Merge pull request #121513 from radhus/xen-4.15-pr

xen: add 4.15 version

pkgs/applications/virtualization/xen/0000-fix-install-python.4.15.patch

@@ -0,0 +1,16 @@
+tools/python/install-wrap script brakes shebangs patching, disable
+
+diff --git a/tools/Rules.mk b/tools/Rules.mk
+index 444e5bacdd..c99ea959ff 100644
+--- a/tools/Rules.mk
++++ b/tools/Rules.mk
+@@ -135,8 +135,7 @@ CFLAGS += $(CFLAGS-y)
+ 
+ CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS)
+ 
+-INSTALL_PYTHON_PROG = \
+-	$(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG)
++INSTALL_PYTHON_PROG = $(INSTALL_PROG)
+ 
+ %.opic: %.c
+ 	$(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS)

pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.15.patch

@@ -0,0 +1,27 @@
+hack to make etherboot use prefetched ipxe
+
+diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
+index ed9e11305f..979a3acea8 100644
+--- a/tools/firmware/etherboot/Makefile
++++ b/tools/firmware/etherboot/Makefile
+@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
+ 
+ D=ipxe
+ T=ipxe.tar.gz
++G=ipxe.git
+ 
+ ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
+ ROM = $D/src/bin/ipxe.bin
+@@ -41,9 +42,9 @@ $T:
+ 	fi
+ 	mv _$T $T
+ 
+-$D/src/arch/i386/Makefile: $T Config
+-	rm -rf $D
+-	gzip -dc $T | tar xf -
++$D/src/arch/i386/Makefile: $G Config
++	mkdir $D
++	cp -a $G/* $D
+ 	for i in $$(cat patches/series) ; do                 \
+ 	    patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
+ 	done

pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.4.15.patch

@@ -0,0 +1,42 @@
+diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
+index b6567c4127..83defeee95 100644
+--- a/xen/arch/x86/Makefile
++++ b/xen/arch/x86/Makefile
+@@ -124,11 +124,11 @@ ifneq ($(efi-y),)
+ export XEN_BUILD_EFI := $(shell $(CC) $(XEN_CFLAGS) -c efi/check.c -o efi/check.o 2>/dev/null && echo y)
+ # Check if the linker supports PE.
+ EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(XEN_LDFLAGS)) --subsystem=10 --strip-debug
+-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
++XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
+ CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI
+ # Check if the linker produces fixups in PE by default (we need to disable it doing so for now).
+ XEN_NO_PE_FIXUPS := $(if $(XEN_BUILD_EFI), \
+-                         $(shell $(LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
++                         $(shell $(EFI_LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
+                                  echo --disable-reloc-section))
+ endif
+ 
+@@ -217,20 +217,20 @@ note_file_option ?= $(note_file)
+ ifeq ($(XEN_BUILD_PE),y)
+ $(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc
+ 	$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
+-	          $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
++	          $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \
+ 	                $(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) :
+ 	efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S
+ 	$(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \
+ 		| $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S
+ 	$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o
+ 	$(foreach base, $(VIRT_BASE) $(ALT_BASE), \
+-	          $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
++	          $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \
+ 	                $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) :
+ 	efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S
+ 	$(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \
+ 		| $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S
+ 	$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o
+-	$(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
++	$(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \
+ 	                $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@
+ 	$(NM) -pa --format=sysv $(@D)/$(@F) \
+ 		| $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map

pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.15.patch

@@ -0,0 +1,37 @@
+EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something
+like that, and (on my machine) has directories within that called
+{Boot, nixos, gummiboot}.
+
+This patch does two things:
+
+1) Xen apparently wants to put files in
+$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name
+because I can't see why we have it
+
+2) Ensures the said directory exists
+
+
+diff --git a/xen/Makefile b/xen/Makefile
+index acb2d28891..d0763fbbe7 100644
+--- a/xen/Makefile
++++ b/xen/Makefile
+@@ -289,7 +289,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
+ 		ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
+ 		ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
+ 		if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
+-			$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
++			[ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \
++			  $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\
++			$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
+ 		elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
+ 			echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
+ 		fi; \
+@@ -319,7 +321,7 @@ _uninstall:
+ 	rm -f $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.map
+ 	rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi
+ 	rm -f $(D)$(EFI_DIR)/$(T).efi
+-	rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
++	rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi
+ 
+ .PHONY: _debug
+ _debug:

pkgs/applications/virtualization/xen/4.10.nix

@@ -8,6 +8,9 @@
 , withOVMF ? false, OVMF
 , withLibHVM ? true
 
+# xen
+, lvm2, ncurses, python2Packages
+
 # qemu
 , udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir
 , alsa-lib, glib, python2
@@ -165,7 +168,21 @@ callPackage (import ./generic.nix (rec {
     "-Wno-error=zero-length-bounds"
   ];
 
+  patches = [
+    ./0000-fix-ipxe-src.4.10.patch
+    ./0000-fix-install-python.4.10.patch
+    ./0004-makefile-use-efi-ld.4.10.patch
+    ./0005-makefile-fix-efi-mountdir-use.4.10.patch
+  ];
+
   postPatch = ''
+    substituteInPlace tools/blktap2/lvm/lvm-util.c \
+      --replace /usr/sbin/vgs ${lvm2}/bin/vgs \
+      --replace /usr/sbin/lvs ${lvm2}/bin/lvs
+
+    substituteInPlace tools/xenstat/Makefile \
+      --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h
+
     # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror.
     sed 1i'#include <sys/sysmacros.h>' \
       -i tools/blktap2/control/tap-ctl-allocate.c \
@@ -181,4 +198,7 @@ callPackage (import ./generic.nix (rec {
       else throw "this xen has no qemu builtin";
   };
 
-})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args)
+})) ({
+  ocamlPackages = ocaml-ng.ocamlPackages_4_05;
+  pythonPackages = python2Packages;
+} // args)

pkgs/applications/virtualization/xen/4.15.nix

@@ -0,0 +1,181 @@
+{ lib, callPackage, fetchurl, fetchpatch, fetchgit
+, ocaml-ng
+, withInternalQemu ? true
+, withInternalTraditionalQemu ? true
+, withInternalSeabios ? true
+, withSeabios ? !withInternalSeabios, seabios ? null
+, withInternalOVMF ? false # FIXME: tricky to build
+, withOVMF ? false, OVMF
+, withLibHVM ? false
+
+# xen
+, python3Packages
+
+# qemu
+, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir
+, alsa-lib, glib, python3
+, ... } @ args:
+
+assert withInternalSeabios -> !withSeabios;
+assert withInternalOVMF -> !withOVMF;
+assert !withLibHVM;
+
+with lib;
+
+# Patching XEN? Check the XSAs at
+# https://xenbits.xen.org/xsa/
+# and try applying all the ones we don't have yet.
+
+let
+  xsa = import ./xsa-patches.nix { inherit fetchpatch; };
+
+  qemuMemfdBuildFix = fetchpatch {
+    name = "xen-4.8-memfd-build-fix.patch";
+    url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch";
+    sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa";
+  };
+
+  qemuDeps = [
+    udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir
+    alsa-lib glib python3
+  ];
+in
+
+callPackage (import ./generic.nix (rec {
+  version = "4.15.1";
+
+  src = fetchurl {
+    url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz";
+    sha256 = "1rmc7gb72xwhr3h9rc3bkac41s8kjjzz45miwdq6yalyq7j7vss5";
+  };
+
+  # Sources needed to build tools and firmwares.
+  xenfiles = optionalAttrs withInternalQemu {
+    qemu-xen = {
+      src = fetchgit {
+        url = "https://xenbits.xen.org/git-http/qemu-xen.git";
+        # rev = "refs/tags/qemu-xen-${version}";
+        # use revision hash - reproducible but must be updated with each new version
+        rev = "e2af2d050338c99e8436e251ad67aafb3ebbd501";
+        sha256 = "sha256-gVykPtzAA7tmpe6iVvnulaW+b0jD3gwL1JXC5yeIA7M=";
+      };
+      buildInputs = qemuDeps;
+      postPatch = ''
+        # needed in build but /usr/bin/env is not available in sandbox
+        substituteInPlace scripts/tracetool.py \
+          --replace "/usr/bin/env python" "${python3}/bin/python"
+      '';
+      meta.description = "Xen's fork of upstream Qemu";
+    };
+  } // optionalAttrs withInternalTraditionalQemu {
+    # TODO 4.15: something happened with traditional in this release?
+    qemu-xen-traditional = {
+      src = fetchgit {
+        url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git";
+        # rev = "refs/tags/xen-${version}";
+        # use revision hash - reproducible but must be updated with each new version
+        rev = "3d273dd05e51e5a1ffba3d98c7437ee84e8f8764";
+        sha256 = "1dc6dhjp4y2irmi9yiyw1kzmm1habyy8j1s2zkf6qyak850krqj7";
+      };
+      buildInputs = qemuDeps;
+      patches = [
+      ];
+      postPatch = ''
+        substituteInPlace xen-hooks.mak \
+          --replace /usr/include/pci ${pciutils}/include/pci
+      '';
+      meta.description = "Xen's fork of upstream Qemu that uses old device model";
+    };
+  } // optionalAttrs withInternalSeabios {
+    "firmware/seabios-dir-remote" = {
+      src = fetchgit {
+        url = "https://xenbits.xen.org/git-http/seabios.git";
+        rev = "155821a1990b6de78dde5f98fa5ab90e802021e0";
+        sha256 = "sha256-F3lzr00CMAObJtpz0eZFT/rwjFx+bvlI37/JtHXP5Eo=";
+      };
+      patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ];
+      meta.description = "Xen's fork of Seabios";
+    };
+  } // optionalAttrs withInternalOVMF {
+    "firmware/ovmf-dir-remote" = {
+      src = fetchgit {
+        url = "https://xenbits.xen.org/git-http/ovmf.git";
+        rev = "a3741780fe3535e19e02efa869a7cac481891129";
+        sha256 = "0000000000000000000000000000000000000000000000000000";
+      };
+      meta.description = "Xen's fork of OVMF";
+    };
+  } // {
+    # TODO: patch Xen to make this optional?
+    "firmware/etherboot/ipxe.git" = {
+      src = fetchgit {
+        url = "https://git.ipxe.org/ipxe.git";
+        rev = "988d2c13cdf0f0b4140685af35ced70ac5b3283c";
+        sha256 = "1pkf1n1c0rdlzfls8fvjvi1sd9xjd9ijqlyz3wigr70ijcv6x8i9";
+      };
+      meta.description = "Xen's fork of iPXE";
+    };
+  };
+
+  configureFlags = []
+    ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH
+    ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional"
+    ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional"
+
+    ++ optional (withSeabios) "--with-system-seabios=${seabios}"
+    ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios"
+
+    ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd"
+    ++ optional (withInternalOVMF) "--enable-ovmf";
+
+  NIX_CFLAGS_COMPILE = toString [
+    # TODO 4.15: drop unneeded ones
+    # Fix build on Glibc 2.24.
+    "-Wno-error=deprecated-declarations"
+    # Fix build with GCC 8
+    "-Wno-error=maybe-uninitialized"
+    "-Wno-error=stringop-truncation"
+    "-Wno-error=format-truncation"
+    "-Wno-error=array-bounds"
+    # Fix build with GCC 9
+    "-Wno-error=address-of-packed-member"
+    "-Wno-error=format-overflow"
+    "-Wno-error=absolute-value"
+    # Fix build with GCC 10
+    "-Wno-error=enum-conversion"
+    "-Wno-error=zero-length-bounds"
+  ];
+
+  patches = with xsa; flatten [
+    ./0000-fix-ipxe-src.4.15.patch
+    ./0000-fix-install-python.4.15.patch
+    ./0004-makefile-use-efi-ld.4.15.patch
+    ./0005-makefile-fix-efi-mountdir-use.4.15.patch
+
+    XSA_386
+  ];
+
+  postPatch = ''
+    # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror.
+    sed 1i'#include <sys/sysmacros.h>' \
+      -i tools/libs/light/libxl_device.c
+
+    # Fix missing pkg-config dir
+    mkdir -p tools/pkg-config
+  '';
+
+  preBuild = ''
+    # PKG_CONFIG env var collides with variables used in tools Makefiles.
+    unset PKG_CONFIG
+  '';
+
+  passthru = {
+    qemu-system-i386 = if withInternalQemu
+      then "lib/xen/bin/qemu-system-i386"
+      else throw "this xen has no qemu builtin";
+  };
+
+})) ({
+  ocamlPackages = ocaml-ng.ocamlPackages_4_05;
+  pythonPackages = python3Packages;
+} // args)

pkgs/applications/virtualization/xen/generic.nix

@@ -4,9 +4,8 @@ config:
 # Xen
 , bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib
 , acpica-tools, libaio, libiconv, libuuid, ncurses, openssl, perl
-, python2Packages
-# python2Packages.python
 , xz, yajl, zlib
+, pythonPackages
 
 # Xen Optional
 , ocamlPackages
@@ -14,10 +13,10 @@ config:
 # Scripts
 , coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools
 , iproute2, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd
-, lvm2, util-linux, procps, systemd
+, util-linux, procps, systemd
 
 # Documentation
-# python2Packages.markdown
+# pythonPackages.markdown
 , fig2dev, ghostscript, texinfo, pandoc
 
 , binutils-unwrapped
@@ -72,16 +71,16 @@ stdenv.mkDerivation (rec {
 
     # Xen
     bison bzip2 checkpolicy dev86 figlet flex gettext glib acpica-tools libaio
-    libiconv libuuid ncurses openssl perl python2Packages.python xz yajl zlib
+    libiconv libuuid ncurses openssl perl pythonPackages.python xz yajl zlib
 
     # oxenstored
     ocamlPackages.findlib ocamlPackages.ocaml systemd
 
     # Python fixes
-    python2Packages.wrapPython
+    pythonPackages.wrapPython
 
     # Documentation
-    python2Packages.markdown fig2dev ghostscript texinfo pandoc
+    pythonPackages.markdown fig2dev ghostscript texinfo pandoc
 
     # Others
   ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles))
@@ -133,10 +132,6 @@ stdenv.mkDerivation (rec {
   '';
 
   patches = [
-    ./0000-fix-ipxe-src.patch
-    ./0000-fix-install-python.patch
-    ./0004-makefile-use-efi-ld.patch
-    ./0005-makefile-fix-efi-mountdir-use.patch
   ] ++ (config.patches or []);
 
   postPatch = ''
@@ -156,10 +151,6 @@ stdenv.mkDerivation (rec {
     substituteInPlace tools/libfsimage/common/fsimage_plugin.c \
       --replace /usr $out
 
-    substituteInPlace tools/blktap2/lvm/lvm-util.c \
-      --replace /usr/sbin/vgs ${lvm2}/bin/vgs \
-      --replace /usr/sbin/lvs ${lvm2}/bin/lvs
-
     substituteInPlace tools/misc/xenpvnetboot \
       --replace /usr/sbin/mount ${util-linux}/bin/mount \
       --replace /usr/sbin/umount ${util-linux}/bin/umount
@@ -167,9 +158,6 @@ stdenv.mkDerivation (rec {
     substituteInPlace tools/xenmon/xenmon.py \
       --replace /usr/bin/pkill ${procps}/bin/pkill
 
-    substituteInPlace tools/xenstat/Makefile \
-      --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h
-
     ${optionalString (builtins.compareVersions config.version "4.8" >= 0) ''
       substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
         --replace /bin/mkdir mkdir
@@ -209,6 +197,10 @@ stdenv.mkDerivation (rec {
   makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ]
            ++ (config.makeFlags or []);
 
+  preBuild = ''
+    ${config.preBuild or ""}
+  '';
+
   buildFlags = [ "xen" "tools" ];
 
   postBuild = ''

pkgs/applications/virtualization/xen/packages.nix

@@ -52,8 +52,53 @@ rec {
     };
   };
 
+  xen_4_15-vanilla = callPackage ./4.15.nix {
+    meta = {
+      description = "vanilla";
+      longDescription = ''
+        Vanilla version of Xen. Uses forks of Qemu and Seabios bundled
+        with Xen. This gives vanilla experince, but wastes space and
+        build time: typical NixOS setup that runs lots of VMs will
+        build three different versions of Qemu when using this (two
+        forks and upstream).
+      '';
+    };
+  };
+
+  xen_4_15-slim = xen_4_15-vanilla.override {
+    withInternalQemu = false;
+    withInternalTraditionalQemu = true;
+    withInternalSeabios = false;
+    withSeabios = true;
+
+    meta = {
+      description = "slim";
+      longDescription = ''
+        Slimmed-down version of Xen that reuses nixpkgs packages as
+        much as possible. Different parts may get out of sync, but
+        this builds faster and uses less space than vanilla. Use with
+        `qemu_xen` from nixpkgs.
+      '';
+    };
+  };
+
+  xen_4_15-light = xen_4_15-vanilla.override {
+    withInternalQemu = false;
+    withInternalTraditionalQemu = false;
+    withInternalSeabios = false;
+    withSeabios = true;
+
+    meta = {
+      description = "light";
+      longDescription = ''
+        Slimmed-down version of Xen without `qemu-traditional` (you
+        don't need it if you don't know what it is). Use with
+        `qemu_xen-light` from nixpkgs.
+      '';
+    };
+  };
+
   xen-vanilla = xen_4_10-vanilla;
   xen-slim = xen_4_10-slim;
   xen-light = xen_4_10-light;
-
 }

pkgs/applications/virtualization/xen/xsa-patches.nix

@@ -485,4 +485,9 @@ in {
       sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm";
     })
   ];
+
+  XSA_386 = (xsaPatch {
+    name = "386";
+    sha256 = "sha256-pAuLgt3sDeL73NSDqZCWxRGZk1tWaYlDbh7cUcJ4s+w=";
+  });
 }

pkgs/top-level/all-packages.nix

@@ -26839,6 +26839,8 @@ with pkgs;
   qemu_xen-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen-light; });
   qemu_xen_4_10 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-slim; });
   qemu_xen_4_10-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-light; });
+  qemu_xen_4_15 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_15-slim; });
+  qemu_xen_4_15-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_15-light; });
 
   qemu_test = lowPrio (qemu.override { hostCpuOnly = true; nixosTestRunner = true; });
 
@@ -34550,6 +34552,10 @@ with pkgs;
   xen_4_10-slim = xenPackages.xen_4_10-slim;
   xen_4_10-light = xenPackages.xen_4_10-light;
 
+  xen_4_15 = xenPackages.xen_4_15-vanilla;
+  xen_4_15-slim = xenPackages.xen_4_15-slim;
+  xen_4_15-light = xenPackages.xen_4_15-light;
+
   xkbset = callPackage ../tools/X11/xkbset { };
 
   xkbmon = callPackage ../applications/misc/xkbmon { };