \ + "${pkgdir}/usr/lib/xen/bin/qemu-storage-daemon" \ + "${pkgdir}/usr/lib/xen/bin/qemu-nbd" \ + "${pkgdir}/usr/lib/xen/bin/qemu-io" \ + "${pkgdir}/usr/lib/xen/bin/qemu-img" \ + "${pkgdir}/usr/lib/xen/bin/qemu-system-i386" \ + "${pkgdir}/usr/lib/xen/libexec/virtiofsd" \ + "${pkgdir}/usr/lib/xen/libexec/qemu-bridge-helper" \ + "${pkgdir}/usr/lib/xen/libexec/virtfs-proxy-helper" + + } package_xen-docs() { @@ -289,3 +320,23 @@ package_xen-docs() { cd "${pkgbase}-${pkgver}" make "${_common_make_flags[@]}" DESTDIR="$pkgdir" install-docs } + + +package_xen-stubdom() { + pkgdesc="Xen hypervisor stubdom files" + arch=("x86_64") + depends=("xen") + + cd "${srcdir}/${pkgbase}-${pkgver}/stubdom" + make DESTDIR="${pkgdir}" install +} + +package_xen-qemu-builtin() { + pkgdesc="Xen hypervisor QEMU components" + arch=("x86_64") + depends=("xen") + + cd "${srcdir}/${pkgbase}-${pkgver}/tools/qemu-xen-build" + make DESTDIR="${pkgdir}" install +} + |