rpms/libguestfs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to stable version

Browse Source
This commit is contained in:
eabdullin 2023-12-07 16:44:37 +03:00
parent ca2fd6569f
commit 355f2766e6
17 changed files with 3048 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libguestfs-1.48.4.tar.gz
SOURCES/libguestfs-1.50.1.tar.gz
SOURCES/libguestfs.keyring

2
.libguestfs.metadata
View File

@ -1,2 +1,2 @@
a8754a62256ac488eec3e18bed20f570f785d069 SOURCES/libguestfs-1.48.4.tar.gz
b2ccc62a61d43917d982bb380709cd283fda465a SOURCES/libguestfs-1.50.1.tar.gz
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring

37
SOURCES/0002-update-common-submodule.patch Normal file
View File

@ -0,0 +1,37 @@
From 89b6c8b458dcb00de83b543c47a6acb049f63f18 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 21 Mar 2023 16:55:15 +0100
Subject: [PATCH] update common submodule
HATAYAMA Daisuke (1):
progress: fix segmentation fault when TERM variable is "dumb"
Laszlo Ersek (2):
detect_kernels: tighten "try" scope
detect_kernels: deal with RHEL's kernel-core / kernel-modules-core split
rwmjones (1):
Merge pull request #5 from d-hatayama/fix_segfault_progress_bar
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2175703
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit be11d25b3e2770d86699e94c5087e6625477d5ec)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 360e037d..70c10a07:
diff --git a/common/progress/progress.c b/common/progress/progress.c
index 4d52b97e..e4b30663 100644
--- a/common/progress/progress.c
+++ b/common/progress/progress.c
@@ -318,7 +318,8 @@ progress_bar_set (struct progress_bar *bar,
* (b) it's just not possible to use tputs in a sane way here.
*/
/*tputs (UP, 2, putchar);*/
- fprintf (fp, "%s", UP);
+ if (UP)
+ fprintf (fp, "%s", UP);
}
bar->count++;

63
SOURCES/0003-daemon-selinux-relabel-don-t-exclude-selinux-if-it-s.patch Normal file
View File

@ -0,0 +1,63 @@
From e58cd8df467e342463d08e3d761c2e322287b13e Mon Sep 17 00:00:00 2001
From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: Wed, 26 Apr 2023 15:59:44 +0300
Subject: [PATCH] daemon/selinux-relabel: don't exclude "/selinux" if it's
non-existent
Since RHBZ#726528, filesystem.rpm doesn't include /selinux. setfiles
then gives us the warning: "Can't stat exclude path "/sysroot/selinux",
No such file or directory - ignoring."
Though the warning is harmless, let's get rid of it by checking the
existence of /selinux directory.
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9ced5fac8c1f0f8ff7ed2b5671c1c7f5f0bfa875)
---
daemon/selinux-relabel.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 976cffe3..454486c1 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/stat.h>
#include "guestfs_protocol.h"
#include "daemon.h"
@@ -37,6 +38,17 @@ optgroup_selinuxrelabel_available (void)
return prog_exists ("setfiles");
}
+static int
+dir_exists (const char *dir)
+{
+ struct stat statbuf;
+
+ if (stat (dir, &statbuf) == 0 && S_ISDIR (statbuf.st_mode))
+ return 1;
+ else
+ return 0;
+}
+
static int
setfiles_has_option (int *flag, char opt_char)
{
@@ -99,8 +111,10 @@ do_selinux_relabel (const char *specfile, const char *path,
*/
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_dev);
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_proc);
- ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
+ if (dir_exists (s_selinux)) {
+ ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
+ }
/* You have to use the -m option (where available) otherwise
* setfiles puts all the mountpoints on the excludes list for no

33
SOURCES/0004-daemon-selinux-relabel-search-for-invalid-option-in-.patch Normal file
View File

@ -0,0 +1,33 @@
From c1829048c598e11950c9d355fdd5c177a99e046f Mon Sep 17 00:00:00 2001
From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: Wed, 26 Apr 2023 15:59:45 +0300
Subject: [PATCH] daemon/selinux-relabel: search for "invalid option" in
setfiles output
'X' in the setiles' stderr doesn't necessarily mean that option 'X'
doesn't exist. For instance, when passing '-T' we get: "setfiles:
option requires an argument -- 'T'".
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 152d6e4bdf2dac88856a4ff83cf73451f897d4d4)
---
daemon/selinux-relabel.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 454486c1..60a6f48a 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -56,8 +56,9 @@ setfiles_has_option (int *flag, char opt_char)
if (*flag == -1) {
char option[] = { '-', opt_char, '\0' }; /* "-X" */
- char err_opt[] = { '\'', opt_char, '\'', '\0'}; /* "'X'" */
+ char err_opt[32]; /* "invalid option -- 'X'" */
+ snprintf(err_opt, sizeof(err_opt), "invalid option -- '%c'", opt_char);
ignore_value (command (NULL, &err, "setfiles", option, NULL));
*flag = err && strstr (err, /* "invalid option -- " */ err_opt) == NULL;
}

78
SOURCES/0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch Normal file
View File

@ -0,0 +1,78 @@
From 3046af080baad9935627ebb671950448cfd0fa7b Mon Sep 17 00:00:00 2001
From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: Wed, 26 Apr 2023 15:59:46 +0300
Subject: [PATCH] daemon/selinux-relabel: run setfiles with "-T 0", if
supported
Since SELinux userspace v3.4 [1], setfiles command supports "-T nthreads"
option, which allows parallel execution. "-T 0" allows using as many
threads as there're available CPU cores. This might speed up the process
of filesystem relabeling in case the appliance is being run with multiple
vCPUs. The latter is true for at least v2v starting from d2b64ecc67
("v2v: Set the number of vCPUs to same as host number of pCPUs.").
For instance, when running virt-v2v-in-place on my 12-core Xeon host
with SSD, with appliance being run with 8 vCPUs (the upper limit specified
in d2b64ecc67), and on the ~150GiB disk VM (physical size on the host),
I get the following results:
./in-place/virt-v2v-in-place -i libvirt fedora37-vm -v -x
Without this patch:
...
commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M
libguestfs: trace: v2v: selinux_relabel = 0
libguestfs: trace: v2v: rm_f "/.autorelabel"
guestfsd: => selinux_relabel (0x1d3) took 17.94 secs
...
With this patch:
...
commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -T 0 -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M
libguestfs: trace: v2v: selinux_relabel = 0
libguestfs: trace: v2v: rm_f "/.autorelabel"
guestfsd: => selinux_relabel (0x1d3) took 5.88 secs
...
So in my scenario it's getting 3 times faster.
[1] https://github.com/SELinuxProject/selinux/releases/tag/3.4
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit d0d8e6738477148a7b752348f9364a3b8faed67f)
---
daemon/selinux-relabel.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 60a6f48a..cfc5a31d 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -73,6 +73,7 @@ do_selinux_relabel (const char *specfile, const char *path,
{
static int flag_m = -1;
static int flag_C = -1;
+ static int flag_T = -1;
const char *argv[MAX_ARGS];
CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
*s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
@@ -131,6 +132,17 @@ do_selinux_relabel (const char *specfile, const char *path,
if (setfiles_has_option (&flag_C, 'C'))
ADD_ARG (argv, i, "-C");
+ /* If the appliance is being run with multiple vCPUs, running setfiles
+ * in multithreading mode might speeds up the process. Option "-T" was
+ * introduced in SELinux userspace v3.4, and we need to check whether it's
+ * supported. Passing "-T 0" creates as many threads as there're available
+ * vCPU cores.
+ * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+ */
+ if (setfiles_has_option (&flag_T, 'T')) {
+ ADD_ARG (argv, i, "-T"); ADD_ARG (argv, i, "0");
+ }
+
/* Relabelling in a chroot. */
if (STRNEQ (sysroot, "/")) {
ADD_ARG (argv, i, "-r");

606
SOURCES/0006-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch Normal file
View File

@ -0,0 +1,606 @@
From ab7e68dbeefe464734bd63a862a36f612f76d396 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 29 Jul 2013 14:47:56 +0100
Subject: [PATCH] RHEL: Disable unsupported remote drive protocols
(RHBZ#962113).
This disables support for unsupported remote drive protocols:
* ftp
* ftps
* http
* https
* tftp
* gluster
* iscsi
* sheepdog
* ssh
Note 'nbd' is not disabled, and of course 'file' works.
We hope to gradually add some of these back over the lifetime of RHEL.
---
docs/guestfs-testing.pod | 20 -----
fish/guestfish.pod | 66 ++--------------
fish/test-add-uri.sh | 32 --------
generator/actions_core.ml | 50 +------------
lib/drives.c | 8 ++
lib/guestfs.pod | 100 -------------------------
tests/disks/test-qemu-drive-libvirt.sh | 28 -------
tests/disks/test-qemu-drive.sh | 60 ---------------
8 files changed, 16 insertions(+), 348 deletions(-)
diff --git a/docs/guestfs-testing.pod b/docs/guestfs-testing.pod
index 47f381a7..c7b44928 100644
--- a/docs/guestfs-testing.pod
+++ b/docs/guestfs-testing.pod
@@ -109,26 +109,6 @@ image. To exit, type C<exit>.
If you get an error, try enabling debugging (add C<-v> to the command
line). Also make sure that L<libguestfs-test-tool(1)> succeeds.
-=head2 Try to open a remote guest image with guestfish.
-
-You may also have to disable libvirt by setting this:
-
- export LIBGUESTFS_BACKEND=direct
-
-If you have a disk image available over HTTP/FTP, try to open it.
-
- guestfish --ro -i --format=raw -a http://www.example.com/disk.img
-
-For SSH you will need to make sure that ssh-agent is set up so you
-don't need a password to log in to the remote machine. Then a command
-similar to this should work:
-
- guestfish --ro -i --format=raw \
- -a ssh://remote.example.com/path/to/disk.img
-
-If you get an error, try enabling debugging (add C<-v> to the command
-line). Also make sure that L<libguestfs-test-tool(1)> succeeds.
-
=head2 Run virt-alignment-scan on all your guests.
Run L<virt-alignment-scan(1)> on guests or disk images:
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index ccc0825b..d36cac9d 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -131,9 +131,9 @@ To list what is available do:
=head2 Remote drives
-Access a remote disk using ssh:
+Access a remote disk using NBD:
- guestfish -a ssh://example.com/path/to/disk.img
+ guestfish -a nbd://example.com
=head2 Remote control
@@ -1129,12 +1129,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
On the command line, you can use the I<-a> option to add network
block devices using a URI-style format, for example:
- guestfish -a ssh://root@example.com/disk.img
+ guestfish -a nbd://example.com
URIs I<cannot> be used with the L</add> command. The equivalent
command using the API directly is:
- ><fs> add /disk.img protocol:ssh server:tcp:example.com username:root
+ ><fs> add /disk.img protocol:nbd server:tcp:example.com
The possible I<-a URI> formats are described below.
@@ -1144,40 +1144,6 @@ The possible I<-a URI> formats are described below.
Add the local disk image (or device) called F<disk.img>.
-=head2 B<-a ftp://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a ftps://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a http://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a https://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a tftp://[user@]example.com[:port]/disk.img>
-
-Add a disk located on a remote FTP, HTTP or TFTP server.
-
-The equivalent API command would be:
-
- ><fs> add /disk.img protocol:(ftp|...) server:tcp:example.com
-
-=head2 B<-a gluster://example.com[:port]/volname/image>
-
-Add a disk image located on GlusterFS storage.
-
-The server is the one running C<glusterd>, and may be C<localhost>.
-
-The equivalent API command would be:
-
- ><fs> add volname/image protocol:gluster server:tcp:example.com
-
-=head2 B<-a iscsi://example.com[:port]/target-iqn-name[/lun]>
-
-Add a disk located on an iSCSI server.
-
-The equivalent API command would be:
-
- ><fs> add target-iqn-name/lun protocol:iscsi server:tcp:example.com
-
=head2 B<-a nbd://example.com[:port]>
=head2 B<-a nbd://example.com[:port]/exportname>
@@ -1212,35 +1178,13 @@ The equivalent API command would be:
><fs> add pool/disk protocol:rbd server:tcp:example.com:port
-=head2 B<-a sheepdog://[example.com[:port]]/volume/image>
-
-Add a disk image located on a Sheepdog volume.
-
-The server name is optional. Although libguestfs and Sheepdog
-supports multiple servers, only at most one server can be specified
-when using this URI syntax.
-
-The equivalent API command would be:
-
- ><fs> add volume protocol:sheepdog [server:tcp:example.com]
-
-=head2 B<-a ssh://[user@]example.com[:port]/disk.img>
-
-Add a disk image located on a remote server, accessed using the Secure
-Shell (ssh) SFTP protocol. SFTP is supported out of the box by all
-major SSH servers.
-
-The equivalent API command would be:
-
- ><fs> add /disk protocol:ssh server:tcp:example.com [username:user]
-
Note that the URIs follow the syntax of
L<RFC 3986|https://tools.ietf.org/html/rfc3986>: in particular, there
are restrictions on the allowed characters for the various components
of the URI. Characters such as C<:>, C<@>, and C</> B<must> be
percent-encoded:
- $ guestfish -a ssh://user:pass%40word@example.com/disk.img
+ $ guestfish -a rbd://user:pass%40word@example.com[:port]/pool/disk
In this case, the password is C<pass@word>.
diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh
index 21d42498..ddabeb63 100755
--- a/fish/test-add-uri.sh
+++ b/fish/test-add-uri.sh
@@ -40,14 +40,6 @@ function fail ()
$VG guestfish -x -a file://$abs_builddir/test-add-uri.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive ".*/test-add-uri.img"' test-add-uri.out || fail
-# curl
-$VG guestfish -x -a ftp://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ftp" "server:tcp:example.com" "username:user"' test-add-uri.out || fail
-
-# gluster
-$VG guestfish -x -a gluster://example.com/disk </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "disk" "protocol:gluster" "server:tcp:example.com"' test-add-uri.out || fail
-
# NBD
$VG guestfish -x -a nbd://example.com </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "" "protocol:nbd" "server:tcp:example.com"' test-add-uri.out || fail
@@ -67,29 +59,5 @@ grep -sq 'add_drive "pool/disk" "protocol:rbd" "server:tcp:example.com:6789"' te
$VG guestfish -x -a rbd:///pool/disk </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "pool/disk" "protocol:rbd"' test-add-uri.out || fail
-# sheepdog
-$VG guestfish -x -a sheepdog:///volume/image </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "volume/image" "protocol:sheepdog"' test-add-uri.out || fail
-
-$VG guestfish -x -a sheepdog://example.com:3000/volume/image </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "volume/image" "protocol:sheepdog" "server:tcp:example.com:3000"' test-add-uri.out || fail
-
-# ssh
-$VG guestfish -x -a ssh://example.com/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com"' test-add-uri.out || fail
-
-$VG guestfish -x -a ssh://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com" "username:user"' test-add-uri.out || fail
-
-$VG guestfish -x -a ssh://user@example.com:2000/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com:2000" "username:user"' test-add-uri.out || fail
-
-# iSCSI
-$VG guestfish -x -a iscsi://example.com/iqn.2015-12.com.libguestfs:test1/0 </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "iqn.2015-12.com.libguestfs:test1/0" "protocol:iscsi" "server:tcp:example.com"' test-add-uri.out || fail
-
-$VG guestfish -x -a iscsi://user:password@example.com/iqn.2015-12.com.libguestfs:test2/0 </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "iqn.2015-12.com.libguestfs:test2/0" "protocol:iscsi" "server:tcp:example.com" "username:user" "secret:password"' test-add-uri.out || fail
-
rm test-add-uri.out
rm test-add-uri.img
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index c8d9949b..26c576c7 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -350,29 +350,6 @@ F<filename> is interpreted as a local file or device.
This is the default if the optional protocol parameter
is omitted.
-=item C<protocol = \"ftp\"|\"ftps\"|\"http\"|\"https\"|\"tftp\">
-
-Connect to a remote FTP, HTTP or TFTP server.
-The C<server> parameter must also be supplied - see below.
-
-See also: L<guestfs(3)/FTP, HTTP AND TFTP>
-
-=item C<protocol = \"gluster\">
-
-Connect to the GlusterFS server.
-The C<server> parameter must also be supplied - see below.
-
-See also: L<guestfs(3)/GLUSTER>
-
-=item C<protocol = \"iscsi\">
-
-Connect to the iSCSI server.
-The C<server> parameter must also be supplied - see below.
-The C<username> parameter may be supplied. See below.
-The C<secret> parameter may be supplied. See below.
-
-See also: L<guestfs(3)/ISCSI>.
-
=item C<protocol = \"nbd\">
Connect to the Network Block Device server.
@@ -389,22 +366,6 @@ The C<secret> parameter may be supplied. See below.
See also: L<guestfs(3)/CEPH>.
-=item C<protocol = \"sheepdog\">
-
-Connect to the Sheepdog server.
-The C<server> parameter may also be supplied - see below.
-
-See also: L<guestfs(3)/SHEEPDOG>.
-
-=item C<protocol = \"ssh\">
-
-Connect to the Secure Shell (ssh) server.
-
-The C<server> parameter must be supplied.
-The C<username> parameter may be supplied. See below.
-
-See also: L<guestfs(3)/SSH>.
-
=back
=item C<server>
@@ -415,13 +376,8 @@ is a list of server(s).
Protocol Number of servers required
-------- --------------------------
file List must be empty or param not used at all
- ftp|ftps|http|https|tftp Exactly one
- gluster Exactly one
- iscsi Exactly one
nbd Exactly one
rbd Zero or more
- sheepdog Zero or more
- ssh Exactly one
Each list element is a string specifying a server. The string must be
in one of the following formats:
@@ -437,10 +393,10 @@ for the protocol is used (see F</etc/services>).
=item C<username>
-For the C<ftp>, C<ftps>, C<http>, C<https>, C<iscsi>, C<rbd>, C<ssh>
-and C<tftp> protocols, this specifies the remote username.
+For the C<rbd>
+protocol, this specifies the remote username.
-If not given, then the local username is used for C<ssh>, and no authentication
+If not given, then no authentication
is attempted for ceph. But note this sometimes may give unexpected results, for
example if using the libvirt backend and if the libvirt backend is configured to
start the qemu appliance as a special user such as C<qemu.qemu>. If in doubt,
diff --git a/lib/drives.c b/lib/drives.c
index c5a20846..efb28925 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -166,6 +166,7 @@ create_drive_non_file (guestfs_h *g,
return drv;
}
+#if 0 /* DISABLED IN RHEL 8 */
static struct drive *
create_drive_curl (guestfs_h *g,
const struct drive_create_data *data)
@@ -224,6 +225,7 @@ create_drive_gluster (guestfs_h *g,
return create_drive_non_file (g, data);
}
+#endif /* DISABLED IN RHEL 8 */
static int
nbd_port (void)
@@ -292,6 +294,7 @@ create_drive_rbd (guestfs_h *g,
return create_drive_non_file (g, data);
}
+#if 0 /* DISABLED IN RHEL 8 */
static struct drive *
create_drive_sheepdog (guestfs_h *g,
const struct drive_create_data *data)
@@ -392,6 +395,7 @@ create_drive_iscsi (guestfs_h *g,
return create_drive_non_file (g, data);
}
+#endif /* DISABLED IN RHEL 8 */
/**
* Create the special F</dev/null> drive.
@@ -842,6 +846,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
drv = create_drive_file (g, &data);
}
}
+#if 0 /* DISABLED IN RHEL 8 */
else if (STREQ (protocol, "ftp")) {
data.protocol = drive_protocol_ftp;
drv = create_drive_curl (g, &data);
@@ -866,6 +871,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_iscsi;
drv = create_drive_iscsi (g, &data);
}
+#endif /* DISABLED IN RHEL 8 */
else if (STREQ (protocol, "nbd")) {
data.protocol = drive_protocol_nbd;
drv = create_drive_nbd (g, &data);
@@ -874,6 +880,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_rbd;
drv = create_drive_rbd (g, &data);
}
+#if 0 /* DISABLED IN RHEL 8 */
else if (STREQ (protocol, "sheepdog")) {
data.protocol = drive_protocol_sheepdog;
drv = create_drive_sheepdog (g, &data);
@@ -886,6 +893,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_tftp;
drv = create_drive_curl (g, &data);
}
+#endif /* DISABLED IN RHEL 8 */
else {
error (g, _("unknown protocol %s"), protocol);
drv = NULL; /*FALLTHROUGH*/
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index c6c8cb16..866a4638 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -723,70 +723,6 @@ a qcow2 backing file specification, libvirt does not construct an
ephemeral secret object from those, for Ceph authentication. Refer to
L<https://bugzilla.redhat.com/2033247>.
-=head3 FTP, HTTP AND TFTP
-
-Libguestfs can access remote disks over FTP, FTPS, HTTP, HTTPS
-or TFTP protocols.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { "www.example.org", NULL };
- guestfs_add_drive_opts (g, "/disk.img",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "http",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- -1);
-
-The C<protocol> can be one of C<"ftp">, C<"ftps">, C<"http">,
-C<"https"> or C<"tftp">.
-
-C<servers> (the C<server> parameter) is a list which must have a
-single element. The single element is a string defining the web,
-FTP or TFTP server. The format of this string is documented in
-L</guestfs_add_drive_opts>.
-
-=head3 GLUSTER
-
-Libguestfs can access Gluster disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { "gluster.example.org:24007", NULL };
- guestfs_add_drive_opts (g, "volname/image",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "gluster",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- -1);
-
-C<servers> (the C<server> parameter) is a list which must have a
-single element. The single element is a string defining the Gluster
-server. The format of this string is documented in
-L</guestfs_add_drive_opts>.
-
-Note that gluster usually requires the client process (ie. libguestfs)
-to run as B<root> and will give unfathomable errors if it is not
-(eg. "No data available").
-
-=head3 ISCSI
-
-Libguestfs can access iSCSI disks remotely.
-
-To do this, set the optional C<protocol> and C<server> parameters like
-this:
-
- char **server = { "iscsi.example.org:3000", NULL };
- guestfs_add_drive_opts (g, "target-iqn-name/lun",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "iscsi",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, server,
- -1);
-
-The C<server> parameter is a list which must have a single element.
-The single element is a string defining the iSCSI server. The format
-of this string is documented in L</guestfs_add_drive_opts>.
-
=head3 NETWORK BLOCK DEVICE
Libguestfs can access Network Block Device (NBD) disks remotely.
@@ -849,42 +785,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
=back
-=head3 SHEEPDOG
-
-Libguestfs can access Sheepdog disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { /* optional servers ... */ NULL };
- guestfs_add_drive_opts (g, "volume",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "sheepdog",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- -1);
-
-The optional list of C<servers> may be zero or more server addresses
-(C<"hostname:port">). The format of the server strings is documented
-in L</guestfs_add_drive_opts>.
-
-=head3 SSH
-
-Libguestfs can access disks over a Secure Shell (SSH) connection.
-
-To do this, set the C<protocol> and C<server> and (optionally)
-C<username> parameters of L</guestfs_add_drive_opts> like this:
-
- char **server = { "remote.example.com", NULL };
- guestfs_add_drive_opts (g, "/path/to/disk.img",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "ssh",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, server,
- GUESTFS_ADD_DRIVE_OPTS_USERNAME, "remoteuser",
- -1);
-
-The format of the server string is documented in
-L</guestfs_add_drive_opts>.
-
=head2 INSPECTION
Libguestfs has APIs for inspecting an unknown disk image to find out
diff --git a/tests/disks/test-qemu-drive-libvirt.sh b/tests/disks/test-qemu-drive-libvirt.sh
index d86a1ecd..cf7d2a0c 100755
--- a/tests/disks/test-qemu-drive-libvirt.sh
+++ b/tests/disks/test-qemu-drive-libvirt.sh
@@ -65,34 +65,6 @@ check_output
grep -sq -- '-drive file=rbd:abc-def/ghi-jkl:auth_supported=none,' "$DEBUG_QEMU_FILE" || fail ceph2
rm "$DEBUG_QEMU_FILE"
-# Gluster.
-
-$guestfish -d gluster run ||:
-check_output
-grep -sq -- '-drive file=gluster://1.2.3.4:1234/volname/image,' "$DEBUG_QEMU_FILE" || fail gluster
-rm "$DEBUG_QEMU_FILE"
-
-# iSCSI.
-
-$guestfish -d iscsi run ||:
-check_output
-grep -sq -- '-drive file=iscsi://1.2.3.4:1234/iqn.2003-01.org.linux-iscsi.fedora' "$DEBUG_QEMU_FILE" || fail iscsi
-rm "$DEBUG_QEMU_FILE"
-
-# NBD.
-
-$guestfish -d nbd run ||:
-check_output
-grep -sq -- '-drive file=nbd:1.2.3.4:1234,' "$DEBUG_QEMU_FILE" || fail nbd
-rm "$DEBUG_QEMU_FILE"
-
-# Sheepdog.
-
-$guestfish -d sheepdog run ||:
-check_output
-grep -sq -- '-drive file=sheepdog:volume,' "$DEBUG_QEMU_FILE" || fail sheepdog
-rm "$DEBUG_QEMU_FILE"
-
# Local, stored in a pool.
$guestfish -d pool1 run ||:
diff --git a/tests/disks/test-qemu-drive.sh b/tests/disks/test-qemu-drive.sh
index 12937fb3..b3e4f990 100755
--- a/tests/disks/test-qemu-drive.sh
+++ b/tests/disks/test-qemu-drive.sh
@@ -62,45 +62,6 @@ check_output
grep -sq -- '-drive file=rbd:abc-def/ghi-jkl:auth_supported=none,' "$DEBUG_QEMU_FILE" || fail
rm "$DEBUG_QEMU_FILE"
-# HTTP.
-
-guestfish <<EOF ||:
- add "/disk.img" "format:raw" "protocol:http" "server:www.example.com"
- run
-EOF
-check_output
-grep -sq -- '-drive file=http://www.example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
-# Gluster.
-
-guestfish <<EOF ||:
- add "volname/image" "format:raw" "protocol:gluster" "server:www.example.com:24007"
- run
-EOF
-check_output
-grep -sq -- '-drive file=gluster://www.example.com:24007/volname/image,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
-# iSCSI.
-
-guestfish <<EOF ||:
- add "target-iqn-name/lun" "format:raw" "protocol:iscsi" "server:www.example.com:3000"
- run
-EOF
-check_output
-grep -sq -- '-drive file=iscsi://www.example.com:3000/target-iqn-name/lun,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
-guestfish <<EOF ||:
- add "target-iqn-name/lun" "format:raw" "protocol:iscsi" "server:www.example.com:3000" \
- "username:user" "secret:pass"
- run
-EOF
-check_output
-grep -sq -- '-drive file=iscsi://user%pass@www.example.com:3000/target-iqn-name/lun,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
# NBD.
guestfish <<EOF ||:
@@ -118,24 +79,3 @@ EOF
check_output
grep -sq -- '-drive file=nbd:unix:/socket,' "$DEBUG_QEMU_FILE" || fail
rm "$DEBUG_QEMU_FILE"
-
-# Sheepdog.
-
-guestfish <<EOF ||:
- add "volume" "format:raw" "protocol:sheepdog"
- run
-EOF
-check_output
-grep -sq -- '-drive file=sheepdog:volume,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
-# SSH.
-
-guestfish <<EOF ||:
- add "/disk.img" "format:raw" "protocol:ssh" "server:example.com" \
- "username:rich"
- run
-EOF
-check_output
-grep -sq -- '-drive file=ssh://rich@example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"

66
SOURCES/0007-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch Normal file
View File

@ -0,0 +1,66 @@
From b74c6c8520773c2ef4a4d69b08b70e5ceeb06964 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 7 Jul 2015 09:28:03 -0400
Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for
virt-* tools (RHBZ#1240276).
Fix the tests: it doesn't let us use guestfish for arbitrary Windows
edits.
---
generator/c.ml | 16 ++++++++++++++++
test-data/phony-guests/make-windows-img.sh | 1 +
tests/charsets/test-charset-fidelity.c | 2 ++
3 files changed, 19 insertions(+)
diff --git a/generator/c.ml b/generator/c.ml
index 447059b8..0391dd3d 100644
--- a/generator/c.ml
+++ b/generator/c.ml
@@ -1846,6 +1846,22 @@ and generate_client_actions actions () =
check_args_validity c_name style;
trace_call name c_name style;
+ (* RHEL 8 *)
+ if name = "mount" || name = "mount_ro" || name = "mount_options" ||
+ name = "mount_vfs" then (
+ pr " if (g->program && !STRPREFIX (g->program, \"virt-\")) {\n";
+ pr " CLEANUP_FREE char *vfs_type = guestfs_vfs_type (g, mountable);\n";
+ pr " if (vfs_type && STREQ (vfs_type, \"ntfs\")) {\n";
+ pr " error (g, \"mount: unsupported filesystem type\");\n";
+ pr " if (trace_flag)\n";
+ pr " guestfs_int_trace (g, \"%%s = %%s (error)\",\n";
+ pr " \"%s\", \"-1\");\n" name;
+ pr " return %s;\n" (string_of_errcode errcode);
+ pr " }\n";
+ pr " }\n";
+ pr "\n";
+ );
+
(* Calculate the total size of all FileIn arguments to pass
* as a progress bar hint.
*)
diff --git a/test-data/phony-guests/make-windows-img.sh b/test-data/phony-guests/make-windows-img.sh
index 16debd12..1c13ddac 100755
--- a/test-data/phony-guests/make-windows-img.sh
+++ b/test-data/phony-guests/make-windows-img.sh
@@ -37,6 +37,7 @@ fi
# Create a disk image.
guestfish <<EOF
+set-program virt-testing
sparse windows.img-t 512M
run
diff --git a/tests/charsets/test-charset-fidelity.c b/tests/charsets/test-charset-fidelity.c
index 105291dc..5ca4f3b6 100644
--- a/tests/charsets/test-charset-fidelity.c
+++ b/tests/charsets/test-charset-fidelity.c
@@ -96,6 +96,8 @@ main (int argc, char *argv[])
if (g == NULL)
error (EXIT_FAILURE, 0, "failed to create handle");
+ guestfs_set_program (g, "virt-testing");
+
if (guestfs_add_drive_scratch (g, 1024*1024*1024, -1) == -1)
exit (EXIT_FAILURE);

63
SOURCES/0008-Remove-virt-dib.patch Normal file
View File

@ -0,0 +1,63 @@
From e916ad54c31a725cbf08fb186756d9e968ff20b2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 7 Feb 2023 13:20:36 +0000
Subject: [PATCH] Remove virt-dib
The tool only supports an older version of the diskimage-builder
metadata, and we do not have the time or inclination to update it to a
newer version.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1910039
(cherry picked from commit 7503eeebede688409b2adf616d71a94e04b7f0d2)
---
appliance/packagelist.in | 30 ------------------------------
1 file changed, 30 deletions(-)
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 585d52ad..20b08c47 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -110,7 +110,6 @@ ifelse(ARCHLINUX,1,
dnl syslinux has mtools as optional dependency, but in reality it's
dnl a hard one:
mtools
- multipath-tools dnl for kpartx
nilfs-utils
ntfs-3g
ntfs-3g-system-compression
@@ -266,35 +265,6 @@ util-linux-ng
xfsprogs
zerofree
-dnl tools needed by virt-dib
-ifelse(REDHAT,1,
- qemu-img
- which
-)
-ifelse(DEBIAN,1,
- qemu-utils
-)
-ifelse(ARCHLINUX,1,
- qemu
- which
-)
-ifelse(SUSE,1,
- qemu-tools
- which
-)
-ifelse(FRUGALWARE,1,
- qemu
- which
-)
-ifelse(MAGEIA,1,
- qemu-img
- which
-)
-curl
-kpartx
-dnl (virt-dib) tools optionally used for elements
-debootstrap
-
dnl exFAT is not usually available in free software repos
exfat-fuse
exfat-utils

32
SOURCES/0009-lib-Choose-q35-machine-type-for-x86-64.patch Normal file
View File

@ -0,0 +1,32 @@
From e712c4b81cbd2cf0e990d01cb4d1f54734e62de6 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 9 Feb 2023 13:38:50 +0000
Subject: [PATCH] lib: Choose q35 machine type for x86-64
This machine type is more modern than the older 'pc' type and as most
qemu development is now focused there we expect it will perform and
behave better. In almost all respects this change should make no
difference.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2168578
Acked-by: Laszlo Ersek <lersek@redhat.com>
See-also: https://listman.redhat.com/archives/libguestfs/2023-February/030645.html
(cherry picked from commit f0f8e6c5fe0c3f6d5d90534d263bded3a4dc7e8d)
---
lib/guestfs-internal.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index 306f2a2e..fb55e026 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -113,6 +113,9 @@ cleanup_mutex_unlock (pthread_mutex_t **ptr)
#define MAX_WINDOWS_EXPLORER_SIZE (4 * 1000 * 1000)
/* Machine types. */
+#if defined(__x86_64__)
+#define MACHINE_TYPE "q35"
+#endif
#ifdef __arm__
#define MACHINE_TYPE "virt"
#endif

1686
SOURCES/0010-RHEL-Revert-build-Remove-bundled-copy-of-ocaml-augea.patch Normal file
View File

File diff suppressed because it is too large Load Diff

160
SOURCES/0011-update-common-submodule.patch Normal file
View File

@ -0,0 +1,160 @@
From 194a48aef32367c45c555a4d93fb1a3375b0dead Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 19 May 2023 16:08:47 +0200
Subject: [PATCH] update common submodule
Laszlo Ersek (2):
options/keys: key_store_import_key(): un-constify "key" parameter
options/keys: introduce unescape_device_mapper_lvm()
Richard W.M. Jones (1):
mlcustomize/SELinux_relabel.ml: Use Array.mem
Roman Kagan (1):
mlcustomize: skip SELinux relabeling if it's disabled
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230519140849.310774-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 83afd6d3d2c82ee3a8f22079ba12ef7eac38ac34)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 70c10a07..b636c3f2:
diff --git a/common/options/options.h b/common/options/options.h
index 94573ee0..94e8b9ee 100644
--- a/common/options/options.h
+++ b/common/options/options.h
@@ -169,7 +169,8 @@ extern struct matching_key *get_keys (struct key_store *ks, const char *device,
const char *uuid, size_t *nr_matches);
extern void free_keys (struct matching_key *keys, size_t nr_matches);
extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector);
-extern struct key_store *key_store_import_key (struct key_store *ks, const struct key_store_key *key);
+extern struct key_store *key_store_import_key (struct key_store *ks,
+ struct key_store_key *key);
extern bool key_store_requires_network (const struct key_store *ks);
extern void free_key_store (struct key_store *ks);
diff --git a/common/options/keys.c b/common/options/keys.c
index 48f1bc7c..52b27369 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -260,8 +260,107 @@ key_store_add_from_selector (struct key_store *ks, const char *selector)
return key_store_import_key (ks, &key);
}
+/* Turn /dev/mapper/VG-LV into /dev/VG/LV, in-place. */
+static void
+unescape_device_mapper_lvm (char *id)
+{
+ static const char dev[] = "/dev/", dev_mapper[] = "/dev/mapper/";
+ const char *input_start;
+ char *output;
+ enum { M_SCAN, M_FILL, M_DONE } mode;
+
+ if (!STRPREFIX (id, dev_mapper))
+ return;
+
+ /* Start parsing "VG-LV" from "id" after "/dev/mapper/". */
+ input_start = id + (sizeof dev_mapper - 1);
+
+ /* Start writing the unescaped "VG/LV" output after "/dev/". */
+ output = id + (sizeof dev - 1);
+
+ for (mode = M_SCAN; mode < M_DONE; ++mode) {
+ char c;
+ const char *input = input_start;
+ const char *hyphen_buffered = NULL;
+ bool single_hyphen_seen = false;
+
+ do {
+ c = *input;
+
+ switch (c) {
+ case '-':
+ if (hyphen_buffered == NULL)
+ /* This hyphen may start an escaped hyphen, or it could be the
+ * separator in VG-LV.
+ */
+ hyphen_buffered = input;
+ else {
+ /* This hyphen completes an escaped hyphen; unescape it. */
+ if (mode == M_FILL)
+ *output++ = '-';
+ hyphen_buffered = NULL;
+ }
+ break;
+
+ case '/':
+ /* Slash characters are forbidden in VG-LV anywhere. If there's any,
+ * we'll find it in the first (i.e., scanning) phase, before we output
+ * anything back to "id".
+ */
+ assert (mode == M_SCAN);
+ return;
+
+ default:
+ /* Encountered a non-slash, non-hyphen character -- which also may be
+ * the terminating NUL.
+ */
+ if (hyphen_buffered != NULL) {
+ /* The non-hyphen character comes after a buffered hyphen, so the
+ * buffered hyphen is supposed to be the single hyphen that separates
+ * VG from LV in VG-LV. There are three requirements for this
+ * separator: (a) it must be unique (we must not have seen another
+ * such separator earlier), (b) it must not be at the start of VG-LV
+ * (because VG would be empty that way), (c) it must not be at the end
+ * of VG-LV (because LV would be empty that way). Should any of these
+ * be violated, we'll catch that during the first (i.e., scanning)
+ * phase, before modifying "id".
+ */
+ if (single_hyphen_seen || hyphen_buffered == input_start ||
+ c == '\0') {
+ assert (mode == M_SCAN);
+ return;
+ }
+
+ /* Translate the separator hyphen to a slash character. */
+ if (mode == M_FILL)
+ *output++ = '/';
+ hyphen_buffered = NULL;
+ single_hyphen_seen = true;
+ }
+
+ /* Output the non-hyphen character (including the terminating NUL)
+ * regardless of whether there was a buffered hyphen separator (which,
+ * by now, we'll have attempted to translate and flush).
+ */
+ if (mode == M_FILL)
+ *output++ = c;
+ }
+
+ ++input;
+ } while (c != '\0');
+
+ /* We must have seen the VG-LV separator. If that's not the case, we'll
+ * catch it before modifying "id".
+ */
+ if (!single_hyphen_seen) {
+ assert (mode == M_SCAN);
+ return;
+ }
+ }
+}
+
struct key_store *
-key_store_import_key (struct key_store *ks, const struct key_store_key *key)
+key_store_import_key (struct key_store *ks, struct key_store_key *key)
{
struct key_store_key *new_keys;
@@ -278,6 +377,7 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
error (EXIT_FAILURE, errno, "realloc");
ks->keys = new_keys;
+ unescape_device_mapper_lvm (key->id);
ks->keys[ks->nr_keys] = *key;
++ks->nr_keys;

97
SOURCES/0012-LUKS-on-LVM-inspection-test-rename-VGs-and-LVs.patch Normal file
View File

@ -0,0 +1,97 @@
From c95b3086bdbdf840de8d3b24c3ae5e9b847bf588 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 19 May 2023 16:08:48 +0200
Subject: [PATCH] LUKS-on-LVM inspection test: rename VGs and LVs
In preparation for a subsequent patch, rename "VG" to "Volume-Group", and
"LV<n>" to "Logical-Volume-<n>", in the LUKS-on-LVM inspection test.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230519140849.310774-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 58e26402334a4696fa08730eecc9098fc270ed1c)
---
test-data/phony-guests/make-fedora-img.pl | 30 +++++++++++--------
.../test-key-option-inspect-luks-on-lvm.sh | 16 +++++-----
2 files changed, 25 insertions(+), 21 deletions(-)
diff --git a/test-data/phony-guests/make-fedora-img.pl b/test-data/phony-guests/make-fedora-img.pl
index c0cb5d0b..6362e225 100755
--- a/test-data/phony-guests/make-fedora-img.pl
+++ b/test-data/phony-guests/make-fedora-img.pl
@@ -224,23 +224,27 @@ EOF
# Create the Volume Group on /dev/sda2.
$g->pvcreate ('/dev/sda2');
- $g->vgcreate ('VG', ['/dev/sda2']);
- $g->lvcreate ('Root', 'VG', 32);
- $g->lvcreate ('LV1', 'VG', 32);
- $g->lvcreate ('LV2', 'VG', 32);
- $g->lvcreate ('LV3', 'VG', 64);
+ $g->vgcreate ('Volume-Group', ['/dev/sda2']);
+ $g->lvcreate ('Root', 'Volume-Group', 32);
+ $g->lvcreate ('Logical-Volume-1', 'Volume-Group', 32);
+ $g->lvcreate ('Logical-Volume-2', 'Volume-Group', 32);
+ $g->lvcreate ('Logical-Volume-3', 'Volume-Group', 64);
# Format each Logical Group as a LUKS device, with a different password.
- $g->luks_format ('/dev/VG/Root', 'FEDORA-Root', 0);
- $g->luks_format ('/dev/VG/LV1', 'FEDORA-LV1', 0);
- $g->luks_format ('/dev/VG/LV2', 'FEDORA-LV2', 0);
- $g->luks_format ('/dev/VG/LV3', 'FEDORA-LV3', 0);
+ $g->luks_format ('/dev/Volume-Group/Root', 'FEDORA-Root', 0);
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-1', 'FEDORA-LV1', 0);
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-2', 'FEDORA-LV2', 0);
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-3', 'FEDORA-LV3', 0);
# Open the LUKS devices. This creates nodes like /dev/mapper/*-luks.
- $g->cryptsetup_open ('/dev/VG/Root', 'FEDORA-Root', 'Root-luks');
- $g->cryptsetup_open ('/dev/VG/LV1', 'FEDORA-LV1', 'LV1-luks');
- $g->cryptsetup_open ('/dev/VG/LV2', 'FEDORA-LV2', 'LV2-luks');
- $g->cryptsetup_open ('/dev/VG/LV3', 'FEDORA-LV3', 'LV3-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Root',
+ 'FEDORA-Root', 'Root-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-1',
+ 'FEDORA-LV1', 'LV1-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-2',
+ 'FEDORA-LV2', 'LV2-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-3',
+ 'FEDORA-LV3', 'LV3-luks');
# Phony root filesystem.
$g->mkfs ('ext2', '/dev/mapper/Root-luks', blocksize => 4096, label => 'ROOT');
diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
index 52cd7e98..a8d72b9f 100755
--- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
@@ -30,10 +30,10 @@ skip_unless_phony_guest fedora-luks-on-lvm.img
# Volume names.
guestfish=(guestfish --listen --ro --inspector
--add ../test-data/phony-guests/fedora-luks-on-lvm.img)
-keys_by_lvname=(--key /dev/VG/Root:key:FEDORA-Root
- --key /dev/VG/LV1:key:FEDORA-LV1
- --key /dev/VG/LV2:key:FEDORA-LV2
- --key /dev/VG/LV3:key:FEDORA-LV3)
+keys_by_lvname=(--key /dev/Volume-Group/Root:key:FEDORA-Root
+ --key /dev/Volume-Group/Logical-Volume-1:key:FEDORA-LV1
+ --key /dev/Volume-Group/Logical-Volume-2:key:FEDORA-LV2
+ --key /dev/Volume-Group/Logical-Volume-3:key:FEDORA-LV3)
# The variable assignment below will fail, and abort the script, if guestfish
# refuses to start up.
@@ -56,10 +56,10 @@ function cleanup_guestfish
trap cleanup_guestfish EXIT
# Get the UUIDs of the LUKS devices.
-uuid_root=$(guestfish --remote -- luks-uuid /dev/VG/Root)
-uuid_lv1=$( guestfish --remote -- luks-uuid /dev/VG/LV1)
-uuid_lv2=$( guestfish --remote -- luks-uuid /dev/VG/LV2)
-uuid_lv3=$( guestfish --remote -- luks-uuid /dev/VG/LV3)
+uuid_root=$(guestfish --remote -- luks-uuid /dev/Volume-Group/Root)
+uuid_lv1=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-1)
+uuid_lv2=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-2)
+uuid_lv3=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-3)
# The actual test.
function check_filesystems

46
SOURCES/0013-LUKS-on-LVM-inspection-test-test-dev-mapper-VG-LV-tr.patch Normal file
View File

@ -0,0 +1,46 @@
From 15cc20d1f5e0413c1af26c683437995886146eb6 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 19 May 2023 16:08:49 +0200
Subject: [PATCH] LUKS-on-LVM inspection test: test /dev/mapper/VG-LV
translation
In the LUKS-on-LVM inspection test, call the "check_filesystems" function
yet another time, now with such "--key" options that exercise the recent
"/dev/mapper/VG-LV" -> "/dev/VG/LV" translation (unescaping) from
libguestfs-common.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230519140849.310774-4-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 32408a9c36165af376f9f42e7d3e158d3da2c76e)
---
.../test-key-option-inspect-luks-on-lvm.sh | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
index a8d72b9f..932862b1 100755
--- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
@@ -101,3 +101,21 @@ eval "$fish_ref"
# Repeat the test.
check_filesystems
+
+# Exit the current guestfish background process.
+guestfish --remote -- exit
+GUESTFISH_PID=
+
+# Start up another guestfish background process, and specify the keys in
+# /dev/mapper/VG-LV format this time.
+keys_by_mapper_lvname=(
+ --key /dev/mapper/Volume--Group-Root:key:FEDORA-Root
+ --key /dev/mapper/Volume--Group-Logical--Volume--1:key:FEDORA-LV1
+ --key /dev/mapper/Volume--Group-Logical--Volume--2:key:FEDORA-LV2
+ --key /dev/mapper/Volume--Group-Logical--Volume--3:key:FEDORA-LV3
+)
+fish_ref=$("${guestfish[@]}" "${keys_by_mapper_lvname[@]}")
+eval "$fish_ref"
+
+# Repeat the test.
+check_filesystems

12
SOURCES/copy-patches.sh
View File

@ -3,12 +3,11 @@
set -e
# Maintainer script to copy patches from the git repo to the current
# directory. It's normally only used downstream (ie. in RHEL). Use
# it like this:
# directory. Use it like this:
# ./copy-patches.sh
project=libguestfs
rhel_version=9.2
rhel_version=9.3
# Check we're in the right directory.
if [ ! -f $project.spec ]; then
@ -37,7 +36,12 @@ git rm -f [0-9]*.patch ||:
rm -f [0-9]*.patch
# Get the patches.
(cd $git_checkout; rm -f [0-9]*.patch; git -c core.abbrev=9 format-patch -O/dev/null -N --submodule=diff $tag)
(
cd $git_checkout
rm -f [0-9]*.patch
git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
--submodule=diff --no-signature --patience $tag
)
mv $git_checkout/[0-9]*.patch .
# Remove any not to be applied.

17
SOURCES/libguestfs-1.50.1.tar.gz.sig Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmP1QzoRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKCAEBAAimQxT37HMWTHOqvj4s6ipOhDCNPlqo4L
z+syvIkgbp024IOPUbrlmSCtrCFiLXsRmmenynFv66N8GXoWmJruyJMyvBxsupZT
lTo7WdCEix/xPh/LAb8Q9RWA2SQYfkOKHRs/gr4b/LbtXBklMlcOdhegx3Mml4SW
gwK5n799YebUVgzYch5hWjHcRAphPaUdMyaJ6MUnFrfUPyGK2QO1yXdnGxkseAPz
srjlhFqu5kNojWzcaNcdHBdKvJVEZo7L6laADRS31sRH0BGVc6/DFJgOPdxROGJe
oeq3Oo1EF88P15NSTNZSXLa65n9kts2OnqRgX/c3njV9+1/JPHJWVM+VezuCcN8D
hHktHVOBjM209N5RmLtR92eROvo1aTrgjsLqOTvwbKBu7NrPc4ZICnX7dMjD6irj
vQz0P5MUmELMvdEN3FMGf45v77z+249e1z+5EGi2HUPKLfxd+I3+2mxUm2xjWOy/
zNzkG2rCgYRB8Tioj6Mw80RYKioRyu8p5lUZvvLk85CJbT4BFH8rXgJbrEBOSunE
lWEcv690GzyszAN8zKZaIqhNzIKdlkQZAd1DMXfNBEfAy23YHRApB1O2EFhNAjAf
yEsUjpiYc0pq64QiCPGzUp4iLfMt9hg4ey5Pquud/j6cfvJ3ak5gZECbFnbUjysZ
YYpwSgy/FVI=
=OPC/
-----END PGP SIGNATURE-----

125
SPECS/libguestfs.spec
View File

@ -4,6 +4,7 @@
# In theory the above, in practice golang is so often broken that
# I now disable it:
%global golang_arches NONE
%global dist %{?dist}.alma
# Architectures that we run the basic sanity-check test.
#
@ -14,10 +15,7 @@
%if !0%{?rhel}
%global test_arches aarch64 %{power64} s390x x86_64
%else
# RHEL 9 only:
# x86-64: "/lib64/libc.so.6: CPU ISA level is lower than required"
# (RHBZ#1919389)
%global test_arches NONE
%global test_arches x86_64
%endif
# Trim older changelog entries.
@ -36,7 +34,7 @@
%endif
# The source directory.
%global source_directory 1.48-stable
%global source_directory 1.50-stable
# Filter perl provides.
%{?perl_default_filter}
@ -47,8 +45,8 @@
Summary: Access and modify virtual machine disk images
Name: libguestfs
Epoch: 1
Version: 1.48.4
Release: 4%{?dist}.alma.1.1
Version: 1.50.1
Release: 6%{?dist}.alma.1.1
License: LGPLv2+
# Build only for architectures that have a kernel
@ -79,27 +77,22 @@ Source7: libguestfs.keyring
Source8: copy-patches.sh
# Patches are maintained in the following repository:
# https://github.com/libguestfs/libguestfs/commits/rhel-9.2
# https://github.com/libguestfs/libguestfs/commits/rhel-9.3
# Patches.
Patch0001: 0001-New-API-guestfs_device_name-returning-the-drive-name.patch
Patch0002: 0002-guestfs_readdir-rewrite-with-FileOut-transfer-to-lif.patch
Patch0003: 0003-guestfs_readdir-minimize-the-number-of-send_file_wri.patch
Patch0004: 0004-lib-launch-direct-ignore-drive-iface-parameter.patch
Patch0005: 0005-lib-drive_create_data-drive-remove-field-iface.patch
Patch0006: 0006-lib-rename-VALID_FORMAT_IFACE-to-VALID_FORMAT.patch
Patch0007: 0007-tests-regressions-remove-iface-based-restrictions.patch
Patch0008: 0008-generator-customize-invert-SELinux-relabeling-defaul.patch
Patch0009: 0009-generator-customize-reintroduce-selinux-relabel-as-a.patch
Patch0010: 0010-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0011: 0011-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0012: 0012-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
Patch0013: 0013-php-add-arginfo-to-php-bindings.patch
Patch0014: 0014-introduce-the-clevis_luks_unlock-API.patch
Patch0015: 0015-guestfish-guestmount-enable-networking-for-key-ID-cl.patch
Patch0016: 0016-daemon-Add-zstd-support-to-guestfs_file_architecture.patch
Patch0017: 0017-New-API-inspect_get_build_id.patch
Patch0018: 0018-lib-Return-correct-osinfo-field-for-Windows-11.patch
#Patch0001: 0001-update-common-submodule.patch
Patch0002: 0002-update-common-submodule.patch
Patch0003: 0003-daemon-selinux-relabel-don-t-exclude-selinux-if-it-s.patch
Patch0004: 0004-daemon-selinux-relabel-search-for-invalid-option-in-.patch
Patch0005: 0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch
Patch0006: 0006-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0007: 0007-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0008: 0008-Remove-virt-dib.patch
Patch0009: 0009-lib-Choose-q35-machine-type-for-x86-64.patch
Patch0010: 0010-RHEL-Revert-build-Remove-bundled-copy-of-ocaml-augea.patch
Patch0011: 0011-update-common-submodule.patch
Patch0012: 0012-LUKS-on-LVM-inspection-test-rename-VGs-and-LVs.patch
Patch0013: 0013-LUKS-on-LVM-inspection-test-test-dev-mapper-VG-LV-tr.patch
%if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool, gettext-devel
@ -118,6 +111,8 @@ BuildRequires: perl(Pod::Man)
BuildRequires: /usr/bin/pod2text
BuildRequires: po4a
BuildRequires: augeas-devel >= 1.7.0
# Waiting for https://bugzilla.redhat.com/show_bug.cgi?id=2168634
#BuildRequires: ocaml-augeas-devel >= 0.6
BuildRequires: readline-devel
BuildRequires: xorriso
BuildRequires: libxml2-devel
@ -169,7 +164,6 @@ BuildRequires: gnupg2
BuildRequires: ocaml
BuildRequires: ocaml-ocamldoc
BuildRequires: ocaml-findlib-devel
BuildRequires: ocaml-gettext-devel
%if !0%{?rhel}
BuildRequires: ocaml-ounit-devel
%endif
@ -223,10 +217,6 @@ BuildRequires: clevis-luks
BuildRequires: coreutils
BuildRequires: cpio
BuildRequires: cryptsetup
%if !0%{?rhel}
BuildRequires: curl
BuildRequires: debootstrap
%endif
BuildRequires: dhclient
BuildRequires: diffutils
BuildRequires: dosfstools
@ -250,9 +240,6 @@ BuildRequires: iproute
BuildRequires: iputils
BuildRequires: kernel
BuildRequires: kmod
%if !0%{?rhel}
BuildRequires: kpartx
%endif
BuildRequires: less
BuildRequires: libcap
%if !0%{?rhel}
@ -275,7 +262,6 @@ BuildRequires: pcre2
BuildRequires: policycoreutils
BuildRequires: procps
BuildRequires: psmisc
BuildRequires: qemu-img
BuildRequires: rpm-libs
BuildRequires: rsync
BuildRequires: scrub
@ -293,9 +279,6 @@ BuildRequires: tar
BuildRequires: udev
BuildRequires: util-linux
BuildRequires: vim-minimal
%if !0%{?rhel}
BuildRequires: which
%endif
BuildRequires: xfsprogs
BuildRequires: xz
BuildRequires: yajl
@ -447,17 +430,6 @@ Requires: pkgconfig
for %{name}.
%if !0%{?rhel}
%package dib
Summary: Additional tools for virt-dib
License: LGPLv2+
%description dib
This adds extra packages needed by virt-dib to %{name}. You should
normally install the virt-dib package which depends on this one.
%endif
%if !0%{?rhel}
%package forensics
Summary: Filesystem forensics support for %{name}
@ -787,8 +759,14 @@ make V=1 INSTALLDIRS=vendor %{?_smp_mflags}
%check
%ifarch %{test_arches}
# Only run the tests with non-debug (ie. non-Rawhide) kernels.
# XXX This tests for any debug kernel installed.
if grep CONFIG_DEBUG_MUTEXES=y /lib/modules/*/config ; then
echo "Skipping tests because debug kernel is installed"
exit 0
fi
export LIBGUESTFS_DEBUG=1
export LIBGUESTFS_TRACE=1
export LIBVIRT_DEBUG=1
@ -817,6 +795,13 @@ find $RPM_BUILD_ROOT -name .packlist -delete
find $RPM_BUILD_ROOT -name '*.bs' -delete
find $RPM_BUILD_ROOT -name 'bindtests.pl' -delete
# Perl's ExtUtils::Install installs "Guestfs.so" read-only; that
# prevents objcopy from adding the ".gdb_index" section for the sake of
# the debuginfo file. See
# <https://rt.cpan.org/Public/Bug/Display.html?id=40976>. Restore write
# permission for the file owner.
find $RPM_BUILD_ROOT -name Guestfs.so -exec chmod u+w '{}' +
# golang: Ignore what libguestfs upstream installs, and just copy the
# source files to %%{_datadir}/gocode/src.
%ifarch %{golang_arches}
@ -845,19 +830,6 @@ function move_to
echo "$1" >> "$2"
}
%if !0%{?rhel}
move_to curl zz-packages-dib
move_to debootstrap zz-packages-dib
move_to kpartx zz-packages-dib
move_to qemu-img zz-packages-dib
move_to which zz-packages-dib
%else
remove curl
remove debootstrap
remove kpartx
remove qemu-img
remove which
%endif
%if !0%{?rhel}
move_to sleuthkit zz-packages-forensics
move_to gfs2-utils zz-packages-gfs2
@ -966,11 +938,6 @@ rm ocaml/html/.gitignore
%{_libdir}/pkgconfig/libguestfs.pc
%if !0%{?rhel}
%files dib
%{_libdir}/guestfs/supermin.d/zz-packages-dib
%endif
%if !0%{?rhel}
%files forensics
%{_libdir}/guestfs/supermin.d/zz-packages-forensics
@ -1129,13 +1096,29 @@ rm ocaml/html/.gitignore
%changelog
* Mon Dec 19 2022 Eduard Abdullin <eabdullin@almalinux.org> - 1:1.48.4-4.alma.1.1
- Enable for ppc64le
* Thu Dec 07 2023 Edaurd Abdullin <eabdullin@almalinux.org> - 1:1.50.1-6.alma.1.1
- Enable ppc64le build
* Tue May 09 2023 Edaurd Abdullin <eabdullin@almalinux.org> - 1:1.48.4-4.alma
* Thu Sep 21 2023 Edaurd Abdullin <eabdullin@almalinux.org> - 1:1.50.1-6.alma
- Fix build for AlmaLinux
- Avoid permission denied for yum/dnf cache
* Wed Jun 07 2023 Laszlo Ersek <lersek@redhat.com> - 1:1.50.1-6
- enable the ".gdb_index" section in the Perl bindings debug info
resolves: rhbz#2209279
* Tue May 23 2023 Laszlo Ersek <lersek@redhat.com> - 1:1.50.1-5
- let "guestfish -i" recognize "--key /dev/mapper/VG-LV:key:password"
- reenable quickcheck; we now use "-cpu max" (upstream 30f74f38bd6e)
resolves: rhbz#2209279
* Thu May 04 2023 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-4
- Rebase libguestfs to 1.50.1
resolves: rhbz#2168625
- Use q35 machine type for libguestfs appliance
resolves: rhbz#2168578
- Run SELinux relabelling in parallel [for virt-v2v]
resolves: rhbz#2190276
* Fri Dec 02 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.4-4
- New API: guestfs_inspect_get_build_id
- Add support for detecting Windows >= 10, returned through osinfo