QubesOS/qubes-linux-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
29a0c0e7f4
qubes-linux-utils/rpm_spec/qubes-kernel-vm-support.spec.in

88 lines
2.7 KiB
RPMSpec
Raw Normal View History

Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2015 Marek Marczykowski-Górecki
# <marmarek@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
Name: qubes-kernel-vm-support
rpm: preparation for src.rpm building QubesOS/qubes-issues#1508
2016-01-30 10:18:33 +00:00
Version: @VERSION@
Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
Release: 1%{?dist}
Remove u2mfn module Since converting GUI agent to use grant tables, it isn't needed anymore. This also allows to not install dkms anymore. Fixes QubesOS/qubes-issues#4280
2019-04-07 21:02:45 +00:00
Summary: Qubes VM initramfs modules
rpm: preparation for src.rpm building QubesOS/qubes-issues#1508
2016-01-30 10:18:33 +00:00
Source0: qubes-utils-%{version}.tar.gz
Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
Group: Qubes
Vendor: Invisible Things Lab
License: GPL v2 only
URL: http://www.qubes-os.org
Requires: dracut
%description
This package contains:
1. Dracut module required to setup Qubes VM root filesystem. This package is
needed in VM only when the VM uses its own kernel (via pvgrub or so). Otherwise
initrd is provided by dom0.
%prep
rpm: preparation for src.rpm building QubesOS/qubes-issues#1508
2016-01-30 10:18:33 +00:00
%setup -q -n qubes-utils-%{version}
Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
%install
debian: introduce qubes-kernel-vm-support package This package is responsible for kernel modules and initramfs additions needed in Qubes VM. When installed, it is possible to switch the VM to use PV Grub and load the kernel from inside of VM. This greatly ease installing custom kernel modules. Changes: - make qubes_cow_setup.sh working with both dracut and initramfs-tools - add initramfs-tools configuration/scripts (including qubes_cow_setup.sh) - modify DESTDIR to handle multiple binary packages out of single source QubesOS/qubes-issues#1354
2015-11-09 21:28:15 +00:00
make install-fedora-kernel-support DESTDIR=%{buildroot}
Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
%files
/usr/lib/dracut/modules.d/90qubes-vm
dracut: split 'full' dracut module into 'full-dmroot' and 'full-modules' When PV Grub will be used, VM initramfs should not contain /lib/modules mounting code, as the VM root.img will already contains kernel modules. Make it possible by splitting the module. QubesOS/qubes-issues#1354
2015-11-07 23:29:55 +00:00
/usr/lib/dracut/modules.d/90qubes-vm-modules
dracut: Provide minimalistic initramfs files - no udev, no systemd Provide simple script to run under busybox, this is all we need in the VM.
2015-03-21 03:14:01 +00:00
/usr/lib/dracut/modules.d/90qubes-vm-simple
Really install xen-scrub-pages dracut module Fixes 456fe99 "Disable scrubbing memory pages during initial balloon down" QubesOS/qubes-issues#1963
2019-02-24 23:31:40 +00:00
/usr/lib/dracut/modules.d/80xen-scrub-pages
Provide a script to generate VM kernel files
2015-03-20 09:36:56 +00:00
/usr/sbin/qubes-prepare-vm-kernel
Disable scrubbing memory pages during initial balloon down Balloon driver scrub memory page before giving it back to the hypervisor. Normally this is a good thing, to avoid leaking VM's memory data into Xen and other domains. But during initial startup when maxmem is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use. This means every page on initial balloon down needs to be first mapped by Xen into VM's memory (as it wasn't populated before - and in fact didn't have any data), scrubbed by the kernel and then given back to Xen. This is great waste of time. Such operation with default settings (initial memory 400M, maxmem 4000M) can take few seconds, delaying every VM startup (including DispVM). In extreme situation, when running inside nested virtualization, the effect is much worse. Avoid this problem by disabling memory scrubbing during initial boot, and re-enable it as soon as user space kicks in - in initramfs, before mounting root filesystem, to be sure it's enabled before memory contains any kind of secrets. This commit handle only one case - when kernel in managed by the VM itself. It is critical to enable initramfs module whenever xen_scrub_pages=0 kernel option is given, so make them depend on the same condition and ship them in the same package. Fixes QubesOS/qubes-issues#1963
2019-01-18 22:53:20 +00:00
%config(noreplace) /etc/default/grub.qubes-kernel-vm-support
%triggerin -- grub2-tools
if ! grep -q '/etc/default/grub.qubes-kernel-vm-support$' /etc/default/grub 2>/dev/null; then
# do not keep Qubes-related settings directly in user-controlled config,
# include another file
echo '. /etc/default/grub.qubes-kernel-vm-support' >> /etc/default/grub
fi
Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
%preun
Disable scrubbing memory pages during initial balloon down Balloon driver scrub memory page before giving it back to the hypervisor. Normally this is a good thing, to avoid leaking VM's memory data into Xen and other domains. But during initial startup when maxmem is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use. This means every page on initial balloon down needs to be first mapped by Xen into VM's memory (as it wasn't populated before - and in fact didn't have any data), scrubbed by the kernel and then given back to Xen. This is great waste of time. Such operation with default settings (initial memory 400M, maxmem 4000M) can take few seconds, delaying every VM startup (including DispVM). In extreme situation, when running inside nested virtualization, the effect is much worse. Avoid this problem by disabling memory scrubbing during initial boot, and re-enable it as soon as user space kicks in - in initramfs, before mounting root filesystem, to be sure it's enabled before memory contains any kind of secrets. This commit handle only one case - when kernel in managed by the VM itself. It is critical to enable initramfs module whenever xen_scrub_pages=0 kernel option is given, so make them depend on the same condition and ship them in the same package. Fixes QubesOS/qubes-issues#1963
2019-01-18 22:53:20 +00:00
if [ $1 -eq 0 ]; then
if grep -q '/etc/default/grub.qubes-kernel-vm-support$' /etc/default/grub 2>/dev/null; then
sed -i -e '/grub.qubes-kernel-vm-support$/d' /etc/default/grub
fi
fi
Add xen_scrub_pages=0 kernel option only if initramfs was rebuilt Rebuild initramfs on package upgrade (already done for Debian previously) and store 1 into /var/lib/qubes/initramfs-updated. Then, only add xen_scrub_pages=0 kernel option if /var/lib/qubes/initramfs-updated is there (with "1" or greater number). This way, if initramfs rebuild doesn't happen for any reason, xen_scrub_pages=0 will not be added. Fixes 456fe99 "Disable scrubbing memory pages during initial balloon down" QubesOS/qubes-issues#1963
2019-02-25 00:17:07 +00:00
%posttrans
# Rebuild all initramfs images to include updated modules
if [ -r /usr/share/qubes/marker-vm ] && [ -x /usr/bin/dracut ]; then
ret=0
for img in /boot/initramfs-*.img; do
kver="${img#*initramfs-}"
kver="${kver%.img}"
dracut -f "$img" "$kver" || ret=$?
done
if [ "$ret" -eq 0 ]; then
# "milestone" initramfs update version:
# 1 - addition of xen scrub_pages enabling code
echo 1 > /var/lib/qubes/initramfs-updated
fi
fi
Add VM kernel related files as qubes-core-vm-kernel-support package This is preparation for pvgrub support, where all VM kernel files will be installed inside of VM instead of dom0. But also the same could be used to prepare VM kernel image from any dom0 kernel.
2014-07-17 00:27:33 +00:00
%changelog
spec.in: add changelog placeholder
2018-04-03 19:29:52 +00:00
@CHANGELOG@
Reference in New Issue Copy Permalink