Added SPICE on new release (9.0.0)

pull/3/head
ebasov 4 weeks ago
parent daf27afeaa
commit 4902fd7923
Signed by: ebasov
GPG Key ID: 3DE9E7A44B2D38F6

@ -126,7 +126,7 @@ new file mode 100644
index 0000000000..b0191d3c69
--- /dev/null
+++ b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
@@ -0,0 +1,42 @@
@@ -0,0 +1,43 @@
+include ../rh-virtio.mak
+
+CONFIG_ARM_GIC_KVM=y
@ -137,11 +137,13 @@ index 0000000000..b0191d3c69
+CONFIG_CXL=y
+CONFIG_CXL_MEM_DEVICE=y
+CONFIG_EDID=y
+CONFIG_IVSHMEM_DEVICE=y
+CONFIG_PCIE_PORT=y
+CONFIG_PCIE_PCI_BRIDGE=y
+CONFIG_PCI_DEVICES=y
+CONFIG_PCI_TESTDEV=y
+CONFIG_PFLASH_CFI01=y
+CONFIG_QXL=y
+CONFIG_SCSI=y
+CONFIG_SEMIHOSTING=y
+CONFIG_USB=y
@ -258,7 +260,7 @@ new file mode 100644
index 0000000000..d60ff1bcfc
--- /dev/null
+++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
@@ -0,0 +1,112 @@
@@ -0,0 +1,114 @@
+include ../rh-virtio.mak
+
+CONFIG_ACPI=y
@ -304,6 +306,7 @@ index 0000000000..d60ff1bcfc
+CONFIG_ISA_BUS=y
+CONFIG_ISA_DEBUG=y
+CONFIG_ISA_TESTDEV=y
+CONFIG_IVSHMEM_DEVICE=y
+CONFIG_LPC_ICH9=y
+CONFIG_MC146818RTC=y
+CONFIG_MEM_DEVICE=y
@ -325,6 +328,7 @@ index 0000000000..d60ff1bcfc
+CONFIG_PFLASH_CFI01=y
+CONFIG_PVPANIC_ISA=y
+CONFIG_PXB=y
+CONFIG_QXL=y
+CONFIG_Q35=y
+CONFIG_RTL8139_PCI=y
+CONFIG_SCSI=y

@ -12,13 +12,18 @@
%endif
%global have_usbredir 1
%global have_spice 1
%global have_virgl 1
%global have_opengl 1
%global have_fdt 1
%global have_modules_load 0
%global have_memlock_limits 0
# Some of these are not relevant for RHEL, but defining them
# makes it easier to sync the dependency list with Fedora
%global have_block_gluster 1
%global have_block_iscsi 1
%global have_block_rbd 1
%global have_block_ssh 1
%global enable_werror 1
%global have_clang 1
%global have_safe_stack 0
@ -60,6 +65,9 @@
%ifnarch %{ix86} x86_64 aarch64
%global have_usbredir 0
%global have_spice 0
%global have_virgl 0
%global have_opengl 0
%endif
%ifnarch s390x
@ -81,8 +89,9 @@
%endif
%ifarch x86_64
%global kvm_target x86_64
%else
%global have_opengl 0
%endif
%ifarch aarch64
%global kvm_target aarch64
%endif
%ifarch %{power64}
%global kvm_target ppc64
@ -95,61 +104,78 @@
%ifarch ppc
%global kvm_target ppc
%endif
%ifarch aarch64
%global kvm_target aarch64
%endif
%global target_list %{kvm_target}-softmmu
%global block_drivers_rw_list qcow2,raw,file,host_device,nbd,iscsi,rbd,blkdebug,luks,null-co,nvme,copy-on-read,throttle,compress,virtio-blk-vhost-vdpa,virtio-blk-vfio-pci,virtio-blk-vhost-user,io_uring,nvme-io_uring
%global block_drivers_rw_list qcow2,raw,file,host_device,nbd,blkdebug,luks,null-co,nvme,copy-on-read,throttle,compress,virtio-blk-vhost-vdpa,virtio-blk-vfio-pci,virtio-blk-vhost-user,io_uring,nvme-io_uring
%if 0%{have_block_gluster}
%global block_drivers_rw_list %{block_drivers_rw_list},gluster
%endif
%if 0%{have_block_iscsi}
%global block_drivers_rw_list %{block_drivers_rw_list},iscsi
%endif
%if 0%{have_block_rbd}
%global block_drivers_rw_list %{block_drivers_rw_list},rbd
%endif
%global block_drivers_ro_list vdi,vmdk,vhdx,vpc,https
%if 0%{have_block_ssh}
%global block_drivers_ro_list %{block_drivers_rw_list},ssh
%endif
%define qemudocdir %{_docdir}/%{name}
%global firmwaredirs "%{_datadir}/qemu-firmware:%{_datadir}/ipxe/qemu:%{_datadir}/seavgabios:%{_datadir}/seabios"
#Versions of various parts:
%global requires_all_modules \
%if %{have_spice} \
Requires: %{name}-ui-spice = %{epoch}:%{version}-%{release} \
%endif \
%if %{have_opengl} \
Requires: %{name}-ui-opengl = %{epoch}:%{version}-%{release} \
Requires: %{name}-ui-egl-headless = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-device-display-virtio-gpu = %{epoch}:%{version}-%{release} \
%ifarch x86_64 aarch64 %{power64} \
Requires: %{name}-device-display-virtio-gpu-gl = %{epoch}:%{version}-%{release} \
%endif \
%ifarch s390x \
Requires: %{name}-device-display-virtio-gpu-ccw = %{epoch}:%{version}-%{release} \
%else \
Requires: %{name}-device-display-virtio-gpu-pci = %{epoch}:%{version}-%{release} \
%ifarch x86_64 aarch64 %{power64} \
Requires: %{name}-device-display-virtio-gpu-pci-gl = %{epoch}:%{version}-%{release} \
%endif \
%endif \
%ifarch x86_64 %{power64} \
Requires: %{name}-device-display-virtio-vga = %{epoch}:%{version}-%{release} \
Requires: %{name}-device-display-virtio-vga-gl = %{epoch}:%{version}-%{release} \
%endif \
%if %{have_virgl} \
Requires: %{name}-device-display-vhost-user-gpu = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-device-usb-host = %{epoch}:%{version}-%{release} \
%if %{have_usbredir} \
Requires: %{name}-device-usb-redirect = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-block-blkio = %{epoch}:%{version}-%{release} \
%if %{have_block_gluster} \
Requires: %{name}-block-gluster = %{epoch}:%{version}-%{release} \
%endif \
%if %{have_block_iscsi} \
Requires: %{name}-block-iscsi = %{epoch}:%{version}-%{release} \
%endif \
%if %{have_block_rbd} \
Requires: %{name}-block-rbd = %{epoch}:%{version}-%{release} \
%endif \
%if %{have_block_ssh} \
Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-audio-pa = %{epoch}:%{version}-%{release}
# Since SPICE is removed from RHEL-9, the following Obsoletes:
# removes {name}-ui-spice for upgrades from RHEL-8
# The "<= {version}" assumes RHEL-9 version >= RHEL-8 version (in
# other words RHEL-9 rebases are done together/before RHEL-8 ones)
# In addition, we obsolete some block drivers as we are no longer support
# them in default qemu-kvm installation.
# Note: ssh driver wasn't removed yet just disabled due to late handling
%global obsoletes_some_modules \
Obsoletes: %{name}-ui-spice <= %{epoch}:%{version} \
Obsoletes: %{name}-block-gluster <= %{epoch}:%{version} \
Obsoletes: %{name}-block-iscsi <= %{epoch}:%{version} \
Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 9.0.0
Release: 10%{?rcrel}%{?dist}%{?cc_suffix}
Release: 10%{?rcrel}%{?dist}%{?cc_suffix}.inferit
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
# Epoch 15 used for RHEL 8
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@ -433,6 +459,7 @@ Patch137: kvm-qemu-guest-agent-Update-the-logfile-path-of-qga-fsfr.patch
# For RHEL-52617 - CVE-2024-7409 qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-9.5]
Patch138: kvm-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
%if %{have_clang}
BuildRequires: clang
%if %{have_safe_stack}
@ -463,9 +490,18 @@ BuildRequires: python3-sphinx_rtd_theme
BuildRequires: libseccomp-devel >= %{libseccomp_version}
# For network block driver
BuildRequires: libcurl-devel
%if %{have_block_gluster}
BuildRequires: glusterfs-api-devel
%endif
%if %{have_block_iscsi}
BuildRequires: libiscsi-devel
%endif
%if %{have_block_rbd}
BuildRequires: librbd-devel
%endif
%if %{have_block_ssh}
BuildRequires: libssh-devel
%endif
# We need both because the 'stap' binary is probed for by configure
BuildRequires: systemtap
BuildRequires: systemtap-sdt-devel
@ -505,6 +541,16 @@ BuildRequires: perl-Test-Harness
BuildRequires: libslirp-devel
BuildRequires: pulseaudio-libs-devel
BuildRequires: spice-protocol
%if %{have_spice}
BuildRequires: spice-server-devel
BuildRequires: libcacard-devel
# For smartcard NSS support
BuildRequires: nss-devel
%endif
%if %{have_virgl}
# virgl 3d support
BuildRequires: virglrenderer-devel
%endif
BuildRequires: capstone-devel
# Requires for qemu-kvm package
@ -524,7 +570,6 @@ hardware for a full system such as a PC and its associated peripherals.
%package core
Summary: %{name} core components
%{obsoletes_some_modules}
Requires: %{name}-common = %{epoch}:%{version}-%{release}
Requires: qemu-img = %{epoch}:%{version}-%{release}
%ifarch %{ix86} x86_64
@ -571,10 +616,7 @@ Requires: seabios-bin >= 1.10.2-1
Requires: seavgabios-bin >= 1.12.0-3
Requires: ipxe-roms-qemu >= %{ipxe_version}
%endif
# Removal -gl modules as they do not provide any functionality - see bz#2149022
Obsoletes: %{name}-device-display-virtio-gpu-gl <= %{epoch}:%{version}
Obsoletes: %{name}-device-display-virtio-gpu-pci-gl <= %{epoch}:%{version}
Obsoletes: %{name}-device-display-virtio-vga-gl <= %{epoch}:%{version}
%description common
%{name} is an open source virtualizer that provides hardware emulation for
@ -656,6 +698,26 @@ This package provides the additional CURL block driver for QEMU.
Install this package if you want to access remote disks over
http, https, ftp and other transports provided by the CURL library.
%if %{have_block_gluster}
%package block-gluster
Summary: QEMU Gluster block driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description block-gluster
This package provides the additional Gluster block driver for QEMU.
Install this package if you want to access remote Gluster storage.
%endif
%if %{have_block_iscsi}
%package block-iscsi
Summary: QEMU iSCSI block driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description block-iscsi
This package provides the additional iSCSI block driver for QEMU.
Install this package if you want to access iSCSI volumes.
%endif
%if %{have_block_rbd}
@ -670,12 +732,35 @@ using the rbd protocol.
%endif
%if %{have_block_ssh}
%package block-ssh
Summary: QEMU SSH block driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description block-ssh
This package provides the additional SSH block driver for QEMU.
Install this package if you want to access remote disks using
the Secure Shell (SSH) protocol.
%endif
%package audio-pa
Summary: QEMU PulseAudio audio driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description audio-pa
This package provides the additional PulseAudio audio driver for QEMU.
%if %{have_spice}
%package ui-spice
Summary: QEMU spice support
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%if %{have_opengl}
Requires: %{name}-ui-opengl%{?_isa} = %{epoch}:%{version}-%{release}
%endif
%description ui-spice
This package provides spice support.
%endif
%if %{have_opengl}
%package ui-opengl
@ -687,6 +772,15 @@ Requires: mesa-dri-drivers
%description ui-opengl
This package provides opengl support.
%if %{have_virgl}
%package device-display-vhost-user-gpu
Summary: QEMU QXL display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-vhost-user-gpu
This package provides the vhost-user-gpu display device for QEMU.
%endif
%package ui-egl-headless
Summary: QEMU EGL headless driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
@ -702,20 +796,35 @@ Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu
This package provides the virtio-gpu display device for QEMU.
%ifarch x86_64 aarch64 %{power64}
%package device-display-virtio-gpu-gl
Summary: QEMU virtio-gpu-gl display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-gl
This package provides the virtio-gpu-gl display device for QEMU.
%endif
%ifarch s390x
%package device-display-virtio-gpu-ccw
Summary: QEMU virtio-gpu-ccw display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-device-display-virtio-gpu = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-ccw
This package provides the virtio-gpu-ccw display device for QEMU.
%else
%package device-display-virtio-gpu-pci
Summary: QEMU virtio-gpu-pci display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-device-display-virtio-gpu = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-pci
This package provides the virtio-gpu-pci display device for QEMU.
%ifarch x86_64 aarch64 %{power64}
%package device-display-virtio-gpu-pci-gl
Summary: QEMU virtio-gpu-pci-gl display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-pci-gl
This package provides the virtio-gpu-pci-gl display device for QEMU.
%else
Obsoletes: %{name}-device-display-virtio-gpu-pci-gl <= %{epoch}:%{version}
%endif
%endif
%ifarch x86_64 %{power64}
@ -724,6 +833,11 @@ Summary: QEMU virtio-vga display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-vga
This package provides the virtio-vga display device for QEMU.
%package device-display-virtio-vga-gl
Summary: QEMU virtio-vga-gl display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-vga-gl
This package provides the virtio-vga-gl display device for QEMU.
%endif
%package device-usb-host
@ -964,12 +1078,21 @@ run_configure \
--enable-fdt=system \
%endif
--enable-gio \
%if %{have_block_gluster}
--enable-glusterfs \
%endif
--enable-gnutls \
--enable-guest-agent \
--enable-iconv \
--enable-kvm \
%if %{have_block_iscsi}
--enable-libiscsi \
%endif
%if %{have_pmem}
--enable-libpmem \
%endif
%if %{have_block_ssh}
--enable-libssh \
%endif
--enable-libusb \
--enable-libudev \
@ -997,6 +1120,10 @@ run_configure \
--enable-selinux \
--enable-slirp \
--enable-snappy \
%if %{have_spice}
--enable-smartcard \
--enable-spice \
%endif
--enable-spice-protocol \
--enable-system \
--enable-tcg \
@ -1011,6 +1138,9 @@ run_configure \
--enable-vhost-user \
--enable-vhost-user-blk-server \
--enable-vhost-vdpa \
%if %{have_virgl}
--enable-virglrenderer \
%endif
--enable-vnc \
--enable-png \
--enable-vnc-sasl \
@ -1276,16 +1406,6 @@ install -D -m 0644 %{_sourcedir}/bridge.conf %{buildroot}%{_sysconfdir}/%{name}/
install -m 0644 contrib/systemd/qemu-pr-helper.service %{buildroot}%{_unitdir}
install -m 0644 contrib/systemd/qemu-pr-helper.socket %{buildroot}%{_unitdir}
# We do not support gl display devices so we can remove their modules as they
# do not have expected functionality included.
#
# https://gitlab.com/qemu-project/qemu/-/issues/1352 was filed to stop building these
# modules in case all dependencies are not satisfied.
rm -rf %{buildroot}%{_libdir}/%{name}/hw-display-virtio-gpu-gl.so
rm -rf %{buildroot}%{_libdir}/%{name}/hw-display-virtio-gpu-pci-gl.so
rm -rf %{buildroot}%{_libdir}/%{name}/hw-display-virtio-vga-gl.so
# We need to make the block device modules and other qemu SO files executable
# otherwise RPM won't pick up their dependencies.
chmod +x %{buildroot}%{_libdir}/%{name}/*.so
@ -1297,6 +1417,12 @@ rm -rf %{buildroot}%{qemudocdir}/specs
# endif !tools_only
%endif
%if %{have_virgl}
# Move vhost-user JSON files to the standard "qemu" directory
mkdir -p %{buildroot}%{_datadir}/qemu
mv %{buildroot}%{_datadir}/%{name}/vhost-user %{buildroot}%{_datadir}/qemu/
%endif
%check
%if !%{tools_only}
@ -1441,20 +1567,37 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%{_libdir}/%{name}/accel-tcg-%{kvm_target}.so
%endif
%if %{have_virgl}
%files device-display-vhost-user-gpu
%{_datadir}/qemu/vhost-user/50-qemu-gpu.json
%{_libexecdir}/vhost-user-gpu
%endif
%files device-display-virtio-gpu
%{_libdir}/%{name}/hw-display-virtio-gpu.so
%ifarch x86_64 aarch64 %{power64}
%files device-display-virtio-gpu-gl
%{_libdir}/%{name}/hw-display-virtio-gpu-gl.so
%endif
%ifarch s390x
%files device-display-virtio-gpu-ccw
%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so
%else
%files device-display-virtio-gpu-pci
%{_libdir}/%{name}/hw-display-virtio-gpu-pci.so
%ifarch x86_64 aarch64 %{power64}
%files device-display-virtio-gpu-pci-gl
%{_libdir}/%{name}/hw-display-virtio-gpu-pci-gl.so
%endif
%endif
%ifarch x86_64 %{power64}
%files device-display-virtio-vga
%{_libdir}/%{name}/hw-display-virtio-vga.so
%files device-display-virtio-vga-gl
%{_libdir}/%{name}/hw-display-virtio-vga-gl.so
%endif
%files tests
@ -1466,13 +1609,43 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%files block-curl
%{_libdir}/%{name}/block-curl.so
%if %{have_block_gluster}
%files block-gluster
%{_libdir}/%{name}/block-gluster.so
%endif
%if %{have_block_iscsi}
%files block-iscsi
%{_libdir}/qemu-kvm/block-iscsi.so
%endif
%if %{have_block_rbd}
%files block-rbd
%{_libdir}/%{name}/block-rbd.so
%endif
%if %{have_block_ssh}
%files block-ssh
%{_libdir}/qemu-kvm/block-ssh.so
%endif
%files audio-pa
%{_libdir}/%{name}/audio-pa.so
%if 0%{have_spice}
%files ui-spice
%{_libdir}/qemu-kvm/audio-spice.so
%{_libdir}/qemu-kvm/chardev-spice.so
%{_libdir}/qemu-kvm/ui-spice-core.so
%{_libdir}/qemu-kvm/ui-spice-app.so
%{_libdir}/qemu-kvm/hw-usb-smartcard.so
%ifarch x86_64 aarch64
%{_libdir}/qemu-kvm/hw-display-qxl.so
%endif
%endif
%if %{have_opengl}
%files ui-opengl
%{_libdir}/%{name}/ui-opengl.so
@ -1498,6 +1671,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%endif
%changelog
* Tue Nov 26 2024 Eduard Basov <ebasov@msvsphere-os.ru> - 9.0.0-10.inferit
- add SPICE on new release
* Mon Sep 02 2024 Miroslav Rezanina <mrezanin@redhat.com> - 9.0.0-10
- kvm-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch [RHEL-52617]
- Resolves: RHEL-52617

Loading…
Cancel
Save