|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] tools: add configure option for disabling pygrub
commit c9a899f7f497ce39aa7d5f35bf6f15feca94e260
Author: Juergen Gross <jgross@xxxxxxxx>
AuthorDate: Wed Aug 9 09:05:23 2023 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Aug 9 09:05:23 2023 +0200
tools: add configure option for disabling pygrub
Add a "--disable-pygrub" option for being able to disable the build
and installation of pygrub.
There are two main reasons to do so:
- A main reason to use pygrub is to allow a PV guest to choose its
bitness (32- or 64-bit). Pygrub allows that by looking into the boot
image and to start the guest in the correct mode depending on the
kernel selected. With 32-bit PV guests being deprecated and the
possibility to even build a hypervisor without 32-bit PV support,
this use case is gone for at least some configurations.
- Pygrub is running in dom0 with root privileges. As it is operating
on guest controlled data (the boot image) and taking decisions based
on this data, there is a higher security risk. Not being possible
to use pygrub is thus a step towards a reduction of attack surface.
Default is still to build and install pygrub.
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Acked-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
---
config/Tools.mk.in | 1 +
tools/Makefile | 2 +-
tools/config.h.in | 3 +++
tools/configure | 34 ++++++++++++++++++++++++++++++++++
tools/configure.ac | 5 +++++
5 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/config/Tools.mk.in b/config/Tools.mk.in
index b7cc2961d8..432d7496f1 100644
--- a/config/Tools.mk.in
+++ b/config/Tools.mk.in
@@ -48,6 +48,7 @@ CONFIG_QEMU_XEN := @qemu_xen@
CONFIG_QEMUU_EXTRA_ARGS:= @EXTRA_QEMUU_CONFIGURE_ARGS@
CONFIG_LIBNL := @libnl@
CONFIG_GOLANG := @golang@
+CONFIG_PYGRUB := @pygrub@
CONFIG_SYSTEMD := @systemd@
SYSTEMD_CFLAGS := @SYSTEMD_CFLAGS@
diff --git a/tools/Makefile b/tools/Makefile
index 1ff90ddfa0..bbd75ebc1a 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -36,7 +36,7 @@ SUBDIRS-$(CONFIG_X86) += debugger
SUBDIRS-$(CONFIG_TESTS) += tests
SUBDIRS-y += python
-SUBDIRS-y += pygrub
+SUBDIRS-$(CONFIG_PYGRUB) += pygrub
SUBDIRS-$(OCAML_TOOLS) += ocaml
ifeq ($(CONFIG_RUMP),y)
diff --git a/tools/config.h.in b/tools/config.h.in
index 3071cb3998..eacf1438d8 100644
--- a/tools/config.h.in
+++ b/tools/config.h.in
@@ -45,6 +45,9 @@
/* ROMBIOS enabled */
#undef HAVE_ROMBIOS
+/* pygrub enabled */
+#undef HAVE_PYGRUB
+
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
diff --git a/tools/configure b/tools/configure
index 52b4717d01..44ec7a6477 100755
--- a/tools/configure
+++ b/tools/configure
@@ -707,6 +707,7 @@ AS86
ipxe
qemu_traditional
LINUX_BACKEND_MODULES
+pygrub
golang
seabios
ovmf
@@ -811,6 +812,7 @@ enable_xsmpolicy
enable_ovmf
enable_seabios
enable_golang
+enable_pygrub
with_linux_backend_modules
enable_qemu_traditional
enable_ipxe
@@ -1498,6 +1500,7 @@ Optional Features:
--enable-ovmf Enable OVMF (default is DISABLED)
--disable-seabios Disable SeaBIOS (default is ENABLED)
--disable-golang Disable Go tools (default is ENABLED)
+ --disable-pygrub Disable pygrub (default is ENABLED)
--enable-qemu-traditional
Enable qemu traditional device model, (DEFAULT is
off)
@@ -4287,6 +4290,29 @@ golang=$ax_cv_golang
+# Check whether --enable-pygrub was given.
+if test "${enable_pygrub+set}" = set; then :
+ enableval=$enable_pygrub;
+fi
+
+
+if test "x$enable_pygrub" = "xno"; then :
+
+ ax_cv_pygrub="n"
+
+elif test "x$enable_pygrub" = "xyes"; then :
+
+ ax_cv_pygrub="y"
+
+elif test -z $ax_cv_pygrub; then :
+
+ ax_cv_pygrub="y"
+
+fi
+pygrub=$ax_cv_pygrub
+
+
+
# Check whether --with-linux-backend-modules was given.
if test "${with_linux_backend_modules+set}" = set; then :
@@ -4595,6 +4621,14 @@ else
fi
+if test "x$pygrub" = "xy"; then :
+
+
+$as_echo "#define HAVE_PYGRUB 1" >>confdefs.h
+
+
+fi
+
# Check whether --with-system-qemu was given.
if test "${with_system_qemu+set}" = set; then :
diff --git a/tools/configure.ac b/tools/configure.ac
index 3cccf41960..0d1c8f9fa3 100644
--- a/tools/configure.ac
+++ b/tools/configure.ac
@@ -89,6 +89,7 @@ AX_ARG_DEFAULT_ENABLE([xsmpolicy], [Disable XSM policy
compilation])
AX_ARG_DEFAULT_DISABLE([ovmf], [Enable OVMF])
AX_ARG_DEFAULT_ENABLE([seabios], [Disable SeaBIOS])
AX_ARG_DEFAULT_ENABLE([golang], [Disable Go tools])
+AX_ARG_DEFAULT_ENABLE([pygrub], [Disable pygrub])
AC_ARG_WITH([linux-backend-modules],
AS_HELP_STRING([--with-linux-backend-modules="mod1 mod2"],
@@ -184,6 +185,10 @@ AS_IF([test "x$enable_rombios" = "xyes"], [
])
AC_SUBST(rombios)
+AS_IF([test "x$pygrub" = "xy"], [
+ AC_DEFINE([HAVE_PYGRUB], [1], [pygrub enabled])
+])
+
AC_ARG_WITH([system-qemu],
AS_HELP_STRING([--with-system-qemu@<:@=PATH@:>@],
[Use system supplied qemu PATH or qemu (taken from $PATH) as qemu-xen
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |