qemu-e2k/configure

4557 lines
119 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# qemu configure script (c) 2003 Fabrice Bellard
#
# set temporary file name
if test ! -z "$TMPDIR" ; then
TMPDIR1="${TMPDIR}"
elif test ! -z "$TEMPDIR" ; then
TMPDIR1="${TEMPDIR}"
else
TMPDIR1="/tmp"
fi
TMPC="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.c"
TMPO="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.o"
TMPE="${TMPDIR1}/qemu-conf-${RANDOM}-$$-${RANDOM}.exe"
# NB: do not call "exit" in the trap handler; this is buggy with some shells;
# see <1285349658-3122-1-git-send-email-loic.minier@linaro.org>
trap "rm -f $TMPC $TMPO $TMPE" EXIT INT QUIT TERM
rm -f config.log
# Print a helpful header at the top of config.log
echo "# QEMU configure log $(date)" >> config.log
printf "# Configured with:" >> config.log
printf " '%s'" "$0" "$@" >> config.log
echo >> config.log
echo "#" >> config.log
error_exit() {
echo
echo "ERROR: $1"
while test -n "$2"; do
echo " $2"
shift
done
echo
exit 1
}
do_cc() {
# Run the compiler, capturing its output to the log.
echo $cc "$@" >> config.log
$cc "$@" >> config.log 2>&1 || return $?
# Test passed. If this is an --enable-werror build, rerun
# the test with -Werror and bail out if it fails. This
# makes warning-generating-errors in configure test code
# obvious to developers.
if test "$werror" != "yes"; then
return 0
fi
# Don't bother rerunning the compile if we were already using -Werror
case "$*" in
*-Werror*)
return 0
;;
esac
echo $cc -Werror "$@" >> config.log
$cc -Werror "$@" >> config.log 2>&1 && return $?
error_exit "configure test passed without -Werror but failed with -Werror." \
"This is probably a bug in the configure script. The failing command" \
"will be at the bottom of config.log." \
"You can run configure with --disable-werror to bypass this check."
}
compile_object() {
do_cc $QEMU_CFLAGS -c -o $TMPO $TMPC
}
compile_prog() {
local_cflags="$1"
local_ldflags="$2"
do_cc $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC $LDFLAGS $local_ldflags
}
# symbolically link $1 to $2. Portable version of "ln -sf".
symlink() {
rm -rf "$2"
mkdir -p "$(dirname "$2")"
ln -s "$1" "$2"
}
# check whether a command is available to this shell (may be either an
# executable or a builtin)
has() {
type "$1" >/dev/null 2>&1
}
# search for an executable in PATH
path_of() {
local_command="$1"
local_ifs="$IFS"
local_dir=""
# pathname has a dir component?
if [ "${local_command#*/}" != "$local_command" ]; then
if [ -x "$local_command" ] && [ ! -d "$local_command" ]; then
echo "$local_command"
return 0
fi
fi
if [ -z "$local_command" ]; then
return 1
fi
IFS=:
for local_dir in $PATH; do
if [ -x "$local_dir/$local_command" ] && [ ! -d "$local_dir/$local_command" ]; then
echo "$local_dir/$local_command"
IFS="${local_ifs:-$(printf ' \t\n')}"
return 0
fi
done
# not found
IFS="${local_ifs:-$(printf ' \t\n')}"
return 1
}
# default parameters
source_path=`dirname "$0"`
cpu=""
interp_prefix="/usr/gnemul/qemu-%M"
static="no"
cross_prefix=""
audio_drv_list=""
block_drv_rw_whitelist=""
block_drv_ro_whitelist=""
host_cc="cc"
libs_softmmu=""
libs_tools=""
audio_pt_int=""
audio_win_int=""
cc_i386=i386-pc-linux-gnu-gcc
libs_qga=""
debug_info="yes"
# Don't accept a target_list environment variable.
unset target_list
# Default value for a variable defining feature "foo".
# * foo="no" feature will only be used if --enable-foo arg is given
# * foo="" feature will be searched for, and if found, will be used
# unless --disable-foo is given
# * foo="yes" this value will only be set by --enable-foo flag.
# feature will searched for,
# if not found, configure exits with error
#
# Always add --enable-foo and --disable-foo command line args.
# Distributions want to ensure that several features are compiled in, and it
# is impossible without a --enable-foo that exits if a feature is not found.
bluez=""
brlapi=""
curl=""
curses=""
docs=""
fdt=""
pixman=""
sdl=""
virtfs=""
vnc="yes"
sparse="no"
uuid=""
vde=""
vnc_tls=""
vnc_sasl=""
vnc_jpeg=""
vnc_png=""
vnc_ws=""
xen=""
xen_ctrl_version=""
xen_pci_passthrough=""
linux_aio=""
cap_ng=""
attr=""
libattr=""
xfs=""
vhost_net="no"
vhost-scsi: new device supporting the tcm_vhost Linux kernel module The WWPN specified in configfs is passed to "-device vhost-scsi-pci". The tgpt field of the SET_ENDPOINT ioctl is obsolete now, so it is not available from the QEMU command-line. Instead, I hardcode it to zero. Changes in Patch-v2: - Add vhost_scsi_get_features() in order to determine feature bits supports by host kernel (mst + nab) - Re-enable usage of DEFINE_VIRTIO_COMMON_FEATURES, and allow EVENT_IDX to be disabled by host in vhost_scsi_get_features() - Drop unused hotplug bit in DEFINE_VHOST_SCSI_PROPERTIES Changes in Patch-v1: - Set event_idx=off by default (nab, thanks asias) - Disable hotplug feature bit for v3.9 tcm_vhost kernel code, need to re-enable in v3.10 (nab) - Update to latest qemu.git/master HEAD Changes in WIP-V3: - Drop ioeventfd vhost_scsi_properties (asias, thanks stefanha) - Add CONFIG_VHOST_SCSI (asias, thanks stefanha) - Add hotplug feature bit Changes in WIP-V2: - Add backend guest masking support (nab) - Bump ABI_VERSION to 1 (nab) - Set up set_guest_notifiers (asias) - Set up vs->dev.vq_index (asias) - Drop vs->vs.vdev.{set,clear}_vhost_endpoint (asias) - Drop VIRTIO_CONFIG_S_DRIVER check in vhost_scsi_set_status (asias) Howto: Use the latest seabios, at least commit b44a7be17b git clone git://git.seabios.org/seabios.git make cp out/bios.bin /usr/share/qemu/bios.bin qemu -device vhost-scsi-pci,wwpn=naa.6001405bd4e8476d,event_idx=off ... Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Asias He <asias@redhat.com> [ Rebase on top of VirtIOSCSICommon patch, fix bugs in feature negotiation and irqfd masking - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-29 01:08:16 +00:00
vhost_scsi="no"
kvm="no"
rdma=""
gprof="no"
debug_tcg="no"
debug="no"
strip_opt="yes"
tcg_interpreter="no"
bigendian="no"
mingw32="no"
gcov="no"
gcov_tool="gcov"
EXESUF=""
prefix="/usr/local"
mandir="\${prefix}/share/man"
datadir="\${prefix}/share"
qemu_docdir="\${prefix}/share/doc/qemu"
bindir="\${prefix}/bin"
2011-05-15 12:08:59 +03:00
libdir="\${prefix}/lib"
libexecdir="\${prefix}/libexec"
includedir="\${prefix}/include"
sysconfdir="\${prefix}/etc"
local_statedir="\${prefix}/var"
confsuffix="/qemu"
slirp="yes"
fmod_lib=""
fmod_inc=""
oss_lib=""
bsd="no"
linux="no"
solaris="no"
profiler="no"
cocoa="no"
softmmu="yes"
linux_user="no"
bsd_user="no"
guest_base="yes"
uname_release=""
mixemu="no"
aix="no"
blobs="yes"
pkgversion=""
pie=""
zero_malloc=""
qom_cast_debug="yes"
trace_backend="nop"
trace_file="trace"
spice=""
rbd=""
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
smartcard_nss=""
libusb=""
usb_redir=""
glx=""
zlib="yes"
guest_agent=""
want_tools="yes"
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
libiscsi=""
coroutine=""
seccomp=""
glusterfs=""
glusterfs_discard="no"
virtio_blk_data_plane=""
gtk=""
gtkabi="2.0"
tpm="no"
libssh2=""
# parse CC options first
for opt do
optarg=`expr "x$opt" : 'x[^=]*=\(.*\)'`
case "$opt" in
--cross-prefix=*) cross_prefix="$optarg"
;;
--cc=*) CC="$optarg"
;;
--source-path=*) source_path="$optarg"
;;
--cpu=*) cpu="$optarg"
;;
--extra-cflags=*) QEMU_CFLAGS="$optarg $QEMU_CFLAGS"
EXTRA_CFLAGS="$optarg"
;;
--extra-ldflags=*) LDFLAGS="$optarg $LDFLAGS"
EXTRA_LDFLAGS="$optarg"
;;
--enable-debug-info) debug_info="yes"
;;
--disable-debug-info) debug_info="no"
;;
esac
done
# OS specific
# Using uname is really, really broken. Once we have the right set of checks
# we can eliminate its usage altogether.
# Preferred compiler:
# ${CC} (if set)
# ${cross_prefix}gcc (if cross-prefix specified)
# system compiler
if test -z "${CC}${cross_prefix}"; then
cc="$host_cc"
else
cc="${CC-${cross_prefix}gcc}"
fi
ar="${AR-${cross_prefix}ar}"
as="${AS-${cross_prefix}as}"
cpp="${CPP-$cc -E}"
objcopy="${OBJCOPY-${cross_prefix}objcopy}"
ld="${LD-${cross_prefix}ld}"
libtool="${LIBTOOL-${cross_prefix}libtool}"
strip="${STRIP-${cross_prefix}strip}"
windres="${WINDRES-${cross_prefix}windres}"
pkg_config_exe="${PKG_CONFIG-${cross_prefix}pkg-config}"
query_pkg_config() {
"${pkg_config_exe}" ${QEMU_PKG_CONFIG_FLAGS} "$@"
}
pkg_config=query_pkg_config
sdl_config="${SDL_CONFIG-${cross_prefix}sdl-config}"
# default flags for all hosts
QEMU_CFLAGS="-fno-strict-aliasing $QEMU_CFLAGS"
QEMU_CFLAGS="-Wall -Wundef -Wwrite-strings -Wmissing-prototypes $QEMU_CFLAGS"
QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS"
QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS"
QEMU_INCLUDES="-I. -I\$(SRC_PATH) -I\$(SRC_PATH)/include"
if test "$debug_info" = "yes"; then
CFLAGS="-g $CFLAGS"
LDFLAGS="-g $LDFLAGS"
fi
# make source path absolute
source_path=`cd "$source_path"; pwd`
check_define() {
cat > $TMPC <<EOF
#if !defined($1)
#error $1 not defined
#endif
int main(void) { return 0; }
EOF
compile_object
}
if check_define __linux__ ; then
targetos="Linux"
elif check_define _WIN32 ; then
targetos='MINGW32'
elif check_define __OpenBSD__ ; then
targetos='OpenBSD'
elif check_define __sun__ ; then
targetos='SunOS'
elif check_define __HAIKU__ ; then
targetos='Haiku'
else
targetos=`uname -s`
fi
# Some host OSes need non-standard checks for which CPU to use.
# Note that these checks are broken for cross-compilation: if you're
# cross-compiling to one of these OSes then you'll need to specify
# the correct CPU with the --cpu option.
case $targetos in
Darwin)
# on Leopard most of the system is 32-bit, so we have to ask the kernel if we can
# run 64-bit userspace code.
# If the user didn't specify a CPU explicitly and the kernel says this is
# 64 bit hw, then assume x86_64. Otherwise fall through to the usual detection code.
if test -z "$cpu" && test "$(sysctl -n hw.optional.x86_64)" = "1"; then
cpu="x86_64"
fi
;;
SunOS)
# `uname -m` returns i86pc even on an x86_64 box, so default based on isainfo
if test -z "$cpu" && test "$(isainfo -k)" = "amd64"; then
cpu="x86_64"
fi
esac
if test ! -z "$cpu" ; then
# command line argument
:
elif check_define __i386__ ; then
cpu="i386"
elif check_define __x86_64__ ; then
cpu="x86_64"
elif check_define __sparc__ ; then
if check_define __arch64__ ; then
cpu="sparc64"
else
cpu="sparc"
fi
elif check_define _ARCH_PPC ; then
if check_define _ARCH_PPC64 ; then
cpu="ppc64"
else
cpu="ppc"
fi
elif check_define __mips__ ; then
cpu="mips"
tcg: initial ia64 support A few words about design choices: * On IA64, instructions should be grouped by bundle, and dependencies between instructions declared. A first version of this code tried to schedule instructions automatically, but was very complex and too invasive for the current common TCG code (ops not ending at instruction boundaries, code retranslation breaking already generated code, etc.) It was also not very efficient, as dependencies between TCG ops is not available. Instead the option taken by the current implementation does not try to fill the bundle by scheduling instructions, but by providing ops not available as an ia64 instruction, and by offering 22-bit constant loading for most of the instructions. With both options the bundle are filled at approximately the same level. * Up to 128 registers can be affected to a function on IA64, but TCG limits this number to 64, which is actually more than enough. The register affectation is the following: - r0: used to map a constant argument with value 0 - r1: global pointer - r2, r3: internal use - r4 to r6: not used to avoid saving them - r7: env structure - r8 to r11: free for TCG (call clobbered) - r12: stack pointer - r13: thread pointer - r14 to r31: free for TCG (call clobbered) - r32: reserved (return address) - r33: reserved (PFS) - r33 to r63: free for TCG * The IA64 architecture has only 64-bit registers and no 32-bit instructions (the only exception being cmp4). Therefore 64-bit registers and instructions are used for 32-bit ops. The adopted strategy is the same as the ABI, that is the higher 32 bits are undefined. Most ops (and, or, add, shl, etc.) can directly use the 64-bit registers, while some others have to sign-extend (sar, div, etc.) or zero-extend (shr, divu, etc.) the register first. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-03-29 02:12:51 +02:00
elif check_define __ia64__ ; then
cpu="ia64"
elif check_define __s390__ ; then
if check_define __s390x__ ; then
cpu="s390x"
else
cpu="s390"
fi
elif check_define __arm__ ; then
cpu="arm"
elif check_define __aarch64__ ; then
cpu="aarch64"
elif check_define __hppa__ ; then
cpu="hppa"
else
cpu=`uname -m`
fi
ARCH=
# Normalise host CPU name and set ARCH.
# Note that this case should only have supported host CPUs, not guests.
case "$cpu" in
ia64|ppc|ppc64|s390|s390x|sparc64)
cpu="$cpu"
;;
i386|i486|i586|i686|i86pc|BePC)
cpu="i386"
;;
x86_64|amd64)
cpu="x86_64"
;;
armv*b|armv*l|arm)
cpu="arm"
;;
aarch64)
cpu="aarch64"
;;
hppa|parisc|parisc64)
cpu="hppa"
;;
mips*)
cpu="mips"
;;
sparc|sun4[cdmuv])
cpu="sparc"
;;
*)
# This will result in either an error or falling back to TCI later
ARCH=unknown
;;
esac
if test -z "$ARCH"; then
ARCH="$cpu"
fi
# OS specific
case $targetos in
CYGWIN*)
mingw32="yes"
QEMU_CFLAGS="-mno-cygwin $QEMU_CFLAGS"
audio_possible_drivers="winwave sdl"
audio_drv_list="winwave"
;;
MINGW32*)
mingw32="yes"
audio_possible_drivers="winwave dsound sdl fmod"
audio_drv_list="winwave"
;;
GNU/kFreeBSD)
bsd="yes"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd pa"
;;
FreeBSD)
bsd="yes"
make="${MAKE-gmake}"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd pa"
# needed for kinfo_getvmmap(3) in libutil.h
LIBS="-lutil $LIBS"
;;
DragonFly)
bsd="yes"
make="${MAKE-gmake}"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd pa"
;;
NetBSD)
bsd="yes"
make="${MAKE-gmake}"
audio_drv_list="oss"
audio_possible_drivers="oss sdl esd"
oss_lib="-lossaudio"
;;
OpenBSD)
bsd="yes"
make="${MAKE-gmake}"
audio_drv_list="sdl"
audio_possible_drivers="sdl esd"
;;
Darwin)
bsd="yes"
darwin="yes"
if [ "$cpu" = "x86_64" ] ; then
QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
LDFLAGS="-arch x86_64 $LDFLAGS"
else
QEMU_CFLAGS="-mdynamic-no-pic $QEMU_CFLAGS"
fi
cocoa="yes"
audio_drv_list="coreaudio"
audio_possible_drivers="coreaudio sdl fmod"
LDFLAGS="-framework CoreFoundation -framework IOKit $LDFLAGS"
libs_softmmu="-F/System/Library/Frameworks -framework Cocoa -framework IOKit $libs_softmmu"
# Disable attempts to use ObjectiveC features in os/object.h since they
# won't work when we're compiling with gcc as a C compiler.
QEMU_CFLAGS="-DOS_OBJECT_USE_OBJC=0 $QEMU_CFLAGS"
;;
SunOS)
solaris="yes"
make="${MAKE-gmake}"
install="${INSTALL-ginstall}"
ld="gld"
smbd="${SMBD-/usr/sfw/sbin/smbd}"
needs_libsunmath="no"
solarisrev=`uname -r | cut -f2 -d.`
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
if test "$solarisrev" -le 9 ; then
if test -f /opt/SUNWspro/prod/lib/libsunmath.so.1; then
needs_libsunmath="yes"
QEMU_CFLAGS="-I/opt/SUNWspro/prod/include/cc $QEMU_CFLAGS"
LDFLAGS="-L/opt/SUNWspro/prod/lib -R/opt/SUNWspro/prod/lib $LDFLAGS"
LIBS="-lsunmath $LIBS"
else
error_exit "QEMU will not link correctly on Solaris 8/X86 or 9/x86 without" \
"libsunmath from the Sun Studio compilers tools, due to a lack of" \
"C99 math features in libm.so in Solaris 8/x86 and Solaris 9/x86" \
"Studio 11 can be downloaded from www.sun.com."
fi
fi
fi
if test -f /usr/include/sys/soundcard.h ; then
audio_drv_list="oss"
fi
audio_possible_drivers="oss sdl"
# needed for CMSG_ macros in sys/socket.h
QEMU_CFLAGS="-D_XOPEN_SOURCE=600 $QEMU_CFLAGS"
# needed for TIOCWIN* defines in termios.h
QEMU_CFLAGS="-D__EXTENSIONS__ $QEMU_CFLAGS"
QEMU_CFLAGS="-std=gnu99 $QEMU_CFLAGS"
solarisnetlibs="-lsocket -lnsl -lresolv"
LIBS="$solarisnetlibs $LIBS"
libs_qga="$solarisnetlibs $libs_qga"
;;
AIX)
aix="yes"
make="${MAKE-gmake}"
;;
Haiku)
haiku="yes"
QEMU_CFLAGS="-DB_USE_POSITIVE_POSIX_ERRORS $QEMU_CFLAGS"
LIBS="-lposix_error_mapper -lnetwork $LIBS"
;;
*)
audio_drv_list="oss"
audio_possible_drivers="oss alsa sdl esd pa"
linux="yes"
linux_user="yes"
usb="linux"
kvm="yes"
vhost_net="yes"
vhost-scsi: new device supporting the tcm_vhost Linux kernel module The WWPN specified in configfs is passed to "-device vhost-scsi-pci". The tgpt field of the SET_ENDPOINT ioctl is obsolete now, so it is not available from the QEMU command-line. Instead, I hardcode it to zero. Changes in Patch-v2: - Add vhost_scsi_get_features() in order to determine feature bits supports by host kernel (mst + nab) - Re-enable usage of DEFINE_VIRTIO_COMMON_FEATURES, and allow EVENT_IDX to be disabled by host in vhost_scsi_get_features() - Drop unused hotplug bit in DEFINE_VHOST_SCSI_PROPERTIES Changes in Patch-v1: - Set event_idx=off by default (nab, thanks asias) - Disable hotplug feature bit for v3.9 tcm_vhost kernel code, need to re-enable in v3.10 (nab) - Update to latest qemu.git/master HEAD Changes in WIP-V3: - Drop ioeventfd vhost_scsi_properties (asias, thanks stefanha) - Add CONFIG_VHOST_SCSI (asias, thanks stefanha) - Add hotplug feature bit Changes in WIP-V2: - Add backend guest masking support (nab) - Bump ABI_VERSION to 1 (nab) - Set up set_guest_notifiers (asias) - Set up vs->dev.vq_index (asias) - Drop vs->vs.vdev.{set,clear}_vhost_endpoint (asias) - Drop VIRTIO_CONFIG_S_DRIVER check in vhost_scsi_set_status (asias) Howto: Use the latest seabios, at least commit b44a7be17b git clone git://git.seabios.org/seabios.git make cp out/bios.bin /usr/share/qemu/bios.bin qemu -device vhost-scsi-pci,wwpn=naa.6001405bd4e8476d,event_idx=off ... Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Asias He <asias@redhat.com> [ Rebase on top of VirtIOSCSICommon patch, fix bugs in feature negotiation and irqfd masking - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-29 01:08:16 +00:00
vhost_scsi="yes"
if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
audio_possible_drivers="$audio_possible_drivers fmod"
fi
QEMU_INCLUDES="-I\$(SRC_PATH)/linux-headers -I$(pwd)/linux-headers $QEMU_INCLUDES"
;;
esac
if [ "$bsd" = "yes" ] ; then
if [ "$darwin" != "yes" ] ; then
if [ "$targetos" != "FreeBSD" ]; then
usb="bsd"
fi
bsd_user="yes"
fi
fi
: ${make=${MAKE-make}}
: ${install=${INSTALL-install}}
: ${python=${PYTHON-python}}
: ${smbd=${SMBD-/usr/sbin/smbd}}
# Default objcc to clang if available, otherwise use CC
if has clang; then
objcc=clang
else
objcc="$cc"
fi
if test "$mingw32" = "yes" ; then
EXESUF=".exe"
QEMU_CFLAGS="-DWIN32_LEAN_AND_MEAN -DWINVER=0x501 $QEMU_CFLAGS"
# enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later)
QEMU_CFLAGS="-D__USE_MINGW_ANSI_STDIO=1 $QEMU_CFLAGS"
LIBS="-lwinmm -lws2_32 -liphlpapi $LIBS"
cat > $TMPC << EOF
int main(void) { return 0; }
EOF
if compile_prog "" "-liberty" ; then
LIBS="-liberty $LIBS"
fi
prefix="c:/Program Files/QEMU"
mandir="\${prefix}"
datadir="\${prefix}"
qemu_docdir="\${prefix}"
bindir="\${prefix}"
sysconfdir="\${prefix}"
local_statedir=
confsuffix=""
libs_qga="-lws2_32 -lwinmm -lpowrprof $libs_qga"
fi
werror=""
for opt do
optarg=`expr "x$opt" : 'x[^=]*=\(.*\)'`
case "$opt" in
--help|-h) show_help=yes
;;
--version|-V) exec cat $source_path/VERSION
;;
--prefix=*) prefix="$optarg"
;;
--interp-prefix=*) interp_prefix="$optarg"
;;
--source-path=*)
;;
--cross-prefix=*)
;;
--cc=*)
;;
--host-cc=*) host_cc="$optarg"
;;
--objcc=*) objcc="$optarg"
;;
--make=*) make="$optarg"
;;
--install=*) install="$optarg"
;;
--python=*) python="$optarg"
;;
--gcov=*) gcov_tool="$optarg"
;;
--smbd=*) smbd="$optarg"
;;
--extra-cflags=*)
;;
--extra-ldflags=*)
;;
--enable-debug-info)
;;
--disable-debug-info)
;;
--cpu=*)
;;
--target-list=*) target_list="$optarg"
;;
--enable-trace-backend=*) trace_backend="$optarg"
;;
--with-trace-file=*) trace_file="$optarg"
;;
--enable-gprof) gprof="yes"
;;
--enable-gcov) gcov="yes"
;;
--static)
static="yes"
LDFLAGS="-static $LDFLAGS"
QEMU_PKG_CONFIG_FLAGS="--static $QEMU_PKG_CONFIG_FLAGS"
;;
--mandir=*) mandir="$optarg"
;;
--bindir=*) bindir="$optarg"
;;
2011-05-15 12:08:59 +03:00
--libdir=*) libdir="$optarg"
;;
--libexecdir=*) libexecdir="$optarg"
;;
--includedir=*) includedir="$optarg"
;;
--datadir=*) datadir="$optarg"
;;
--with-confsuffix=*) confsuffix="$optarg"
;;
--docdir=*) qemu_docdir="$optarg"
;;
--sysconfdir=*) sysconfdir="$optarg"
;;
--localstatedir=*) local_statedir="$optarg"
;;
--sbindir=*|--sharedstatedir=*|\
--oldincludedir=*|--datarootdir=*|--infodir=*|--localedir=*|\
--htmldir=*|--dvidir=*|--pdfdir=*|--psdir=*)
# These switches are silently ignored, for compatibility with
# autoconf-generated configure scripts. This allows QEMU's
# configure to be used by RPM and similar macros that set
# lots of directory switches by default.
;;
--with-system-pixman) pixman="system"
;;
--without-system-pixman) pixman="internal"
;;
--without-pixman) pixman="none"
;;
--disable-sdl) sdl="no"
;;
--enable-sdl) sdl="yes"
;;
--disable-qom-cast-debug) qom_cast_debug="no"
;;
--enable-qom-cast-debug) qom_cast_debug="yes"
;;
--disable-virtfs) virtfs="no"
;;
--enable-virtfs) virtfs="yes"
;;
--disable-vnc) vnc="no"
;;
--enable-vnc) vnc="yes"
;;
--fmod-lib=*) fmod_lib="$optarg"
;;
--fmod-inc=*) fmod_inc="$optarg"
;;
--oss-lib=*) oss_lib="$optarg"
;;
--audio-drv-list=*) audio_drv_list="$optarg"
;;
--block-drv-rw-whitelist=*|--block-drv-whitelist=*) block_drv_rw_whitelist=`echo "$optarg" | sed -e 's/,/ /g'`
;;
--block-drv-ro-whitelist=*) block_drv_ro_whitelist=`echo "$optarg" | sed -e 's/,/ /g'`
;;
--enable-debug-tcg) debug_tcg="yes"
;;
--disable-debug-tcg) debug_tcg="no"
;;
--enable-debug)
# Enable debugging options that aren't excessively noisy
debug_tcg="yes"
debug="yes"
strip_opt="no"
;;
--enable-sparse) sparse="yes"
;;
--disable-sparse) sparse="no"
;;
--disable-strip) strip_opt="no"
;;
--disable-vnc-tls) vnc_tls="no"
;;
--enable-vnc-tls) vnc_tls="yes"
;;
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
--disable-vnc-sasl) vnc_sasl="no"
;;
--enable-vnc-sasl) vnc_sasl="yes"
;;
--disable-vnc-jpeg) vnc_jpeg="no"
;;
--enable-vnc-jpeg) vnc_jpeg="yes"
;;
--disable-vnc-png) vnc_png="no"
;;
--enable-vnc-png) vnc_png="yes"
;;
--disable-vnc-ws) vnc_ws="no"
;;
--enable-vnc-ws) vnc_ws="yes"
;;
--disable-slirp) slirp="no"
;;
--disable-uuid) uuid="no"
;;
--enable-uuid) uuid="yes"
;;
--disable-vde) vde="no"
;;
--enable-vde) vde="yes"
;;
--disable-xen) xen="no"
;;
--enable-xen) xen="yes"
;;
--disable-xen-pci-passthrough) xen_pci_passthrough="no"
;;
--enable-xen-pci-passthrough) xen_pci_passthrough="yes"
;;
--disable-brlapi) brlapi="no"
;;
--enable-brlapi) brlapi="yes"
;;
--disable-bluez) bluez="no"
;;
--enable-bluez) bluez="yes"
;;
--disable-kvm) kvm="no"
;;
--enable-kvm) kvm="yes"
;;
--disable-tcg-interpreter) tcg_interpreter="no"
;;
--enable-tcg-interpreter) tcg_interpreter="yes"
;;
--disable-cap-ng) cap_ng="no"
;;
--enable-cap-ng) cap_ng="yes"
;;
2010-03-24 10:26:51 +01:00
--disable-spice) spice="no"
;;
--enable-spice) spice="yes"
;;
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
--disable-libiscsi) libiscsi="no"
;;
--enable-libiscsi) libiscsi="yes"
;;
--enable-profiler) profiler="yes"
;;
--disable-cocoa) cocoa="no"
;;
--enable-cocoa)
cocoa="yes" ;
sdl="no" ;
audio_drv_list="coreaudio `echo $audio_drv_list | sed s,coreaudio,,g`"
;;
--disable-system) softmmu="no"
;;
--enable-system) softmmu="yes"
;;
--disable-user)
linux_user="no" ;
bsd_user="no" ;
;;
--enable-user) ;;
--disable-linux-user) linux_user="no"
;;
--enable-linux-user) linux_user="yes"
;;
--disable-bsd-user) bsd_user="no"
;;
--enable-bsd-user) bsd_user="yes"
;;
--enable-guest-base) guest_base="yes"
;;
--disable-guest-base) guest_base="no"
;;
--enable-pie) pie="yes"
;;
--disable-pie) pie="no"
;;
--enable-uname-release=*) uname_release="$optarg"
;;
--enable-werror) werror="yes"
;;
--disable-werror) werror="no"
;;
--disable-curses) curses="no"
;;
--enable-curses) curses="yes"
;;
--disable-curl) curl="no"
;;
--enable-curl) curl="yes"
;;
--disable-fdt) fdt="no"
;;
--enable-fdt) fdt="yes"
;;
--enable-mixemu) mixemu="yes"
;;
--disable-linux-aio) linux_aio="no"
;;
--enable-linux-aio) linux_aio="yes"
;;
--disable-attr) attr="no"
;;
--enable-attr) attr="yes"
;;
--disable-blobs) blobs="no"
;;
--with-pkgversion=*) pkgversion=" ($optarg)"
;;
--with-coroutine=*) coroutine="$optarg"
;;
--disable-docs) docs="no"
;;
--enable-docs) docs="yes"
;;
--disable-vhost-net) vhost_net="no"
;;
--enable-vhost-net) vhost_net="yes"
;;
vhost-scsi: new device supporting the tcm_vhost Linux kernel module The WWPN specified in configfs is passed to "-device vhost-scsi-pci". The tgpt field of the SET_ENDPOINT ioctl is obsolete now, so it is not available from the QEMU command-line. Instead, I hardcode it to zero. Changes in Patch-v2: - Add vhost_scsi_get_features() in order to determine feature bits supports by host kernel (mst + nab) - Re-enable usage of DEFINE_VIRTIO_COMMON_FEATURES, and allow EVENT_IDX to be disabled by host in vhost_scsi_get_features() - Drop unused hotplug bit in DEFINE_VHOST_SCSI_PROPERTIES Changes in Patch-v1: - Set event_idx=off by default (nab, thanks asias) - Disable hotplug feature bit for v3.9 tcm_vhost kernel code, need to re-enable in v3.10 (nab) - Update to latest qemu.git/master HEAD Changes in WIP-V3: - Drop ioeventfd vhost_scsi_properties (asias, thanks stefanha) - Add CONFIG_VHOST_SCSI (asias, thanks stefanha) - Add hotplug feature bit Changes in WIP-V2: - Add backend guest masking support (nab) - Bump ABI_VERSION to 1 (nab) - Set up set_guest_notifiers (asias) - Set up vs->dev.vq_index (asias) - Drop vs->vs.vdev.{set,clear}_vhost_endpoint (asias) - Drop VIRTIO_CONFIG_S_DRIVER check in vhost_scsi_set_status (asias) Howto: Use the latest seabios, at least commit b44a7be17b git clone git://git.seabios.org/seabios.git make cp out/bios.bin /usr/share/qemu/bios.bin qemu -device vhost-scsi-pci,wwpn=naa.6001405bd4e8476d,event_idx=off ... Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Asias He <asias@redhat.com> [ Rebase on top of VirtIOSCSICommon patch, fix bugs in feature negotiation and irqfd masking - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-29 01:08:16 +00:00
--disable-vhost-scsi) vhost_scsi="no"
;;
--enable-vhost-scsi) vhost_scsi="yes"
;;
--disable-glx) glx="no"
;;
--enable-glx) glx="yes"
;;
--disable-rbd) rbd="no"
;;
--enable-rbd) rbd="yes"
;;
--disable-xfsctl) xfs="no"
;;
--enable-xfsctl) xfs="yes"
;;
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
--disable-smartcard-nss) smartcard_nss="no"
;;
--enable-smartcard-nss) smartcard_nss="yes"
;;
--disable-libusb) libusb="no"
;;
--enable-libusb) libusb="yes"
;;
--disable-usb-redir) usb_redir="no"
;;
--enable-usb-redir) usb_redir="yes"
;;
--disable-zlib-test) zlib="no"
;;
--enable-guest-agent) guest_agent="yes"
;;
--disable-guest-agent) guest_agent="no"
;;
--enable-tools) want_tools="yes"
;;
--disable-tools) want_tools="no"
;;
--enable-seccomp) seccomp="yes"
;;
--disable-seccomp) seccomp="no"
;;
--disable-glusterfs) glusterfs="no"
;;
--enable-glusterfs) glusterfs="yes"
;;
--disable-virtio-blk-data-plane) virtio_blk_data_plane="no"
;;
--enable-virtio-blk-data-plane) virtio_blk_data_plane="yes"
;;
--disable-gtk) gtk="no"
;;
--enable-gtk) gtk="yes"
;;
--enable-rdma) rdma="yes"
;;
--disable-rdma) rdma="no"
;;
--with-gtkabi=*) gtkabi="$optarg"
;;
--enable-tpm) tpm="yes"
;;
--disable-libssh2) libssh2="no"
;;
--enable-libssh2) libssh2="yes"
;;
*) echo "ERROR: unknown option $opt"; show_help="yes"
;;
esac
done
case "$cpu" in
sparc)
LDFLAGS="-m32 $LDFLAGS"
CPU_CFLAGS="-m32 -mcpu=ultrasparc"
;;
sparc64)
LDFLAGS="-m64 $LDFLAGS"
CPU_CFLAGS="-m64 -mcpu=ultrasparc"
;;
s390)
CPU_CFLAGS="-m31 -march=z990"
LDFLAGS="-m31 $LDFLAGS"
;;
s390x)
CPU_CFLAGS="-m64 -march=z990"
LDFLAGS="-m64 $LDFLAGS"
;;
i386)
CPU_CFLAGS="-m32"
LDFLAGS="-m32 $LDFLAGS"
cc_i386='$(CC) -m32'
;;
x86_64)
CPU_CFLAGS="-m64"
LDFLAGS="-m64 $LDFLAGS"
cc_i386='$(CC) -m32'
;;
# No special flags required for other host CPUs
esac
QEMU_CFLAGS="$CPU_CFLAGS $QEMU_CFLAGS"
EXTRA_CFLAGS="$CPU_CFLAGS $EXTRA_CFLAGS"
default_target_list=""
mak_wilds=""
if [ "$softmmu" = "yes" ]; then
mak_wilds="${mak_wilds} $source_path/default-configs/*-softmmu.mak"
fi
if [ "$linux_user" = "yes" ]; then
mak_wilds="${mak_wilds} $source_path/default-configs/*-linux-user.mak"
fi
if [ "$bsd_user" = "yes" ]; then
mak_wilds="${mak_wilds} $source_path/default-configs/*-bsd-user.mak"
fi
for config in $mak_wilds; do
default_target_list="${default_target_list} $(basename "$config" .mak)"
done
if test x"$show_help" = x"yes" ; then
cat << EOF
Usage: configure [options]
Options: [defaults in brackets after descriptions]
EOF
echo "Standard options:"
echo " --help print this message"
echo " --prefix=PREFIX install in PREFIX [$prefix]"
echo " --interp-prefix=PREFIX where to find shared libraries, etc."
echo " use %M for cpu name [$interp_prefix]"
echo " --target-list=LIST set target list (default: build everything)"
echo "Available targets: $default_target_list" | \
fold -s -w 53 | sed -e 's/^/ /'
echo ""
echo "Advanced options (experts only):"
echo " --source-path=PATH path of source code [$source_path]"
echo " --cross-prefix=PREFIX use PREFIX for compile tools [$cross_prefix]"
echo " --cc=CC use C compiler CC [$cc]"
echo " --host-cc=CC use C compiler CC [$host_cc] for code run at"
echo " build time"
echo " --objcc=OBJCC use Objective-C compiler OBJCC [$objcc]"
echo " --extra-cflags=CFLAGS append extra C compiler flags QEMU_CFLAGS"
echo " --extra-ldflags=LDFLAGS append extra linker flags LDFLAGS"
echo " --make=MAKE use specified make [$make]"
echo " --install=INSTALL use specified install [$install]"
echo " --python=PYTHON use specified python [$python]"
echo " --smbd=SMBD use specified smbd [$smbd]"
echo " --static enable static build [$static]"
echo " --mandir=PATH install man pages in PATH"
echo " --datadir=PATH install firmware in PATH$confsuffix"
echo " --docdir=PATH install documentation in PATH$confsuffix"
echo " --bindir=PATH install binaries in PATH"
echo " --libdir=PATH install libraries in PATH"
echo " --sysconfdir=PATH install config in PATH$confsuffix"
echo " --localstatedir=PATH install local state in PATH (set at runtime on win32)"
echo " --with-confsuffix=SUFFIX suffix for QEMU data inside datadir and sysconfdir [$confsuffix]"
echo " --enable-debug-tcg enable TCG debugging"
echo " --disable-debug-tcg disable TCG debugging (default)"
echo " --enable-debug-info enable debugging information (default)"
echo " --disable-debug-info disable debugging information"
echo " --enable-debug enable common debug build options"
echo " --enable-sparse enable sparse checker"
echo " --disable-sparse disable sparse checker (default)"
echo " --disable-strip disable stripping binaries"
echo " --disable-werror disable compilation abort on warning"
echo " --disable-sdl disable SDL"
echo " --enable-sdl enable SDL"
echo " --disable-gtk disable gtk UI"
echo " --enable-gtk enable gtk UI"
echo " --disable-virtfs disable VirtFS"
echo " --enable-virtfs enable VirtFS"
echo " --disable-vnc disable VNC"
echo " --enable-vnc enable VNC"
echo " --disable-cocoa disable Cocoa (Mac OS X only)"
echo " --enable-cocoa enable Cocoa (default on Mac OS X)"
echo " --audio-drv-list=LIST set audio drivers list:"
echo " Available drivers: $audio_possible_drivers"
echo " --block-drv-whitelist=L Same as --block-drv-rw-whitelist=L"
echo " --block-drv-rw-whitelist=L"
echo " set block driver read-write whitelist"
echo " (affects only QEMU, not qemu-img)"
echo " --block-drv-ro-whitelist=L"
echo " set block driver read-only whitelist"
echo " (affects only QEMU, not qemu-img)"
echo " --enable-mixemu enable mixer emulation"
echo " --disable-xen disable xen backend driver support"
echo " --enable-xen enable xen backend driver support"
echo " --disable-xen-pci-passthrough"
echo " --enable-xen-pci-passthrough"
echo " --disable-brlapi disable BrlAPI"
echo " --enable-brlapi enable BrlAPI"
echo " --disable-vnc-tls disable TLS encryption for VNC server"
echo " --enable-vnc-tls enable TLS encryption for VNC server"
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
echo " --disable-vnc-sasl disable SASL encryption for VNC server"
echo " --enable-vnc-sasl enable SASL encryption for VNC server"
echo " --disable-vnc-jpeg disable JPEG lossy compression for VNC server"
echo " --enable-vnc-jpeg enable JPEG lossy compression for VNC server"
echo " --disable-vnc-png disable PNG compression for VNC server (default)"
echo " --enable-vnc-png enable PNG compression for VNC server"
echo " --disable-vnc-ws disable Websockets support for VNC server"
echo " --enable-vnc-ws enable Websockets support for VNC server"
echo " --disable-curses disable curses output"
echo " --enable-curses enable curses output"
echo " --disable-curl disable curl connectivity"
echo " --enable-curl enable curl connectivity"
echo " --disable-fdt disable fdt device tree"
echo " --enable-fdt enable fdt device tree"
echo " --disable-bluez disable bluez stack connectivity"
echo " --enable-bluez enable bluez stack connectivity"
echo " --disable-slirp disable SLIRP userspace network connectivity"
echo " --disable-kvm disable KVM acceleration support"
echo " --enable-kvm enable KVM acceleration support"
echo " --disable-rdma disable RDMA-based migration support"
echo " --enable-rdma enable RDMA-based migration support"
echo " --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI)"
echo " --enable-system enable all system emulation targets"
echo " --disable-system disable all system emulation targets"
echo " --enable-user enable supported user emulation targets"
echo " --disable-user disable all user emulation targets"
echo " --enable-linux-user enable all linux usermode emulation targets"
echo " --disable-linux-user disable all linux usermode emulation targets"
echo " --enable-bsd-user enable all BSD usermode emulation targets"
echo " --disable-bsd-user disable all BSD usermode emulation targets"
echo " --enable-guest-base enable GUEST_BASE support for usermode"
echo " emulation targets"
echo " --disable-guest-base disable GUEST_BASE support"
echo " --enable-pie build Position Independent Executables"
echo " --disable-pie do not build Position Independent Executables"
echo " --fmod-lib path to FMOD library"
echo " --fmod-inc path to FMOD includes"
echo " --oss-lib path to OSS library"
echo " --enable-uname-release=R Return R for uname -r in usermode emulation"
echo " --cpu=CPU Build for host CPU [$cpu]"
echo " --disable-uuid disable uuid support"
echo " --enable-uuid enable uuid support"
echo " --disable-vde disable support for vde network"
echo " --enable-vde enable support for vde network"
echo " --disable-linux-aio disable Linux AIO support"
echo " --enable-linux-aio enable Linux AIO support"
echo " --disable-cap-ng disable libcap-ng support"
echo " --enable-cap-ng enable libcap-ng support"
echo " --disable-attr disables attr and xattr support"
echo " --enable-attr enable attr and xattr support"
echo " --disable-blobs disable installing provided firmware blobs"
echo " --enable-docs enable documentation build"
echo " --disable-docs disable documentation build"
echo " --disable-vhost-net disable vhost-net acceleration support"
echo " --enable-vhost-net enable vhost-net acceleration support"
echo " --enable-trace-backend=B Set trace backend"
echo " Available backends:" $($python "$source_path"/scripts/tracetool.py --list-backends)
echo " --with-trace-file=NAME Full PATH,NAME of file to store traces"
echo " Default:trace-<pid>"
2010-03-24 10:26:51 +01:00
echo " --disable-spice disable spice"
echo " --enable-spice enable spice"
echo " --enable-rbd enable building the rados block device (rbd)"
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
echo " --disable-libiscsi disable iscsi support"
echo " --enable-libiscsi enable iscsi support"
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
echo " --disable-smartcard-nss disable smartcard nss support"
echo " --enable-smartcard-nss enable smartcard nss support"
echo " --disable-libusb disable libusb (for usb passthrough)"
echo " --enable-libusb enable libusb (for usb passthrough)"
echo " --disable-usb-redir disable usb network redirection support"
echo " --enable-usb-redir enable usb network redirection support"
echo " --disable-guest-agent disable building of the QEMU Guest Agent"
echo " --enable-guest-agent enable building of the QEMU Guest Agent"
echo " --disable-seccomp disable seccomp support"
echo " --enable-seccomp enables seccomp support"
echo " --with-coroutine=BACKEND coroutine backend. Supported options:"
echo " gthread, ucontext, sigaltstack, windows"
echo " --enable-glusterfs enable GlusterFS backend"
echo " --disable-glusterfs disable GlusterFS backend"
echo " --enable-gcov enable test coverage analysis with gcov"
echo " --gcov=GCOV use specified gcov [$gcov_tool]"
echo " --enable-tpm enable TPM support"
echo " --disable-libssh2 disable ssh block device support"
echo " --enable-libssh2 enable ssh block device support"
echo ""
echo "NOTE: The object files are built at the place where configure is launched"
exit 1
fi
# Now we have handled --enable-tcg-interpreter and know we're not just
# printing the help message, bail out if the host CPU isn't supported.
if test "$ARCH" = "unknown"; then
if test "$tcg_interpreter" = "yes" ; then
echo "Unsupported CPU = $cpu, will use TCG with TCI (experimental)"
ARCH=tci
else
error_exit "Unsupported CPU = $cpu, try --enable-tcg-interpreter"
fi
fi
# check that the C compiler works.
cat > $TMPC <<EOF
int main(void) { return 0; }
EOF
if compile_object ; then
: C compiler works ok
else
error_exit "\"$cc\" either does not exist or does not work"
fi
# Consult white-list to determine whether to enable werror
# by default. Only enable by default for git builds
z_version=`cut -f3 -d. $source_path/VERSION`
if test -z "$werror" ; then
if test -d "$source_path/.git" -a \
"$linux" = "yes" ; then
werror="yes"
else
werror="no"
fi
fi
gcc_flags="-Wold-style-declaration -Wold-style-definition -Wtype-limits"
gcc_flags="-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers $gcc_flags"
gcc_flags="-Wmissing-include-dirs -Wempty-body -Wnested-externs $gcc_flags"
gcc_flags="-Wendif-labels $gcc_flags"
gcc_flags="-Wno-initializer-overrides $gcc_flags"
# Note that we do not add -Werror to gcc_flags here, because that would
# enable it for all configure tests. If a configure test failed due
# to -Werror this would just silently disable some features,
# so it's too error prone.
cat > $TMPC << EOF
int main(void) { return 0; }
EOF
for flag in $gcc_flags; do
# Use the positive sense of the flag when testing for -Wno-wombat
# support (gcc will happily accept the -Wno- form of unknown
# warning options).
optflag="$(echo $flag | sed -e 's/^-Wno-/-W/')"
if compile_prog "-Werror $optflag" "" ; then
QEMU_CFLAGS="$QEMU_CFLAGS $flag"
fi
done
if compile_prog "-Werror -fstack-protector-all" "" ; then
QEMU_CFLAGS="$QEMU_CFLAGS -fstack-protector-all"
LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,-fstack-protector-all"
fi
# Workaround for http://gcc.gnu.org/PR55489. Happens with -fPIE/-fPIC and
# large functions that use global variables. The bug is in all releases of
# GCC, but it became particularly acute in 4.6.x and 4.7.x. It is fixed in
# 4.7.3 and 4.8.0. We should be able to delete this at the end of 2013.
cat > $TMPC << EOF
#if __GNUC__ == 4 && (__GNUC_MINOR__ == 6 || (__GNUC_MINOR__ == 7 && __GNUC_PATCHLEVEL__ <= 2))
int main(void) { return 0; }
#else
#error No bug in this compiler.
#endif
EOF
if compile_prog "-Werror -fno-gcse" "" ; then
TRANSLATE_OPT_CFLAGS=-fno-gcse
fi
if test "$static" = "yes" ; then
if test "$pie" = "yes" ; then
error_exit "static and pie are mutually incompatible"
else
pie="no"
fi
fi
if test "$pie" = ""; then
case "$cpu-$targetos" in
i386-Linux|x86_64-Linux|i386-OpenBSD|x86_64-OpenBSD)
;;
*)
pie="no"
;;
esac
fi
if test "$pie" != "no" ; then
cat > $TMPC << EOF
#ifdef __linux__
# define THREAD __thread
#else
# define THREAD
#endif
static THREAD int tls_var;
int main(void) { return tls_var; }
EOF
if compile_prog "-fPIE -DPIE" "-pie"; then
QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
LDFLAGS="-pie $LDFLAGS"
pie="yes"
if compile_prog "" "-Wl,-z,relro -Wl,-z,now" ; then
LDFLAGS="-Wl,-z,relro -Wl,-z,now $LDFLAGS"
fi
else
if test "$pie" = "yes"; then
error_exit "PIE not available due to missing toolchain support"
else
echo "Disabling PIE due to missing toolchain support"
pie="no"
fi
fi
fi
##########################################
# __sync_fetch_and_and requires at least -march=i486. Many toolchains
# use i686 as default anyway, but for those that don't, an explicit
# specification is necessary
if test "$cpu" = "i386"; then
cat > $TMPC << EOF
static int sfaa(int *ptr)
{
return __sync_fetch_and_and(ptr, 0);
}
int main(void)
{
int val = 42;
val = __sync_val_compare_and_swap(&val, 0, 1);
sfaa(&val);
return val;
}
EOF
if ! compile_prog "" "" ; then
QEMU_CFLAGS="-march=i486 $QEMU_CFLAGS"
fi
fi
#########################################
# Solaris specific configure tool chain decisions
if test "$solaris" = "yes" ; then
if has $install; then
:
else
error_exit "Solaris install program not found. Use --install=/usr/ucb/install or" \
"install fileutils from www.blastwave.org using pkg-get -i fileutils" \
"to get ginstall which is used by default (which lives in /opt/csw/bin)"
fi
if test "`path_of $install`" = "/usr/sbin/install" ; then
error_exit "Solaris /usr/sbin/install is not an appropriate install program." \
"try ginstall from the GNU fileutils available from www.blastwave.org" \
"using pkg-get -i fileutils, or use --install=/usr/ucb/install"
fi
if has ar; then
:
else
if test -f /usr/ccs/bin/ar ; then
error_exit "No path includes ar" \
"Add /usr/ccs/bin to your path and rerun configure"
fi
error_exit "No path includes ar"
fi
fi
if ! has $python; then
error_exit "Python not found. Use --python=/path/to/python"
fi
# Note that if the Python conditional here evaluates True we will exit
# with status 1 which is a shell 'false' value.
if ! "$python" -c 'import sys; sys.exit(sys.version_info < (2,4) or sys.version_info >= (3,))'; then
error_exit "Cannot use '$python', Python 2.4 or later is required." \
"Note that Python 3 or later is not yet supported." \
"Use --python=/path/to/python to specify a supported Python."
fi
if test -z "${target_list+xxx}" ; then
target_list="$default_target_list"
else
target_list=`echo "$target_list" | sed -e 's/,/ /g'`
fi
# Check that we recognised the target name; this allows a more
# friendly error message than if we let it fall through.
for target in $target_list; do
case " $default_target_list " in
*" $target "*)
;;
*)
error_exit "Unknown target name '$target'"
;;
esac
done
# see if system emulation was really requested
case " $target_list " in
*"-softmmu "*) softmmu=yes
;;
*) softmmu=no
;;
esac
feature_not_found() {
feature=$1
error_exit "User requested feature $feature" \
"configure was not able to find it"
}
if test -z "$cross_prefix" ; then
# ---
# big/little endian test
cat > $TMPC << EOF
#include <inttypes.h>
int main(void) {
volatile uint32_t i=0x01234567;
return (*((uint8_t*)(&i))) == 0x67;
}
EOF
if compile_prog "" "" ; then
$TMPE && bigendian="yes"
else
echo big/little test failed
fi
else
# if cross compiling, cannot launch a program, so make a static guess
case "$cpu" in
arm)
# ARM can be either way; ask the compiler which one we are
if check_define __ARMEB__; then
bigendian=yes
fi
;;
hppa|m68k|mips|mips64|ppc|ppc64|s390|s390x|sparc|sparc64)
bigendian=yes
;;
esac
fi
##########################################
# pkg-config probe
if ! has "$pkg_config_exe"; then
error_exit "pkg-config binary '$pkg_config_exe' not found"
fi
##########################################
# NPTL probe
if test "$linux_user" = "yes"; then
cat > $TMPC <<EOF
#include <sched.h>
#include <linux/futex.h>
int main(void) {
#if !defined(CLONE_SETTLS) || !defined(FUTEX_WAIT)
#error bork
#endif
return 0;
}
EOF
if ! compile_object ; then
feature_not_found "nptl"
fi
fi
##########################################
# zlib check
if test "$zlib" != "no" ; then
cat > $TMPC << EOF
#include <zlib.h>
int main(void) { zlibVersion(); return 0; }
EOF
if compile_prog "" "-lz" ; then
:
else
error_exit "zlib check failed" \
"Make sure to have the zlib libs and headers installed."
fi
fi
libs_softmmu="$libs_softmmu -lz"
##########################################
# libseccomp check
if test "$seccomp" != "no" ; then
if $pkg_config --atleast-version=2.1.0 libseccomp --modversion >/dev/null 2>&1; then
libs_softmmu="$libs_softmmu `$pkg_config --libs libseccomp`"
QEMU_CFLAGS="$QEMU_CFLAGS `$pkg_config --cflags libseccomp`"
seccomp="yes"
else
if test "$seccomp" = "yes"; then
feature_not_found "libseccomp"
fi
seccomp="no"
fi
fi
##########################################
# xen probe
if test "$xen" != "no" ; then
xen_libs="-lxenstore -lxenctrl -lxenguest"
# First we test whether Xen headers and libraries are available.
# If no, we are done and there is no Xen support.
# If yes, more tests are run to detect the Xen version.
# Xen (any)
cat > $TMPC <<EOF
#include <xenctrl.h>
int main(void) {
return 0;
}
EOF
if ! compile_prog "" "$xen_libs" ; then
# Xen not found
if test "$xen" = "yes" ; then
feature_not_found "xen"
fi
xen=no
# Xen unstable
elif
cat > $TMPC <<EOF &&
#include <xenctrl.h>
#include <xenstore.h>
#include <stdint.h>
#include <xen/hvm/hvm_info_table.h>
#if !defined(HVM_MAX_VCPUS)
# error HVM_MAX_VCPUS not defined
#endif
int main(void) {
xc_interface *xc;
xs_daemon_open();
xc = xc_interface_open(0, 0, 0);
xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
xc_gnttab_open(NULL, 0);
xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
xc_hvm_inject_msi(xc, 0, 0xf0000000, 0x00000000);
return 0;
}
EOF
compile_prog "" "$xen_libs"
then
xen_ctrl_version=420
xen=yes
elif
cat > $TMPC <<EOF &&
#include <xenctrl.h>
#include <xs.h>
#include <stdint.h>
#include <xen/hvm/hvm_info_table.h>
#if !defined(HVM_MAX_VCPUS)
# error HVM_MAX_VCPUS not defined
#endif
int main(void) {
xs_daemon_open();
xc_interface_open(0, 0, 0);
xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
xc_gnttab_open(NULL, 0);
xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
return 0;
}
EOF
compile_prog "" "$xen_libs"
then
xen_ctrl_version=410
xen=yes
# Xen 4.0.0
elif
cat > $TMPC <<EOF &&
#include <xenctrl.h>
#include <xs.h>
#include <stdint.h>
#include <xen/hvm/hvm_info_table.h>
#if !defined(HVM_MAX_VCPUS)
# error HVM_MAX_VCPUS not defined
#endif
int main(void) {
struct xen_add_to_physmap xatp = {
.domid = 0, .space = XENMAPSPACE_gmfn, .idx = 0, .gpfn = 0,
};
xs_daemon_open();
xc_interface_open();
xc_gnttab_open();
xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
xc_memory_op(0, XENMEM_add_to_physmap, &xatp);
return 0;
}
EOF
compile_prog "" "$xen_libs"
then
xen_ctrl_version=400
xen=yes
# Xen 3.4.0
elif
cat > $TMPC <<EOF &&
#include <xenctrl.h>
#include <xs.h>
int main(void) {
struct xen_add_to_physmap xatp = {
.domid = 0, .space = XENMAPSPACE_gmfn, .idx = 0, .gpfn = 0,
};
xs_daemon_open();
xc_interface_open();
xc_gnttab_open();
xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
xc_memory_op(0, XENMEM_add_to_physmap, &xatp);
return 0;
}
EOF
compile_prog "" "$xen_libs"
then
xen_ctrl_version=340
xen=yes
# Xen 3.3.0
elif
cat > $TMPC <<EOF &&
#include <xenctrl.h>
#include <xs.h>
int main(void) {
xs_daemon_open();
xc_interface_open();
xc_gnttab_open();
xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
return 0;
}
EOF
compile_prog "" "$xen_libs"
then
xen_ctrl_version=330
xen=yes
# Xen version unsupported
else
if test "$xen" = "yes" ; then
feature_not_found "xen (unsupported version)"
fi
xen=no
fi
if test "$xen" = yes; then
libs_softmmu="$xen_libs $libs_softmmu"
fi
fi
if test "$xen_pci_passthrough" != "no"; then
if test "$xen" = "yes" && test "$linux" = "yes" &&
test "$xen_ctrl_version" -ge 340; then
xen_pci_passthrough=yes
else
if test "$xen_pci_passthrough" = "yes"; then
if test "$xen_ctrl_version" -lt 340; then
error_exit "User requested feature Xen PCI Passthrough" \
"This feature does not work with Xen 3.3"
fi
error_exit "User requested feature Xen PCI Passthrough" \
" but this feature requires /sys from Linux"
fi
xen_pci_passthrough=no
fi
fi
##########################################
# libtool probe
if ! has $libtool; then
libtool=
fi
# MacOSX ships with a libtool which isn't the GNU one; weed this
# out by checking whether libtool supports the --version switch
if test -n "$libtool"; then
if ! "$libtool" --version >/dev/null 2>&1; then
libtool=
fi
fi
##########################################
# Sparse probe
if test "$sparse" != "no" ; then
if has cgcc; then
sparse=yes
else
if test "$sparse" = "yes" ; then
feature_not_found "sparse"
fi
sparse=no
fi
fi
##########################################
# GTK probe
if test "$gtk" != "no"; then
gtkpackage="gtk+-$gtkabi"
if test "$gtkabi" = "3.0" ; then
gtkversion="3.0.0"
vtepackage="vte-2.90"
vteversion="0.32.0"
else
gtkversion="2.18.0"
vtepackage="vte"
vteversion="0.24.0"
fi
if ! $pkg_config --exists "$gtkpackage >= $gtkversion"; then
if test "$gtk" = "yes" ; then
feature_not_found "gtk"
fi
gtk="no"
elif ! $pkg_config --exists "$vtepackage >= $vteversion"; then
if test "$gtk" = "yes" ; then
error_exit "libvte not found (required for gtk support)"
fi
gtk="no"
else
gtk_cflags=`$pkg_config --cflags $gtkpackage 2>/dev/null`
gtk_libs=`$pkg_config --libs $gtkpackage 2>/dev/null`
vte_cflags=`$pkg_config --cflags $vtepackage 2>/dev/null`
vte_libs=`$pkg_config --libs $vtepackage 2>/dev/null`
libs_softmmu="$gtk_libs $vte_libs $libs_softmmu"
gtk="yes"
fi
fi
##########################################
# SDL probe
# Look for sdl configuration program (pkg-config or sdl-config). Try
# sdl-config even without cross prefix, and favour pkg-config over sdl-config.
if test "`basename $sdl_config`" != sdl-config && ! has ${sdl_config}; then
sdl_config=sdl-config
fi
if $pkg_config sdl --modversion >/dev/null 2>&1; then
sdlconfig="$pkg_config sdl"
_sdlversion=`$sdlconfig --modversion 2>/dev/null | sed 's/[^0-9]//g'`
elif has ${sdl_config}; then
sdlconfig="$sdl_config"
_sdlversion=`$sdlconfig --version | sed 's/[^0-9]//g'`
else
if test "$sdl" = "yes" ; then
feature_not_found "sdl"
fi
sdl=no
fi
if test -n "$cross_prefix" && test "$(basename "$sdlconfig")" = sdl-config; then
echo warning: using "\"$sdlconfig\"" to detect cross-compiled sdl >&2
fi
sdl_too_old=no
if test "$sdl" != "no" ; then
cat > $TMPC << EOF
#include <SDL.h>
#undef main /* We don't want SDL to override our main() */
int main( void ) { return SDL_Init (SDL_INIT_VIDEO); }
EOF
sdl_cflags=`$sdlconfig --cflags 2> /dev/null`
if test "$static" = "yes" ; then
sdl_libs=`$sdlconfig --static-libs 2>/dev/null`
else
sdl_libs=`$sdlconfig --libs 2> /dev/null`
fi
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
if test "$_sdlversion" -lt 121 ; then
sdl_too_old=yes
else
if test "$cocoa" = "no" ; then
sdl=yes
fi
fi
# static link with sdl ? (note: sdl.pc's --static --libs is broken)
if test "$sdl" = "yes" -a "$static" = "yes" ; then
if test $? = 0 && echo $sdl_libs | grep -- -laa > /dev/null; then
sdl_libs="$sdl_libs `aalib-config --static-libs 2>/dev/null`"
sdl_cflags="$sdl_cflags `aalib-config --cflags 2>/dev/null`"
fi
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
:
else
sdl=no
fi
fi # static link
else # sdl not found
if test "$sdl" = "yes" ; then
feature_not_found "sdl"
fi
sdl=no
fi # sdl compile test
fi
if test "$sdl" = "yes" ; then
cat > $TMPC <<EOF
#include <SDL.h>
#if defined(SDL_VIDEO_DRIVER_X11)
#include <X11/XKBlib.h>
#else
#error No x11 support
#endif
int main(void) { return 0; }
EOF
if compile_prog "$sdl_cflags" "$sdl_libs" ; then
sdl_libs="$sdl_libs -lX11"
fi
libs_softmmu="$sdl_libs $libs_softmmu"
fi
##########################################
# RDMA needs OpenFabrics libraries
if test "$rdma" != "no" ; then
cat > $TMPC <<EOF
#include <rdma/rdma_cma.h>
int main(void) { return 0; }
EOF
rdma_libs="-lrdmacm -libverbs"
if compile_prog "" "$rdma_libs" ; then
rdma="yes"
libs_softmmu="$libs_softmmu $rdma_libs"
else
if test "$rdma" = "yes" ; then
error_exit \
" OpenFabrics librdmacm/libibverbs not present." \
" Your options:" \
" (1) Fast: Install infiniband packages from your distro." \
" (2) Cleanest: Install libraries from www.openfabrics.org" \
" (3) Also: Install softiwarp if you don't have RDMA hardware"
fi
rdma="no"
fi
fi
##########################################
# VNC TLS/WS detection
if test "$vnc" = "yes" -a \( "$vnc_tls" != "no" -o "$vnc_ws" != "no" \) ; then
cat > $TMPC <<EOF
#include <gnutls/gnutls.h>
int main(void) { gnutls_session_t s; gnutls_init(&s, GNUTLS_SERVER); return 0; }
EOF
vnc_tls_cflags=`$pkg_config --cflags gnutls 2> /dev/null`
vnc_tls_libs=`$pkg_config --libs gnutls 2> /dev/null`
if compile_prog "$vnc_tls_cflags" "$vnc_tls_libs" ; then
if test "$vnc_tls" != "no" ; then
vnc_tls=yes
fi
if test "$vnc_ws" != "no" ; then
vnc_ws=yes
fi
libs_softmmu="$vnc_tls_libs $libs_softmmu"
QEMU_CFLAGS="$QEMU_CFLAGS $vnc_tls_cflags"
else
if test "$vnc_tls" = "yes" ; then
feature_not_found "vnc-tls"
fi
if test "$vnc_ws" = "yes" ; then
feature_not_found "vnc-ws"
fi
vnc_tls=no
vnc_ws=no
fi
fi
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
##########################################
# VNC SASL detection
if test "$vnc" = "yes" -a "$vnc_sasl" != "no" ; then
cat > $TMPC <<EOF
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
#include <sasl/sasl.h>
#include <stdio.h>
int main(void) { sasl_server_init(NULL, "qemu"); return 0; }
EOF
# Assuming Cyrus-SASL installed in /usr prefix
vnc_sasl_cflags=""
vnc_sasl_libs="-lsasl2"
if compile_prog "$vnc_sasl_cflags" "$vnc_sasl_libs" ; then
vnc_sasl=yes
libs_softmmu="$vnc_sasl_libs $libs_softmmu"
QEMU_CFLAGS="$QEMU_CFLAGS $vnc_sasl_cflags"
else
if test "$vnc_sasl" = "yes" ; then
feature_not_found "vnc-sasl"
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
fi
vnc_sasl=no
fi
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
fi
##########################################
# VNC JPEG detection
if test "$vnc" = "yes" -a "$vnc_jpeg" != "no" ; then
cat > $TMPC <<EOF
#include <stdio.h>
#include <jpeglib.h>
int main(void) { struct jpeg_compress_struct s; jpeg_create_compress(&s); return 0; }
EOF
vnc_jpeg_cflags=""
vnc_jpeg_libs="-ljpeg"
if compile_prog "$vnc_jpeg_cflags" "$vnc_jpeg_libs" ; then
vnc_jpeg=yes
libs_softmmu="$vnc_jpeg_libs $libs_softmmu"
QEMU_CFLAGS="$QEMU_CFLAGS $vnc_jpeg_cflags"
else
if test "$vnc_jpeg" = "yes" ; then
feature_not_found "vnc-jpeg"
fi
vnc_jpeg=no
fi
fi
##########################################
# VNC PNG detection
if test "$vnc" = "yes" -a "$vnc_png" != "no" ; then
cat > $TMPC <<EOF
//#include <stdio.h>
#include <png.h>
#include <stddef.h>
int main(void) {
png_structp png_ptr;
png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL);
return png_ptr != 0;
}
EOF
if $pkg_config libpng --modversion >/dev/null 2>&1; then
vnc_png_cflags=`$pkg_config libpng --cflags 2> /dev/null`
vnc_png_libs=`$pkg_config libpng --libs 2> /dev/null`
else
vnc_png_cflags=""
vnc_png_libs="-lpng"
fi
if compile_prog "$vnc_png_cflags" "$vnc_png_libs" ; then
vnc_png=yes
libs_softmmu="$vnc_png_libs $libs_softmmu"
QEMU_CFLAGS="$QEMU_CFLAGS $vnc_png_cflags"
else
if test "$vnc_png" = "yes" ; then
feature_not_found "vnc-png"
fi
vnc_png=no
fi
fi
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
##########################################
# fnmatch() probe, used for ACL routines
fnmatch="no"
cat > $TMPC << EOF
#include <fnmatch.h>
int main(void)
{
fnmatch("foo", "foo", 0);
return 0;
}
EOF
if compile_prog "" "" ; then
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
fnmatch="yes"
fi
##########################################
# uuid_generate() probe, used for vdi block driver
# Note that on some systems (notably MacOSX) no extra library
# need be linked to get the uuid functions.
if test "$uuid" != "no" ; then
uuid_libs="-luuid"
cat > $TMPC << EOF
#include <uuid/uuid.h>
int main(void)
{
uuid_t my_uuid;
uuid_generate(my_uuid);
return 0;
}
EOF
if compile_prog "" "" ; then
uuid="yes"
elif compile_prog "" "$uuid_libs" ; then
uuid="yes"
libs_softmmu="$uuid_libs $libs_softmmu"
libs_tools="$uuid_libs $libs_tools"
else
if test "$uuid" = "yes" ; then
feature_not_found "uuid"
fi
uuid=no
fi
fi
##########################################
# xfsctl() probe, used for raw-posix
if test "$xfs" != "no" ; then
cat > $TMPC << EOF
#include <stddef.h> /* NULL */
#include <xfs/xfs.h>
int main(void)
{
xfsctl(NULL, 0, 0, NULL);
return 0;
}
EOF
if compile_prog "" "" ; then
xfs="yes"
else
if test "$xfs" = "yes" ; then
feature_not_found "xfs"
fi
xfs=no
fi
fi
##########################################
# vde libraries probe
if test "$vde" != "no" ; then
vde_libs="-lvdeplug"
cat > $TMPC << EOF
#include <libvdeplug.h>
int main(void)
{
struct vde_open_args a = {0, 0, 0};
char s[] = "";
vde_open(s, s, &a);
return 0;
}
EOF
if compile_prog "" "$vde_libs" ; then
vde=yes
libs_softmmu="$vde_libs $libs_softmmu"
libs_tools="$vde_libs $libs_tools"
else
if test "$vde" = "yes" ; then
feature_not_found "vde"
fi
vde=no
fi
fi
##########################################
# libcap-ng library probe
if test "$cap_ng" != "no" ; then
cap_libs="-lcap-ng"
cat > $TMPC << EOF
#include <cap-ng.h>
int main(void)
{
capng_capability_to_name(CAPNG_EFFECTIVE);
return 0;
}
EOF
if compile_prog "" "$cap_libs" ; then
cap_ng=yes
libs_tools="$cap_libs $libs_tools"
else
if test "$cap_ng" = "yes" ; then
feature_not_found "cap_ng"
fi
cap_ng=no
fi
fi
##########################################
# Sound support libraries probe
audio_drv_probe()
{
drv=$1
hdr=$2
lib=$3
exp=$4
cfl=$5
cat > $TMPC << EOF
#include <$hdr>
int main(void) { $exp }
EOF
if compile_prog "$cfl" "$lib" ; then
:
else
error_exit "$drv check failed" \
"Make sure to have the $drv libs and headers installed."
fi
}
audio_drv_list=`echo "$audio_drv_list" | sed -e 's/,/ /g'`
for drv in $audio_drv_list; do
case $drv in
alsa)
audio_drv_probe $drv alsa/asoundlib.h -lasound \
"return snd_pcm_close((snd_pcm_t *)0);"
libs_softmmu="-lasound $libs_softmmu"
;;
fmod)
if test -z $fmod_lib || test -z $fmod_inc; then
error_exit "You must specify path to FMOD library and headers" \
"Example: --fmod-inc=/path/include/fmod --fmod-lib=/path/lib/libfmod-3.74.so"
fi
audio_drv_probe $drv fmod.h $fmod_lib "return FSOUND_GetVersion();" "-I $fmod_inc"
libs_softmmu="$fmod_lib $libs_softmmu"
;;
esd)
audio_drv_probe $drv esd.h -lesd 'return esd_play_stream(0, 0, "", 0);'
libs_softmmu="-lesd $libs_softmmu"
audio_pt_int="yes"
;;
pa)
audio_drv_probe $drv pulse/mainloop.h "-lpulse" \
"pa_mainloop *m = 0; pa_mainloop_free (m); return 0;"
libs_softmmu="-lpulse $libs_softmmu"
audio_pt_int="yes"
;;
coreaudio)
libs_softmmu="-framework CoreAudio $libs_softmmu"
;;
dsound)
libs_softmmu="-lole32 -ldxguid $libs_softmmu"
audio_win_int="yes"
;;
oss)
libs_softmmu="$oss_lib $libs_softmmu"
;;
sdl|wav)
# XXX: Probes for CoreAudio, DirectSound, SDL(?)
;;
winwave)
libs_softmmu="-lwinmm $libs_softmmu"
audio_win_int="yes"
;;
*)
echo "$audio_possible_drivers" | grep -q "\<$drv\>" || {
error_exit "Unknown driver '$drv' selected" \
"Possible drivers are: $audio_possible_drivers"
}
;;
esac
done
##########################################
# BrlAPI probe
if test "$brlapi" != "no" ; then
brlapi_libs="-lbrlapi"
cat > $TMPC << EOF
#include <brlapi.h>
#include <stddef.h>
int main( void ) { return brlapi__openConnection (NULL, NULL, NULL); }
EOF
if compile_prog "" "$brlapi_libs" ; then
brlapi=yes
libs_softmmu="$brlapi_libs $libs_softmmu"
else
if test "$brlapi" = "yes" ; then
feature_not_found "brlapi"
fi
brlapi=no
fi
fi
##########################################
# curses probe
if test "$curses" != "no" ; then
if test "$mingw32" = "yes" ; then
curses_list="-lpdcurses"
else
curses_list="$($pkg_config --libs ncurses 2>/dev/null):-lncurses:-lcurses"
fi
curses_found=no
cat > $TMPC << EOF
#include <curses.h>
int main(void) {
const char *s = curses_version();
resize_term(0, 0);
return s != 0;
}
EOF
IFS=:
for curses_lib in $curses_list; do
unset IFS
if compile_prog "" "$curses_lib" ; then
curses_found=yes
libs_softmmu="$curses_lib $libs_softmmu"
break
fi
done
unset IFS
if test "$curses_found" = "yes" ; then
curses=yes
else
if test "$curses" = "yes" ; then
feature_not_found "curses"
fi
curses=no
fi
fi
##########################################
# curl probe
if test "$curl" != "no" ; then
if $pkg_config libcurl --modversion >/dev/null 2>&1; then
curlconfig="$pkg_config libcurl"
else
curlconfig=curl-config
fi
cat > $TMPC << EOF
#include <curl/curl.h>
int main(void) { curl_easy_init(); curl_multi_setopt(0, 0, 0); return 0; }
EOF
curl_cflags=`$curlconfig --cflags 2>/dev/null`
curl_libs=`$curlconfig --libs 2>/dev/null`
if compile_prog "$curl_cflags" "$curl_libs" ; then
curl=yes
libs_tools="$curl_libs $libs_tools"
libs_softmmu="$curl_libs $libs_softmmu"
else
if test "$curl" = "yes" ; then
feature_not_found "curl"
fi
curl=no
fi
fi # test "$curl"
##########################################
# bluez support probe
if test "$bluez" != "no" ; then
cat > $TMPC << EOF
#include <bluetooth/bluetooth.h>
int main(void) { return bt_error(0); }
EOF
bluez_cflags=`$pkg_config --cflags bluez 2> /dev/null`
bluez_libs=`$pkg_config --libs bluez 2> /dev/null`
if compile_prog "$bluez_cflags" "$bluez_libs" ; then
bluez=yes
libs_softmmu="$bluez_libs $libs_softmmu"
else
if test "$bluez" = "yes" ; then
feature_not_found "bluez"
fi
bluez="no"
fi
fi
##########################################
# glib support probe
if test "$mingw32" = yes; then
# g_poll is required in order to integrate with the glib main loop.
glib_req_ver=2.20
else
glib_req_ver=2.12
fi
if $pkg_config --atleast-version=$glib_req_ver gthread-2.0 > /dev/null 2>&1
then
glib_cflags=`$pkg_config --cflags gthread-2.0 2>/dev/null`
glib_libs=`$pkg_config --libs gthread-2.0 2>/dev/null`
LIBS="$glib_libs $LIBS"
libs_qga="$glib_libs $libs_qga"
else
error_exit "glib-$glib_req_ver required to compile QEMU"
fi
##########################################
# pixman support probe
if test "$pixman" = ""; then
if test "$want_tools" = "no" -a "$softmmu" = "no"; then
pixman="none"
elif $pkg_config pixman-1 > /dev/null 2>&1; then
pixman="system"
else
pixman="internal"
fi
fi
if test "$pixman" = "none"; then
if test "$want_tools" != "no" -o "$softmmu" != "no"; then
error_exit "pixman disabled but system emulation or tools build" \
"enabled. You can turn off pixman only if you also" \
"disable all system emulation targets and the tools" \
"build with '--disable-tools --disable-system'."
fi
pixman_cflags=
pixman_libs=
elif test "$pixman" = "system"; then
pixman_cflags=`$pkg_config --cflags pixman-1 2>/dev/null`
pixman_libs=`$pkg_config --libs pixman-1 2>/dev/null`
else
if test ! -d ${source_path}/pixman/pixman; then
error_exit "pixman not present. Your options:" \
" (1) Preferred: Install the pixman devel package (any recent" \
" distro should have packages as Xorg needs pixman too)." \
" (2) Fetch the pixman submodule, using:" \
" git submodule update --init pixman"
fi
mkdir -p pixman/pixman
pixman_cflags="-I\$(SRC_PATH)/pixman/pixman -I\$(BUILD_DIR)/pixman/pixman"
pixman_libs="-L\$(BUILD_DIR)/pixman/pixman/.libs -lpixman-1"
fi
##########################################
# libcap probe
if test "$cap" != "no" ; then
cat > $TMPC <<EOF
#include <stdio.h>
#include <sys/capability.h>
int main(void) { cap_t caps; caps = cap_init(); return caps != NULL; }
EOF
if compile_prog "" "-lcap" ; then
cap=yes
else
cap=no
fi
fi
##########################################
# pthread probe
PTHREADLIBS_LIST="-pthread -lpthread -lpthreadGC2"
pthread=no
cat > $TMPC << EOF
#include <pthread.h>
static void *f(void *p) { return NULL; }
int main(void) {
pthread_t thread;
pthread_create(&thread, 0, f, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
pthread=yes
else
for pthread_lib in $PTHREADLIBS_LIST; do
if compile_prog "" "$pthread_lib" ; then
pthread=yes
found=no
for lib_entry in $LIBS; do
if test "$lib_entry" = "$pthread_lib"; then
found=yes
break
fi
done
if test "$found" = "no"; then
LIBS="$pthread_lib $LIBS"
fi
break
fi
done
fi
if test "$mingw32" != yes -a "$pthread" = no; then
error_exit "pthread check failed" \
"Make sure to have the pthread libs and headers installed."
fi
##########################################
# rbd probe
if test "$rbd" != "no" ; then
cat > $TMPC <<EOF
#include <stdio.h>
#include <rbd/librbd.h>
int main(void) {
rados_t cluster;
rados_create(&cluster, NULL);
return 0;
}
EOF
rbd_libs="-lrbd -lrados"
if compile_prog "" "$rbd_libs" ; then
rbd=yes
libs_tools="$rbd_libs $libs_tools"
libs_softmmu="$rbd_libs $libs_softmmu"
else
if test "$rbd" = "yes" ; then
feature_not_found "rados block device"
fi
rbd=no
fi
fi
##########################################
# libssh2 probe
min_libssh2_version=1.2.8
if test "$libssh2" != "no" ; then
if $pkg_config --atleast-version=$min_libssh2_version libssh2 >/dev/null 2>&1
then
libssh2_cflags=`$pkg_config libssh2 --cflags`
libssh2_libs=`$pkg_config libssh2 --libs`
libssh2=yes
libs_tools="$libssh2_libs $libs_tools"
libs_softmmu="$libssh2_libs $libs_softmmu"
QEMU_CFLAGS="$QEMU_CFLAGS $libssh2_cflags"
else
if test "$libssh2" = "yes" ; then
error_exit "libssh2 >= $min_libssh2_version required for --enable-libssh2"
fi
libssh2=no
fi
fi
##########################################
# libssh2_sftp_fsync probe
if test "$libssh2" = "yes"; then
cat > $TMPC <<EOF
#include <stdio.h>
#include <libssh2.h>
#include <libssh2_sftp.h>
int main(void) {
LIBSSH2_SESSION *session;
LIBSSH2_SFTP *sftp;
LIBSSH2_SFTP_HANDLE *sftp_handle;
session = libssh2_session_init ();
sftp = libssh2_sftp_init (session);
sftp_handle = libssh2_sftp_open (sftp, "/", 0, 0);
libssh2_sftp_fsync (sftp_handle);
return 0;
}
EOF
# libssh2_cflags/libssh2_libs defined in previous test.
if compile_prog "$libssh2_cflags" "$libssh2_libs" ; then
QEMU_CFLAGS="-DHAS_LIBSSH2_SFTP_FSYNC $QEMU_CFLAGS"
fi
fi
##########################################
# linux-aio probe
if test "$linux_aio" != "no" ; then
cat > $TMPC <<EOF
#include <libaio.h>
#include <sys/eventfd.h>
#include <stddef.h>
int main(void) { io_setup(0, NULL); io_set_eventfd(NULL, 0); eventfd(0, 0); return 0; }
EOF
if compile_prog "" "-laio" ; then
linux_aio=yes
libs_softmmu="$libs_softmmu -laio"
libs_tools="$libs_tools -laio"
else
if test "$linux_aio" = "yes" ; then
feature_not_found "linux AIO"
fi
linux_aio=no
fi
fi
##########################################
# TPM passthrough is only on x86 Linux
if test "$targetos" = Linux && test "$cpu" = i386 -o "$cpu" = x86_64; then
tpm_passthrough=$tpm
else
tpm_passthrough=no
fi
##########################################
# adjust virtio-blk-data-plane based on linux-aio
if test "$virtio_blk_data_plane" = "yes" -a \
"$linux_aio" != "yes" ; then
error_exit "virtio-blk-data-plane requires Linux AIO, please try --enable-linux-aio"
elif test -z "$virtio_blk_data_plane" ; then
virtio_blk_data_plane=$linux_aio
fi
##########################################
# attr probe
if test "$attr" != "no" ; then
cat > $TMPC <<EOF
#include <stdio.h>
#include <sys/types.h>
#ifdef CONFIG_LIBATTR
#include <attr/xattr.h>
#else
#include <sys/xattr.h>
#endif
int main(void) { getxattr(NULL, NULL, NULL, 0); setxattr(NULL, NULL, NULL, 0, 0); return 0; }
EOF
if compile_prog "" "" ; then
attr=yes
# Older distros have <attr/xattr.h>, and need -lattr:
elif compile_prog "-DCONFIG_LIBATTR" "-lattr" ; then
attr=yes
LIBS="-lattr $LIBS"
libattr=yes
else
if test "$attr" = "yes" ; then
feature_not_found "ATTR"
fi
attr=no
fi
fi
##########################################
# iovec probe
cat > $TMPC <<EOF
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
int main(void) { return sizeof(struct iovec); }
EOF
iovec=no
if compile_prog "" "" ; then
iovec=yes
fi
##########################################
# preadv probe
cat > $TMPC <<EOF
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
int main(void) { return preadv(0, 0, 0, 0); }
EOF
preadv=no
if compile_prog "" "" ; then
preadv=yes
fi
##########################################
# fdt probe
# fdt support is mandatory for at least some target architectures,
# so insist on it if we're building those system emulators.
fdt_required=no
for target in $target_list; do
case $target in
arm*-softmmu|ppc*-softmmu|microblaze*-softmmu)
fdt_required=yes
;;
esac
done
if test "$fdt_required" = "yes"; then
if test "$fdt" = "no"; then
error_exit "fdt disabled but some requested targets require it." \
"You can turn off fdt only if you also disable all the system emulation" \
"targets which need it (by specifying a cut down --target-list)."
fi
fdt=yes
fi
if test "$fdt" != "no" ; then
fdt_libs="-lfdt"
# explicitly check for libfdt_env.h as it is missing in some stable installs
cat > $TMPC << EOF
#include <libfdt_env.h>
int main(void) { return 0; }
EOF
if compile_prog "" "$fdt_libs" ; then
# system DTC is good - use it
fdt=yes
elif test -d ${source_path}/dtc/libfdt ; then
# have submodule DTC - use it
fdt=yes
dtc_internal="yes"
mkdir -p dtc
if [ "$source_path" != `pwd` ] ; then
symlink "$source_path/dtc/Makefile" "dtc/Makefile"
symlink "$source_path/dtc/scripts" "dtc/scripts"
fi
fdt_cflags="-I\$(SRC_PATH)/dtc/libfdt"
fdt_libs="-L\$(BUILD_DIR)/dtc/libfdt $fdt_libs"
elif test "$fdt" = "yes" ; then
# have neither and want - prompt for system/submodule install
error_exit "DTC not present. Your options:" \
" (1) Preferred: Install the DTC devel package" \
" (2) Fetch the DTC submodule, using:" \
" git submodule update --init dtc"
else
# don't have and don't want
fdt_libs=
fdt=no
fi
fi
libs_softmmu="$libs_softmmu $fdt_libs"
##########################################
# GLX probe, used by milkymist-tmu2
if test "$glx" != "no" ; then
glx_libs="-lGL -lX11"
cat > $TMPC << EOF
#include <X11/Xlib.h>
#include <GL/gl.h>
#include <GL/glx.h>
int main(void) { glBegin(0); glXQueryVersion(0,0,0); return 0; }
EOF
if compile_prog "" "-lGL -lX11" ; then
glx=yes
else
if test "$glx" = "yes" ; then
feature_not_found "glx"
fi
glx_libs=
glx=no
fi
fi
##########################################
# glusterfs probe
if test "$glusterfs" != "no" ; then
if $pkg_config --atleast-version=3 glusterfs-api >/dev/null 2>&1; then
glusterfs="yes"
glusterfs_cflags=`$pkg_config --cflags glusterfs-api 2>/dev/null`
glusterfs_libs=`$pkg_config --libs glusterfs-api 2>/dev/null`
CFLAGS="$CFLAGS $glusterfs_cflags"
libs_tools="$glusterfs_libs $libs_tools"
libs_softmmu="$glusterfs_libs $libs_softmmu"
if $pkg_config --atleast-version=5 glusterfs-api >/dev/null 2>&1; then
glusterfs_discard="yes"
fi
else
if test "$glusterfs" = "yes" ; then
feature_not_found "GlusterFS backend support"
fi
glusterfs="no"
fi
fi
# Check for inotify functions when we are building linux-user
# emulator. This is done because older glibc versions don't
# have syscall stubs for these implemented. In that case we
# don't provide them even if kernel supports them.
#
inotify=no
cat > $TMPC << EOF
#include <sys/inotify.h>
int
main(void)
{
/* try to start inotify */
return inotify_init();
}
EOF
if compile_prog "" "" ; then
inotify=yes
fi
inotify1=no
cat > $TMPC << EOF
#include <sys/inotify.h>
int
main(void)
{
/* try to start inotify */
return inotify_init1(0);
}
EOF
if compile_prog "" "" ; then
inotify1=yes
fi
# check if utimensat and futimens are supported
utimens=no
cat > $TMPC << EOF
#define _ATFILE_SOURCE
#include <stddef.h>
#include <fcntl.h>
#include <sys/stat.h>
int main(void)
{
utimensat(AT_FDCWD, "foo", NULL, 0);
futimens(0, NULL);
return 0;
}
EOF
if compile_prog "" "" ; then
utimens=yes
fi
# check if pipe2 is there
pipe2=no
cat > $TMPC << EOF
#include <unistd.h>
#include <fcntl.h>
int main(void)
{
int pipefd[2];
return pipe2(pipefd, O_CLOEXEC);
}
EOF
if compile_prog "" "" ; then
pipe2=yes
fi
# check if accept4 is there
accept4=no
cat > $TMPC << EOF
#include <sys/socket.h>
#include <stddef.h>
int main(void)
{
accept4(0, NULL, NULL, SOCK_CLOEXEC);
return 0;
}
EOF
if compile_prog "" "" ; then
accept4=yes
fi
# check if tee/splice is there. vmsplice was added same time.
splice=no
cat > $TMPC << EOF
#include <unistd.h>
#include <fcntl.h>
#include <limits.h>
int main(void)
{
int len, fd = 0;
len = tee(STDIN_FILENO, STDOUT_FILENO, INT_MAX, SPLICE_F_NONBLOCK);
splice(STDIN_FILENO, NULL, fd, NULL, len, SPLICE_F_MOVE);
return 0;
}
EOF
if compile_prog "" "" ; then
splice=yes
fi
##########################################
# signalfd probe
signalfd="no"
cat > $TMPC << EOF
#include <unistd.h>
#include <sys/syscall.h>
#include <signal.h>
int main(void) { return syscall(SYS_signalfd, -1, NULL, _NSIG / 8); }
EOF
if compile_prog "" "" ; then
signalfd=yes
fi
# check if eventfd is supported
eventfd=no
cat > $TMPC << EOF
#include <sys/eventfd.h>
int main(void)
{
return eventfd(0, EFD_NONBLOCK | EFD_CLOEXEC);
}
EOF
if compile_prog "" "" ; then
eventfd=yes
fi
# check for fallocate
fallocate=no
cat > $TMPC << EOF
#include <fcntl.h>
int main(void)
{
fallocate(0, 0, 0, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
fallocate=yes
fi
# check for fallocate hole punching
fallocate_punch_hole=no
cat > $TMPC << EOF
#include <fcntl.h>
#include <linux/falloc.h>
int main(void)
{
fallocate(0, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, 0, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
fallocate_punch_hole=yes
fi
# check for sync_file_range
sync_file_range=no
cat > $TMPC << EOF
#include <fcntl.h>
int main(void)
{
sync_file_range(0, 0, 0, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
sync_file_range=yes
fi
# check for linux/fiemap.h and FS_IOC_FIEMAP
fiemap=no
cat > $TMPC << EOF
#include <sys/ioctl.h>
#include <linux/fs.h>
#include <linux/fiemap.h>
int main(void)
{
ioctl(0, FS_IOC_FIEMAP, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
fiemap=yes
fi
# check for dup3
dup3=no
cat > $TMPC << EOF
#include <unistd.h>
int main(void)
{
dup3(0, 0, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
dup3=yes
fi
# check for epoll support
epoll=no
cat > $TMPC << EOF
#include <sys/epoll.h>
int main(void)
{
epoll_create(0);
return 0;
}
EOF
if compile_prog "" "" ; then
epoll=yes
fi
# epoll_create1 and epoll_pwait are later additions
# so we must check separately for their presence
epoll_create1=no
cat > $TMPC << EOF
#include <sys/epoll.h>
int main(void)
{
/* Note that we use epoll_create1 as a value, not as
* a function being called. This is necessary so that on
* old SPARC glibc versions where the function was present in
* the library but not declared in the header file we will
* fail the configure check. (Otherwise we will get a compiler
* warning but not an error, and will proceed to fail the
* qemu compile where we compile with -Werror.)
*/
return (int)(uintptr_t)&epoll_create1;
}
EOF
if compile_prog "" "" ; then
epoll_create1=yes
fi
epoll_pwait=no
cat > $TMPC << EOF
#include <sys/epoll.h>
int main(void)
{
epoll_pwait(0, 0, 0, 0, 0);
return 0;
}
EOF
if compile_prog "" "" ; then
epoll_pwait=yes
fi
# check for sendfile support
sendfile=no
cat > $TMPC << EOF
#include <sys/sendfile.h>
int main(void)
{
return sendfile(0, 0, 0, 0);
}
EOF
if compile_prog "" "" ; then
sendfile=yes
fi
# Check if tools are available to build documentation.
if test "$docs" != "no" ; then
if has makeinfo && has pod2man; then
docs=yes
else
if test "$docs" = "yes" ; then
feature_not_found "docs"
fi
docs=no
fi
fi
# Search for bswap_32 function
byteswap_h=no
cat > $TMPC << EOF
#include <byteswap.h>
int main(void) { return bswap_32(0); }
EOF
if compile_prog "" "" ; then
byteswap_h=yes
fi
# Search for bswap32 function
bswap_h=no
cat > $TMPC << EOF
#include <sys/endian.h>
#include <sys/types.h>
#include <machine/bswap.h>
int main(void) { return bswap32(0); }
EOF
if compile_prog "" "" ; then
bswap_h=yes
fi
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
##########################################
# Do we have libiscsi
# We check for iscsi_unmap_sync() to make sure we have a
# recent enough version of libiscsi.
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
if test "$libiscsi" != "no" ; then
cat > $TMPC << EOF
#include <stdio.h>
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
#include <iscsi/iscsi.h>
int main(void) { iscsi_unmap_sync(NULL,0,0,0,NULL,0); return 0; }
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
EOF
if $pkg_config --atleast-version=1.7.0 libiscsi --modversion >/dev/null 2>&1; then
libiscsi="yes"
libiscsi_cflags=$($pkg_config --cflags libiscsi 2>/dev/null)
libiscsi_libs=$($pkg_config --libs libiscsi 2>/dev/null)
CFLAGS="$CFLAGS $libiscsi_cflags"
LIBS="$LIBS $libiscsi_libs"
elif compile_prog "" "-liscsi" ; then
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
libiscsi="yes"
LIBS="$LIBS -liscsi"
else
if test "$libiscsi" = "yes" ; then
feature_not_found "libiscsi"
fi
libiscsi="no"
fi
fi
##########################################
# Do we need libm
cat > $TMPC << EOF
#include <math.h>
int main(void) { return isnan(sin(0.0)); }
EOF
if compile_prog "" "" ; then
:
elif compile_prog "" "-lm" ; then
LIBS="-lm $LIBS"
libs_qga="-lm $libs_qga"
else
error_exit "libm check failed"
fi
##########################################
# Do we need librt
# uClibc provides 2 versions of clock_gettime(), one with realtime
# support and one without. This means that the clock_gettime() don't
# need -lrt. We still need it for timer_create() so we check for this
# function in addition.
cat > $TMPC <<EOF
#include <signal.h>
#include <time.h>
int main(void) {
timer_create(CLOCK_REALTIME, NULL, NULL);
return clock_gettime(CLOCK_REALTIME, NULL);
}
EOF
if compile_prog "" "" ; then
:
# we need pthread for static linking. use previous pthread test result
elif compile_prog "" "-lrt $pthread_lib" ; then
LIBS="-lrt $LIBS"
libs_qga="-lrt $libs_qga"
fi
if test "$darwin" != "yes" -a "$mingw32" != "yes" -a "$solaris" != yes -a \
"$aix" != "yes" -a "$haiku" != "yes" ; then
libs_softmmu="-lutil $libs_softmmu"
fi
##########################################
2010-03-24 10:26:51 +01:00
# spice probe
if test "$spice" != "no" ; then
cat > $TMPC << EOF
#include <spice.h>
int main(void) { spice_server_new(); return 0; }
EOF
spice_cflags=$($pkg_config --cflags spice-protocol spice-server 2>/dev/null)
spice_libs=$($pkg_config --libs spice-protocol spice-server 2>/dev/null)
if $pkg_config --atleast-version=0.12.0 spice-server >/dev/null 2>&1 && \
$pkg_config --atleast-version=0.12.3 spice-protocol > /dev/null 2>&1 && \
2010-03-24 10:26:51 +01:00
compile_prog "$spice_cflags" "$spice_libs" ; then
spice="yes"
libs_softmmu="$libs_softmmu $spice_libs"
QEMU_CFLAGS="$QEMU_CFLAGS $spice_cflags"
spice_protocol_version=$($pkg_config --modversion spice-protocol)
spice_server_version=$($pkg_config --modversion spice-server)
2010-03-24 10:26:51 +01:00
else
if test "$spice" = "yes" ; then
feature_not_found "spice"
fi
spice="no"
fi
fi
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
# check for libcacard for smartcard support
smartcard_cflags=""
# TODO - what's the minimal nss version we support?
if test "$smartcard_nss" != "no"; then
cat > $TMPC << EOF
#include <pk11pub.h>
int main(void) { PK11_FreeSlot(0); return 0; }
EOF
smartcard_includes="-I\$(SRC_PATH)/libcacard"
libcacard_libs="$($pkg_config --libs nss 2>/dev/null) $glib_libs"
libcacard_cflags="$($pkg_config --cflags nss 2>/dev/null) $glib_cflags"
test_cflags="$libcacard_cflags"
# The header files in nss < 3.13.3 have a bug which causes them to
# emit a warning. If we're going to compile QEMU with -Werror, then
# test that the headers don't have this bug. Otherwise we would pass
# the configure test but fail to compile QEMU later.
if test "$werror" = "yes"; then
test_cflags="-Werror $test_cflags"
fi
if test -n "$libtool" &&
$pkg_config --atleast-version=3.12.8 nss >/dev/null 2>&1 && \
compile_prog "$test_cflags" "$libcacard_libs"; then
smartcard_nss="yes"
QEMU_CFLAGS="$QEMU_CFLAGS $libcacard_cflags"
QEMU_INCLUDES="$QEMU_INCLUDES $smartcard_includes"
libs_softmmu="$libcacard_libs $libs_softmmu"
else
if test "$smartcard_nss" = "yes"; then
feature_not_found "nss"
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
fi
smartcard_nss="no"
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
fi
fi
# check for libusb
if test "$libusb" != "no" ; then
if $pkg_config --atleast-version=1.0.13 libusb-1.0 >/dev/null 2>&1 ; then
libusb="yes"
usb="libusb"
libusb_cflags=$($pkg_config --cflags libusb-1.0 2>/dev/null)
libusb_libs=$($pkg_config --libs libusb-1.0 2>/dev/null)
QEMU_CFLAGS="$QEMU_CFLAGS $libusb_cflags"
libs_softmmu="$libs_softmmu $libusb_libs"
else
if test "$libusb" = "yes"; then
feature_not_found "libusb"
fi
libusb="no"
fi
fi
# check for usbredirparser for usb network redirection support
if test "$usb_redir" != "no" ; then
if $pkg_config --atleast-version=0.6 libusbredirparser-0.5 >/dev/null 2>&1 ; then
usb_redir="yes"
usb_redir_cflags=$($pkg_config --cflags libusbredirparser-0.5 2>/dev/null)
usb_redir_libs=$($pkg_config --libs libusbredirparser-0.5 2>/dev/null)
QEMU_CFLAGS="$QEMU_CFLAGS $usb_redir_cflags"
libs_softmmu="$libs_softmmu $usb_redir_libs"
else
if test "$usb_redir" = "yes"; then
feature_not_found "usb-redir"
fi
usb_redir="no"
fi
fi
2010-03-24 10:26:51 +01:00
##########################################
##########################################
# check if we have fdatasync
fdatasync=no
cat > $TMPC << EOF
#include <unistd.h>
int main(void) {
#if defined(_POSIX_SYNCHRONIZED_IO) && _POSIX_SYNCHRONIZED_IO > 0
return fdatasync(0);
#else
#error Not supported
#endif
}
EOF
if compile_prog "" "" ; then
fdatasync=yes
fi
Introduce qemu_madvise() vl.c has a Sun-specific hack to supply a prototype for madvise(), but the call site has apparently moved to arch_init.c. Haiku doesn't implement madvise() in favor of posix_madvise(). OpenBSD and Solaris 10 don't implement posix_madvise() but madvise(). MinGW implements neither. Check for madvise() and posix_madvise() in configure and supply qemu_madvise() as wrapper. Prefer madvise() over posix_madvise() due to flag availability. Convert all callers to use qemu_madvise() and QEMU_MADV_*. Note that on Solaris the warning is fixed by moving the madvise() prototype, not by qemu_madvise() itself. It helps with porting though, and it simplifies most call sites. v7 -> v8: * Some versions of MinGW have no sys/mman.h header. Reported by Blue Swirl. v6 -> v7: * Adopt madvise() rather than posix_madvise() semantics for returning errors. * Use EINVAL in place of ENOTSUP. v5 -> v6: * Replace two leftover instances of POSIX_MADV_NORMAL with QEMU_MADV_INVALID. Spotted by Blue Swirl. v4 -> v5: * Introduce QEMU_MADV_INVALID, suggested by Alexander Graf. Note that this relies on -1 not being a valid advice value. v3 -> v4: * Eliminate #ifdefs at qemu_advise() call sites. Requested by Blue Swirl. This will currently break the check in kvm-all.c by calling madvise() with a supported flag, which will not fail. Ideas/patches welcome. v2 -> v3: * Reuse the *_MADV_* defines for QEMU_MADV_*. Suggested by Alexander Graf. * Add configure check for madvise(), too. Add defines to Makefile, not QEMU_CFLAGS. Convert all callers, untested. Suggested by Blue Swirl. * Keep Solaris' madvise() prototype around. Pointed out by Alexander Graf. * Display configure check results. v1 -> v2: * Don't rely on posix_madvise() availability, add qemu_madvise(). Suggested by Blue Swirl. Signed-off-by: Andreas Färber <afaerber@opensolaris.org> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-09-25 11:26:05 +00:00
##########################################
# check if we have madvise
madvise=no
cat > $TMPC << EOF
#include <sys/types.h>
#include <sys/mman.h>
#include <stddef.h>
Introduce qemu_madvise() vl.c has a Sun-specific hack to supply a prototype for madvise(), but the call site has apparently moved to arch_init.c. Haiku doesn't implement madvise() in favor of posix_madvise(). OpenBSD and Solaris 10 don't implement posix_madvise() but madvise(). MinGW implements neither. Check for madvise() and posix_madvise() in configure and supply qemu_madvise() as wrapper. Prefer madvise() over posix_madvise() due to flag availability. Convert all callers to use qemu_madvise() and QEMU_MADV_*. Note that on Solaris the warning is fixed by moving the madvise() prototype, not by qemu_madvise() itself. It helps with porting though, and it simplifies most call sites. v7 -> v8: * Some versions of MinGW have no sys/mman.h header. Reported by Blue Swirl. v6 -> v7: * Adopt madvise() rather than posix_madvise() semantics for returning errors. * Use EINVAL in place of ENOTSUP. v5 -> v6: * Replace two leftover instances of POSIX_MADV_NORMAL with QEMU_MADV_INVALID. Spotted by Blue Swirl. v4 -> v5: * Introduce QEMU_MADV_INVALID, suggested by Alexander Graf. Note that this relies on -1 not being a valid advice value. v3 -> v4: * Eliminate #ifdefs at qemu_advise() call sites. Requested by Blue Swirl. This will currently break the check in kvm-all.c by calling madvise() with a supported flag, which will not fail. Ideas/patches welcome. v2 -> v3: * Reuse the *_MADV_* defines for QEMU_MADV_*. Suggested by Alexander Graf. * Add configure check for madvise(), too. Add defines to Makefile, not QEMU_CFLAGS. Convert all callers, untested. Suggested by Blue Swirl. * Keep Solaris' madvise() prototype around. Pointed out by Alexander Graf. * Display configure check results. v1 -> v2: * Don't rely on posix_madvise() availability, add qemu_madvise(). Suggested by Blue Swirl. Signed-off-by: Andreas Färber <afaerber@opensolaris.org> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-09-25 11:26:05 +00:00
int main(void) { return madvise(NULL, 0, MADV_DONTNEED); }
EOF
if compile_prog "" "" ; then
madvise=yes
fi
##########################################
# check if we have posix_madvise
posix_madvise=no
cat > $TMPC << EOF
#include <sys/mman.h>
#include <stddef.h>
Introduce qemu_madvise() vl.c has a Sun-specific hack to supply a prototype for madvise(), but the call site has apparently moved to arch_init.c. Haiku doesn't implement madvise() in favor of posix_madvise(). OpenBSD and Solaris 10 don't implement posix_madvise() but madvise(). MinGW implements neither. Check for madvise() and posix_madvise() in configure and supply qemu_madvise() as wrapper. Prefer madvise() over posix_madvise() due to flag availability. Convert all callers to use qemu_madvise() and QEMU_MADV_*. Note that on Solaris the warning is fixed by moving the madvise() prototype, not by qemu_madvise() itself. It helps with porting though, and it simplifies most call sites. v7 -> v8: * Some versions of MinGW have no sys/mman.h header. Reported by Blue Swirl. v6 -> v7: * Adopt madvise() rather than posix_madvise() semantics for returning errors. * Use EINVAL in place of ENOTSUP. v5 -> v6: * Replace two leftover instances of POSIX_MADV_NORMAL with QEMU_MADV_INVALID. Spotted by Blue Swirl. v4 -> v5: * Introduce QEMU_MADV_INVALID, suggested by Alexander Graf. Note that this relies on -1 not being a valid advice value. v3 -> v4: * Eliminate #ifdefs at qemu_advise() call sites. Requested by Blue Swirl. This will currently break the check in kvm-all.c by calling madvise() with a supported flag, which will not fail. Ideas/patches welcome. v2 -> v3: * Reuse the *_MADV_* defines for QEMU_MADV_*. Suggested by Alexander Graf. * Add configure check for madvise(), too. Add defines to Makefile, not QEMU_CFLAGS. Convert all callers, untested. Suggested by Blue Swirl. * Keep Solaris' madvise() prototype around. Pointed out by Alexander Graf. * Display configure check results. v1 -> v2: * Don't rely on posix_madvise() availability, add qemu_madvise(). Suggested by Blue Swirl. Signed-off-by: Andreas Färber <afaerber@opensolaris.org> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-09-25 11:26:05 +00:00
int main(void) { return posix_madvise(NULL, 0, POSIX_MADV_DONTNEED); }
EOF
if compile_prog "" "" ; then
posix_madvise=yes
fi
##########################################
# check if we have usable SIGEV_THREAD_ID
sigev_thread_id=no
cat > $TMPC << EOF
#include <signal.h>
int main(void) {
struct sigevent ev;
ev.sigev_notify = SIGEV_THREAD_ID;
ev._sigev_un._tid = 0;
asm volatile("" : : "g"(&ev));
return 0;
}
EOF
if compile_prog "" "" ; then
sigev_thread_id=yes
fi
##########################################
# check if trace backend exists
$python "$source_path/scripts/tracetool.py" "--backend=$trace_backend" --check-backend > /dev/null 2> /dev/null
if test "$?" -ne 0 ; then
error_exit "invalid trace backend" \
"Please choose a supported trace backend."
fi
##########################################
# For 'ust' backend, test if ust headers are present
if test "$trace_backend" = "ust"; then
cat > $TMPC << EOF
#include <ust/tracepoint.h>
#include <ust/marker.h>
int main(void) { return 0; }
EOF
if compile_prog "" "" ; then
LIBS="-lust -lurcu-bp $LIBS"
libs_qga="-lust -lurcu-bp $libs_qga"
else
error_exit "Trace backend 'ust' missing libust header files"
fi
fi
Add a DTrace tracing backend targetted for SystemTAP compatability This introduces a new tracing backend that targets the SystemTAP implementation of DTrace userspace tracing. The core functionality should be applicable and standard across any DTrace implementation on Solaris, OS-X, *BSD, but the Makefile rules will likely need some small additional changes to cope with OS specific build requirements. This backend builds a little differently from the other tracing backends. Specifically there is no 'trace.c' file, because the 'dtrace' command line tool generates a '.o' file directly from the dtrace probe definition file. The probe definition is usually named with a '.d' extension but QEMU uses '.d' files for its external makefile dependancy tracking, so this uses '.dtrace' as the extension for the probe definition file. The 'tracetool' program gains the ability to generate a trace.h file for DTrace, and also to generate the trace.d file containing the dtrace probe definition. Example usage of a dtrace probe in systemtap looks like: probe process("qemu").mark("qemu_malloc") { printf("Malloc %d %p\n", $arg1, $arg2); } * .gitignore: Ignore trace-dtrace.* * Makefile: Extra rules for generating DTrace files * Makefile.obj: Don't build trace.o for DTrace, use trace-dtrace.o generated by 'dtrace' instead * tracetool: Support for generating DTrace data files Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-11-12 13:20:24 +00:00
##########################################
# For 'dtrace' backend, test if 'dtrace' command is present
if test "$trace_backend" = "dtrace"; then
if ! has 'dtrace' ; then
error_exit "dtrace command is not found in PATH $PATH"
Add a DTrace tracing backend targetted for SystemTAP compatability This introduces a new tracing backend that targets the SystemTAP implementation of DTrace userspace tracing. The core functionality should be applicable and standard across any DTrace implementation on Solaris, OS-X, *BSD, but the Makefile rules will likely need some small additional changes to cope with OS specific build requirements. This backend builds a little differently from the other tracing backends. Specifically there is no 'trace.c' file, because the 'dtrace' command line tool generates a '.o' file directly from the dtrace probe definition file. The probe definition is usually named with a '.d' extension but QEMU uses '.d' files for its external makefile dependancy tracking, so this uses '.dtrace' as the extension for the probe definition file. The 'tracetool' program gains the ability to generate a trace.h file for DTrace, and also to generate the trace.d file containing the dtrace probe definition. Example usage of a dtrace probe in systemtap looks like: probe process("qemu").mark("qemu_malloc") { printf("Malloc %d %p\n", $arg1, $arg2); } * .gitignore: Ignore trace-dtrace.* * Makefile: Extra rules for generating DTrace files * Makefile.obj: Don't build trace.o for DTrace, use trace-dtrace.o generated by 'dtrace' instead * tracetool: Support for generating DTrace data files Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-11-12 13:20:24 +00:00
fi
trace_backend_stap="no"
if has 'stap' ; then
trace_backend_stap="yes"
fi
Add a DTrace tracing backend targetted for SystemTAP compatability This introduces a new tracing backend that targets the SystemTAP implementation of DTrace userspace tracing. The core functionality should be applicable and standard across any DTrace implementation on Solaris, OS-X, *BSD, but the Makefile rules will likely need some small additional changes to cope with OS specific build requirements. This backend builds a little differently from the other tracing backends. Specifically there is no 'trace.c' file, because the 'dtrace' command line tool generates a '.o' file directly from the dtrace probe definition file. The probe definition is usually named with a '.d' extension but QEMU uses '.d' files for its external makefile dependancy tracking, so this uses '.dtrace' as the extension for the probe definition file. The 'tracetool' program gains the ability to generate a trace.h file for DTrace, and also to generate the trace.d file containing the dtrace probe definition. Example usage of a dtrace probe in systemtap looks like: probe process("qemu").mark("qemu_malloc") { printf("Malloc %d %p\n", $arg1, $arg2); } * .gitignore: Ignore trace-dtrace.* * Makefile: Extra rules for generating DTrace files * Makefile.obj: Don't build trace.o for DTrace, use trace-dtrace.o generated by 'dtrace' instead * tracetool: Support for generating DTrace data files Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-11-12 13:20:24 +00:00
fi
##########################################
# check and set a backend for coroutine
# We prefer ucontext, but it's not always possible. The fallback
# is sigcontext. gthread is not selectable except explicitly, because
# it is not functional enough to run QEMU proper. (It is occasionally
# useful for debugging purposes.) On Windows the only valid backend
# is the Windows-specific one.
ucontext_works=no
if test "$darwin" != "yes"; then
cat > $TMPC << EOF
#include <ucontext.h>
#ifdef __stub_makecontext
#error Ignoring glibc stub makecontext which will always fail
#endif
int main(void) { makecontext(0, 0, 0); return 0; }
EOF
if compile_prog "" "" ; then
ucontext_works=yes
fi
fi
if test "$coroutine" = ""; then
if test "$mingw32" = "yes"; then
coroutine=win32
elif test "$ucontext_works" = "yes"; then
coroutine=ucontext
else
coroutine=sigaltstack
fi
else
case $coroutine in
windows)
if test "$mingw32" != "yes"; then
error_exit "'windows' coroutine backend only valid for Windows"
fi
# Unfortunately the user visible backend name doesn't match the
# coroutine-*.c filename for this case, so we have to adjust it here.
coroutine=win32
;;
ucontext)
if test "$ucontext_works" != "yes"; then
feature_not_found "ucontext"
fi
;;
gthread|sigaltstack)
if test "$mingw32" = "yes"; then
error_exit "only the 'windows' coroutine backend is valid for Windows"
fi
;;
*)
error_exit "unknown coroutine backend $coroutine"
;;
esac
fi
##########################################
# check if we have open_by_handle_at
open_by_handle_at=no
cat > $TMPC << EOF
#include <fcntl.h>
#if !defined(AT_EMPTY_PATH)
# error missing definition
#else
int main(void) { struct file_handle fh; return open_by_handle_at(0, &fh, 0); }
#endif
EOF
if compile_prog "" "" ; then
open_by_handle_at=yes
fi
########################################
# check if we have linux/magic.h
linux_magic_h=no
cat > $TMPC << EOF
#include <linux/magic.h>
int main(void) {
return 0;
}
EOF
if compile_prog "" "" ; then
linux_magic_h=yes
fi
########################################
# check whether we can disable warning option with a pragma (this is needed
# to silence warnings in the headers of some versions of external libraries).
# This test has to be compiled with -Werror as otherwise an unknown pragma is
# only a warning.
#
# If we can't selectively disable warning in the code, disable -Werror so that
# the build doesn't fail anyway.
pragma_disable_unused_but_set=no
cat > $TMPC << EOF
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
#pragma GCC diagnostic ignored "-Wstrict-prototypes"
#pragma GCC diagnostic pop
int main(void) {
return 0;
}
EOF
if compile_prog "-Werror" "" ; then
pragma_diagnostic_available=yes
else
werror=no
fi
########################################
# check if we have valgrind/valgrind.h and valgrind/memcheck.h
valgrind_h=no
cat > $TMPC << EOF
#include <valgrind/valgrind.h>
#include <valgrind/memcheck.h>
int main(void) {
return 0;
}
EOF
if compile_prog "" "" ; then
valgrind_h=yes
fi
########################################
# check if environ is declared
has_environ=no
cat > $TMPC << EOF
#include <unistd.h>
int main(void) {
environ = 0;
return 0;
}
EOF
if compile_prog "" "" ; then
has_environ=yes
fi
########################################
# check if cpuid.h is usable.
cpuid_h=no
cat > $TMPC << EOF
#include <cpuid.h>
int main(void) {
return 0;
}
EOF
if compile_prog "" "" ; then
cpuid_h=yes
fi
########################################
# check if __[u]int128_t is usable.
int128=no
cat > $TMPC << EOF
__int128_t a;
__uint128_t b;
int main (void) {
a = a + b;
b = a * b;
a = a * a;
return 0;
}
EOF
if compile_prog "" "" ; then
int128=yes
fi
########################################
# check if getauxval is available.
getauxval=no
cat > $TMPC << EOF
#include <sys/auxv.h>
int main(void) {
return getauxval(AT_HWCAP) == 0;
}
EOF
if compile_prog "" "" ; then
getauxval=yes
fi
##########################################
# End of CC checks
# After here, no more $cc or $ld runs
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
elif test "$debug" = "no" ; then
CFLAGS="-O2 -D_FORTIFY_SOURCE=2 $CFLAGS"
fi
# Disable zero malloc errors for official releases unless explicitly told to
# enable/disable
if test -z "$zero_malloc" ; then
if test "$z_version" = "50" ; then
zero_malloc="no"
else
zero_malloc="yes"
fi
fi
# Now we've finished running tests it's OK to add -Werror to the compiler flags
if test "$werror" = "yes"; then
QEMU_CFLAGS="-Werror $QEMU_CFLAGS"
fi
if test "$solaris" = "no" ; then
if $ld --version 2>/dev/null | grep "GNU ld" >/dev/null 2>/dev/null ; then
LDFLAGS="-Wl,--warn-common $LDFLAGS"
fi
fi
# test if pod2man has --utf8 option
if pod2man --help | grep -q utf8; then
POD2MAN="pod2man --utf8"
else
POD2MAN="pod2man"
fi
# Use ASLR, no-SEH and DEP if available
if test "$mingw32" = "yes" ; then
for flag in --dynamicbase --no-seh --nxcompat; do
if $ld --help 2>/dev/null | grep ".$flag" >/dev/null 2>/dev/null ; then
LDFLAGS="-Wl,$flag $LDFLAGS"
fi
done
fi
qemu_confdir=$sysconfdir$confsuffix
qemu_datadir=$datadir$confsuffix
qemu_localedir="$datadir/locale"
tools=""
if test "$want_tools" = "yes" ; then
tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) $tools"
if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
tools="qemu-nbd\$(EXESUF) $tools"
fi
fi
if test "$softmmu" = yes ; then
if test "$virtfs" != no ; then
if test "$cap" = yes && test "$linux" = yes && test "$attr" = yes ; then
virtfs=yes
tools="$tools fsdev/virtfs-proxy-helper\$(EXESUF)"
else
if test "$virtfs" = yes; then
error_exit "VirtFS is supported only on Linux and requires libcap-devel and libattr-devel"
fi
virtfs=no
fi
fi
fi
if [ "$guest_agent" != "no" ]; then
if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
tools="qemu-ga\$(EXESUF) $tools"
guest_agent=yes
elif [ "$guest_agent" != yes ]; then
guest_agent=no
else
error_exit "Guest agent is not supported on this platform"
fi
fi
# Mac OS X ships with a broken assembler
roms=
if test \( "$cpu" = "i386" -o "$cpu" = "x86_64" \) -a \
"$targetos" != "Darwin" -a "$targetos" != "SunOS" -a \
"$softmmu" = yes ; then
roms="optionrom"
fi
if test "$cpu" = "ppc64" -a "$targetos" != "Darwin" ; then
roms="$roms spapr-rtas"
fi
if test "$cpu" = "s390x" ; then
roms="$roms s390-ccw"
fi
# Probe for the need for relocating the user-only binary.
if test "$pie" = "no" ; then
textseg_addr=
case "$cpu" in
arm | hppa | i386 | m68k | ppc | ppc64 | s390* | sparc | sparc64 | x86_64)
textseg_addr=0x60000000
;;
mips)
textseg_addr=0x400000
;;
esac
if [ -n "$textseg_addr" ]; then
cat > $TMPC <<EOF
int main(void) { return 0; }
EOF
textseg_ldflags="-Wl,-Ttext-segment=$textseg_addr"
if ! compile_prog "" "$textseg_ldflags"; then
# In case ld does not support -Ttext-segment, edit the default linker
# script via sed to set the .text start addr. This is needed on FreeBSD
# at least.
$ld --verbose | sed \
-e '1,/==================================================/d' \
-e '/==================================================/,$d' \
-e "s/[.] = [0-9a-fx]* [+] SIZEOF_HEADERS/. = $textseg_addr + SIZEOF_HEADERS/" \
-e "s/__executable_start = [0-9a-fx]*/__executable_start = $textseg_addr/" > config-host.ld
textseg_ldflags="-Wl,-T../config-host.ld"
fi
fi
fi
# add pixman flags after all config tests are done
QEMU_CFLAGS="$QEMU_CFLAGS $pixman_cflags $fdt_cflags"
libs_softmmu="$libs_softmmu $pixman_libs"
echo "Install prefix $prefix"
echo "BIOS directory `eval echo $qemu_datadir`"
echo "binary directory `eval echo $bindir`"
2011-05-15 12:08:59 +03:00
echo "library directory `eval echo $libdir`"
echo "libexec directory `eval echo $libexecdir`"
echo "include directory `eval echo $includedir`"
echo "config directory `eval echo $sysconfdir`"
if test "$mingw32" = "no" ; then
echo "local state directory `eval echo $local_statedir`"
echo "Manual directory `eval echo $mandir`"
echo "ELF interp prefix $interp_prefix"
else
echo "local state directory queried at runtime"
fi
echo "Source path $source_path"
echo "C compiler $cc"
echo "Host C compiler $host_cc"
echo "Objective-C compiler $objcc"
echo "CFLAGS $CFLAGS"
echo "QEMU_CFLAGS $QEMU_CFLAGS"
echo "LDFLAGS $LDFLAGS"
echo "make $make"
echo "install $install"
echo "python $python"
if test "$slirp" = "yes" ; then
echo "smbd $smbd"
fi
echo "host CPU $cpu"
echo "host big endian $bigendian"
echo "target list $target_list"
echo "tcg debug enabled $debug_tcg"
echo "gprof enabled $gprof"
echo "sparse enabled $sparse"
echo "strip binaries $strip_opt"
echo "profiler $profiler"
echo "static build $static"
echo "-Werror enabled $werror"
if test "$darwin" = "yes" ; then
echo "Cocoa support $cocoa"
fi
echo "pixman $pixman"
echo "SDL support $sdl"
echo "GTK support $gtk"
echo "curses support $curses"
echo "curl support $curl"
echo "mingw32 support $mingw32"
echo "Audio drivers $audio_drv_list"
echo "Block whitelist (rw) $block_drv_rw_whitelist"
echo "Block whitelist (ro) $block_drv_ro_whitelist"
echo "Mixer emulation $mixemu"
echo "VirtFS support $virtfs"
echo "VNC support $vnc"
if test "$vnc" = "yes" ; then
echo "VNC TLS support $vnc_tls"
echo "VNC SASL support $vnc_sasl"
echo "VNC JPEG support $vnc_jpeg"
echo "VNC PNG support $vnc_png"
echo "VNC WS support $vnc_ws"
fi
if test -n "$sparc_cpu"; then
echo "Target Sparc Arch $sparc_cpu"
fi
echo "xen support $xen"
echo "brlapi support $brlapi"
echo "bluez support $bluez"
echo "Documentation $docs"
[ ! -z "$uname_release" ] && \
echo "uname -r $uname_release"
echo "GUEST_BASE $guest_base"
echo "PIE $pie"
echo "vde support $vde"
echo "Linux AIO support $linux_aio"
echo "ATTR/XATTR support $attr"
echo "Install blobs $blobs"
echo "KVM support $kvm"
echo "RDMA support $rdma"
echo "TCG interpreter $tcg_interpreter"
echo "fdt support $fdt"
echo "preadv support $preadv"
echo "fdatasync $fdatasync"
Introduce qemu_madvise() vl.c has a Sun-specific hack to supply a prototype for madvise(), but the call site has apparently moved to arch_init.c. Haiku doesn't implement madvise() in favor of posix_madvise(). OpenBSD and Solaris 10 don't implement posix_madvise() but madvise(). MinGW implements neither. Check for madvise() and posix_madvise() in configure and supply qemu_madvise() as wrapper. Prefer madvise() over posix_madvise() due to flag availability. Convert all callers to use qemu_madvise() and QEMU_MADV_*. Note that on Solaris the warning is fixed by moving the madvise() prototype, not by qemu_madvise() itself. It helps with porting though, and it simplifies most call sites. v7 -> v8: * Some versions of MinGW have no sys/mman.h header. Reported by Blue Swirl. v6 -> v7: * Adopt madvise() rather than posix_madvise() semantics for returning errors. * Use EINVAL in place of ENOTSUP. v5 -> v6: * Replace two leftover instances of POSIX_MADV_NORMAL with QEMU_MADV_INVALID. Spotted by Blue Swirl. v4 -> v5: * Introduce QEMU_MADV_INVALID, suggested by Alexander Graf. Note that this relies on -1 not being a valid advice value. v3 -> v4: * Eliminate #ifdefs at qemu_advise() call sites. Requested by Blue Swirl. This will currently break the check in kvm-all.c by calling madvise() with a supported flag, which will not fail. Ideas/patches welcome. v2 -> v3: * Reuse the *_MADV_* defines for QEMU_MADV_*. Suggested by Alexander Graf. * Add configure check for madvise(), too. Add defines to Makefile, not QEMU_CFLAGS. Convert all callers, untested. Suggested by Blue Swirl. * Keep Solaris' madvise() prototype around. Pointed out by Alexander Graf. * Display configure check results. v1 -> v2: * Don't rely on posix_madvise() availability, add qemu_madvise(). Suggested by Blue Swirl. Signed-off-by: Andreas Färber <afaerber@opensolaris.org> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-09-25 11:26:05 +00:00
echo "madvise $madvise"
echo "posix_madvise $posix_madvise"
echo "sigev_thread_id $sigev_thread_id"
echo "uuid support $uuid"
echo "libcap-ng support $cap_ng"
echo "vhost-net support $vhost_net"
vhost-scsi: new device supporting the tcm_vhost Linux kernel module The WWPN specified in configfs is passed to "-device vhost-scsi-pci". The tgpt field of the SET_ENDPOINT ioctl is obsolete now, so it is not available from the QEMU command-line. Instead, I hardcode it to zero. Changes in Patch-v2: - Add vhost_scsi_get_features() in order to determine feature bits supports by host kernel (mst + nab) - Re-enable usage of DEFINE_VIRTIO_COMMON_FEATURES, and allow EVENT_IDX to be disabled by host in vhost_scsi_get_features() - Drop unused hotplug bit in DEFINE_VHOST_SCSI_PROPERTIES Changes in Patch-v1: - Set event_idx=off by default (nab, thanks asias) - Disable hotplug feature bit for v3.9 tcm_vhost kernel code, need to re-enable in v3.10 (nab) - Update to latest qemu.git/master HEAD Changes in WIP-V3: - Drop ioeventfd vhost_scsi_properties (asias, thanks stefanha) - Add CONFIG_VHOST_SCSI (asias, thanks stefanha) - Add hotplug feature bit Changes in WIP-V2: - Add backend guest masking support (nab) - Bump ABI_VERSION to 1 (nab) - Set up set_guest_notifiers (asias) - Set up vs->dev.vq_index (asias) - Drop vs->vs.vdev.{set,clear}_vhost_endpoint (asias) - Drop VIRTIO_CONFIG_S_DRIVER check in vhost_scsi_set_status (asias) Howto: Use the latest seabios, at least commit b44a7be17b git clone git://git.seabios.org/seabios.git make cp out/bios.bin /usr/share/qemu/bios.bin qemu -device vhost-scsi-pci,wwpn=naa.6001405bd4e8476d,event_idx=off ... Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Asias He <asias@redhat.com> [ Rebase on top of VirtIOSCSICommon patch, fix bugs in feature negotiation and irqfd masking - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-29 01:08:16 +00:00
echo "vhost-scsi support $vhost_scsi"
echo "Trace backend $trace_backend"
echo "Trace output file $trace_file-<pid>"
echo "spice support $spice ($spice_protocol_version/$spice_server_version)"
echo "rbd support $rbd"
echo "xfsctl support $xfs"
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
echo "nss used $smartcard_nss"
echo "libusb $libusb"
echo "usb net redir $usb_redir"
echo "GLX support $glx"
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
echo "libiscsi support $libiscsi"
echo "build guest agent $guest_agent"
echo "seccomp support $seccomp"
echo "coroutine backend $coroutine"
echo "GlusterFS support $glusterfs"
echo "virtio-blk-data-plane $virtio_blk_data_plane"
echo "gcov $gcov_tool"
echo "gcov enabled $gcov"
echo "TPM support $tpm"
echo "libssh2 support $libssh2"
echo "TPM passthrough $tpm_passthrough"
echo "QOM debugging $qom_cast_debug"
if test "$sdl_too_old" = "yes"; then
echo "-> Your SDL version is too old - please upgrade to have SDL support"
fi
config_host_mak="config-host.mak"
echo "# Automatically generated by configure - do not modify" >config-all-disas.mak
echo "# Automatically generated by configure - do not modify" > $config_host_mak
printf "# Configured with:" >> $config_host_mak
printf " '%s'" "$0" "$@" >> $config_host_mak
echo >> $config_host_mak
echo all: >> $config_host_mak
echo "prefix=$prefix" >> $config_host_mak
echo "bindir=$bindir" >> $config_host_mak
2011-05-15 12:08:59 +03:00
echo "libdir=$libdir" >> $config_host_mak
echo "libexecdir=$libexecdir" >> $config_host_mak
echo "includedir=$includedir" >> $config_host_mak
echo "mandir=$mandir" >> $config_host_mak
echo "sysconfdir=$sysconfdir" >> $config_host_mak
echo "qemu_confdir=$qemu_confdir" >> $config_host_mak
echo "qemu_datadir=$qemu_datadir" >> $config_host_mak
echo "qemu_docdir=$qemu_docdir" >> $config_host_mak
if test "$mingw32" = "no" ; then
echo "qemu_localstatedir=$local_statedir" >> $config_host_mak
fi
echo "qemu_helperdir=$libexecdir" >> $config_host_mak
echo "extra_cflags=$EXTRA_CFLAGS" >> $config_host_mak
echo "extra_ldflags=$EXTRA_LDFLAGS" >> $config_host_mak
echo "qemu_localedir=$qemu_localedir" >> $config_host_mak
echo "libs_softmmu=$libs_softmmu" >> $config_host_mak
echo "ARCH=$ARCH" >> $config_host_mak
case "$cpu" in
arm|i386|x86_64|ppc|aarch64)
# The TCG interpreter currently does not support ld/st optimization.
if test "$tcg_interpreter" = "no" ; then
echo "CONFIG_QEMU_LDST_OPTIMIZATION=y" >> $config_host_mak
fi
;;
esac
if test "$debug_tcg" = "yes" ; then
echo "CONFIG_DEBUG_TCG=y" >> $config_host_mak
fi
if test "$strip_opt" = "yes" ; then
echo "STRIP=${strip}" >> $config_host_mak
fi
if test "$bigendian" = "yes" ; then
echo "HOST_WORDS_BIGENDIAN=y" >> $config_host_mak
fi
if test "$mingw32" = "yes" ; then
echo "CONFIG_WIN32=y" >> $config_host_mak
rc_version=`cat $source_path/VERSION`
version_major=${rc_version%%.*}
rc_version=${rc_version#*.}
version_minor=${rc_version%%.*}
rc_version=${rc_version#*.}
version_subminor=${rc_version%%.*}
version_micro=0
echo "CONFIG_FILEVERSION=$version_major,$version_minor,$version_subminor,$version_micro" >> $config_host_mak
echo "CONFIG_PRODUCTVERSION=$version_major,$version_minor,$version_subminor,$version_micro" >> $config_host_mak
else
echo "CONFIG_POSIX=y" >> $config_host_mak
fi
if test "$linux" = "yes" ; then
echo "CONFIG_LINUX=y" >> $config_host_mak
fi
if test "$darwin" = "yes" ; then
echo "CONFIG_DARWIN=y" >> $config_host_mak
fi
if test "$aix" = "yes" ; then
echo "CONFIG_AIX=y" >> $config_host_mak
fi
if test "$solaris" = "yes" ; then
echo "CONFIG_SOLARIS=y" >> $config_host_mak
echo "CONFIG_SOLARIS_VERSION=$solarisrev" >> $config_host_mak
if test "$needs_libsunmath" = "yes" ; then
echo "CONFIG_NEEDS_LIBSUNMATH=y" >> $config_host_mak
fi
fi
if test "$haiku" = "yes" ; then
echo "CONFIG_HAIKU=y" >> $config_host_mak
fi
if test "$static" = "yes" ; then
echo "CONFIG_STATIC=y" >> $config_host_mak
fi
if test "$profiler" = "yes" ; then
echo "CONFIG_PROFILER=y" >> $config_host_mak
fi
if test "$slirp" = "yes" ; then
echo "CONFIG_SLIRP=y" >> $config_host_mak
echo "CONFIG_SMBD_COMMAND=\"$smbd\"" >> $config_host_mak
fi
if test "$vde" = "yes" ; then
echo "CONFIG_VDE=y" >> $config_host_mak
fi
if test "$cap_ng" = "yes" ; then
echo "CONFIG_LIBCAP=y" >> $config_host_mak
fi
echo "CONFIG_AUDIO_DRIVERS=$audio_drv_list" >> $config_host_mak
for drv in $audio_drv_list; do
def=CONFIG_`echo $drv | LC_ALL=C tr '[a-z]' '[A-Z]'`
echo "$def=y" >> $config_host_mak
if test "$drv" = "fmod"; then
echo "FMOD_CFLAGS=-I$fmod_inc" >> $config_host_mak
fi
done
if test "$audio_pt_int" = "yes" ; then
echo "CONFIG_AUDIO_PT_INT=y" >> $config_host_mak
fi
if test "$audio_win_int" = "yes" ; then
echo "CONFIG_AUDIO_WIN_INT=y" >> $config_host_mak
fi
echo "CONFIG_BDRV_RW_WHITELIST=$block_drv_rw_whitelist" >> $config_host_mak
echo "CONFIG_BDRV_RO_WHITELIST=$block_drv_ro_whitelist" >> $config_host_mak
if test "$mixemu" = "yes" ; then
echo "CONFIG_MIXEMU=y" >> $config_host_mak
fi
if test "$vnc" = "yes" ; then
echo "CONFIG_VNC=y" >> $config_host_mak
fi
if test "$vnc_tls" = "yes" ; then
echo "CONFIG_VNC_TLS=y" >> $config_host_mak
fi
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
if test "$vnc_sasl" = "yes" ; then
echo "CONFIG_VNC_SASL=y" >> $config_host_mak
Add SASL authentication support ("Daniel P. Berrange") This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
fi
if test "$vnc_jpeg" = "yes" ; then
echo "CONFIG_VNC_JPEG=y" >> $config_host_mak
fi
if test "$vnc_png" = "yes" ; then
echo "CONFIG_VNC_PNG=y" >> $config_host_mak
fi
if test "$vnc_ws" = "yes" ; then
echo "CONFIG_VNC_WS=y" >> $config_host_mak
echo "VNC_WS_CFLAGS=$vnc_ws_cflags" >> $config_host_mak
fi
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
if test "$fnmatch" = "yes" ; then
echo "CONFIG_FNMATCH=y" >> $config_host_mak
Support ACLs for controlling VNC access ("Daniel P. Berrange") This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
fi
if test "$uuid" = "yes" ; then
echo "CONFIG_UUID=y" >> $config_host_mak
fi
if test "$xfs" = "yes" ; then
echo "CONFIG_XFS=y" >> $config_host_mak
fi
qemu_version=`head $source_path/VERSION`
echo "VERSION=$qemu_version" >>$config_host_mak
echo "PKGVERSION=$pkgversion" >>$config_host_mak
echo "SRC_PATH=$source_path" >> $config_host_mak
echo "TARGET_DIRS=$target_list" >> $config_host_mak
if [ "$docs" = "yes" ] ; then
echo "BUILD_DOCS=yes" >> $config_host_mak
fi
if test "$sdl" = "yes" ; then
echo "CONFIG_SDL=y" >> $config_host_mak
echo "SDL_CFLAGS=$sdl_cflags" >> $config_host_mak
fi
if test "$cocoa" = "yes" ; then
echo "CONFIG_COCOA=y" >> $config_host_mak
fi
if test "$curses" = "yes" ; then
echo "CONFIG_CURSES=y" >> $config_host_mak
fi
if test "$utimens" = "yes" ; then
echo "CONFIG_UTIMENSAT=y" >> $config_host_mak
fi
if test "$pipe2" = "yes" ; then
echo "CONFIG_PIPE2=y" >> $config_host_mak
fi
if test "$accept4" = "yes" ; then
echo "CONFIG_ACCEPT4=y" >> $config_host_mak
fi
if test "$splice" = "yes" ; then
echo "CONFIG_SPLICE=y" >> $config_host_mak
fi
if test "$eventfd" = "yes" ; then
echo "CONFIG_EVENTFD=y" >> $config_host_mak
fi
if test "$fallocate" = "yes" ; then
echo "CONFIG_FALLOCATE=y" >> $config_host_mak
fi
if test "$fallocate_punch_hole" = "yes" ; then
echo "CONFIG_FALLOCATE_PUNCH_HOLE=y" >> $config_host_mak
fi
if test "$sync_file_range" = "yes" ; then
echo "CONFIG_SYNC_FILE_RANGE=y" >> $config_host_mak
fi
if test "$fiemap" = "yes" ; then
echo "CONFIG_FIEMAP=y" >> $config_host_mak
fi
if test "$dup3" = "yes" ; then
echo "CONFIG_DUP3=y" >> $config_host_mak
fi
if test "$epoll" = "yes" ; then
echo "CONFIG_EPOLL=y" >> $config_host_mak
fi
if test "$epoll_create1" = "yes" ; then
echo "CONFIG_EPOLL_CREATE1=y" >> $config_host_mak
fi
if test "$epoll_pwait" = "yes" ; then
echo "CONFIG_EPOLL_PWAIT=y" >> $config_host_mak
fi
if test "$sendfile" = "yes" ; then
echo "CONFIG_SENDFILE=y" >> $config_host_mak
fi
if test "$inotify" = "yes" ; then
echo "CONFIG_INOTIFY=y" >> $config_host_mak
fi
if test "$inotify1" = "yes" ; then
echo "CONFIG_INOTIFY1=y" >> $config_host_mak
fi
if test "$byteswap_h" = "yes" ; then
echo "CONFIG_BYTESWAP_H=y" >> $config_host_mak
fi
if test "$bswap_h" = "yes" ; then
echo "CONFIG_MACHINE_BSWAP_H=y" >> $config_host_mak
fi
if test "$curl" = "yes" ; then
echo "CONFIG_CURL=y" >> $config_host_mak
echo "CURL_CFLAGS=$curl_cflags" >> $config_host_mak
fi
if test "$brlapi" = "yes" ; then
echo "CONFIG_BRLAPI=y" >> $config_host_mak
fi
if test "$bluez" = "yes" ; then
echo "CONFIG_BLUEZ=y" >> $config_host_mak
echo "BLUEZ_CFLAGS=$bluez_cflags" >> $config_host_mak
fi
echo "GLIB_CFLAGS=$glib_cflags" >> $config_host_mak
if test "$gtk" = "yes" ; then
echo "CONFIG_GTK=y" >> $config_host_mak
echo "GTK_CFLAGS=$gtk_cflags" >> $config_host_mak
echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
fi
if test "$xen" = "yes" ; then
echo "CONFIG_XEN_BACKEND=y" >> $config_host_mak
echo "CONFIG_XEN_CTRL_INTERFACE_VERSION=$xen_ctrl_version" >> $config_host_mak
fi
if test "$linux_aio" = "yes" ; then
echo "CONFIG_LINUX_AIO=y" >> $config_host_mak
fi
if test "$attr" = "yes" ; then
echo "CONFIG_ATTR=y" >> $config_host_mak
fi
if test "$libattr" = "yes" ; then
echo "CONFIG_LIBATTR=y" >> $config_host_mak
fi
if test "$virtfs" = "yes" ; then
echo "CONFIG_VIRTFS=y" >> $config_host_mak
fi
vhost-scsi: new device supporting the tcm_vhost Linux kernel module The WWPN specified in configfs is passed to "-device vhost-scsi-pci". The tgpt field of the SET_ENDPOINT ioctl is obsolete now, so it is not available from the QEMU command-line. Instead, I hardcode it to zero. Changes in Patch-v2: - Add vhost_scsi_get_features() in order to determine feature bits supports by host kernel (mst + nab) - Re-enable usage of DEFINE_VIRTIO_COMMON_FEATURES, and allow EVENT_IDX to be disabled by host in vhost_scsi_get_features() - Drop unused hotplug bit in DEFINE_VHOST_SCSI_PROPERTIES Changes in Patch-v1: - Set event_idx=off by default (nab, thanks asias) - Disable hotplug feature bit for v3.9 tcm_vhost kernel code, need to re-enable in v3.10 (nab) - Update to latest qemu.git/master HEAD Changes in WIP-V3: - Drop ioeventfd vhost_scsi_properties (asias, thanks stefanha) - Add CONFIG_VHOST_SCSI (asias, thanks stefanha) - Add hotplug feature bit Changes in WIP-V2: - Add backend guest masking support (nab) - Bump ABI_VERSION to 1 (nab) - Set up set_guest_notifiers (asias) - Set up vs->dev.vq_index (asias) - Drop vs->vs.vdev.{set,clear}_vhost_endpoint (asias) - Drop VIRTIO_CONFIG_S_DRIVER check in vhost_scsi_set_status (asias) Howto: Use the latest seabios, at least commit b44a7be17b git clone git://git.seabios.org/seabios.git make cp out/bios.bin /usr/share/qemu/bios.bin qemu -device vhost-scsi-pci,wwpn=naa.6001405bd4e8476d,event_idx=off ... Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Asias He <asias@redhat.com> [ Rebase on top of VirtIOSCSICommon patch, fix bugs in feature negotiation and irqfd masking - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-29 01:08:16 +00:00
if test "$vhost_scsi" = "yes" ; then
echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
fi
if test "$blobs" = "yes" ; then
echo "INSTALL_BLOBS=yes" >> $config_host_mak
fi
if test "$iovec" = "yes" ; then
echo "CONFIG_IOVEC=y" >> $config_host_mak
fi
if test "$preadv" = "yes" ; then
echo "CONFIG_PREADV=y" >> $config_host_mak
fi
if test "$fdt" = "yes" ; then
echo "CONFIG_FDT=y" >> $config_host_mak
fi
if test "$signalfd" = "yes" ; then
echo "CONFIG_SIGNALFD=y" >> $config_host_mak
fi
if test "$tcg_interpreter" = "yes" ; then
echo "CONFIG_TCG_INTERPRETER=y" >> $config_host_mak
fi
if test "$fdatasync" = "yes" ; then
echo "CONFIG_FDATASYNC=y" >> $config_host_mak
fi
Introduce qemu_madvise() vl.c has a Sun-specific hack to supply a prototype for madvise(), but the call site has apparently moved to arch_init.c. Haiku doesn't implement madvise() in favor of posix_madvise(). OpenBSD and Solaris 10 don't implement posix_madvise() but madvise(). MinGW implements neither. Check for madvise() and posix_madvise() in configure and supply qemu_madvise() as wrapper. Prefer madvise() over posix_madvise() due to flag availability. Convert all callers to use qemu_madvise() and QEMU_MADV_*. Note that on Solaris the warning is fixed by moving the madvise() prototype, not by qemu_madvise() itself. It helps with porting though, and it simplifies most call sites. v7 -> v8: * Some versions of MinGW have no sys/mman.h header. Reported by Blue Swirl. v6 -> v7: * Adopt madvise() rather than posix_madvise() semantics for returning errors. * Use EINVAL in place of ENOTSUP. v5 -> v6: * Replace two leftover instances of POSIX_MADV_NORMAL with QEMU_MADV_INVALID. Spotted by Blue Swirl. v4 -> v5: * Introduce QEMU_MADV_INVALID, suggested by Alexander Graf. Note that this relies on -1 not being a valid advice value. v3 -> v4: * Eliminate #ifdefs at qemu_advise() call sites. Requested by Blue Swirl. This will currently break the check in kvm-all.c by calling madvise() with a supported flag, which will not fail. Ideas/patches welcome. v2 -> v3: * Reuse the *_MADV_* defines for QEMU_MADV_*. Suggested by Alexander Graf. * Add configure check for madvise(), too. Add defines to Makefile, not QEMU_CFLAGS. Convert all callers, untested. Suggested by Blue Swirl. * Keep Solaris' madvise() prototype around. Pointed out by Alexander Graf. * Display configure check results. v1 -> v2: * Don't rely on posix_madvise() availability, add qemu_madvise(). Suggested by Blue Swirl. Signed-off-by: Andreas Färber <afaerber@opensolaris.org> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Alexander Graf <agraf@suse.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-09-25 11:26:05 +00:00
if test "$madvise" = "yes" ; then
echo "CONFIG_MADVISE=y" >> $config_host_mak
fi
if test "$posix_madvise" = "yes" ; then
echo "CONFIG_POSIX_MADVISE=y" >> $config_host_mak
fi
if test "$sigev_thread_id" = "yes" ; then
echo "CONFIG_SIGEV_THREAD_ID=y" >> $config_host_mak
fi
2010-03-24 10:26:51 +01:00
if test "$spice" = "yes" ; then
echo "CONFIG_SPICE=y" >> $config_host_mak
fi
usb-ccid: add CCID bus A CCID device is a smart card reader. It is a USB device, defined at [1]. This patch introduces the usb-ccid device that is a ccid bus. Next patches will introduce two card types to use it, a passthru card and an emulated card. [1] http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110. Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v20->v21: (Jes Sorenson review) * cosmetic changes - fix multi line comments. * reorder fields in USBCCIDState * add reference to COPYING * add --enable-smartcard and --disable-smartcard here (moved from last patch) changes from v19->v20: * checkpatch.pl changes from v18->v19: * merged: ccid.h: add copyright, fix define and remove non C89 comments * add qdev.desc changes from v15->v16: Behavioral changes: * fix abort on client answer after card remove * enable migration * remove side affect code from asserts * return consistent self-powered state * mask out reserved bits in ccid_set_parameters * add missing abRFU in SetParameters (no affect on linux guest) whitefixes / comments / consts defines: * remove stale comment * remove ccid_print_pending_answers if no DEBUG_CCID * replace printf's with DPRINTF, remove DEBUG_CCID, add verbosity defines * use error_report * update copyright (most of the code is not original) * reword known bug comment * add missing closing quote in comment * add missing whitespace on one line * s/CCID_SetParameter/CCID_SetParameters/ * add comments * use define for max packet size Comment for "return consistent self-powered state": the Configuration Descriptor bmAttributes claims we are self powered, but we were returning not self powered to USB_REQ_GET_STATUS control message. In practice, this message is not sent by a linux 2.6.35.10-74.fc14.x86_64 guest (not tested on other guests), unless you issue lsusb -v as root (for example).
2010-10-17 11:40:07 +02:00
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
if test "$smartcard_nss" = "yes" ; then
echo "CONFIG_SMARTCARD_NSS=y" >> $config_host_mak
echo "libcacard_libs=$libcacard_libs" >> $config_host_mak
echo "libcacard_cflags=$libcacard_cflags" >> $config_host_mak
libcacard: initial commit libcacard emulates a Common Access Card (CAC) which is a standard for smartcards. It is used by the emulated ccid card introduced in a following patch. Docs are available in docs/libcacard.txt Signed-off-by: Alon Levy <alevy@redhat.com> --- changes from v24->v25: * Fix out of tree builds. * Fix build with linux-user targets. changes from v23->v24: (Jes Sorensen review 2) * Makefile.target: use obj-$(CONFIG_*) += * remove unrequired includes, include qemu-common before qemu-thread * required adding #define NO_NSPR_10_SUPPORT (harmless) changes from v22->v23: * configure fixes: (reported by Stefan Hajnoczi) * test a = b, not a == b (second isn't portable) * quote $source_path in case it contains spaces - this doesn't really help since there are many other places that need similar fixes, not introduced by this patch. changes from v21->v22: * fix configure to not link libcacard if nss not found (reported by Stefan Hajnoczi) * fix vscclient linkage with simpletrace backend (reported by Stefan Hajnoczi) * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND (reported by William van de Velde) changes from v20->v21: (Jes Sorensen review) * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc and qemu_free), error_report * assert instead of ASSERT * cosmetic fixes * use strpbrk and isspace * add --disable-nss --enable-nss here, instead of in the final patch. * split vscclient, passthru and docs to following patches. changes from v19->v20: * checkpatch.pl changes from v15->v16: Build: * don't erase self with distclean * fix make clean after make distclean * Makefile: make vscclient link quiet Behavioral: * vcard_emul_nss: load coolkey in more situations * vscclient: * use hton,ntoh * send init on connect, only start vevent thread on response * read payload after header check, before type switch * remove Reconnect * update for vscard_common changes, empty Flush implementation Style/Whitespace: * fix wrong variable usage * remove unused variable * use only C style comments * add copyright header * fix tabulation Signed-off-by: Alon Levy <alevy@redhat.com> libcacard: fix out of tree builds
2010-11-28 16:36:38 +02:00
fi
if test "$libusb" = "yes" ; then
echo "CONFIG_USB_LIBUSB=y" >> $config_host_mak
fi
if test "$usb_redir" = "yes" ; then
echo "CONFIG_USB_REDIR=y" >> $config_host_mak
fi
if test "$glx" = "yes" ; then
echo "CONFIG_GLX=y" >> $config_host_mak
echo "GLX_LIBS=$glx_libs" >> $config_host_mak
fi
iSCSI block driver This provides built-in support for iSCSI to QEMU. This has the advantage that the iSCSI devices need not be made visible to the host, which is useful if you have very many virtual machines and very many iscsi devices. It also has the benefit that non-root users of QEMU can access iSCSI devices across the network without requiring root privilege on the host. This driver interfaces with the multiplatform posix library for iscsi initiator/client access to iscsi devices hosted at git://github.com/sahlberg/libiscsi.git The patch adds the driver to interface with the iscsi library. It also updated the configure script to * by default, probe is libiscsi is available and if so, build qemu against libiscsi. * --enable-libiscsi Force a build against libiscsi. If libiscsi is not available the build will fail. * --disable-libiscsi Do not link against libiscsi, even if it is available. When linked with libiscsi, qemu gains support to access iscsi resources such as disks and cdrom directly, without having to make the devices visible to the host. You can specify devices using a iscsi url of the form : iscsi://[<username>[:<password>@]]<host>[:<port]/<target-iqn-name>/<lun> When using authentication, the password can optionally be set with LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-25 19:24:24 +11:00
if test "$libiscsi" = "yes" ; then
echo "CONFIG_LIBISCSI=y" >> $config_host_mak
fi
if test "$seccomp" = "yes"; then
echo "CONFIG_SECCOMP=y" >> $config_host_mak
fi
# XXX: suppress that
if [ "$bsd" = "yes" ] ; then
echo "CONFIG_BSD=y" >> $config_host_mak
fi
echo "CONFIG_UNAME_RELEASE=\"$uname_release\"" >> $config_host_mak
if test "$zero_malloc" = "yes" ; then
echo "CONFIG_ZERO_MALLOC=y" >> $config_host_mak
fi
if test "$qom_cast_debug" = "yes" ; then
echo "CONFIG_QOM_CAST_DEBUG=y" >> $config_host_mak
fi
if test "$rbd" = "yes" ; then
echo "CONFIG_RBD=y" >> $config_host_mak
fi
echo "CONFIG_COROUTINE_BACKEND=$coroutine" >> $config_host_mak
if test "$open_by_handle_at" = "yes" ; then
echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak
fi
if test "$linux_magic_h" = "yes" ; then
echo "CONFIG_LINUX_MAGIC_H=y" >> $config_host_mak
fi
if test "$pragma_diagnostic_available" = "yes" ; then
echo "CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE=y" >> $config_host_mak
fi
if test "$valgrind_h" = "yes" ; then
echo "CONFIG_VALGRIND_H=y" >> $config_host_mak
fi
if test "$has_environ" = "yes" ; then
echo "CONFIG_HAS_ENVIRON=y" >> $config_host_mak
fi
if test "$cpuid_h" = "yes" ; then
echo "CONFIG_CPUID_H=y" >> $config_host_mak
fi
if test "$int128" = "yes" ; then
echo "CONFIG_INT128=y" >> $config_host_mak
fi
if test "$getauxval" = "yes" ; then
echo "CONFIG_GETAUXVAL=y" >> $config_host_mak
fi
if test "$glusterfs" = "yes" ; then
echo "CONFIG_GLUSTERFS=y" >> $config_host_mak
fi
if test "$glusterfs_discard" = "yes" ; then
echo "CONFIG_GLUSTERFS_DISCARD=y" >> $config_host_mak
fi
if test "$libssh2" = "yes" ; then
echo "CONFIG_LIBSSH2=y" >> $config_host_mak
fi
if test "$virtio_blk_data_plane" = "yes" ; then
echo 'CONFIG_VIRTIO_BLK_DATA_PLANE=$(CONFIG_VIRTIO)' >> $config_host_mak
fi
# USB host support
case "$usb" in
linux)
echo "HOST_USB=linux legacy" >> $config_host_mak
;;
bsd)
echo "HOST_USB=bsd" >> $config_host_mak
;;
libusb)
if test "$linux" = "yes"; then
echo "HOST_USB=libusb linux legacy" >> $config_host_mak
else
echo "HOST_USB=libusb legacy" >> $config_host_mak
fi
;;
*)
echo "HOST_USB=stub" >> $config_host_mak
;;
esac
# TPM passthrough support?
if test "$tpm" = "yes"; then
echo 'CONFIG_TPM=$(CONFIG_SOFTMMU)' >> $config_host_mak
if test "$tpm_passthrough" = "yes"; then
echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak
fi
fi
# use default implementation for tracing backend-specific routines
trace_default=yes
echo "TRACE_BACKEND=$trace_backend" >> $config_host_mak
if test "$trace_backend" = "nop"; then
echo "CONFIG_TRACE_NOP=y" >> $config_host_mak
fi
if test "$trace_backend" = "simple"; then
echo "CONFIG_TRACE_SIMPLE=y" >> $config_host_mak
trace_default=no
# Set the appropriate trace file.
trace_file="\"$trace_file-\" FMT_pid"
fi
if test "$trace_backend" = "stderr"; then
echo "CONFIG_TRACE_STDERR=y" >> $config_host_mak
trace_default=no
fi
if test "$trace_backend" = "ust"; then
echo "CONFIG_TRACE_UST=y" >> $config_host_mak
fi
if test "$trace_backend" = "dtrace"; then
echo "CONFIG_TRACE_DTRACE=y" >> $config_host_mak
if test "$trace_backend_stap" = "yes" ; then
echo "CONFIG_TRACE_SYSTEMTAP=y" >> $config_host_mak
fi
fi
if test "$trace_backend" = "ftrace"; then
if test "$linux" = "yes" ; then
echo "CONFIG_TRACE_FTRACE=y" >> $config_host_mak
trace_default=no
else
feature_not_found "ftrace(trace backend)"
fi
fi
echo "CONFIG_TRACE_FILE=$trace_file" >> $config_host_mak
if test "$trace_default" = "yes"; then
echo "CONFIG_TRACE_DEFAULT=y" >> $config_host_mak
fi
if test "$rdma" = "yes" ; then
echo "CONFIG_RDMA=y" >> $config_host_mak
fi
if test "$tcg_interpreter" = "yes"; then
QEMU_INCLUDES="-I\$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
elif test "$ARCH" = "sparc64" ; then
QEMU_INCLUDES="-I\$(SRC_PATH)/tcg/sparc $QEMU_INCLUDES"
elif test "$ARCH" = "s390x" ; then
QEMU_INCLUDES="-I\$(SRC_PATH)/tcg/s390 $QEMU_INCLUDES"
elif test "$ARCH" = "x86_64" ; then
QEMU_INCLUDES="-I\$(SRC_PATH)/tcg/i386 $QEMU_INCLUDES"
else
QEMU_INCLUDES="-I\$(SRC_PATH)/tcg/\$(ARCH) $QEMU_INCLUDES"
fi
QEMU_INCLUDES="-I\$(SRC_PATH)/tcg $QEMU_INCLUDES"
echo "TOOLS=$tools" >> $config_host_mak
echo "ROMS=$roms" >> $config_host_mak
echo "MAKE=$make" >> $config_host_mak
echo "INSTALL=$install" >> $config_host_mak
echo "INSTALL_DIR=$install -d -m 0755" >> $config_host_mak
echo "INSTALL_DATA=$install -c -m 0644" >> $config_host_mak
if test -n "$libtool"; then
echo "INSTALL_PROG=\$(LIBTOOL) --mode=install $install -c -m 0755" >> $config_host_mak
echo "INSTALL_LIB=\$(LIBTOOL) --mode=install $install -c -m 0644" >> $config_host_mak
else
echo "INSTALL_PROG=$install -c -m 0755" >> $config_host_mak
echo "INSTALL_LIB=$install -c -m 0644" >> $config_host_mak
fi
echo "PYTHON=$python" >> $config_host_mak
echo "CC=$cc" >> $config_host_mak
echo "CC_I386=$cc_i386" >> $config_host_mak
echo "HOST_CC=$host_cc" >> $config_host_mak
echo "OBJCC=$objcc" >> $config_host_mak
echo "AR=$ar" >> $config_host_mak
echo "AS=$as" >> $config_host_mak
echo "CPP=$cpp" >> $config_host_mak
echo "OBJCOPY=$objcopy" >> $config_host_mak
echo "LD=$ld" >> $config_host_mak
echo "WINDRES=$windres" >> $config_host_mak
echo "LIBTOOL=$libtool" >> $config_host_mak
echo "CFLAGS=$CFLAGS" >> $config_host_mak
echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
echo "QEMU_INCLUDES=$QEMU_INCLUDES" >> $config_host_mak
if test "$sparse" = "yes" ; then
echo "CC := REAL_CC=\"\$(CC)\" cgcc" >> $config_host_mak
echo "HOST_CC := REAL_CC=\"\$(HOST_CC)\" cgcc" >> $config_host_mak
echo "QEMU_CFLAGS += -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-non-pointer-null" >> $config_host_mak
fi
if test "$cross_prefix" != ""; then
echo "AUTOCONF_HOST := --host=${cross_prefix%-}" >> $config_host_mak
else
echo "AUTOCONF_HOST := " >> $config_host_mak
fi
echo "LDFLAGS=$LDFLAGS" >> $config_host_mak
echo "LIBTOOLFLAGS=$LIBTOOLFLAGS" >> $config_host_mak
echo "LIBS+=$LIBS" >> $config_host_mak
echo "LIBS_TOOLS+=$libs_tools" >> $config_host_mak
echo "EXESUF=$EXESUF" >> $config_host_mak
echo "LIBS_QGA+=$libs_qga" >> $config_host_mak
echo "POD2MAN=$POD2MAN" >> $config_host_mak
echo "TRANSLATE_OPT_CFLAGS=$TRANSLATE_OPT_CFLAGS" >> $config_host_mak
if test "$gcov" = "yes" ; then
echo "CONFIG_GCOV=y" >> $config_host_mak
echo "GCOV=$gcov_tool" >> $config_host_mak
fi
# use included Linux headers
if test "$linux" = "yes" ; then
mkdir -p linux-headers
case "$cpu" in
i386|x86_64)
linux_arch=x86
;;
ppcemb|ppc|ppc64)
linux_arch=powerpc
;;
s390x)
linux_arch=s390
;;
aarch64)
linux_arch=arm64
;;
*)
# For most CPUs the kernel architecture name and QEMU CPU name match.
linux_arch="$cpu"
;;
esac
# For non-KVM architectures we will not have asm headers
if [ -e "$source_path/linux-headers/asm-$linux_arch" ]; then
symlink "$source_path/linux-headers/asm-$linux_arch" linux-headers/asm
fi
fi
for target in $target_list; do
target_dir="$target"
config_target_mak=$target_dir/config-target.mak
target_name=`echo $target | cut -d '-' -f 1`
target_bigendian="no"
case "$target_name" in
armeb|lm32|m68k|microblaze|mips|mipsn32|mips64|moxie|or32|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)
target_bigendian=yes
;;
esac
target_softmmu="no"
target_user_only="no"
target_linux_user="no"
target_bsd_user="no"
case "$target" in
${target_name}-softmmu)
target_softmmu="yes"
;;
${target_name}-linux-user)
if test "$linux" != "yes" ; then
error_exit "Target '$target' is only available on a Linux host"
fi
target_user_only="yes"
target_linux_user="yes"
;;
${target_name}-bsd-user)
if test "$bsd" != "yes" ; then
error_exit "Target '$target' is only available on a BSD host"
fi
target_user_only="yes"
target_bsd_user="yes"
;;
*)
error_exit "Target '$target' not recognised"
exit 1
;;
esac
mkdir -p $target_dir
echo "# Automatically generated by configure - do not modify" > $config_target_mak
bflt="no"
interp_prefix1=`echo "$interp_prefix" | sed "s/%M/$target_name/g"`
gdb_xml_files=""
TARGET_ARCH="$target_name"
TARGET_BASE_ARCH=""
TARGET_ABI_DIR=""
case "$target_name" in
i386)
;;
x86_64)
TARGET_BASE_ARCH=i386
;;
alpha)
;;
arm|armeb)
TARGET_ARCH=arm
bflt="yes"
gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"
;;
cris)
;;
lm32)
;;
m68k)
bflt="yes"
gdb_xml_files="cf-core.xml cf-fp.xml"
;;
microblaze|microblazeel)
TARGET_ARCH=microblaze
bflt="yes"
;;
mips|mipsel)
TARGET_ARCH=mips
echo "TARGET_ABI_MIPSO32=y" >> $config_target_mak
;;
mipsn32|mipsn32el)
TARGET_ARCH=mips64
TARGET_BASE_ARCH=mips
echo "TARGET_ABI_MIPSN32=y" >> $config_target_mak
echo "TARGET_ABI32=y" >> $config_target_mak
;;
mips64|mips64el)
TARGET_ARCH=mips64
TARGET_BASE_ARCH=mips
echo "TARGET_ABI_MIPSN64=y" >> $config_target_mak
;;
moxie)
;;
or32)
TARGET_ARCH=openrisc
TARGET_BASE_ARCH=openrisc
;;
ppc)
gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
;;
ppcemb)
TARGET_BASE_ARCH=ppc
TARGET_ABI_DIR=ppc
gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
;;
ppc64)
TARGET_BASE_ARCH=ppc
TARGET_ABI_DIR=ppc
gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
;;
ppc64abi32)
TARGET_ARCH=ppc64
TARGET_BASE_ARCH=ppc
TARGET_ABI_DIR=ppc
echo "TARGET_ABI32=y" >> $config_target_mak
gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml"
;;
sh4|sh4eb)
TARGET_ARCH=sh4
bflt="yes"
;;
sparc)
;;
sparc64)
TARGET_BASE_ARCH=sparc
;;
sparc32plus)
TARGET_ARCH=sparc64
TARGET_BASE_ARCH=sparc
TARGET_ABI_DIR=sparc
echo "TARGET_ABI32=y" >> $config_target_mak
;;
s390x)
;;
unicore32)
;;
xtensa|xtensaeb)
TARGET_ARCH=xtensa
;;
*)
error_exit "Unsupported target CPU"
;;
esac
# TARGET_BASE_ARCH needs to be defined after TARGET_ARCH
if [ "$TARGET_BASE_ARCH" = "" ]; then
TARGET_BASE_ARCH=$TARGET_ARCH
fi
symlink "$source_path/Makefile.target" "$target_dir/Makefile"
upper() {
echo "$@"| LC_ALL=C tr '[a-z]' '[A-Z]'
}
target_arch_name="`upper $TARGET_ARCH`"
echo "TARGET_$target_arch_name=y" >> $config_target_mak
echo "TARGET_NAME=$target_name" >> $config_target_mak
echo "TARGET_BASE_ARCH=$TARGET_BASE_ARCH" >> $config_target_mak
if [ "$TARGET_ABI_DIR" = "" ]; then
TARGET_ABI_DIR=$TARGET_ARCH
fi
echo "TARGET_ABI_DIR=$TARGET_ABI_DIR" >> $config_target_mak
case "$target_name" in
i386|x86_64)
if test "$xen" = "yes" -a "$target_softmmu" = "yes" ; then
echo "CONFIG_XEN=y" >> $config_target_mak
if test "$xen_pci_passthrough" = yes; then
echo "CONFIG_XEN_PCI_PASSTHROUGH=y" >> "$config_target_mak"
fi
fi
;;
*)
esac
case "$target_name" in
arm|i386|x86_64|ppcemb|ppc|ppc64|s390x)
# Make sure the target and host cpus are compatible
if test "$kvm" = "yes" -a "$target_softmmu" = "yes" -a \
\( "$target_name" = "$cpu" -o \
\( "$target_name" = "ppcemb" -a "$cpu" = "ppc" \) -o \
\( "$target_name" = "ppc64" -a "$cpu" = "ppc" \) -o \
\( "$target_name" = "ppc" -a "$cpu" = "ppc64" \) -o \
\( "$target_name" = "ppcemb" -a "$cpu" = "ppc64" \) -o \
\( "$target_name" = "x86_64" -a "$cpu" = "i386" \) -o \
\( "$target_name" = "i386" -a "$cpu" = "x86_64" \) \) ; then
echo "CONFIG_KVM=y" >> $config_target_mak
if test "$vhost_net" = "yes" ; then
echo "CONFIG_VHOST_NET=y" >> $config_target_mak
fi
fi
esac
if test "$target_bigendian" = "yes" ; then
echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
fi
if test "$target_softmmu" = "yes" ; then
echo "CONFIG_SOFTMMU=y" >> $config_target_mak
fi
if test "$target_user_only" = "yes" ; then
echo "CONFIG_USER_ONLY=y" >> $config_target_mak
echo "CONFIG_QEMU_INTERP_PREFIX=\"$interp_prefix1\"" >> $config_target_mak
fi
if test "$target_linux_user" = "yes" ; then
echo "CONFIG_LINUX_USER=y" >> $config_target_mak
fi
list=""
if test ! -z "$gdb_xml_files" ; then
for x in $gdb_xml_files; do
list="$list $source_path/gdb-xml/$x"
done
echo "TARGET_XML_FILES=$list" >> $config_target_mak
fi
if test "$target_user_only" = "yes" -a "$bflt" = "yes"; then
echo "TARGET_HAS_BFLT=y" >> $config_target_mak
fi
if test "$target_user_only" = "yes" -a "$guest_base" = "yes"; then
echo "CONFIG_USE_GUEST_BASE=y" >> $config_target_mak
fi
if test "$target_bsd_user" = "yes" ; then
echo "CONFIG_BSD_USER=y" >> $config_target_mak
fi
# generate QEMU_CFLAGS/LDFLAGS for targets
cflags=""
ldflags=""
for i in $ARCH $TARGET_BASE_ARCH ; do
case "$i" in
alpha)
echo "CONFIG_ALPHA_DIS=y" >> $config_target_mak
echo "CONFIG_ALPHA_DIS=y" >> config-all-disas.mak
;;
arm)
echo "CONFIG_ARM_DIS=y" >> $config_target_mak
echo "CONFIG_ARM_DIS=y" >> config-all-disas.mak
;;
cris)
echo "CONFIG_CRIS_DIS=y" >> $config_target_mak
echo "CONFIG_CRIS_DIS=y" >> config-all-disas.mak
;;
hppa)
echo "CONFIG_HPPA_DIS=y" >> $config_target_mak
echo "CONFIG_HPPA_DIS=y" >> config-all-disas.mak
;;
i386|x86_64)
echo "CONFIG_I386_DIS=y" >> $config_target_mak
echo "CONFIG_I386_DIS=y" >> config-all-disas.mak
;;
ia64*)
echo "CONFIG_IA64_DIS=y" >> $config_target_mak
echo "CONFIG_IA64_DIS=y" >> config-all-disas.mak
;;
lm32)
echo "CONFIG_LM32_DIS=y" >> $config_target_mak
echo "CONFIG_LM32_DIS=y" >> config-all-disas.mak
;;
m68k)
echo "CONFIG_M68K_DIS=y" >> $config_target_mak
echo "CONFIG_M68K_DIS=y" >> config-all-disas.mak
;;
microblaze*)
echo "CONFIG_MICROBLAZE_DIS=y" >> $config_target_mak
echo "CONFIG_MICROBLAZE_DIS=y" >> config-all-disas.mak
;;
mips*)
echo "CONFIG_MIPS_DIS=y" >> $config_target_mak
echo "CONFIG_MIPS_DIS=y" >> config-all-disas.mak
;;
moxie*)
echo "CONFIG_MOXIE_DIS=y" >> $config_target_mak
echo "CONFIG_MOXIE_DIS=y" >> config-all-disas.mak
;;
or32)
echo "CONFIG_OPENRISC_DIS=y" >> $config_target_mak
echo "CONFIG_OPENRISC_DIS=y" >> config-all-disas.mak
;;
ppc*)
echo "CONFIG_PPC_DIS=y" >> $config_target_mak
echo "CONFIG_PPC_DIS=y" >> config-all-disas.mak
;;
s390*)
echo "CONFIG_S390_DIS=y" >> $config_target_mak
echo "CONFIG_S390_DIS=y" >> config-all-disas.mak
;;
sh4)
echo "CONFIG_SH4_DIS=y" >> $config_target_mak
echo "CONFIG_SH4_DIS=y" >> config-all-disas.mak
;;
sparc*)
echo "CONFIG_SPARC_DIS=y" >> $config_target_mak
echo "CONFIG_SPARC_DIS=y" >> config-all-disas.mak
;;
xtensa*)
echo "CONFIG_XTENSA_DIS=y" >> $config_target_mak
echo "CONFIG_XTENSA_DIS=y" >> config-all-disas.mak
;;
esac
done
if test "$tcg_interpreter" = "yes" ; then
echo "CONFIG_TCI_DIS=y" >> $config_target_mak
echo "CONFIG_TCI_DIS=y" >> config-all-disas.mak
fi
case "$ARCH" in
alpha)
# Ensure there's only a single GP
cflags="-msmall-data $cflags"
;;
esac
if test "$gprof" = "yes" ; then
echo "TARGET_GPROF=yes" >> $config_target_mak
if test "$target_linux_user" = "yes" ; then
cflags="-p $cflags"
ldflags="-p $ldflags"
fi
if test "$target_softmmu" = "yes" ; then
ldflags="-p $ldflags"
echo "GPROF_CFLAGS=-p" >> $config_target_mak
fi
fi
if test "$target_linux_user" = "yes" -o "$target_bsd_user" = "yes" ; then
ldflags="$ldflags $textseg_ldflags"
fi
echo "LDFLAGS+=$ldflags" >> $config_target_mak
echo "QEMU_CFLAGS+=$cflags" >> $config_target_mak
done # for target in $targets
if [ "$pixman" = "internal" ]; then
echo "config-host.h: subdir-pixman" >> $config_host_mak
fi
if test "$rdma" = "yes" ; then
echo "CONFIG_RDMA=y" >> $config_host_mak
fi
if [ "$dtc_internal" = "yes" ]; then
echo "config-host.h: subdir-dtc" >> $config_host_mak
fi
# build tree in object directory in case the source is not in the current directory
DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32 tests/libqos tests/qapi-schema tests/tcg/xtensa"
DIRS="$DIRS pc-bios/optionrom pc-bios/spapr-rtas pc-bios/s390-ccw"
DIRS="$DIRS roms/seabios roms/vgabios"
DIRS="$DIRS qapi-generated"
FILES="Makefile tests/tcg/Makefile qdict-test-data.txt"
FILES="$FILES tests/tcg/cris/Makefile tests/tcg/cris/.gdbinit"
FILES="$FILES tests/tcg/lm32/Makefile tests/tcg/xtensa/Makefile po/Makefile"
FILES="$FILES pc-bios/optionrom/Makefile pc-bios/keymaps"
FILES="$FILES pc-bios/spapr-rtas/Makefile"
FILES="$FILES pc-bios/s390-ccw/Makefile"
FILES="$FILES roms/seabios/Makefile roms/vgabios/Makefile"
FILES="$FILES pc-bios/qemu-icon.bmp"
for bios_file in \
$source_path/pc-bios/*.bin \
$source_path/pc-bios/*.aml \
$source_path/pc-bios/*.rom \
$source_path/pc-bios/*.dtb \
$source_path/pc-bios/*.img \
$source_path/pc-bios/openbios-* \
$source_path/pc-bios/palcode-*
do
FILES="$FILES pc-bios/`basename $bios_file`"
done
mkdir -p $DIRS
for f in $FILES ; do
if [ -e "$source_path/$f" ] && [ "$source_path" != `pwd` ]; then
symlink "$source_path/$f" "$f"
fi
done
# temporary config to build submodules
for rom in seabios vgabios ; do
config_mak=roms/$rom/config.mak
echo "# Automatically generated by configure - do not modify" > $config_mak
echo "SRC_PATH=$source_path/roms/$rom" >> $config_mak
echo "AS=$as" >> $config_mak
echo "CC=$cc" >> $config_mak
echo "BCC=bcc" >> $config_mak
echo "CPP=$cpp" >> $config_mak
echo "OBJCOPY=objcopy" >> $config_mak
echo "IASL=iasl" >> $config_mak
echo "LD=$ld" >> $config_mak
done
if test "$docs" = "yes" ; then
mkdir -p QMP
fi