From feeeee241868e39d102f074805b38d6621435f25 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 2 Feb 2017 16:46:16 +0100 Subject: gnu: gst-plugins-base: Fix build on 32bit. * gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gstreamer.scm (gst-plugins-base)[source]: Use it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7377e5122f..d405fce182 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -602,6 +602,7 @@ dist_patch_DATA = \ %D%/packages/patches/grub-gets-undeclared.patch \ %D%/packages/patches/grub-freetype.patch \ %D%/packages/patches/gsl-test-i686.patch \ + %D%/packages/patches/gst-plugins-base-fix-test-on-32bit.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ %D%/packages/patches/guile-arm-fixes.patch \ %D%/packages/patches/guile-default-utf8.patch \ -- cgit 1.4.1 From b352b57655197d335e4dddcbc837e44a38b646b8 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Fri, 3 Feb 2017 21:53:14 +0200 Subject: gnu: qemu: Patch CVE-2017-{2615, 5578, 5579, 5856}. * gnu/packages/qemu.scm (qemu)[source]: Add patches. * gnu/packages/patches/qemu-CVE-2017-2615, gnu/packages/patches/qemu-CVE-2017-5578, gnu/packages/patches/qemu-CVE-2017-5579, gnu/packages/patches/qemu-CVE-2017-5856: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 4 ++ gnu/packages/patches/qemu-CVE-2017-2615.patch | 52 ++++++++++++++++++++ gnu/packages/patches/qemu-CVE-2017-5578.patch | 39 +++++++++++++++ gnu/packages/patches/qemu-CVE-2017-5579.patch | 44 +++++++++++++++++ gnu/packages/patches/qemu-CVE-2017-5856.patch | 68 +++++++++++++++++++++++++++ gnu/packages/qemu.scm | 6 ++- 6 files changed, 212 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/qemu-CVE-2017-2615.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-5578.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-5579.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-5856.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d405fce182..b0f6a9d432 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -860,9 +860,13 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/qemu-CVE-2016-10155.patch \ + %D%/packages/patches/qemu-CVE-2017-2615.patch \ %D%/packages/patches/qemu-CVE-2017-5525.patch \ %D%/packages/patches/qemu-CVE-2017-5526.patch \ %D%/packages/patches/qemu-CVE-2017-5552.patch \ + %D%/packages/patches/qemu-CVE-2017-5578.patch \ + %D%/packages/patches/qemu-CVE-2017-5579.patch \ + %D%/packages/patches/qemu-CVE-2017-5856.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch new file mode 100644 index 0000000000..ede1f8c89d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch @@ -0,0 +1,52 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64 +this patch is from qemu-git. + + +From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 1 Feb 2017 09:35:01 +0100 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615) + +When doing bitblt copy in backward mode, we should minus the +blt width first just like the adding in the forward mode. This +can avoid the oob access of the front of vga's vram. + +Signed-off-by: Li Qiang + +{ kraxel: with backward blits (negative pitch) addr is the topmost + address, so check it as-is against vram size ] + +Cc: qemu-stable@nongnu.org +Cc: P J P +Cc: Laszlo Ersek +Cc: Paolo Bonzini +Cc: Wolfgang Bumiller +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) +Signed-off-by: Gerd Hoffmann +Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com +Reviewed-by: Laszlo Ersek +--- + hw/display/cirrus_vga.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index 7db6409dc5..16f27e8ac5 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + { + if (pitch < 0) { + int64_t min = addr +- + ((int64_t)s->cirrus_blt_height-1) * pitch; +- int32_t max = addr +- + s->cirrus_blt_width; +- if (min < 0 || max > s->vga.vram_size) { ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch ++ - s->cirrus_blt_width; ++ if (min < -1 || addr >= s->vga.vram_size) { + return true; + } + } else { +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch new file mode 100644 index 0000000000..05655bcd98 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch @@ -0,0 +1,39 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b +this patch is from qemu-git. + + +From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Thu, 29 Dec 2016 04:28:41 -0500 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing + +In the resource attach backing function, everytime it will +allocate 'res->iov' thus can leading a memory leak. This +patch avoid this. + +Signed-off-by: Li Qiang +Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann +--- + hw/display/virtio-gpu.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 6a26258cac..ca88cf478d 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch new file mode 100644 index 0000000000..7630012d54 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch @@ -0,0 +1,44 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b +this patch is from qemu-git. + + +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 4 Jan 2017 00:43:16 -0800 +Subject: [PATCH] serial: fix memory leak in serial exit + +The serial_exit_core function doesn't free some resources. +This can lead memory leak when hotplug and unplug. This +patch avoid this. + +Signed-off-by: Li Qiang +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> +Signed-off-by: Paolo Bonzini +--- + hw/char/serial.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index ffbacd8227..67b18eda12 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) + void serial_exit_core(SerialState *s) + { + qemu_chr_fe_deinit(&s->chr); ++ ++ timer_del(s->modem_status_poll); ++ timer_free(s->modem_status_poll); ++ ++ timer_del(s->fifo_timeout_timer); ++ timer_free(s->fifo_timeout_timer); ++ ++ fifo8_destroy(&s->recv_fifo); ++ fifo8_destroy(&s->xmit_fifo); ++ + qemu_unregister_reset(serial_reset, s); + } + +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch new file mode 100644 index 0000000000..bee0824c0a --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch @@ -0,0 +1,68 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 +this patch is from qemu-git. + + +From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 2 Jan 2017 11:03:33 +0100 +Subject: [PATCH] megasas: fix guest-triggered memory leak + +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. +Avoid this by returning only the status from map_dcmd, and loading +cmd->iov_size in the caller. + +Reported-by: Li Qiang +Signed-off-by: Paolo Bonzini +--- + hw/scsi/megasas.c | 11 ++++++----- + 1 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 67fc1e7..6233865 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) + trace_megasas_dcmd_invalid_sge(cmd->index, + cmd->frame->header.sge_count); + cmd->iov_size = 0; +- return -1; ++ return -EINVAL; + } + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); + cmd->iov_size = iov_size; +- return cmd->iov_size; ++ return 0; + } + + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { + + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + { +- int opcode, len; ++ int opcode; + int retval = 0; ++ size_t len; + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; + + opcode = le32_to_cpu(cmd->frame->dcmd.opcode); + trace_megasas_handle_dcmd(cmd->index, opcode); +- len = megasas_map_dcmd(s, cmd); +- if (len < 0) { ++ if (megasas_map_dcmd(s, cmd) < 0) { + return MFI_STAT_MEMORY_NOT_AVAILABLE; + } + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { + cmdptr++; + } ++ len = cmd->iov_size; + if (cmdptr->opcode == -1) { + trace_megasas_dcmd_unhandled(cmd->index, opcode, len); + retval = megasas_dcmd_dummy(s, cmd); +-- +1.7.0.4 + diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index 1c10ab9aee..b4920cfc25 100644 --- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -78,9 +78,13 @@ (base32 "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs")) (patches (search-patches "qemu-CVE-2016-10155.patch" + "qemu-CVE-2017-2615.patch" "qemu-CVE-2017-5525.patch" "qemu-CVE-2017-5526.patch" - "qemu-CVE-2017-5552.patch")))) + "qemu-CVE-2017-5552.patch" + "qemu-CVE-2017-5578.patch" + "qemu-CVE-2017-5579.patch" + "qemu-CVE-2017-5856.patch")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- cgit 1.4.1 From 1ac675a5831e39968be3c137a4ff448c9f65f48e Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Fri, 3 Feb 2017 22:17:41 +0200 Subject: gnu: p7zip: Fix CVE-2016-9256. * gnu/packages/compression.scm (p7zip)[source]: Add patch. * gnu/packages/patches/p7zip-CVE-2016-9296.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/compression.scm | 3 ++- gnu/packages/patches/p7zip-CVE-2016-9296.patch | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/p7zip-CVE-2016-9296.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b0f6a9d432..0948321c9c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -797,6 +797,7 @@ dist_patch_DATA = \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/orpheus-cast-errors-and-includes.patch \ %D%/packages/patches/ots-no-include-missing-file.patch \ + %D%/packages/patches/p7zip-CVE-2016-9296.patch \ %D%/packages/patches/p7zip-remove-unused-code.patch \ %D%/packages/patches/patchelf-page-size.patch \ %D%/packages/patches/patchelf-rework-for-arm.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index fbbc32197a..9ef255a42d 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -924,7 +924,8 @@ for most inputs, but the resulting compressed files are anywhere from 20% to (delete-file-recursively "CPP/7zip/Archive/Rar") (delete-file-recursively "CPP/7zip/Compress/Rar") #t)) - (patches (search-patches "p7zip-remove-unused-code.patch")))) + (patches (search-patches "p7zip-CVE-2016-9296.patch" + "p7zip-remove-unused-code.patch")))) (build-system gnu-build-system) (arguments `(#:make-flags diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch new file mode 100644 index 0000000000..3fa80377ad --- /dev/null +++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch @@ -0,0 +1,24 @@ +From: Robert Luberda +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ +This patch file taken from Debian's patch set for p7zip +--- + CPP/7zip/Archive/7z/7zIn.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp +index b0c6b98..7c6dde2 100644 +--- a/CPP/7zip/Archive/7z/7zIn.cpp ++++ b/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams( + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + -- cgit 1.4.1 From cc1c3977d54728280ec6649e1883912b1226e63f Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 5 Feb 2017 10:34:47 +0000 Subject: gnu: Add re2c. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/re2c.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add re2c.scm. CC: ng0 Signed-off-by: Sergei Trofimovich Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/re2c.scm | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 gnu/packages/re2c.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0948321c9c..5c1634e021 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -318,6 +318,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/ratpoison.scm \ %D%/packages/rdesktop.scm \ %D%/packages/rdf.scm \ + %D%/packages/re2c.scm \ %D%/packages/readline.scm \ %D%/packages/regex.scm \ %D%/packages/rrdtool.scm \ diff --git a/gnu/packages/re2c.scm b/gnu/packages/re2c.scm new file mode 100644 index 0000000000..c7f2966384 --- /dev/null +++ b/gnu/packages/re2c.scm @@ -0,0 +1,47 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Sergei Trofimovich +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages re2c) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu)) + +(define-public re2c + (package + (name "re2c") + (version "0.16") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/skvadrik/" name + "/releases/download/" version "/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "114y0s4vmzip4hkf4cbz4yv8s498gzaylnphbzmwqhbn55j2bha8")))) + (build-system gnu-build-system) + (home-page "http://re2c.org/") + (synopsis "Lexer generator for C/C++") + (description + "@code{re2c} generates minimalistic hard-coded state machine (as opposed +to full-featured table-based lexers). Flexible API allows generated code +to be wired into virtually any environment. Instead of exposing traditional +@code{yylex()} style API, re2c exposes its internals. Be sure to take a look +at examples, they cover a lot of real-world cases and shed some light on dark +corners of re2c API.") + (license public-domain))) -- cgit 1.4.1 From 63302a4e55241a41eab4c21d7af9fbd0d5817459 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 6 Feb 2017 23:47:09 +0100 Subject: Add (gnu build shepherd). * gnu/build/shepherd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/build/shepherd.scm | 177 +++++++++++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + 2 files changed, 178 insertions(+) create mode 100644 gnu/build/shepherd.scm (limited to 'gnu/local.mk') diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm new file mode 100644 index 0000000000..8fc74bc482 --- /dev/null +++ b/gnu/build/shepherd.scm @@ -0,0 +1,177 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu build shepherd) + #:use-module (gnu system file-systems) + #:use-module (gnu build linux-container) + #:use-module (guix build utils) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export (make-forkexec-constructor/container)) + +;;; Commentary: +;;; +;;; This module provides extensions to the GNU Shepherd. In particular, it +;;; provides a helper to start services in a container. +;;; +;;; Code: + +(define (clean-up file) + (when file + (catch 'system-error + (lambda () + (delete-file file)) + (lambda args + (unless (= ENOENT (system-error-errno args)) + (apply throw args)))))) + +(define-syntax-rule (catch-system-error exp) + (catch 'system-error + (lambda () + exp) + (const #f))) + +(define (default-namespaces args) + ;; Most daemons are here to talk to the network, and most of them expect to + ;; run under a non-zero UID. + (fold delq %namespaces '(net user))) + +(define* (default-mounts #:key (namespaces (default-namespaces '()))) + (define (tmpfs directory) + (file-system + (device "none") + (title 'device) + (mount-point directory) + (type "tmpfs") + (check? #f))) + + (define passwd + ;; This is for processes in the default user namespace but living in a + ;; different mount namespace, so that they can lookup users. + (file-system-mapping + (source "/etc/passwd") (target source))) + + (define nscd-socket + (file-system-mapping + (source "/var/run/nscd") (target source) + (writable? #t))) + + (append (cons (tmpfs "/tmp") %container-file-systems) + (let ((mappings `(,@(if (memq 'net namespaces) + '() + (cons nscd-socket + %network-file-mappings)) + ,@(if (and (memq 'mnt namespaces) + (not (memq 'user namespaces))) + (list passwd) + '()) + ,%store-mapping))) ;XXX: coarse-grain + (map file-system-mapping->bind-mount + (filter (lambda (mapping) + (file-exists? (file-system-mapping-source mapping))) + mappings))))) + +;; XXX: Lazy-bind the Shepherd to avoid a compile-time dependency. +(module-autoload! (current-module) + '(shepherd service) '(read-pid-file exec-command)) + +(define* (read-pid-file/container pid pid-file #:key (max-delay 5)) + "Read PID-FILE in the container namespaces of PID, which exists in a +separate mount and PID name space. Return the \"outer\" PID. " + (match (container-excursion* pid + (lambda () + (read-pid-file pid-file + #:max-delay max-delay))) + (#f + (catch-system-error (kill pid SIGTERM)) + #f) + ((? integer? container-pid) + ;; XXX: When COMMAND is started in a separate PID namespace, its + ;; PID is always 1, but that's not what Shepherd needs to know. + pid))) + +(define* (make-forkexec-constructor/container command + #:key + (namespaces + (default-namespaces args)) + (mappings '()) + (user #f) + (group #f) + (log-file #f) + pid-file + (pid-file-timeout 5) + (directory "/") + (environment-variables + (environ)) + #:rest args) + "This is a variant of 'make-forkexec-constructor' that starts COMMAND in +NAMESPACES, a list of Linux namespaces such as '(mnt ipc). MAPPINGS is the +list of to make in the case of a separate mount +namespace, in addition to essential bind-mounts such /proc." + (define container-directory + (match command + ((program _ ...) + (string-append "/var/run/containers/" (basename program))))) + + (define auto-mappings + `(,@(if log-file + (list (file-system-mapping + (source log-file) + (target source) + (writable? #t))) + '()))) + + (define mounts + (append (map file-system-mapping->bind-mount + (append auto-mappings mappings)) + (default-mounts #:namespaces namespaces))) + + (lambda args + (mkdir-p container-directory) + + (when log-file + ;; Create LOG-FILE so we can map it in the container. + (unless (file-exists? log-file) + (call-with-output-file log-file (const #t)))) + + (let ((pid (run-container container-directory + mounts namespaces 1 + (lambda () + (mkdir-p "/var/run") + (clean-up pid-file) + (clean-up log-file) + + (exec-command command + #:user user + #:group group + #:log-file log-file + #:directory directory + #:environment-variables + environment-variables))))) + (if pid-file + (if (or (memq 'mnt namespaces) (memq 'pid namespaces)) + (read-pid-file/container pid pid-file + #:max-delay pid-file-timeout) + (read-pid-file pid-file #:max-delay pid-file-timeout)) + pid)))) + +;; Local Variables: +;; eval: (put 'container-excursion* 'scheme-indent-function 1) +;; End: + +;;; shepherd.scm ends here diff --git a/gnu/local.mk b/gnu/local.mk index 5c1634e021..63ce3af713 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -451,6 +451,7 @@ GNU_SYSTEM_MODULES = \ %D%/build/linux-initrd.scm \ %D%/build/linux-modules.scm \ %D%/build/marionette.scm \ + %D%/build/shepherd.scm \ %D%/build/svg.scm \ %D%/build/vm.scm \ \ -- cgit 1.4.1 From 1a82ba660e88e731841882523084e5d878267b53 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Thu, 9 Feb 2017 22:27:51 -0500 Subject: gnu: ntfs-3g: Fix CVE-2017-0358. * gnu/packages/linux.scm (ntfs-3g)[source]: Add patch. * gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 3 +- gnu/packages/linux.scm | 1 + gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch | 42 ++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 63ce3af713..1fc49bbd61 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -4,7 +4,7 @@ # Copyright © 2016 Mathieu Lirzin # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver # Copyright © 2016 Chris Marusich -# Copyright © 2016 Kei Kebreau +# Copyright © 2016, 2017 Kei Kebreau # Copyright © 2016 Rene Saavedra # Copyright © 2016 Adonay "adfeno" Felipe Nogueira # Copyright © 2016, 2017 Ricardo Wurmus @@ -777,6 +777,7 @@ dist_patch_DATA = \ %D%/packages/patches/ninja-zero-mtime.patch \ %D%/packages/patches/node-9077.patch \ %D%/packages/patches/nss-pkgconfig.patch \ + %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 313d0775cc..541e4b9c1c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2908,6 +2908,7 @@ from userspace.") (base32 "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp")) (modules '((guix build utils))) + (patches (search-patches "ntfs-3g-CVE-2017-0358.patch")) (snippet ;; Install under $prefix. '(substitute* '("src/Makefile.in" "ntfsprogs/Makefile.in") diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch new file mode 100644 index 0000000000..6edd676e38 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch @@ -0,0 +1,42 @@ +Fix CVE-2017-0358: +http://seclists.org/oss-sec/2017/q1/259 +This patch was copied from the above URL. + +diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c +--- ntfs-3g.old/src/lowntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 ++++ ntfs-3g/src/lowntfs-3g.c 2017-02-09 15:06:35.757580937 -0500 +@@ -3827,13 +3827,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); +diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c +--- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 ++++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500 +@@ -3612,13 +3612,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); -- cgit 1.4.1 From 862e38d551801426e2f4953d13588d504d21381b Mon Sep 17 00:00:00 2001 From: David Craven Date: Thu, 9 Feb 2017 19:46:47 +0100 Subject: gnu: Move (gnu packages grub) and (gnu packages u-boot) ... to (gnu packages bootloaders). * gnu/packages/grub.scm: Rename to bootloaders.scm. * gnu/packages/u-boot.scm: Move to bootloaders.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add bootloaders.scm, remove grub.scm and u-boot.scm; * gnu/system/grub.scm: Import (gnu packages bootloaders). * gnu/system/install.scm: Import (gnu packages bootloaders). * gnu/system/vm.scm: Import (gnu packages bootloaders). --- gnu/local.mk | 3 +- gnu/packages/bootloaders.scm | 332 +++++++++++++++++++++++++++++++++++++++++++ gnu/packages/grub.scm | 215 ---------------------------- gnu/packages/u-boot.scm | 138 ------------------ gnu/system/grub.scm | 4 +- gnu/system/install.scm | 2 +- gnu/system/vm.scm | 2 +- 7 files changed, 337 insertions(+), 359 deletions(-) create mode 100644 gnu/packages/bootloaders.scm delete mode 100644 gnu/packages/grub.scm delete mode 100644 gnu/packages/u-boot.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1fc49bbd61..4d6e4b05d4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -64,6 +64,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/bittorrent.scm \ %D%/packages/bison.scm \ %D%/packages/boost.scm \ + %D%/packages/bootloaders.scm \ %D%/packages/bootstrap.scm \ %D%/packages/busybox.scm \ %D%/packages/c.scm \ @@ -170,7 +171,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/graphics.scm \ %D%/packages/graphviz.scm \ %D%/packages/groff.scm \ - %D%/packages/grub.scm \ %D%/packages/gsasl.scm \ %D%/packages/gstreamer.scm \ %D%/packages/gtk.scm \ @@ -373,7 +373,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/unrtf.scm \ %D%/packages/upnp.scm \ %D%/packages/uucp.scm \ - %D%/packages/u-boot.scm \ %D%/packages/valgrind.scm \ %D%/packages/version-control.scm \ %D%/packages/video.scm \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm new file mode 100644 index 0000000000..16cb7b4c0b --- /dev/null +++ b/gnu/packages/bootloaders.scm @@ -0,0 +1,332 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2015 Mark H Weaver +;;; Copyright © 2015 Leo Famulari +;;; Copyright © 2016 Jan Nieuwenhuizen +;;; Copyright © 2016, 2017 Marius Bakke +;;; Copyright © 2016, 2017 Danny Milosavljevic +;;; Copyright © 2016, 2017 David Craven +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages bootloaders) + #:use-module (gnu packages) + #:use-module (gnu packages admin) + #:use-module ((gnu packages algebra) #:select (bc)) + #:use-module (gnu packages assembly) + #:use-module (gnu packages flex) + #:use-module (gnu packages disk) + #:use-module (gnu packages bison) + #:use-module (gnu packages cdrom) + #:use-module (gnu packages cross-base) + #:use-module (gnu packages disk) + #:use-module (gnu packages flex) + #:use-module (gnu packages fontutils) + #:use-module (gnu packages gettext) + #:use-module (gnu packages linux) + #:use-module (gnu packages man) + #:use-module (gnu packages ncurses) + #:use-module (gnu packages perl) + #:use-module (gnu packages python) + #:use-module (gnu packages qemu) + #:use-module (gnu packages texinfo) + #:use-module (guix build-system gnu) + #:use-module (guix download) + #:use-module (guix git-download) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix utils)) + +(define unifont + ;; GNU Unifont, . + ;; GRUB needs it for its graphical terminal, gfxterm. + (origin + (method url-fetch) + (uri + "http://unifoundry.com/pub/unifont-7.0.06/font-builds/unifont-7.0.06.bdf.gz") + (sha256 + (base32 + "0p2vhnc18cnbmb39vq4m7hzv4mhnm2l0a2s7gx3ar277fwng3hys")))) + +(define-public grub + (package + (name "grub") + (version "2.02rc1") + (source (origin + (method url-fetch) + (uri (string-append + "ftp://alpha.gnu.org/gnu/grub/grub-" + "2.02~rc1" + ".tar.xz")) + (file-name (string-append name "-" version ".tar.xz")) + (sha256 + (base32 + "0y02v19x9sb5jvj740f604vvi5j1rx8pily1jk0l64bdp7lkjlj4")))) + (build-system gnu-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (add-after 'unpack 'patch-stuff + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "grub-core/Makefile.in" + (("/bin/sh") (which "sh"))) + + ;; Give the absolute file name of 'mdadm', used to + ;; determine the root file system when it's a RAID + ;; device. Failing to do that, 'grub-probe' silently + ;; fails if 'mdadm' is not in $PATH. + (substitute* "grub-core/osdep/linux/getroot.c" + (("argv\\[0\\] = \"mdadm\"") + (string-append "argv[0] = \"" + (assoc-ref inputs "mdadm") + "/sbin/mdadm\""))) + + ;; Make the font visible. + (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz") + (system* "gunzip" "unifont.bdf.gz") + #t))))) + (inputs + `(("gettext" ,gettext-minimal) + + ;; Depend on LVM2 for libdevmapper, used by 'grub-probe' and + ;; 'grub-install' to recognize mapped devices (LUKS, etc.) + ("lvm2" ,lvm2) + + ;; Depend on mdadm, which is invoked by 'grub-probe' and 'grub-install' + ;; to determine whether the root file system is RAID. + ("mdadm" ,mdadm) + + ("freetype" ,freetype) + ;; ("libusb" ,libusb) + ;; ("fuse" ,fuse) + ("ncurses" ,ncurses))) + (native-inputs + `(("unifont" ,unifont) + ("bison" ,bison) + ("flex" ,flex) + ("texinfo" ,texinfo) + ("help2man" ,help2man) + + ;; Dependencies for the test suite. The "real" QEMU is needed here, + ;; because several targets are used. + ("parted" ,parted) + ("qemu" ,qemu-minimal) + ("xorriso" ,xorriso))) + (home-page "https://www.gnu.org/software/grub/") + (synopsis "GRand Unified Boot loader") + (description + "GRUB is a multiboot bootloader. It is used for initially loading the +kernel of an operating system and then transferring control to it. The kernel +then goes on to load the rest of the operating system. As a multiboot +bootloader, GRUB handles the presence of multiple operating systems installed +on the same computer; upon booting the computer, the user is presented with a +menu to select one of the installed operating systems.") + (license license:gpl3+) + (properties '((cpe-name . "grub2"))))) + +(define-public grub-efi + (package + (inherit grub) + (name "grub-efi") + (synopsis "GRand Unified Boot loader (UEFI version)") + (inputs + `(("efibootmgr" ,efibootmgr) + ,@(package-inputs grub))) + (arguments + `(;; TODO: Tests need a UEFI firmware for qemu. There is one at + ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg . + ;; Search for 'OVMF' in "tests/util/grub-shell.in". + #:tests? #f + ,@(substitute-keyword-arguments (package-arguments grub) + ((#:configure-flags flags ''()) + `(cons "--with-platform=efi" ,flags)) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'patch-stuff 'use-absolute-efibootmgr-path + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "grub-core/osdep/unix/platform.c" + (("efibootmgr") + (string-append (assoc-ref inputs "efibootmgr") + "/sbin/efibootmgr"))) + #t))))))))) + +(define-public syslinux + (let ((commit "bb41e935cc83c6242de24d2271e067d76af3585c")) + (package + (name "syslinux") + (version (git-version "6.04-pre" "1" commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/geneC/syslinux") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0k8dvafd6410kqxf3kyr4y8jzmpmrih6wbjqg6gklak7945yflrc")))) + (build-system gnu-build-system) + (native-inputs + `(("nasm" ,nasm) + ("perl" ,perl) + ("python-2" ,python-2))) + (inputs + `(("libuuid" ,util-linux))) + (arguments + `(#:parallel-build? #f + #:make-flags + (list (string-append "BINDIR=" %output "/bin") + (string-append "SBINDIR=" %output "/sbin") + (string-append "LIBDIR=" %output "/lib") + (string-append "INCDIR=" %output "/include") + (string-append "DATADIR=" %output "/share") + (string-append "MANDIR=" %output "/share/man") + "PERL=perl" + "bios") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-files + (lambda _ + (substitute* (find-files "." "Makefile.*|ppmtolss16") + (("/bin/pwd") (which "pwd")) + (("/bin/echo") (which "echo")) + (("/usr/bin/perl") (which "perl"))) + #t)) + (delete 'configure) + (add-before 'build 'set-permissions + (lambda _ + (zero? (system* "chmod" "a+w" "utils/isohybrid.in")))) + (replace 'check + (lambda _ + (setenv "CC" "gcc") + (substitute* "tests/unittest/include/unittest/unittest.h" + ;; Don't look up headers under /usr. + (("/usr/include/") "")) + (zero? (system* "make" "unittest"))))))) + (home-page "http://www.syslinux.org") + (synopsis "Lightweight Linux bootloader") + (description "Syslinux is a lightweight Linux bootloader.") + (license (list license:gpl2+ + license:bsd-3 ; gnu-efi/* + license:bsd-4 ; gnu-efi/inc/* gnu-efi/lib/* + ;; Also contains: + license:expat license:isc license:zlib))))) + +(define-public dtc + (package + (name "dtc") + (version "1.4.2") + (source (origin + (method url-fetch) + (uri (string-append + "https://www.kernel.org/pub/software/utils/dtc/" + "dtc-" version ".tar.xz")) + (sha256 + (base32 + "1b7si8niyca4wxbfah3qw4p4wli81mc1qwfhaswvrfqahklnwi8k")))) + (build-system gnu-build-system) + (native-inputs + `(("bison" ,bison) + ("flex" ,flex))) + (arguments + `(#:make-flags + (list "CC=gcc" + (string-append "PREFIX=" (assoc-ref %outputs "out")) + "INSTALL=install") + #:phases + (modify-phases %standard-phases + (delete 'configure)))) + (home-page "https://www.devicetree.org") + (synopsis "Compiles device tree source files") + (description "@command{dtc} compiles +@uref{http://elinux.org/Device_Tree_Usage, device tree source files} to device +tree binary files. These are board description files used by Linux and BSD.") + (license license:gpl2+))) + +(define u-boot + (package + (name "u-boot") + (version "2017.01") + (source (origin + (method url-fetch) + (uri (string-append + "ftp://ftp.denx.de/pub/u-boot/" + "u-boot-" version ".tar.bz2")) + (sha256 + (base32 + "1wpc51jm3zyibgcr78jng2yksqvrya76bxgsr4pcyjrsz5sm2hkc")))) + (native-inputs + `(("bc" ,bc) + ("dtc" ,dtc) + ("python-2" ,python-2))) + (build-system gnu-build-system) + (home-page "http://www.denx.de/wiki/U-Boot/") + (synopsis "ARM bootloader") + (description "U-Boot is a bootloader used mostly for ARM boards. It +also initializes the boards (RAM etc).") + (license license:gpl2+))) + +(define (make-u-boot-package board triplet) + "Returns a u-boot package for BOARD cross-compiled for TRIPLET." + (package + (inherit u-boot) + (name (string-append "u-boot-" (string-downcase board))) + (native-inputs + `(("cross-gcc" ,(cross-gcc triplet)) + ("cross-binutils" ,(cross-binutils triplet)) + ,@(package-native-inputs u-boot))) + (arguments + `(#:modules ((ice-9 ftw) (guix build utils) (guix build gnu-build-system)) + #:test-target "test" + #:make-flags + (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-")) + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs make-flags #:allow-other-keys) + (let ((config-name (string-append ,board "_defconfig"))) + (if (file-exists? (string-append "configs/" config-name)) + (zero? (apply system* "make" `(,@make-flags ,config-name))) + (begin + (display "Invalid board name. Valid board names are:") + (let ((suffix-len (string-length "_defconfig"))) + (scandir "configs" + (lambda (file-name) + (when (string-suffix? "_defconfig" file-name) + (format #t + "- ~A\n" + (string-drop-right file-name + suffix-len)))))) + #f))))) + (replace 'install + (lambda* (#:key outputs make-flags #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (libexec (string-append out "/libexec")) + (uboot-files (find-files "." ".*\\.(bin|efi|spl)$"))) + (mkdir-p libexec) + (for-each + (lambda (file) + (let ((target-file (string-append libexec "/" file))) + (mkdir-p (dirname target-file)) + (copy-file file target-file))) + uboot-files))))))))) + +(define-public u-boot-vexpress + (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf")) + +(define-public u-boot-malta + (make-u-boot-package "malta" "mips64el-linux-gnuabi64")) + +(define-public u-boot-beagle-bone-black + (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf")) diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm deleted file mode 100644 index 4d9dc819b7..0000000000 --- a/gnu/packages/grub.scm +++ /dev/null @@ -1,215 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès -;;; Copyright © 2015 Mark H Weaver -;;; Copyright © 2015 Leo Famulari -;;; Copyright © 2016 Jan Nieuwenhuizen -;;; Copyright © 2016, 2017 Marius Bakke -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu packages grub) - #:use-module (guix download) - #:use-module (guix packages) - #:use-module (guix utils) - #:use-module ((guix licenses) #:prefix license:) - #:use-module (guix build-system gnu) - #:use-module (gnu packages) - #:use-module (gnu packages flex) - #:use-module (gnu packages disk) - #:use-module (gnu packages bison) - #:use-module (gnu packages gettext) - #:use-module (gnu packages fontutils) - #:use-module (gnu packages linux) - #:use-module (gnu packages perl) - #:use-module (gnu packages python) - #:use-module (gnu packages qemu) - #:use-module (gnu packages man) - #:use-module (gnu packages texinfo) - #:use-module (gnu packages ncurses) - #:use-module (gnu packages cdrom)) - -(define unifont - ;; GNU Unifont, . - ;; GRUB needs it for its graphical terminal, gfxterm. - (origin - (method url-fetch) - (uri - "http://unifoundry.com/pub/unifont-7.0.06/font-builds/unifont-7.0.06.bdf.gz") - (sha256 - (base32 - "0p2vhnc18cnbmb39vq4m7hzv4mhnm2l0a2s7gx3ar277fwng3hys")))) - -(define-public grub - (package - (name "grub") - (version "2.02rc1") - (source (origin - (method url-fetch) - (uri (string-append - "ftp://alpha.gnu.org/gnu/grub/grub-" - "2.02~rc1" - ".tar.xz")) - (file-name (string-append name "-" version ".tar.xz")) - (sha256 - (base32 - "0y02v19x9sb5jvj740f604vvi5j1rx8pily1jk0l64bdp7lkjlj4")))) - (build-system gnu-build-system) - (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'unpack 'patch-stuff - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "grub-core/Makefile.in" - (("/bin/sh") (which "sh"))) - - ;; Give the absolute file name of 'mdadm', used to - ;; determine the root file system when it's a RAID - ;; device. Failing to do that, 'grub-probe' silently - ;; fails if 'mdadm' is not in $PATH. - (substitute* "grub-core/osdep/linux/getroot.c" - (("argv\\[0\\] = \"mdadm\"") - (string-append "argv[0] = \"" - (assoc-ref inputs "mdadm") - "/sbin/mdadm\""))) - - ;; Make the font visible. - (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz") - (system* "gunzip" "unifont.bdf.gz") - #t))))) - (inputs - `(("gettext" ,gettext-minimal) - - ;; Depend on LVM2 for libdevmapper, used by 'grub-probe' and - ;; 'grub-install' to recognize mapped devices (LUKS, etc.) - ("lvm2" ,lvm2) - - ;; Depend on mdadm, which is invoked by 'grub-probe' and 'grub-install' - ;; to determine whether the root file system is RAID. - ("mdadm" ,mdadm) - - ("freetype" ,freetype) - ;; ("libusb" ,libusb) - ;; ("fuse" ,fuse) - ("ncurses" ,ncurses))) - (native-inputs - `(("unifont" ,unifont) - ("bison" ,bison) - ("flex" ,flex) - ("texinfo" ,texinfo) - ("help2man" ,help2man) - - ;; Dependencies for the test suite. The "real" QEMU is needed here, - ;; because several targets are used. - ("parted" ,parted) - ("qemu" ,qemu-minimal) - ("xorriso" ,xorriso))) - (home-page "https://www.gnu.org/software/grub/") - (synopsis "GRand Unified Boot loader") - (description - "GRUB is a multiboot bootloader. It is used for initially loading the -kernel of an operating system and then transferring control to it. The kernel -then goes on to load the rest of the operating system. As a multiboot -bootloader, GRUB handles the presence of multiple operating systems installed -on the same computer; upon booting the computer, the user is presented with a -menu to select one of the installed operating systems.") - (license license:gpl3+) - (properties '((cpe-name . "grub2"))))) - -(define-public grub-efi - (package - (inherit grub) - (name "grub-efi") - (synopsis "GRand Unified Boot loader (UEFI version)") - (inputs - `(("efibootmgr" ,efibootmgr) - ,@(package-inputs grub))) - (arguments - `(;; TODO: Tests need a UEFI firmware for qemu. There is one at - ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg . - ;; Search for 'OVMF' in "tests/util/grub-shell.in". - #:tests? #f - ,@(substitute-keyword-arguments (package-arguments grub) - ((#:configure-flags flags ''()) - `(cons "--with-platform=efi" ,flags)) - ((#:phases phases) - `(modify-phases ,phases - (add-after 'patch-stuff 'use-absolute-efibootmgr-path - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "grub-core/osdep/unix/platform.c" - (("efibootmgr") - (string-append (assoc-ref inputs "efibootmgr") - "/sbin/efibootmgr"))) - #t))))))))) - -(define-public syslinux - (let ((commit "bb41e935cc83c6242de24d2271e067d76af3585c")) - (package - (name "syslinux") - (version (git-version "6.04-pre" "1" commit)) - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/geneC/syslinux") - (commit commit))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "0k8dvafd6410kqxf3kyr4y8jzmpmrih6wbjqg6gklak7945yflrc")))) - (build-system gnu-build-system) - (native-inputs - `(("nasm" ,nasm) - ("perl" ,perl) - ("python-2" ,python-2))) - (inputs - `(("libuuid" ,util-linux))) - (arguments - `(#:parallel-build? #f - #:make-flags - (list (string-append "BINDIR=" %output "/bin") - (string-append "SBINDIR=" %output "/sbin") - (string-append "LIBDIR=" %output "/lib") - (string-append "INCDIR=" %output "/include") - (string-append "DATADIR=" %output "/share") - (string-append "MANDIR=" %output "/share/man") - "PERL=perl" - "bios") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'patch-files - (lambda _ - (substitute* (find-files "." "Makefile.*|ppmtolss16") - (("/bin/pwd") (which "pwd")) - (("/bin/echo") (which "echo")) - (("/usr/bin/perl") (which "perl"))) - #t)) - (delete 'configure) - (add-before 'build 'set-permissions - (lambda _ - (zero? (system* "chmod" "a+w" "utils/isohybrid.in")))) - (replace 'check - (lambda _ - (setenv "CC" "gcc") - (substitute* "tests/unittest/include/unittest/unittest.h" - ;; Don't look up headers under /usr. - (("/usr/include/") "")) - (zero? (system* "make" "unittest"))))))) - (home-page "http://www.syslinux.org") - (synopsis "Lightweight Linux bootloader") - (description "Syslinux is a lightweight Linux bootloader.") - (license (list license:gpl2+ - license:bsd-3 ; gnu-efi/* - license:bsd-4 ; gnu-efi/inc/* gnu-efi/lib/* - ;; Also contains: - license:expat license:isc license:zlib))))) diff --git a/gnu/packages/u-boot.scm b/gnu/packages/u-boot.scm deleted file mode 100644 index bcfe059ee1..0000000000 --- a/gnu/packages/u-boot.scm +++ /dev/null @@ -1,138 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Danny Milosavljevic -;;; Copyright © 2016 David Craven -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu packages u-boot) - #:use-module (guix build-system gnu) - #:use-module (guix download) - #:use-module (guix packages) - #:use-module ((guix licenses) #:prefix license:) - #:use-module (gnu packages) - #:use-module ((gnu packages algebra) #:select (bc)) - #:use-module (gnu packages bison) - #:use-module (gnu packages cross-base) - #:use-module (gnu packages flex) - #:use-module (gnu packages python)) - -(define-public dtc - (package - (name "dtc") - (version "1.4.2") - (source (origin - (method url-fetch) - (uri (string-append - "https://www.kernel.org/pub/software/utils/dtc/" - "dtc-" version ".tar.xz")) - (sha256 - (base32 - "1b7si8niyca4wxbfah3qw4p4wli81mc1qwfhaswvrfqahklnwi8k")))) - (build-system gnu-build-system) - (native-inputs - `(("bison" ,bison) - ("flex" ,flex))) - (arguments - `(#:make-flags - (list "CC=gcc" - (string-append "PREFIX=" (assoc-ref %outputs "out")) - "INSTALL=install") - #:phases - (modify-phases %standard-phases - (delete 'configure)))) - (home-page "https://www.devicetree.org") - (synopsis "Compiles device tree source files") - (description "@command{dtc} compiles -@uref{http://elinux.org/Device_Tree_Usage, device tree source files} to device -tree binary files. These are board description files used by Linux and BSD.") - (license license:gpl2+))) - -(define u-boot - (package - (name "u-boot") - (version "2017.01") - (source (origin - (method url-fetch) - (uri (string-append - "ftp://ftp.denx.de/pub/u-boot/" - "u-boot-" version ".tar.bz2")) - (sha256 - (base32 - "1wpc51jm3zyibgcr78jng2yksqvrya76bxgsr4pcyjrsz5sm2hkc")))) - (native-inputs - `(("bc" ,bc) - ("dtc" ,dtc) - ("python-2" ,python-2))) - (build-system gnu-build-system) - (home-page "http://www.denx.de/wiki/U-Boot/") - (synopsis "ARM bootloader") - (description "U-Boot is a bootloader used mostly for ARM boards. It -also initializes the boards (RAM etc).") - (license license:gpl2+))) - -(define (make-u-boot-package board triplet) - "Returns a u-boot package for BOARD cross-compiled for TRIPLET." - (package - (inherit u-boot) - (name (string-append "u-boot-" (string-downcase board))) - (native-inputs - `(("cross-gcc" ,(cross-gcc triplet)) - ("cross-binutils" ,(cross-binutils triplet)) - ,@(package-native-inputs u-boot))) - (arguments - `(#:modules ((ice-9 ftw) (guix build utils) (guix build gnu-build-system)) - #:test-target "test" - #:make-flags - (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-")) - #:phases - (modify-phases %standard-phases - (replace 'configure - (lambda* (#:key outputs make-flags #:allow-other-keys) - (let ((config-name (string-append ,board "_defconfig"))) - (if (file-exists? (string-append "configs/" config-name)) - (zero? (apply system* "make" `(,@make-flags ,config-name))) - (begin - (display "Invalid board name. Valid board names are:") - (let ((suffix-len (string-length "_defconfig"))) - (scandir "configs" - (lambda (file-name) - (when (string-suffix? "_defconfig" file-name) - (format #t - "- ~A\n" - (string-drop-right file-name - suffix-len)))))) - #f))))) - (replace 'install - (lambda* (#:key outputs make-flags #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (libexec (string-append out "/libexec")) - (uboot-files (find-files "." ".*\\.(bin|efi|spl)$"))) - (mkdir-p libexec) - (for-each - (lambda (file) - (let ((target-file (string-append libexec "/" file))) - (mkdir-p (dirname target-file)) - (copy-file file target-file))) - uboot-files))))))))) - -(define-public u-boot-vexpress - (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf")) - -(define-public u-boot-malta - (make-u-boot-package "malta" "mips64el-linux-gnuabi64")) - -(define-public u-boot-beagle-bone-black - (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf")) diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm index 7df7d4615a..b18b8be6d7 100644 --- a/gnu/system/grub.scm +++ b/gnu/system/grub.scm @@ -27,7 +27,7 @@ #:use-module (guix download) #:use-module (gnu artwork) #:use-module (gnu system file-systems) - #:autoload (gnu packages grub) (grub) + #:autoload (gnu packages bootloaders) (grub) #:autoload (gnu packages compression) (gzip) #:autoload (gnu packages gtk) (guile-cairo guile-rsvg) #:use-module (ice-9 match) @@ -108,7 +108,7 @@ denoting a file name." grub-configuration make-grub-configuration grub-configuration? (grub grub-configuration-grub ; package - (default (@ (gnu packages grub) grub))) + (default (@ (gnu packages bootloaders) grub))) (device grub-configuration-device) ; string (menu-entries grub-configuration-menu-entries ; list (default '())) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 944d9f7e72..3ec343570a 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -28,11 +28,11 @@ #:use-module (gnu services shepherd) #:use-module (gnu packages admin) #:use-module (gnu packages bash) + #:use-module (gnu packages bootloaders) #:use-module (gnu packages linux) #:use-module (gnu packages cryptsetup) #:use-module (gnu packages package-management) #:use-module (gnu packages disk) - #:use-module (gnu packages grub) #:use-module (gnu packages texinfo) #:use-module (gnu packages compression) #:use-module (gnu packages nvi) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 1e680b85a2..8a35f7fbc5 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -31,6 +31,7 @@ #:use-module ((gnu build vm) #:select (qemu-command)) #:use-module (gnu packages base) + #:use-module (gnu packages bootloaders) #:use-module (gnu packages guile) #:use-module (gnu packages gawk) #:use-module (gnu packages bash) @@ -38,7 +39,6 @@ #:use-module (gnu packages qemu) #:use-module (gnu packages disk) #:use-module (gnu packages zile) - #:use-module (gnu packages grub) #:use-module (gnu packages linux) #:use-module (gnu packages package-management) #:use-module ((gnu packages make-bootstrap) -- cgit 1.4.1