diff --git a/security/swtpm/centos/build_srpm.data b/security/swtpm/centos/build_srpm.data index ca0fb04bd..c528a599d 100644 --- a/security/swtpm/centos/build_srpm.data +++ b/security/swtpm/centos/build_srpm.data @@ -1,2 +1,2 @@ COPY_LIST="$PKG_BASE/files/* $CGCS_BASE/downloads/swtpm-0.1.0-253eac5.tar.gz" -TIS_PATCH_VER=0 +TIS_PATCH_VER=1 diff --git a/security/swtpm/centos/swtpm.spec b/security/swtpm/centos/swtpm.spec index 9c44d0962..4ba9ce200 100644 --- a/security/swtpm/centos/swtpm.spec +++ b/security/swtpm/centos/swtpm.spec @@ -2,12 +2,12 @@ %define name swtpm %define version 0.1.0 -#WRS +#STX #%define release 1 %define release 2%{?_tis_dist}.%{tis_patch_ver} # Valid crypto subsystems are 'freebl' and 'openssl' -#WRS +#STX #%if "%{crypto_subsystem}" == "" %define crypto_subsystem openssl #%endif @@ -15,7 +15,7 @@ Summary: TPM Emulator Name: %{name} Version: %{version} -#WRS +#STX #Release: %{release}.dev2%{?dist} Release: %{release} License: BSD @@ -23,9 +23,8 @@ Group: Applications/Emulators Source: %{name}-%{version}-253eac5.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root -#WRS -Source1: qemu -Source2: setup_vtpm +#STX +Source1: setup_vtpm # due to gnutls backlevel API: @@ -49,11 +48,11 @@ BuildRequires: libtasn1-tools BuildRequires: kernel-modules-extra %endif -#WRS +#STX BuildRequires: openssl-devel Requires: openssl -#WRS +#STX Requires: seabios-bin >= 1.10.2-3 Requires: fuse expect libtpms >= 0.6.0 @@ -94,7 +93,7 @@ Summary: Tools for the TPM emulator License: BSD Group: Applications/Emulators Requires: swtpm fuse -#WRS +#STX #Requires: trousers >= 0.3.9 tpm-tools >= 1.3.8-6 expect bash net-tools gnutls-utils Requires: trousers >= 0.3.9 expect bash net-tools gnutls-utils @@ -106,9 +105,8 @@ Tools for the TPM emulator from the swtpm package %attr( 755, root, root) %{_bindir}/swtpm %{_mandir}/man8/swtpm.8* -#WRS +#STX /etc/libvirt/setup_vtpm -/etc/libvirt/hooks/qemu %files cuse @@ -158,7 +156,7 @@ Tools for the TPM emulator from the swtpm package %build -#WRS +#STX ./bootstrap.sh %configure \ --prefix=/usr \ @@ -180,13 +178,12 @@ make %{?_smp_mflags} check make %{?_smp_mflags} install DESTDIR=${RPM_BUILD_ROOT} rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.a ${RPM_BUILD_ROOT}%{_libdir}/*.la -#WRS -mkdir -p $RPM_BUILD_ROOT/etc/libvirt/hooks +#STX +mkdir -p $RPM_BUILD_ROOT/etc/libvirt -install -m 0500 %{SOURCE1} $RPM_BUILD_ROOT/etc/libvirt/hooks/qemu -install -m 0500 %{SOURCE2} $RPM_BUILD_ROOT/etc/libvirt/setup_vtpm +install -m 0500 %{SOURCE1} $RPM_BUILD_ROOT/etc/libvirt/setup_vtpm -# WRS: Don't set (or remove on uninstall): SELINUX Policy and contexts +# STX: Don't set (or remove on uninstall): SELINUX Policy and contexts #%post cuse #if [ -n "$(type -p semodule)" ]; then # for pp in /usr/share/swtpm/*.pp ; do diff --git a/virt/libvirt/centos/build_srpm.data b/virt/libvirt/centos/build_srpm.data index 29f83aaf0..ff5d0fb22 100644 --- a/virt/libvirt/centos/build_srpm.data +++ b/virt/libvirt/centos/build_srpm.data @@ -1,6 +1,7 @@ SRC_DIR="$CGCS_BASE/git/libvirt" COPY_LIST="\ libvirt/* \ + libvirt/hooks/* \ $CGCS_BASE/downloads/gnulib-ffc927e.tar.gz \ $CGCS_BASE/downloads/keycodemapdb-16e5b07.tar.gz" TIS_BASE_SRCREV=ab58260efaa712650c63bb1917122f270070fa4b diff --git a/virt/libvirt/centos/libvirt.spec b/virt/libvirt/centos/libvirt.spec index f7efcb991..e7ea8634c 100644 --- a/virt/libvirt/centos/libvirt.spec +++ b/virt/libvirt/centos/libvirt.spec @@ -16,7 +16,7 @@ # Always run autoreconf %{!?enable_autotools:%global enable_autotools 1} -# WRS: Custom build config. Based on the R2/bitbake configure line. +# STX: Custom build config. Based on the R2/bitbake configure line. %define _without_esx 1 %define _without_hyperv 1 %define _without_libxl 1 @@ -258,13 +258,14 @@ URL: https://libvirt.org/ Source0: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz #Source1: symlinks -# WRS +# STX Source2: libvirt.logrotate Source3: libvirt.lxc Source4: libvirt.qemu Source5: libvirt.uml Source6: gnulib-ffc927e.tar.gz Source7: keycodemapdb-16e5b07.tar.gz +Source8: qemu Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -461,9 +462,9 @@ BuildRequires: wireshark-devel >= 1.12.1 BuildRequires: libssh-devel >= 0.7.0 %endif -# WRS: For generating configure +# STX: For generating configure BuildRequires: gnulib -# WRS: Needed by bootstrap +# STX: Needed by bootstrap BuildRequires: perl-XML-XPath Provides: bundled(gnulib) @@ -1304,7 +1305,7 @@ rm -rf .git # place macros above and build commands below this comment -# WRS: Generate configure script. Default is to do a "git clone" of gnulib. +# STX: Generate configure script. Default is to do a "git clone" of gnulib. # Use the tar ball gnulib tarball instead. tar zxf %{SOURCE6} ./bootstrap --no-git --gnulib-srcdir=gnulib-ffc927e --copy @@ -1379,7 +1380,7 @@ rm -f po/stamp-po --without-dtrace \ %{arg_init_script} -#WRS: Avoid doing a 'config.status --recheck' (./configure executed twice). +#STX: Avoid doing a 'config.status --recheck' (./configure executed twice). touch -r config.status configure make %{?_smp_mflags} @@ -1470,7 +1471,7 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml # Copied into libvirt-docs subpackage eventually mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} libvirt-docs -# WRS: Disable dtrace +# STX: Disable dtrace # %ifarch %{power64} s390x x86_64 ia64 alpha sparc64 # mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_probes.stp \ # $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_probes-64.stp @@ -1478,7 +1479,7 @@ mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} libvirt-docs # $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_qemu_probes-64.stp # %endif -# WRS: Begin custom install +# STX: Begin custom install ## Enable syslog for libvirtd ( /var/log/libvirtd.log ) echo "log_outputs=\"3:syslog:libvirtd\"" >> %{buildroot}/etc/libvirt/libvirtd.conf @@ -1493,12 +1494,15 @@ install -p -D -m 644 %{SOURCE2} %{buildroot}/etc/logrotate.d/libvirtd install -p -D -m 644 %{SOURCE3} %{buildroot}/etc/logrotate.d/libvirtd.lxc install -p -D -m 644 %{SOURCE4} %{buildroot}/etc/logrotate.d/libvirtd.qemu install -p -D -m 644 %{SOURCE5} %{buildroot}/etc/logrotate.d/libvirtd.uml -# WRS: End custom install +## Install hooks +mkdir -p $RPM_BUILD_ROOT/etc/libvirt/hooks +install -m 0500 %{SOURCE8} $RPM_BUILD_ROOT/etc/libvirt/hooks/qemu +# STX: End custom install %clean rm -fr %{buildroot} -# WRS: We are not maintaining the unit tests. +# STX: We are not maintaining the unit tests. # %check # cd tests # # These tests don't current work in a mock build root @@ -1631,7 +1635,7 @@ if [ $1 -ge 1 ] ; then fi %post daemon-config-network -# WRS: The 'with_network' flag doesn't work properly. There are some packaging +# STX: The 'with_network' flag doesn't work properly. There are some packaging # errors when using it. Disable default.xml manually ... # We don't want 'virbr0' and 'virbr0-nic' interfaces created. @@ -1777,11 +1781,11 @@ exit 0 %files -# WRS: Customization +# STX: Customization %dir /data/images/ %files docs -# TODO(WRS): NEWS is not present in git source repo. +# TODO(STX): NEWS is not present in git source repo. %doc AUTHORS ChangeLog.gz README %doc libvirt-docs/* @@ -1874,8 +1878,9 @@ exit 0 %doc examples/polkit/*.rules -# WRS: Customization +# STX: Customization /etc/logrotate.d/* +/etc/libvirt/hooks/qemu %files daemon-config-network %dir %{_datadir}/libvirt/networks/ @@ -2061,7 +2066,7 @@ exit 0 %{_bindir}/virt-pki-validate %{_bindir}/virt-host-validate -# WRS: Disable dtrace +# STX: Disable dtrace # %{_datadir}/systemtap/tapset/libvirt_probes*.stp # %{_datadir}/systemtap/tapset/libvirt_qemu_probes*.stp # %{_datadir}/systemtap/tapset/libvirt_functions.stp diff --git a/security/swtpm/files/qemu b/virt/libvirt/libvirt/hooks/qemu similarity index 60% rename from security/swtpm/files/qemu rename to virt/libvirt/libvirt/hooks/qemu index 654485453..469105bd9 100755 --- a/security/swtpm/files/qemu +++ b/virt/libvirt/libvirt/hooks/qemu @@ -34,6 +34,51 @@ OPERATION=$* logger -p info -t $0 "hook qemu file guest $GUEST_NAME with operation $OPERATION" +# CPU Low latency setup: +# +# A cpu is set to low latency when: +# 1) host is set to subfunction=lowlatency in platform.conf and +# 2) domain has dedicated pinning +# +# example of section when domain has dedicated pinning: +# +# +# +# +# +# +# +# example of section when domain has shared pinning: +# +# 4096 +# +# +# +# +# +# + +if [ "${OPERATION}" == "prepare begin -" ] || [ "${OPERATION}" == "stopped end -" ]; then + # verify this host is set as lowlatency + lowlat=$(cat /etc/platform/platform.conf 2>/dev/null | grep -E 'subfunction.*lowlatency') + if [ -n "${lowlat}" ]; then + # grab the settings and remove single quotes + CPUTUNE=$(echo ${XML_DATA} | grep -oP '(?<=)' | sed "s/'//g") + + # grab all cpuset pinned to a unique CPU. Treat them as dedicated + CPUSET=($(echo ${CPUTUNE} | grep -oP '(?<=cpuset=)[^/]+(?=.+emulator)' | grep -vP '[^0-9]')) + if [ ${#CPUSET[@]} -ne 0 ]; then + # convert to a comma separated list + CPUS=$(IFS=, ; echo "${CPUSET[*]}") + if [ "${OPERATION}" == "prepare begin -" ]; then + /usr/bin/set-cpu-wakeup-latency.sh "low" "${CPUS}" + else + /usr/bin/set-cpu-wakeup-latency.sh "high" "${CPUS}" + fi + fi + fi +fi + VTPM_OPER="" if [ "$OPERATION" == "prepare begin -" ]; then