debian/rules: Build shim separately

author Ian Jackson <iwj@barriere.debian.org>

Fri, 12 Oct 2018 16:16:12 +0000 (16:16 +0000)

committer Hans van Kranenburg <hans@knorrie.org>

Wed, 2 Jan 2019 19:59:36 +0000 (20:59 +0100)
author Ian Jackson <iwj@barriere.debian.org>
Fri, 12 Oct 2018 16:16:12 +0000 (16:16 +0000)
committer Hans van Kranenburg <hans@knorrie.org>
Wed, 2 Jan 2019 19:59:36 +0000 (20:59 +0100)
diff --git a/debian/rules b/debian/rules

index af5d692eafa15eb011ce5a2b00e1bc11a4c45cc5..b91a59560b0fbbf98bd9c667002d1959139b4d47 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -188,9 +188,20 @@ override_dh_auto_configure:
                 --enable-ovmf --with-system-ovmf=/usr/share/ovmf/OVMF.fd \
                 --with-system-seabios=/usr/share/seabios/bios-256k.bin
  
+# tools/firmware/xen-dir is the `shim' used for booting PV guests
+# in an HVM container, for security (particularly, for meltdown/spectre
+# mitigation).  It's actually a hypervisor.  On i386 it is not built
+# by `make tools' because run that with XEN_COMPILE_ARCH=x86_32 which
+# is no longer a supported hypervisor architecture.  And we want to
+# build it with $(make_args_xen) not $(make_args_tools).  So do it
+# separately.
  override_dh_auto_build:
         $(MAKE) $(make_args_xen) xen
-       $(MAKE) $(make_args_tools) tools docs
+       $(MAKE) $(make_args_tools) tools docs CONFIG_PV_SHIM=n
+       case $(flavour) in \
+       amd64|i386) \
+               $(MAKE) $(make_args_xen) -C tools/firmware/xen-dir ;; \
+       esac
         touch debian/xen-tools-built.stamp
  
  # We keep the amount of fixup and messing about with debian/tmp/
author	Ian Jackson <iwj@barriere.debian.org>
	Fri, 12 Oct 2018 16:16:12 +0000 (16:16 +0000)
committer	Hans van Kranenburg <hans@knorrie.org>
	Wed, 2 Jan 2019 19:59:36 +0000 (20:59 +0100)