Merge pull request #77421 from Shados/xen-build-efi-binaries

pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch

@@ -0,0 +1,36 @@
+diff -Naur xen-4.10.4-orig/xen/arch/x86/Makefile xen-4.10.4-patched/xen/arch/x86/Makefile
+--- xen-4.10.4-orig/xen/arch/x86/Makefile	2019-07-04 01:28:50.000000000 +1000
++++ xen-4.10.4-patched/xen/arch/x86/Makefile	2020-03-03 13:32:34.607951507 +1100
+@@ -166,7 +166,7 @@
+ # Check if the compiler supports the MS ABI.
+ export XEN_BUILD_EFI := $(shell $(CC) $(filter-out $(CFLAGS-y) .%.d,$(CFLAGS)) -c efi/check.c -o efi/check.o 2>/dev/null && echo y)
+ # Check if the linker supports PE.
+-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) -mi386pep --subsystem=10 -o efi/check.efi efi/check.o 2>/dev/null && echo y))
++XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) -mi386pep --subsystem=10 -o efi/check.efi efi/check.o 2>/dev/null && echo y))
+ CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI
+ 
+ $(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p')
+@@ -188,20 +188,20 @@
+ 
+ $(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o $(BASEDIR)/common/symbols-dummy.o efi/mkreloc
+ 	$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
+-	          $(guard) $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
++	          $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
+ 	                $(BASEDIR)/common/symbols-dummy.o $(note_file) -o $(@D)/.$(@F).$(base).0 &&) :
+ 	$(guard) efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S
+ 	$(guard) $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \
+ 		| $(guard) $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S
+ 	$(guard) $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o
+ 	$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
+-	          $(guard) $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
++	          $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
+ 	                $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file) -o $(@D)/.$(@F).$(base).1 &&) :
+ 	$(guard) efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S
+ 	$(guard) $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \
+ 		| $(guard) $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S
+ 	$(guard) $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o
+-	$(guard) $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
++	$(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
+ 	                $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file) -o $@
+ 	if $(guard) false; then rm -f $@; echo 'EFI support disabled'; \
+ 	else $(NM) -pa --format=sysv $(@D)/$(@F) \

pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch

@@ -0,0 +1,35 @@
+EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something
+like that, and (on my machine) has directories within that called
+{Boot, nixos, gummiboot}.
+
+This patch does two things:
+
+1) Xen apparently wants to put files in
+$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name
+because I can't see why we have it
+
+2) Ensures the said directory exists
+
+
+--- a/xen/Makefile	2016-01-08 01:50:58.028045657 +0000
++++ b/xen/Makefile	2016-01-08 01:51:33.560268718 +0000
+@@ -49,7 +49,9 @@
+ 		ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
+ 		ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
+ 		if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
+-			$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
++			[ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \
++			  $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\
++			$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
+ 		elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
+ 			echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
+ 		fi; \
+@@ -69,7 +69,7 @@
+ 	rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).$(XEN_SUBVERSION).efi
+ 	rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi
+ 	rm -f $(D)$(EFI_DIR)/$(T).efi
+-	rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
++	rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
+ 
+ .PHONY: _debug
+ _debug:

pkgs/applications/virtualization/xen/4.8.nix

@@ -1,198 +0,0 @@
-{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit
-, ocaml-ng
-, withInternalQemu ? true
-, withInternalTraditionalQemu ? true
-, withInternalSeabios ? true
-, withSeabios ? !withInternalSeabios, seabios ? null
-, withInternalOVMF ? false # FIXME: tricky to build
-, withOVMF ? false, OVMF
-, withLibHVM ? true
-
-# qemu
-, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir
-, alsaLib
-, ... } @ args:
-
-assert withInternalSeabios -> !withSeabios;
-assert withInternalOVMF -> !withOVMF;
-
-with stdenv.lib;
-
-# Patching XEN? Check the XSAs at
-# https://xenbits.xen.org/xsa/
-# and try applying all the ones we don't have yet.
-
-let
-  xsa = import ./xsa-patches.nix { inherit fetchpatch; };
-
-  xenlockprofpatch = (fetchpatch {
-    name = "xenlockprof-gcc7.patch";
-    url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222";
-    sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70";
-  });
-
-  xenpmdpatch = (fetchpatch {
-    name = "xenpmd-gcc7.patch";
-    url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3";
-    sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq";
-  });
-
-  qemuMemfdBuildFix = fetchpatch {
-    name = "xen-4.8-memfd-build-fix.patch";
-    url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch";
-    sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa";
-  };
-
-  # Ported from
-  #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=e014dbe74e0484188164c61ff6843f8a04a8cb9d";
-  #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=0e3b891fefacc0e49f3c8ffa3a753b69eb7214d2";
-  qemuGlusterfs6Fix = ./qemu-gluster-6-compat.diff;
-
-  qemuDeps = [
-    udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir
-    alsaLib
-  ];
-in
-
-callPackage (import ./generic.nix (rec {
-  version = "4.8.5";
-
-  src = fetchurl {
-    url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz";
-    sha256 = "04xcf01jad1lpqnmjblzhnjzp0bss9fjd9awgcycjx679arbaxqz";
-  };
-
-  # Sources needed to build tools and firmwares.
-  xenfiles = optionalAttrs withInternalQemu {
-    qemu-xen = {
-      src = fetchgit {
-        url = "https://xenbits.xen.org/git-http/qemu-xen.git";
-        rev = "refs/tags/qemu-xen-${version}";
-        sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4";
-      };
-      patches = [
-        qemuMemfdBuildFix
-        qemuGlusterfs6Fix
-      ];
-      buildInputs = qemuDeps;
-      meta.description = "Xen's fork of upstream Qemu";
-    };
-  } // optionalAttrs withInternalTraditionalQemu {
-    qemu-xen-traditional = {
-      src = fetchgit {
-        url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git";
-        rev = "refs/tags/xen-${version}";
-        sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk";
-      };
-      buildInputs = qemuDeps;
-      patches = [
-      ];
-      postPatch = ''
-        substituteInPlace xen-hooks.mak \
-          --replace /usr/include/pci ${pciutils}/include/pci
-      '';
-      meta.description = "Xen's fork of upstream Qemu that uses old device model";
-    };
-  } // optionalAttrs withInternalSeabios {
-    "firmware/seabios-dir-remote" = {
-      src = fetchgit {
-        url = "https://xenbits.xen.org/git-http/seabios.git";
-        rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df";
-        sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm";
-      };
-      patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ];
-      meta.description = "Xen's fork of Seabios";
-    };
-  } // optionalAttrs withInternalOVMF {
-    "firmware/ovmf-dir-remote" = {
-      src = fetchgit {
-        url = "https://xenbits.xen.org/git-http/ovmf.git";
-        rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8";
-        sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr";
-      };
-      meta.description = "Xen's fork of OVMF";
-    };
-  } // {
-    # TODO: patch Xen to make this optional?
-    "firmware/etherboot/ipxe.git" = {
-      src = fetchgit {
-        url = "https://git.ipxe.org/ipxe.git";
-        rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d";
-        sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09";
-      };
-      meta.description = "Xen's fork of iPXE";
-    };
-  } // optionalAttrs withLibHVM {
-    xen-libhvm-dir-remote = {
-      src = fetchgit {
-        name = "xen-libhvm";
-        url = "https://github.com/michalpalka/xen-libhvm";
-        rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c";
-        sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd";
-      };
-      buildPhase = ''
-        make
-        cd biospt
-        cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm
-      '';
-      installPhase = ''
-        make install
-        cp biospt/biospt $out/bin/
-      '';
-      meta = {
-        description = ''
-          Helper library for reading ACPI and SMBIOS firmware values
-          from the host system for use with the HVM guest firmware
-          pass-through feature in Xen'';
-        license = licenses.bsd2;
-      };
-    };
-  };
-
-  configureFlags = []
-    ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH
-    ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional"
-    ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional"
-
-    ++ optional (withSeabios) "--with-system-seabios=${seabios}"
-    ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios"
-
-    ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd"
-    ++ optional (withInternalOVMF) "--enable-ovmf";
-
-  patches = with xsa; flatten [
-    # 253: 4.8 not affected
-    # 254: no patch supplied by xen project (Meltdown/Spectre)
-    xenlockprofpatch
-    xenpmdpatch
-  ];
-
-  NIX_CFLAGS_COMPILE = toString [
-    # Fix build on Glibc 2.24
-    "-Wno-error=deprecated-declarations"
-    # Fix build with GCC8
-    "-Wno-error=maybe-uninitialized"
-    "-Wno-error=stringop-truncation"
-    "-Wno-error=format-truncation"
-    "-Wno-error=array-bounds"
-    # Fix build with GCC9
-    "-Wno-error=address-of-packed-member"
-    "-Wno-error=format-overflow"
-    "-Wno-error=absolute-value"
-  ];
-
-  postPatch = ''
-    # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror.
-    sed 1i'#include <sys/sysmacros.h>' \
-      -i tools/blktap2/control/tap-ctl-allocate.c \
-      -i tools/libxl/libxl_device.c \
-      ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"}
-
-    sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c
-  '';
-
-  passthru.qemu-system-i386 = if withInternalQemu
-      then "lib/xen/bin/qemu-system-i386"
-      else throw "this xen has no qemu builtin";
-
-})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args)

pkgs/applications/virtualization/xen/generic.nix

@@ -20,6 +20,8 @@ config:
 # python2Packages.markdown
 , transfig, ghostscript, texinfo, pandoc
 
+, binutils-unwrapped
+
 , ...} @ args:
 
 with stdenv.lib;
@@ -42,6 +44,17 @@ let
     }
     ( __do )
   '');
+
+  # We don't want to use the wrapped version, because this version of ld is
+  # only used for linking the Xen EFI binary, and the build process really
+  # needs control over the LDFLAGS used
+  efiBinutils = binutils-unwrapped.overrideAttrs (oldAttrs: {
+    name = "efi-binutils";
+    configureFlags = oldAttrs.configureFlags ++ [
+      "--enable-targets=x86_64-pep"
+    ];
+    doInstallCheck = false; # We get a spurious failure otherwise, due to host/target mis-match
+  });
 in
 
 stdenv.mkDerivation (rec {
@@ -119,10 +132,12 @@ stdenv.mkDerivation (rec {
     '')}
   '';
 
-  patches = [ ./0000-fix-ipxe-src.patch
-              ./0000-fix-install-python.patch
-            ] ++ optional (versionOlder version "4.8.5") ./acpica-utils-20180427.patch
-            ++ (config.patches or []);
+  patches = [
+    ./0000-fix-ipxe-src.patch
+    ./0000-fix-install-python.patch
+    ./0004-makefile-use-efi-ld.patch
+    ./0005-makefile-fix-efi-mountdir-use.patch
+  ] ++ (config.patches or []);
 
   postPatch = ''
     ### Hacks
@@ -186,6 +201,9 @@ stdenv.mkDerivation (rec {
       --replace /bin/ls ls
   '';
 
+  EFI_LD = "${efiBinutils}/bin/ld";
+  EFI_VENDOR = "nixos";
+
   # TODO: Flask needs more testing before enabling it by default.
   #makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ];
   makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ]

pkgs/applications/virtualization/xen/packages.nix

@@ -1,57 +1,11 @@
 { callPackage
-, stdenv, overrideCC
+, stdenv
 }:
 
 # TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim
 # light] for each ./<version>.nix.
 
 rec {
-  xen_4_8-vanilla = callPackage ./4.8.nix {
-    meta = {
-      description = "vanilla";
-      longDescription = ''
-        Vanilla version of Xen. Uses forks of Qemu and Seabios bundled
-        with Xen. This gives vanilla experince, but wastes space and
-        build time: typical NixOS setup that runs lots of VMs will
-        build three different versions of Qemu when using this (two
-        forks and upstream).
-      '';
-    };
-  };
-
-  xen_4_8-slim = xen_4_8-vanilla.override {
-    withInternalQemu = false;
-    withInternalTraditionalQemu = true;
-    withInternalSeabios = false;
-    withSeabios = true;
-
-    meta = {
-      description = "slim";
-      longDescription = ''
-        Slimmed-down version of Xen that reuses nixpkgs packages as
-        much as possible. Different parts may get out of sync, but
-        this builds faster and uses less space than vanilla. Use with
-        `qemu_xen` from nixpkgs.
-      '';
-    };
-  };
-
-  xen_4_8-light = xen_4_8-vanilla.override {
-    withInternalQemu = false;
-    withInternalTraditionalQemu = false;
-    withInternalSeabios = false;
-    withSeabios = true;
-
-    meta = {
-      description = "light";
-      longDescription = ''
-        Slimmed-down version of Xen without `qemu-traditional` (you
-        don't need it if you don't know what it is). Use with
-        `qemu_xen-light` from nixpkgs.
-      '';
-    };
-  };
-
   xen_4_10-vanilla = callPackage ./4.10.nix {
     meta = {
       description = "vanilla";
@@ -98,8 +52,8 @@ rec {
     };
   };
 
-  xen-vanilla = xen_4_8-vanilla;
-  xen-slim = xen_4_8-slim;
-  xen-light = xen_4_8-light;
+  xen-vanilla = xen_4_10-vanilla;
+  xen-slim = xen_4_10-slim;
+  xen-light = xen_4_10-light;
 
 }

pkgs/top-level/all-packages.nix

@@ -18900,8 +18900,6 @@ in
   # Building with `xen` instead of `xen-slim` is possible, but makes no sense.
   qemu_xen = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen-slim; });
   qemu_xen-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen-light; });
-  qemu_xen_4_8 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_8-slim; });
-  qemu_xen_4_8-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_8-light; });
   qemu_xen_4_10 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-slim; });
   qemu_xen_4_10-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-light; });
 
@@ -24813,9 +24811,6 @@ in
   xen-slim = xenPackages.xen-slim;
   xen-light = xenPackages.xen-light;
 
-  xen_4_8 = xenPackages.xen_4_8-vanilla;
-  xen_4_8-slim = xenPackages.xen_4_8-slim;
-  xen_4_8-light = xenPackages.xen_4_8-light;
   xen_4_10 = xenPackages.xen_4_10-vanilla;
   xen_4_10-slim = xenPackages.xen_4_10-slim;
   xen_4_10-light = xenPackages.xen_4_10-light;