From 6048a3c1f593fd99b1b5b46a81b2930b3c2f99c1 Mon Sep 17 00:00:00 2001 From: Alexei Robyn Date: Fri, 10 Jan 2020 15:44:58 +1100 Subject: [PATCH 1/2] xen: Remove unsupported Xen version (4.8) --- pkgs/applications/virtualization/xen/4.8.nix | 198 ------------------ .../virtualization/xen/packages.nix | 54 +---- pkgs/top-level/all-packages.nix | 5 - 3 files changed, 4 insertions(+), 253 deletions(-) delete mode 100644 pkgs/applications/virtualization/xen/4.8.nix diff --git a/pkgs/applications/virtualization/xen/4.8.nix b/pkgs/applications/virtualization/xen/4.8.nix deleted file mode 100644 index 6fa30462df08..000000000000 --- a/pkgs/applications/virtualization/xen/4.8.nix +++ /dev/null @@ -1,198 +0,0 @@ -{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit -, ocaml-ng -, withInternalQemu ? true -, withInternalTraditionalQemu ? true -, withInternalSeabios ? true -, withSeabios ? !withInternalSeabios, seabios ? null -, withInternalOVMF ? false # FIXME: tricky to build -, withOVMF ? false, OVMF -, withLibHVM ? true - -# qemu -, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir -, alsaLib -, ... } @ args: - -assert withInternalSeabios -> !withSeabios; -assert withInternalOVMF -> !withOVMF; - -with stdenv.lib; - -# Patching XEN? Check the XSAs at -# https://xenbits.xen.org/xsa/ -# and try applying all the ones we don't have yet. - -let - xsa = import ./xsa-patches.nix { inherit fetchpatch; }; - - xenlockprofpatch = (fetchpatch { - name = "xenlockprof-gcc7.patch"; - url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222"; - sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70"; - }); - - xenpmdpatch = (fetchpatch { - name = "xenpmd-gcc7.patch"; - url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3"; - sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq"; - }); - - qemuMemfdBuildFix = fetchpatch { - name = "xen-4.8-memfd-build-fix.patch"; - url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; - sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; - }; - - # Ported from - #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=e014dbe74e0484188164c61ff6843f8a04a8cb9d"; - #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=0e3b891fefacc0e49f3c8ffa3a753b69eb7214d2"; - qemuGlusterfs6Fix = ./qemu-gluster-6-compat.diff; - - qemuDeps = [ - udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir - alsaLib - ]; -in - -callPackage (import ./generic.nix (rec { - version = "4.8.5"; - - src = fetchurl { - url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; - sha256 = "04xcf01jad1lpqnmjblzhnjzp0bss9fjd9awgcycjx679arbaxqz"; - }; - - # Sources needed to build tools and firmwares. - xenfiles = optionalAttrs withInternalQemu { - qemu-xen = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/qemu-xen.git"; - rev = "refs/tags/qemu-xen-${version}"; - sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4"; - }; - patches = [ - qemuMemfdBuildFix - qemuGlusterfs6Fix - ]; - buildInputs = qemuDeps; - meta.description = "Xen's fork of upstream Qemu"; - }; - } // optionalAttrs withInternalTraditionalQemu { - qemu-xen-traditional = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; - rev = "refs/tags/xen-${version}"; - sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk"; - }; - buildInputs = qemuDeps; - patches = [ - ]; - postPatch = '' - substituteInPlace xen-hooks.mak \ - --replace /usr/include/pci ${pciutils}/include/pci - ''; - meta.description = "Xen's fork of upstream Qemu that uses old device model"; - }; - } // optionalAttrs withInternalSeabios { - "firmware/seabios-dir-remote" = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/seabios.git"; - rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; - sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; - }; - patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; - meta.description = "Xen's fork of Seabios"; - }; - } // optionalAttrs withInternalOVMF { - "firmware/ovmf-dir-remote" = { - src = fetchgit { - url = "https://xenbits.xen.org/git-http/ovmf.git"; - rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; - sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; - }; - meta.description = "Xen's fork of OVMF"; - }; - } // { - # TODO: patch Xen to make this optional? - "firmware/etherboot/ipxe.git" = { - src = fetchgit { - url = "https://git.ipxe.org/ipxe.git"; - rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; - sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; - }; - meta.description = "Xen's fork of iPXE"; - }; - } // optionalAttrs withLibHVM { - xen-libhvm-dir-remote = { - src = fetchgit { - name = "xen-libhvm"; - url = "https://github.com/michalpalka/xen-libhvm"; - rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; - sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; - }; - buildPhase = '' - make - cd biospt - cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm - ''; - installPhase = '' - make install - cp biospt/biospt $out/bin/ - ''; - meta = { - description = '' - Helper library for reading ACPI and SMBIOS firmware values - from the host system for use with the HVM guest firmware - pass-through feature in Xen''; - license = licenses.bsd2; - }; - }; - }; - - configureFlags = [] - ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH - ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" - ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" - - ++ optional (withSeabios) "--with-system-seabios=${seabios}" - ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" - - ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" - ++ optional (withInternalOVMF) "--enable-ovmf"; - - patches = with xsa; flatten [ - # 253: 4.8 not affected - # 254: no patch supplied by xen project (Meltdown/Spectre) - xenlockprofpatch - xenpmdpatch - ]; - - NIX_CFLAGS_COMPILE = toString [ - # Fix build on Glibc 2.24 - "-Wno-error=deprecated-declarations" - # Fix build with GCC8 - "-Wno-error=maybe-uninitialized" - "-Wno-error=stringop-truncation" - "-Wno-error=format-truncation" - "-Wno-error=array-bounds" - # Fix build with GCC9 - "-Wno-error=address-of-packed-member" - "-Wno-error=format-overflow" - "-Wno-error=absolute-value" - ]; - - postPatch = '' - # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. - sed 1i'#include ' \ - -i tools/blktap2/control/tap-ctl-allocate.c \ - -i tools/libxl/libxl_device.c \ - ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"} - - sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c - ''; - - passthru.qemu-system-i386 = if withInternalQemu - then "lib/xen/bin/qemu-system-i386" - else throw "this xen has no qemu builtin"; - -})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/pkgs/applications/virtualization/xen/packages.nix b/pkgs/applications/virtualization/xen/packages.nix index e30006fbcc1a..55e3b12c3b7e 100644 --- a/pkgs/applications/virtualization/xen/packages.nix +++ b/pkgs/applications/virtualization/xen/packages.nix @@ -1,57 +1,11 @@ { callPackage -, stdenv, overrideCC +, stdenv }: # TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim # light] for each ./.nix. rec { - xen_4_8-vanilla = callPackage ./4.8.nix { - meta = { - description = "vanilla"; - longDescription = '' - Vanilla version of Xen. Uses forks of Qemu and Seabios bundled - with Xen. This gives vanilla experince, but wastes space and - build time: typical NixOS setup that runs lots of VMs will - build three different versions of Qemu when using this (two - forks and upstream). - ''; - }; - }; - - xen_4_8-slim = xen_4_8-vanilla.override { - withInternalQemu = false; - withInternalTraditionalQemu = true; - withInternalSeabios = false; - withSeabios = true; - - meta = { - description = "slim"; - longDescription = '' - Slimmed-down version of Xen that reuses nixpkgs packages as - much as possible. Different parts may get out of sync, but - this builds faster and uses less space than vanilla. Use with - `qemu_xen` from nixpkgs. - ''; - }; - }; - - xen_4_8-light = xen_4_8-vanilla.override { - withInternalQemu = false; - withInternalTraditionalQemu = false; - withInternalSeabios = false; - withSeabios = true; - - meta = { - description = "light"; - longDescription = '' - Slimmed-down version of Xen without `qemu-traditional` (you - don't need it if you don't know what it is). Use with - `qemu_xen-light` from nixpkgs. - ''; - }; - }; - xen_4_10-vanilla = callPackage ./4.10.nix { meta = { description = "vanilla"; @@ -98,8 +52,8 @@ rec { }; }; - xen-vanilla = xen_4_8-vanilla; - xen-slim = xen_4_8-slim; - xen-light = xen_4_8-light; + xen-vanilla = xen_4_10-vanilla; + xen-slim = xen_4_10-slim; + xen-light = xen_4_10-light; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c2371e455b0f..20fa3c866dce 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18502,8 +18502,6 @@ in # Building with `xen` instead of `xen-slim` is possible, but makes no sense. qemu_xen = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen-slim; }); qemu_xen-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen-light; }); - qemu_xen_4_8 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_8-slim; }); - qemu_xen_4_8-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_8-light; }); qemu_xen_4_10 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-slim; }); qemu_xen_4_10-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-light; }); @@ -24408,9 +24406,6 @@ in xen-slim = xenPackages.xen-slim; xen-light = xenPackages.xen-light; - xen_4_8 = xenPackages.xen_4_8-vanilla; - xen_4_8-slim = xenPackages.xen_4_8-slim; - xen_4_8-light = xenPackages.xen_4_8-light; xen_4_10 = xenPackages.xen_4_10-vanilla; xen_4_10-slim = xenPackages.xen_4_10-slim; xen_4_10-light = xenPackages.xen_4_10-light; From 22fdd2465cb463fe685caae107e3785fadb5b276 Mon Sep 17 00:00:00 2001 From: Alexei Robyn Date: Tue, 30 Apr 2019 12:22:53 +1000 Subject: [PATCH 2/2] xen: Build Xen EFI binary --- .../xen/0004-makefile-use-efi-ld.patch | 36 +++++++++++++++++++ .../0005-makefile-fix-efi-mountdir-use.patch | 35 ++++++++++++++++++ .../virtualization/xen/generic.nix | 26 +++++++++++--- 3 files changed, 93 insertions(+), 4 deletions(-) create mode 100644 pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch create mode 100644 pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch diff --git a/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch b/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch new file mode 100644 index 000000000000..a103cb161710 --- /dev/null +++ b/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch @@ -0,0 +1,36 @@ +diff -Naur xen-4.10.4-orig/xen/arch/x86/Makefile xen-4.10.4-patched/xen/arch/x86/Makefile +--- xen-4.10.4-orig/xen/arch/x86/Makefile 2019-07-04 01:28:50.000000000 +1000 ++++ xen-4.10.4-patched/xen/arch/x86/Makefile 2020-03-03 13:32:34.607951507 +1100 +@@ -166,7 +166,7 @@ + # Check if the compiler supports the MS ABI. + export XEN_BUILD_EFI := $(shell $(CC) $(filter-out $(CFLAGS-y) .%.d,$(CFLAGS)) -c efi/check.c -o efi/check.o 2>/dev/null && echo y) + # Check if the linker supports PE. +-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) -mi386pep --subsystem=10 -o efi/check.efi efi/check.o 2>/dev/null && echo y)) ++XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) -mi386pep --subsystem=10 -o efi/check.efi efi/check.o 2>/dev/null && echo y)) + CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI + + $(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') +@@ -188,20 +188,20 @@ + + $(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o $(BASEDIR)/common/symbols-dummy.o efi/mkreloc + $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ +- $(guard) $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \ ++ $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \ + $(BASEDIR)/common/symbols-dummy.o $(note_file) -o $(@D)/.$(@F).$(base).0 &&) : + $(guard) efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S + $(guard) $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ + | $(guard) $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S + $(guard) $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o + $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ +- $(guard) $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ ++ $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ + $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file) -o $(@D)/.$(@F).$(base).1 &&) : + $(guard) efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S + $(guard) $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ + | $(guard) $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S + $(guard) $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o +- $(guard) $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ ++ $(guard) $(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ + $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file) -o $@ + if $(guard) false; then rm -f $@; echo 'EFI support disabled'; \ + else $(NM) -pa --format=sysv $(@D)/$(@F) \ diff --git a/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch b/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch new file mode 100644 index 000000000000..11989e86c770 --- /dev/null +++ b/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch @@ -0,0 +1,35 @@ +EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something +like that, and (on my machine) has directories within that called +{Boot, nixos, gummiboot}. + +This patch does two things: + +1) Xen apparently wants to put files in +$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name +because I can't see why we have it + +2) Ensures the said directory exists + + +--- a/xen/Makefile 2016-01-08 01:50:58.028045657 +0000 ++++ b/xen/Makefile 2016-01-08 01:51:33.560268718 +0000 +@@ -49,7 +49,9 @@ + ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ + ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ + if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ +- $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ ++ [ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \ ++ $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\ ++ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ + elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ + echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ + fi; \ +@@ -69,7 +69,7 @@ + rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).$(XEN_SUBVERSION).efi + rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi + rm -f $(D)$(EFI_DIR)/$(T).efi +- rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ++ rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi + + .PHONY: _debug + _debug: diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 854debc458a3..f19d25ac431d 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -20,6 +20,8 @@ config: # python2Packages.markdown , transfig, ghostscript, texinfo, pandoc +, binutils-unwrapped + , ...} @ args: with stdenv.lib; @@ -42,6 +44,17 @@ let } ( __do ) ''); + + # We don't want to use the wrapped version, because this version of ld is + # only used for linking the Xen EFI binary, and the build process really + # needs control over the LDFLAGS used + efiBinutils = binutils-unwrapped.overrideAttrs (oldAttrs: { + name = "efi-binutils"; + configureFlags = oldAttrs.configureFlags ++ [ + "--enable-targets=x86_64-pep" + ]; + doInstallCheck = false; # We get a spurious failure otherwise, due to host/target mis-match + }); in stdenv.mkDerivation (rec { @@ -119,10 +132,12 @@ stdenv.mkDerivation (rec { '')} ''; - patches = [ ./0000-fix-ipxe-src.patch - ./0000-fix-install-python.patch - ] ++ optional (versionOlder version "4.8.5") ./acpica-utils-20180427.patch - ++ (config.patches or []); + patches = [ + ./0000-fix-ipxe-src.patch + ./0000-fix-install-python.patch + ./0004-makefile-use-efi-ld.patch + ./0005-makefile-fix-efi-mountdir-use.patch + ] ++ (config.patches or []); postPatch = '' ### Hacks @@ -186,6 +201,9 @@ stdenv.mkDerivation (rec { --replace /bin/ls ls ''; + EFI_LD = "${efiBinutils}/bin/ld"; + EFI_VENDOR = "nixos"; + # TODO: Flask needs more testing before enabling it by default. #makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ]; makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ]