From: Magnus Granberg <zorry@gentoo.org>
Date: Sat, 22 Oct 2011 23:25:50 +0000 (+0000)
Subject: Fix compile failure for hardened #360805
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7e0b61e129537b4ad6f52a97c33b10c8bff18e5c;p=gentoo.git

Fix compile failure for hardened #360805

Package-Manager: portage-2.1.10.30/cvs/Linux x86_64
---

diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog
index f430dae41fbb..4de5d17bd15c 100644
--- a/app-emulation/xen-tools/ChangeLog
+++ b/app-emulation/xen-tools/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-emulation/xen-tools
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.99 2011/10/13 19:30:37 alexxy Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.100 2011/10/22 23:25:50 zorry Exp $
+
+*xen-tools-4.1.1-r6 (22 Oct 2011)
+
+  22 Oct 2011; Magnus Granberg <zorry@gentoo.org> +xen-tools-4.1.1-r6.ebuild, 
+  +files/ipxe-nopie.patch:
+  Fix hardened compile failure #360805 don't compile ipxe with pie.
+  Thanks Ian Delaney and Ralf Glauberman
 
   13 Oct 2011; Alexey Shvetsov <alexxy@gentoo.org> -xen-tools-3.4.2.ebuild,
   xen-tools-4.1.1-r5.ebuild, files/xendomains.initd-r1:
diff --git a/app-emulation/xen-tools/Manifest b/app-emulation/xen-tools/Manifest
index 815a49c85c50..773ac0dc9380 100644
--- a/app-emulation/xen-tools/Manifest
+++ b/app-emulation/xen-tools/Manifest
@@ -1,6 +1,4 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
+AUX ipxe-nopie.patch 952 RMD160 243c65b1e9e27fde14b10c5f605cce635de88032 SHA1 06870bb3bb063aabe16e721f487f0756a5889e8f SHA256 22d1e84568e4bdf204404c45cd4d323a78a1b5a5a29cc4a0707894e22f40bd48
 AUX xen-consoles.logrotate 63 RMD160 035bd8baf1ba68a5525bab4379c0c4e350001a74 SHA1 6f88a4da3349aade6070dfc5c4465e2c00f3e68c SHA256 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19
 AUX xen-tools-3.3.0-nostrip.patch 1021 RMD160 f702b588596dfdebf71fafbf866d270ac5bb549e SHA1 bb4db097af6e206ed68bcc1a1c3ef48b02e9a4c5 SHA256 2debac718c01a7eac4daf3182a7ae04aa562137d791cd510ecf1848d7eaccebd
 AUX xen-tools-3.3.1-sandbox-fix.patch 828 RMD160 6c637b0883b72f12ce33b9c6d2dc7cf5267fc85a SHA1 51b35f096c0ad5c83e9654cfe0267b8efc51367e SHA256 519236a71e81e1da1c9a7616745422e6f205f4f7901abba7af0e0aef665af343
@@ -29,23 +27,7 @@ DIST xen-4.1.1.tar.gz 10355625 RMD160 4b3c0641b0f098889f627662aa6b8fea00c5b636 S
 EBUILD xen-tools-3.4.2-r3.ebuild 7049 RMD160 05ffd0fdba6761df2d59f3bd7421599e1f20f4a1 SHA1 e36b7900c84de2ca1f861af081678ff3c7eb943a SHA256 d1513d443231dd27cb0267acac47c00c9bf95c25aa296e90ee6bb21a134e1e51
 EBUILD xen-tools-3.4.2-r5.ebuild 7398 RMD160 08e9b12c23c9d853f5b59ee2613a5e07a9623038 SHA1 0859af01b9dace9451e24f509c4b436a76b9da39 SHA256 92682159a7961a7ebebf523541f793e59e7b4807755e32e8787e70658bc3ff54
 EBUILD xen-tools-4.1.1-r5.ebuild 10316 RMD160 92450a0dba081cda3e23e94072953b858538d31e SHA1 f1af2fba3958c0813b37adc16c82d69d720f2458 SHA256 80485abdbcaf256d21289f0cf260de671d72bbcc023bf49df3bd99db99b23720
+EBUILD xen-tools-4.1.1-r6.ebuild 10482 RMD160 eb59e73c0a2a6b2e0914dbf99d118823ed90b14a SHA1 8c4a9e48ad4b4a85393b115039529489ee6f7d61 SHA256 7777cf83b79929546a5f48194e0878d2bf5f6adc224eb362b2cb797952bea676
 EBUILD xen-tools-9999.ebuild 9682 RMD160 2f60aa64bb720767cee6b7a88a421613f92dcf02 SHA1 69a5487f75dd757d5da96bb2339c38819fe6d4d6 SHA256 20770f7c8a02ea141be8a8772624e6dcf8266dbee477b31e87f265695b939a69
-MISC ChangeLog 24627 RMD160 264f09aa2e84c48f0e60f80256798b78d8248017 SHA1 b638c1547d1ec25a56af72036a845a1456194d31 SHA256 16d9a3c42ae49dc72137fe16e52c8c21182cc5e68aca0ce80b833dd00599fcf6
+MISC ChangeLog 24878 RMD160 5a4d0ccf575fe8829a6f5e5937c5eaccd1929134 SHA1 81db9b7243f6a9ec6a2d0351422b7fc3e2bfcdc2 SHA256 ab61d6b3d5e036b85e65bb0d0127fc776d0ce39288e06edad0493a7b769e6828
 MISC metadata.xml 947 RMD160 96890462f83ee4a47c9c77993ba76ef82a732af5 SHA1 7ff424eead47cb6ce81930c10d3b22b0d8f73d61 SHA256 74f0e5bea356989a42fd4086d87271ed7c25331306acb333707476f53cac4d60
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (GNU/Linux)
-
-iQIcBAEBCAAGBQJOlzv9AAoJEOf+E+/4L5LmYPYP/2Ehv9W8g4V6fYzXn1X2lmnq
-U/VgQlpZ1ueM5egJU6KrDBjVeZ9ALTp6iXFlpBb990oJCipv0BNkACN2fFDlRiWU
-+slwjhdpWaT+8YO5/R7xzSQ9julOkN9UBumWl5Nswijc1Whs9GAXXEKLH2R10SgB
-65SQ9Z8VEtfU+WPt//tfRoJQrH4p6Y+WTHLiGrgZiAlDVmD3dgRmOqnHogIskw6e
-V0Oh1V1L5vatlmRkPKYz1+fAhOmVrpWXeDsRO0VR6JsM32B9appg753zsA386Bm4
-sTv2ZcBX1IEvFPwVoMkQd8+xeqfRAaQqYndHY2qONYcSwSOLxUmneg7vfzuUJRdb
-3X7s7VVtYhMxLLleSJ+n7pB/Cb33r7lkYRAanHcMXiiTXnUdB2tr57WNBVbsdXeu
-TkNGnAeAd+qFV7ge4tu91u2FjnosOJkqZf9AW2pRm2EIRlQxtuRaTFcGz6tIJbtQ
-J4dZbbokIXaaDqs+Sdgd2y2yaVMS1EjkhqvbvWusWBpxdI5Sq31NZTPSWZewRoac
-rfQ0+UvvyWEpGU9anBd2sdWuxXf3wkLelB5uX5xUscRMOgSrdmTeWMcuaZQU+PQ3
-CSHAfRqT6n26x7gCTIJv9qJIFiguhUgw8ugu85knR5x0upNi7n7Hjx57BaMyGKKg
-hv8Cl0yd5LqNWD39U14L
-=sPz0
------END PGP SIGNATURE-----
diff --git a/app-emulation/xen-tools/files/ipxe-nopie.patch b/app-emulation/xen-tools/files/ipxe-nopie.patch
new file mode 100644
index 000000000000..0663eaacf7f0
--- /dev/null
+++ b/app-emulation/xen-tools/files/ipxe-nopie.patch
@@ -0,0 +1,27 @@
+2011-10-22	Ralf Glauberman	<ralfglauberman@gmx.de>
+
+		#360805 Don't compile ipxe with pie on hardened.
+		* /tools/firmware/etherboot/patches/ipxe-nopie.patche		New patch
+		* /tools/firmware/etherboot/patches/series				Add ipxe-nopie.patch
+
+--- a/tools/firmware/etherboot/patches/ipxe-nopie.patch	1970-01-01 01:00:00.000000000 +0100
++++ b/tools/firmware/etherboot/patches/ipxe-nopie.patch	2011-03-27 17:45:13.929697782 +0200
+@@ -0,0 +1,11 @@
++--- ipxe/src/Makefile~	2011-03-27 17:41:52.000000000 +0200
+++++ ipxe/src/Makefile	2011-03-27 17:43:20.869446433 +0200
++@@ -4,7 +4,7 @@
++ #
++ 
++ CLEANUP		:=
++-CFLAGS		:=
+++CFLAGS		:= -nopie
++ ASFLAGS		:=
++ LDFLAGS		:=
++ MAKEDEPS	:= Makefile
+--- a/tools/firmware/etherboot/patches/series	2011-03-25 11:42:50.000000000 +0100
++++ b/tools/firmware/etherboot/patches/series	2011-03-27 17:45:45.140446216 +0200
+@@ -1,3 +1,4 @@
+ boot_prompt_option.patch
+ gpxe-git-0edf2405b457
+ gpxe-git-a803ef3dfeac
++ipxe-nopie.patch
diff --git a/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild b/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild
new file mode 100644
index 000000000000..2470c69f59b9
--- /dev/null
+++ b/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild
@@ -0,0 +1,332 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.1.1-r6.ebuild,v 1.1 2011/10/22 23:25:50 zorry Exp $
+
+EAPI="3"
+
+if [[ $PV == *9999 ]]; then
+	KEYWORDS=""
+	REPO="xen-unstable.hg"
+	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+	S="${WORKDIR}/${REPO}"
+	live_eclass="mercurial"
+else
+	KEYWORDS="~amd64 ~x86"
+	XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz \
+	$XEN_EXTFILES_URL/ipxe-git-v1.0.0.tar.gz"
+	S="${WORKDIR}/xen-${PV}"
+fi
+
+inherit flag-o-matic eutils multilib python toolchain-funcs ${live_eclass}
+
+DESCRIPTION="Xend daemon and tools"
+HOMEPAGE="http://xen.org/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen xend"
+
+CDEPEND="dev-lang/python
+	dev-python/lxml
+	sys-libs/zlib
+	hvm? ( media-libs/libsdl
+		sys-power/iasl )
+	api? ( dev-libs/libxml2 net-misc/curl )"
+
+DEPEND="${CDEPEND}
+	sys-devel/gcc
+	dev-lang/perl
+	app-misc/pax-utils
+	dev-ml/findlib
+	doc? (
+		app-doc/doxygen
+		dev-tex/latex2html
+		media-gfx/transfig
+		media-gfx/graphviz
+		dev-tex/xcolor
+		dev-texlive/texlive-latexextra
+		virtual/latex-base
+		dev-tex/latexmk
+		dev-texlive/texlive-latex
+		dev-texlive/texlive-pictures
+		dev-texlive/texlive-latexrecommended
+	)
+	hvm? (
+		x11-proto/xproto
+		sys-devel/dev86
+	)"
+
+RDEPEND="${CDEPEND}
+	sys-apps/iproute2
+	net-misc/bridge-utils
+	dev-python/pyxml
+	>=dev-lang/ocaml-3.12.0
+	screen? (
+		app-misc/screen
+		app-admin/logrotate
+	)
+	|| ( sys-fs/udev sys-apps/hotplug )"
+
+# hvmloader is used to bootstrap a fully virtualized kernel
+# Approved by QA team in bug #144032
+QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
+QA_EXECSTACK="usr/share/xen/qemu/openbios-sparc32
+	usr/share/xen/qemu/openbios-sparc64"
+
+pkg_setup() {
+	export "CONFIG_LOMOUNT=y"
+
+	if use qemu; then
+		export "CONFIG_IOEMU=y"
+	else
+		export "CONFIG_IOEMU=n"
+	fi
+
+	if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
+		eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
+		eerror "an amd64 multilib profile is required. Remove the hvm use flag"
+		eerror "to build xen-tools on your current profile."
+		die "USE=hvm is unsupported on this system."
+	fi
+
+	if [[ -z ${XEN_TARGET_ARCH} ]] ; then
+		if use x86 && use amd64; then
+			die "Confusion! Both x86 and amd64 are set in your use flags!"
+		elif use x86; then
+			export XEN_TARGET_ARCH="x86_32"
+		elif use amd64 ; then
+			export XEN_TARGET_ARCH="x86_64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	if use doc && ! has_version "dev-tex/latex2html[png,gif]"; then
+		# die early instead of later
+		eerror "USE=doc requires latex2html with image support. Please add"
+		eerror "'png' and/or 'gif' to your use flags and re-emerge latex2html"
+		die "latex2html missing both png and gif flags"
+	fi
+
+	if use pygrub && ! has_version "dev-lang/python[ncurses]"; then
+		eerror "USE=pygrub requires python to be built with ncurses support. Please add"
+		eerror "'ncurses' to your use flags and re-emerge python"
+		die "python is missing ncurses flags"
+	fi
+
+	if ! has_version "dev-lang/python[threads]"; then
+		eerror "Python is required to be built with threading support. Please add"
+		eerror "'threads' to your use flags and re-emerge python"
+		die "python is missing threads flags"
+	fi
+
+	use api     && export "LIBXENAPI_BINDINGS=y"
+	use flask   && export "FLASK_ENABLE=y"
+
+	if use hvm && ! use qemu; then
+		elog "With qemu disabled, it is not possible to use HVM machines " \
+			"or PVM machines with a framebuffer attached in the kernel config" \
+			"The addition of use flag qemu is required when use flag hvm ise selected"
+	fi
+}
+
+src_prepare() {
+	cp "$DISTDIR/ipxe-git-v1.0.0.tar.gz" tools/firmware/etherboot/ipxe.tar.gz
+	sed -e 's/-Wall//' -i Config.mk || die "Couldn't sanitize CFLAGS"
+	# Drop .config
+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+	# Xend
+	if ! use xend; then
+		sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
+			-i tools/misc/Makefile || die "Disabling xend failed"
+		sed -e 's:^XEND_INITD:#XEND_INITD:' \
+			-i tools/examples/Makefile || "Disabling xend failed"
+	fi
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+		# try and remove all the default custom-cflags
+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+			-i {} \;
+	fi
+
+	# Disable hvm support on systems that don't support x86_32 binaries.
+	if ! use hvm; then
+		chmod 644 tools/check/check_x11_devel
+		sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk
+		sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile
+	fi
+
+	if ! use pygrub; then
+		sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile
+	fi
+	# Don't bother with qemu, only needed for fully virtualised guests
+	if ! use qemu; then
+		sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk
+		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" \
+			-i Makefile
+	fi
+
+	# Fix build for gcc-4.6
+	sed -e "s:-Werror::g" -i  tools/xenstat/xentop/Makefile
+	# Fix network broadcast on bridged networks
+	epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
+
+	# Do not strip binaries
+	epatch "${FILESDIR}/${PN}-3.3.0-nostrip.patch"
+
+	# Patch to libxl bug #380343
+	epatch "${FILESDIR}/${PN}-4.1.1-libxl-tap.patch"
+
+	# Patch from bug #382329 for hvmloader
+	epatch "${FILESDIR}/${PN}-4.1.1-upstream-23104-1976adbf2b80.patch"
+
+	# Prevent the downloading of ipxe
+	sed -e 's:^\tif ! wget -O _$T:#\tif ! wget -O _$T:' \
+		-e 's:^\tfi:#\tfi:' -i \
+		-e 's:^\tmv _$T $T:#\tmv _$T $T:' \
+		-i tools/firmware/etherboot/Makefile || die
+
+	# Don't build ipxe with pie on hardened, Bug #360805
+	if gcc-specs-pie ; then
+		epatch "${FILESDIR}/ipxe-nopie.patch" || die "Could not apply ipxe-nopie patch"
+	fi
+}
+
+src_compile() {
+	export VARTEXFONTS="${T}/fonts"
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	use custom-cflags || unset CFLAGS
+	if test-flag-CC -fno-strict-overflow; then
+		append-flags -fno-strict-overflow
+	fi
+
+	unset LDFLAGS
+	emake CC=$(tc-getCC) LD=$(tc-getLD) -C tools ${myopt} || die "compile failed"
+
+	if use doc; then
+		sh ./docs/check_pkgs || die "package check failed"
+		emake docs || die "compiling docs failed"
+		emake dev-docs || die "make dev-docs failed"
+	fi
+
+	emake -C docs man-pages || die "make man-pages failed"
+}
+
+src_install() {
+	# Override auto-detection in the build system, bug #382573
+	export INITD_DIR=/etc/init.d
+	export CONFIG_LEAF_DIR=default
+
+	make DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" XEN_PYTHON_NATIVE_INSTALL=y install-tools  \
+		|| die "install failed"
+
+	# Remove RedHat-specific stuff
+	rm -r "${D}"/etc/init.d/xen* "${D}"/etc/default || die
+
+	# uncomment lines in xl.conf
+	sed -e 's:^#autoballoon=1:autoballoon=1:' \
+		-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
+		-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
+		-i tools/examples/xl.conf  || die
+
+	dodoc README docs/README.xen-bugtool docs/ChangeLog
+	if use doc; then
+		emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" install-docs \
+			|| die "install docs failed"
+
+		dohtml -r docs/api/
+		docinto pdf
+		dodoc docs/api/tools/python/latex/refman.pdf
+
+		[ -d "${D}"/usr/share/doc/xen ] && mv "${D}"/usr/share/doc/xen/* "${D}"/usr/share/doc/${PF}/html
+	fi
+	rm -rf "${D}"/usr/share/doc/xen/
+
+	doman docs/man?/*
+
+	if use xend; then
+		newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
+	fi
+	newconfd "${FILESDIR}"/xendomains.confd xendomains \
+		|| die "Couldn't install xendomains.confd"
+	newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains \
+		|| die "Couldn't install xendomains.initd"
+	newinitd "${FILESDIR}"/xenstored.initd xenstored \
+		|| die "Couldn't install xenstored.initd"
+	newconfd "${FILESDIR}"/xenstored.confd xenstored \
+		|| die "Couldn't install xenstored.confd"
+	newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled \
+		|| die "Couldn't install xenconsoled.initd"
+	newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled \
+		|| die "Couldn't install xenconsoled.confd"
+
+	if use screen; then
+		cat "${FILESDIR}"/xendomains-screen.confd >> "${D}"/etc/conf.d/xendomains
+		cp "${FILESDIR}"/xen-consoles.logrotate "${D}"/etc/xen/
+		keepdir /var/log/xen-consoles
+	fi
+
+	# xend expects these to exist
+	keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
+
+	# for xendomains
+	keepdir /etc/xen/auto
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+	elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo"
+
+	if [[ "$(scanelf -s __guard -q $(type -P python))" ]] ; then
+		echo
+		ewarn "xend may not work when python is built with stack smashing protection (ssp)."
+		ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
+		ewarn "This probablem may be resolved as of Xen 3.0.4, if not post in the bug."
+	fi
+
+	if ! has_version "dev-lang/python[ncurses]"; then
+		echo
+		ewarn "NB: Your dev-lang/python is built without USE=ncurses."
+		ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
+	fi
+
+	if has_version "sys-apps/iproute2[minimal]"; then
+		echo
+		ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
+		ewarn "will not work until you rebuild iproute2 without USE=minimal."
+	fi
+
+	if ! use hvm; then
+		echo
+		elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
+		elog "support enable the hvm use flag."
+		elog "An x86 or amd64 multilib system is required to build HVM support."
+		echo
+		elog "The qemu use flag has been removed and replaced with hvm."
+	fi
+	if use xend; then
+		echo
+		elog "xend capability has been enabled and installed"
+	fi
+	if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
+		echo
+		elog "xensv is broken upstream (Gentoo bug #142011)."
+		elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
+	fi
+
+	python_mod_optimize $(use pygrub && echo grub) xen
+}
+
+pkg_postrm() {
+	python_mod_cleanup $(use pygrub && echo grub) xen
+}