diff options
Diffstat (limited to 'community/qemu/APKBUILD')
-rw-r--r-- | community/qemu/APKBUILD | 287 |
1 files changed, 229 insertions, 58 deletions
diff --git a/community/qemu/APKBUILD b/community/qemu/APKBUILD index 20e922183e6..91506b96c5a 100644 --- a/community/qemu/APKBUILD +++ b/community/qemu/APKBUILD @@ -3,17 +3,17 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=qemu -pkgver=6.1.0 -pkgrel=1 +pkgver=8.2.2 +pkgrel=0 pkgdesc="QEMU is a generic machine emulator and virtualizer" url="https://qemu.org/" arch="all" -license="GPL-2.0 LGPL-2" +license="GPL-2.0-only AND LGPL-2.1-only" makedepends=" - meson - bash alsa-lib-dev + bash bison + capstone-dev curl-dev flex glib-dev @@ -21,24 +21,28 @@ makedepends=" gnutls-dev gtk+3.0-dev libaio-dev + libbpf-dev libcap-dev libcap-ng-dev libjpeg-turbo-dev libnfs-dev libpng-dev libseccomp-dev + libslirp-dev libssh-dev + liburing-dev libusb-dev libxml2-dev linux-headers lzo-dev + meson ncurses-dev numactl-dev perl pulseaudio-dev - python3 py3-sphinx py3-sphinx_rtd_theme + python3 sdl2-dev snappy-dev spice-dev @@ -52,7 +56,6 @@ makedepends=" zlib-dev zlib-static zstd-dev - zstd-static " pkggroups="qemu" install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-upgrade" @@ -60,10 +63,21 @@ install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-upgrade" # suid needed for qemu-bridge-helper # strip fails on .img files # some tests does not run on our builders -options="suid !strip !check" -[ "$CARCH" = "riscv64" ] && options="$options textrels" - -subpackages="$pkgname-doc $pkgname-lang $pkgname-guest-agent:guest +options="suid !strip !check textrels" + +subpackages=" + $pkgname-dev + $pkgname-doc + $pkgname-lang + $pkgname-guest-agent:guest + $pkgname-guest-agent-openrc + $pkgname-tools:_tools + $pkgname-hppa-firmware:_hppa_firmware + $pkgname-ppc-firmware:_ppc_firmware + $pkgname-s390x-firmware:_s390x_firmware + $pkgname-pr-helper:_pr_helper + $pkgname-vhost-user-gpu:_vhost_user_gpu + $pkgname-bridge-helper:bridgehelper " _subsystems=" @@ -73,8 +87,10 @@ _subsystems=" arm armeb cris + hexagon hppa i386 + loongarch64 m68k microblaze microblazeel @@ -104,6 +120,7 @@ _subsystems=" system-cris system-hppa system-i386 + system-loongarch64 system-m68k system-microblaze system-microblazeel @@ -136,37 +153,54 @@ for _sub in $_subsystems; do done _modules=" - accel-tcg-i386 - accel-tcg-x86_64 - audio-alsa audio-oss audio-pa audio-sdl + audio-spice block-curl block-dmg-bz2 block-nfs block-ssh - hw-display-qxl - hw-usb-redirect - ui-curses - ui-gtk - ui-sdl - ui-spice-app - audio-spice chardev-spice - hw-display-virtio-gpu-pci + hw-display-qxl hw-display-virtio-gpu - hw-display-virtio-vga hw-display-virtio-gpu-gl + hw-display-virtio-gpu-pci hw-display-virtio-gpu-pci-gl + hw-display-virtio-vga hw-display-virtio-vga-gl hw-s390x-virtio-gpu-ccw hw-usb-host + hw-usb-redirect + ui-curses ui-egl-headless + ui-gtk ui-opengl + ui-sdl + ui-spice-app ui-spice-core " + +case "$CARCH" in +x86) + # ui-dbus has textrels + _configure_dbus=--disable-dbus-display + ;; +*) + _modules="$_modules audio-dbus ui-dbus" + _configure_dbus=--enable-dbus-display + ;; +esac + +case "$CARCH" in +arm*|x86) ;; +*) + makedepends="$makedepends ceph-dev" + _modules="$_modules block-rbd" + _configure_rbd="--enable-rbd" +esac + for _mod in $_modules; do subpackages="$subpackages $pkgname-$_mod:_module" done @@ -174,15 +208,17 @@ subpackages="$subpackages qemu-modules:_all_modules" subpackages="$subpackages $pkgname-img" # -img must be declared the last +# https://gitlab.com/qemu-project/qemu/-/commit/91e0127087257048d2eb98b5b1a5671f53c3a36d +_edk2hash="91e0127087257048d2eb98b5b1a5671f53c3a36d" source="https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch - 0001-linux-user-fix-build-with-musl-on-aarch64.patch xattr_size_max.patch - 0001-linux-user-fix-build-with-musl-on-ppc64le.patch MAP_SYNC-fix.patch fix-sockios-header.patch guest-agent-shutdown.patch + lfs64.patch mips-softfloat.patch + musl-initialise-msghdr.patch CVE-2021-20255.patch @@ -193,12 +229,69 @@ source="https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz " # secfixes: +# 8.0.2-r1: +# - CVE-2023-2861 +# 8.0.0-r6: +# - CVE-2023-0330 +# 7.1.0-r4: +# - CVE-2022-2962 +# - CVE-2022-3165 +# 7.0.0-r0: +# - CVE-2021-4158 +# 6.1.0-r0: +# - CVE-2020-35503 +# - CVE-2021-3507 +# - CVE-2021-3544 +# - CVE-2021-3545 +# - CVE-2021-3546 +# - CVE-2021-3682 # 6.0.0-r2: +# - CVE-2020-35504 +# - CVE-2020-35505 +# - CVE-2020-35506 # - CVE-2021-3527 # 6.0.0-r1: +# - CVE-2021-20181 # - CVE-2021-20255 +# - CVE-2021-3392 +# - CVE-2021-3409 +# - CVE-2021-3416 +# 5.2.0-r0: +# - CVE-2020-24352 +# - CVE-2020-25723 +# - CVE-2020-25742 +# - CVE-2020-25743 +# - CVE-2020-27661 +# - CVE-2020-27821 +# - CVE-2020-29443 +# - CVE-2020-35517 +# - CVE-2021-20203 # 5.1.0-r1: +# - CVE-2020-13361 +# - CVE-2020-13362 # - CVE-2020-14364 +# - CVE-2020-15863 +# - CVE-2020-16092 +# - CVE-2020-17380 +# - CVE-2020-25084 +# - CVE-2020-25085 +# - CVE-2020-25624 +# - CVE-2020-25625 +# - CVE-2020-25741 +# - CVE-2020-28916 +# 5.0.0-r0: +# - CVE-2020-13659 +# - CVE-2020-13754 +# - CVE-2020-13791 +# - CVE-2020-13800 +# - CVE-2020-14415 +# - CVE-2020-15469 +# - CVE-2020-15859 +# - CVE-2020-27616 +# - CVE-2020-27617 +# - CVE-2021-20221 +# 4.2.0-r0: +# - CVE-2020-13765 # 2.8.1-r1: # - CVE-2016-7994 # - CVE-2016-7995 @@ -227,7 +320,7 @@ source="https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz # - CVE-2017-5931 _compile_common() { - CFLAGS="${CFLAGS/-Os/-O2}" "$builddir"/configure \ + "$builddir"/configure \ --prefix=/usr \ --localstatedir=/var \ --sysconfdir=/etc \ @@ -246,6 +339,11 @@ _compile_common() { } build() { + # it pretty much never makes sense to optimise qemu for disk size + export CFLAGS="$CFLAGS -O2" + export CXXFLAGS="$CXXFLAGS -O2" + export CPPFLAGS="$CPPFLAGS -O2" + mkdir -p "$builddir"/build \ "$builddir"/build-static @@ -254,30 +352,33 @@ build() { --enable-linux-user \ --disable-system \ --static \ + --disable-brlapi \ + --disable-bpf \ + --disable-cap-ng \ + --disable-capstone \ + --disable-curl \ + --disable-curses \ --disable-docs \ - --disable-sdl \ + --disable-gcrypt \ + --disable-gnutls \ --disable-gtk \ - --disable-spice \ - --disable-tools \ --disable-guest-agent \ --disable-guest-agent-msi \ - --disable-curses \ - --disable-curl \ - --disable-gnutls \ - --disable-gcrypt \ - --disable-nettle \ - --disable-cap-ng \ - --disable-brlapi \ - --disable-mpath \ --disable-libnfs \ + --disable-mpath \ + --disable-nettle \ --disable-numa \ - --disable-capstone + --disable-sdl \ + --disable-spice \ + --disable-tools cd "$builddir"/build _compile_common \ --disable-linux-user \ --audio-drv-list=oss,alsa,sdl,pa \ + --enable-bpf \ --enable-cap-ng \ + --enable-capstone \ --enable-curl \ --enable-curses \ --enable-docs \ @@ -301,9 +402,9 @@ build() { --enable-virtfs \ --enable-vnc \ --enable-vnc-jpeg \ - --enable-vnc-png \ --enable-zstd \ - --tls-priority=@QEMU,SYSTEM + $_configure_rbd \ + $_configure_dbus } check() { @@ -335,10 +436,15 @@ package() { rm -rf "$pkgdir"/usr/share/doc # remove accel-qtest-* modules, not needed for package rm -f "$pkgdir"/usr/lib/qemu/accel-qtest-* + + install -Dm755 "$srcdir"/$pkgname-guest-agent.initd \ + "$pkgdir"/etc/init.d/$pkgname-guest-agent + install -Dm644 "$srcdir"/$pkgname-guest-agent.confd \ + "$pkgdir"/etc/conf.d/$pkgname-guest-agent } _subsys() { - local name=${1:-"${subpkgname#$pkgname-}"} + local name=${1:-"${subpkgname#"$pkgname"-}"} pkgdesc="Qemu ${name/-/ } emulator" options="" depends="" @@ -346,8 +452,69 @@ _subsys() { system*) depends="qemu";; esac - mkdir -p "$subpkgdir"/usr/bin - mv "$pkgdir"/usr/bin/qemu-$name "$subpkgdir"/usr/bin/ + amove /usr/bin/qemu-$name + + local _arch=${name#system-} + case "$name" in + system-aarch64) + amove /usr/share/qemu/edk2-aarch64-code.fd + ;; + system-arm) + amove /usr/share/qemu/edk2-arm-code.fd \ + /usr/share/qemu/edk2-arm-vars.fd + ;; + system-x86_64|system-i386) + provides="qemu-accel-tcg-$_arch" + amove /usr/lib/qemu/accel-tcg-$_arch.so \ + /usr/share/qemu/edk2-$_arch-code.fd \ + /usr/share/qemu/edk2-$_arch-secure-code.fd + ;; + system-s390x|system-hppa|system-ppc) + depends="$pkgname-$_arch-firmware" + ;; + esac +} + +_tools() { + pkgdesc="QEMU support tools" + depends="" + options="" + amove /usr/bin/qemu-edid \ + /usr/bin/qemu-keymap \ + /usr/bin/elf2dmp +} + +# keep s390x boot files in subpackage to prevent abuild from stripping it +_s390x_firmware() { + pkgdesc="QEMU s390x boot devices" + depends="" + amove /usr/share/qemu/s390-ccw.img \ + /usr/share/qemu/s390-netboot.img +} + +_hppa_firmware() { + pkgdesc="QEMU hppa firmware" + depends="" + amove /usr/share/qemu/hppa-firmware.img +} + +_ppc_firmware() { + pkgdesc="QEMU ppc firmware" + depends="" + amove /usr/share/qemu/openbios-ppc +} + +_vhost_user_gpu() { + pkgdesc="QEMU vhost user GPU device" + depends="" + options="" + amove /usr/lib/qemu/vhost-user-gpu \ + /usr/share/qemu/vhost-user/50-qemu-gpu.json +} + +_pr_helper() { + pkgdesc="QEMU pr helper utility" + amove /usr/bin/qemu-pr-helper } img() { @@ -359,6 +526,7 @@ img() { mv "$pkgdir"/usr/bin/qemu-img \ "$pkgdir"/usr/bin/qemu-io \ "$pkgdir"/usr/bin/qemu-nbd \ + "$pkgdir"/usr/bin/qemu-storage-daemon \ "$subpkgdir"/usr/bin/ # We exploit the fact that -img subpackage are created last @@ -381,11 +549,6 @@ guest() { mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-ga "$subpkgdir"/usr/bin/ - - install -Dm755 "$srcdir"/$pkgname-guest-agent.initd \ - "$subpkgdir"/etc/init.d/$pkgname-guest-agent - install -Dm644 "$srcdir"/$pkgname-guest-agent.confd \ - "$subpkgdir"/etc/conf.d/$pkgname-guest-agent } _module() { @@ -413,17 +576,25 @@ _all_modules() { mkdir -p "$subpkgdir" } +bridgehelper() { + pkgdesc="QEMU SUID helper for bridged networking" + install_if="$pkgname=$pkgver-r$pkgrel" + + amove usr/lib/qemu/qemu-bridge-helper \ + etc/qemu/bridge.conf +} + sha512sums=" -3378ae21c75b77ee6a759827f1fcf7b2a50a0fef07e3b0e89117108022a8d8655fa977e4d65596f4f24f7c735c6594d44b0c6f69732ea4465e88a7406b1d5d3c qemu-6.1.0.tar.xz -98db5e23397cfad4a7210f9f7e1c5fa5c48f065785439521c5b39325c429f2dc367c40925adff6aa8677b3192a1a98a30e93d5b9c879df523deb019c40edd9d9 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch -1ac043312864309e19f839a699ab2485bca51bbf3d5fdb39f1a87b87e3cbdd8cbda1a56e6b5c9ffccd65a8ac2f600da9ceb8713f4dbba26f245bc52bcd8a1c56 0001-linux-user-fix-build-with-musl-on-aarch64.patch -4b1e26ba4d53f9f762cbd5cea8ef6f8062d827ae3ae07bc36c5b0c0be4e94fc1856ad2477e8e791b074b8a25d51ed6d0ddd75e605e54600e5dd0799143793ce4 xattr_size_max.patch -d8933df9484158c2b4888254e62117d78f8ed7c18527b249419f39c2b2ab1afa148010884b40661f8965f1ef3105580fceffdfddbb2c9221dc1c62066722ba65 0001-linux-user-fix-build-with-musl-on-ppc64le.patch -d7de79ea74e36702cac4a59e472564a55f0a663be7e63c3755e32b4b5dfbc04b390ee79f09f43f6ae706ee2aec9e005eade3c0fd4a202db60d11f436874a17d7 MAP_SYNC-fix.patch -39590476a4ebd7c1e79a4f0451b24c75b1817a2a83abaa1f71bb60b225d772152f0af8f3e51ff65645e378c536ffa6ff551dade52884d03a14b7c6a19c5c97d4 fix-sockios-header.patch -d6b81846cefd46b8fd1fb04450d4898f97dc77d11e049fb1bc8e2553bbb88c8325151d0e4bec70cc6820a5863c1d1749b99100b4747d91182856c3ca1946cb28 guest-agent-shutdown.patch -e3acdab38c17eccb87bce1dfec22ce9474dae281474b886860848ae206006b071378882b855023916bb00a86cfbe55216c3fa4336b4e402399df2a9937b8c21c mips-softfloat.patch -e9389a6e3b2c3b59f66ea13eb7a3515e87341a68ca14afeb1ddd0084717bf4a13f5f58dc41dadbf0f2faf8fe1ae94ba7d1469c41539c79e45fa1624c6081e904 CVE-2021-20255.patch +dfd2e1305f9e51bfbc90a7738c69336d5f805481a626ea527b971bdfb6dbe6867e5df7461d48d1c22b79be2dc18e057ea9fa36ef593127cd8b262a5c33f1aa41 qemu-8.2.2.tar.xz +b392f229e631d149d28eb952dcd507d9e5b6975cbba123fd3dab10860fa1936d5035d8e266926652acc1d7cde6874c440beccd33d729bf346769d2c138ebbc01 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch +2c6b3b22877674f870958bb0c74ad85c814f01c98fb123142b1ce77d89adf5c08626e6eade7f627090a53b48f5cebe2a535547804345648cff91dd66f90c2d5b xattr_size_max.patch +7672a3518050f275219920f2cb088f6991ac810dba077856129d779fdf45a3e8c0302c8ca4aa58c0c38e44af80f56404006b3f250e4921fb364cd6fe7149e6ea MAP_SYNC-fix.patch +54d26c3c44730fbd2a155431558fba6a1a3f25d8c057a8e5b8b0d802cb2b6c8a12545a16069fff1b9888a15d6cb087e9750d5e2c310dfc1a3fc756509d3d963e fix-sockios-header.patch +8eed250bea980a35f4f50365e904f56aa4751aeeb2ba9a6bbc6ad27ab9842cf3c773e48be058d9456278d1cc4006e5e80e368cbcb429ccb28a25df92b11477d7 guest-agent-shutdown.patch +d5b4626193fa9b7c687a649aa5ea37d8a74fd2e556a66a71e31af618a0990e144beae253b82b89efd8a798102bcab59cf1a61a76029afcdb0bc5ed58fb40493f lfs64.patch +8a8385dbf4a232adbd51be31d64b1e3ad2333eeb0de867555f995bf1b353ec530f85a25c8b33ce6b9572edfe4bb979a0645f14b839394d8bd47c9ffcd91509a2 mips-softfloat.patch +7a6340df8aa28811af20cd23b98ba95fc8072d4d4d3a2d497604386396892cf26716d0755821e47d02c8eded203133d7dde100537c117e2a047179e4f93883cf musl-initialise-msghdr.patch +25778c29c1f2bf40572125a7b39a01227e3165ed555add44de72a714e4b9d5a91b1504f69d0df55b4e178035813d4c3eca5be048d9afa5e3647d13df3e2f5a30 CVE-2021-20255.patch d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd 1cd24c2444c5935a763c501af2b0da31635aad9cf62e55416d6477fcec153cddbe7de205d99616def11b085e0dd366ba22463d2270f831d884edbc307c7864a6 qemu-guest-agent.initd 9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules |