From bcc832b2cedd5aeb7ef6111821416837ba22ccbc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 May 2025 08:42:07 -0400 Subject: [PATCH] qubes-libvchan-xen: link against non-versionned xen libraries Previous workaround to the xen upgrade race condition actually caused xen to be uninstalled on most systems, breaking the template. This is thus another approach at fixing the race condition by linking against non-versionned xen libraries. Thus, a minor version upgrade of xen will not cause libxenvchan.so to lose xen libraries. The linking process is changed by adding a step before linking where ld is linked against libraries where DT_SONAME has been patched with patchelf. This is not an elegant solution, but it does work. Ideally, we would find a way for seamless upgrading of xen while the proxy is up. --- qubes-libvchan-xen/APKBUILD | 20 ++++++++++++++++--- .../link-against-patched-libs.patch | 13 ++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 qubes-libvchan-xen/link-against-patched-libs.patch diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 301b715..88642dc 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,17 +2,30 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.7 -pkgrel=0 +pkgrel=1 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" url="https://github.com/QubesOS/qubes-core-vchan-xen" license='GPL' -makedepends="xen-dev coreutils" +depends="xen xen-dev" +makedepends="xen-dev coreutils patchelf" builddir="$srcdir"/qubes-core-vchan-xen-$pkgver subpackages="$pkgname-dev" -source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz + link-against-patched-libs.patch + " + +prepare() { + default_prepare + cd "$builddir"/vchan + for i in libxenvchan.so libxenctrl.so; do + cp /usr/lib/$i ./ + patchelf --set-soname $i $i + done +} build() { cd "$builddir"/vchan @@ -25,4 +38,5 @@ package() { sha512sums=" e6d85407e40ca12df5042ed2ed98d77b6e7b88360e4d6369c3c781c06654246ea81ceabfeae5a506537259fcca3db46f1fc0f1ded5e04e38035601e060fe24ed qubes-libvchan-xen-v4.2.7.tar.gz +db33b54121b172dfdbfddb620d56998f1be893608c23b5fbdfe373005650ab012c0462a4a01d8da12611c22c0bb9877c7b42f0bf58871dfc4474386c44ab2249 link-against-patched-libs.patch " diff --git a/qubes-libvchan-xen/link-against-patched-libs.patch b/qubes-libvchan-xen/link-against-patched-libs.patch new file mode 100644 index 0000000..b6a512f --- /dev/null +++ b/qubes-libvchan-xen/link-against-patched-libs.patch @@ -0,0 +1,13 @@ +diff --git a/vchan/Makefile.linux.orig b/vchan/Makefile.linux +index 587cb34..cccb5de 100644 +--- a/vchan/Makefile.linux.orig ++++ b/vchan/Makefile.linux +@@ -34,7 +34,7 @@ CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \ + SO_VER = 1 + + libvchan-xen.so.$(SO_VER): init.o io.o +- $(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ -lxenvchan -lxenctrl -lxenstore ++ $(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ ./libxenvchan.so ./libxenctrl.so -lxenstore + + libvchan-xen.so: libvchan-xen.so.$(SO_VER) + ln -sf $< $@ -- 2.49.1