b/ci: update build container to Fedora 35
Fedora 32 is EOL since over half a year, update to the current stable
Fedora release.
toolchains: adds clang as it's no longer part of the llvm package,
changes toolchain path references to GCC 11, and rebuilds the sysroot.
edk2: update to latest stable (old version cannot build with a newer
minor version of Python 3) and patch to disable -Werror and make the
newer included Brotli version work as it natively includes BUILD
files which need to be patched out to make the source files accessible.
linux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as
otherwise the .notes section gets emitted with broken alignment.
m/t/launch: RunMicroVM is broken if SerialPort is not set with newer
QEMU versions because fcntl(2) fails to interact with a broken file
descriptor. This is due to a confusion between nil interfaces and
interfaces containing a nil pointer causing Go to improperly pass the
file descriptor. Changing the type of SerialPort to the actual
interface resolves the issue.
Change-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3
Reviewed-on: https://review.monogon.dev/c/monogon/+/529
Reviewed-by: Leopold Schabel <leo@nexantic.com>
diff --git a/WORKSPACE b/WORKSPACE
index c9464b9..99d79b6 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -251,20 +251,6 @@
register_toolchains("//:host_python")
-# python dependencies. Currently we don't use Python, but some of our deps (ie. gvisor) do expect @pydeps// to exist, even
-# if it's not being used.
-
-load("@rules_python//python:pip.bzl", "pip_import")
-
-pip_import(
- name = "pydeps",
- requirements = "//third_party/py:requirements.txt",
-)
-
-load("@pydeps//:requirements.bzl", "pip_install")
-
-pip_install()
-
# same for gvisor/rules_docker.
http_archive(
diff --git a/build/ci/Dockerfile b/build/ci/Dockerfile
index dda3113..4272dd6 100644
--- a/build/ci/Dockerfile
+++ b/build/ci/Dockerfile
@@ -1,10 +1,11 @@
-FROM fedora:32
+FROM fedora:35
RUN dnf -y upgrade && \
dnf -y install \
"@Development Tools" \
g++ \
llvm \
+ clang \
lld \
libuuid-devel \
python3 \
diff --git a/build/toolchain/cc_toolchain_config.bzl b/build/toolchain/cc_toolchain_config.bzl
index 5aeb270..7647021 100644
--- a/build/toolchain/cc_toolchain_config.bzl
+++ b/build/toolchain/cc_toolchain_config.bzl
@@ -195,7 +195,7 @@
"is_glibc": attr.bool(default = True),
"host_includes": attr.string_list(
default = [
- "/usr/lib/gcc/x86_64-redhat-linux/10/include/",
+ "/usr/lib/gcc/x86_64-redhat-linux/11/include/",
"/usr/include",
],
),
diff --git a/build/toolchain/musl-host-gcc/sysroot.tar.xz b/build/toolchain/musl-host-gcc/sysroot.tar.xz
index 6cfd0e6..dd14fcc 100644
--- a/build/toolchain/musl-host-gcc/sysroot.tar.xz
+++ b/build/toolchain/musl-host-gcc/sysroot.tar.xz
Binary files differ
diff --git a/build/toolchain/musl-host-gcc/sysroot/tarball.bzl b/build/toolchain/musl-host-gcc/sysroot/tarball.bzl
index 14b7bbd..c0631f8 100644
--- a/build/toolchain/musl-host-gcc/sysroot/tarball.bzl
+++ b/build/toolchain/musl-host-gcc/sysroot/tarball.bzl
@@ -34,7 +34,7 @@
linux_headers = ctx.file.linux_headers
linux_headers_path = linux_headers.path
- compiler_headers_path = "lib/gcc/x86_64-redhat-linux/10/include"
+ compiler_headers_path = "lib/gcc/x86_64-redhat-linux/11/include"
musl_root = detect_root(ctx.attr.musl)
musl_files = ctx.files.musl
diff --git a/metropolis/test/launch/launch.go b/metropolis/test/launch/launch.go
index 4a4c803..219e787 100644
--- a/metropolis/test/launch/launch.go
+++ b/metropolis/test/launch/launch.go
@@ -22,6 +22,7 @@
"context"
"errors"
"fmt"
+ "io"
"net"
"os"
"os/exec"
@@ -148,7 +149,7 @@
// port of the machine It can be set to an existing file descriptor (like
// os.Stdout/os.Stderr) or you can use NewSocketPair() to get one end to talk to
// from Go.
- SerialPort *os.File
+ SerialPort io.Writer
// ExtraChardevs can be used similar to SerialPort, but can contain an arbitrary
// number of additional serial ports
diff --git a/third_party/edk2/external.bzl b/third_party/edk2/external.bzl
index 6bb7325..975769c 100644
--- a/third_party/edk2/external.bzl
+++ b/third_party/edk2/external.bzl
@@ -20,8 +20,10 @@
new_git_repository(
name = name,
build_file = "//third_party/edk2/external:BUILD.repo",
- commit = "37eef91017ad042035090cae46557f9d6e2d5917",
- init_submodules = True,
+ commit = "b24306f15daa2ff8510b06702114724b33895d3c", # stable202202
+ recursive_init_submodules = True,
remote = "https://github.com/tianocore/edk2",
- shallow_since = "1567048229 +0800",
+ shallow_since = "1645456780 +0000",
+ patches = ["//third_party/edk2/patches:disable-werror.patch", "//third_party/edk2/patches:remove-brotli-build.patch"],
+ patch_args = ["-p1"],
)
diff --git a/third_party/edk2/external/BUILD.repo b/third_party/edk2/external/BUILD.repo
index 7911678..9faa930 100644
--- a/third_party/edk2/external/BUILD.repo
+++ b/third_party/edk2/external/BUILD.repo
@@ -1,6 +1,12 @@
genrule(
name = "firmware",
- srcs = glob(["**"]),
+ srcs = glob(
+ ["**"],
+ exclude = [
+ "CryptoPkg/Library/OpensslLib/openssl/boringssl/fuzz/*_corpus/**",
+ "CryptoPkg/Library/OpensslLib/openssl/fuzz/corpora/**",
+ ],
+ ),
outs = [
"OVMF_CODE.fd",
"OVMF_VARS.fd",
diff --git a/third_party/edk2/patches/BUILD b/third_party/edk2/patches/BUILD
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/third_party/edk2/patches/BUILD
diff --git a/third_party/edk2/patches/disable-werror.patch b/third_party/edk2/patches/disable-werror.patch
new file mode 100644
index 0000000..174b16a
--- /dev/null
+++ b/third_party/edk2/patches/disable-werror.patch
@@ -0,0 +1,137 @@
+From b206ad03bdbe5dab70cd11f2afa54dd06b6074b1 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@monogon.tech>
+Date: Mon, 7 Mar 2022 19:06:11 +0100
+Subject: [PATCH] Disable -Werror as it breaks newer compilers
+
+---
+ BaseTools/Conf/tools_def.template | 18 +++++++++---------
+ BaseTools/Source/C/Makefiles/header.makefile | 6 +++---
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 8 ++++----
+ .../Library/OpensslLib/OpensslLibCrypto.inf | 8 ++++----
+ 4 files changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
+index f2bb6247e8..ef1997187c 100755
+--- a/BaseTools/Conf/tools_def.template
++++ b/BaseTools/Conf/tools_def.template
+@@ -1867,7 +1867,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N
+ *_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
+ *_*_*_DTC_PATH = DEF(DTC_BIN)
+
+-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
++DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Wno-array-bounds -include AutoGen.h -fno-common
+ DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe
+ DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe
+ DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie
+@@ -1971,7 +1971,7 @@ DEFINE GCC5_ARM_ASLDLINK_FLAGS = DEF(GCC49_ARM_ASLDLINK_FLAGS)
+ DEFINE GCC5_AARCH64_ASLDLINK_FLAGS = DEF(GCC49_AARCH64_ASLDLINK_FLAGS)
+ DEFINE GCC5_ASLCC_FLAGS = DEF(GCC49_ASLCC_FLAGS) -fno-lto
+
+-DEFINE GCC5_RISCV_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings -msmall-data-limit=0
++DEFINE GCC5_RISCV_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings -msmall-data-limit=0
+ DEFINE GCC5_RISCV_ALL_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
+ DEFINE GCC5_RISCV_ALL_DLINK_FLAGS = DEF(GCC5_RISCV_ALL_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
+ DEFINE GCC5_RISCV_ALL_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
+@@ -2961,7 +2961,7 @@ NOOPT_CLANGDWARF_X64_DLINK2_FLAGS = DEF(CLANGDWARF_X64_DLINK2_FLAGS) -O0 -fu
+ ##################
+ # ASL definitions
+ ##################
+-*_XCODE5_*_ASLCC_FLAGS = -x c -save-temps -g -O0 -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -c -include AutoGen.h
++*_XCODE5_*_ASLCC_FLAGS = -x c -save-temps -g -O0 -fshort-wchar -fno-strict-aliasing -Wall -Wno-missing-braces -c -include AutoGen.h
+ *_XCODE5_*_ASLDLINK_FLAGS = -e _ReferenceAcpiTable -preload -segalign 0x20 -pie -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
+ *_XCODE5_*_ASLPP_FLAGS = -x c -E -include AutoGen.h
+ *_XCODE5_*_ASL_FLAGS =
+@@ -2989,9 +2989,9 @@ RELEASE_XCODE5_IA32_ASM_FLAGS = -arch i386
+ *_XCODE5_IA32_NASM_FLAGS = -f macho32
+
+
+- DEBUG_XCODE5_IA32_CC_FLAGS = -arch i386 -c -g -Os -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+-RELEASE_XCODE5_IA32_CC_FLAGS = -arch i386 -c -Os -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -Wno-unused-const-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+- NOOPT_XCODE5_IA32_CC_FLAGS = -arch i386 -c -g -O0 -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
++ DEBUG_XCODE5_IA32_CC_FLAGS = -arch i386 -c -g -Os -Wall -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
++RELEASE_XCODE5_IA32_CC_FLAGS = -arch i386 -c -Os -Wall -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -Wno-unused-const-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
++ NOOPT_XCODE5_IA32_CC_FLAGS = -arch i386 -c -g -O0 -Wall -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+
+ ##################
+ # X64 definitions
+@@ -3008,9 +3008,9 @@ RELEASE_XCODE5_X64_ASM_FLAGS = -arch x86_64
+ *_XCODE5_*_PP_FLAGS = -E -x assembler-with-cpp -include AutoGen.h
+ *_XCODE5_*_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE -include $(MODULE_NAME)StrDefs.h
+
+- DEBUG_XCODE5_X64_CC_FLAGS = -target x86_64-pc-win32-macho -c -g -gdwarf -Os -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
+- NOOPT_XCODE5_X64_CC_FLAGS = -target x86_64-pc-win32-macho -c -g -gdwarf -O0 -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
+-RELEASE_XCODE5_X64_CC_FLAGS = -target x86_64-pc-win32-macho -c -Os -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -Wno-unused-const-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
++ DEBUG_XCODE5_X64_CC_FLAGS = -target x86_64-pc-win32-macho -c -g -gdwarf -Os -Wall -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
++ NOOPT_XCODE5_X64_CC_FLAGS = -target x86_64-pc-win32-macho -c -g -gdwarf -O0 -Wall -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
++RELEASE_XCODE5_X64_CC_FLAGS = -target x86_64-pc-win32-macho -c -Os -Wall -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -Wno-unused-const-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
+
+ ####################################################################################
+ #
+diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
+index 0df728f327..49f9706b1d 100644
+--- a/BaseTools/Source/C/Makefiles/header.makefile
++++ b/BaseTools/Source/C/Makefiles/header.makefile
+@@ -82,17 +82,17 @@ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
+
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall \
+ -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
+ else
+ ifeq ($(CXX), llvm)
+ BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+--fno-delete-null-pointer-checks -Wall -Werror \
++-fno-delete-null-pointer-checks -Wall \
+ -Wno-deprecated-declarations -Wno-self-assign \
+ -Wno-unused-result -nostdlib -g
+ else
+ BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+--fno-delete-null-pointer-checks -Wall -Werror \
++-fno-delete-null-pointer-checks -Wall \
+ -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
+ -Wno-unused-result -nostdlib -g
+ endif
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+index d84bde056a..0638489866 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+@@ -611,11 +611,11 @@
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+
+ #
+- # Suppress the following build warnings in openssl so we don't break the build with -Werror
+- # -Werror=maybe-uninitialized: there exist some other paths for which the variable is not initialized.
+- # -Werror=format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
++ # Suppress the following build warnings in openssl so we don't break the build with
++ # =maybe-uninitialized: there exist some other paths for which the variable is not initialized.
++ # =format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
+ # types appropriate to the format string specified.
+- # -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
++ # =unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
+ #
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+index cdeed0d073..48ed8d23f7 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+@@ -560,11 +560,11 @@
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+
+ #
+- # Suppress the following build warnings in openssl so we don't break the build with -Werror
+- # -Werror=maybe-uninitialized: there exist some other paths for which the variable is not initialized.
+- # -Werror=format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
++ # Suppress the following build warnings in openssl so we don't break the build with
++ # =maybe-uninitialized: there exist some other paths for which the variable is not initialized.
++ # =format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
+ # types appropriate to the format string specified.
+- # -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
++ # =unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
+ #
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+--
+2.25.1
+
diff --git a/third_party/edk2/patches/remove-brotli-build.patch b/third_party/edk2/patches/remove-brotli-build.patch
new file mode 100644
index 0000000..153bcff
--- /dev/null
+++ b/third_party/edk2/patches/remove-brotli-build.patch
@@ -0,0 +1,301 @@
+--- a/BaseTools/Source/C/BrotliCompress/brotli/BUILD
++++ /dev/null
+@@ -1,147 +0,0 @@
+-# Description:
+-# Brotli is a generic-purpose lossless compression algorithm.
+-
+-load(":compiler_config_setting.bzl", "create_msvc_config")
+-
+-package(
+- default_visibility = ["//visibility:public"],
+-)
+-
+-licenses(["notice"]) # MIT
+-
+-exports_files(["LICENSE"])
+-
+-config_setting(
+- name = "darwin",
+- values = {"cpu": "darwin"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "darwin_x86_64",
+- values = {"cpu": "darwin_x86_64"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "windows",
+- values = {"cpu": "x64_windows"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "windows_msvc",
+- values = {"cpu": "x64_windows_msvc"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "windows_msys",
+- values = {"cpu": "x64_windows_msys"},
+- visibility = ["//visibility:public"],
+-)
+-
+-create_msvc_config()
+-
+-STRICT_C_OPTIONS = select({
+- ":msvc": [],
+- "//conditions:default": [
+- "--pedantic-errors",
+- "-Wall",
+- "-Wconversion",
+- "-Werror",
+- "-Wextra",
+- "-Wlong-long",
+- "-Wmissing-declarations",
+- "-Wmissing-prototypes",
+- "-Wno-strict-aliasing",
+- "-Wshadow",
+- "-Wsign-compare",
+- ],
+-})
+-
+-filegroup(
+- name = "public_headers",
+- srcs = glob(["c/include/brotli/*.h"]),
+-)
+-
+-filegroup(
+- name = "common_headers",
+- srcs = glob(["c/common/*.h"]),
+-)
+-
+-filegroup(
+- name = "common_sources",
+- srcs = glob(["c/common/*.c"]),
+-)
+-
+-filegroup(
+- name = "dec_headers",
+- srcs = glob(["c/dec/*.h"]),
+-)
+-
+-filegroup(
+- name = "dec_sources",
+- srcs = glob(["c/dec/*.c"]),
+-)
+-
+-filegroup(
+- name = "enc_headers",
+- srcs = glob(["c/enc/*.h"]),
+-)
+-
+-filegroup(
+- name = "enc_sources",
+- srcs = glob(["c/enc/*.c"]),
+-)
+-
+-cc_library(
+- name = "brotli_inc",
+- hdrs = [":public_headers"],
+- copts = STRICT_C_OPTIONS,
+- strip_include_prefix = "c/include",
+-)
+-
+-cc_library(
+- name = "brotlicommon",
+- srcs = [":common_sources"],
+- hdrs = [":common_headers"],
+- copts = STRICT_C_OPTIONS,
+- deps = [":brotli_inc"],
+-)
+-
+-cc_library(
+- name = "brotlidec",
+- srcs = [":dec_sources"],
+- hdrs = [":dec_headers"],
+- copts = STRICT_C_OPTIONS,
+- deps = [":brotlicommon"],
+-)
+-
+-cc_library(
+- name = "brotlienc",
+- srcs = [":enc_sources"],
+- hdrs = [":enc_headers"],
+- copts = STRICT_C_OPTIONS,
+- linkopts = select({
+- ":msvc": [],
+- "//conditions:default": ["-lm"],
+- }),
+- deps = [":brotlicommon"],
+-)
+-
+-cc_binary(
+- name = "brotli",
+- srcs = ["c/tools/brotli.c"],
+- copts = STRICT_C_OPTIONS,
+- linkstatic = 1,
+- deps = [
+- ":brotlidec",
+- ":brotlienc",
+- ],
+-)
+-
+-filegroup(
+- name = "dictionary",
+- srcs = ["c/common/dictionary.bin"],
+-)
+
+--- a/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/BUILD
++++ /dev/null
+@@ -1,147 +0,0 @@
+-# Description:
+-# Brotli is a generic-purpose lossless compression algorithm.
+-
+-load(":compiler_config_setting.bzl", "create_msvc_config")
+-
+-package(
+- default_visibility = ["//visibility:public"],
+-)
+-
+-licenses(["notice"]) # MIT
+-
+-exports_files(["LICENSE"])
+-
+-config_setting(
+- name = "darwin",
+- values = {"cpu": "darwin"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "darwin_x86_64",
+- values = {"cpu": "darwin_x86_64"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "windows",
+- values = {"cpu": "x64_windows"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "windows_msvc",
+- values = {"cpu": "x64_windows_msvc"},
+- visibility = ["//visibility:public"],
+-)
+-
+-config_setting(
+- name = "windows_msys",
+- values = {"cpu": "x64_windows_msys"},
+- visibility = ["//visibility:public"],
+-)
+-
+-create_msvc_config()
+-
+-STRICT_C_OPTIONS = select({
+- ":msvc": [],
+- "//conditions:default": [
+- "--pedantic-errors",
+- "-Wall",
+- "-Wconversion",
+- "-Werror",
+- "-Wextra",
+- "-Wlong-long",
+- "-Wmissing-declarations",
+- "-Wmissing-prototypes",
+- "-Wno-strict-aliasing",
+- "-Wshadow",
+- "-Wsign-compare",
+- ],
+-})
+-
+-filegroup(
+- name = "public_headers",
+- srcs = glob(["c/include/brotli/*.h"]),
+-)
+-
+-filegroup(
+- name = "common_headers",
+- srcs = glob(["c/common/*.h"]),
+-)
+-
+-filegroup(
+- name = "common_sources",
+- srcs = glob(["c/common/*.c"]),
+-)
+-
+-filegroup(
+- name = "dec_headers",
+- srcs = glob(["c/dec/*.h"]),
+-)
+-
+-filegroup(
+- name = "dec_sources",
+- srcs = glob(["c/dec/*.c"]),
+-)
+-
+-filegroup(
+- name = "enc_headers",
+- srcs = glob(["c/enc/*.h"]),
+-)
+-
+-filegroup(
+- name = "enc_sources",
+- srcs = glob(["c/enc/*.c"]),
+-)
+-
+-cc_library(
+- name = "brotli_inc",
+- hdrs = [":public_headers"],
+- copts = STRICT_C_OPTIONS,
+- strip_include_prefix = "c/include",
+-)
+-
+-cc_library(
+- name = "brotlicommon",
+- srcs = [":common_sources"],
+- hdrs = [":common_headers"],
+- copts = STRICT_C_OPTIONS,
+- deps = [":brotli_inc"],
+-)
+-
+-cc_library(
+- name = "brotlidec",
+- srcs = [":dec_sources"],
+- hdrs = [":dec_headers"],
+- copts = STRICT_C_OPTIONS,
+- deps = [":brotlicommon"],
+-)
+-
+-cc_library(
+- name = "brotlienc",
+- srcs = [":enc_sources"],
+- hdrs = [":enc_headers"],
+- copts = STRICT_C_OPTIONS,
+- linkopts = select({
+- ":msvc": [],
+- "//conditions:default": ["-lm"],
+- }),
+- deps = [":brotlicommon"],
+-)
+-
+-cc_binary(
+- name = "brotli",
+- srcs = ["c/tools/brotli.c"],
+- copts = STRICT_C_OPTIONS,
+- linkstatic = 1,
+- deps = [
+- ":brotlidec",
+- ":brotlienc",
+- ],
+-)
+-
+-filegroup(
+- name = "dictionary",
+- srcs = ["c/common/dictionary.bin"],
+-)
diff --git a/third_party/linux/external.bzl b/third_party/linux/external.bzl
index 04a0826..9f0a0b0 100644
--- a/third_party/linux/external.bzl
+++ b/third_party/linux/external.bzl
@@ -29,6 +29,7 @@
patch_args = ["-p1"],
patches = [
"//third_party/linux/external:0001-block-partition-expose-PARTUUID-through-uevent.patch",
+ "//third_party/linux/external:discard-gnu-note-section.patch",
],
sha256 = sums[version],
strip_prefix = "linux-" + version,
diff --git a/third_party/linux/external/discard-gnu-note-section.patch b/third_party/linux/external/discard-gnu-note-section.patch
new file mode 100644
index 0000000..c874772
--- /dev/null
+++ b/third_party/linux/external/discard-gnu-note-section.patch
@@ -0,0 +1,82 @@
+From d2ab95a534255d8d54640c84d05e266171e07328 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 27 Apr 2020 18:49:00 -0700
+Subject: [PATCH] Discard .note.gnu.property sections in generic NOTES
+
+With the command-line option, -mx86-used-note=yes, the x86 assembler
+in binutils 2.32 and above generates a program property note in a note
+section, .note.gnu.property, to encode used x86 ISAs and features. But
+kernel linker script only contains a single NOTE segment:
+
+PHDRS {
+ text PT_LOAD FLAGS(5);
+ data PT_LOAD FLAGS(6);
+ percpu PT_LOAD FLAGS(6);
+ init PT_LOAD FLAGS(7);
+ note PT_NOTE FLAGS(0);
+}
+SECTIONS
+{
+...
+ .notes : AT(ADDR(.notes) - 0xffffffff80000000) { __start_notes = .; KEEP(*(.not
+e.*)) __stop_notes = .; } :text :note
+...
+}
+
+The NOTE segment generated by kernel linker script is aligned to 4 bytes.
+But .note.gnu.property section must be aligned to 8 bytes on x86-64 and
+we get
+
+[hjl@gnu-skx-1 linux]$ readelf -n vmlinux
+
+Displaying notes found in: .notes
+ Owner Data size Description
+ Xen 0x00000006 Unknown note type: (0x00000006)
+ description data: 6c 69 6e 75 78 00
+ Xen 0x00000004 Unknown note type: (0x00000007)
+ description data: 32 2e 36 00
+ xen-3.0 0x00000005 Unknown note type: (0x006e6558)
+ description data: 08 00 00 00 03
+readelf: Warning: note with invalid namesz and/or descsz found at offset 0x50
+readelf: Warning: type: 0xffffffff, namesize: 0x006e6558, descsize:
+0x80000000, alignment: 8
+[hjl@gnu-skx-1 linux]$
+
+Since note.gnu.property section in kernel image is never used, this patch
+discards .note.gnu.property sections in kernel linker script by adding
+
+/DISCARD/ : {
+ *(.note.gnu.property)
+}
+
+before kernel NOTE segment in generic NOTES.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Rebased-by: Lorenz Brun <lorenz@monogon.tech>
+---
+ include/asm-generic/vmlinux.lds.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
+index f2984af2b85b..851c48a3c031 100644
+--- a/include/asm-generic/vmlinux.lds.h
++++ b/include/asm-generic/vmlinux.lds.h
+@@ -903,7 +903,14 @@
+ #define PRINTK_INDEX
+ #endif
+
++/*
++ * Discard .note.gnu.property sections which are unused and have
++ * different alignment requirement from kernel note sections.
++ */
+ #define NOTES \
++ /DISCARD/ : { \
++ *(.note.gnu.property) \
++ } \
+ .notes : AT(ADDR(.notes) - LOAD_OFFSET) { \
+ __start_notes = .; \
+ KEEP(*(.note.*)) \
+--
+2.25.1
+