From ed1fcffc2bb29f27beb3ff7766f1ae49cdec5c34 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 11 Jun 2024 16:52:39 -0700 Subject: [PATCH 01/21] pkvm_setup: update scripts to use qemu compressed delta images --- src/pkvm_setup/change_uuids.sh | 19 +++ src/pkvm_setup/create_disk_images.sh | 126 +++++++++++++++--- src/pkvm_setup/debian_image/clone_vm.sh | 29 ---- src/pkvm_setup/debian_image/preseed.cfg | 16 ++- .../debian_image/setup_host_vm_interactive.sh | 26 ---- src/pkvm_setup/run_vm_script.sh | 2 +- .../change_uuids_helper.sh} | 18 ++- src/pkvm_setup/vm_scripts/setup_common.sh | 19 +++ .../setup_guest.sh} | 3 + .../setup_host.sh} | 12 +- 10 files changed, 181 insertions(+), 89 deletions(-) create mode 100644 src/pkvm_setup/change_uuids.sh delete mode 100644 src/pkvm_setup/debian_image/clone_vm.sh delete mode 100644 src/pkvm_setup/debian_image/setup_host_vm_interactive.sh rename src/pkvm_setup/{debian_image/change_disk_uuids.sh => vm_scripts/change_uuids_helper.sh} (84%) create mode 100644 src/pkvm_setup/vm_scripts/setup_common.sh rename src/pkvm_setup/{debian_image/setup_guest_vm.sh => vm_scripts/setup_guest.sh} (91%) rename src/pkvm_setup/{debian_image/setup_host_vm.sh => vm_scripts/setup_host.sh} (83%) diff --git a/src/pkvm_setup/change_uuids.sh b/src/pkvm_setup/change_uuids.sh new file mode 100644 index 00000000..0bdb5a5b --- /dev/null +++ b/src/pkvm_setup/change_uuids.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euo pipefail + +base_disk=$1 +new_disk=$2 +shift 2 + +# Run `vm_scripts/change_uuids_helper.sh` in the VM, with both `$base_disk` and +# `$new_disk` available. The first disk is mounted and provides the various +# tools needed to modify UUIDs. The second disk is kept unmounted, since a +# disk's UUID can't be changed while it's mounted. + +exec bash "$(dirname "$0")/run_vm_common.sh" \ + -drive if=virtio,format=qcow2,file="$base_disk",read-only=on \ + -drive if=virtio,format=qcow2,file="$new_disk" \ + -drive if=virtio,format=raw,file="$(dirname "$0")/vm_scripts/change_uuids_helper.sh" \ + -kernel vms/debian-boot/vmlinuz \ + -initrd vms/debian-boot/initrd.img \ + -append 'earlycon root=/dev/vda2 ro init=/bin/bash -- /dev/vdc' diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 155c521e..82133396 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -4,47 +4,133 @@ set -euo pipefail mkdir -p vms disk_base=vms/disk_base.img +disk_common=vms/disk_common.img disk_host=vms/disk_host.img -disk_host_dev=vms/disk_host_dev.img disk_guest=vms/disk_guest.img +disk_host_dev=vms/disk_host_dev.img disk_guest_dev=vms/disk_guest_dev.img + +edo() { + echo " >> $*" + "$@" +} + +get_img_info() { + qemu-img info --output=json "$1" | jq -r -e ".\"$2\"" +} + +compress_image() { + local src="$1" + local dest="$2" + shift 2 + + local qemu_args=( -c -O qcow2 ) + if backing="$(get_img_info "$src" backing-filename)"; then + if backing_format="$(get_img_info "$src" backing-filename-format)"; then + qemu_args+=( -B "$backing" -F "$backing_format" ) + else + echo "error: image $src has backing-filename but no backing-filename-format" 1>&2 + exit 1 + fi + fi + edo qemu-img convert "${qemu_args[@]}" "$src" "$dest" +} + +derive_image() { + local src="$1" + local dest="$2" + shift 2 + + local src_rel="$(realpath --relative-to "$(dirname "$dest")" "$src")" + local backing_format="$(get_img_info "$src" format)" + edo qemu-img create -f qcow2 -b "$src_rel" -F "$backing_format" "$dest" +} + + +compress_helper() { + local img="$1" + local desc="$2" + shift 2 + + edo compress_image "$img.orig" "$img" + ls -l "$img.orig" + ls -l "$img" + echo "created $desc image $img" + edo rm -v "$img.orig" +} + + +# `disk_base` consists of a Debian installation and nothing else. This is +# managed separate from `disk_common` so `disk_common` can be rebuilt without +# rerunning the entire install, which takes about 1.5 hours. if [[ -e "$disk_base" ]]; then echo "keeping existing $disk_base" 1>&2 else - bash debian_image/create_base_vm.sh "$disk_base" - echo "created base image $disk_base" + if ! [[ -e "$disk_base.orig" ]]; then + bash debian_image/create_base_vm.sh "$disk_base.orig" + fi + compress_helper "$disk_base" base fi -if [[ -e "$disk_host" ]]; then - echo "keeping existing $disk_host" 1>&2 +# `disk_common` is a copy of `disk_base` with additional software and +# configuration that's common to both the host and the guest. It's also +# cleaned and trimmed to reduce its compressed size. +if [[ -e "$disk_common" ]]; then + echo "keeping existing $disk_common" 1>&2 else - bash debian_image/clone_vm.sh "$disk_base" "$disk_host" - bash run_vm_script.sh "$disk_host" debian_image/setup_host_vm.sh - echo "created host image $disk_host" + if ! [[ -e "$disk_common.orig" ]]; then + # Copy instead of using `derive_image` so `fstrim` can trim the combine + # base+common image. `fstrim` can only trim the final read-write image + # in a backing chain. + edo cp -v "$disk_base" "$disk_common.orig" + edo bash run_vm_script.sh "$disk_common.orig" vm_scripts/setup_common.sh + fi + compress_helper "$disk_common" common + # Mark `disk_common` read-only. It's used as a backing file for + # `disk_host` and `disk_guest`, so modifying it would cause data + # corruption. + edo chmod -v a-w "$disk_common" fi -if [[ -e "$disk_host_dev" ]]; then - echo "keeping existing $disk_host_dev" 1>&2 +# `disk_host` and `disk_guest` is a delta on top of `disk_common` with host- +# or guest-specific software. + +if [[ -e "$disk_host" ]]; then + echo "keeping existing $disk_host" 1>&2 else - bash debian_image/clone_vm.sh "$disk_base" "$disk_host_dev" - bash run_vm_script.sh "$disk_host_dev" debian_image/setup_host_vm.sh - bash run_vm_script.sh "$disk_host_dev" debian_image/setup_host_vm_interactive.sh - echo "created host dev image $disk_host_dev" + if ! [[ -e "$disk_host.orig" ]]; then + edo derive_image "$disk_common" "$disk_host.orig" + edo bash change_uuids.sh "$disk_common" "$disk_host.orig" + edo bash run_vm_script.sh "$disk_host.orig" vm_scripts/setup_host.sh + fi + compress_helper "$disk_host" host fi if [[ -e "$disk_guest" ]]; then echo "keeping existing $disk_guest" 1>&2 else - bash debian_image/clone_vm.sh "$disk_base" "$disk_guest" - bash run_vm_script.sh "$disk_guest" debian_image/setup_guest_vm.sh - echo "created guest image $disk_guest" + if ! [[ -e "$disk_guest.orig" ]]; then + edo derive_image "$disk_common" "$disk_guest.orig" + edo bash change_uuids.sh "$disk_common" "$disk_guest.orig" + edo bash run_vm_script.sh "$disk_guest.orig" vm_scripts/setup_guest.sh + fi + compress_helper "$disk_guest" guest +fi + +# `disk_host_dev` and `disk_guest_dev` are copies of `disk_host` and +# `disk_guest`. They aren't deltas backed by `disk_host`/`disk_guest` because +# those images might change (e.g. adding new log entries each time the VM is +# booted). + +if [[ -e "$disk_host_dev" ]]; then + echo "keeping existing $disk_host_dev" 1>&2 +else + edo cp -v "$disk_host" "$disk_host_dev" fi if [[ -e "$disk_guest_dev" ]]; then echo "keeping existing $disk_guest_dev" 1>&2 else - bash debian_image/clone_vm.sh "$disk_base" "$disk_guest_dev" - bash run_vm_script.sh "$disk_guest_dev" debian_image/setup_guest_vm.sh - echo "created guest dev image $disk_guest_dev" + edo cp -v "$disk_guest" "$disk_guest_dev" fi diff --git a/src/pkvm_setup/debian_image/clone_vm.sh b/src/pkvm_setup/debian_image/clone_vm.sh deleted file mode 100644 index a90688ac..00000000 --- a/src/pkvm_setup/debian_image/clone_vm.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -set -euo pipefail - -base_disk=$1 -new_disk=$2 -shift 2 - -cp -v "$base_disk" "$new_disk" - -# Boot the VM and run a script to assign new UUIDs to the disks in the new VM. -# When running tests, we provide both the host and guest disks to the host VM, -# so it can pass through the guest disk to the guest VM it runs. The host and -# guest disks are both derived from the same base image, but we need them to -# have distinct UUIDs so various daemons in the host VM don't confuse the two. - -exec qemu-system-aarch64 -M virt \ - -cpu cortex-a72 -smp 4 -m 4096 \ - -drive if=virtio,format=qcow2,file="$base_disk" \ - -drive if=virtio,format=qcow2,file="$new_disk" \ - -drive if=virtio,format=raw,file="$(dirname "$0")/change_disk_uuids.sh" \ - -device virtio-scsi-pci,id=scsi0 \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -device virtio-net-pci,netdev=net0 \ - -netdev user,id=net0,hostfwd=tcp::8022-:22 \ - -nographic \ - -kernel "$(dirname "$base_disk")/debian-boot/vmlinuz" \ - -initrd "$(dirname "$base_disk")/debian-boot/initrd.img" \ - -append 'earlycon root=/dev/vda2 ro init=/bin/bash -- /dev/vdc' diff --git a/src/pkvm_setup/debian_image/preseed.cfg b/src/pkvm_setup/debian_image/preseed.cfg index 774e5ef0..caf5b26f 100644 --- a/src/pkvm_setup/debian_image/preseed.cfg +++ b/src/pkvm_setup/debian_image/preseed.cfg @@ -29,7 +29,21 @@ d-i clock-setup/ntp boolean true d-i partman-auto/disk string /dev/vda d-i partman-auto/method string regular #d-i partman-auto-lvm/guided_size string max -d-i partman-auto/choose_recipe select atomic +d-i partman-auto/choose_recipe select boot-root +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 512 0 512 ext3 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext3 } \ + mountpoint{ /boot } \ + . \ + 2048 1 -1 ext4 \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +d-i partman-basicfilesystems/no_swap boolean false d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true diff --git a/src/pkvm_setup/debian_image/setup_host_vm_interactive.sh b/src/pkvm_setup/debian_image/setup_host_vm_interactive.sh deleted file mode 100644 index a3d3b922..00000000 --- a/src/pkvm_setup/debian_image/setup_host_vm_interactive.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -set -euo pipefail -# Additional setup script for host VMs that will be used interactively. - -echo "setup_host_vm_interactive.sh ($0) running" - -edo() { - echo " >> $*" - "$@" -} - - -# Install some tools for convenience. -edo apt install -y git vim tmux htop socat - - -# Automatically mount `outerfs` on boot -edo tee -a /etc/fstab <> $*" + "$@" +} + +# Enable passwordless sudo for `user` +edo tee -a /etc/sudoers <> $*" @@ -27,10 +27,12 @@ edo rm -f /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub edo ssh-keygen -A +# Install necessary tools +edo apt install -y qemu-system-arm + # Allow `user` to access /dev/kvm and start VMs edo usermod -a -G kvm user -# Enable passwordless sudo for `user` -edo tee -a /etc/sudoers < Date: Wed, 12 Jun 2024 16:41:21 -0700 Subject: [PATCH 02/21] pkvm_setup: build pkvm kernel as a debian package --- src/pkvm_setup/.gitignore | 3 ++ src/pkvm_setup/build_pkvm.sh | 6 ++- src/pkvm_setup/build_pkvm_verif.sh | 6 ++- src/pkvm_setup/create_disk_images.sh | 53 ++++++++++++++++++++++- src/pkvm_setup/run_vm_script.sh | 45 ++++++++++++++----- src/pkvm_setup/vm_scripts/setup_common.sh | 27 ++++++++++++ 6 files changed, 124 insertions(+), 16 deletions(-) create mode 100644 src/pkvm_setup/.gitignore diff --git a/src/pkvm_setup/.gitignore b/src/pkvm_setup/.gitignore new file mode 100644 index 00000000..b006ca0a --- /dev/null +++ b/src/pkvm_setup/.gitignore @@ -0,0 +1,3 @@ +*.deb +*.buildinfo +*.changes diff --git a/src/pkvm_setup/build_pkvm.sh b/src/pkvm_setup/build_pkvm.sh index be29556d..7cecdc80 100644 --- a/src/pkvm_setup/build_pkvm.sh +++ b/src/pkvm_setup/build_pkvm.sh @@ -6,11 +6,13 @@ mkdir -p vms/pkvm-boot cd linux-pkvm make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" defconfig +# Include `pkvm` in the version string. +./scripts/config --set-str CONFIG_LOCALVERSION '-pkvm' + # Enable virtio GPIO and I2C drivers. We pass these through from outside to # the host VM and then through to some of the guests, so the host needs the # drivers. ./scripts/config -e CONFIG_GPIO_VIRTIO ./scripts/config -e CONFIG_I2C_VIRTIO -make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" Image -cp -v arch/arm64/boot/Image ../vms/pkvm-boot/vmlinuz-pkvm +make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" bindeb-pkg diff --git a/src/pkvm_setup/build_pkvm_verif.sh b/src/pkvm_setup/build_pkvm_verif.sh index 0e7b58da..fb48064a 100644 --- a/src/pkvm_setup/build_pkvm_verif.sh +++ b/src/pkvm_setup/build_pkvm_verif.sh @@ -9,6 +9,9 @@ cd linux-pkvm make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" defconfig +# Include `pkvm-verif` in the version string. +./scripts/config --set-str CONFIG_LOCALVERSION '-pkvm-verif' + # Futz with the configuration to enable the executable spec (and hyp-proxy if # using the last line): @@ -61,5 +64,4 @@ make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" defconfi # Now build the kernel image. -make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" Image -cp -v arch/arm64/boot/Image ../vms/pkvm-boot/vmlinuz-pkvm-verif +make ARCH=arm64 CC=clang CROSS_COMPILE=aarch64-linux-gnu- -j "$(nproc)" bindeb-pkg diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 82133396..28a8b552 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -11,8 +11,12 @@ disk_host_dev=vms/disk_host_dev.img disk_guest_dev=vms/disk_guest_dev.img +pkvm_version=6.4.0 +pkvm_rev=beb7002f98c0 + + edo() { - echo " >> $*" + echo " >> $*" 1>&2 "$@" } @@ -60,6 +64,35 @@ compress_helper() { edo rm -v "$img.orig" } +find_linux_image_deb() { + local version="$1" + local tag="$2" + local rev="$3" + shift 3 + + local x="$version-$tag-g$rev" + local y="$version-g$rev" + + local candidates=( linux-image-${x}_${y}-[0-9]*_arm64.deb ) + if [[ "${#candidates[@]}" -eq 1 ]]; then + if [[ -f "${candidates[0]}" ]]; then + echo "${candidates[0]}" + else + # If no matching files exist, `$candidates` will be a 1-element + # array containing the unexpanded glob pattern. + echo "Error: found no candidate .deb matching ${candidate[0]}" 1>&2 + return 1 + fi + else + echo "Error: found multiple candidate files:" 1>&2 + for f in "${candidates[@]}"; do + echo " $f" 1>&2 + done + echo "Remove all but one and try again" 1>&2 + return 1 + fi +} + # `disk_base` consists of a Debian installation and nothing else. This is # managed separate from `disk_common` so `disk_common` can be rebuilt without @@ -73,6 +106,7 @@ else compress_helper "$disk_base" base fi + # `disk_common` is a copy of `disk_base` with additional software and # configuration that's common to both the host and the guest. It's also # cleaned and trimmed to reduce its compressed size. @@ -84,7 +118,20 @@ else # base+common image. `fstrim` can only trim the final read-write image # in a backing chain. edo cp -v "$disk_base" "$disk_common.orig" - edo bash run_vm_script.sh "$disk_common.orig" vm_scripts/setup_common.sh + + # Prepare storage for the kernel packages and the extracted kernel and + # initrd images. + tar_file=$(mktemp $(pwd)/kernel.XXXXXX.tar) + edo dd if=/dev/zero of="$tar_file" bs=1M count=256 + pkvm_kernel_deb="$(find_linux_image_deb ${pkvm_version} pkvm ${pkvm_rev})" + # Could add more packages if needed, e.g. linux-headers + edo tar -c "$pkvm_kernel_deb" | edo dd of="$tar_file" conv=notrunc + + edo bash run_vm_script.sh "$disk_common.orig" vm_scripts/setup_common.sh "$tar_file" + + edo mkdir -p vms/pkvm-boot + edo tar -C vms/pkvm-boot -xf "$tar_file" + edo rm -f "$tar_file" fi compress_helper "$disk_common" common # Mark `disk_common` read-only. It's used as a backing file for @@ -93,6 +140,7 @@ else edo chmod -v a-w "$disk_common" fi + # `disk_host` and `disk_guest` is a delta on top of `disk_common` with host- # or guest-specific software. @@ -118,6 +166,7 @@ else compress_helper "$disk_guest" guest fi + # `disk_host_dev` and `disk_guest_dev` are copies of `disk_host` and # `disk_guest`. They aren't deltas backed by `disk_host`/`disk_guest` because # those images might change (e.g. adding new log entries each time the VM is diff --git a/src/pkvm_setup/run_vm_script.sh b/src/pkvm_setup/run_vm_script.sh index 482d3b76..d39e4ecb 100644 --- a/src/pkvm_setup/run_vm_script.sh +++ b/src/pkvm_setup/run_vm_script.sh @@ -1,18 +1,43 @@ #!/bin/bash set -euo pipefail +# Usage: run_vm_script.sh DISK.img SCRIPT.sh [INPUT] +# +# Run the Bash script `SCRIPT.sh` in the VM, using `DISK.img` as the disk +# image. This will boot the VM, run the script, and shut down the VM once the +# script terminates. The boot process has significant overhead (~20 seconds), +# so excessive use of this script will be slow. +# +# If an `INPUT` file is provided, it will be passed into the VM and its path +# within the VM will be passed to `SCRIPT.sh` as a command-line argument. Note +# that the method this script uses to pass `INPUT` into the VM may cause it to +# be padded with extra zero bytes. Some tools, such as `tar` will ignore these +# trailing zeros, but other tools may have difficulty. + +case "$#" in + 2|3) ;; + *) + echo "usage: $0 DISK.img SCRIPT.sh [INPUT]" 1>&2 + exit 1 + ;; +esac + disk=$1 script=$2 -shift 2 -# Run the Bash script `$script` in the VM, using `$disk` as the disk image. -# This will boot the VM, run the script, and shut down the VM once the script -# terminates. The boot process has significant overhead (~20 seconds), so -# excessive use of this script will be slow. +args=( + -drive if=virtio,format=qcow2,file="$disk",discard=unmap + -drive if=virtio,format=raw,file="$script" + -kernel vms/debian-boot/vmlinuz + -initrd vms/debian-boot/initrd.img +) +kernel_args='earlycon root=/dev/vda2 systemd.run="/bin/bash /dev/vdb"' + +if [[ "$#" -eq 3 ]]; then + args+=( -drive if=virtio,format=raw,file="$3" ) + kernel_args='earlycon root=/dev/vda2 systemd.run="/bin/bash /dev/vdb /dev/vdc"' +fi exec bash "$(dirname "$0")/run_vm_common.sh" \ - -drive if=virtio,format=qcow2,file="$disk",discard=unmap \ - -drive if=virtio,format=raw,file="$script" \ - -kernel vms/debian-boot/vmlinuz \ - -initrd vms/debian-boot/initrd.img \ - -append 'earlycon root=/dev/vda2 systemd.run="/bin/bash /dev/vdb"' + "${args[@]}" \ + -append "$kernel_args" diff --git a/src/pkvm_setup/vm_scripts/setup_common.sh b/src/pkvm_setup/vm_scripts/setup_common.sh index ac6c0ba4..8225cce5 100644 --- a/src/pkvm_setup/vm_scripts/setup_common.sh +++ b/src/pkvm_setup/vm_scripts/setup_common.sh @@ -15,5 +15,32 @@ user ALL=(ALL) NOPASSWD: ALL EOF +# Install kernel packages. + +# Collect old kernel packages so they can be removed later. We install the new +# kernel first, then remove the old ones. This causes the `/boot/vmlinuz` and +# `/boot/initrd.img` symlinks to be updated to point to the new kernel, whereas +# removing the old kernels first causes the symlinks to be deleted entirely. +old_kernel_pkgs="$(dpkg -l | grep linux-image | while read status pkg rest; do echo "$pkg"; done)" + +# Extract the new kernel package(s) from input $1 and install them. +work_dir="$(mktemp -d)" +edo tar -C "$work_dir" -xf "$1" +( + cd "$work_dir" + for f in *.deb; do + edo dpkg -i "$f" + done +) +edo rm -rf "$work_dir" + +# Remove the old kernel packages. The `noninteractive` frontend suppresses a +# confirmation dialog about uninstalling the running kernel. +DEBIAN_FRONTEND=noninteractive apt purge -y $old_kernel_pkgs + +# Export the new kernel and initrd images back through $1. +edo tar -chf "$1" -C /boot vmlinuz initrd.img + + edo apt clean edo fstrim -v / From eefb061c745e565fad95a72602dda2a2fc5d5cef Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Thu, 13 Jun 2024 10:22:05 -0700 Subject: [PATCH 03/21] pkvm_setup: install opensut_boot as a debian package --- src/pkvm_setup/create_disk_images.sh | 56 +++++++++++++++-------- src/pkvm_setup/vm_scripts/setup_common.sh | 13 +++--- src/vm_runner/.gitignore | 1 + src/vm_runner/build_deb.sh | 49 ++++++++++++++++++++ 4 files changed, 93 insertions(+), 26 deletions(-) create mode 100644 src/vm_runner/build_deb.sh diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 28a8b552..3013b8d9 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -64,28 +64,26 @@ compress_helper() { edo rm -v "$img.orig" } -find_linux_image_deb() { - local version="$1" - local tag="$2" - local rev="$3" - shift 3 - - local x="$version-$tag-g$rev" - local y="$version-g$rev" - - local candidates=( linux-image-${x}_${y}-[0-9]*_arm64.deb ) - if [[ "${#candidates[@]}" -eq 1 ]]; then - if [[ -f "${candidates[0]}" ]]; then - echo "${candidates[0]}" +# `sole_file foo_*.deb` gets the name of the sole existing file matching +# `foo_*.deb`. If there are multiple matching files or none at all, it reports +# an error. +sole_file() { + if [[ "$#" -eq 1 ]]; then + if [[ -f "$1" ]]; then + echo "$1" else - # If no matching files exist, `$candidates` will be a 1-element - # array containing the unexpanded glob pattern. - echo "Error: found no candidate .deb matching ${candidate[0]}" 1>&2 + # Typically, this function is called like `sole_file foo_*.deb`, so + # if no matching files are found, the unexpanded glob pattern is + # passed as the first argument. + echo "Error: found no file matching $1" 1>&2 return 1 fi + elif [[ "$#" -eq 0 ]]; then + echo "Error: called sole_file with no arguments" 1>&2 + return 1 else echo "Error: found multiple candidate files:" 1>&2 - for f in "${candidates[@]}"; do + for f in "$@"; do echo " $f" 1>&2 done echo "Remove all but one and try again" 1>&2 @@ -93,6 +91,18 @@ find_linux_image_deb() { fi } +find_linux_image_deb() { + local version="$1" + local tag="$2" + local rev="$3" + shift 3 + + local x="$version-$tag-g$rev" + local y="$version-g$rev" + + sole_file linux-image-${x}_${y}-[0-9]*_arm64.deb +} + # `disk_base` consists of a Debian installation and nothing else. This is # managed separate from `disk_common` so `disk_common` can be rebuilt without @@ -119,13 +129,19 @@ else # in a backing chain. edo cp -v "$disk_base" "$disk_common.orig" - # Prepare storage for the kernel packages and the extracted kernel and + # Prepare storage for the custom packages and the extracted kernel and # initrd images. tar_file=$(mktemp $(pwd)/kernel.XXXXXX.tar) edo dd if=/dev/zero of="$tar_file" bs=1M count=256 - pkvm_kernel_deb="$(find_linux_image_deb ${pkvm_version} pkvm ${pkvm_rev})" + + tar_inputs=( + # linux-pkvm kernel + "$(find_linux_image_deb ${pkvm_version} pkvm ${pkvm_rev})" + # opensut_boot + "$(sole_file ../vm_runner/verse-opensut-boot_[0-9]*_arm64.deb)" + ) # Could add more packages if needed, e.g. linux-headers - edo tar -c "$pkvm_kernel_deb" | edo dd of="$tar_file" conv=notrunc + edo tar --transform='s:.*/::g' -c "${tar_inputs[@]}" | edo dd of="$tar_file" conv=notrunc edo bash run_vm_script.sh "$disk_common.orig" vm_scripts/setup_common.sh "$tar_file" diff --git a/src/pkvm_setup/vm_scripts/setup_common.sh b/src/pkvm_setup/vm_scripts/setup_common.sh index 8225cce5..f4e68e5f 100644 --- a/src/pkvm_setup/vm_scripts/setup_common.sh +++ b/src/pkvm_setup/vm_scripts/setup_common.sh @@ -15,15 +15,16 @@ user ALL=(ALL) NOPASSWD: ALL EOF -# Install kernel packages. +# Install custom packages. -# Collect old kernel packages so they can be removed later. We install the new -# kernel first, then remove the old ones. This causes the `/boot/vmlinuz` and -# `/boot/initrd.img` symlinks to be updated to point to the new kernel, whereas -# removing the old kernels first causes the symlinks to be deleted entirely. +# Collect old kernel packages so they can be removed later. One of the custom +# packages will be a new kernel, which we install first before removing the old +# ones. This causes the `/boot/vmlinuz` and `/boot/initrd.img` symlinks to be +# updated to point to the new kernel, whereas removing the old kernels first +# causes the symlinks to be deleted entirely. old_kernel_pkgs="$(dpkg -l | grep linux-image | while read status pkg rest; do echo "$pkg"; done)" -# Extract the new kernel package(s) from input $1 and install them. +# Extract the new packages from input $1 and install them. work_dir="$(mktemp -d)" edo tar -C "$work_dir" -xf "$1" ( diff --git a/src/vm_runner/.gitignore b/src/vm_runner/.gitignore index a89285e5..5d3ba6cc 100644 --- a/src/vm_runner/.gitignore +++ b/src/vm_runner/.gitignore @@ -1 +1,2 @@ *.img +*.deb diff --git a/src/vm_runner/build_deb.sh b/src/vm_runner/build_deb.sh new file mode 100644 index 00000000..f6cea3e4 --- /dev/null +++ b/src/vm_runner/build_deb.sh @@ -0,0 +1,49 @@ +#!/bin/bash +set -euo pipefail + +boot_bin=target/aarch64-unknown-linux-gnu/release/opensut_boot +if ! [[ -f "$boot_bin" ]]; then + echo "Error: $boot_bin not found; build it first" 1>&2 + exit 1 +else + age=$(( "$(date +%s)" - "$(stat -c %Y "$boot_bin")" )) + age_hr=$(( age / 3600 )) + age_min=$(( age / 60 % 60 )) + age_sec=$(( age % 60 )) + age_str=$(printf %dh%02dm%02ds "$age_hr" "$age_min" "$age_sec") + echo "Using $boot_bin (built $age_str ago)" +fi + +edo() { + echo " >> $*" 1>&2 + "$@" +} + +image=$(mktemp -d) +edo mkdir -p "$image/opt/opensut/bin" +edo cp -v "$boot_bin" "$image/opt/opensut/bin/" + +cargo_version="$(cargo read-manifest | \ + python3 -c 'import json, sys; print(json.load(sys.stdin)["version"])')" +git_rev="$(git rev-parse HEAD | cut -c -8)" +version="${cargo_version}-g${git_rev}" + +size=$(( ( "$(stat -c %s "$boot_bin")" + 1023) / 1024 )) + +edo mkdir -p "$image/DEBIAN" +edo tee "$image/DEBIAN/control" < +Depends: libc6 +Installed-Size: $size +Homepage: https://github.com/GaloisInc/VERSE-OpenSUT/tree/main/src/vm_runner +Description: VERSE OpenSUT boot-time agent + opensut_boot is run at boot time in OpenSUT VMs to start up sub-VMs or other + services. +EOF + +edo dpkg-deb --root-owner-group --build "$image" "verse-opensut-boot_${version}-1_arm64.deb" + +edo rm -rf "$image" From b6f0561b5a7fe71578197038d7fff0c907ef68f7 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Thu, 13 Jun 2024 11:23:40 -0700 Subject: [PATCH 04/21] pkvm_setup: add aarch64 support to libgpiod and vhost-device build scripts --- src/pkvm_setup/build_libgpiod.sh | 38 +++++++++++++++++++++++++++- src/pkvm_setup/build_vhost_device.sh | 35 ++++++++++++++++++++++--- 2 files changed, 68 insertions(+), 5 deletions(-) diff --git a/src/pkvm_setup/build_libgpiod.sh b/src/pkvm_setup/build_libgpiod.sh index b9e3be0d..afd02aaa 100644 --- a/src/pkvm_setup/build_libgpiod.sh +++ b/src/pkvm_setup/build_libgpiod.sh @@ -2,7 +2,43 @@ set -euo pipefail # Dependencies: build-essential, autoconf, automake, autoconf-archive +# +# Additional dependencies for aarch64 cross-builds: gcc-aarch64-linux-gnu + +target= +if [[ "$#" -ne 0 ]]; then + target="$1" +fi + +build_dir=build +if [[ -n "$target" ]]; then + build_dir="$build_dir.$target" +fi + +configure_args=() +case "$target" in + aarch64) + configure_args+=( + --host aarch64-unknown-linux-gnu + # We use `--disable-shared` here so that `vhost-device` will be + # forced to statically link libgpiod. This means one less + # dependency to worry about when installing into the VM. + # + # (Also, cross-compiling with `--enable-shared` doesn't seem to + # actually produce a shared version of the library, only a few + # broken symlinks.) + --disable-shared + CC=aarch64-linux-gnu-gcc + LD=aarch64-linux-gnu-gcc + ) + ;; +esac cd libgpiod -./autogen.sh +mkdir -p "$build_dir" +cd "$build_dir" +# For some reason, doing ./autogen.sh and ./configure as separate steps in an +# out-of-tree build causes ./configure to complain that the source tree is +# already configured. +../autogen.sh "${configure_args[@]}" make -j "$(nproc)" diff --git a/src/pkvm_setup/build_vhost_device.sh b/src/pkvm_setup/build_vhost_device.sh index b3b5e6d9..1e29a3bc 100644 --- a/src/pkvm_setup/build_vhost_device.sh +++ b/src/pkvm_setup/build_vhost_device.sh @@ -4,16 +4,43 @@ set -euo pipefail # Dependencies: # - A recent Rust stable toolchain (tested with 1.78.0) # - libgpiod (run `build_libgpiod.sh` first) +# +# Additional dependencies for aarch64 cross-builds: +# - The Rust toolchain must support the aarch64-unknown-linux-gnu target -if ! [[ -f libgpiod/lib/.libs/libgpiod.so ]] && ! [[ -f libgpiod/lib/.libs/libgpiod.a ]]; then +target= +if [[ "$#" -ne 0 ]]; then + target="$1" +fi + +gpiod_build_dir=build +if [[ -n "$target" ]]; then + gpiod_build_dir="$gpiod_build_dir.$target" +fi + +cargo_args=( + --release +) +case "$target" in + aarch64) + cargo_args+=( + --target aarch64-unknown-linux-gnu + ) + ;; +esac + +if ! [[ -f libgpiod/$gpiod_build_dir/lib/.libs/libgpiod.so ]] \ + && ! [[ -f libgpiod/$gpiod_build_dir/lib/.libs/libgpiod.a ]]; then echo 'missing libgpiod.so / libgpiod.a; run build_libgpiod.sh first' 1>&2 exit 1 fi pwd="$(pwd)" export SYSTEM_DEPS_LIBGPIOD_NO_PKG_CONFIG=1 -export SYSTEM_DEPS_LIBGPIOD_SEARCH_NATIVE="$pwd/libgpiod/lib/.libs/" +export SYSTEM_DEPS_LIBGPIOD_SEARCH_NATIVE="$pwd/libgpiod/$gpiod_build_dir/lib/.libs/" export SYSTEM_DEPS_LIBGPIOD_LIB=gpiod +# libgpiod doesn't have generated headers, so we can just point to the include +# dir in the source tree. export SYSTEM_DEPS_LIBGPIOD_INCLUDE="$pwd/libgpiod/include/" cd vhost-device @@ -24,5 +51,5 @@ cd vhost-device : "${RUSTUP_TOOLCHAIN=stable}" export RUSTUP_TOOLCHAIN -cargo build --bin vhost-device-gpio -#cargo build --bin vhost-device-i2c +cargo build --bin vhost-device-gpio "${cargo_args[@]}" +#cargo build --bin vhost-device-i2c "${cargo_args[@]}" From 111a9068629cba46b3756d71d4bf01c4e2502532 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Thu, 13 Jun 2024 12:37:48 -0700 Subject: [PATCH 05/21] pkvm_setup: install vhost-device-gpio as a debian package --- src/pkvm_setup/build_vhost_device.sh | 4 ++++ src/pkvm_setup/create_disk_images.sh | 3 +++ src/pkvm_setup/vhost-device | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/pkvm_setup/build_vhost_device.sh b/src/pkvm_setup/build_vhost_device.sh index 1e29a3bc..47cbda20 100644 --- a/src/pkvm_setup/build_vhost_device.sh +++ b/src/pkvm_setup/build_vhost_device.sh @@ -53,3 +53,7 @@ export RUSTUP_TOOLCHAIN cargo build --bin vhost-device-gpio "${cargo_args[@]}" #cargo build --bin vhost-device-i2c "${cargo_args[@]}" + +if [[ "$target" = aarch64 ]]; then + bash build_deb.sh +fi diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 3013b8d9..55cfbc79 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -139,6 +139,9 @@ else "$(find_linux_image_deb ${pkvm_version} pkvm ${pkvm_rev})" # opensut_boot "$(sole_file ../vm_runner/verse-opensut-boot_[0-9]*_arm64.deb)" + # vhost-device + "$(sole_file vhost-device/verse-vhost-device-gpio_[0-9]*_arm64.deb)" + #"$(sole_file vhost-device/verse-vhost-device-i2c_[0-9]*_arm64.deb)" ) # Could add more packages if needed, e.g. linux-headers edo tar --transform='s:.*/::g' -c "${tar_inputs[@]}" | edo dd of="$tar_file" conv=notrunc diff --git a/src/pkvm_setup/vhost-device b/src/pkvm_setup/vhost-device index 47810026..71959fc6 160000 --- a/src/pkvm_setup/vhost-device +++ b/src/pkvm_setup/vhost-device @@ -1 +1 @@ -Subproject commit 4781002645470efcb523e758be124a7622b27998 +Subproject commit 71959fc67c327795ab4e0ff963b385f4d9e1d8a5 From d15a53759736edd76006529a98c774816f008626 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 18 Jun 2024 11:13:39 -0700 Subject: [PATCH 06/21] pkvm_setup: add build_qemu.sh to build debian packages --- src/pkvm_setup/.gitignore | 2 + src/pkvm_setup/build_qemu.sh | 60 + ...debian-disable-optional-dependencies.patch | 1114 +++++++++++++++++ .../qemu_patches/debian-version.patch | 14 + 4 files changed, 1190 insertions(+) create mode 100644 src/pkvm_setup/build_qemu.sh create mode 100644 src/pkvm_setup/qemu_patches/debian-disable-optional-dependencies.patch create mode 100644 src/pkvm_setup/qemu_patches/debian-version.patch diff --git a/src/pkvm_setup/.gitignore b/src/pkvm_setup/.gitignore index b006ca0a..55216b1e 100644 --- a/src/pkvm_setup/.gitignore +++ b/src/pkvm_setup/.gitignore @@ -1,3 +1,5 @@ *.deb *.buildinfo *.changes +/qemu_build/ +/vms/ diff --git a/src/pkvm_setup/build_qemu.sh b/src/pkvm_setup/build_qemu.sh new file mode 100644 index 00000000..1afa203d --- /dev/null +++ b/src/pkvm_setup/build_qemu.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -euo pipefail + +cd "$(dirname "$0")" + +# Build a modified QEMU Debian package with reduced dependencies. + +target= +if [[ "$#" -ne 0 ]]; then + target="$1" +fi +case "$target" in + # Accept `aarch64` as an alias for the Debian name `arm64`. + aarch64) + target="arm64" + ;; + # If no target is provided, use the default for this host. + '') + target="$(dpkg --print-architecture)" + ;; +esac + +dist=bookworm +echo "target=$target" +echo "dist=$dist" + +sudo apt install -y pbuilder ubuntu-dev-tools dpkg-dev +export PBUILDFOLDER="$(pwd)/qemu_build" + +echo "Creating pbuilder base.tgz for $dist $target" 1>&2 +pbuilder-dist "$dist" "$target" create + +sole() { + if [[ "$#" -ne 1 ]]; then + echo "Error: got multiple results: $@" 1>&2 + return 1 + else + echo "$1" + fi +} + +patch_dir="$(pwd)/qemu_patches" +( + # TODO: clean old src dir first (avoid reapplying patches) + mkdir -p "$PBUILDFOLDER/src" + cd "$PBUILDFOLDER/src" + echo "Preparing QEMU sources" 1>&2 + apt source qemu + ( + cd "$(sole qemu*/)" + for patch in "$patch_dir"/debian-*.patch; do + echo "Applying $patch" 1>&2 + patch -p1 <"$patch" + done + dpkg-buildpackage --build=source -uc -us + ) +) + +dsc_file="$(sole "$PBUILDFOLDER/src/"qemu_*-9999+verse*.dsc)" +pbuilder-dist "$dist" "$target" build "$dsc_file" diff --git a/src/pkvm_setup/qemu_patches/debian-disable-optional-dependencies.patch b/src/pkvm_setup/qemu_patches/debian-disable-optional-dependencies.patch new file mode 100644 index 00000000..b5f01b25 --- /dev/null +++ b/src/pkvm_setup/qemu_patches/debian-disable-optional-dependencies.patch @@ -0,0 +1,1114 @@ +Disable a bunch of optional components and dependencies that we don't use in +the OpenSUT. The default build of qemu-system-arm with all dependencies takes +up about 1 GB; removing these dependencies decreases the size significantly. + +--- qemu-7.2+dfsg-orig/debian/control 2024-02-06 09:38:06.000000000 -0800 ++++ qemu-7.2+dfsg/debian/control 2024-06-17 09:59:57.180637423 -0700 +@@ -10,107 +10,108 @@ + # on build-dependencies. + python3:any, + ninja-build, meson (>> 0.61.5~), +-# --enable-docs ++ pkg-config, ++ libglib2.0-dev, ++# --disable-docs + # for python3-sphinx:native see #995622 +- texinfo, python3-sphinx:native, python3-sphinx-rtd-theme, ++# texinfo, python3-sphinx:native, python3-sphinx-rtd-theme, + # iasl (from acpica-tools) is used only in a single test these days, not for building + # acpica-tools, + # libcapstone is in universe in ubuntu +-# --enable-capstone +- libcapstone-dev (>> 4.0.2~), +-# --enable-linux-aio linux-* +- libaio-dev [linux-any], +- libjack-dev [linux-any], +-# --audio-drv-list=pa,alsa,jack,oss,sdl linux-* +-# --audio-drv-list=pa,oss kfreebsd-* +- libpulse-dev, +- libasound2-dev [linux-any], ++# --disable-capstone ++# libcapstone-dev (>> 4.0.2~), ++# --disable-linux-aio linux-* ++# libaio-dev [linux-any], ++# libjack-dev [linux-any], ++# --audio-drv-list= ++# libpulse-dev, ++# libasound2-dev [linux-any], + # for virtfs (now in libc6) + # --enable-attr +-# --enable-bpf linux-* +- libbpf-dev [linux-any], +-# --enable-brlapi +- libbrlapi-dev, ++# --disable-bpf linux-* ++# libbpf-dev [linux-any], ++# --disable-brlapi ++# libbrlapi-dev, + # --enable-virtfs linux-* + # needed for virtfs + # --enable-cap-ng linux-* + libcap-ng-dev [linux-any], +-# --enable-curl +- libcurl4-gnutls-dev, ++# --disable-curl ++# libcurl4-gnutls-dev, + # --enable-fdt + # libfdt #931046 + libfdt-dev (>> 1.5.0-2~), +-# --enable-fuse +- libfuse3-dev, +-# --enable-gnutls +- gnutls-dev, +-# --enable-gtk --enable-vte +- libgtk-3-dev, libvte-2.91-dev, +-# --enable-libiscsi +- libiscsi-dev (>> 1.9.0~), ++# --disable-fuse ++# libfuse3-dev, ++# --disable-gnutls ++# gnutls-dev, ++# --disable-gtk --disable-vte ++# libgtk-3-dev, libvte-2.91-dev, ++# --disable-libiscsi ++# libiscsi-dev (>> 1.9.0~), + # --enable-curses + libncurses-dev, +-# --enable-virglrenderer linux-* +- libvirglrenderer-dev [linux-any], ++# --disable-virglrenderer linux-* ++# libvirglrenderer-dev [linux-any], + # libvirglrenderer-dev bug #1019485: libva-dev build-dep is only a temp workaround +- libva-dev [linux-any], +-# --enable-opengl linux-* +- libepoxy-dev [linux-any], libdrm-dev [linux-any], libgbm-dev [linux-any], +-# --enable-libnfs +- libnfs-dev, +-# --enable-numa i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x|riscv64 +- libnuma-dev [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x riscv64], +-# --enable-smartcard +- libcacard-dev, ++# libva-dev [linux-any], ++# --disable-opengl linux-* ++# libepoxy-dev [linux-any], libdrm-dev [linux-any], libgbm-dev [linux-any], ++# --disable-libnfs ++# libnfs-dev, ++# --disable-numa i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x|riscv64 ++# libnuma-dev [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x riscv64], ++# --disable-smartcard ++# libcacard-dev, + libpixman-1-dev, +-# --enable-rbd amd64|arm64|armel|armhf|i386|mips64el|mipsel|ppc64el|s390x|ppc64|sparc64 +- librbd-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64], ++# --disable-rbd amd64|arm64|armel|armhf|i386|mips64el|mipsel|ppc64el|s390x|ppc64|sparc64 ++# librbd-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64], + # before buster it was glusterfs-common so keep it for now for bpo +-# --enable-glusterfs linux-any +- libglusterfs-dev [linux-any] | glusterfs-common [linux-any], +-# --enable-vnc-sasl +- libsasl2-dev, +-# --enable-sdl +- libsdl2-dev, ++# --disable-glusterfs linux-any ++# libglusterfs-dev [linux-any] | glusterfs-common [linux-any], ++# --disable-vnc-sasl ++# libsasl2-dev, ++# --disable-sdl ++# libsdl2-dev, + # --enable-seccomp amd64|arm64|armel|armhf|i386|mips64el|mipsel|ppc64el|s390x|hppa|powerpc|ppc64|riscv64|x32 + libseccomp-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x hppa powerpc ppc64 riscv64 x32], + # --enable-slirp + libslirp-dev, +-# --enable-spice linux-amd64|linux-i386|linux-arm64|linux-armel|linux-armhf|linux-mips64el|linux-mipsel|ppc64el|sh4|x32 +- libspice-server-dev [linux-amd64 linux-i386 linux-arm64 linux-armel linux-armhf linux-mips64el linux-mipsel ppc64el sh4 x32], +-# --enable-rdma linux-* +- librdmacm-dev [linux-any], libibverbs-dev [linux-any], libibumad-dev [linux-any], ++# --disable-spice linux-amd64|linux-i386|linux-arm64|linux-armel|linux-armhf|linux-mips64el|linux-mipsel|ppc64el|sh4|x32 ++# libspice-server-dev [linux-amd64 linux-i386 linux-arm64 linux-armel linux-armhf linux-mips64el linux-mipsel ppc64el sh4 x32], ++# --disable-rdma linux-* ++# librdmacm-dev [linux-any], libibverbs-dev [linux-any], libibumad-dev [linux-any], + # --enable-linux-io-uring linux-* + liburing-dev [linux-any], +-# --enable-libusb linux-* +- libusb-1.0-0-dev [linux-any], +-# --enable-usb-redir linux-* +- libusbredirparser-dev [linux-any], +-# --enable-libssh +- libssh-dev, +-# --enable-zstd +- libzstd-dev, ++# --disable-libusb linux-* ++# libusb-1.0-0-dev [linux-any], ++# --disable-usb-redir linux-* ++# libusbredirparser-dev [linux-any], ++# --disable-libssh ++# libssh-dev, ++# --disable-zstd ++# libzstd-dev, + # vde is debian-only since ubuntu/vde2 is in universe +-# --enable-vde +- libvdeplug-dev, +- libxen-dev [linux-amd64], +-# --enable-nettle +- nettle-dev, ++# --disable-vde ++# libvdeplug-dev, ++# libxen-dev [linux-amd64], ++# --disable-nettle ++# nettle-dev, + ## always enabled: --enable-uuid + uuid-dev, + # always needed + zlib1g-dev, + # other optional features we enable +-# --enable-libudev ++# --disable-libudev + # needed for qga? +- libudev-dev [linux-any], +-# --enable-vnc +-# --enable-vnc-jpeg +- libjpeg-dev, +-# --enable-png +- libpng-dev, +-# --enable-libpmem linux-amd64|linux-arm64 +- libpmem-dev [linux-amd64 linux-arm64], ++# libudev-dev [linux-any], ++# --disable-vnc ++# --disable-vnc-jpeg ++# libjpeg-dev, ++# --disable-png ++# libpng-dev, ++# --disable-libpmem linux-amd64|linux-arm64 ++# libpmem-dev [linux-amd64 linux-arm64], + # --enable-kvm linux-* + # --enable-vhost-net linux-* # is it really linux-specific? + ##--enable-lzo todo, for (memory) dumps +@@ -119,22 +120,24 @@ + ##--with-iconv (libiconv for curses wide char support) + ## auth-pam - for auth for vnc&Co using PAM + ## gio-2.0 - for -display=spice-app ++# VERSE: ++# --enable-vhost-user + Build-Depends-Indep: + # pc-bios/*.dts => *.dtb (PPC firmware) + device-tree-compiler, +- gcc-s390x-linux-gnu, ++# gcc-s390x-linux-gnu, + # qemu-palcode/palcode-clipper +- gcc-alpha-linux-gnu, ++# gcc-alpha-linux-gnu, + # skiboot firmware, openbios +- gcc-powerpc64-linux-gnu, ++# gcc-powerpc64-linux-gnu, + # openbios +- gcc-sparc64-linux-gnu, fcode-utils, xsltproc, ++# gcc-sparc64-linux-gnu, fcode-utils, xsltproc, + # hppa-firmware +- gcc-hppa-linux-gnu, ++# gcc-hppa-linux-gnu, + # opensbi +- gcc-riscv64-linux-gnu, ++# gcc-riscv64-linux-gnu, + # vbootrom/npcm7xx_bootrom +- gcc-arm-none-eabi, ++# gcc-arm-none-eabi, + Build-Conflicts: oss4-dev + Standards-Version: 4.6.1 + Homepage: http://www.qemu.org/ +@@ -147,11 +150,11 @@ + Multi-Arch: foreign + Depends: ${misc:Depends}, + qemu-system-arm, +- qemu-system-mips, +- qemu-system-ppc, +- qemu-system-sparc, +- qemu-system-x86, +- qemu-system-misc ++# qemu-system-mips, ++# qemu-system-ppc, ++# qemu-system-sparc, ++# qemu-system-x86, ++# qemu-system-misc + Description: QEMU full system emulation binaries + QEMU is a fast processor emulator: currently the package supports + ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, +@@ -162,28 +165,28 @@ + targets, by depending on all per-architecture system emulation packages which + QEMU supports. + +-Package: qemu-block-extra +-Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: no +-Depends: ${misc:Depends}, ${shlibs:Depends}, +- qemu-system-x86 (= ${binary:Version}) +- |qemu-system-arm (= ${binary:Version}) +- |qemu-system-mips (= ${binary:Version}) +- |qemu-system-ppc (= ${binary:Version}) +- |qemu-system-sparc (= ${binary:Version}) +- |qemu-system-misc (= ${binary:Version}) +- |qemu-utils (= ${binary:Version}), +-Enhances: qemu-utils, qemu-system-misc, +- qemu-system-arm, qemu-system-mips, qemu-system-sparc, qemu-system-x86, +-Description: extra block backend modules for qemu-system and qemu-utils +- QEMU is a fast processor emulator: currently the package supports +- ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, +- SPARC and x86-64 emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides extra block device backend modules for qemu-system +- emulation and qemu-img from qemu-utils package, which are rarely used and +- has extra dependencies. ++#Package: qemu-block-extra ++#Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: no ++#Depends: ${misc:Depends}, ${shlibs:Depends}, ++# qemu-system-x86 (= ${binary:Version}) ++# |qemu-system-arm (= ${binary:Version}) ++# |qemu-system-mips (= ${binary:Version}) ++# |qemu-system-ppc (= ${binary:Version}) ++# |qemu-system-sparc (= ${binary:Version}) ++# |qemu-system-misc (= ${binary:Version}) ++# |qemu-utils (= ${binary:Version}), ++#Enhances: qemu-utils, qemu-system-misc, ++# qemu-system-arm, qemu-system-mips, qemu-system-sparc, qemu-system-x86, ++#Description: extra block backend modules for qemu-system and qemu-utils ++# QEMU is a fast processor emulator: currently the package supports ++# ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, ++# SPARC and x86-64 emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides extra block device backend modules for qemu-system ++# emulation and qemu-img from qemu-utils package, which are rarely used and ++# has extra dependencies. + + Package: qemu-system-data + Architecture: all +@@ -218,39 +221,41 @@ + This package provides common files needed for target-specific + full system emulation (qemu-system-*) packages. + +-Package: qemu-system-gui +-Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-#XXX M-A: same does not really work for now due to /usr/lib/qemu/vhost-user-gpu +-#XXX we'll deal with this if some actual need arises, +-#XXX by moving that binary back to q-s-common or packaging it separately +-#Multi-Arch: same +-Depends: ${misc:Depends}, ${shlibs:Depends}, +- qemu-system-x86 (= ${binary:Version}) +- |qemu-system-arm (= ${binary:Version}) +- |qemu-system-mips (= ${binary:Version}) +- |qemu-system-ppc (= ${binary:Version}) +- |qemu-system-sparc (= ${binary:Version}) +- |qemu-system-misc (= ${binary:Version}), +-# libgl1 is dynamically loaded by sdl display code +- libgl1, +-# we moved vhost-user-gpu files here from qemu-system-common at 6.1-4 +-Replaces: qemu-system-common (<< 1:6.1+dfsg-4~) +-Description: QEMU full system emulation binaries (user interface and audio support) +- This package provides local graphical user interface (currently GTK) +- and audio backends for full system emulation (qemu-system-*) packages. +- . +- The default GTK based qemu-system-gui is generally better and recommended, +- but a few corner cases still need SDL which is therefore provided as well. ++#Package: qemu-system-gui ++#Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++##XXX M-A: same does not really work for now due to /usr/lib/qemu/vhost-user-gpu ++##XXX we'll deal with this if some actual need arises, ++##XXX by moving that binary back to q-s-common or packaging it separately ++##Multi-Arch: same ++#Depends: ${misc:Depends}, ${shlibs:Depends}, ++# qemu-system-x86 (= ${binary:Version}) ++# |qemu-system-arm (= ${binary:Version}) ++# |qemu-system-mips (= ${binary:Version}) ++# |qemu-system-ppc (= ${binary:Version}) ++# |qemu-system-sparc (= ${binary:Version}) ++# |qemu-system-misc (= ${binary:Version}), ++## libgl1 is dynamically loaded by sdl display code ++# libgl1, ++## we moved vhost-user-gpu files here from qemu-system-common at 6.1-4 ++#Replaces: qemu-system-common (<< 1:6.1+dfsg-4~) ++#Description: QEMU full system emulation binaries (user interface and audio support) ++# This package provides local graphical user interface (currently GTK) ++# and audio backends for full system emulation (qemu-system-*) packages. ++# . ++# The default GTK based qemu-system-gui is generally better and recommended, ++# but a few corner cases still need SDL which is therefore provided as well. + + Package: qemu-system-misc + Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 + Multi-Arch: foreign + Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), +-Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ++Recommends: ++# qemu-system-gui (= ${binary:Version}), ++ qemu-utils, + # alpha uses vgabios + # alpha m68k sh4 uses bootroms + seabios, ipxe-qemu, +- qemu-block-extra (= ${binary:Version}), ++# qemu-block-extra (= ${binary:Version}), + Suggests: samba, vde2, + Provides: ${sysprovides:misc}, + qemu-kvm [s390x], +@@ -274,11 +279,13 @@ + Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 + Multi-Arch: foreign + Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), +-Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ++Recommends: ++# qemu-system-gui (= ${binary:Version}), ++ qemu-utils, + # aarch64 arm uses bootroms + ipxe-qemu, + qemu-efi-aarch64, qemu-efi-arm, +- qemu-block-extra (= ${binary:Version}), ++# qemu-block-extra (= ${binary:Version}), + Suggests: samba, vde2, + Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm} + Breaks: qemu-kvm [linux-arm64 linux-armhf linux-armel] +@@ -296,186 +303,186 @@ + code. It can also be used to provide virtual hosting of several virtual + machines on a single server. + +-Package: qemu-system-mips +-Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: foreign +-Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), +-Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, +-# all mips targets uses vgabios and bootroms +- seabios, ipxe-qemu, +- qemu-block-extra (= ${binary:Version}), +-Suggests: samba, vde2, +-Provides: ${sysprovides:mips} +-Description: QEMU full system emulation binaries (mips) +- QEMU is a fast processor emulator: currently the package supports +- MIPS emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides the full system emulation binaries to emulate +- the following mips hardware: ${sysarch:mips}. +- . +- In system emulation mode QEMU emulates a full system, including a processor +- and various peripherals. It enables easier testing and debugging of system +- code. It can also be used to provide virtual hosting of several virtual +- machines on a single server. +- +-Package: qemu-system-ppc +-Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: foreign +-Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), +-Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, +-# ppc targets use vgabios-stdvga and bootroms +- seabios, ipxe-qemu, +- qemu-block-extra (= ${binary:Version}), +-Suggests: samba, vde2, +-Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc} +-Breaks: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc] +-Replaces: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc] +-Description: QEMU full system emulation binaries (ppc) +- QEMU is a fast processor emulator: currently the package supports +- PowerPC emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides the full system emulation binaries to emulate +- the following PowerPC hardware: ${sysarch:ppc}. +- . +- In system emulation mode QEMU emulates a full system, including a processor +- and various peripherals. It enables easier testing and debugging of system +- code. It can also be used to provide virtual hosting of several virtual +- machines on a single server. +- +-Package: qemu-system-sparc +-Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: foreign +-Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), +-Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, +-# sparc64 uses vgabios-stdvga and bootroms +- seabios, ipxe-qemu, +- qemu-block-extra (= ${binary:Version}), +-Suggests: samba, vde2, +-Provides: ${sysprovides:sparc} +-Description: QEMU full system emulation binaries (sparc) +- QEMU is a fast processor emulator: currently the package supports +- SPARC emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides the full system emulation binaries to emulate +- the following sparc hardware: ${sysarch:sparc}. +- . +- In system emulation mode QEMU emulates a full system, including a processor +- and various peripherals. It enables easier testing and debugging of system +- code. It can also be used to provide virtual hosting of several virtual +- machines on a single server. +- +-Package: qemu-system-x86 +-Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: foreign +-Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), +- seabios, ipxe-qemu, +-Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, +- ovmf, +- qemu-block-extra (= ${binary:Version}), +-Suggests: samba, vde2, +-Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86} +-Breaks: qemu-kvm [linux-amd64 linux-i386] +-Replaces: qemu-kvm [linux-amd64 linux-i386] +-Description: QEMU full system emulation binaries (x86) +- QEMU is a fast processor emulator: currently the package supports +- i386 and x86-64 emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides the full system emulation binaries to emulate +- the following x86 hardware: ${sysarch:x86}. +- . +- In system emulation mode QEMU emulates a full system, including a processor +- and various peripherals. It enables easier testing and debugging of system +- code. It can also be used to provide virtual hosting of several virtual +- machines on a single server. +- . +- On x86 host hardware this package also enables KVM kernel virtual machine +- usage on systems which supports it. +- +-Package: qemu-system-xen +-Architecture: amd64 +-Multi-Arch: no +-# do we really need qemu-system-data? keymaps only? +-Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-data (>> ${source:Upstream-Version}~), +- seabios, ipxe-qemu +-Recommends: qemu-utils, +- ovmf, +-Description: QEMU full system emulation (Xen helper package) +- This package provides the i386 system emulation binary to work +- together with the Xen hypervisor for some types of DomUs. +- This package is not useful by its own. +- +-Package: qemu-user +-Architecture: amd64 arm arm64 armel armhf i386 mips mipsel mips64 mips64el ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: foreign +-Depends: ${shlibs:Depends}, ${misc:Depends} +-Recommends: qemu-user-binfmt +-Description: QEMU user mode emulation binaries +- QEMU is a fast processor emulator: currently the package supports +- ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, +- SPARC and x86-64 emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides the user mode emulation binaries. In this mode +- QEMU can launch Linux processes compiled for one CPU on another CPU. +- . +- If qemu-user-binfmt package is also installed, it will register binary +- format handlers from this qemu-user package with the kernel so it will +- be possible to run foreign binaries directly. However, this might not +- be suitable for using inside foreign chroots, in which case it is +- possible to use qemu-user-static package instead of qemu-user-binmft, -- +- qemu-user-static will register statically linked binfmt handlers instead. +- +-Package: qemu-user-static +-Architecture: amd64 arm arm64 armel armhf i386 mips mipsel mips64 mips64el ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Built-Using: ${built-using} +-Multi-Arch: foreign +-Depends: ${misc:Depends} +-Recommends: systemd | binfmt-support +-Breaks: binfmt-support (<< 2.1.7~) +-Provides: qemu-user-binfmt +-Conflicts: qemu-user-binfmt +-Description: QEMU user mode emulation binaries (static version) +- QEMU is a fast processor emulator: currently the package supports +- ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, +- SPARC and x86-64 emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides the user mode emulation binaries, built +- statically. In this mode QEMU can launch Linux processes compiled for +- one CPU on another CPU. +- . +- qemu-user-static package will register binary formats which the provided +- emulators can handle, so that it will be possible to run foreign binaries +- directly. ++#Package: qemu-system-mips ++#Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: foreign ++#Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), ++#Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ++## all mips targets uses vgabios and bootroms ++# seabios, ipxe-qemu, ++# qemu-block-extra (= ${binary:Version}), ++#Suggests: samba, vde2, ++#Provides: ${sysprovides:mips} ++#Description: QEMU full system emulation binaries (mips) ++# QEMU is a fast processor emulator: currently the package supports ++# MIPS emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides the full system emulation binaries to emulate ++# the following mips hardware: ${sysarch:mips}. ++# . ++# In system emulation mode QEMU emulates a full system, including a processor ++# and various peripherals. It enables easier testing and debugging of system ++# code. It can also be used to provide virtual hosting of several virtual ++# machines on a single server. ++# ++#Package: qemu-system-ppc ++#Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: foreign ++#Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), ++#Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ++## ppc targets use vgabios-stdvga and bootroms ++# seabios, ipxe-qemu, ++# qemu-block-extra (= ${binary:Version}), ++#Suggests: samba, vde2, ++#Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc} ++#Breaks: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc] ++#Replaces: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc] ++#Description: QEMU full system emulation binaries (ppc) ++# QEMU is a fast processor emulator: currently the package supports ++# PowerPC emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides the full system emulation binaries to emulate ++# the following PowerPC hardware: ${sysarch:ppc}. ++# . ++# In system emulation mode QEMU emulates a full system, including a processor ++# and various peripherals. It enables easier testing and debugging of system ++# code. It can also be used to provide virtual hosting of several virtual ++# machines on a single server. ++# ++#Package: qemu-system-sparc ++#Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: foreign ++#Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), ++#Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ++## sparc64 uses vgabios-stdvga and bootroms ++# seabios, ipxe-qemu, ++# qemu-block-extra (= ${binary:Version}), ++#Suggests: samba, vde2, ++#Provides: ${sysprovides:sparc} ++#Description: QEMU full system emulation binaries (sparc) ++# QEMU is a fast processor emulator: currently the package supports ++# SPARC emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides the full system emulation binaries to emulate ++# the following sparc hardware: ${sysarch:sparc}. ++# . ++# In system emulation mode QEMU emulates a full system, including a processor ++# and various peripherals. It enables easier testing and debugging of system ++# code. It can also be used to provide virtual hosting of several virtual ++# machines on a single server. ++# ++#Package: qemu-system-x86 ++#Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: foreign ++#Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (= ${binary:Version}), qemu-system-data (>> ${source:Upstream-Version}~), ++# seabios, ipxe-qemu, ++#Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ++# ovmf, ++# qemu-block-extra (= ${binary:Version}), ++#Suggests: samba, vde2, ++#Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86} ++#Breaks: qemu-kvm [linux-amd64 linux-i386] ++#Replaces: qemu-kvm [linux-amd64 linux-i386] ++#Description: QEMU full system emulation binaries (x86) ++# QEMU is a fast processor emulator: currently the package supports ++# i386 and x86-64 emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides the full system emulation binaries to emulate ++# the following x86 hardware: ${sysarch:x86}. ++# . ++# In system emulation mode QEMU emulates a full system, including a processor ++# and various peripherals. It enables easier testing and debugging of system ++# code. It can also be used to provide virtual hosting of several virtual ++# machines on a single server. ++# . ++# On x86 host hardware this package also enables KVM kernel virtual machine ++# usage on systems which supports it. ++# ++#Package: qemu-system-xen ++#Architecture: amd64 ++#Multi-Arch: no ++## do we really need qemu-system-data? keymaps only? ++#Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-data (>> ${source:Upstream-Version}~), ++# seabios, ipxe-qemu ++#Recommends: qemu-utils, ++# ovmf, ++#Description: QEMU full system emulation (Xen helper package) ++# This package provides the i386 system emulation binary to work ++# together with the Xen hypervisor for some types of DomUs. ++# This package is not useful by its own. + +-Package: qemu-user-binfmt +-Architecture: amd64 arm arm64 armel armhf i386 mips mipsel mips64 mips64el ppc64 ppc64el riscv64 s390x sparc sparc64 x32 +-Multi-Arch: foreign +-Depends: ${misc:Depends}, qemu-user (= ${binary:Version}), systemd | binfmt-support +-Breaks: binfmt-support (<< 2.1.7~) +-Conflicts: qemu-user-static +-Description: QEMU user mode binfmt registration for qemu-user +- QEMU is a fast processor emulator: currently the package supports +- ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, +- SPARC and x86-64 emulation. By using dynamic translation it achieves +- reasonable speed while being easy to port on new host CPUs. +- . +- This package provides binfmt support registration for the user mode +- emulation binaries from qemu-user. This is an empty package, it does +- not contain any additional files, only registration scripts which run +- at install and remove times. ++#Package: qemu-user ++#Architecture: amd64 arm arm64 armel armhf i386 mips mipsel mips64 mips64el ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: foreign ++#Depends: ${shlibs:Depends}, ${misc:Depends} ++#Recommends: qemu-user-binfmt ++#Description: QEMU user mode emulation binaries ++# QEMU is a fast processor emulator: currently the package supports ++# ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, ++# SPARC and x86-64 emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides the user mode emulation binaries. In this mode ++# QEMU can launch Linux processes compiled for one CPU on another CPU. ++# . ++# If qemu-user-binfmt package is also installed, it will register binary ++# format handlers from this qemu-user package with the kernel so it will ++# be possible to run foreign binaries directly. However, this might not ++# be suitable for using inside foreign chroots, in which case it is ++# possible to use qemu-user-static package instead of qemu-user-binmft, -- ++# qemu-user-static will register statically linked binfmt handlers instead. ++# ++#Package: qemu-user-static ++#Architecture: amd64 arm arm64 armel armhf i386 mips mipsel mips64 mips64el ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Built-Using: ${built-using} ++#Multi-Arch: foreign ++#Depends: ${misc:Depends} ++#Recommends: systemd | binfmt-support ++#Breaks: binfmt-support (<< 2.1.7~) ++#Provides: qemu-user-binfmt ++#Conflicts: qemu-user-binfmt ++#Description: QEMU user mode emulation binaries (static version) ++# QEMU is a fast processor emulator: currently the package supports ++# ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, ++# SPARC and x86-64 emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides the user mode emulation binaries, built ++# statically. In this mode QEMU can launch Linux processes compiled for ++# one CPU on another CPU. ++# . ++# qemu-user-static package will register binary formats which the provided ++# emulators can handle, so that it will be possible to run foreign binaries ++# directly. ++# ++#Package: qemu-user-binfmt ++#Architecture: amd64 arm arm64 armel armhf i386 mips mipsel mips64 mips64el ppc64 ppc64el riscv64 s390x sparc sparc64 x32 ++#Multi-Arch: foreign ++#Depends: ${misc:Depends}, qemu-user (= ${binary:Version}), systemd | binfmt-support ++#Breaks: binfmt-support (<< 2.1.7~) ++#Conflicts: qemu-user-static ++#Description: QEMU user mode binfmt registration for qemu-user ++# QEMU is a fast processor emulator: currently the package supports ++# ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, ++# SPARC and x86-64 emulation. By using dynamic translation it achieves ++# reasonable speed while being easy to port on new host CPUs. ++# . ++# This package provides binfmt support registration for the user mode ++# emulation binaries from qemu-user. This is an empty package, it does ++# not contain any additional files, only registration scripts which run ++# at install and remove times. + + Package: qemu-utils + Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 + Multi-Arch: foreign + Breaks: qemu-system-common (<< 1:3.1+dfsg-3~) + Depends: ${shlibs:Depends}, ${misc:Depends}, +-Recommends: +- qemu-block-extra (= ${binary:Version}), ++#Recommends: ++# qemu-block-extra (= ${binary:Version}), + Description: QEMU utilities + QEMU is a fast processor emulator: currently the package supports + ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, +--- qemu-7.2+dfsg-orig/debian/rules 2024-02-06 09:34:37.000000000 -0800 ++++ qemu-7.2+dfsg/debian/rules 2024-06-17 09:59:57.180637423 -0700 +@@ -85,12 +85,14 @@ + + # list of system (softmmu) targets, from ./configure + system_targets = \ +- i386 x86_64 alpha aarch64 arm avr cris hppa m68k loongarch64 microblaze microblazeel \ +- mips mipsel mips64 mips64el nios2 or1k ppc ppc64 riscv32 riscv64 rx \ +- sh4 sh4eb sparc sparc64 s390x tricore xtensa xtensaeb ++ aarch64 ++# i386 x86_64 alpha aarch64 arm avr cris hppa m68k loongarch64 microblaze microblazeel \ ++# mips mipsel mips64 mips64el nios2 or1k ppc ppc64 riscv32 riscv64 rx \ ++# sh4 sh4eb sparc sparc64 s390x tricore xtensa xtensaeb + + # qemu-system subpackages, from d/control +-sys_systems = arm mips ppc sparc x86 $(if $(filter ${VENDOR},UBUNTU),s390x,) ++#sys_systems = arm mips ppc sparc x86 $(if $(filter ${VENDOR},UBUNTU),s390x,) ++sys_systems = arm + systems = ${sys_systems} misc + sysarch_arm = $(filter aarch64 arm,${system_targets}) + sysarch_mips = $(filter mips mipsel mips64 mips64el,${system_targets}) +@@ -110,10 +112,11 @@ + + # list of linux-user targets, from ./configure + user_targets = \ +- i386 x86_64 alpha aarch64 aarch64_be arm armeb cris hexagon hppa \ +- loongarch64 m68k microblaze microblazeel \ +- mips mipsel mips64 mips64el mipsn32 mipsn32el nios2 or1k \ +- ppc ppc64 ppc64le riscv32 riscv64 sh4 sh4eb sparc sparc64 sparc32plus \ ++ # (none) ++# i386 x86_64 alpha aarch64 aarch64_be arm armeb cris hexagon hppa \ ++# loongarch64 m68k microblaze microblazeel \ ++# mips mipsel mips64 mips64el mipsn32 mipsn32el nios2 or1k \ ++# ppc ppc64 ppc64le riscv32 riscv64 sh4 sh4eb sparc sparc64 sparc32plus \ + s390x xtensa xtensaeb + + endif # enable_linux_user +@@ -132,6 +135,7 @@ + ../../configure ${common_configure_opts} --disable-user \ + --${enable_system}-system \ + --${enable_linux_user}-linux-user \ ++ --target-list=aarch64-softmmu \ + --disable-xen \ + --enable-modules \ + --enable-module-upgrades \ +@@ -177,17 +181,17 @@ + + # save block-extra loadable modules on upgrades + # other module types for now (5.0) can't be loaded at runtime, only at startup +- echo 'case $$1 in (upgrade|deconfigure) [ -d /run/qemu ] || exit 0; ! findmnt --noheadings --target /run/qemu/ | grep -q noexec || exit 0; mkdir -p ${SAVEMODDIR}; cp -p ${libdir}/qemu/block-*.so ${SAVEMODDIR}/;; esac' \ +- >> debian/qemu-block-extra.prerm.debhelper +- echo 'case $$1 in (remove) rm -f ${SAVEMODDIR}/block-*.so;; esac' \ +- >> debian/qemu-block-extra.postrm.debhelper +- echo 'case $$1 in (purge) if systemctl is-active -q run-qemu.mount; then systemctl stop run-qemu.mount || true; fi; rm -rf "/run/qemu";; esac' \ +- >> debian/qemu-block-extra.postrm.debhelper ++ #echo 'case $$1 in (upgrade|deconfigure) [ -d /run/qemu ] || exit 0; ! findmnt --noheadings --target /run/qemu/ | grep -q noexec || exit 0; mkdir -p ${SAVEMODDIR}; cp -p ${libdir}/qemu/block-*.so ${SAVEMODDIR}/;; esac' \ ++ # >> debian/qemu-block-extra.prerm.debhelper ++ #echo 'case $$1 in (remove) rm -f ${SAVEMODDIR}/block-*.so;; esac' \ ++ # >> debian/qemu-block-extra.postrm.debhelper ++ #echo 'case $$1 in (purge) if systemctl is-active -q run-qemu.mount; then systemctl stop run-qemu.mount || true; fi; rm -rf "/run/qemu";; esac' \ ++ # >> debian/qemu-block-extra.postrm.debhelper + + ifeq (${enable_system},enable) + + # qemu-system subpackages +- mv debian/tmp/usr/share/man/man1/qemu.1 debian/tmp/usr/share/man/man1/qemu-system.1 ++ #mv debian/tmp/usr/share/man/man1/qemu.1 debian/tmp/usr/share/man/man1/qemu-system.1 + $(foreach s,${systems},$(call inst-system,$s)) + + # gui modules. We move these here instead of using d/qemu-system-gui.install, +@@ -195,28 +199,28 @@ + # audio-pa.so pulls in X11 so we move it into -system-gui too + # hw-display-virtio-gpu-gl also pulls in X11, move it to -gui + mkdir -p debian/qemu-system-gui${libdir}/qemu +- mv -t debian/qemu-system-gui${libdir}/qemu/ \ +- debian/tmp${libdir}/qemu/ui-gtk.so \ +- debian/tmp${libdir}/qemu/ui-sdl.so \ +- debian/tmp${libdir}/qemu/audio-jack.so \ +- debian/tmp${libdir}/qemu/audio-sdl.so \ +- debian/tmp${libdir}/qemu/audio-pa.so \ +- debian/tmp${libdir}/qemu/hw-display-virtio-gpu-gl.so \ ++ #mv -t debian/qemu-system-gui${libdir}/qemu/ \ ++ # debian/tmp${libdir}/qemu/ui-gtk.so \ ++ # debian/tmp${libdir}/qemu/ui-sdl.so \ ++ # debian/tmp${libdir}/qemu/audio-jack.so \ ++ # debian/tmp${libdir}/qemu/audio-sdl.so \ ++ # debian/tmp${libdir}/qemu/audio-pa.so \ ++ # debian/tmp${libdir}/qemu/hw-display-virtio-gpu-gl.so \ + + ifeq ($(DEB_HOST_ARCH_OS),linux) + + # /usr/bin/kvm handy link multi-arch from old qemu-kvm package + # on i386, should we link to qemu-system-i386? how about x32? +-ifneq ($(filter ${DEB_HOST_ARCH},amd64 i386),) +- $(call inst-kvm-link,qemu-system-x86,x86_64) +-ifeq (${VENDOR},UBUNTU) +-# on ubuntu *-spice existed, may be used in libvirt xml and scripts - keep links for compatibility +-# The sunset for this will be when Ubuntu-Bionic goes out of support which is expected to happen in 2028 +- install -p -t debian/qemu-system-x86/usr/bin debian/kvm-spice debian/qemu-system-x86_64-spice +- install -p -t debian/qemu-system-x86/usr/share/man/man1/ debian/kvm-spice.1 +- echo ".so man1/kvm-spice.1" > debian/qemu-system-x86/usr/share/man/man1/qemu-system-x86_64-spice.1 +-endif +-endif ++#ifneq ($(filter ${DEB_HOST_ARCH},amd64 i386),) ++# $(call inst-kvm-link,qemu-system-x86,x86_64) ++#ifeq (${VENDOR},UBUNTU) ++## on ubuntu *-spice existed, may be used in libvirt xml and scripts - keep links for compatibility ++## The sunset for this will be when Ubuntu-Bionic goes out of support which is expected to happen in 2028 ++# install -p -t debian/qemu-system-x86/usr/bin debian/kvm-spice debian/qemu-system-x86_64-spice ++# install -p -t debian/qemu-system-x86/usr/share/man/man1/ debian/kvm-spice.1 ++# echo ".so man1/kvm-spice.1" > debian/qemu-system-x86/usr/share/man/man1/qemu-system-x86_64-spice.1 ++#endif ++#endif + $(if $(filter ${DEB_HOST_ARCH},arm64), $(call inst-kvm-link,qemu-system-arm,aarch64)) + $(if $(filter ${DEB_HOST_ARCH},armhf armel), $(call inst-kvm-link,qemu-system-arm,arm)) + $(if $(filter ${DEB_HOST_ARCH},ppc64 ppc64el), $(call inst-kvm-link,qemu-system-ppc,ppc64)) +@@ -227,18 +231,20 @@ + debian/source_qemu.py + endif + +-ifeq (DEBIAN-amd64,${VENDOR}-${DEB_HOST_ARCH}) +-# do it for bookworm only, remove the wrapper for bookworm+ +- mkdir -p debian/qemu-system-x86/usr/libexec/ +- mv debian/qemu-system-x86/usr/bin/qemu-system-i386 \ +- debian/qemu-system-x86/usr/libexec/qemu-system-i386 +- install -pm0755 debian/qemu-system-i386.xen-wrapper \ +- debian/qemu-system-x86/usr/bin/qemu-system-i386 +-endif ++#ifeq (DEBIAN-amd64,${VENDOR}-${DEB_HOST_ARCH}) ++## do it for bookworm only, remove the wrapper for bookworm+ ++# mkdir -p debian/qemu-system-x86/usr/libexec/ ++# mv debian/qemu-system-x86/usr/bin/qemu-system-i386 \ ++# debian/qemu-system-x86/usr/libexec/qemu-system-i386 ++# install -pm0755 debian/qemu-system-i386.xen-wrapper \ ++# debian/qemu-system-x86/usr/bin/qemu-system-i386 ++#endif + + # virtfs-proxy-helper and qemu-bridge-helper are linux-specific ++ #for f in usr/lib/qemu/virtfs-proxy-helper \ ++ # usr/share/man/man1/virtfs-proxy-helper.1 \ ++ # usr/lib/qemu/qemu-bridge-helper + for f in usr/lib/qemu/virtfs-proxy-helper \ +- usr/share/man/man1/virtfs-proxy-helper.1 \ + usr/lib/qemu/qemu-bridge-helper \ + ; do \ + mkdir -p debian/qemu-system-common/$${f%/*} ; \ +@@ -248,8 +254,10 @@ + ifneq (${DEB_HOST_ARCH},sparc64) + # virtiofsd needs libseccomp which is not ported to sparc (not even the kernel part), + # so install it only on non-sparc ++ #for f in usr/lib/qemu/virtiofsd \ ++ # usr/share/man/man1/virtiofsd.1 \ ++ # usr/share/qemu/vhost-user/50-qemu-virtiofsd.json + for f in usr/lib/qemu/virtiofsd \ +- usr/share/man/man1/virtiofsd.1 \ + usr/share/qemu/vhost-user/50-qemu-virtiofsd.json \ + ; do \ + mkdir -p debian/qemu-system-common/$${f%/*} ; \ +@@ -258,7 +266,7 @@ + endif + + # for --enable-module-upgrades to work in more environments +- install -D -m 0644 debian/run-qemu.mount debian/qemu-block-extra/lib/systemd/system/run-qemu.mount ++ #install -D -m 0644 debian/run-qemu.mount debian/qemu-block-extra/lib/systemd/system/run-qemu.mount + + endif # linux + +@@ -313,7 +321,7 @@ + echo ".so man1/qemu-system.1" > debian/qemu-system-x86/usr/share/man/man1/qemu-system-x86_64-microvm.1 + # build microvm on amd64 only if system build is enabled + ifeq ($(filter-out $(DEB_HOST_ARCH),amd64)${enable_system},enable) +-qemu-builds += microvm ++#qemu-builds += microvm + endif + + ############################################## +@@ -345,7 +353,7 @@ + install -D b/xen/qemu-system-i386 \ + debian/qemu-system-xen${QEMU_XEN} + ifeq (${DEB_HOST_ARCH}-${enable_system},amd64-enable) +-qemu-builds += xen ++#qemu-builds += xen + endif + + ############################################## +@@ -384,7 +392,7 @@ + done + ./debian/binfmt-install qemu-user-static + ifeq ($(enable_linux_user),enable) +-qemu-builds += user-static ++#qemu-builds += user-static + endif + + ############################################## +@@ -400,18 +408,18 @@ + override_dh_auto_install-arch: $(addprefix install-, ${qemu-builds}) + + override_dh_installdocs: +- dh_installdocs -Nqemu-user-binfmt +- dh_installdocs -pqemu-user-binfmt --link-doc=qemu-user ++ #dh_installdocs -Nqemu-user-binfmt ++ #dh_installdocs -pqemu-user-binfmt --link-doc=qemu-user + override_dh_installchangelogs: +- dh_installchangelogs -Nqemu-user-binfmt ++ #dh_installchangelogs -Nqemu-user-binfmt + override_dh_installinit: + dh_installinit -pqemu-guest-agent + override_dh_installsystemd: + dh_installsystemd -pqemu-guest-agent --no-enable + # default-enable /run/qemu mount only on ubuntu, + # on debian let it be manually controlled and off by default +- dh_installsystemd -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu.mount \ +- $(if $(filter ${VENDOR},DEBIAN),--no-start --no-enable,) ++ #dh_installsystemd -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu.mount \ ++ # $(if $(filter ${VENDOR},DEBIAN),--no-start --no-enable,) + execute_after_dh_shlibdeps: + ifeq ($(enable_linux_user),enable) + # after shlibdeps finished, grab ${shlibs:Depends} from -user package +@@ -458,7 +466,7 @@ + b/openbios/obj-sparc32/QEMU,tcx.bin \ + b/openbios/obj-sparc32/QEMU,cgthree.bin \ + b/openbios/obj-sparc64/QEMU,VGA.bin +-sysdata-components += openbios ++#sysdata-components += openbios + + ### powernv firmware in roms/skiboot + build-skiboot: b/skiboot/skiboot.lid +@@ -474,7 +482,7 @@ + CROSS_COMPILE=${PPC64_CROSSPFX} V=${V} + install-skiboot: b/skiboot/skiboot.lid + install -m 0644 -t ${sysdataidir} $< +-sysdata-components += skiboot ++#sysdata-components += skiboot + + build-vof: b/vof/vof.bin + b/vof/vof.bin: | b +@@ -483,7 +491,7 @@ + ${MAKE} -C b/vof CROSS=${PPC64_CROSSPFX} SRC_DIR=../../pc-bios/vof -f../../pc-bios/vof/Makefile + install-vof: b/vof/vof.bin + install -m 0644 -t ${sysdataidir} $< +-sysdata-components += vof ++#sysdata-components += vof + + ### x86 optionrom + build-x86-optionrom: b/optionrom/built +@@ -493,7 +501,7 @@ + touch $@ + install-x86-optionrom: build-x86-optionrom | ${sysdataidir} + ${MAKE} -f ${CURDIR}/debian/optionrom.mak -C b/optionrom SRC_PATH="${CURDIR}" install DESTDIR="${CURDIR}/${sysdataidir}" +-sysdata-components += x86-optionrom ++#sysdata-components += x86-optionrom + + ### sgabios. + # The Makefile is too complex and forces current date to be embedded to binary +@@ -510,7 +518,7 @@ + b/sgabios/csum8 b/sgabios/sgabios.bin + install-sgabios: b/sgabios/sgabios.bin + install -m 0644 $< ${sysdataidir}/sgabios.bin +-sysdata-components += sgabios ++#sysdata-components += sgabios + + ### qboot, aka bios-microvm + build-qboot: b/qboot/bios.bin +@@ -522,7 +530,7 @@ + install -m 0644 $< ${sysdataidir}/qboot.rom + # 5.0 & 5.1 compat symlink, can go for bullseye final + ln -s qboot.rom ${sysdataidir}/bios-microvm.bin +-sysdata-components += qboot ++#sysdata-components += qboot + + ### alpha firmware in roms/palcode-clipper + build-palcode-clipper: b/qemu-palcode/palcode-clipper +@@ -534,7 +542,7 @@ + ${ALPHAEV67_CROSSPFX}strip b/qemu-palcode/palcode-clipper + install-palcode-clipper: b/qemu-palcode/palcode-clipper + install -m 0644 $< ${sysdataidir}/palcode-clipper +-sysdata-components += palcode-clipper ++#sysdata-components += palcode-clipper + + ### SLOF + build-slof: b/SLOF/boot_rom.bin +@@ -543,7 +551,7 @@ + env -u LDFLAGS -u CFLAGS $(MAKE) -C b/SLOF qemu CROSS=${PPC64_CROSSPFX} V=${V} + install-slof: b/SLOF/boot_rom.bin + install -m 0644 $< ${sysdataidir}/slof.bin +-sysdata-components += slof ++#sysdata-components += slof + + ### s390x firmware in pc-bios/s390-ccw + build-s390x-fw: b/s390fw/built +@@ -553,7 +561,7 @@ + touch $@ + install-s390x-fw: build-s390x-fw + install -m 0644 -t ${sysdataidir} b/s390fw/s390*.img +-sysdata-components += s390x-fw ++#sysdata-components += s390x-fw + + ### hppa-firmware (roms/seabios-hppa) + build-hppa-fw: b/hppafw/hppa-firmware.img +@@ -565,7 +573,7 @@ + hppa-linux-gnu-strip -R.note -R.comment $@ + install-hppa-fw: b/hppafw/hppa-firmware.img + install -m 0644 $< ${sysdataidir} +-sysdata-components += hppa-fw ++#sysdata-components += hppa-fw + + ### opensbi (riscv firmware) + # we only build v64 variants, not v32 +@@ -578,7 +586,7 @@ + install-opensbi: build-opensbi + install -m 0644 b/opensbi/platform/generic/firmware/fw_dynamic.bin ${sysdataidir}/opensbi-riscv64-generic-fw_dynamic.bin + install -m 0644 b/opensbi/platform/generic/firmware/fw_dynamic.elf ${sysdataidir}/opensbi-riscv64-generic-fw_dynamic.elf +-sysdata-components += opensbi ++#sysdata-components += opensbi + + ### vbootrom (npcm7xx) + build-vbootrom: b/vbootrom/.built +@@ -588,7 +596,7 @@ + touch $@ + install-vbootrom: build-vbootrom + install -m 0644 b/vbootrom/npcm7xx_bootrom.bin ${sysdataidir}/ +-sysdata-components += vbootrom ++#sysdata-components += vbootrom + + ### misc firmware + build-misc: b/misc/.built +@@ -600,7 +608,7 @@ + install-misc: build-misc + install -m 0644 b/misc/bamboo.dtb b/misc/canyonlands.dtb \ + ${sysdataidir} +-sysdata-components += misc ++#sysdata-components += misc + + ${sysdataidir}: + mkdir -p -m 0755 $@ +--- qemu-7.2+dfsg-orig/debian/qemu-guest-agent.install 2024-02-06 09:34:37.000000000 -0800 ++++ qemu-7.2+dfsg/debian/qemu-guest-agent.install 2024-06-13 14:18:36.246203287 -0700 +@@ -1,5 +1,5 @@ + debian/tmp/usr/bin/qemu-ga /usr/sbin +-debian/tmp/usr/share/man/man8/qemu-ga.8 /usr/share/man/man8 +-debian/tmp/usr/share/man/man7/qemu-ga-ref.7 /usr/share/man/man7 ++#debian/tmp/usr/share/man/man8/qemu-ga.8 /usr/share/man/man8 ++#debian/tmp/usr/share/man/man7/qemu-ga-ref.7 /usr/share/man/man7 + qga/qapi-schema.json /usr/share/doc/qemu-guest-agent + scripts/qemu-guest-agent/fsfreeze-hook /etc/qemu/ +--- qemu-7.2+dfsg-orig/debian/qemu-system-common.install 2024-02-06 09:34:37.000000000 -0800 ++++ qemu-7.2+dfsg/debian/qemu-system-common.install 2024-06-13 14:15:02.593758280 -0700 +@@ -1,18 +1,18 @@ + debian/qemu-ifdown etc/ +-debian/tmp/usr/share/man/man1/qemu-system.1 ++#debian/tmp/usr/share/man/man1/qemu-system.1 + debian/tmp/usr/share/qemu/trace-events-all + debian/tmp/usr/bin/qemu-pr-helper +-debian/tmp/usr/share/man/man8/qemu-pr-helper.8 +-debian/tmp/usr/share/man/man7/qemu-qmp-ref.7 +-debian/tmp/usr/share/man/man7/qemu-block-drivers.7 +-debian/tmp/usr/share/man/man7/qemu-cpu-models.7 +-debian/tmp/usr/share/doc/qemu/system usr/share/doc/qemu-system-common ++#debian/tmp/usr/share/man/man8/qemu-pr-helper.8 ++#debian/tmp/usr/share/man/man7/qemu-qmp-ref.7 ++#debian/tmp/usr/share/man/man7/qemu-block-drivers.7 ++#debian/tmp/usr/share/man/man7/qemu-cpu-models.7 ++#debian/tmp/usr/share/doc/qemu/system usr/share/doc/qemu-system-common + debian/tmp/usr/bin/qemu-storage-daemon +-debian/tmp/usr/share/man/man1/qemu-storage-daemon.1 +-debian/tmp/usr/share/man/man7/qemu-storage-daemon-qmp-ref.7 ++#debian/tmp/usr/share/man/man1/qemu-storage-daemon.1 ++#debian/tmp/usr/share/man/man7/qemu-storage-daemon-qmp-ref.7 + # common modules. gui modules has been moved into place in d/rules. +-debian/tmp/usr/lib/*/qemu/accel-tcg-*.so ++#debian/tmp/usr/lib/*/qemu/accel-tcg-*.so + debian/tmp/usr/lib/*/qemu/audio-*.so +-debian/tmp/usr/lib/*/qemu/chardev-*.so ++#debian/tmp/usr/lib/*/qemu/chardev-*.so + debian/tmp/usr/lib/*/qemu/hw-*.so + debian/tmp/usr/lib/*/qemu/ui-*.so +--- qemu-7.2+dfsg-orig/debian/qemu-utils.install 2024-02-06 09:34:37.000000000 -0800 ++++ qemu-7.2+dfsg/debian/qemu-utils.install 2024-06-13 14:15:27.789183861 -0700 +@@ -1,5 +1,5 @@ + debian/tmp/usr/bin/qemu-img +-debian/tmp/usr/share/man/man1/qemu-img.1 ++#debian/tmp/usr/share/man/man1/qemu-img.1 + debian/tmp/usr/bin/qemu-nbd +-debian/tmp/usr/share/man/man8/qemu-nbd.8 ++#debian/tmp/usr/share/man/man8/qemu-nbd.8 + debian/tmp/usr/bin/qemu-io diff --git a/src/pkvm_setup/qemu_patches/debian-version.patch b/src/pkvm_setup/qemu_patches/debian-version.patch new file mode 100644 index 00000000..e289d7ff --- /dev/null +++ b/src/pkvm_setup/qemu_patches/debian-version.patch @@ -0,0 +1,14 @@ +Add debian/changelog entries to bump the version to a VERSE-specific one. + +--- qemu-7.2+dfsg-orig/debian/changelog 2024-02-06 09:38:06.000000000 -0800 ++++ qemu-7.2+dfsg/debian/changelog 2024-06-13 16:45:52.023386289 -0700 +@@ -1,3 +1,9 @@ ++qemu (1:7.2+dfsg-9999+verse1) bookworm; urgency=medium ++ ++ * Initial VERSE OpenSUT build with limited featureset ++ ++ -- Stuart Pernsteiner Thu, 13 Jun 2024 04:40:23 -0700 ++ + qemu (1:7.2+dfsg-7+deb12u5) bookworm; urgency=medium + + * +revert-monitor-only-run-coroutine-commands-in-qemu_aio_context.patch From 73efb36cfc975aff2e3ba4e617c905b60e61fe04 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 18 Jun 2024 11:14:15 -0700 Subject: [PATCH 07/21] pkvm_setup: install custom-built qemu packages in host vm --- src/pkvm_setup/create_disk_images.sh | 16 ++++++++++++++-- src/pkvm_setup/vm_scripts/setup_common.sh | 11 +++++------ src/pkvm_setup/vm_scripts/setup_host.sh | 14 ++++++++++++-- 3 files changed, 31 insertions(+), 10 deletions(-) diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 55cfbc79..6b92942b 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -142,8 +142,8 @@ else # vhost-device "$(sole_file vhost-device/verse-vhost-device-gpio_[0-9]*_arm64.deb)" #"$(sole_file vhost-device/verse-vhost-device-i2c_[0-9]*_arm64.deb)" + # Could add more packages if needed, e.g. linux-headers ) - # Could add more packages if needed, e.g. linux-headers edo tar --transform='s:.*/::g' -c "${tar_inputs[@]}" | edo dd of="$tar_file" conv=notrunc edo bash run_vm_script.sh "$disk_common.orig" vm_scripts/setup_common.sh "$tar_file" @@ -169,7 +169,19 @@ else if ! [[ -e "$disk_host.orig" ]]; then edo derive_image "$disk_common" "$disk_host.orig" edo bash change_uuids.sh "$disk_common" "$disk_host.orig" - edo bash run_vm_script.sh "$disk_host.orig" vm_scripts/setup_host.sh + + tar_file=$(mktemp $(pwd)/host.XXXXXX.tar) + tar_inputs=( + # qemu-system-arm and dependencies + "$(sole_file qemu_build/bookworm-arm64_result/qemu-system-arm_*-9999+verse*_arm64.deb)" + "$(sole_file qemu_build/bookworm-arm64_result/qemu-system-common_*-9999+verse*_arm64.deb)" + "$(sole_file qemu_build/bookworm-arm64_result/qemu-system-data_*-9999+verse*_all.deb)" + ) + edo tar --transform='s:.*/::g' -cf "$tar_file" "${tar_inputs[@]}" + + edo bash run_vm_script.sh "$disk_host.orig" vm_scripts/setup_host.sh "$tar_file" + + edo rm -f "$tar_file" fi compress_helper "$disk_host" host fi diff --git a/src/pkvm_setup/vm_scripts/setup_common.sh b/src/pkvm_setup/vm_scripts/setup_common.sh index f4e68e5f..9aca2cd8 100644 --- a/src/pkvm_setup/vm_scripts/setup_common.sh +++ b/src/pkvm_setup/vm_scripts/setup_common.sh @@ -27,12 +27,11 @@ old_kernel_pkgs="$(dpkg -l | grep linux-image | while read status pkg rest; do e # Extract the new packages from input $1 and install them. work_dir="$(mktemp -d)" edo tar -C "$work_dir" -xf "$1" -( - cd "$work_dir" - for f in *.deb; do - edo dpkg -i "$f" - done -) +# Using `apt install foo.deb` instead of `dpkg -i foo.deb` will install any +# missing dependencies in addition to `foo.deb` itself. Providing all debs at +# once means we don't have to figure out the correct dependency order between +# them. +edo apt install -y --no-install-recommends "$work_dir"/*.deb edo rm -rf "$work_dir" # Remove the old kernel packages. The `noninteractive` frontend suppresses a diff --git a/src/pkvm_setup/vm_scripts/setup_host.sh b/src/pkvm_setup/vm_scripts/setup_host.sh index 5b3e332c..8198facb 100644 --- a/src/pkvm_setup/vm_scripts/setup_host.sh +++ b/src/pkvm_setup/vm_scripts/setup_host.sh @@ -27,8 +27,18 @@ edo rm -f /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub edo ssh-keygen -A -# Install necessary tools -edo apt install -y qemu-system-arm +# Extract the new packages from input $1 and install them. +work_dir="$(mktemp -d)" +edo tar -C "$work_dir" -xf "$1" +# Using `apt install foo.deb` instead of `dpkg -i foo.deb` will install any +# missing dependencies in addition to `foo.deb` itself. Providing all debs at +# once means we don't have to figure out the correct dependency order between +# them. +edo apt install -y --no-install-recommends "$work_dir"/*.deb +edo rm -rf "$work_dir" + +# Additional packages +edo apt install -y --no-install-recommends ipxe-qemu # Allow `user` to access /dev/kvm and start VMs edo usermod -a -G kvm user From 9ce1e6969f8adba79ae0eb246c2b266d378490d3 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 18 Jun 2024 11:22:29 -0700 Subject: [PATCH 08/21] vm_runner: increase ram_mb in all base_nested.toml configs --- src/vm_runner/tests/hello/base_nested.toml | 4 ++++ src/vm_runner/tests/mps/base_nested.toml | 4 ++++ src/vm_runner/tests/mps_tests/base_nested.toml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/src/vm_runner/tests/hello/base_nested.toml b/src/vm_runner/tests/hello/base_nested.toml index 3580d1be..1f516fdf 100644 --- a/src/vm_runner/tests/hello/base_nested.toml +++ b/src/vm_runner/tests/hello/base_nested.toml @@ -3,6 +3,10 @@ mode = "exec" [[process]] type = "vm" kvm = false +# Provide enough RAM to run the guest plus overhead. With the default 1GB host +# and no swap, the kernel will reject the 1GB guest allocation because it +# exceeds the total usable RAM + swap. +ram_mb = 1536 kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc' diff --git a/src/vm_runner/tests/mps/base_nested.toml b/src/vm_runner/tests/mps/base_nested.toml index 84ed17f3..4a523ed4 100644 --- a/src/vm_runner/tests/mps/base_nested.toml +++ b/src/vm_runner/tests/mps/base_nested.toml @@ -3,6 +3,10 @@ mode = "exec" [[process]] type = "vm" kvm = false +# Provide enough RAM to run the guest plus overhead. With the default 1GB host +# and no swap, the kernel will reject the 1GB guest allocation because it +# exceeds the total usable RAM + swap. +ram_mb = 1536 kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc' diff --git a/src/vm_runner/tests/mps_tests/base_nested.toml b/src/vm_runner/tests/mps_tests/base_nested.toml index 3580d1be..1f516fdf 100644 --- a/src/vm_runner/tests/mps_tests/base_nested.toml +++ b/src/vm_runner/tests/mps_tests/base_nested.toml @@ -3,6 +3,10 @@ mode = "exec" [[process]] type = "vm" kvm = false +# Provide enough RAM to run the guest plus overhead. With the default 1GB host +# and no swap, the kernel will reject the 1GB guest allocation because it +# exceeds the total usable RAM + swap. +ram_mb = 1536 kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc' From d0ef0bf8b75e4d21e53ecad0cee283ae57f7bf6c Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 18 Jun 2024 11:23:16 -0700 Subject: [PATCH 09/21] vm_runner: use pkvm-boot kernel instead of debian-boot in all configs --- src/vm_runner/build_config.toml | 4 ++-- src/vm_runner/install_config.toml | 4 ++-- src/vm_runner/install_config_guest.toml | 4 ++-- src/vm_runner/tests/hello/base_nested.toml | 4 ++-- src/vm_runner/tests/hello/base_single.toml | 4 ++-- src/vm_runner/tests/mps/base_nested.toml | 4 ++-- src/vm_runner/tests/mps/base_single.toml | 4 ++-- src/vm_runner/tests/mps_tests/base_nested.toml | 4 ++-- src/vm_runner/tests/mps_tests/base_single.toml | 4 ++-- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/vm_runner/build_config.toml b/src/vm_runner/build_config.toml index c6b740fc..63bd5a37 100644 --- a/src/vm_runner/build_config.toml +++ b/src/vm_runner/build_config.toml @@ -3,8 +3,8 @@ mode = "exec" [[process]] type = "vm" kvm = false -kernel = "../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run="/bin/bash /dev/vdb"' [process.disk.vda] diff --git a/src/vm_runner/install_config.toml b/src/vm_runner/install_config.toml index bad2c450..fdead50e 100644 --- a/src/vm_runner/install_config.toml +++ b/src/vm_runner/install_config.toml @@ -3,8 +3,8 @@ mode = "exec" [[process]] type = "vm" kvm = false -kernel = "../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run="/bin/bash /dev/vdb"' [process.disk.vda] diff --git a/src/vm_runner/install_config_guest.toml b/src/vm_runner/install_config_guest.toml index bccca6a1..53236357 100644 --- a/src/vm_runner/install_config_guest.toml +++ b/src/vm_runner/install_config_guest.toml @@ -3,8 +3,8 @@ mode = "exec" [[process]] type = "vm" kvm = false -kernel = "../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run="/bin/bash /dev/vdb"' [process.disk.vda] diff --git a/src/vm_runner/tests/hello/base_nested.toml b/src/vm_runner/tests/hello/base_nested.toml index 1f516fdf..bc629f36 100644 --- a/src/vm_runner/tests/hello/base_nested.toml +++ b/src/vm_runner/tests/hello/base_nested.toml @@ -7,8 +7,8 @@ kvm = false # and no swap, the kernel will reject the 1GB guest allocation because it # exceeds the total usable RAM + swap. ram_mb = 1536 -kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc' [process.disk.vda] diff --git a/src/vm_runner/tests/hello/base_single.toml b/src/vm_runner/tests/hello/base_single.toml index 47e68965..e2a00bbe 100644 --- a/src/vm_runner/tests/hello/base_single.toml +++ b/src/vm_runner/tests/hello/base_single.toml @@ -3,8 +3,8 @@ mode = "exec" [[process]] type = "vm" kvm = false -kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb' [process.disk.vda] diff --git a/src/vm_runner/tests/mps/base_nested.toml b/src/vm_runner/tests/mps/base_nested.toml index 4a523ed4..4b9d8d5e 100644 --- a/src/vm_runner/tests/mps/base_nested.toml +++ b/src/vm_runner/tests/mps/base_nested.toml @@ -7,8 +7,8 @@ kvm = false # and no swap, the kernel will reject the 1GB guest allocation because it # exceeds the total usable RAM + swap. ram_mb = 1536 -kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc' [process.disk.vda] diff --git a/src/vm_runner/tests/mps/base_single.toml b/src/vm_runner/tests/mps/base_single.toml index acaae0c8..165602f4 100644 --- a/src/vm_runner/tests/mps/base_single.toml +++ b/src/vm_runner/tests/mps/base_single.toml @@ -3,8 +3,8 @@ mode = "exec" [[process]] type = "vm" kvm = false -kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb' [process.disk.vda] diff --git a/src/vm_runner/tests/mps_tests/base_nested.toml b/src/vm_runner/tests/mps_tests/base_nested.toml index 1f516fdf..bc629f36 100644 --- a/src/vm_runner/tests/mps_tests/base_nested.toml +++ b/src/vm_runner/tests/mps_tests/base_nested.toml @@ -7,8 +7,8 @@ kvm = false # and no swap, the kernel will reject the 1GB guest allocation because it # exceeds the total usable RAM + swap. ram_mb = 1536 -kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc' [process.disk.vda] diff --git a/src/vm_runner/tests/mps_tests/base_single.toml b/src/vm_runner/tests/mps_tests/base_single.toml index 47e68965..e2a00bbe 100644 --- a/src/vm_runner/tests/mps_tests/base_single.toml +++ b/src/vm_runner/tests/mps_tests/base_single.toml @@ -3,8 +3,8 @@ mode = "exec" [[process]] type = "vm" kvm = false -kernel = "../../../pkvm_setup/vms/debian-boot/vmlinuz" -initrd = "../../../pkvm_setup/vms/debian-boot/initrd.img" +kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz" +initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img" append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb' [process.disk.vda] From aba43d0cb9f4124e816875931293e7a9e863bd30 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 18 Jun 2024 15:53:37 -0700 Subject: [PATCH 10/21] ci: cache vm_runner .deb package --- .github/workflows/main.yml | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c1544499..556dd776 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -64,17 +64,36 @@ jobs: pip3 install -r requirements.txt RTS_DEBUG=1 QUICK=1 python3 ./run_all.py - vmrunner: + vm_runner: runs-on: ubuntu-22.04 steps: - - name: Install aarch64 toolchain + - uses: actions/checkout@master + - name: Hash inputs + run: | + # Use the hash of the git tree object for the vm_runner subdirectory. + # This triggers a rebuild when the contents of that directory change, + # but not on other changes to the repo. + cache_key="vm_runner-$(git rev-parse HEAD:src/vm_runner)" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: | + src/vm_runner/*.deb + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Install aarch64 toolchain run: sudo apt-get install -y gcc-aarch64-linux-gnu - - uses: hecrj/setup-rust-action@v2 + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + uses: hecrj/setup-rust-action@v2 with: rust-version: 1.74 targets: aarch64-unknown-linux-gnu - - uses: actions/checkout@master - - name: Build VM runner + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Build VM runner run: | cd src/vm_runner cargo build --release --target aarch64-unknown-linux-gnu + bash build_deb.sh From da14238df40f648447aa375a7498d299ec572c8f Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Tue, 18 Jun 2024 16:30:27 -0700 Subject: [PATCH 11/21] ci: cache vhost-device .deb package --- .github/workflows/main.yml | 57 +++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 556dd776..e4a42b04 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -67,13 +67,14 @@ jobs: vm_runner: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@master + - uses: actions/checkout@v4 - name: Hash inputs run: | # Use the hash of the git tree object for the vm_runner subdirectory. # This triggers a rebuild when the contents of that directory change, # but not on other changes to the repo. cache_key="vm_runner-$(git rev-parse HEAD:src/vm_runner)" + echo "Cache key: $cache_key" echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV - name: Cache results @@ -97,3 +98,57 @@ jobs: cd src/vm_runner cargo build --release --target aarch64-unknown-linux-gnu bash build_deb.sh + + vhost-device: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Checkout submodules + run: | + git config --global url."https://podhrmic:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" + git submodule update --init src/pkvm_setup/libgpiod + git submodule update --init src/pkvm_setup/vhost-device + - name: Hash inputs + run: | + hash="$( + ( + (cd src/pkvm_setup/libgpiod/; git rev-parse HEAD) + (cd src/pkvm_setup/vhost-device/; git rev-parse HEAD) + sha1sum src/pkvm_setup/build_{libgpiod,vhost_device}.sh + ) | sha1sum + )" + cache_key="vhost-device-$hash" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: | + src/pkvm_setup/vhost-device/*.deb + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Install dependency packages + run: | + sudo apt-get install -y \ + build-essential autoconf automake autoconf-archive \ + gcc-aarch64-linux-gnu + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + uses: hecrj/setup-rust-action@v2 + with: + rust-version: 1.74 + targets: aarch64-unknown-linux-gnu + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Build libgpiod + run: | + cd src/pkvm_setup + bash build_libgpiod.sh aarch64 + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Build vhost-device + run: | + cd src/pkvm_setup + # This must match the `rust-version` installed above. + export RUSTUP_TOOLCHAIN=1.74 + bash build_vhost_device.sh aarch64 + From 958f1af18d20f7b34df4e7634ab9ac2d860e2a89 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Thu, 20 Jun 2024 09:44:29 -0700 Subject: [PATCH 12/21] ci: cache linux-pkvm .deb packages --- .github/workflows/main.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e4a42b04..3fec4001 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -152,3 +152,39 @@ jobs: export RUSTUP_TOOLCHAIN=1.74 bash build_vhost_device.sh aarch64 + linux-pkvm: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Checkout submodules + run: | + git submodule update --init src/pkvm_setup/linux-pkvm + - name: Hash inputs + run: | + hash="$( + ( + (cd src/pkvm_setup/linux-pkvm/; git rev-parse HEAD) + sha1sum src/pkvm_setup/build_pkvm.sh + ) | sha1sum + )" + cache_key="linux-pkvm-$hash" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: | + src/pkvm_setup/linux*pkvm*_arm64.deb + !src/pkvm_setup/*pkvm-verif*.deb + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Install dependency packages + run: | + sudo apt-get install -y build-essential debhelper gcc-aarch64-linux-gnu + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Build linux-pkvm + run: | + cd src/pkvm_setup + bash build_pkvm.sh From e68641ee32af1d155e359a15a2182b7b7d000b7a Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Fri, 21 Jun 2024 15:05:23 -0700 Subject: [PATCH 13/21] ci: add package.sh helper for managing image build inputs --- .github/workflows/main.yml | 104 ++++------ src/pkvm_setup/create_disk_images.sh | 5 + src/pkvm_setup/package.sh | 275 +++++++++++++++++++++++++++ 3 files changed, 322 insertions(+), 62 deletions(-) create mode 100644 src/pkvm_setup/package.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3fec4001..d5018caa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -70,10 +70,7 @@ jobs: - uses: actions/checkout@v4 - name: Hash inputs run: | - # Use the hash of the git tree object for the vm_runner subdirectory. - # This triggers a rebuild when the contents of that directory change, - # but not on other changes to the repo. - cache_key="vm_runner-$(git rev-parse HEAD:src/vm_runner)" + cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_runner)" echo "Cache key: $cache_key" echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV @@ -82,8 +79,7 @@ jobs: uses: actions/cache@v3 with: key: ${{ env.CACHE_KEY }} - path: | - src/vm_runner/*.deb + path: packages/${{ env.CACHE_KEY }}.tar.gz - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Install aarch64 toolchain run: sudo apt-get install -y gcc-aarch64-linux-gnu @@ -95,9 +91,7 @@ jobs: - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Build VM runner run: | - cd src/vm_runner - cargo build --release --target aarch64-unknown-linux-gnu - bash build_deb.sh + bash src/pkvm_setup/package.sh full_build vm_runner vhost-device: runs-on: ubuntu-22.04 @@ -110,14 +104,7 @@ jobs: git submodule update --init src/pkvm_setup/vhost-device - name: Hash inputs run: | - hash="$( - ( - (cd src/pkvm_setup/libgpiod/; git rev-parse HEAD) - (cd src/pkvm_setup/vhost-device/; git rev-parse HEAD) - sha1sum src/pkvm_setup/build_{libgpiod,vhost_device}.sh - ) | sha1sum - )" - cache_key="vhost-device-$hash" + cache_key="$(bash src/pkvm_setup/package.sh cache_key vhost_device)" echo "Cache key: $cache_key" echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV @@ -126,8 +113,7 @@ jobs: uses: actions/cache@v3 with: key: ${{ env.CACHE_KEY }} - path: | - src/pkvm_setup/vhost-device/*.deb + path: packages/${{ env.CACHE_KEY }}.tar.gz - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Install dependency packages run: | @@ -142,49 +128,43 @@ jobs: - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Build libgpiod run: | - cd src/pkvm_setup - bash build_libgpiod.sh aarch64 - - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Build vhost-device - run: | - cd src/pkvm_setup # This must match the `rust-version` installed above. export RUSTUP_TOOLCHAIN=1.74 - bash build_vhost_device.sh aarch64 + bash src/pkvm_setup/package.sh full_build vhost_device - linux-pkvm: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - name: Checkout submodules - run: | - git submodule update --init src/pkvm_setup/linux-pkvm - - name: Hash inputs - run: | - hash="$( - ( - (cd src/pkvm_setup/linux-pkvm/; git rev-parse HEAD) - sha1sum src/pkvm_setup/build_pkvm.sh - ) | sha1sum - )" - cache_key="linux-pkvm-$hash" - echo "Cache key: $cache_key" - echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT - echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV - - name: Cache results - id: cache - uses: actions/cache@v3 - with: - key: ${{ env.CACHE_KEY }} - path: | - src/pkvm_setup/linux*pkvm*_arm64.deb - !src/pkvm_setup/*pkvm-verif*.deb - - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Install dependency packages - run: | - sudo apt-get install -y build-essential debhelper gcc-aarch64-linux-gnu - - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Build linux-pkvm - run: | - cd src/pkvm_setup - bash build_pkvm.sh +# linux-pkvm: +# runs-on: ubuntu-22.04 +# steps: +# - uses: actions/checkout@v4 +# - name: Checkout submodules +# run: | +# git submodule update --init src/pkvm_setup/linux-pkvm +# - name: Hash inputs +# run: | +# hash="$( +# ( +# (cd src/pkvm_setup/linux-pkvm/; git rev-parse HEAD) +# sha1sum src/pkvm_setup/build_pkvm.sh +# ) | sha1sum +# )" +# cache_key="linux-pkvm-$hash" +# echo "Cache key: $cache_key" +# echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT +# echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV +# - name: Cache results +# id: cache +# uses: actions/cache@v3 +# with: +# key: ${{ env.CACHE_KEY }} +# path: | +# src/pkvm_setup/linux*pkvm*_arm64.deb +# !src/pkvm_setup/*pkvm-verif*.deb +# - if: ${{ steps.cache.outputs.cache-hit != 'true' }} +# name: Install dependency packages +# run: | +# sudo apt-get install -y build-essential debhelper gcc-aarch64-linux-gnu +# - if: ${{ steps.cache.outputs.cache-hit != 'true' }} +# name: Build linux-pkvm +# run: | +# cd src/pkvm_setup +# bash build_pkvm.sh diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 6b92942b..5f6c57f1 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -117,6 +117,11 @@ else fi +if [[ -n "${CREATE_DISK_IMAGES_BASE_ONLY-}" ]]; then + exit 0 +fi + + # `disk_common` is a copy of `disk_base` with additional software and # configuration that's common to both the host and the guest. It's also # cleaned and trimmed to reduce its compressed size. diff --git a/src/pkvm_setup/package.sh b/src/pkvm_setup/package.sh new file mode 100644 index 00000000..cb829afd --- /dev/null +++ b/src/pkvm_setup/package.sh @@ -0,0 +1,275 @@ +#!/bin/bash +set -euo pipefail + + +# Script for managing expensive build artifacts, such as VM images. The goal +# is to enable caching of these artifacts while ensuring that only up-to-date +# versions of the artifacts are used. The general idea is to save the output +# of each build step in a tarball named according to the hash of the inputs, +# which can then be cached in Artifactory or in the Github Actions cache. As +# long as the inputs remain unchanged, later build steps can fetch and unpack +# the tarball to avoid an expensive rebuild. Artifacts are unpacked into the +# same locations in the source tree where they would normally be produced, so +# build scripts don't need to check different paths when this script is used. + + +# Helpers + +is_function() { + [[ "$(type -t "$1")" == "function" ]] +} + +check_pkg_func() { + local pkg="$1" + local func="$2" + if ! is_function "${pkg}_${func}"; then + echo "package $pkg does not support $func" 1>&2 + return 1 + fi +} + +sole() { + if [[ "$#" -ne 1 ]]; then + echo "Error: got multiple results: $*" 1>&2 + return 1 + else + echo "$1" + fi +} + + +# vm_runner + +vm_runner_get_input_hashes() { + ( cd src/vm_runner && git rev-parse HEAD:./ ) +} + +vm_runner_build() { + ( + cd src/vm_runner + cargo build --release --target aarch64-unknown-linux-gnu + bash build_deb.sh + ) +} + +vm_runner_list_outputs() { + sole src/vm_runner/verse-opensut-boot_*_arm64.deb +} + + +# vhost_device + +vhost_device_get_input_hashes() { + ( cd src/pkvm_setup/libgpiod && git rev-parse HEAD:./ ) + sha1sum src/pkvm_setup/build_libgpiod.sh + ( cd src/pkvm_setup/vhost-device && git rev-parse HEAD:./ ) + sha1sum src/pkvm_setup/build_vhost_device.sh +} + +vhost_device_build() { + ( + cd src/pkvm_setup + bash build_libgpiod.sh aarch64 + bash build_vhost_device.sh aarch64 + ) +} + +vhost_device_list_outputs() { + sole src/pkvm_setup/vhost-device/verse-vhost-device-gpio_*_arm64.deb +} + + +# pkvm + +pkvm_get_input_hashes() { + ( cd src/pkvm_setup/linux-pkvm && git rev-parse HEAD:./ ) + sha1sum src/pkvm_setup/build_pkvm.sh +} + +pkvm_build() { + ( + cd src/pkvm_setup + bash build_pkvm.sh + ) +} + +pkvm_list_outputs() { + for name in linux-headers linux-image; do + # Match `6.4.0-pkvm-g111122223333` but not `-pkvm-verif-` or `-dbg` + # variants. + sole src/pkvm_setup/$name-*-pkvm-g????????????_*_arm64.deb + done +} + + +# qemu + +qemu_get_input_hashes() { + ( cd src/pkvm_setup/qemu_patches && git rev-parse HEAD:./ ) + sha1sum src/pkvm_setup/build_qemu.sh +} + +qemu_build() { + ( + cd src/pkvm_setup + bash build_qemu.sh + ) +} + +qemu_list_outputs() { + for name in qemu-system-{arm,common,misc} qemu-utils; do + sole src/pkvm_setup/qemu_build/bookworm-arm64_result/"${name}"_*_arm64.deb + done + for name in qemu-system-data; do + sole src/pkvm_setup/qemu_build/bookworm-arm64_result/"${name}"_*_all.deb + done +} + + +# vm_image_base + +vm_image_base_get_input_hashes() { + ( + cd src/pkvm_setup + sha1sum create_disk_images.sh + ) + ( cd src/pkvm_setup/debian_image && git rev-parse HEAD:./ ) +} + +vm_image_base_build() { + ( + cd src/pkvm_setup + CREATE_DISK_IMAGES_BASE_ONLY=1 bash create_disk_images.sh + ) +} + +vm_image_base_list_outputs() { + echo src/pkvm_setup/vms/disk_base.img + echo src/pkvm_setup/vms/debian-boot/{vmlinuz,initrd.img} +} + + +# vm_images + +vm_images_get_input_hashes() { + ( + cd src/pkvm_setup + sha1sum create_disk_images.sh + sha1sum run_vm_script.sh + sha1sum change_uuids.sh + ) + ( cd src/pkvm_setup/vm_scripts && git rev-parse HEAD:./ ) + ( cd src/pkvm_setup/debian_image && git rev-parse HEAD:./ ) +} + +vm_images_dependencies() { + echo vm_image_base + echo vm_runner + echo vhost_device + echo pkvm + echo qemu +} + +vm_images_list_outputs() { + echo src/pkvm_setup/vms/disk_{common,host,guest}.img + echo src/pkvm_setup/vms/pkvm-boot/{vmlinuz,initrd.img} +} + + +# Actions. Each `do_foo` function can be called via `bash package.sh foo +# package_name`. + +# List dependencies of a package to stdout. Prints nothing if the package +# doesn't define a `foo_dependencies` function. +list_deps() { + local pkg="$1" + if is_function "${pkg}_dependencies"; then + "${pkg}_dependencies" + fi +} + +do_hash_inputs() { + local pkg="$1" + check_pkg_func "$pkg" get_input_hashes + ( + "${pkg}_get_input_hashes" + for dep in $(list_deps "$pkg"); do + do_hash_inputs "$dep" + done + ) | sha1sum | cut -d' ' -f1 +} + +do_cache_key() { + local pkg="$1" + local input_hash + input_hash="$(do_hash_inputs "$pkg")" + echo "$pkg-$input_hash" +} + +tarball_path() { + local pkg="$1" + echo "packages/$(do_cache_key "$pkg").tar.gz" +} + +do_unpack_deps() { + local pkg="$1" + for dep in $(list_deps "$pkg"); do + local src + src="$(tarball_path "$dep")" + echo "unpacking $src" + tar -xvf "$src" + done +} + +do_build() { + local pkg="$1" + check_pkg_func "$pkg" build + "${pkg}_build" +} + +do_package() { + local pkg="$1" + check_pkg_func "$pkg" list_outputs + mkdir -p packages + local dest + dest="$(tarball_path "$pkg")" + tar -czvf "$dest" $("${pkg}_list_outputs") + echo "packaged $dest" +} + +do_check_deps() { + local pkg="$1" + for dep in $(list_deps "$pkg"); do + check_pkg_func "$dep" list_outputs + local dep_outputs + dep_outputs="$("${dep}_list_outputs")" + for file in $dep_outputs; do + if ! [ -f "$file" ]; then + echo "missing file $file from dependency $dep of $pkg" 1>&2 + return 1 + fi + done + done +} + +do_full_build() { + local pkg="$1" + do_unpack_deps "$pkg" + do_check_deps "$pkg" + do_build "$pkg" + do_package "$pkg" +} + +script_dir="$(dirname "$0")" +root_dir="$(cd "$script_dir" && git rev-parse --show-toplevel)" +cd "$root_dir" + +action="$1" +pkg="$2" +shift 2 + +if ! is_function "do_$action"; then + echo "unknown action $action" 1>&2 + exit 1 +fi +"do_$action" "$pkg" From f84f9671fdca43fc6f51a0fea516bbc8c9a6a9f5 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Fri, 21 Jun 2024 15:56:59 -0700 Subject: [PATCH 14/21] ci: fetch prebuilt pkvm from artifactor --- .github/workflows/main.yml | 63 ++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 36 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d5018caa..de732a18 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -132,39 +132,30 @@ jobs: export RUSTUP_TOOLCHAIN=1.74 bash src/pkvm_setup/package.sh full_build vhost_device -# linux-pkvm: -# runs-on: ubuntu-22.04 -# steps: -# - uses: actions/checkout@v4 -# - name: Checkout submodules -# run: | -# git submodule update --init src/pkvm_setup/linux-pkvm -# - name: Hash inputs -# run: | -# hash="$( -# ( -# (cd src/pkvm_setup/linux-pkvm/; git rev-parse HEAD) -# sha1sum src/pkvm_setup/build_pkvm.sh -# ) | sha1sum -# )" -# cache_key="linux-pkvm-$hash" -# echo "Cache key: $cache_key" -# echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT -# echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV -# - name: Cache results -# id: cache -# uses: actions/cache@v3 -# with: -# key: ${{ env.CACHE_KEY }} -# path: | -# src/pkvm_setup/linux*pkvm*_arm64.deb -# !src/pkvm_setup/*pkvm-verif*.deb -# - if: ${{ steps.cache.outputs.cache-hit != 'true' }} -# name: Install dependency packages -# run: | -# sudo apt-get install -y build-essential debhelper gcc-aarch64-linux-gnu -# - if: ${{ steps.cache.outputs.cache-hit != 'true' }} -# name: Build linux-pkvm -# run: | -# cd src/pkvm_setup -# bash build_pkvm.sh + linux-pkvm: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Checkout submodules + run: | + git submodule update --init src/pkvm_setup/linux-pkvm + - name: Hash inputs + run: | + cache_key="$(bash src/pkvm_setup/package.sh cache_key pkvm)" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Fetch from Artifactory + run: | + mkdir -p packages + ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local + curl \ + -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ + -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" From 186dfce5a1ff1ea6715f8e0c0ddccb7eedfe9141 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Fri, 21 Jun 2024 16:44:59 -0700 Subject: [PATCH 15/21] ci: add jobs for qemu, vm_image_base, and vm_images --- .github/workflows/main.yml | 142 ++++++++++++++++++++++++++++++++++++- src/pkvm_setup/package.sh | 7 ++ 2 files changed, 146 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index de732a18..aade969e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -69,6 +69,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Hash inputs + id: hash run: | cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_runner)" echo "Cache key: $cache_key" @@ -92,8 +93,10 @@ jobs: name: Build VM runner run: | bash src/pkvm_setup/package.sh full_build vm_runner + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} - vhost-device: + vhost_device: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -103,6 +106,7 @@ jobs: git submodule update --init src/pkvm_setup/libgpiod git submodule update --init src/pkvm_setup/vhost-device - name: Hash inputs + id: hash run: | cache_key="$(bash src/pkvm_setup/package.sh cache_key vhost_device)" echo "Cache key: $cache_key" @@ -126,13 +130,15 @@ jobs: rust-version: 1.74 targets: aarch64-unknown-linux-gnu - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Build libgpiod + name: Build vhost-device run: | # This must match the `rust-version` installed above. export RUSTUP_TOOLCHAIN=1.74 bash src/pkvm_setup/package.sh full_build vhost_device + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} - linux-pkvm: + pkvm: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -140,6 +146,7 @@ jobs: run: | git submodule update --init src/pkvm_setup/linux-pkvm - name: Hash inputs + id: hash run: | cache_key="$(bash src/pkvm_setup/package.sh cache_key pkvm)" echo "Cache key: $cache_key" @@ -155,7 +162,136 @@ jobs: name: Fetch from Artifactory run: | mkdir -p packages + cd packages ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local curl \ -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ + --fail-with-body \ -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} + + qemu: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Hash inputs + id: hash + run: | + cache_key="$(bash src/pkvm_setup/package.sh cache_key qemu)" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Fetch from Artifactory + run: | + mkdir -p packages + cd packages + ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local + curl \ + -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ + --fail-with-body \ + -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} + + vm_image_base: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Hash inputs + id: hash + run: | + cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_image_base)" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Fetch from Artifactory + run: | + mkdir -p packages + cd packages + ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local + curl \ + -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ + --fail-with-body \ + -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} + + vm_images: + runs-on: ubuntu-22.04 + needs: + - vm_runner + - vhost_device + - pkvm + - qemu + - vm_image_base + steps: + - uses: actions/checkout@v4 + - name: Checkout submodules + run: | + git config --global url."https://podhrmic:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" + git submodule update --init src/pkvm_setup/libgpiod + git submodule update --init src/pkvm_setup/vhost-device + git submodule update --init src/pkvm_setup/linux-pkvm + - name: Hash inputs + id: hash + run: | + cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_images)" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: "Cache restore: vm_runner" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.vm_runner.outputs.CACHE_KEY }} + path: packages/${{ needs.vm_runner.outputs.CACHE_KEY }}.tar.gz + - name: "Cache restore: vhost_device" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.vhost_device.outputs.CACHE_KEY }} + path: packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz + - name: "Cache restore: pkvm" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.pkvm.outputs.CACHE_KEY }} + path: packages/${{ needs.pkvm.outputs.CACHE_KEY }}.tar.gz + - name: "Cache restore: qemu" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.qemu.outputs.CACHE_KEY }} + path: packages/${{ needs.qemu.outputs.CACHE_KEY }}.tar.gz + - name: "Cache restore: vm_image_base" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.vm_image_base.outputs.CACHE_KEY }} + path: packages/${{ needs.vm_image_base.outputs.CACHE_KEY }}.tar.gz + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Install dependency packages + run: | + sudo apt-get install -y qemu-system-arm qemu-utils + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Build VM images + run: | + bash src/pkvm_setup/package.sh full_build vm_images + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} diff --git a/src/pkvm_setup/package.sh b/src/pkvm_setup/package.sh index cb829afd..a414d8cb 100644 --- a/src/pkvm_setup/package.sh +++ b/src/pkvm_setup/package.sh @@ -170,6 +170,13 @@ vm_images_dependencies() { echo qemu } +vm_images_build() { + ( + cd src/pkvm_setup + bash create_disk_images.sh + ) +} + vm_images_list_outputs() { echo src/pkvm_setup/vms/disk_{common,host,guest}.img echo src/pkvm_setup/vms/pkvm-boot/{vmlinuz,initrd.img} From 22a62c88b295771c165d7b6153a5138a7f583ffc Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Mon, 24 Jun 2024 09:50:51 -0700 Subject: [PATCH 16/21] pkvm_setup: remove flash-kernel package from disk_common --- src/pkvm_setup/vm_scripts/setup_common.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/pkvm_setup/vm_scripts/setup_common.sh b/src/pkvm_setup/vm_scripts/setup_common.sh index 9aca2cd8..d1b03c35 100644 --- a/src/pkvm_setup/vm_scripts/setup_common.sh +++ b/src/pkvm_setup/vm_scripts/setup_common.sh @@ -15,6 +15,12 @@ user ALL=(ALL) NOPASSWD: ALL EOF +# Remove flash-kernel first. The flash-kernel script isn't needed in our setup +# and causes an error when run in CI. We remove it early because otherwise it +# will run automatically when kernel packages are added or removed. +edo apt purge -y flash-kernel + + # Install custom packages. # Collect old kernel packages so they can be removed later. One of the custom From 5bdfab73ca29471ad73577f45a20610db7510a14 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Mon, 24 Jun 2024 09:51:29 -0700 Subject: [PATCH 17/21] ci: only load caches for vm_images if rebuild is required --- .github/workflows/main.yml | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index aade969e..98e1bc71 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -254,37 +254,42 @@ jobs: echo "Cache key: $cache_key" echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV - - name: "Cache restore: vm_runner" + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: vm_runner" uses: actions/cache/restore@v3 with: key: ${{ needs.vm_runner.outputs.CACHE_KEY }} path: packages/${{ needs.vm_runner.outputs.CACHE_KEY }}.tar.gz - - name: "Cache restore: vhost_device" + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: vhost_device" uses: actions/cache/restore@v3 with: key: ${{ needs.vhost_device.outputs.CACHE_KEY }} path: packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz - - name: "Cache restore: pkvm" + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: pkvm" uses: actions/cache/restore@v3 with: key: ${{ needs.pkvm.outputs.CACHE_KEY }} path: packages/${{ needs.pkvm.outputs.CACHE_KEY }}.tar.gz - - name: "Cache restore: qemu" + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: qemu" uses: actions/cache/restore@v3 with: key: ${{ needs.qemu.outputs.CACHE_KEY }} path: packages/${{ needs.qemu.outputs.CACHE_KEY }}.tar.gz - - name: "Cache restore: vm_image_base" + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: vm_image_base" uses: actions/cache/restore@v3 with: key: ${{ needs.vm_image_base.outputs.CACHE_KEY }} path: packages/${{ needs.vm_image_base.outputs.CACHE_KEY }}.tar.gz - - name: Cache results - id: cache - uses: actions/cache@v3 - with: - key: ${{ env.CACHE_KEY }} - path: packages/${{ env.CACHE_KEY }}.tar.gz - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Install dependency packages run: | From ab5d5b2640e9653021c37621b1d340f1aae93eff Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Mon, 24 Jun 2024 10:51:39 -0700 Subject: [PATCH 18/21] pkvm_setup: add `package.sh upload` command --- src/pkvm_setup/package.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/pkvm_setup/package.sh b/src/pkvm_setup/package.sh index a414d8cb..27d78d1c 100644 --- a/src/pkvm_setup/package.sh +++ b/src/pkvm_setup/package.sh @@ -37,6 +37,11 @@ sole() { fi } +edo() { + echo " >> $*" 1>&2 + "$@" +} + # vm_runner @@ -267,6 +272,17 @@ do_full_build() { do_package "$pkg" } +do_upload() { + local pkg="$1" + shift 1 + local tarball + tarball="$(tarball_path "$pkg")" + # Remaining arguments are passed through to curl. Typically these will be + # authentication options like `-u USERNAME`. + edo curl "$@" -T $tarball \ + https://artifactory.galois.com/artifactory/rde_generic-local/verse-opensut/$tarball +} + script_dir="$(dirname "$0")" root_dir="$(cd "$script_dir" && git rev-parse --show-toplevel)" cd "$root_dir" @@ -279,4 +295,4 @@ if ! is_function "do_$action"; then echo "unknown action $action" 1>&2 exit 1 fi -"do_$action" "$pkg" +"do_$action" "$pkg" "$@" From 09f8761dcec7716e9451428a8a6856d0ab5ee528 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Mon, 24 Jun 2024 11:00:33 -0700 Subject: [PATCH 19/21] pkvm_setup: fix some shellcheck warnings --- src/pkvm_setup/build_qemu.sh | 5 +++-- src/pkvm_setup/create_disk_images.sh | 12 +++++++----- src/pkvm_setup/package.sh | 4 ++-- src/pkvm_setup/vm_scripts/setup_common.sh | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/pkvm_setup/build_qemu.sh b/src/pkvm_setup/build_qemu.sh index 1afa203d..d8dd099d 100644 --- a/src/pkvm_setup/build_qemu.sh +++ b/src/pkvm_setup/build_qemu.sh @@ -25,14 +25,15 @@ echo "target=$target" echo "dist=$dist" sudo apt install -y pbuilder ubuntu-dev-tools dpkg-dev -export PBUILDFOLDER="$(pwd)/qemu_build" +PBUILDFOLDER="$(pwd)/qemu_build" +export PBUILDFOLDER echo "Creating pbuilder base.tgz for $dist $target" 1>&2 pbuilder-dist "$dist" "$target" create sole() { if [[ "$#" -ne 1 ]]; then - echo "Error: got multiple results: $@" 1>&2 + echo "Error: got multiple results: $*" 1>&2 return 1 else echo "$1" diff --git a/src/pkvm_setup/create_disk_images.sh b/src/pkvm_setup/create_disk_images.sh index 5f6c57f1..cd774f1d 100644 --- a/src/pkvm_setup/create_disk_images.sh +++ b/src/pkvm_setup/create_disk_images.sh @@ -46,8 +46,10 @@ derive_image() { local dest="$2" shift 2 - local src_rel="$(realpath --relative-to "$(dirname "$dest")" "$src")" - local backing_format="$(get_img_info "$src" format)" + local src_rel + src_rel="$(realpath --relative-to "$(dirname "$dest")" "$src")" + local backing_format + backing_format="$(get_img_info "$src" format)" edo qemu-img create -f qcow2 -b "$src_rel" -F "$backing_format" "$dest" } @@ -100,7 +102,7 @@ find_linux_image_deb() { local x="$version-$tag-g$rev" local y="$version-g$rev" - sole_file linux-image-${x}_${y}-[0-9]*_arm64.deb + sole_file linux-image-"${x}"_"${y}"-[0-9]*_arm64.deb } @@ -136,7 +138,7 @@ else # Prepare storage for the custom packages and the extracted kernel and # initrd images. - tar_file=$(mktemp $(pwd)/kernel.XXXXXX.tar) + tar_file=$(mktemp "$(pwd)/kernel.XXXXXX.tar") edo dd if=/dev/zero of="$tar_file" bs=1M count=256 tar_inputs=( @@ -175,7 +177,7 @@ else edo derive_image "$disk_common" "$disk_host.orig" edo bash change_uuids.sh "$disk_common" "$disk_host.orig" - tar_file=$(mktemp $(pwd)/host.XXXXXX.tar) + tar_file=$(mktemp "$(pwd)/host.XXXXXX.tar") tar_inputs=( # qemu-system-arm and dependencies "$(sole_file qemu_build/bookworm-arm64_result/qemu-system-arm_*-9999+verse*_arm64.deb)" diff --git a/src/pkvm_setup/package.sh b/src/pkvm_setup/package.sh index 27d78d1c..7f726171 100644 --- a/src/pkvm_setup/package.sh +++ b/src/pkvm_setup/package.sh @@ -279,8 +279,8 @@ do_upload() { tarball="$(tarball_path "$pkg")" # Remaining arguments are passed through to curl. Typically these will be # authentication options like `-u USERNAME`. - edo curl "$@" -T $tarball \ - https://artifactory.galois.com/artifactory/rde_generic-local/verse-opensut/$tarball + edo curl "$@" -T "$tarball" \ + "https://artifactory.galois.com/artifactory/rde_generic-local/verse-opensut/$tarball" } script_dir="$(dirname "$0")" diff --git a/src/pkvm_setup/vm_scripts/setup_common.sh b/src/pkvm_setup/vm_scripts/setup_common.sh index d1b03c35..4ee31961 100644 --- a/src/pkvm_setup/vm_scripts/setup_common.sh +++ b/src/pkvm_setup/vm_scripts/setup_common.sh @@ -28,7 +28,7 @@ edo apt purge -y flash-kernel # ones. This causes the `/boot/vmlinuz` and `/boot/initrd.img` symlinks to be # updated to point to the new kernel, whereas removing the old kernels first # causes the symlinks to be deleted entirely. -old_kernel_pkgs="$(dpkg -l | grep linux-image | while read status pkg rest; do echo "$pkg"; done)" +old_kernel_pkgs="$(dpkg -l | grep linux-image | while read -r _status pkg rest; do echo "$pkg"; done)" # Extract the new packages from input $1 and install them. work_dir="$(mktemp -d)" From 8a9316eff59027f9e37a99422413b53dd79b1ec7 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Mon, 24 Jun 2024 11:12:19 -0700 Subject: [PATCH 20/21] pkvm_setup: add `package.sh download` command --- .github/workflows/main.yml | 27 ++++++--------------------- src/pkvm_setup/package.sh | 14 +++++++++++++- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 98e1bc71..cf5ca394 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -161,13 +161,8 @@ jobs: - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Fetch from Artifactory run: | - mkdir -p packages - cd packages - ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local - curl \ - -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ - --fail-with-body \ - -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" + bash src/pkvm_setup/package.sh download pkvm \ + -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" outputs: CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} @@ -191,13 +186,8 @@ jobs: - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Fetch from Artifactory run: | - mkdir -p packages - cd packages - ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local - curl \ - -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ - --fail-with-body \ - -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" + bash src/pkvm_setup/package.sh download qemu \ + -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" outputs: CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} @@ -221,13 +211,8 @@ jobs: - if: ${{ steps.cache.outputs.cache-hit != 'true' }} name: Fetch from Artifactory run: | - mkdir -p packages - cd packages - ARTIFACTORY_URL=https://artifactory.galois.com:443/artifactory/rde_generic-local - curl \ - -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" \ - --fail-with-body \ - -O "${ARTIFACTORY_URL}/verse-opensut/$CACHE_KEY.tar.gz" + bash src/pkvm_setup/package.sh download vm_image_base \ + -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" outputs: CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} diff --git a/src/pkvm_setup/package.sh b/src/pkvm_setup/package.sh index 7f726171..9909ce7d 100644 --- a/src/pkvm_setup/package.sh +++ b/src/pkvm_setup/package.sh @@ -280,7 +280,19 @@ do_upload() { # Remaining arguments are passed through to curl. Typically these will be # authentication options like `-u USERNAME`. edo curl "$@" -T "$tarball" \ - "https://artifactory.galois.com/artifactory/rde_generic-local/verse-opensut/$tarball" + "https://artifactory.galois.com/artifactory/rde_generic-local/verse-opensut/$(basename "$tarball")" +} + +do_download() { + local pkg="$1" + shift 1 + local tarball + tarball="$(tarball_path "$pkg")" + # Remaining arguments are passed through to curl. Typically these will be + # authentication options like `-u USERNAME`. + mkdir -p "$(dirname "$tarball")" + edo curl "$@" -o "$tarball" --fail-with-body \ + "https://artifactory.galois.com/artifactory/rde_generic-local/verse-opensut/$(basename "$tarball")" } script_dir="$(dirname "$0")" From 3ef873ab9634cef3346477e6157fe50d05cef025 Mon Sep 17 00:00:00 2001 From: Stuart Pernsteiner Date: Mon, 24 Jun 2024 11:16:59 -0700 Subject: [PATCH 21/21] pkvm_setup: update docs and example scripts --- src/pkvm_setup/README.md | 47 ++++++++------------- src/pkvm_setup/run_vm_nested_pkvm.sh | 2 +- src/pkvm_setup/vm_scripts/run_guest_qemu.sh | 2 +- src/pkvm_setup/vm_scripts/run_hello_qemu.sh | 2 +- 4 files changed, 20 insertions(+), 33 deletions(-) diff --git a/src/pkvm_setup/README.md b/src/pkvm_setup/README.md index 77299d73..7f85bbd2 100644 --- a/src/pkvm_setup/README.md +++ b/src/pkvm_setup/README.md @@ -49,26 +49,19 @@ sudo apt install debian-installer-12-netboot-arm64 sudo apt build-dep linux ``` -Now build the host and guest VMs: +Now build or fetch dependencies and build the VM images: ```sh -# Build the host and guest disk images. This takes 1-2 hours. -bash create_disk_images.sh - -# Build our patched version of QEMU in the host VM. This takes 1-2 hours. -bash run_vm_script.sh vms/disk_host.img vm_scripts/install_qemu.sh - -# Run the host VM. -bash run_vm.sh vms/disk_host.img -# Log in as `user`/`password`, or use `ssh -o Port=8022 user@localhost`. +bash package.sh full_build vm_runner +bash package.sh full_build vhost_device +# Use `full_build` instead of `download` to build locally +# (this may take several hours) +bash package.sh download pkvm +bash package.sh download qemu +bash package.sh download vm_image_base +bash package.sh full_build vm_images ``` -Note: while the Debian installer is running, resizing the terminal may cause -the installer's display to be corrupted. If this happens, press `^A ^A ^L` to -redraw it. (`^A` is the escape character for QEMU's terminal multiplexer; `^A -^A` sends `^A` to the VM; and `^A ^L` in the VM causes the `screen` instance -that `debian-installer` sets up to redraw its display.) - # Running guests @@ -80,14 +73,14 @@ To run a Linux guest: ```sh # Base Platform: - bash copy_file.sh vms/disk_host.img vm_scripts/run_guest_qemu.sh + bash copy_file.sh vms/disk_host_dev.img vm_scripts/run_guest_qemu.sh ``` * Start the host VM with the guest disk attached: ```sh # Base Platform: - bash run_vm_nested.sh vms/disk_host.img vms/disk_guest.img + bash run_vm_nested.sh vms/disk_host_dev.img vms/disk_guest_dev.img ``` * Log in to the host VM on the QEMU console or via SSH, as described above. @@ -123,21 +116,21 @@ To run the Hello World guest: ```sh # Outside: - bash run_vm_script.sh vms/disk_host.img vm_scripts/build_hello_world.sh + bash run_vm_script.sh vms/disk_host_dev.img vm_scripts/build_hello_world.sh ``` * Copy the Hello World guest script into the host VM: ```sh # Outside: - bash copy_file.sh vms/disk_host.img vm_scripts/run_hello_qemu.sh + bash copy_file.sh vms/disk_host_dev.img vm_scripts/run_hello_qemu.sh ``` * Start the host VM: ```sh # Outside: - bash run_vm.sh vms/disk_host.img + bash run_vm.sh vms/disk_host_dev.img ``` The Hello World guest doesn't use the guest disk image, so there's no need to @@ -168,15 +161,9 @@ To run the Hello World guest: # Using pKVM -First, build the pKVM kernel: - -```sh -# Outside: -bash build_pkvm.sh -``` - -Then, boot the host VM and run guests as above, using `run_vm_nested_pkvm.sh` -in place of `run_vm_nested.sh`. +The VM images are built using the pKVM kernel, but don't enable pKVM mode by +default. To enable it, boot the host VM and run guests as above using +`run_vm_nested_pkvm.sh` in place of `run_vm_nested.sh`. To check that pKVM is working, check the kernel messages in the host VM: diff --git a/src/pkvm_setup/run_vm_nested_pkvm.sh b/src/pkvm_setup/run_vm_nested_pkvm.sh index 4cadf4a0..8c59d57c 100644 --- a/src/pkvm_setup/run_vm_nested_pkvm.sh +++ b/src/pkvm_setup/run_vm_nested_pkvm.sh @@ -8,6 +8,6 @@ shift 2 exec bash "$(dirname "$0")/run_vm_common.sh" \ -drive if=virtio,format=qcow2,file="$disk_host" \ -drive if=virtio,format=qcow2,file="$disk_guest" \ - -kernel vms/pkvm-boot/vmlinuz-pkvm \ + -kernel vms/pkvm-boot/vmlinuz \ -initrd vms/debian-boot/initrd.img \ -append 'earlycon root=/dev/vda2 nokaslr kvm-arm.mode=protected' diff --git a/src/pkvm_setup/vm_scripts/run_guest_qemu.sh b/src/pkvm_setup/vm_scripts/run_guest_qemu.sh index 7183ddb6..5b7662c1 100644 --- a/src/pkvm_setup/vm_scripts/run_guest_qemu.sh +++ b/src/pkvm_setup/vm_scripts/run_guest_qemu.sh @@ -8,7 +8,7 @@ set -euo pipefail # Otherwise QEMU will complain that it's not found. We don't currently use PXE # for anything, so it's fine to disable this. -qemu/build/qemu-system-aarch64 \ +qemu-system-aarch64 \ -M virt -cpu host -enable-kvm \ -smp 2 -m 1024 \ -drive if=virtio,format=raw,file=/dev/vdb \ diff --git a/src/pkvm_setup/vm_scripts/run_hello_qemu.sh b/src/pkvm_setup/vm_scripts/run_hello_qemu.sh index 0160e200..e08b6696 100644 --- a/src/pkvm_setup/vm_scripts/run_hello_qemu.sh +++ b/src/pkvm_setup/vm_scripts/run_hello_qemu.sh @@ -8,7 +8,7 @@ set -euo pipefail # Otherwise QEMU will complain that it's not found. We don't currently use PXE # for anything, so it's fine to disable this. -qemu/build/qemu-system-aarch64 \ +qemu-system-aarch64 \ -M virt -cpu host -enable-kvm \ -smp 2 -m 1024 \ -device virtio-scsi-pci,id=scsi0 \