diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/virtualization/xen')
13 files changed, 1805 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch new file mode 100644 index 000000000000..53821c0d9c51 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch @@ -0,0 +1,16 @@ +tools/python/install-wrap script brakes shebangs patching, disable + +diff --git a/tools/Rules.mk b/tools/Rules.mk +index 87a56dc..a7da869 100644 +--- a/tools/Rules.mk ++++ b/tools/Rules.mk +@@ -90,8 +90,7 @@ CFLAGS += $(CFLAGS-y) + + CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) + +-INSTALL_PYTHON_PROG = \ +- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) ++INSTALL_PYTHON_PROG = $(INSTALL_PROG) + + %.opic: %.c + $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch new file mode 100644 index 000000000000..072338b87aba --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch @@ -0,0 +1,27 @@ +hack to make etherboot use prefetched ipxe + +diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile +index a0578d2..64428a0 100644 +--- a/tools/firmware/etherboot/Makefile ++++ b/tools/firmware/etherboot/Makefile +@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz + + D=ipxe + T=ipxe.tar.gz ++G=ipxe.git + + ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS))) + +@@ -36,9 +37,9 @@ $T: + fi + mv _$T $T + +-$D/src/arch/i386/Makefile: $T Config +- rm -rf $D +- gzip -dc $T | tar xf - ++$D/src/arch/i386/Makefile: $G Config ++ mkdir $D ++ cp -a $G/* $D + for i in $$(cat patches/series) ; do \ + patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \ + done diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch new file mode 100644 index 000000000000..339972a2cdeb --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch @@ -0,0 +1,19 @@ +diff -uNr a/src/Kconfig b/src/Kconfig +--- a/src/Kconfig 2015-08-31 10:15:13.231134858 +0200 ++++ b/src/Kconfig 2015-08-31 10:14:24.039180178 +0200 +@@ -144,13 +144,13 @@ + config ATA_DMA + depends on ATA + bool "ATA DMA" +- default n ++ default y + help + Detect and try to use ATA bus mastering DMA controllers. + config ATA_PIO32 + depends on ATA + bool "ATA 32bit PIO" +- default n ++ default y + help + Use 32bit PIO accesses on ATA (minor optimization on PCI transfers). + config AHCI diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch new file mode 100644 index 000000000000..67b7ac777b5d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch @@ -0,0 +1,104 @@ +From bd71555985efc423b1a119b6a3177de855763453 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:26:30 +0100 +Subject: [PATCH] libxl: Spice image compression setting support for upstream + qemu + +Usage: +spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off] + +Specifies what image compression is to be used by spice (if given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 6 ++++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 24 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index e2f91fc..0c2cbac 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1427,6 +1427,12 @@ for redirection of up to 4 usb devices from spice client to domU's qemu. + It requires an usb controller and if not defined it will automatically adds + an usb2 controller. The default is disabled (0). + ++=item B<spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off]> ++ ++Specifies what image compression is to be used by spice (if given), otherwise ++the qemu default will be used. Please see documentations of your current qemu ++version for details. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 0a123f1..b8e0b67 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -528,6 +528,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_USBREDIREDIRECTION 1 + + /* ++ * LIBXL_HAVE_SPICE_IMAGECOMPRESSION ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: image_compression. This value defines what Spice image compression ++ * is used. ++ * ++ * If this is not defined, the Spice image compression setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index c2b0487..40c8649 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -398,6 +398,10 @@ static char *dm_spice_options(libxl__gc *gc, + if (!libxl_defbool_val(spice->clipboard_sharing)) + opt = libxl__sprintf(gc, "%s,disable-copy-paste", opt); + ++ if (spice->image_compression) ++ opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, ++ spice->image_compression); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 1214d2e..052ded9 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -241,6 +241,7 @@ libxl_spice_info = Struct("spice_info", [ + ("vdagent", libxl_defbool), + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), ++ ("image_compression", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 0b02a6c..00aa69d 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1948,6 +1948,8 @@ skip_vfb: + &b_info->u.hvm.spice.clipboard_sharing, 0); + if (!xlu_cfg_get_long (config, "spiceusbredirection", &l, 0)) + b_info->u.hvm.spice.usbredirection = l; ++ xlu_cfg_replace_string (config, "spice_image_compression", ++ &b_info->u.hvm.spice.image_compression, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch new file mode 100644 index 000000000000..acf9cff99251 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch @@ -0,0 +1,104 @@ +From 296c7f3284efe655d95a8ae045a5dc1a20d6fff0 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:33:17 +0100 +Subject: [PATCH] libxl: Spice streaming video setting support for upstream + qemu + +Usage: +spice_streaming_video=[filter|all|off] + +Specifies what streaming video setting is to be used by spice (if +given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 5 +++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 23 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index 0c2cbac..408653f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1433,6 +1433,11 @@ Specifies what image compression is to be used by spice (if given), otherwise + the qemu default will be used. Please see documentations of your current qemu + version for details. + ++=item B<spice_streaming_video=[filter|all|off]> ++ ++Specifies what streaming video setting is to be used by spice (if given), ++otherwise the qemu default will be used. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index b8e0b67..c219f59 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -539,6 +539,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 + + /* ++ * LIBXL_HAVE_SPICE_STREAMINGVIDEO ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: streaming_video. This value defines what Spice streaming video setting ++ * is used. ++ * ++ * If this is not defined, the Spice streaming video setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_STREAMINGVIDEO 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 40c8649..d8d6f0c 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -402,6 +402,10 @@ static char *dm_spice_options(libxl__gc *gc, + opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, + spice->image_compression); + ++ if (spice->streaming_video) ++ opt = libxl__sprintf(gc, "%s,streaming-video=%s", opt, ++ spice->streaming_video); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 052ded9..02be466 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -242,6 +242,7 @@ libxl_spice_info = Struct("spice_info", [ + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), + ("image_compression", string), ++ ("streaming_video", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 00aa69d..b7eac29 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1950,6 +1950,8 @@ skip_vfb: + b_info->u.hvm.spice.usbredirection = l; + xlu_cfg_replace_string (config, "spice_image_compression", + &b_info->u.hvm.spice.image_compression, 0); ++ xlu_cfg_replace_string (config, "spice_streaming_video", ++ &b_info->u.hvm.spice.streaming_video, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch new file mode 100644 index 000000000000..1771b662bc3a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch @@ -0,0 +1,165 @@ +From 161212ef02312c0681d2d809c8ff1e1f0ea6f6f9 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Wed, 29 Apr 2015 11:20:28 +0200 +Subject: [PATCH] libxl: Add qxl vga interface support for upstream qemu + +Usage: +vga="qxl" + +Qxl vga support many resolutions that not supported by stdvga, +mainly the 16:9 ones and other high up to 2560x1600. +With QXL you can get improved performance and smooth video also +with high resolutions and high quality. +Require their drivers installed in the domU and spice used +otherwise act as a simple stdvga. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Signed-off-by: Zhou Peng <zpengxen@gmail.com> +Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> +Acked-by: George Dunlap <george.dunlap@eu.citrix.com> +--- + docs/man/xl.cfg.pod.5 | 10 +++++++++- + tools/libxl/libxl.h | 10 ++++++++++ + tools/libxl/libxl_create.c | 13 +++++++++++++ + tools/libxl/libxl_dm.c | 8 ++++++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 6 files changed, 43 insertions(+), 1 deletion(-) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index f936dfc..8e4154f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1360,6 +1360,9 @@ qemu-xen-traditional device-model, the amount of video RAM is fixed at 4 MB, + which is sufficient for 1024x768 at 32 bpp. For the upstream qemu-xen + device-model, the default and minimum is 8 MB. + ++For B<qxl> vga, the default is both default and minimal 128MB. ++If B<videoram> is set less than 128MB, an error will be triggered. ++ + =item B<stdvga=BOOLEAN> + + Select a standard VGA card with VBE (VESA BIOS Extensions) as the +@@ -1371,9 +1374,14 @@ This option is deprecated, use vga="stdvga" instead. + + =item B<vga="STRING"> + +-Selects the emulated video card (none|stdvga|cirrus). ++Selects the emulated video card (none|stdvga|cirrus|qxl). + The default is cirrus. + ++In general, QXL should work with the Spice remote display protocol ++for acceleration, and QXL driver is necessary in guest in this case. ++QXL can also work with the VNC protocol, but it will be like a standard ++VGA without acceleration. ++ + =item B<vnc=BOOLEAN> + + Allow access to the display via the VNC protocol. This enables the +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 44bd8e2..efc0617 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -535,6 +535,16 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_DOMINFO_OUTSTANDING_MEMKB 1 + + /* ++ * LIBXL_HAVE_QXL ++ * ++ * If defined, then the libxl_vga_interface_type will contain another value: ++ * "QXL". This value define if qxl vga is supported. ++ * ++ * If this is not defined, the qxl vga support is missed. ++ */ ++#define LIBXL_HAVE_QXL 1 ++ ++/* + * LIBXL_HAVE_SPICE_VDAGENT + * + * If defined, then the libxl_spice_info structure will contain a boolean type: +diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c +index e5a343f..188f7df 100644 +--- a/tools/libxl/libxl_create.c ++++ b/tools/libxl/libxl_create.c +@@ -248,6 +248,10 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ LOG(ERROR,"qemu upstream required for qxl vga"); ++ return ERROR_INVAL; ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 8 * 1024; +@@ -272,6 +276,15 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) { ++ b_info->video_memkb = (128 * 1024); ++ } else if (b_info->video_memkb < (128 * 1024)) { ++ LOG(ERROR, ++ "128 Mib videoram is the minimum for qxl default"); ++ return ERROR_INVAL; ++ } ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 16 * 1024; +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 30c1578..58c9b99 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -251,6 +251,8 @@ static char ** libxl__build_device_model_args_old(libxl__gc *gc, + case LIBXL_VGA_INTERFACE_TYPE_NONE: + flexarray_append_pair(dm_args, "-vga", "none"); + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ break; + } + + if (b_info->u.hvm.boot) { +@@ -625,6 +627,12 @@ static char ** libxl__build_device_model_args_new(libxl__gc *gc, + break; + case LIBXL_VGA_INTERFACE_TYPE_NONE: + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ /* QXL have 2 ram regions, ram and vram */ ++ flexarray_append_pair(dm_args, "-device", ++ GCSPRINTF("qxl-vga,vram_size_mb=%"PRIu64",ram_size_mb=%"PRIu64, ++ (b_info->video_memkb/2/1024), (b_info->video_memkb/2/1024) ) ); ++ break; + } + + if (b_info->u.hvm.boot) { +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 117b61d..023b21e 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -183,6 +183,7 @@ libxl_vga_interface_type = Enumeration("vga_interface_type", [ + (1, "CIRRUS"), + (2, "STD"), + (3, "NONE"), ++ (4, "QXL"), + ], init_val = "LIBXL_VGA_INTERFACE_TYPE_CIRRUS") + + libxl_vendor_device = Enumeration("vendor_device", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 648ca08..526a1f6 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -2115,6 +2115,8 @@ skip_vfb: + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_CIRRUS; + } else if (!strcmp(buf, "none")) { + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_NONE; ++ } else if (!strcmp(buf, "qxl")) { ++ b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_QXL; + } else { + fprintf(stderr, "Unknown vga \"%s\" specified\n", buf); + exit(1); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix new file mode 100644 index 000000000000..7e3c73fb11d5 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix @@ -0,0 +1,181 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib, glib, python2 +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib glib python2 + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.10.4"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "0ipkr7b3v3y183n6nfmz7q3gnzxa20011df4jpvxi6pmr8cpnkwh"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + qemu-xen = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen.git"; + # rev = "refs/tags/qemu-xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "qemu-xen-${version}"; + sha256 = "0laxvhdjz1njxjvq3jzw2yqvdr9gdn188kqjf2gcrfzgih7xv2ym"; + }; + buildInputs = qemuDeps; + postPatch = '' + # needed in build but /usr/bin/env is not available in sandbox + substituteInPlace scripts/tracetool.py \ + --replace "/usr/bin/env python" "${python2}/bin/python" + ''; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + qemu-xen-traditional = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; + # rev = "refs/tags/xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "c8ea0457495342c417c3dc033bba25148b279f60"; + sha256 = "0v5nl3c08kpjg57fb8l191h1y57ykp786kz6l525jgplif28vx13"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/seabios.git"; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/ovmf.git"; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = "https://git.ipxe.org/ipxe.git"; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + xen-libhvm-dir-remote = { + src = fetchgit { + name = "xen-libhvm"; + url = "https://github.com/michalpalka/xen-libhvm"; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + NIX_CFLAGS_COMPILE = toString [ + # Fix build on Glibc 2.24. + "-Wno-error=deprecated-declarations" + # Fix build with GCC 8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" + # Fix build with GCC 9 + "-Wno-error=address-of-packed-member" + "-Wno-error=format-overflow" + "-Wno-error=absolute-value" + ]; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + # Makefile didn't include previous PKG_CONFIG_PATH so glib wasn't found + substituteInPlace tools/Makefile \ + --replace 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config' 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config:$(PKG_CONFIG_PATH)' + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix new file mode 100644 index 000000000000..6fa30462df08 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix @@ -0,0 +1,198 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + xenlockprofpatch = (fetchpatch { + name = "xenlockprof-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222"; + sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70"; + }); + + xenpmdpatch = (fetchpatch { + name = "xenpmd-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3"; + sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq"; + }); + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + # Ported from + #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=e014dbe74e0484188164c61ff6843f8a04a8cb9d"; + #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=0e3b891fefacc0e49f3c8ffa3a753b69eb7214d2"; + qemuGlusterfs6Fix = ./qemu-gluster-6-compat.diff; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.8.5"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "04xcf01jad1lpqnmjblzhnjzp0bss9fjd9awgcycjx679arbaxqz"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + qemu-xen = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen.git"; + rev = "refs/tags/qemu-xen-${version}"; + sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4"; + }; + patches = [ + qemuMemfdBuildFix + qemuGlusterfs6Fix + ]; + buildInputs = qemuDeps; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + qemu-xen-traditional = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; + rev = "refs/tags/xen-${version}"; + sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/seabios.git"; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/ovmf.git"; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = "https://git.ipxe.org/ipxe.git"; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + xen-libhvm-dir-remote = { + src = fetchgit { + name = "xen-libhvm"; + url = "https://github.com/michalpalka/xen-libhvm"; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + # 253: 4.8 not affected + # 254: no patch supplied by xen project (Meltdown/Spectre) + xenlockprofpatch + xenpmdpatch + ]; + + NIX_CFLAGS_COMPILE = toString [ + # Fix build on Glibc 2.24 + "-Wno-error=deprecated-declarations" + # Fix build with GCC8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" + # Fix build with GCC9 + "-Wno-error=address-of-packed-member" + "-Wno-error=format-overflow" + "-Wno-error=absolute-value" + ]; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c \ + ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"} + + sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c + ''; + + passthru.qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch b/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch new file mode 100644 index 000000000000..aa4fd494082d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch @@ -0,0 +1,63 @@ +From 858dbaaeda33b05c1ac80aea0ba9a03924e09005 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Wed, 9 May 2018 11:08:12 +0100 +Subject: [PATCH] libacpi: fixes for iasl >= 20180427 +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +New versions of iasl have introduced improved C file generation, as +reported in the changelog: + +iASL: Enhanced the -tc option (which creates an AML hex file in C, +suitable for import into a firmware project): + 1) Create a unique name for the table, to simplify use of multiple +SSDTs. + 2) Add a protection #ifdef in the file, similar to a .h header file. + +The net effect of that on generated files is: + +-unsigned char AmlCode[] = ++#ifndef __SSDT_S4_HEX__ ++#define __SSDT_S4_HEX__ ++ ++unsigned char ssdt_s4_aml_code[] = + +The above example is from ssdt_s4.asl. + +Fix the build with newer versions of iasl by stripping the '_aml_code' +suffix from the variable name on generated files. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Wei Liu <wei.liu2@citrix.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> +Release-acked-by: Juergen Gross <jgross@suse.com> +--- + tools/libacpi/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/libacpi/Makefile b/tools/libacpi/Makefile +index a47a658a25..c17f3924cc 100644 +--- a/tools/libacpi/Makefile ++++ b/tools/libacpi/Makefile +@@ -43,7 +43,7 @@ all: $(C_SRC) $(H_SRC) + + $(H_SRC): $(ACPI_BUILD_DIR)/%.h: %.asl iasl + iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $< +- sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex >$@ ++ sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex >$@ + rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) + + $(MK_DSDT): mk_dsdt.c +@@ -76,7 +76,7 @@ $(ACPI_BUILD_DIR)/dsdt_anycpu_arm.asl: $(MK_DSDT) + + $(C_SRC): $(ACPI_BUILD_DIR)/%.c: iasl $(ACPI_BUILD_DIR)/%.asl + iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $(ACPI_BUILD_DIR)/$*.asl +- sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) ++ sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) + echo "int $*_len=sizeof($*);" >> $@.$(TMP_SUFFIX) + mv -f $@.$(TMP_SUFFIX) $@ + rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) +-- +2.11.0 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/generic.nix b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix new file mode 100644 index 000000000000..854debc458a3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix @@ -0,0 +1,240 @@ +config: +{ stdenv, cmake, pkgconfig, which + +# Xen +, bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib +, iasl, libaio, libiconv, libuuid, ncurses, openssl, perl +, python2Packages +# python2Packages.python +, xz, yajl, zlib + +# Xen Optional +, ocamlPackages + +# Scripts +, coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools +, iproute, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd +, lvm2, utillinux, procps, systemd + +# Documentation +# python2Packages.markdown +, transfig, ghostscript, texinfo, pandoc + +, ...} @ args: + +with stdenv.lib; + +let + #TODO: fix paths instead + scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [ + which perl + coreutils gawk gnused gnugrep diffutils utillinux multipath-tools + iproute inetutils iptables bridge-utils openvswitch nbd drbd + ]; + + withXenfiles = f: concatStringsSep "\n" (mapAttrsToList f config.xenfiles); + + withTools = a: f: withXenfiles (name: x: optionalString (hasAttr a x) '' + echo "processing ${name}" + __do() { + cd "tools/${name}" + ${f name x} + } + ( __do ) + ''); +in + +stdenv.mkDerivation (rec { + inherit (config) version; + + name = "xen-${version}"; + + dontUseCmakeConfigure = true; + + hardeningDisable = [ "stackprotector" "fortify" "pic" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + cmake which + + # Xen + bison bzip2 checkpolicy dev86 figlet flex gettext glib iasl libaio + libiconv libuuid ncurses openssl perl python2Packages.python xz yajl zlib + + # oxenstored + ocamlPackages.findlib ocamlPackages.ocaml systemd + + # Python fixes + python2Packages.wrapPython + + # Documentation + python2Packages.markdown transfig ghostscript texinfo pandoc + + # Others + ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles)) + ++ (config.buildInputs or []); + + prePatch = '' + ### Generic fixes + + # Xen's stubdoms, tools and firmwares need various sources that + # are usually fetched at build time using wget and git. We can't + # have that, so we prefetch them in nix-expression and setup + # fake wget and git for debugging purposes. + + mkdir fake-bin + + # Fake git: just print what it wants and die + cat > fake-bin/wget << EOF + #!${stdenv.shell} -e + echo ===== FAKE WGET: Not fetching \$* + [ -e \$3 ] + EOF + + # Fake git: just print what it wants and die + cat > fake-bin/git << EOF + #!${stdenv.shell} + echo ===== FAKE GIT: Not cloning \$* + [ -e \$3 ] + EOF + + chmod +x fake-bin/* + export PATH=$PATH:$PWD/fake-bin + + # Remove in-tree qemu stuff in case we build from a tar-ball + rm -rf tools/qemu-xen tools/qemu-xen-traditional + + # Fix shebangs, mainly for build-scipts + # We want to do this before getting prefetched stuff to speed things up + # (prefetched stuff has lots of files) + find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g' + find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \ + | xargs sed -i 's@/bin/bash@${stdenv.shell}@g' + + # Get prefetched stuff + ${withXenfiles (name: x: '' + echo "${x.src} -> tools/${name}" + cp -r ${x.src} tools/${name} + chmod -R +w tools/${name} + '')} + ''; + + patches = [ ./0000-fix-ipxe-src.patch + ./0000-fix-install-python.patch + ] ++ optional (versionOlder version "4.8.5") ./acpica-utils-20180427.patch + ++ (config.patches or []); + + postPatch = '' + ### Hacks + + # Work around a bug in our GCC wrapper: `gcc -MF foo -v' doesn't + # print the GCC version number properly. + substituteInPlace xen/Makefile \ + --replace '$(CC) $(CFLAGS) -v' '$(CC) -v' + + # Hack to get `gcc -m32' to work without having 32-bit Glibc headers. + mkdir -p tools/include/gnu + touch tools/include/gnu/stubs-32.h + + ### Fixing everything else + + substituteInPlace tools/libfsimage/common/fsimage_plugin.c \ + --replace /usr $out + + substituteInPlace tools/blktap2/lvm/lvm-util.c \ + --replace /usr/sbin/vgs ${lvm2}/bin/vgs \ + --replace /usr/sbin/lvs ${lvm2}/bin/lvs + + substituteInPlace tools/misc/xenpvnetboot \ + --replace /usr/sbin/mount ${utillinux}/bin/mount \ + --replace /usr/sbin/umount ${utillinux}/bin/umount + + substituteInPlace tools/xenmon/xenmon.py \ + --replace /usr/bin/pkill ${procps}/bin/pkill + + substituteInPlace tools/xenstat/Makefile \ + --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h + + ${optionalString (builtins.compareVersions config.version "4.8" >= 0) '' + substituteInPlace tools/hotplug/Linux/launch-xenstore.in \ + --replace /bin/mkdir mkdir + ''} + + ${optionalString (builtins.compareVersions config.version "4.6" < 0) '' + # TODO: use this as a template and support our own if-up scripts instead? + substituteInPlace tools/hotplug/Linux/xen-backend.rules.in \ + --replace "@XEN_SCRIPT_DIR@" $out/etc/xen/scripts + + # blktap is not provided by xen, but by xapi + sed -i '/blktap/d' tools/hotplug/Linux/xen-backend.rules.in + ''} + + ${withTools "patches" (name: x: '' + ${concatMapStringsSep "\n" (p: '' + echo "# Patching with ${p}" + patch -p1 < ${p} + '') x.patches} + '')} + + ${withTools "postPatch" (name: x: x.postPatch)} + + ${config.postPatch or ""} + ''; + + postConfigure = '' + substituteInPlace tools/hotplug/Linux/xendomains \ + --replace /bin/ls ls + ''; + + # TODO: Flask needs more testing before enabling it by default. + #makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ]; + makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ] + ++ (config.makeFlags or []); + + buildFlags = [ "xen" "tools" ]; + + postBuild = '' + make -C docs man-pages + + ${withTools "buildPhase" (name: x: x.buildPhase)} + ''; + + installPhase = '' + mkdir -p $out $out/share $out/share/man + cp -prvd dist/install/nix/store/*/* $out/ + cp -prvd dist/install/boot $out/boot + cp -prvd dist/install/etc $out + cp -dR docs/man1 docs/man5 $out/share/man/ + + ${withTools "installPhase" (name: x: x.installPhase)} + + # Hack + substituteInPlace $out/etc/xen/scripts/hotplugpath.sh \ + --replace SBINDIR=\"$out/sbin\" SBINDIR=\"$out/bin\" + + wrapPythonPrograms + # We also need to wrap pygrub, which lies in lib + wrapPythonProgramsIn "$out/lib" "$out $pythonPath" + + shopt -s extglob + for i in $out/etc/xen/scripts/!(*.sh); do + sed -i "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i + done + ''; + + enableParallelBuilding = true; + + # TODO(@oxij): Stop referencing args here + meta = { + homepage = "http://www.xen.org/"; + description = "Xen hypervisor and related components" + + optionalString (args ? meta && args.meta ? description) + " (${args.meta.description})"; + longDescription = (args.meta.longDescription or "") + + "\nIncludes:\n" + + withXenfiles (name: x: ''* ${name}: ${x.meta.description or "(No description)"}.''); + platforms = [ "x86_64-linux" ]; + maintainers = with stdenv.lib.maintainers; [ eelco tstrobel oxij ]; + license = stdenv.lib.licenses.gpl2; + } // (config.meta or {}); +} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/packages.nix b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix new file mode 100644 index 000000000000..e30006fbcc1a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix @@ -0,0 +1,105 @@ +{ callPackage +, stdenv, overrideCC +}: + +# TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim +# light] for each ./<version>.nix. + +rec { + xen_4_8-vanilla = callPackage ./4.8.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_8-slim = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_8-light = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen_4_10-vanilla = callPackage ./4.10.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_10-slim = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_10-light = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen-vanilla = xen_4_8-vanilla; + xen-slim = xen_4_8-slim; + xen-light = xen_4_8-light; + +} diff --git a/nixpkgs/pkgs/applications/virtualization/xen/qemu-gluster-6-compat.diff b/nixpkgs/pkgs/applications/virtualization/xen/qemu-gluster-6-compat.diff new file mode 100644 index 000000000000..7ec6ad3aba66 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/qemu-gluster-6-compat.diff @@ -0,0 +1,95 @@ +diff --git a/block/gluster.c b/block/gluster.c +index 01b479fbb9..29552e1186 100644 +--- a/block/gluster.c ++++ b/block/gluster.c +@@ -15,6 +15,10 @@ + #include "qemu/uri.h" + #include "qemu/error-report.h" + ++#ifdef CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT ++# define glfs_ftruncate(fd, offset) glfs_ftruncate(fd, offset, NULL, NULL) ++#endif ++ + #define GLUSTER_OPT_FILENAME "filename" + #define GLUSTER_OPT_VOLUME "volume" + #define GLUSTER_OPT_PATH "path" +@@ -613,7 +617,11 @@ static void qemu_gluster_complete_aio(void *opaque) + /* + * AIO callback routine called from GlusterFS thread. + */ +-static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, void *arg) ++static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, ++#ifdef CONFIG_GLUSTERFS_IOCB_HAS_STAT ++ struct glfs_stat *pre, struct glfs_stat *post, ++#endif ++ void *arg) + { + GlusterAIOCB *acb = (GlusterAIOCB *)arg; + +diff --git a/configure b/configure +index 4b808f9d17..89fb27fd0d 100755 +--- a/configure ++++ b/configure +@@ -301,6 +301,8 @@ glusterfs="" + glusterfs_xlator_opt="no" + glusterfs_discard="no" + glusterfs_zerofill="no" ++glusterfs_ftruncate_has_stat="no" ++glusterfs_iocb_has_stat="no" + archipelago="no" + gtk="" + gtkabi="" +@@ -3444,6 +3446,38 @@ if test "$glusterfs" != "no" ; then + if $pkg_config --atleast-version=6 glusterfs-api; then + glusterfs_zerofill="yes" + fi ++ cat > $TMPC << EOF ++#include <glusterfs/api/glfs.h> ++ ++int ++main(void) ++{ ++ /* new glfs_ftruncate() passes two additional args */ ++ return glfs_ftruncate(NULL, 0, NULL, NULL); ++} ++EOF ++ if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then ++ glusterfs_ftruncate_has_stat="yes" ++ fi ++ cat > $TMPC << EOF ++#include <glusterfs/api/glfs.h> ++ ++/* new glfs_io_cbk() passes two additional glfs_stat structs */ ++static void ++glusterfs_iocb(glfs_fd_t *fd, ssize_t ret, struct glfs_stat *prestat, struct glfs_stat *poststat, void *data) ++{} ++ ++int ++main(void) ++{ ++ glfs_io_cbk iocb = &glusterfs_iocb; ++ iocb(NULL, 0 , NULL, NULL, NULL); ++ return 0; ++} ++EOF ++ if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then ++ glusterfs_iocb_has_stat="yes" ++ fi + else + if test "$glusterfs" = "yes" ; then + feature_not_found "GlusterFS backend support" \ +@@ -5415,6 +5449,14 @@ if test "$archipelago" = "yes" ; then + echo "ARCHIPELAGO_LIBS=$archipelago_libs" >> $config_host_mak + fi + ++if test "$glusterfs_ftruncate_has_stat" = "yes" ; then ++ echo "CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT=y" >> $config_host_mak ++fi ++ ++if test "$glusterfs_iocb_has_stat" = "yes" ; then ++ echo "CONFIG_GLUSTERFS_IOCB_HAS_STAT=y" >> $config_host_mak ++fi ++ + if test "$libssh2" = "yes" ; then + echo "CONFIG_LIBSSH2=m" >> $config_host_mak + echo "LIBSSH2_CFLAGS=$libssh2_cflags" >> $config_host_mak diff --git a/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix new file mode 100644 index 000000000000..26cdbc1f65f7 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix @@ -0,0 +1,488 @@ +{ fetchpatch }: + +let + xsaPatch = { name , sha256 }: (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa${name}.patch"; + inherit sha256; + }); +in { + # 4.5 + XSA_190 = (xsaPatch { + name = "190-4.5"; + sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm"; + }); + + # 4.5 + XSA_191 = (xsaPatch { + name = "191-4.6"; + sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg"; + }); + + # 4.5 + XSA_192 = (xsaPatch { + name = "192-4.5"; + sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm"; + }); + + # 4.5 + XSA_193 = (xsaPatch { + name = "193-4.5"; + sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr"; + }); + + # 4.5 + XSA_195 = (xsaPatch { + name = "195"; + sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7"; + }); + + # 4.5 + XSA_196 = [ + (xsaPatch { + name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject"; + sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6"; + }) + (xsaPatch { + name = "196-0002-x86-svm-Fix-injection-of-software-interrupts"; + sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz"; + }) + ]; + + # 4.5 + XSA_198 = (xsaPatch { + name = "198"; + sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9"; + }); + + # 4.5 + XSA_200 = (xsaPatch { + name = "200-4.6"; + sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7"; + }); + + # 4.5 + XSA_202_45 = (xsaPatch { + name = "202-4.6"; + sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f"; + }); + + # 4.5 + XSA_204_45 = (xsaPatch { + name = "204-4.5"; + sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp"; + }); + + # 4.5 + XSA_206_45 = [ + (xsaPatch { + name = "206-4.5/0001-xenstored-apply-a-write-transaction-rate-limit"; + sha256 = "07vsm8mlbxh2s01ny2xywnm1bqhhxas1az31fzwb6f1g14vkzwm4"; + }) + (xsaPatch { + name = "206-4.5/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; + sha256 = "17pnvxjmhny22abwwivacfig4vfsy5bqlki07z236whc2y7yzbsx"; + }) + (xsaPatch { + name = "206-4.5/0003-oxenstored-refactor-putting-response-on-wire"; + sha256 = "0xf566yicnisliy82cydb2s9k27l3bxc43qgmv6yr2ir3ixxlw5s"; + }) + (xsaPatch { + name = "206-4.5/0004-oxenstored-remove-some-unused-parameters"; + sha256 = "16cqx9i0w4w3x06qqdk9rbw4z96yhm0kbc32j40spfgxl82d1zlk"; + }) + (xsaPatch { + name = "206-4.5/0005-oxenstored-refactor-request-processing"; + sha256 = "1g2hzlv7w03sqnifbzda85mwlz3bw37rk80l248180sv3k7k6bgv"; + }) + (xsaPatch { + name = "206-4.5/0006-oxenstored-keep-track-of-each-transaction-s-operatio"; + sha256 = "0n65yfxvpfd4cz95dpbwqj3nablyzq5g7a0klvi2y9zybhch9cmg"; + }) + (xsaPatch { + name = "206-4.5/0007-oxenstored-move-functions-that-process-simple-operat"; + sha256 = "0qllvbc9rnj7jhhlslxxs35gvphvih0ywz52jszj4irm23ka5vnz"; + }) + (xsaPatch { + name = "206-4.5/0008-oxenstored-replay-transaction-upon-conflict"; + sha256 = "0lixkxjfzciy9l0f980cmkr8mcsx14c289kg0mn5w1cscg0hb46g"; + }) + (xsaPatch { + name = "206-4.5/0009-oxenstored-log-request-and-response-during-transacti"; + sha256 = "09ph8ddcx0k7rndd6hx6kszxh3fhxnvdjsq13p97n996xrpl1x7b"; + }) + (xsaPatch { + name = "206-4.5/0010-oxenstored-allow-compilation-prior-to-OCaml-3.12.0"; + sha256 = "1y0m7sqdz89z2vs4dfr45cyvxxas323rxar0xdvvvivgkgxawvxj"; + }) + (xsaPatch { + name = "206-4.5/0011-oxenstored-comments-explaining-some-variables"; + sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; + }) + (xsaPatch { + name = "206-4.5/0012-oxenstored-handling-of-domain-conflict-credit"; + sha256 = "12zgid5y9vrhhpk2syxp0x01lzzr6447fa76n6rjmzi1xgdzpaf8"; + }) + (xsaPatch { + name = "206-4.5/0013-oxenstored-ignore-domains-with-no-conflict-credit"; + sha256 = "0v3g9pm60w6qi360hdqjcw838s0qcyywz9qpl8gzmhrg7a35avxl"; + }) + (xsaPatch { + name = "206-4.5/0014-oxenstored-add-transaction-info-relevant-to-history-"; + sha256 = "0vv3w0h5xh554i9v2vbc8gzm8wabjf2vzya3dyv5yzvly6ygv0sb"; + }) + (xsaPatch { + name = "206-4.5/0015-oxenstored-support-commit-history-tracking"; + sha256 = "1iv2vy29g437vj73x9p33rdcr5ln2q0kx1b3pgxq202ghbc1x1zj"; + }) + (xsaPatch { + name = "206-4.5/0016-oxenstored-only-record-operations-with-side-effects-"; + sha256 = "1cjkw5ganbg6lq78qsg0igjqvbgph3j349faxgk1p5d6nr492zzy"; + }) + (xsaPatch { + name = "206-4.5/0017-oxenstored-discard-old-commit-history-on-txn-end"; + sha256 = "0lm15lq77403qqwpwcqvxlzgirp6ffh301any9g401hs98f9y4ps"; + }) + (xsaPatch { + name = "206-4.5/0018-oxenstored-track-commit-history"; + sha256 = "1jh92p6vjhkm3bn5vz260npvsjji63g2imsxflxs4f3r69sz1nkd"; + }) + (xsaPatch { + name = "206-4.5/0019-oxenstored-blame-the-connection-that-caused-a-transa"; + sha256 = "17k264pk0fvsamj85578msgpx97mw63nmj0j9v5hbj4bgfazvj4h"; + }) + (xsaPatch { + name = "206-4.5/0020-oxenstored-allow-self-conflicts"; + sha256 = "15z3rd49q0pa72si0s8wjsy2zvbm613d0hjswp4ikc6nzsnsh4qy"; + }) + (xsaPatch { + name = "206-4.5/0021-oxenstored-do-not-commit-read-only-transactions"; + sha256 = "04wpzazhv90lg3228z5i6vnh1z4lzd08z0d0fvc4br6pkd0w4va8"; + }) + (xsaPatch { + name = "206-4.5/0022-oxenstored-don-t-wake-to-issue-no-conflict-credit"; + sha256 = "1shbrn0w68rlywcc633zcgykfccck1a77igmg8ydzwjsbwxsmsjy"; + }) + (xsaPatch { + name = "206-4.5/0023-oxenstored-transaction-conflicts-improve-logging"; + sha256 = "1086y268yh8047k1vxnxs2nhp6izp7lfmq01f1gq5n7jiy1sxcq7"; + }) + (xsaPatch { + name = "206-4.5/0024-oxenstored-trim-history-in-the-frequent_ops-function"; + sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; + }) + ]; + + # 4.5 - 4.8 + XSA_207 = (xsaPatch { + name = "207"; + sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc"; + }); + + # 4.5 - 4.8 + XSA_212 = (xsaPatch { + name = "212"; + sha256 = "1ggjbbym5irq534a3zc86md9jg8imlpc9wx8xsadb9akgjrr1r8d"; + }); + + # 4.5 + XSA_213_45 = (xsaPatch { + name = "213-4.5"; + sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm"; + }); + + # 4.5 - 4.8 + XSA_214 = (xsaPatch { + name = "214"; + sha256 = "0qapzx63z0yl84phnpnglpkxp6b9sy1y7cilhwjhxyigpfnm2rrk"; + }); + + # 4.5 + XSA_215 = (xsaPatch { + name = "215"; + sha256 = "0sv8ccc5xp09f1w1gj5a9n3mlsdsh96sdb1n560vh31f4kkd61xs"; + }); + + # 4.5 + XSA_217_45 = (xsaPatch { + name = "217-4.5"; + sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4"; + }); + + # 4.5 + XSA_218_45 = [ + (xsaPatch { + name = "218-4.5/0001-IOMMU-handle-IOMMU-mapping-and-unmapping-failures"; + sha256 = "00y6j3yjxw0igpldsavikmhlxw711k2jsj1qx0s05w2k608gadkq"; + }) + (xsaPatch { + name = "218-4.5/0002-gnttab-fix-unmap-pin-accounting-race"; + sha256 = "0qbbfnnjlpdcd29mzmacfmi859k92c213l91q7w1rg2k6pzx928k"; + }) + (xsaPatch { + name = "218-4.5/0003-gnttab-Avoid-potential-double-put-of-maptrack-entry"; + sha256 = "1cndzvyhf41mk4my6vh3bk9jvh2y4gpmqdhvl9zhxhmppszslqkc"; + }) + (xsaPatch { + name = "218-4.5/0004-gnttab-correct-maptrack-table-accesses"; + sha256 = "02zpb0ffigijacqvyyjylwx3qpgibwslrka7mbxwnclf4s9c03a2"; + }) + ]; + + # 4.5 + XSA_219_45 = (xsaPatch { + name = "219-4.5"; + sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm"; + }); + + # 4.5 + XSA_220_45 = (xsaPatch { + name = "220-4.5"; + sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp"; + }); + + # 4.5 - 4.8 + XSA_221 = (xsaPatch { + name = "221"; + sha256 = "1mcr1nqgxyjrkywdg7qhlfwgz7vj2if1dhic425vgd41p9cdgl26"; + }); + + # 4.5 + XSA_222_45 = [ + (xsaPatch { + name = "222-1-4.6"; + sha256 = "1g4dqm5qx4wqlv1520jpfiscph95vllcp4gqp1rdfailk8xi0mcf"; + }) + (xsaPatch { + name = "222-2-4.5"; + sha256 = "1hw8rhc7q4v309f4w11gxfsn5x1pirvxkg7s4kr711fnmvp9hkzd"; + }) + ]; + + # 4.5 - 4.8 + XSA_223 = (xsaPatch { + name = "223"; + sha256 = "0803gjgcbq9vaz2mq0v5finf1fq8iik1g4hqsjqhjxvspn8l70c5"; + }); + + # 4.5 + XSA_224_45 = [ + (xsaPatch { + name = "224-4.5/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; + sha256 = "1aislj66ss4cb3v2bh12mrqsyrf288d4h54rj94jjq7h1hnycw7h"; + }) + (xsaPatch { + name = "224-4.5/0002-gnttab-never-create-host-mapping-unless-asked-to"; + sha256 = "1j6fgm1ccb07gg0mi5qmdr0vqwwc3n12z433g1jrija2gbk1x8aq"; + }) + (xsaPatch { + name = "224-4.5/0003-gnttab-correct-logic-to-get-page-references-during-m"; + sha256 = "166kmicwx280fjqjvgigbmhabjksa0hhvqx5h4v6kjlcjpmxqy08"; + }) + (xsaPatch { + name = "224-4.5/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; + sha256 = "1skc0yj1zsn8xgyq1y57bdc0scvvlmd0ynrjwwf1zkias1wlilav"; + }) + ]; + + # 4.5 + XSA_226_45 = [ + (xsaPatch { + name = "226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; + sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; + }) + (xsaPatch { + name = "226-4.5/0002-gnttab-fix-transitive-grant-handling"; + sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; + }) + ]; + + # 4.5 + XSA_227_45 = (xsaPatch { + name = "227-4.5"; + sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8"; + }); + + # 4.5 - 4.9 + XSA_230 = (xsaPatch { + name = "230"; + sha256 = "10x0j7wmzkrwycs1ng89fgjzvzh8vsdd4c5nb68b3j1azdx4ld83"; + }); + + # 4.5 + XSA_231_45 = (xsaPatch { + name = "231-4.5"; + sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6"; + }); + + # 4.5 - 4.9 + XSA_232 = (xsaPatch { + name = "232"; + sha256 = "0n6irjpmraa3hbxxm64a1cplc6y6g07x7v2fmlpvn70ql3fs0220"; + }); + + # 4.5 - 4.9 + XSA_233 = (xsaPatch { + name = "233"; + sha256 = "1w3m8349cqav56av63w6jzvlsv4jw5rimwvskr9pq2rcbk2dx8kf"; + }); + + # 4.5 + XSA_234_45 = (xsaPatch { + name = "234-4.5"; + sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f"; + }); + + # 4.5 + XSA_235_45 = (xsaPatch { + name = "235-4.5"; + sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff"; + }); + + # 4.5 + XSA_236_45 = (xsaPatch { + name = "236-4.5"; + sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz"; + }); + + # 4.5 + XSA_237_45 = [ + (xsaPatch { + name = "237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "0hjxs20jhls4i0iph45a0qpw4znkm04gv74jmwhw84gy4hrhzq3b"; + }) + (xsaPatch { + name = "237-4.5/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "0ki8nmbc2g1l9wnqsph45a2k4c6dk5s7jvdlxg3zznyiyxjcv8yn"; + }) + (xsaPatch { + name = "237-4.5/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1hdz83qrjaqnihz8ji186dypxiblbfpgyb01j9m5alhk4whjqvp1"; + }) + (xsaPatch { + name = "237-4.5/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "0csdfn9kzn1k94pg3fcwsgqw14wcd4myi1jkcq5alj1fmkhw4wmk"; + }) + (xsaPatch { + name = "237-4.5/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "14b73rkvbkd1a2gh9kp0zrvv2d3kfwkiv24fg9agh4hrf2w3nx7y"; + }) + ]; + + # 4.5 + XSA_238_45 = (xsaPatch { + name = "238-4.5"; + sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z"; + }); + + # 4.5 + XSA_239_45 = (xsaPatch { + name = "239-4.5"; + sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6"; + }); + + # 4.5 + XSA_240_45 = [ + (xsaPatch { + name = "240-4.5/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "0pmf10mbnmb88y7mly8s2l0j88cg0ayhkcnmj1zbjrkjmpccv395"; + }) + (xsaPatch { + name = "240-4.5/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "19f096ra3xndvzkjjasx73p2g25hfkm905px0p3yakwll0qzd029"; + }) + ]; + + # 4.5 - 4.8 + XSA_241 = (xsaPatch { + name = "241-4.8"; + sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj"; + }); + + # 4.5 - 4.9 + XSA_242 = (xsaPatch { + name = "242-4.9"; + sha256 = "0yx3x0i2wybsm7lzdffxa2mm866bjl4ipbb9vipnw77dyg705zpr"; + }); + + # 4.5 + XSA_243_45 = [ + (xsaPatch { + name = "243-4.6-1"; + sha256 = "1cqanpyysa7px0j645z4jw9yqsvv6cbh7yq1b86ap134axfifcan"; + }) + (xsaPatch { + name = "243-4.5-2"; + sha256 = "0wbcgw4m0nzm2902jnda2020l7bd5adkq8j5myi1zmsfzbq03hwn"; + }) + ]; + + # 4.5 + XSA_244_45 = (xsaPatch { + name = "244-4.5"; + sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l"; + }); + + # 4.5 - 4.9 + XSA_245 = [ + (xsaPatch { + name = "245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in"; + sha256 = "12brsgbn7xwakalsn10afykgqmx119mqg6vjj3v2b1pnmf4ss0w8"; + }) + (xsaPatch { + name = "245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du"; + sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8"; + }) + ]; + + # 4.5 - 4.7 + XSA_246_45 = [ + (xsaPatch { + name = "246-4.7"; + sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn"; + }) + ]; + + # 4.5 + XSA_247_45 = [ + (xsaPatch { + name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; + sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m"; + }) + (xsaPatch { + name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; + sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb"; + }) + ]; + + # 4.5 + XSA_248_45 = [ + (xsaPatch { + name = "248-4.5"; + sha256 = "0csxg6h492ddsa210b45av28iqf7cn2dfdqk4zx10zwf1pv2shyn"; + }) + ]; + + # 4.5 .. 4.9 + XSA_249 = [ + (xsaPatch { + name = "249"; + sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl"; + }) + ]; + + # 4.5 + XSA_250_45 = [ + (xsaPatch { + name = "250-4.5"; + sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d"; + }) + ]; + + # 4.5 + XSA_251_45 = [ + (xsaPatch { + name = "251-4.5"; + sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm"; + }) + ]; +} |