From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1617806-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C91DE158041
	for <garchives@archives.gentoo.org>; Fri,  5 Apr 2024 16:00:01 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0A8C7E29EA;
	Fri,  5 Apr 2024 16:00:01 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D1547E29EB
	for <gentoo-commits@lists.gentoo.org>; Fri,  5 Apr 2024 16:00:00 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BCDE33432E3
	for <gentoo-commits@lists.gentoo.org>; Fri,  5 Apr 2024 15:59:59 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 2C2AE1683
	for <gentoo-commits@lists.gentoo.org>; Fri,  5 Apr 2024 15:59:58 +0000 (UTC)
From: "Florian Schmaus" <flow@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Florian Schmaus" <flow@gentoo.org>
Message-ID: <1712332779.dc44fdfb57631d91873825fd0a3412bd813b6780.flow@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/xen/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-emulation/xen/Manifest app-emulation/xen/xen-4.17.4_pre2.ebuild
X-VCS-Directories: app-emulation/xen/
X-VCS-Committer: flow
X-VCS-Committer-Name: Florian Schmaus
X-VCS-Revision: dc44fdfb57631d91873825fd0a3412bd813b6780
X-VCS-Branch: master
Date: Fri,  5 Apr 2024 15:59:58 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: a7d8c7c4-52ae-46ab-9578-4982889eebe1
X-Archives-Hash: f70c1fbd118bb627f4b3d93bbe85ee37

commit:     dc44fdfb57631d91873825fd0a3412bd813b6780
Author:     Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Fri Apr  5 07:57:33 2024 +0000
Commit:     Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Fri Apr  5 15:59:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc44fdfb

app-emulation/xen: add 4.17.4_pre2

Fixes XSA-451, XSA-452, XSA-453

Bug: https://bugs.gentoo.org/928620
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>

 app-emulation/xen/Manifest               |   1 +
 app-emulation/xen/xen-4.17.4_pre2.ebuild | 179 +++++++++++++++++++++++++++++++
 2 files changed, 180 insertions(+)

diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index 3361cba76370..dd72e728ff73 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -4,3 +4,4 @@ DIST xen-gentoo-patches-4.16.1-gentoo-patchset-2.tar.bz2 5403 BLAKE2B 7fa3b4aa12
 DIST xen-gentoo-patches-4.17.0-gentoo-patchset-2.tar.bz2 4001 BLAKE2B 7afce426759952e202a1dd819fe0a23108072bf9552ba14a0bd787a96ffe5e7a36f37e03dad8db9c46f5731acbc122c258eef6d517816aad9c8db1ca64700d19 SHA512 bcb1479f9ff5e194a4e452da9d0479febc2bcd465b4be69bb8f30e2e6b858fb77a71216dcb3e74dfb65e7ca6513742c294cd6b5eaa5ce82d0b122a00f1cbc450
 DIST xen-upstream-patches-4.16.6-pre-patchset-1.tar.bz2 44167 BLAKE2B 6a11faf689b2875fe6845646cbc71541ff0ce02fed00f2fd0ccabdee4b71be96a5bfaa66a0a6de068a9b6534d5c0df2751f78ccd0755f1bcaef333d8337135dc SHA512 40721e0f4e11408c3687e8e77d850f6f0a02d0af0abe422d11478fe080c158ffee5408ed273d82c8c39a33dd0a97ab962f133a927e3a205fa84e9fe3911a57f1
 DIST xen-upstream-patches-4.17.4-pre-patchset-0.tar.bz2 17570 BLAKE2B 5ae7ceb1feef758166dc6d569da30cfa8867b3755d41a4d2834ad73630ee3beea5696b79a175a7c2680db59e50b802ef2a9ee5a3cedff74f3d9cbfac064b25f1 SHA512 6001c4889ae5bdb592f8d7801762e43db13223e6552e916978b8ce85eb78c3fcd885c24d58f3db688244ccf50646c8d41a2e20c47d3b85fefb29d1c0ed37dd99
+DIST xen-upstream-patches-4.17.4-pre-patchset-1.tar.bz2 77410 BLAKE2B 1c00d613f9d12d81a284455d9099c031ba3ea7066508c75ad6f7e13330a09e2eb4e74bf5bc54fed9c4f90e18856cc01ff0e4ab4721d36388519eb40f99be42d8 SHA512 7a56cb0ac9b59043ffbc891819cbe54c9efe411e2e67eebc212a3b519ca60a37a377dd21b0ba851d6828cf268781983b082c6fecee0f0156501b5c447050789a

diff --git a/app-emulation/xen/xen-4.17.4_pre2.ebuild b/app-emulation/xen/xen-4.17.4_pre2.ebuild
new file mode 100644
index 000000000000..503000ca671c
--- /dev/null
+++ b/app-emulation/xen/xen-4.17.4_pre2.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit flag-o-matic mount-boot python-any-r1 secureboot toolchain-funcs
+
+if [[ ${PV} == *9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://xenbits.xen.org/git-http/xen.git"
+	SRC_URI=""
+else
+	KEYWORDS="~amd64 ~arm -x86"
+
+	XEN_GENTOO_PATCHSET_NUM=2
+	XEN_GENTOO_PATCHSET_BASE=4.17.0
+	XEN_PRE_PATCHSET_NUM=1
+	XEN_PRE_VERSION_BASE=4.17.3
+
+	XEN_BASE_PV="${PV}"
+	if [[ -n "${XEN_PRE_VERSION_BASE}" ]]; then
+		XEN_BASE_PV="${XEN_PRE_VERSION_BASE}"
+	fi
+
+	SRC_URI="https://downloads.xenproject.org/release/xen/${XEN_BASE_PV}/xen-${XEN_BASE_PV}.tar.gz"
+
+	if [[ -n "${XEN_PRE_PATCHSET_NUM}" ]]; then
+		XEN_UPSTREAM_PATCHES_TAG="$(ver_cut 1-3)-pre-patchset-${XEN_PRE_PATCHSET_NUM}"
+		XEN_UPSTREAM_PATCHES_NAME="xen-upstream-patches-${XEN_UPSTREAM_PATCHES_TAG}"
+		SRC_URI+=" https://gitweb.gentoo.org/proj/xen-upstream-patches.git/snapshot/${XEN_UPSTREAM_PATCHES_NAME}.tar.bz2"
+		XEN_UPSTREAM_PATCHES_DIR="${WORKDIR}/${XEN_UPSTREAM_PATCHES_NAME}"
+	fi
+	if [[ -n "${XEN_GENTOO_PATCHSET_NUM}" ]]; then
+		XEN_GENTOO_PATCHES_TAG="$(ver_cut 1-3 ${XEN_GENTOO_PATCHSET_BASE})-gentoo-patchset-${XEN_GENTOO_PATCHSET_NUM}"
+		XEN_GENTOO_PATCHES_NAME="xen-gentoo-patches-${XEN_GENTOO_PATCHES_TAG}"
+		SRC_URI+=" https://gitweb.gentoo.org/proj/xen-gentoo-patches.git/snapshot/${XEN_GENTOO_PATCHES_NAME}.tar.bz2"
+		XEN_GENTOO_PATCHES_DIR="${WORKDIR}/${XEN_GENTOO_PATCHES_NAME}"
+	fi
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="https://xenproject.org"
+
+S="${WORKDIR}/xen-$(ver_cut 1-3 ${XEN_BASE_PV})"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+boot-symlinks debug uefi flask"
+REQUIRED_USE="arm? ( debug )"
+
+DEPEND="${PYTHON_DEPS}
+	uefi? ( >=sys-devel/binutils-2.22[multitarget] )
+	!uefi? ( >=sys-devel/binutils-2.22 )
+	flask? ( sys-apps/checkpolicy )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	if [[ -z ${XEN_TARGET_ARCH} ]]; then
+		if use amd64; then
+			export XEN_TARGET_ARCH="x86_64"
+		elif use arm; then
+			export XEN_TARGET_ARCH="arm32"
+		elif use arm64; then
+			export XEN_TARGET_ARCH="arm64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+	use uefi && secureboot_pkg_setup
+}
+
+src_prepare() {
+	if [[ -v XEN_UPSTREAM_PATCHES_DIR ]]; then
+		eapply "${XEN_UPSTREAM_PATCHES_DIR}"
+	fi
+
+	if [[ -v XEN_GENTOO_PATCHES_DIR ]]; then
+		eapply "${XEN_GENTOO_PATCHES_DIR}"
+	fi
+
+	# Symlinks do not work on fat32 volumes # 829765
+	if ! use boot-symlinks || use uefi; then
+		eapply "${XEN_GENTOO_PATCHES_DIR}"/no-boot-symlinks/${PN}-4.16-no-symlinks.patch
+	fi
+
+	# Workaround new gcc-11 options
+	sed -e '/^CFLAGS/s/-Werror//g' -i xen/Makefile || die
+
+	# Drop .config
+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
+
+	if use uefi; then
+		export EFI_VENDOR="gentoo"
+		export EFI_MOUNTPOINT="/boot"
+	fi
+
+	default
+}
+
+xen_make() {
+	# Setting clang to either 'y' or 'n' tells Xen's build system
+	# whether or not clang is used.
+	local clang=n
+	if tc-is-clang; then
+		clang=y
+	fi
+
+	# Send raw LDFLAGS so that --as-needed works
+	emake \
+		V=1 \
+		LDFLAGS="$(raw-ldflags)" \
+		HOSTCC="$(tc-getBUILD_CC)" \
+		HOSTCXX="$(tc-getBUILD_CXX)" \
+		CC="$(tc-getCC)" \
+		CXX="$(tc-getCXX)" \
+		LD="$(tc-getLD)" \
+		AR="$(tc-getAR)" \
+		OBJDUMP="$(tc-getOBJDUMP)" \
+		RANLIB="$(tc-getRANLIB)" \
+		clang="${clang}" \
+		"$@"
+}
+
+src_configure() {
+	cd xen || die
+
+	touch gentoo-config || die
+	if use arm; then
+	   echo "CONFIG_EARLY_PRINTK=sun7i" >> gentoo-config || die
+	fi
+	if use debug; then
+		cat <<-EOF >> gentoo-config || die
+		CONFIG_DEBUG=y
+		CONFIG_CRASH_DEBUG=y
+EOF
+	fi
+	if use flask; then
+		echo "CONFIG_XSM=y" >> gentoo-config || die
+	fi
+
+	# remove flags
+	unset CFLAGS
+
+	tc-ld-disable-gold # Bug 700374
+
+	xen_make KCONFIG_ALLCONFIG=gentoo-config alldefconfig
+}
+
+src_compile() {
+	xen_make -C xen
+}
+
+src_install() {
+	# The 'make install' doesn't 'mkdir -p' the subdirs
+	if use uefi; then
+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+	fi
+
+	xen_make DESTDIR="${D}" -C xen install
+
+	if use uefi; then
+		secureboot_auto_sign --in-place
+	else
+		# make install likes to throw in some extra EFI bits if it built
+		rm -rf "${D}/usr/$(get_libdir)/efi"
+	fi
+}