diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:36 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:47 +0000 |
| commit | 36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2 (patch) | |
| tree | b3faaf573407b32aa645237a4d16b82778a39a92 /nixpkgs/pkgs/applications/virtualization/xen | |
| parent | 4e31070265257dc67d120c27e0f75c2344fdfa9a (diff) | |
| parent | abf060725d7614bd3b9f96764262dfbc2f9c2199 (diff) | |
| download | nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.gz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.bz2 nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.lz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.xz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.zst nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.zip | |
Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'
git-subtree-dir: nixpkgs git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199
Diffstat (limited to 'nixpkgs/pkgs/applications/virtualization/xen')
12 files changed, 2393 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch new file mode 100644 index 000000000000..53821c0d9c51 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch @@ -0,0 +1,16 @@ +tools/python/install-wrap script brakes shebangs patching, disable + +diff --git a/tools/Rules.mk b/tools/Rules.mk +index 87a56dc..a7da869 100644 +--- a/tools/Rules.mk ++++ b/tools/Rules.mk +@@ -90,8 +90,7 @@ CFLAGS += $(CFLAGS-y) + + CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) + +-INSTALL_PYTHON_PROG = \ +- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) ++INSTALL_PYTHON_PROG = $(INSTALL_PROG) + + %.opic: %.c + $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch new file mode 100644 index 000000000000..072338b87aba --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch @@ -0,0 +1,27 @@ +hack to make etherboot use prefetched ipxe + +diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile +index a0578d2..64428a0 100644 +--- a/tools/firmware/etherboot/Makefile ++++ b/tools/firmware/etherboot/Makefile +@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz + + D=ipxe + T=ipxe.tar.gz ++G=ipxe.git + + ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS))) + +@@ -36,9 +37,9 @@ $T: + fi + mv _$T $T + +-$D/src/arch/i386/Makefile: $T Config +- rm -rf $D +- gzip -dc $T | tar xf - ++$D/src/arch/i386/Makefile: $G Config ++ mkdir $D ++ cp -a $G/* $D + for i in $$(cat patches/series) ; do \ + patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \ + done diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch new file mode 100644 index 000000000000..339972a2cdeb --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch @@ -0,0 +1,19 @@ +diff -uNr a/src/Kconfig b/src/Kconfig +--- a/src/Kconfig 2015-08-31 10:15:13.231134858 +0200 ++++ b/src/Kconfig 2015-08-31 10:14:24.039180178 +0200 +@@ -144,13 +144,13 @@ + config ATA_DMA + depends on ATA + bool "ATA DMA" +- default n ++ default y + help + Detect and try to use ATA bus mastering DMA controllers. + config ATA_PIO32 + depends on ATA + bool "ATA 32bit PIO" +- default n ++ default y + help + Use 32bit PIO accesses on ATA (minor optimization on PCI transfers). + config AHCI diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch new file mode 100644 index 000000000000..67b7ac777b5d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch @@ -0,0 +1,104 @@ +From bd71555985efc423b1a119b6a3177de855763453 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:26:30 +0100 +Subject: [PATCH] libxl: Spice image compression setting support for upstream + qemu + +Usage: +spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off] + +Specifies what image compression is to be used by spice (if given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 6 ++++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 24 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index e2f91fc..0c2cbac 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1427,6 +1427,12 @@ for redirection of up to 4 usb devices from spice client to domU's qemu. + It requires an usb controller and if not defined it will automatically adds + an usb2 controller. The default is disabled (0). + ++=item B<spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off]> ++ ++Specifies what image compression is to be used by spice (if given), otherwise ++the qemu default will be used. Please see documentations of your current qemu ++version for details. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 0a123f1..b8e0b67 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -528,6 +528,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_USBREDIREDIRECTION 1 + + /* ++ * LIBXL_HAVE_SPICE_IMAGECOMPRESSION ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: image_compression. This value defines what Spice image compression ++ * is used. ++ * ++ * If this is not defined, the Spice image compression setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index c2b0487..40c8649 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -398,6 +398,10 @@ static char *dm_spice_options(libxl__gc *gc, + if (!libxl_defbool_val(spice->clipboard_sharing)) + opt = libxl__sprintf(gc, "%s,disable-copy-paste", opt); + ++ if (spice->image_compression) ++ opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, ++ spice->image_compression); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 1214d2e..052ded9 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -241,6 +241,7 @@ libxl_spice_info = Struct("spice_info", [ + ("vdagent", libxl_defbool), + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), ++ ("image_compression", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 0b02a6c..00aa69d 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1948,6 +1948,8 @@ skip_vfb: + &b_info->u.hvm.spice.clipboard_sharing, 0); + if (!xlu_cfg_get_long (config, "spiceusbredirection", &l, 0)) + b_info->u.hvm.spice.usbredirection = l; ++ xlu_cfg_replace_string (config, "spice_image_compression", ++ &b_info->u.hvm.spice.image_compression, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch new file mode 100644 index 000000000000..acf9cff99251 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch @@ -0,0 +1,104 @@ +From 296c7f3284efe655d95a8ae045a5dc1a20d6fff0 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:33:17 +0100 +Subject: [PATCH] libxl: Spice streaming video setting support for upstream + qemu + +Usage: +spice_streaming_video=[filter|all|off] + +Specifies what streaming video setting is to be used by spice (if +given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 5 +++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 23 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index 0c2cbac..408653f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1433,6 +1433,11 @@ Specifies what image compression is to be used by spice (if given), otherwise + the qemu default will be used. Please see documentations of your current qemu + version for details. + ++=item B<spice_streaming_video=[filter|all|off]> ++ ++Specifies what streaming video setting is to be used by spice (if given), ++otherwise the qemu default will be used. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index b8e0b67..c219f59 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -539,6 +539,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 + + /* ++ * LIBXL_HAVE_SPICE_STREAMINGVIDEO ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: streaming_video. This value defines what Spice streaming video setting ++ * is used. ++ * ++ * If this is not defined, the Spice streaming video setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_STREAMINGVIDEO 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 40c8649..d8d6f0c 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -402,6 +402,10 @@ static char *dm_spice_options(libxl__gc *gc, + opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, + spice->image_compression); + ++ if (spice->streaming_video) ++ opt = libxl__sprintf(gc, "%s,streaming-video=%s", opt, ++ spice->streaming_video); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 052ded9..02be466 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -242,6 +242,7 @@ libxl_spice_info = Struct("spice_info", [ + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), + ("image_compression", string), ++ ("streaming_video", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 00aa69d..b7eac29 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1950,6 +1950,8 @@ skip_vfb: + b_info->u.hvm.spice.usbredirection = l; + xlu_cfg_replace_string (config, "spice_image_compression", + &b_info->u.hvm.spice.image_compression, 0); ++ xlu_cfg_replace_string (config, "spice_streaming_video", ++ &b_info->u.hvm.spice.streaming_video, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch new file mode 100644 index 000000000000..1771b662bc3a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch @@ -0,0 +1,165 @@ +From 161212ef02312c0681d2d809c8ff1e1f0ea6f6f9 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Wed, 29 Apr 2015 11:20:28 +0200 +Subject: [PATCH] libxl: Add qxl vga interface support for upstream qemu + +Usage: +vga="qxl" + +Qxl vga support many resolutions that not supported by stdvga, +mainly the 16:9 ones and other high up to 2560x1600. +With QXL you can get improved performance and smooth video also +with high resolutions and high quality. +Require their drivers installed in the domU and spice used +otherwise act as a simple stdvga. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Signed-off-by: Zhou Peng <zpengxen@gmail.com> +Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> +Acked-by: George Dunlap <george.dunlap@eu.citrix.com> +--- + docs/man/xl.cfg.pod.5 | 10 +++++++++- + tools/libxl/libxl.h | 10 ++++++++++ + tools/libxl/libxl_create.c | 13 +++++++++++++ + tools/libxl/libxl_dm.c | 8 ++++++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 6 files changed, 43 insertions(+), 1 deletion(-) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index f936dfc..8e4154f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1360,6 +1360,9 @@ qemu-xen-traditional device-model, the amount of video RAM is fixed at 4 MB, + which is sufficient for 1024x768 at 32 bpp. For the upstream qemu-xen + device-model, the default and minimum is 8 MB. + ++For B<qxl> vga, the default is both default and minimal 128MB. ++If B<videoram> is set less than 128MB, an error will be triggered. ++ + =item B<stdvga=BOOLEAN> + + Select a standard VGA card with VBE (VESA BIOS Extensions) as the +@@ -1371,9 +1374,14 @@ This option is deprecated, use vga="stdvga" instead. + + =item B<vga="STRING"> + +-Selects the emulated video card (none|stdvga|cirrus). ++Selects the emulated video card (none|stdvga|cirrus|qxl). + The default is cirrus. + ++In general, QXL should work with the Spice remote display protocol ++for acceleration, and QXL driver is necessary in guest in this case. ++QXL can also work with the VNC protocol, but it will be like a standard ++VGA without acceleration. ++ + =item B<vnc=BOOLEAN> + + Allow access to the display via the VNC protocol. This enables the +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 44bd8e2..efc0617 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -535,6 +535,16 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_DOMINFO_OUTSTANDING_MEMKB 1 + + /* ++ * LIBXL_HAVE_QXL ++ * ++ * If defined, then the libxl_vga_interface_type will contain another value: ++ * "QXL". This value define if qxl vga is supported. ++ * ++ * If this is not defined, the qxl vga support is missed. ++ */ ++#define LIBXL_HAVE_QXL 1 ++ ++/* + * LIBXL_HAVE_SPICE_VDAGENT + * + * If defined, then the libxl_spice_info structure will contain a boolean type: +diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c +index e5a343f..188f7df 100644 +--- a/tools/libxl/libxl_create.c ++++ b/tools/libxl/libxl_create.c +@@ -248,6 +248,10 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ LOG(ERROR,"qemu upstream required for qxl vga"); ++ return ERROR_INVAL; ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 8 * 1024; +@@ -272,6 +276,15 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) { ++ b_info->video_memkb = (128 * 1024); ++ } else if (b_info->video_memkb < (128 * 1024)) { ++ LOG(ERROR, ++ "128 Mib videoram is the minimum for qxl default"); ++ return ERROR_INVAL; ++ } ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 16 * 1024; +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 30c1578..58c9b99 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -251,6 +251,8 @@ static char ** libxl__build_device_model_args_old(libxl__gc *gc, + case LIBXL_VGA_INTERFACE_TYPE_NONE: + flexarray_append_pair(dm_args, "-vga", "none"); + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ break; + } + + if (b_info->u.hvm.boot) { +@@ -625,6 +627,12 @@ static char ** libxl__build_device_model_args_new(libxl__gc *gc, + break; + case LIBXL_VGA_INTERFACE_TYPE_NONE: + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ /* QXL have 2 ram regions, ram and vram */ ++ flexarray_append_pair(dm_args, "-device", ++ GCSPRINTF("qxl-vga,vram_size_mb=%"PRIu64",ram_size_mb=%"PRIu64, ++ (b_info->video_memkb/2/1024), (b_info->video_memkb/2/1024) ) ); ++ break; + } + + if (b_info->u.hvm.boot) { +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 117b61d..023b21e 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -183,6 +183,7 @@ libxl_vga_interface_type = Enumeration("vga_interface_type", [ + (1, "CIRRUS"), + (2, "STD"), + (3, "NONE"), ++ (4, "QXL"), + ], init_val = "LIBXL_VGA_INTERFACE_TYPE_CIRRUS") + + libxl_vendor_device = Enumeration("vendor_device", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 648ca08..526a1f6 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -2115,6 +2115,8 @@ skip_vfb: + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_CIRRUS; + } else if (!strcmp(buf, "none")) { + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_NONE; ++ } else if (!strcmp(buf, "qxl")) { ++ b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_QXL; + } else { + fprintf(stderr, "Unknown vga \"%s\" specified\n", buf); + exit(1); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix new file mode 100644 index 000000000000..f3055fc79c35 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix @@ -0,0 +1,181 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib, glib, python2 +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib glib python2 + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.10.0"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "0i38ap5b5m1kix6xb0vn9ya1yab35adyc98bzfnbq4lb7w1afqh2"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + "qemu-xen" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen.git; + # rev = "refs/tags/qemu-xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "b79708a8ed1b3d18bee67baeaf33b3fa529493e2"; + sha256 = "1yxxad6nvlfmrbgyc8ix19qmrsn1rx4zpyiqnfi4x4kg94acwa5w"; + }; + patches = [ + qemuMemfdBuildFix + ]; + buildInputs = qemuDeps; + postPatch = '' + # needed in build but /usr/bin/env is not available in sandbox + substituteInPlace scripts/tracetool.py \ + --replace "/usr/bin/env python" "${python2}/bin/python" + ''; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + "qemu-xen-traditional" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen-traditional.git; + # rev = "refs/tags/xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "c8ea0457495342c417c3dc033bba25148b279f60"; + sha256 = "0v5nl3c08kpjg57fb8l191h1y57ykp786kz6l525jgplif28vx13"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/seabios.git; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/ovmf.git; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = https://git.ipxe.org/ipxe.git; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + "xen-libhvm-dir-remote" = { + src = fetchgit { + name = "xen-libhvm"; + url = https://github.com/michalpalka/xen-libhvm; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + XSA_252 + XSA_253 + XSA_255_1 + XSA_255_2 + XSA_256 + ]; + + # Fix build on Glibc 2.24. + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + # Makefile didn't include previous PKG_CONFIG_PATH so glib wasn't found + substituteInPlace tools/Makefile \ + --replace 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config' 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config:$(PKG_CONFIG_PATH)' + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.5.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.5.nix new file mode 100644 index 000000000000..64704f73e7b1 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.5.nix @@ -0,0 +1,261 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsaPatch = { name , sha256 }: (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa${name}.patch"; + inherit sha256; + }); + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib + ]; + + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; +in + +callPackage (import ./generic.nix (rec { + version = "4.5.5"; + + meta = { + knownVulnerabilities = [ "Security support ended in January 2018" ]; + }; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "1y74ms4yc3znf8jc3fgyq94va2y0pf7jh8m9pfqnpgklywqnw8g2"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + "qemu-xen" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen.git; + rev = "refs/tags/qemu-xen-${version}"; + sha256 = "014s755slmsc7xzy7qhk9i3kbjr2grxb5yznjp71dl6xxfvnday2"; + }; + buildInputs = qemuDeps; + patches = [ + (xsaPatch { + name = "197-4.5-qemuu"; + sha256 = "09gp980qdlfpfmxy0nk7ncyaa024jnrpzx9gpq2kah21xygy5myx"; + }) + (xsaPatch { + name = "208-qemuu-4.7"; + sha256 = "0z9b1whr8rp2riwq7wndzcnd7vw1ckwx0vbk098k2pcflrzppgrb"; + }) + (xsaPatch { + name = "209-qemuu/0001-display-cirrus-ignore-source-pitch-value-as-needed-i"; + sha256 = "1xvxzsrsq05fj6szjlpbgg4ia3cw54dn5g7xzq1n1dymbhv606m0"; + }) + (xsaPatch { + name = "209-qemuu/0002-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput"; + sha256 = "0avxqs9922qjfsxxlk7bh10432a526j2yyykhags8dk1bzxkpxwv"; + }) + (xsaPatch { + name = "211-qemuu-4.6"; + sha256 = "1g090xs8ca8676vyi78b99z5yjdliw6mxkr521b8kimhf8crx4yg"; + }) + (xsaPatch { + name = "216-qemuu-4.5"; + sha256 = "0nh5akbal93czia1gh1pzvwq7gc4zwiyr1hbyk1m6wwdmqv6ph61"; + }) + ]; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + "qemu-xen-traditional" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen-traditional.git; + rev = "refs/tags/xen-${version}"; + sha256 = "0n0ycxlf1wgdjkdl8l2w1i0zzssk55dfv67x8i6b2ima01r0k93r"; + }; + buildInputs = qemuDeps; + patches = [ + (xsaPatch { + name = "197-4.5-qemut"; + sha256 = "17l7npw00gyhqzzaqamwm9cawfvzm90zh6jjyy95dmqbh7smvy79"; + }) + (xsaPatch { + name = "199-trad"; + sha256 = "0dfw6ciycw9a9s97sbnilnzhipnzmdm9f7xcfngdjfic8cqdcv42"; + }) + (xsaPatch { + name = "208-qemut"; + sha256 = "0960vhchixp60j9h2lawgbgzf6mpcdk440kblk25a37bd6172l54"; + }) + (xsaPatch { + name = "209-qemut"; + sha256 = "1hq8ghfzw6c47pb5vf9ngxwgs8slhbbw6cq7gk0nam44rwvz743r"; + }) + (xsaPatch { + name = "211-qemut-4.5"; + sha256 = "1z3phabvqmxv4b5923fx63hwdg4v1fnl15zbl88873ybqn0hp50f"; + }) + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/seabios.git; + rev = "e51488c5f8800a52ac5c8da7a31b85cca5cc95d2"; + #rev = "rel-1.7.5"; + sha256 = "0jk54ybhmw97pzyhpm6jr2x99f702kbn0ipxv5qxcbynflgdazyb"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/ovmf.git; + rev = "cb9a7ebabcd6b8a49dc0854b2f9592d732b5afbd"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcq"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = https://git.ipxe.org/ipxe.git; + rev = "9a93db3f0947484e30e753bbd61a10b17336e20e"; + sha256 = "1ga3h1b34q0cl9azj7j9nswn7mfcs3cgfjdihrm5zkp2xw2hpvr6"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + "xen-libhvm-dir-remote" = { + src = fetchgit { + name = "xen-libhvm"; + url = https://github.com/ts468/xen-libhvm; + rev = "442dcc4f6f4e374a51e4613532468bd6b48bdf63"; + sha256 = "9ba97c39a00a54c154785716aa06691d312c99be498ebbc00dc3769968178ba8"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + ./0001-libxl-Spice-image-compression-setting-support-for-up.patch + ./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch + ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch + XSA_190 + XSA_191 + XSA_192 + XSA_193 + XSA_195 + XSA_196 + XSA_198 + XSA_200 + XSA_202_45 + XSA_204_45 + XSA_206_45 + XSA_207 + XSA_212 + XSA_213_45 + XSA_214 + XSA_215 + XSA_217_45 + XSA_218_45 + XSA_219_45 + XSA_220_45 + XSA_221 + XSA_222_45 + XSA_223 + XSA_224_45 + XSA_227_45 + XSA_230 + XSA_231_45 + XSA_232 + XSA_233 + XSA_234_45 + XSA_235_45 + XSA_236_45 + XSA_237_45 + XSA_238_45 + XSA_239_45 + XSA_240_45 + XSA_241 + XSA_242 + XSA_243_45 + XSA_244_45 + XSA_245 + XSA_246_45 + XSA_247_45 + XSA_248_45 + XSA_249 + XSA_250_45 + XSA_251_45 + ]; + + # Fix build on Glibc 2.24. + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_02; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix new file mode 100644 index 000000000000..2a59cd1f0615 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix @@ -0,0 +1,185 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + xenlockprofpatch = (fetchpatch { + name = "xenlockprof-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222"; + sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70"; + }); + + xenpmdpatch = (fetchpatch { + name = "xenpmd-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3"; + sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq"; + }); + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.8.3"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "0vhkpyy5x7kc36hnav95fn194ngsmc3m2xcc78vccs00gdf6m8q9"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + "qemu-xen" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen.git; + rev = "refs/tags/qemu-xen-${version}"; + sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4"; + }; + patches = [ + qemuMemfdBuildFix + ]; + buildInputs = qemuDeps; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + "qemu-xen-traditional" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/qemu-xen-traditional.git; + rev = "refs/tags/xen-${version}"; + sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/seabios.git; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = https://xenbits.xen.org/git-http/ovmf.git; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = https://git.ipxe.org/ipxe.git; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + "xen-libhvm-dir-remote" = { + src = fetchgit { + name = "xen-libhvm"; + url = https://github.com/michalpalka/xen-libhvm; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + # XSA_231 to XSA-251 are fixed in 4.8.3 (verified with git log) + XSA_252_49 + # 253: 4.8 not affected + # 254: no patch supplied by xen project (Meltdown/Spectre) + XSA_255_49_1 + XSA_255_49_2 + XSA_256_48 + xenlockprofpatch + xenpmdpatch + ]; + + # Fix build on Glibc 2.24. + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/generic.nix b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix new file mode 100644 index 000000000000..968d998792df --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix @@ -0,0 +1,239 @@ +config: +{ stdenv, cmake, pkgconfig, which + +# Xen +, bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib +, iasl, libaio, libiconv, libuuid, ncurses, openssl, perl +, python2Packages +# python2Packages.python +, xz, yajl, zlib + +# Xen Optional +, ocamlPackages + +# Scripts +, coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools +, iproute, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd +, lvm2, utillinux, procps, systemd + +# Documentation +# python2Packages.markdown +, transfig, ghostscript, texinfo, pandoc + +, ...} @ args: + +with stdenv.lib; + +let + #TODO: fix paths instead + scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [ + which perl + coreutils gawk gnused gnugrep diffutils utillinux multipath-tools + iproute inetutils iptables bridge-utils openvswitch nbd drbd + ]; + + withXenfiles = f: concatStringsSep "\n" (mapAttrsToList f config.xenfiles); + + withTools = a: f: withXenfiles (name: x: optionalString (hasAttr a x) '' + echo "processing ${name}" + __do() { + cd "tools/${name}" + ${f name x} + } + ( __do ) + ''); +in + +stdenv.mkDerivation (rec { + inherit (config) version; + + name = "xen-${version}"; + + dontUseCmakeConfigure = true; + + hardeningDisable = [ "stackprotector" "fortify" "pic" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + cmake which + + # Xen + bison bzip2 checkpolicy dev86 figlet flex gettext glib iasl libaio + libiconv libuuid ncurses openssl perl python2Packages.python xz yajl zlib + + # oxenstored + ocamlPackages.findlib ocamlPackages.ocaml systemd + + # Python fixes + python2Packages.wrapPython + + # Documentation + python2Packages.markdown transfig ghostscript texinfo pandoc + + # Others + ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles)) + ++ (config.buildInputs or []); + + prePatch = '' + ### Generic fixes + + # Xen's stubdoms, tools and firmwares need various sources that + # are usually fetched at build time using wget and git. We can't + # have that, so we prefetch them in nix-expression and setup + # fake wget and git for debugging purposes. + + mkdir fake-bin + + # Fake git: just print what it wants and die + cat > fake-bin/wget << EOF + #!/bin/sh -e + echo ===== FAKE WGET: Not fetching \$* + [ -e \$3 ] + EOF + + # Fake git: just print what it wants and die + cat > fake-bin/git << EOF + #!/bin/sh + echo ===== FAKE GIT: Not cloning \$* + [ -e \$3 ] + EOF + + chmod +x fake-bin/* + export PATH=$PATH:$PWD/fake-bin + + # Remove in-tree qemu stuff in case we build from a tar-ball + rm -rf tools/qemu-xen tools/qemu-xen-traditional + + # Fix shebangs, mainly for build-scipts + # We want to do this before getting prefetched stuff to speed things up + # (prefetched stuff has lots of files) + find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g' + find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \ + | xargs sed -i 's@/bin/bash@/bin/sh@g' + + # Get prefetched stuff + ${withXenfiles (name: x: '' + echo "${x.src} -> tools/${name}" + cp -r ${x.src} tools/${name} + chmod -R +w tools/${name} + '')} + ''; + + patches = [ ./0000-fix-ipxe-src.patch + ./0000-fix-install-python.patch ] + ++ (config.patches or []); + + postPatch = '' + ### Hacks + + # Work around a bug in our GCC wrapper: `gcc -MF foo -v' doesn't + # print the GCC version number properly. + substituteInPlace xen/Makefile \ + --replace '$(CC) $(CFLAGS) -v' '$(CC) -v' + + # Hack to get `gcc -m32' to work without having 32-bit Glibc headers. + mkdir -p tools/include/gnu + touch tools/include/gnu/stubs-32.h + + ### Fixing everything else + + substituteInPlace tools/libfsimage/common/fsimage_plugin.c \ + --replace /usr $out + + substituteInPlace tools/blktap2/lvm/lvm-util.c \ + --replace /usr/sbin/vgs ${lvm2}/bin/vgs \ + --replace /usr/sbin/lvs ${lvm2}/bin/lvs + + substituteInPlace tools/misc/xenpvnetboot \ + --replace /usr/sbin/mount ${utillinux}/bin/mount \ + --replace /usr/sbin/umount ${utillinux}/bin/umount + + substituteInPlace tools/xenmon/xenmon.py \ + --replace /usr/bin/pkill ${procps}/bin/pkill + + substituteInPlace tools/xenstat/Makefile \ + --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h + + ${optionalString (builtins.compareVersions config.version "4.8" >= 0) '' + substituteInPlace tools/hotplug/Linux/launch-xenstore.in \ + --replace /bin/mkdir mkdir + ''} + + ${optionalString (builtins.compareVersions config.version "4.6" < 0) '' + # TODO: use this as a template and support our own if-up scripts instead? + substituteInPlace tools/hotplug/Linux/xen-backend.rules.in \ + --replace "@XEN_SCRIPT_DIR@" $out/etc/xen/scripts + + # blktap is not provided by xen, but by xapi + sed -i '/blktap/d' tools/hotplug/Linux/xen-backend.rules.in + ''} + + ${withTools "patches" (name: x: '' + ${concatMapStringsSep "\n" (p: '' + echo "# Patching with ${p}" + patch -p1 < ${p} + '') x.patches} + '')} + + ${withTools "postPatch" (name: x: x.postPatch)} + + ${config.postPatch or ""} + ''; + + postConfigure = '' + substituteInPlace tools/hotplug/Linux/xendomains \ + --replace /bin/ls ls + ''; + + # TODO: Flask needs more testing before enabling it by default. + #makeFlags = "XSM_ENABLE=y FLASK_ENABLE=y PREFIX=$(out) CONFIG_DIR=/etc XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files "; + makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ] + ++ (config.makeFlags or []); + + buildFlags = "xen tools"; + + postBuild = '' + make -C docs man-pages + + ${withTools "buildPhase" (name: x: x.buildPhase)} + ''; + + installPhase = '' + mkdir -p $out $out/share $out/share/man + cp -prvd dist/install/nix/store/*/* $out/ + cp -prvd dist/install/boot $out/boot + cp -prvd dist/install/etc $out + cp -dR docs/man1 docs/man5 $out/share/man/ + + ${withTools "installPhase" (name: x: x.installPhase)} + + # Hack + substituteInPlace $out/etc/xen/scripts/hotplugpath.sh \ + --replace SBINDIR=\"$out/sbin\" SBINDIR=\"$out/bin\" + + wrapPythonPrograms + # We also need to wrap pygrub, which lies in lib + wrapPythonProgramsIn "$out/lib" "$out $pythonPath" + + shopt -s extglob + for i in $out/etc/xen/scripts/!(*.sh); do + sed -i "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i + done + ''; + + enableParallelBuilding = true; + + # TODO(@oxij): Stop referencing args here + meta = { + homepage = http://www.xen.org/; + description = "Xen hypervisor and related components" + + optionalString (args ? meta && args.meta ? description) + " (${args.meta.description})"; + longDescription = (args.meta.longDescription or "") + + "\nIncludes:\n" + + withXenfiles (name: x: ''* ${name}: ${x.meta.description or "(No description)"}.''); + platforms = [ "x86_64-linux" ]; + maintainers = with stdenv.lib.maintainers; [ eelco tstrobel oxij ]; + license = stdenv.lib.licenses.gpl2; + } // (config.meta or {}); +} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/packages.nix b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix new file mode 100644 index 000000000000..791a3b91818a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix @@ -0,0 +1,156 @@ +{ callPackage +, stdenv, overrideCC, gcc49 +}: + +# TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim +# light] for each ./<version>.nix. + +rec { + + xen_4_5-vanilla = callPackage ./4.5.nix { + # At the very least included seabios and etherboot need gcc49, + # so we have to build all of it with gcc49. + stdenv = overrideCC stdenv gcc49; + + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_5-slim = xen_4_5-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_5-light = xen_4_5-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen_4_8-vanilla = callPackage ./4.8.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_8-slim = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_8-light = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen_4_10-vanilla = callPackage ./4.10.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_10-slim = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_10-light = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen-vanilla = xen_4_8-vanilla; + xen-slim = xen_4_8-slim; + xen-light = xen_4_8-light; + +} diff --git a/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix new file mode 100644 index 000000000000..727546b69fb0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix @@ -0,0 +1,936 @@ +{ fetchpatch }: + +let + xsaPatch = { name , sha256 }: (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa${name}.patch"; + inherit sha256; + }); +in rec { + # 4.5 + XSA_190 = (xsaPatch { + name = "190-4.5"; + sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm"; + }); + + # 4.5 + XSA_191 = (xsaPatch { + name = "191-4.6"; + sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg"; + }); + + # 4.5 + XSA_192 = (xsaPatch { + name = "192-4.5"; + sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm"; + }); + + # 4.5 + XSA_193 = (xsaPatch { + name = "193-4.5"; + sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr"; + }); + + # 4.5 + XSA_195 = (xsaPatch { + name = "195"; + sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7"; + }); + + # 4.5 + XSA_196 = [ + (xsaPatch { + name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject"; + sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6"; + }) + (xsaPatch { + name = "196-0002-x86-svm-Fix-injection-of-software-interrupts"; + sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz"; + }) + ]; + + # 4.5 + XSA_198 = (xsaPatch { + name = "198"; + sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9"; + }); + + # 4.5 + XSA_200 = (xsaPatch { + name = "200-4.6"; + sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7"; + }); + + # 4.5 + XSA_202_45 = (xsaPatch { + name = "202-4.6"; + sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f"; + }); + + # 4.8 + XSA_202 = (xsaPatch { + name = "202"; + sha256 = "0j1d5akcjgx8w2c6w6p9znv77fkmps0880m2xgpbgs1ra9grshm1"; + }); + + # 4.8 + XSA_203 = (xsaPatch { + name = "203"; + sha256 = "1s1q7xskvpg87ivwfaiqr0cj3ajdkhkhpmpikfkvq127h8hhmd8j"; + }); + + # 4.5 + XSA_204_45 = (xsaPatch { + name = "204-4.5"; + sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp"; + }); + + # 4.8 + XSA_204 = (xsaPatch { + name = "204-4.8"; + sha256 = "0rs498s4w2alz3h6jhlr2y0ni630vhggmxbrd1p1p3gcv8p6zzrr"; + }); + + # 4.5 + XSA_206_45 = [ + (xsaPatch { + name = "206-4.5/0001-xenstored-apply-a-write-transaction-rate-limit"; + sha256 = "07vsm8mlbxh2s01ny2xywnm1bqhhxas1az31fzwb6f1g14vkzwm4"; + }) + (xsaPatch { + name = "206-4.5/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; + sha256 = "17pnvxjmhny22abwwivacfig4vfsy5bqlki07z236whc2y7yzbsx"; + }) + (xsaPatch { + name = "206-4.5/0003-oxenstored-refactor-putting-response-on-wire"; + sha256 = "0xf566yicnisliy82cydb2s9k27l3bxc43qgmv6yr2ir3ixxlw5s"; + }) + (xsaPatch { + name = "206-4.5/0004-oxenstored-remove-some-unused-parameters"; + sha256 = "16cqx9i0w4w3x06qqdk9rbw4z96yhm0kbc32j40spfgxl82d1zlk"; + }) + (xsaPatch { + name = "206-4.5/0005-oxenstored-refactor-request-processing"; + sha256 = "1g2hzlv7w03sqnifbzda85mwlz3bw37rk80l248180sv3k7k6bgv"; + }) + (xsaPatch { + name = "206-4.5/0006-oxenstored-keep-track-of-each-transaction-s-operatio"; + sha256 = "0n65yfxvpfd4cz95dpbwqj3nablyzq5g7a0klvi2y9zybhch9cmg"; + }) + (xsaPatch { + name = "206-4.5/0007-oxenstored-move-functions-that-process-simple-operat"; + sha256 = "0qllvbc9rnj7jhhlslxxs35gvphvih0ywz52jszj4irm23ka5vnz"; + }) + (xsaPatch { + name = "206-4.5/0008-oxenstored-replay-transaction-upon-conflict"; + sha256 = "0lixkxjfzciy9l0f980cmkr8mcsx14c289kg0mn5w1cscg0hb46g"; + }) + (xsaPatch { + name = "206-4.5/0009-oxenstored-log-request-and-response-during-transacti"; + sha256 = "09ph8ddcx0k7rndd6hx6kszxh3fhxnvdjsq13p97n996xrpl1x7b"; + }) + (xsaPatch { + name = "206-4.5/0010-oxenstored-allow-compilation-prior-to-OCaml-3.12.0"; + sha256 = "1y0m7sqdz89z2vs4dfr45cyvxxas323rxar0xdvvvivgkgxawvxj"; + }) + (xsaPatch { + name = "206-4.5/0011-oxenstored-comments-explaining-some-variables"; + sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; + }) + (xsaPatch { + name = "206-4.5/0012-oxenstored-handling-of-domain-conflict-credit"; + sha256 = "12zgid5y9vrhhpk2syxp0x01lzzr6447fa76n6rjmzi1xgdzpaf8"; + }) + (xsaPatch { + name = "206-4.5/0013-oxenstored-ignore-domains-with-no-conflict-credit"; + sha256 = "0v3g9pm60w6qi360hdqjcw838s0qcyywz9qpl8gzmhrg7a35avxl"; + }) + (xsaPatch { + name = "206-4.5/0014-oxenstored-add-transaction-info-relevant-to-history-"; + sha256 = "0vv3w0h5xh554i9v2vbc8gzm8wabjf2vzya3dyv5yzvly6ygv0sb"; + }) + (xsaPatch { + name = "206-4.5/0015-oxenstored-support-commit-history-tracking"; + sha256 = "1iv2vy29g437vj73x9p33rdcr5ln2q0kx1b3pgxq202ghbc1x1zj"; + }) + (xsaPatch { + name = "206-4.5/0016-oxenstored-only-record-operations-with-side-effects-"; + sha256 = "1cjkw5ganbg6lq78qsg0igjqvbgph3j349faxgk1p5d6nr492zzy"; + }) + (xsaPatch { + name = "206-4.5/0017-oxenstored-discard-old-commit-history-on-txn-end"; + sha256 = "0lm15lq77403qqwpwcqvxlzgirp6ffh301any9g401hs98f9y4ps"; + }) + (xsaPatch { + name = "206-4.5/0018-oxenstored-track-commit-history"; + sha256 = "1jh92p6vjhkm3bn5vz260npvsjji63g2imsxflxs4f3r69sz1nkd"; + }) + (xsaPatch { + name = "206-4.5/0019-oxenstored-blame-the-connection-that-caused-a-transa"; + sha256 = "17k264pk0fvsamj85578msgpx97mw63nmj0j9v5hbj4bgfazvj4h"; + }) + (xsaPatch { + name = "206-4.5/0020-oxenstored-allow-self-conflicts"; + sha256 = "15z3rd49q0pa72si0s8wjsy2zvbm613d0hjswp4ikc6nzsnsh4qy"; + }) + (xsaPatch { + name = "206-4.5/0021-oxenstored-do-not-commit-read-only-transactions"; + sha256 = "04wpzazhv90lg3228z5i6vnh1z4lzd08z0d0fvc4br6pkd0w4va8"; + }) + (xsaPatch { + name = "206-4.5/0022-oxenstored-don-t-wake-to-issue-no-conflict-credit"; + sha256 = "1shbrn0w68rlywcc633zcgykfccck1a77igmg8ydzwjsbwxsmsjy"; + }) + (xsaPatch { + name = "206-4.5/0023-oxenstored-transaction-conflicts-improve-logging"; + sha256 = "1086y268yh8047k1vxnxs2nhp6izp7lfmq01f1gq5n7jiy1sxcq7"; + }) + (xsaPatch { + name = "206-4.5/0024-oxenstored-trim-history-in-the-frequent_ops-function"; + sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; + }) + ]; + + # 4.8 + XSA_206 = [ + (xsaPatch { + name = "206-4.8/0001-xenstored-apply-a-write-transaction-rate-limit"; + sha256 = "1c81d93i3qx7l38f9af0sd84w5x51zvn262mzl25ilcklql4kzl6"; + }) + (xsaPatch { + name = "206-4.8/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; + sha256 = "0b8iw409wi1x6p0swpnr51lcdlla1lgxjv5f910sj4wl96bca84q"; + }) + (xsaPatch { + name = "206-4.8/0003-oxenstored-comments-explaining-some-variables"; + sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; + }) + (xsaPatch { + name = "206-4.8/0004-oxenstored-handling-of-domain-conflict-credit"; + sha256 = "020rw7hgc0dmhr4admz91kd99b4z1bdpji47nsy1255bjgvwc01k"; + }) + (xsaPatch { + name = "206-4.8/0005-oxenstored-ignore-domains-with-no-conflict-credit"; + sha256 = "1ilhcgyn803bxvfbqv0ihfrh9jfpp0lidkv7i4613f9v9vjm8q0h"; + }) + (xsaPatch { + name = "206-4.8/0006-oxenstored-add-transaction-info-relevant-to-history-"; + sha256 = "1dbd9pzda6hn9wj9pck44dlgz9nxvch3bzgrpaivanww8llxdfzz"; + }) + (xsaPatch { + name = "206-4.8/0007-oxenstored-support-commit-history-tracking"; + sha256 = "1jfr56c22fqkhj6fnv1ha7zsid86zm9l0nihpb8m932xgc4a6h9h"; + }) + (xsaPatch { + name = "206-4.8/0008-oxenstored-only-record-operations-with-side-effects-"; + sha256 = "1y845hj8krjdrirbd2jx4jqgnylwjv7bxnk7474lkld5kdnlbjyf"; + }) + (xsaPatch { + name = "206-4.8/0009-oxenstored-discard-old-commit-history-on-txn-end"; + sha256 = "1lcr9gz2b77x74sr1flfymyyz4xzs04iv88rc1633ibyqxmvk0lx"; + }) + (xsaPatch { + name = "206-4.8/0010-oxenstored-track-commit-history"; + sha256 = "1qwnivak4y038mpby75aaz0y70r0l3yc3hsz6wl5x0b74q6yy0ja"; + }) + (xsaPatch { + name = "206-4.8/0011-oxenstored-blame-the-connection-that-caused-a-transa"; + sha256 = "0p2w5ddyhc6d95dnlxzc5k77j063p02d53ab7m7ijfm7m6gknq8y"; + }) + (xsaPatch { + name = "206-4.8/0012-oxenstored-allow-self-conflicts"; + sha256 = "1571l81m30cbmqm4pk33q33p3dy58sfy2lnkl2wbgl2b3mkk657l"; + }) + (xsaPatch { + name = "206-4.8/0013-oxenstored-do-not-commit-read-only-transactions"; + sha256 = "15985wl635w22dddjyx5l97b5p6m55mzv5ygk7xr0jx7mi192f9x"; + }) + (xsaPatch { + name = "206-4.8/0014-oxenstored-don-t-wake-to-issue-no-conflict-credit"; + sha256 = "08672w4gaf2n3r8xy09h874gh5lg2vnrkjzq6xzvzdhdl092mipw"; + }) + (xsaPatch { + name = "206-4.8/0015-oxenstored-transaction-conflicts-improve-logging"; + sha256 = "0ck98ms0py8wjsc38pbx6222x7n6l90zckfa7m7nnszsyc0sxxad"; + }) + (xsaPatch { + name = "206-4.8/0016-oxenstored-trim-history-in-the-frequent_ops-function"; + sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; + }) + ]; + + # 4.5 - 4.8 + XSA_207 = (xsaPatch { + name = "207"; + sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc"; + }); + + # 4.8 + XSA_210 = (xsaPatch { + name = "210"; + sha256 = "02mykxqxnsrd0sr4ij022j8y7618wzi2a6j6j761vx8qgmh11xai"; + }); + + # 4.5 - 4.8 + XSA_212 = (xsaPatch { + name = "212"; + sha256 = "1ggjbbym5irq534a3zc86md9jg8imlpc9wx8xsadb9akgjrr1r8d"; + }); + + # 4.5 + XSA_213_45 = (xsaPatch { + name = "213-4.5"; + sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm"; + }); + + # 4.8 + XSA_213 = (xsaPatch { + name = "213-4.8"; + sha256 = "0ia3zr6r3bqy2h48fdy7p0iz423lniy3i0qkdvzgv5a8m80darr2"; + }); + + # 4.5 - 4.8 + XSA_214 = (xsaPatch { + name = "214"; + sha256 = "0qapzx63z0yl84phnpnglpkxp6b9sy1y7cilhwjhxyigpfnm2rrk"; + }); + + # 4.5 + XSA_215 = (xsaPatch { + name = "215"; + sha256 = "0sv8ccc5xp09f1w1gj5a9n3mlsdsh96sdb1n560vh31f4kkd61xs"; + }); + + # 4.5 + XSA_217_45 = (xsaPatch { + name = "217-4.5"; + sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4"; + }); + + # 4.6 - 4.8 + XSA_217 = (xsaPatch { + name = "217"; + sha256 = "1khs5ilif14dzcm7lmikjzkwsrfzlmir1rgrgzkc411gf18ylzmj"; + }); + + # 4.5 + XSA_218_45 = [ + (xsaPatch { + name = "218-4.5/0001-IOMMU-handle-IOMMU-mapping-and-unmapping-failures"; + sha256 = "00y6j3yjxw0igpldsavikmhlxw711k2jsj1qx0s05w2k608gadkq"; + }) + (xsaPatch { + name = "218-4.5/0002-gnttab-fix-unmap-pin-accounting-race"; + sha256 = "0qbbfnnjlpdcd29mzmacfmi859k92c213l91q7w1rg2k6pzx928k"; + }) + (xsaPatch { + name = "218-4.5/0003-gnttab-Avoid-potential-double-put-of-maptrack-entry"; + sha256 = "1cndzvyhf41mk4my6vh3bk9jvh2y4gpmqdhvl9zhxhmppszslqkc"; + }) + (xsaPatch { + name = "218-4.5/0004-gnttab-correct-maptrack-table-accesses"; + sha256 = "02zpb0ffigijacqvyyjylwx3qpgibwslrka7mbxwnclf4s9c03a2"; + }) + ]; + + # 4.8 + XSA_218 = [ + (xsaPatch { + name = "218-4.8/0001-gnttab-fix-unmap-pin-accounting-race"; + sha256 = "0r363frai239r2wmwxi48kcr50gbk5l64nja0h9lppi3z2y3dkdd"; + }) + (xsaPatch { + name = "218-4.8/0002-gnttab-Avoid-potential-double-put-of-maptrack-entry"; + sha256 = "07wm06i7frv7bsaykakx3g9h0hfqv96zcadvwf6wv194dggq1plc"; + }) + (xsaPatch { + name = "218-4.8/0003-gnttab-correct-maptrack-table-accesses"; + sha256 = "0ad0irc3p4dmla8sp3frxbh2qciji1dipkslh0xqvy2hyf9p80y9"; + }) + ]; + + # 4.5 + XSA_219_45 = (xsaPatch { + name = "219-4.5"; + sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm"; + }); + + # 4.8 + XSA_219 = (xsaPatch { + name = "219-4.8"; + sha256 = "16q7kiamy86x8qdvls74wmq5j72kgzgdilryig4q1b21mp0ij1jq"; + }); + + # 4.5 + XSA_220_45 = (xsaPatch { + name = "220-4.5"; + sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp"; + }); + + # 4.8 + XSA_220 = (xsaPatch { + name = "220-4.8"; + sha256 = "0214qyqx7qap5y1pdi9fm0vz4y2fbyg71gaq36fisknj35dv2mh5"; + }); + + # 4.5 - 4.8 + XSA_221 = (xsaPatch { + name = "221"; + sha256 = "1mcr1nqgxyjrkywdg7qhlfwgz7vj2if1dhic425vgd41p9cdgl26"; + }); + + # 4.5 + XSA_222_45 = [ + (xsaPatch { + name = "222-1-4.6"; + sha256 = "1g4dqm5qx4wqlv1520jpfiscph95vllcp4gqp1rdfailk8xi0mcf"; + }) + (xsaPatch { + name = "222-2-4.5"; + sha256 = "1hw8rhc7q4v309f4w11gxfsn5x1pirvxkg7s4kr711fnmvp9hkzd"; + }) + ]; + + # 4.8 + XSA_222 = [ + (xsaPatch { + name = "222-1"; + sha256 = "0x02x4kqwfw255638fh2zcxwig1dy6kadlmqim1jgnjgmrvvqas2"; + }) + (xsaPatch { + name = "222-2-4.8"; + sha256 = "1xhyp6q3c5l8djh965g1i8201m2wvhms8k886h4sn30hks38giin"; + }) + ]; + + # 4.5 - 4.8 + XSA_223 = (xsaPatch { + name = "223"; + sha256 = "0803gjgcbq9vaz2mq0v5finf1fq8iik1g4hqsjqhjxvspn8l70c5"; + }); + + # 4.5 + XSA_224_45 = [ + (xsaPatch { + name = "224-4.5/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; + sha256 = "1aislj66ss4cb3v2bh12mrqsyrf288d4h54rj94jjq7h1hnycw7h"; + }) + (xsaPatch { + name = "224-4.5/0002-gnttab-never-create-host-mapping-unless-asked-to"; + sha256 = "1j6fgm1ccb07gg0mi5qmdr0vqwwc3n12z433g1jrija2gbk1x8aq"; + }) + (xsaPatch { + name = "224-4.5/0003-gnttab-correct-logic-to-get-page-references-during-m"; + sha256 = "166kmicwx280fjqjvgigbmhabjksa0hhvqx5h4v6kjlcjpmxqy08"; + }) + (xsaPatch { + name = "224-4.5/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; + sha256 = "1skc0yj1zsn8xgyq1y57bdc0scvvlmd0ynrjwwf1zkias1wlilav"; + }) + ]; + + # 4.8 + XSA_224 = [ + (xsaPatch { + name = "224-4.8/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; + sha256 = "1k326yan5811qzyvpdfkv801a19nyd09nsqayi8gyh58xx9c21m4"; + }) + (xsaPatch { + name = "224-4.8/0002-gnttab-never-create-host-mapping-unless-asked-to"; + sha256 = "06nj1x59bbx9hrj26xmvbw8z805lfqhld9hm0ld0fs6dmcpqzcck"; + }) + (xsaPatch { + name = "224-4.8/0003-gnttab-correct-logic-to-get-page-references-during-m"; + sha256 = "0kmag6fdsskgplcvzqp341yfi6pgc14wvjj58bp7ydb9hdk53qx2"; + }) + (xsaPatch { + name = "224-4.8/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; + sha256 = "1ww80pi7jr4gjpymkcw8qxmr5as18b2asdqv35527nqprylsff9f"; + }) + ]; + + # 4.6 - 4.8 + XSA_225 = (xsaPatch { + name = "225"; + sha256 = "0lcp2bs0r849xnvhrdf8s821v36cqdbzk8lwz6chrjhjalk6ha2g"; + }); + + # 4.5 + XSA_226_45 = [ + (xsaPatch { + name = "226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; + sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; + }) + (xsaPatch { + name = "226-4.5/0002-gnttab-fix-transitive-grant-handling"; + sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; + }) + ]; + + # 4.8 - 4.9 + XSA_226 = [ + (xsaPatch { + name = "226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; + sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; + }) + (xsaPatch { + name = "226-4.9/0002-gnttab-fix-transitive-grant-handling"; + sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; + }) + ]; + + # 4.5 + XSA_227_45 = (xsaPatch { + name = "227-4.5"; + sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8"; + }); + + # 4.8 - 4.9 + XSA_227 = (xsaPatch { + name = "227"; + sha256 = "0zdcm43i5n08rh7rrnb0fcssvd4fgawwmizsa16w2ak7pzvgmg94"; + }); + + # 4.8 + XSA_228_48 = (xsaPatch { + name = "228-4.8"; + sha256 = "085pnzwyv0rdb51hv5vhbhwfyxl0wg8sxcm912gjq8z7da5cv10n"; + }); + + # 4.9 + XSA_228 = (xsaPatch { + name = "228"; + sha256 = "0c9nvfpnr5ira7ha3fszhvvh71nsxrvmzrab56xwjhl2dbw2yy23"; + }); + + # 4.5 - 4.9 + XSA_230 = (xsaPatch { + name = "230"; + sha256 = "10x0j7wmzkrwycs1ng89fgjzvzh8vsdd4c5nb68b3j1azdx4ld83"; + }); + + # 4.5 + XSA_231_45 = (xsaPatch { + name = "231-4.5"; + sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6"; + }); + + # 4.8 - 4.9 + XSA_231 = (xsaPatch { + name = "231-4.9"; + sha256 = "09r8xxq2fd52wrk6i0y0sk3nbidfg6pzzrkx327hfmdjj76iyz3b"; + }); + + # 4.5 - 4.9 + XSA_232 = (xsaPatch { + name = "232"; + sha256 = "0n6irjpmraa3hbxxm64a1cplc6y6g07x7v2fmlpvn70ql3fs0220"; + }); + + # 4.5 - 4.9 + XSA_233 = (xsaPatch { + name = "233"; + sha256 = "1w3m8349cqav56av63w6jzvlsv4jw5rimwvskr9pq2rcbk2dx8kf"; + }); + + # 4.5 + XSA_234_45 = (xsaPatch { + name = "234-4.5"; + sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f"; + }); + + # 4.8 + XSA_234_48 = (xsaPatch { + name = "234-4.8"; + sha256 = "08n1pf7z5y67dmay1ap39bi81clgkx82fpmfn7jsh8k4aw94jrsa"; + }); + + # 4.9 + XSA_234 = (xsaPatch { + name = "234-4.9"; + sha256 = "1znmxg432is0virw8321gax8zqq2zcmi2pc5p2j31sixylixsvzx"; + }); + + # 4.5 + XSA_235_45 = (xsaPatch { + name = "235-4.5"; + sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff"; + }); + + # 4.8 - 4.9 + XSA_235 = (xsaPatch { + name = "235-4.9"; + sha256 = "1rj4jkmh79wm30jq9f8x65qv3al8l91zc3m5s23q0x6abn3pfb9z"; + }); + + # 4.5 + XSA_236_45 = (xsaPatch { + name = "236-4.5"; + sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz"; + }); + + # 4.8 - 4.9 + XSA_236 = (xsaPatch { + name = "236-4.9"; + sha256 = "0vqxy7mgflga05l33j3488fwxmdw3p9yxj4ylhk9n3nw8id72ghq"; + }); + + # 4.5 + XSA_237_45 = [ + (xsaPatch { + name = "237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "0hjxs20jhls4i0iph45a0qpw4znkm04gv74jmwhw84gy4hrhzq3b"; + }) + (xsaPatch { + name = "237-4.5/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "0ki8nmbc2g1l9wnqsph45a2k4c6dk5s7jvdlxg3zznyiyxjcv8yn"; + }) + (xsaPatch { + name = "237-4.5/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1hdz83qrjaqnihz8ji186dypxiblbfpgyb01j9m5alhk4whjqvp1"; + }) + (xsaPatch { + name = "237-4.5/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "0csdfn9kzn1k94pg3fcwsgqw14wcd4myi1jkcq5alj1fmkhw4wmk"; + }) + (xsaPatch { + name = "237-4.5/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "14b73rkvbkd1a2gh9kp0zrvv2d3kfwkiv24fg9agh4hrf2w3nx7y"; + }) + ]; + + # 4.8 + XSA_237_48 = [ + (xsaPatch { + name = "237-4.8/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "0qjisp37lwi2611mp7fbbm1s7m0bx726rrg79dnxs2mj0skw59iv"; + }) + (xsaPatch { + name = "237-4.8/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "05q1dny13jrqhjfwak7r635mqp9chpibjvn8b7d90japc1nzpq62"; + }) + (xsaPatch { + name = "237-4.8/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1907lv8nb2zhpb6k6jlw4m0hm0n0lyd69vfr3wpzbc56dn0w7jqd"; + }) + (xsaPatch { + name = "237-4.8/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "06nrq0bx3p9ipab2r1why6qm4g32dj0x5q24hfkwc6ih0l9xwf8h"; + }) + (xsaPatch { + name = "237-4.8/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "1nbg7bjw2hv55gnkhf6chkh35va6brs08acq1d5jxncl6kv0amc1"; + }) + ]; + + # 4.9 + XSA_237 = [ + (xsaPatch { + name = "237-4.9/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "1cbl24mqxa62h0wgsnrpcs6y6vs53znzj7g8dfsbmf74xwrd4px6"; + }) + (xsaPatch { + name = "237-4.9/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "0p60148j18b78pxz0dx5ymh1gyrhg2cgmxq0jxmbk090bc4jql35"; + }) + (xsaPatch { + name = "237-4.9/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1907lv8nb2zhpb6k6jlw4m0hm0n0lyd69vfr3wpzbc56dn0w7jqd"; + }) + (xsaPatch { + name = "237-4.9/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "0q95z5641amni53agimnzbspva53p0hz5wl16zaz2yhnjasj5pzr"; + }) + (xsaPatch { + name = "237-4.9/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "0bnqx9w7ppgx8wxj2zw09z0rkv1jzn3r0bd76cz0r22wz29fsdp2"; + }) + ]; + + # 4.5 + XSA_238_45 = (xsaPatch { + name = "238-4.5"; + sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z"; + }); + + # 4.8 - 4.9 + XSA_238 = (xsaPatch { + name = "238"; + sha256 = "1cbmg1bi5ajh7qbwsl92ynaxw2c3p7i24p3wds81r4n93r0y5dxk"; + }); + + # 4.5 + XSA_239_45 = (xsaPatch { + name = "239-4.5"; + sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6"; + }); + + # 4.8 - 4.9 + XSA_239 = (xsaPatch { + name = "239"; + sha256 = "1a9r8j7167s43ds5i7v7mm4y970vjnbhhkrjzpmzlcx8kcz96vh3"; + }); + + # 4.5 + XSA_240_45 = [ + (xsaPatch { + name = "240-4.5/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "0pmf10mbnmb88y7mly8s2l0j88cg0ayhkcnmj1zbjrkjmpccv395"; + }) + (xsaPatch { + name = "240-4.5/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "19f096ra3xndvzkjjasx73p2g25hfkm905px0p3yakwll0qzd029"; + }) + ]; + + # 4.8 + XSA_240_48 = [ + (xsaPatch { + name = "240-4.8/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "0m44qhhqk2pdwqg8g28pypqrylq6iw00k9qrzf6qd0iza2y42kgj"; + }) + (xsaPatch { + name = "240-4.8/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "1jd720wvngj9wq3fprdhakxvqlff0jd8zcx2pd3vsn2qvjbvr2gf"; + }) + ]; + + # 4.9 + XSA_240 = [ + (xsaPatch { + name = "240-4.9/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "1759ni80aifakm44g4cc6pnmbcn1xjic8j66fvj0vibm0wqk6xck"; + }) + (xsaPatch { + name = "240-4.9/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "0g6dpi006p5cjxw5d8h33p0429fdmdm6nqzj0m63ralpqvns3ib5"; + }) + ]; + + # 4.5 - 4.8 + XSA_241 = (xsaPatch { + name = "241-4.8"; + sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj"; + }); + + # 4.9 + XSA_241_49 = (xsaPatch { + name = "241-4.9"; + sha256 = "0xlhin7wkhmlnbp9mqcbq3q4drdwb5la482ja9nwkhi8i867p6wc"; + }); + + # 4.5 - 4.9 + XSA_242 = (xsaPatch { + name = "242-4.9"; + sha256 = "0yx3x0i2wybsm7lzdffxa2mm866bjl4ipbb9vipnw77dyg705zpr"; + }); + + # 4.5 + XSA_243_45 = [ + (xsaPatch { + name = "243-4.6-1"; + sha256 = "1cqanpyysa7px0j645z4jw9yqsvv6cbh7yq1b86ap134axfifcan"; + }) + (xsaPatch { + name = "243-4.5-2"; + sha256 = "0wbcgw4m0nzm2902jnda2020l7bd5adkq8j5myi1zmsfzbq03hwn"; + }) + ]; + + # 4.8 + XSA_243_48 = (xsaPatch { + name = "243-4.8"; + sha256 = "1q60zn55l9wpq45nrxh0av59sjz0jg8pkjm1gkyywkdsgg4fg5z4"; + }); + + # 4.9 + XSA_243 = (xsaPatch { + name = "243"; + sha256 = "06fnbnh9zlsbkqih9ipnb7a8gly54m7lp17d854j1r370ad3c4yg"; + }); + + # 4.5 + XSA_244_45 = (xsaPatch { + name = "244-4.5"; + sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l"; + }); + + # 4.8 - 4.9 + XSA_244 = (xsaPatch { + name = "244"; + sha256 = "10308xsgmhb0vg6fk0ql8v94zifv6dcv6vkaicryfp405yj2rzkm"; + }); + + # 4.5 - 4.9 + XSA_245 = [ + (xsaPatch { + name = "245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in"; + sha256 = "12brsgbn7xwakalsn10afykgqmx119mqg6vjj3v2b1pnmf4ss0w8"; + }) + (xsaPatch { + name = "245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du"; + sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8"; + }) + ]; + + # 4.5 - 4.7 + XSA_246_45 = [ + (xsaPatch { + name = "246-4.7"; + sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn"; + }) + ]; + + # 4.8 - 4.9 + XSA_246 = [ + (xsaPatch { + name = "246-4.9"; + sha256 = "0z68vm0z5zvv9gm06pxs9kxq2q9fdbl0l0cm71ggzdplg1vw0snz"; + }) + ]; + + # 4.8 + XSA_247_48 = [ + (xsaPatch { + name = "247-4.8/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; + sha256 = "0kvjrk90n69s721c2qj2df5raml3pjk6bg80aig353p620w6s3xh"; + }) + (xsaPatch { + name = "247-4.8/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; + sha256 = "1s9kv6h6dd8psi5qf5l5gpk9qhq8blckwhl76cjbldcgi6imb3nr"; + }) + ]; + + # 4.5 + XSA_247_45 = [ + (xsaPatch { + name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; + sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m"; + }) + (xsaPatch { + name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; + sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb"; + }) + ]; + + # 4.5 + XSA_248_45 = [ + (xsaPatch { + name = "248-4.5"; + sha256 = "0csxg6h492ddsa210b45av28iqf7cn2dfdqk4zx10zwf1pv2shyn"; + }) + ]; + + # 4.8 + XSA_248_48 = [ + (xsaPatch { + name = "248-4.8"; + sha256 = "1ycw29q22ymxg18kxpr5p7vhpmp8klssbp5gq77hspxzz2mb96q1"; + }) + ]; + + # 4.5 .. 4.9 + XSA_249 = [ + (xsaPatch { + name = "249"; + sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl"; + }) + ]; + # 4.5 + XSA_250_45 = [ + (xsaPatch { + name = "250-4.5"; + sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d"; + }) + ]; + # 4.8 ... + XSA_250 = [ + (xsaPatch { + name = "250"; + sha256 = "1wpigg8kmha57sspqqln3ih9nbczsw6rx3v72mc62lh62qvwd7x8"; + }) + ]; + # 4.5 + XSA_251_45 = [ + (xsaPatch { + name = "251-4.5"; + sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm"; + }) + ]; + # 4.8 + XSA_251_48 = [ + (xsaPatch { + name = "251-4.8"; + sha256 = "079wi0j6iydid2zj7k584w2c393kgh588w7sjz2nn4039qn8k9mq"; + }) + ]; + # 4.8 + XSA_252_49 = [ + (xsaPatch { + name = "252-4.9"; + sha256 = "03sbn90nlkk5ba1n168rxjkc7x3mqj7rfqvspbwblmwikfbnms2n"; + }) + ]; + # 4.8 + XSA_255_49_1= [ + (xsaPatch { + name = "255-4.9-1"; + sha256 = "0gbin7yxbkq40lvm3gvj1vffavvbng3zpd2m8l1kqyz0rv4vm9zc"; + }) + ]; + # 4.8 + XSA_255_49_2= [ + (xsaPatch { + name = "255-4.9-2"; + sha256 = "0fyg5nnyfpfr80qq83pr64zjp5w1nx94bdblzsjap8gaqcahyr12"; + }) + ]; + # 4.8 + XSA_256_48= [ + (xsaPatch { + name = "256-4.8"; + sha256 = "1w84f717kxwx0h3rw18r4f8pl0l1h5xlj5fy80sr0ws4xkp1qdn4"; + }) + ]; + + + # 4.10 + XSA_252 = [ + (xsaPatch { + name = "252"; + sha256 = "0v4sg20dnvnwrjh3x69gk81v2kmcql7g2s044vg3wcxhzvij1rrn"; + }) + ]; + + # 4.10 + XSA_253 = [ + (xsaPatch { + name = "253"; + sha256 = "0445vzlzy3gd499xraqh5r4qjar6qr0y3813h22jy1n84nhxz27i"; + }) + ]; + + # 4.10 + XSA_255_1 = [ + (xsaPatch { + name = "255-1"; + sha256 = "05g2f3ji1rrjlw3yw4nrns50pnmsib8ybrf64scr1817mj0q9myr"; + }) + ]; + + # 4.10 + XSA_255_2 = [ + (xsaPatch { + name = "255-2"; + sha256 = "08wbngw5z0f9g8di59hww3hhi7j9z49bpc4xlwn5akfcwbgf0961"; + }) + ]; + + # 4.10 + XSA_256 = [ + (xsaPatch { + name = "256"; + sha256 = "1hicwhbwj6k25px55f4ncx1c5xiihi8pfvsb3kv57k7kaicb7pza"; + }) + ]; + +} |